forked from ANSSI-FR/shovel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
37 lines (34 loc) · 1.26 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Copyright (C) 2024 ANSSI
# SPDX-License-Identifier: CC0-1.0
services:
suricata:
build: ./suricata
image: anssi/shovel-suricata:dev
volumes:
- "./input_pcaps:/input_pcaps:ro"
- "./suricata/rules:/suricata/rules:ro"
- "./suricata/output:/suricata/output:rw"
# Option A: pcap read mode (slower, for archives replay or rootless CTF)
# Add `--pcap-file-continuous` to watch for new pcap in folder.
command: -r /input_pcaps
# Option B: capture device (fast, for live analysis)
# Drastically reduces ingest delay, but requires access to an interface.
#command: -i tun5
#cap_add:
# - NET_ADMIN
#network_mode: "host"
webapp:
build: ./webapp
image: anssi/shovel-webapp:dev
volumes:
# You may remove the next line to prevent users from downloading pcaps.
- "./input_pcaps:/input_pcaps:ro"
# Write access is required in SQLite `mode=ro` as readers need to record
# a mark in the WAL file. If you need to make the volume read-only, then
# use `immutable=1` parameter in SQLite databases URI. In immutable mode,
# SQLite doesn't follow changes made to the database.
- "./suricata/output:/suricata/output:rw"
ports:
- 127.0.0.1:8000:8000
env_file:
- .env