mistborn/extra/scirius.yml

version: '3'

services:
  scirius:
    container_name: mistborn_production_scirius
    image: "cyber5k/scirius:${MISTBORN_TAG}"
    #environment:
    #  - SECRET_KEY: <SECRET KEY>
    env_file:
      - ../.envs/.production/.scirius
    volumes:
      - /var/log/suricata:/logs
      - /etc/suricata/rules:/etc/suricata/rules
      - ../../mistborn_volumes/extra/scirius/static:/static
      - ../../mistborn_volumes/extra/scirius/data:/data
      - /var/run:/var/run:ro
      - /var/run/suricata/suricata-command.socket:/var/run/suricata/suricata-command.socket:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.scirius-http.rule=Host(`scirius.mistborn`)"
      - "traefik.http.routers.scirius-http.entrypoints=web"
      - "traefik.http.routers.scirius-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.scirius-https.rule=Host(`scirius.mistborn`)"
      - "traefik.http.routers.scirius-https.entrypoints=websecure"
      - "traefik.http.routers.scirius-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.scirius-https.tls.certresolver=basic"
      - "traefik.http.services.scirius-service.loadbalancer.server.port=8000"
    restart: unless-stopped 

  filebeat:
    image: docker.elastic.co/beats/filebeat:${ELASTIC_VERSION:-7.9.1}
    # https://github.com/docker/swarmkit/issues/1951
    hostname: "{{.Node.Hostname}}-filebeat"
    # Need to override user so we can access the log files, and docker.sock
    user: root
    configs:
      - source: fb_config
        target: /usr/share/filebeat/filebeat.yml
    volumes:
      - filebeat:/usr/share/filebeat/data
      - /var/run/docker.sock:/var/run/docker.sock
      # This is needed for filebeat to load container log path as specified in filebeat.yml
      - /var/lib/docker/containers/:/var/lib/docker/containers/:ro

      # # This is needed for filebeat to load jenkins build log path as specified in filebeat.yml
      # - /var/lib/docker/volumes/jenkins_home/_data/jobs/:/var/lib/docker/volumes/jenkins_home/_data/jobs/:ro

      # This is needed for filebeat to load logs for system and auth modules
      - /var/log/:/var/log/:ro
      # This is needed for filebeat to load logs for auditd module. you might have to install audit system
      # on ubuntu first (sudo apt-get install -y auditd audispd-plugins)
      - /var/log/audit/:/var/log/audit/:ro
    environment:
      - ELASTICSEARCH_HOST=${ELASTICSEARCH_HOST}
      - KIBANA_HOST=${KIBANA_HOST}
      - ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME}
      - ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD}
    # disable strict permission checks
    command: ["--strict.perms=false"]

volumes:
  filebeat:

networks:
  default:
    external:
      name: mistborn_default

configs:
  fb_config:
    file: /opt/mistborn_volumes/scirius/init/filebeat.docker.yml
scirius 5 years ago			`version: '3'`

			`services:`
			`scirius:`
			`container_name: mistborn_production_scirius`
			`image: "cyber5k/scirius:${MISTBORN_TAG}"`
			`#environment:`
			`# - SECRET_KEY: <SECRET KEY>`
tweaks 5 years ago			`env_file:`
scirius 5 years ago			`- ../.envs/.production/.scirius`
scirius 5 years ago			`volumes:`
rules and logs 5 years ago			`- /var/log/suricata:/logs`
mounts 5 years ago			`- /etc/suricata/rules:/etc/suricata/rules`
scirius 5 years ago			`- ../../mistborn_volumes/extra/scirius/static:/static`
rules and logs 5 years ago			`- ../../mistborn_volumes/extra/scirius/data:/data`
var run 5 years ago			`- /var/run:/var/run:ro`
systemctl 5 years ago			`- /var/run/suricata/suricata-command.socket:/var/run/suricata/suricata-command.socket:ro`
scirius 5 years ago			`labels:`
			`- "traefik.enable=true"`
scirius 5 years ago			- "traefik.http.routers.scirius-http.rule=Host(`scirius.mistborn`)"
traefik naming 5 years ago			`- "traefik.http.routers.scirius-http.entrypoints=web"`
			`- "traefik.http.routers.scirius-http.middlewares=mistborn_auth@file"`
scirius 5 years ago			- "traefik.http.routers.scirius-https.rule=Host(`scirius.mistborn`)"
traefik naming 5 years ago			`- "traefik.http.routers.scirius-https.entrypoints=websecure"`
			`- "traefik.http.routers.scirius-https.middlewares=mistborn_auth@file"`
			`- "traefik.http.routers.scirius-https.tls.certresolver=basic"`
			`- "traefik.http.services.scirius-service.loadbalancer.server.port=8000"`
scirius 5 years ago			`restart: unless-stopped`

piping 5 years ago			`filebeat:`
			`image: docker.elastic.co/beats/filebeat:${ELASTIC_VERSION:-7.9.1}`
			`# https://github.com/docker/swarmkit/issues/1951`
			`hostname: "{{.Node.Hostname}}-filebeat"`
			`# Need to override user so we can access the log files, and docker.sock`
			`user: root`
			`configs:`
			`- source: fb_config`
			`target: /usr/share/filebeat/filebeat.yml`
			`volumes:`
			`- filebeat:/usr/share/filebeat/data`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`# This is needed for filebeat to load container log path as specified in filebeat.yml`
			`- /var/lib/docker/containers/:/var/lib/docker/containers/:ro`

			`# # This is needed for filebeat to load jenkins build log path as specified in filebeat.yml`
			`# - /var/lib/docker/volumes/jenkins_home/_data/jobs/:/var/lib/docker/volumes/jenkins_home/_data/jobs/:ro`

			`# This is needed for filebeat to load logs for system and auth modules`
			`- /var/log/:/var/log/:ro`
			`# This is needed for filebeat to load logs for auditd module. you might have to install audit system`
			`# on ubuntu first (sudo apt-get install -y auditd audispd-plugins)`
			`- /var/log/audit/:/var/log/audit/:ro`
			`environment:`
			`- ELASTICSEARCH_HOST=${ELASTICSEARCH_HOST}`
			`- KIBANA_HOST=${KIBANA_HOST}`
			`- ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME}`
			`- ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD}`
			`# disable strict permission checks`
			`command: ["--strict.perms=false"]`

			`volumes:`
			`filebeat:`

scirius 5 years ago			`networks:`
			`default:`
			`external:`
privileged 5 years ago			`name: mistborn_default`
piping 5 years ago
			`configs:`
			`fb_config:`
			`file: /opt/mistborn_volumes/scirius/init/filebeat.docker.yml`