Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provide way to customze Site::local_nets #295

Closed
mmguero opened this issue Nov 16, 2023 · 3 comments
Closed

provide way to customze Site::local_nets #295

mmguero opened this issue Nov 16, 2023 · 3 comments
Assignees
@mmguero
Labels
enhancement New feature or request zeek Relating to Malcolm's use of Zeek
Milestone
v23.12.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Nov 16, 2023
edited
Loading

Provide a way to specify this via environment variable. It should handle both the offline case (zeek -r) and the live case (networks.cfg in zeek_deploy.sh).
@mmguero mmguero added enhancement New feature or request zeek Relating to Malcolm's use of Zeek labels Nov 16, 2023
@mmguero mmguero added this to the v23.11.0 milestone Nov 16, 2023
@mmguero mmguero self-assigned this Nov 16, 2023
@mmguero mmguero added this to Malcolm Nov 16, 2023
@mmguero mmguero moved this to Todo (develop) in Malcolm Nov 16, 2023
@mmguero
Copy link
Collaborator Author

mmguero commented Nov 20, 2023
edited
Loading

When running with ZeekControl, you adjust Site::local_nets by configuring the networks.cfg file.

from quickstart

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 20, 2023
@mmguero
idaholab#295, specify local networks via ZEEK_LOCAL_NETS environment …
54d7c15 
…variable
@mmguero
Copy link
Collaborator Author

mmguero commented Nov 20, 2023
edited
Loading

  • Added to zeek.env.example
# Specifies a comma-separated list of the networks that Zeek considers "local",
#   for Site::local_nets and networks.cfg. e.g., 1.2.3.0/24,5.6.7.0/24.
#   Note that by default, Zeek considers IANA-registered private address space
#   such as 10/8 and 192.168/16 site-local.
ZEEK_LOCAL_NETS=
  • added to local.zeek
global zeek_local_nets_str = getenv("ZEEK_LOCAL_NETS");
...
  if (zeek_local_nets_str != "") {
    local nets_strs = split_string(zeek_local_nets_str, /,/);
    if (|nets_strs| > 0) {
      for (net_idx in nets_strs) {
        local local_subnet = to_subnet(nets_strs[net_idx]);
        if (local_subnet != [::]/0) {
          add Site::local_nets[local_subnet];
        }
      }
    }
  }
  • Added to zeekdeploy.sh:
# populate networks.cfg from ZEEK_LOCAL_NETS
echo "# \$ZEEK_LOCAL_NETS:" > ./networks.cfg
echo "#   $ZEEK_LOCAL_NETS" >> ./networks.cfg
for NET in ${ZEEK_LOCAL_NETS//,/ }; do
  echo "$NET" | sed -re 's/^[[:blank:]]+|[[:blank:]]+$//g' -e 's/[[:blank:]]+/ /g' >> ./networks.cfg
done
  • Example of networks.cfg created by zeekdeploy.sh
zeeker@seven:/$ cat /opt/zeek/etc/networks.cfg
# $ZEEK_LOCAL_NETS:
#   1.2.3.0/24,5.6.0.0/16,7.0.0.0/8
1.2.3.0/24
5.6.0.0/16
7.0.0.0/8

@mmguero
Copy link
Collaborator Author

mmguero commented Nov 20, 2023

Documentation updated as well, code added to local.zeek and zeekdeploy.sh to handle taking a comma-separated list of subnets (in the ZEEK_LOCAL_NETS environment variable) and using it to populate Site::local_nets in local.zeek and networks.cfg in the zeekcontrol-managed instance.

@mmguero mmguero closed this as completed Nov 20, 2023
@github-project-automation github-project-automation bot moved this from Todo (develop) to Done in Malcolm Nov 20, 2023
This was referenced Dec 4, 2023
Merged
Merged
@mmguero mmguero moved this from Done to Released in Malcolm Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
enhancement New feature or request zeek Relating to Malcolm's use of Zeek
Projects
Malcolm
Status: Released
Milestone
v23.12.0
Development

No branches or pull requests
1 participant
@mmguero