silentsentinel/docker-compose.yml at master · cmu-sei/silentsentinel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# <legal>
# Silent Sentinel
#
# Copyright 2025 Carnegie Mellon University.
#
# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE
# MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO
# WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER
# INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR
# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL.
# CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT
# TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
#
# Licensed under a MIT (SEI)-style license, please see LICENSE.txt or contact
# permission@sei.cmu.edu for full terms.
#
# [DISTRIBUTION STATEMENT A] This material has been approved for public release
# and unlimited distribution. Please see Copyright notice for non-US Government
# use and distribution.
#
# This Software includes and/or makes use of Third-Party Software each subject
# to its own license.

# DM25-1092
# </legal>

services:
  testharness:
    build:
      context: testharness
      dockerfile: Dockerfile.$tag
    image: cmusei/silentsentinel-testharness:$tag
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_PTRACE
    init: true
    # Pass needed variables into the container for the entrypoint script, so there is no redundant command line parser
    environment:
      - core_dump_analysis_enabled
      - pspy_enabled
      - strace_enabled
      - suricata_enabled
      - ipv6_enabled
    volumes:
      - $volpath:/vol
  listeningpost:
    build:
      context: listeningpost
      dockerfile: Dockerfile.$tag
    image: cmusei/silentsentinel-listeningpost:$tag
    cap_add:
      - NET_RAW
    init: true
    volumes:
      - $volpath:/vol
  reportgeneration:
    build: reportgeneration
    image: cmusei/silentsentinel-reportgeneration
    entrypoint: ["/generate_report.py", "/vol"]
    volumes:
      - $volpath:/vol
  pandoc:
    build: pandoc
    image: cmusei/silentsentinel-pandoc
    volumes:
      - $volpath:/vol
  staticanalysis:
    build: staticanalysis
    image: cmusei/silentsentinel-staticanalysis
    environment:
      - clamscan_enabled
      - default_analysis_target
    volumes:
      - $volpath:/vol
  suricata:
    build: suricata
    image: cmusei/silentsentinel-suricata
    volumes:
      - $volpath:/vol
    entrypoint: ["/suricata-analysis.sh"]
  statsgraphers:
    build: statsgraphers
    image: cmusei/silentsentinel-statsgraphers
    volumes:
      - $volpath:/vol
  yaf:
    build: yaf
    image: cmusei/silentsentinel-yaf
    volumes:
      - $volpath:/vol
    entrypoint: ["/yafscript.sh"]