http://localhost:3000/http://localhost:3000/favicon.ico?16699092332019-11-30T01:02:46Zungleich redminehack4glarus-2019-winter - Task #7382: Monitoring at a different level (BPF/Suricata/Cilium)http://localhost:3000/issues/7382?journal_id=300642019-11-30T01:02:46ZPhilipp Buehler
<ul></ul><p>Cilium: <a class="external" href="https://docs.cilium.io/en/stable/">https://docs.cilium.io/en/stable/</a><br />Suricata: <a class="external" href="https://suricata-ids.org/docs/">https://suricata-ids.org/docs/</a><br />BPF:<br /> <a class="external" href="http://www.brendangregg.com/blog/2016-03-05/linux-bpf-superpowers.html">http://www.brendangregg.com/blog/2016-03-05/linux-bpf-superpowers.html</a><br /> <a class="external" href="https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/">https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/</a></p> hack4glarus-2019-winter - Task #7382: Monitoring at a different level (BPF/Suricata/Cilium)http://localhost:3000/issues/7382?journal_id=300652019-11-30T01:07:53ZPhilipp Buehler
<ul></ul><p>The idea is to tproxy chain haproxy traffic and let suricata "inspect" the traffic.<br />Pull the eve.json output into ELG or so.</p>
<p>haproxy:<br />listen inbound<br /> bind public-ip:80<br /> server moni 172.23.42.1:80 send-proxy # lives on a loopback if (e.g. lo1)<br />frontend monitor-in<br /> bind 172.23.42.1:80 accept-proxy name monitor-in</p>
<p>suricata makes traffic analysis on lo1</p> hack4glarus-2019-winter - Task #7382: Monitoring at a different level (BPF/Suricata/Cilium)http://localhost:3000/issues/7382?journal_id=301172019-12-01T11:40:27ZPhilipp Buehler
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Waiting</i></li></ul><p>Time ran out, VM too slow to install all necessary toolchain</p> hack4glarus-2019-winter - Task #7382: Monitoring at a different level (BPF/Suricata/Cilium)http://localhost:3000/issues/7382?journal_id=514352024-01-02T12:35:33ZNico Schotteliusnico.schottelius@ungleich.ch
<ul><li><strong>Status</strong> changed from <i>Waiting</i> to <i>Closed</i></li></ul>