Git Product home page Git Product logo

bro-netcontrol's Introduction

Zeek NetControl connector scripts

This repository contains scripts that can be used to connect the Zeek NetControl framework to systems outside of Zeek and, e.g., send out switch commands via OpenFlow.

Please note that the NetControl framework and scripts is still under active development; the API is not completely fixed yet and the scripts have not seen thorough testing.

Installation Instructions

To use the connector scripts, you need to install a current master version of Zeek with commands similar to this:

git clone --recursive https://github.com/zeek/zeek
cd zeek
./configure --prefix=[install prefix]
make install

To allow python to find the installed python Broker bindings, it might be necessary to adjust the PYTHONPATH variable similar to this:

export PYTHONPATH=[install prefix]/lib/zeekctl:[this directory]

after that, you should be able to launch the provided scripts.

API

The netcontrol directory contains a python API for the Broker backend of the Zeek netcontrol framework. This API converts the Zeek data structures into python dictionaries and allows to send back success and error messages to Zeek.

A simple example script is provided in the test directory. The API is also used by the command-line connector.

Command-line connector

The command-line directory contains a script that can be used to interface the NetControl framework to command-line invocations. commands.yaml shows an example that can be used to invoke iptables. An example script that simply blocks all connections is provided in example.zeek.

OpenFlow connector

The openflow directory contains the source for a Ryu OpenFlow controller, that can be used to interface the Zeek NetControl framework with an OpenFlow capable switch. To use the controller, you need to first install the Ryu SDN framework.

After installation, you can run the openflow controller by executing

ryu-manager --verbose openflow/controller.py

or similar. After that, OpenFlow switches should be able to connect to port 6633; Broker connections can be made to port 9999. An example script that shunts all connection traffic to a switch after an SSL, SSH or GridFTP session has been established is provided in example.zeek.

Acld connector

The acld directory contains the source for an connector to acld (more information). An example script that simply blocks all connections is provided in example.zeek.

bro-netcontrol's People

Contributors

0xxon avatar dnthayer avatar jsiwek avatar leres avatar rsmmr avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.