From 67c6ca81af3c568ad313a4c4fb127a57cdf7e10a Mon Sep 17 00:00:00 2001
From: Keith Jones <keith@keithjjones.com>
Date: Thu, 19 May 2022 14:06:28 -0400
Subject: [PATCH] Improve docker components.

---
 .gitignore                   |  1 +
 docker/docker-compose.yml    | 13 ++++++++++++-
 docker/zeek2es/Dockerfile    | 19 +++++++++++--------
 docker/zeek2es/entrypoint.sh |  0
 4 files changed, 24 insertions(+), 9 deletions(-)
 mode change 100644 => 100755 docker/zeek2es/entrypoint.sh

diff --git a/.gitignore b/.gitignore
index b01ca84..b531f53 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ build/
 *.so
 *.c
 .DS_Store
+docker/data
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 4886f37..cb0ac14 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -67,6 +67,7 @@ services:
       interval: 1s
       timeout: 5s
       retries: 120
+    container_name: "setup"
 
   es01:
     depends_on:
@@ -112,6 +113,7 @@ services:
       interval: 10s
       timeout: 10s
       retries: 120
+    container_name: "es01"
 
   es02:
     depends_on:
@@ -153,6 +155,7 @@ services:
       interval: 10s
       timeout: 10s
       retries: 120
+    container_name: "es02"
 
   es03:
     depends_on:
@@ -194,6 +197,7 @@ services:
       interval: 10s
       timeout: 10s
       retries: 120
+    container_name: "es03"
 
   kibana:
     depends_on:
@@ -231,6 +235,7 @@ services:
       interval: 10s
       timeout: 10s
       retries: 120
+    container_name: "kibana"
 
   zeek2es:
     build:
@@ -244,10 +249,16 @@ services:
         condition: service_healthy
       es03:
         condition: service_healthy
+    command: >
+      bash -c '
+        chmod 755 /entrypoint.sh;
+        /entrypoint.sh
+      '
     volumes:
+      - ./zeek2es/entrypoint.sh:/entrypoint.sh
       - ${VOLUME_MOUNT}/data/logs:/logs
-    entrypoint: /entrypoint.sh
     tty: true
+    container_name: "zeek2es"
 
 volumes:
   certs:
diff --git a/docker/zeek2es/Dockerfile b/docker/zeek2es/Dockerfile
index b1efe07..caaa509 100644
--- a/docker/zeek2es/Dockerfile
+++ b/docker/zeek2es/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal
+FROM ubuntu:jammy
 
 RUN apt-get -q update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
@@ -9,6 +9,7 @@ RUN apt-get -q update && \
       iproute2 \
       jq \
       less \
+      netcat \
       net-tools \
       parallel \
       python3 \
@@ -22,14 +23,16 @@ RUN apt-get -q update && \
       termshark \
       tshark \
       vim \
-      wget && \
-    pip3 install --no-cache-dir pre-commit requests
-
-# Clean up files
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* && rm -rf ~/.cache/pip
+      wget \
+      zeek-aux && \
+    pip3 install --no-cache-dir pre-commit requests && \
+    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.2.0-amd64.deb && \
+    dpkg -i filebeat-8.2.0-amd64.deb && \
+    rm filebeat-8.2.0-amd64.deb && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* && rm -rf ~/.cache/pip
 
 # Install zeek2es
 RUN cd / && git clone https://github.com/corelight/zeek2es.git
 
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod 755 /entrypoint.sh
\ No newline at end of file
+#COPY entrypoint.sh /entrypoint.sh
+#RUN chmod 755 /entrypoint.sh
\ No newline at end of file
diff --git a/docker/zeek2es/entrypoint.sh b/docker/zeek2es/entrypoint.sh
old mode 100644
new mode 100755