install zeek parser with zkg install

nttcom · Oct 25, 2023 · 3dc5ceb · 3dc5ceb
1 parent 1e843c9
commit 3dc5ceb
Show file tree

Hide file tree

Showing 8 changed files with 8 additions and 2,466 deletions.
diff --git a/osect_sensor/Infrastructure/edge_cron/Dockerfile b/osect_sensor/Infrastructure/edge_cron/Dockerfile
@@ -154,7 +154,8 @@ ENV PATH $PATH:/root/.cargo/bin
 # zkgパッケージ（必要なものだけ入れる）
 ENV PATH $PATH:/usr/local/zeek/bin
 # RUN zkg autoconfig
-RUN zkg install --force --skiptest \
+RUN zkg refresh && \
+    zkg install --force --skiptest \
 #    zeek-plugin-bacnet \
 #    zeek-plugin-enip \
 #    zeek-plugin-profinet \
@@ -164,7 +165,9 @@ RUN zkg install --force --skiptest \
     icsnpp-modbus \
     # icsnpp-bacnet \
     zeek/corelight/zeek-long-connections \
-    zeek-af_packet-plugin
+    zeek-af_packet-plugin \
+    zeek-parser-CCLinkFieldBasic \
+    zeek-parser-CCLinkField-CCLinkControl
 
 # spicyのコンパイル
 WORKDIR /home/work/ot_tools/broscript/CIFS_B/
@@ -182,12 +185,6 @@ RUN spicyz -o nbns.hlto nbns.spicy nbns.evt
 WORKDIR /home/work/ot_tools/broscript/SSDP/
 RUN spicyz -o ssdp.hlto ssdp.spicy ssdp.evt
 
-WORKDIR /home/work/ot_tools/broscript/CC_LINK_BASIC/
-RUN spicyz -o cc_link_basic.hlto cc_link_basic.spicy cc_link_basic.evt
-
-WORKDIR /home/work/ot_tools/broscript/CC_LINK_NOIP/
-RUN spicyz -o cc_link_noip.hlto cc_link_noip.spicy cc_link_noip.evt
-
 WORKDIR /home/work
 RUN cp -p ot_tools/broscript/CIFS_B/CIFS_B.hlto /usr/local/zeek/lib/zeek-spicy/modules \
     && cp -p ot_tools/broscript/CIFS_B/CIFS_B.zeek /usr/local/zeek/share/zeek/site \
@@ -198,11 +195,7 @@ RUN cp -p ot_tools/broscript/CIFS_B/CIFS_B.hlto /usr/local/zeek/lib/zeek-spicy/m
     && cp -p ot_tools/broscript/NBNS/nbns.hlto /usr/local/zeek/lib/zeek-spicy/modules \
     && cp -p ot_tools/broscript/NBNS/nbns.zeek /usr/local/zeek/share/zeek/site \
     && cp -p ot_tools/broscript/SSDP/ssdp.hlto /usr/local/zeek/lib/zeek-spicy/modules \
-    && cp -p ot_tools/broscript/SSDP/ssdp.zeek /usr/local/zeek/share/zeek/site \
-    && cp -p ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.hlto /usr/local/zeek/lib/zeek-spicy/modules \
-    && cp -p ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.zeek /usr/local/zeek/share/zeek/site \
-    && cp -p ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.hlto /usr/local/zeek/lib/zeek-spicy/modules \
-    && cp -p ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.zeek /usr/local/zeek/share/zeek/site
+    && cp -p ot_tools/broscript/SSDP/ssdp.zeek /usr/local/zeek/share/zeek/site
 
 # Yafを含むバイナリファイルをコピー
 RUN mkdir /var/log/yaf

diff --git a/...t_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.evt b/...t_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.evt
diff --git a/...sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.spicy b/...sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.spicy