The official Bro Live repository is now at https://registry.hub.docker.com/u/broplatform/brolive/
The idea, which we're calling Bro Live!, is to have users SSH into a host system which
runs and places them into a container based on the latest-bro-sandbox Docker image.
Then each user will have its own environment to play with Bro, including a mounted directory
of Bro exercises and PCAP files. This alleviates the burden of passing around, or downloading, and configuring VM's of Bro which in our experience takes too much time and a few people always have a few issues that put them behind everyone else. We can enhance the experience at conference training events whereby attendees only need an SSH client.
To replicate our Bro Live! system two things must be completed:
- This Docker image (latest-bro-sandbox) must be installed
- The host system running the Docker daemon must be configured to use it
Conferences and training events typically span multiple days like in the case of BroCon.
Because of this it's desirable to keep the user's work in their container for the duration of the event. Our account management system allows them to re-attach to their container in an automated fashion. Once the conference ends, the container is automatically removed from the system.
- By nature, the containers are isolated environments.
- Containers and users are removed after a period of time (e.g. conference duration)
- System resources are limited per container to prevent selfishness and abuse
- Networking is disabled in each container, preventing network attacks against other hosts
- Each container is limited in size (possible when using devicemapper storage backend)
This page will be updated frequently in the next week in preparation for BroCon.
See this for host system configuration: https://github.com/jonschipp/vagrant/tree/master/bro-sandbox
Updated to use Bro 2.3.1 and with gawk, nano, vim, and emacs, plus other