diff --git a/Dockerfile.clang b/Dockerfile.clang index 6d79a60..76451dd 100644 --- a/Dockerfile.clang +++ b/Dockerfile.clang @@ -142,7 +142,7 @@ LABEL maintainer="mero.mero.guero@gmail.com" LABEL org.opencontainers.image.authors='mero.mero.guero@gmail.com' LABEL org.opencontainers.image.url='https://github.com/mmguero/zeek-docker' LABEL org.opencontainers.image.source='https://github.com/mmguero/zeek-docker' -LABEL org.opencontainers.image.title='oci.guero.top/zeek' +LABEL org.opencontainers.image.title='oci.guero.org/zeek' LABEL org.opencontainers.image.description='Dockerized Zeek and Spicy' @@ -303,7 +303,7 @@ LABEL maintainer="mero.mero.guero@gmail.com" LABEL org.opencontainers.image.authors='mero.mero.guero@gmail.com' LABEL org.opencontainers.image.url='https://github.com/mmguero/zeek-docker' LABEL org.opencontainers.image.source='https://github.com/mmguero/zeek-docker' -LABEL org.opencontainers.image.title='oci.guero.top/zeek:plus' +LABEL org.opencontainers.image.title='oci.guero.org/zeek:plus' LABEL org.opencontainers.image.description='Dockerized Zeek and Spicy with extra plugins' diff --git a/Dockerfile.gcc b/Dockerfile.gcc index 5d079e2..9cda7d7 100644 --- a/Dockerfile.gcc +++ b/Dockerfile.gcc @@ -136,7 +136,7 @@ LABEL maintainer="mero.mero.guero@gmail.com" LABEL org.opencontainers.image.authors='mero.mero.guero@gmail.com' LABEL org.opencontainers.image.url='https://github.com/mmguero/zeek-docker' LABEL org.opencontainers.image.source='https://github.com/mmguero/zeek-docker' -LABEL org.opencontainers.image.title='oci.guero.top/zeek' +LABEL org.opencontainers.image.title='oci.guero.org/zeek' LABEL org.opencontainers.image.description='Dockerized Zeek and Spicy' @@ -291,7 +291,7 @@ LABEL maintainer="mero.mero.guero@gmail.com" LABEL org.opencontainers.image.authors='mero.mero.guero@gmail.com' LABEL org.opencontainers.image.url='https://github.com/mmguero/zeek-docker' LABEL org.opencontainers.image.source='https://github.com/mmguero/zeek-docker' -LABEL org.opencontainers.image.title='oci.guero.top/zeek:plus' +LABEL org.opencontainers.image.title='oci.guero.org/zeek:plus' LABEL org.opencontainers.image.description='Dockerized Zeek and Spicy with extra plugins' diff --git a/README.md b/README.md index 1bf63bf..4c58e3c 100644 --- a/README.md +++ b/README.md @@ -137,7 +137,7 @@ Note that interrupting `zeek-docker.sh` with **`CTRL+C`** will leave the contain ``` user@host tmp › docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -df08f961e760 oci.guero.top/zeek:latest "/usr/local/bin/dock…" About a minute ago Up About a minute flamboyant_spence +df08f961e760 oci.guero.org/zeek:latest "/usr/local/bin/dock…" About a minute ago Up About a minute flamboyant_spence user@host tmp › docker stop flamboyant_spence flamboyant_spence @@ -170,7 +170,7 @@ For each network interface monitored, a directory (suffixed with `_logs`) will b -v "$(pwd):/zeek-logs" \ --network host \ --cap-add=NET_ADMIN --cap-add=NET_RAW --cap-add=IPC_LOCK \ - oci.guero.top/zeek:latest \ + oci.guero.org/zeek:latest \ zeekcap -i enp6s0 local ``` @@ -180,7 +180,7 @@ For each network interface monitored, a directory (suffixed with `_logs`) will b docker run --rm \ -v "$(pwd):/zeek-logs" \ -v "/path/containing/pcap:/data:ro" \ - oci.guero.top/zeek:latest \ + oci.guero.org/zeek:latest \ zeek -C -r /data/foobar.pcap local ``` @@ -191,7 +191,7 @@ For each network interface monitored, a directory (suffixed with `_logs`) will b -v "$(pwd):/zeek-logs" \ -v "/path/containing/pcap:/data:ro" \ -v "/path/containing/policy/local-example.zeek:/opt/zeek/share/zeek/site/local.zeek:ro" \ - oci.guero.top/zeek:latest \ + oci.guero.org/zeek:latest \ zeek -C -r /data/foobar.pcap local ``` @@ -200,7 +200,7 @@ For each network interface monitored, a directory (suffixed with `_logs`) will b Here's an example `Dockerfile` installing [`zeek/spicy-analyzers`](https://github.com/zeek/spicy-analyzers). ``` -FROM oci.guero.top/zeek:latest +FROM oci.guero.org/zeek:latest RUN zkg install --force spicy-analyzers ``` @@ -210,7 +210,7 @@ Build and check: ``` user@host tmp › docker build -t=spicier . Sending build context to Docker daemon 2.048kB -Step 1/2 : FROM oci.guero.top/zeek:latest +Step 1/2 : FROM oci.guero.org/zeek:latest ---> 1a2ccddc1428 Step 2/2 : RUN zkg install --force spicy-analyzers ---> Running in 9f7121dc5248 @@ -257,14 +257,14 @@ After building your derivative image, you could run it directly or run `zeek-doc The [GitHub workflows](.github/workflows) in this repository build and tag the following images: * AMD64 - - `oci.guero.top/zeek:latest` and `oci.guero.top/zeek:v7.0.0` - - `oci.guero.top/zeek:latest-debug` and `oci.guero.top/zeek:v7.0.0-debug` - - `oci.guero.top/zeek:plus` and `oci.guero.top/zeek:v7.0.0-plus` - - `oci.guero.top/zeek:master` - - `oci.guero.top/zeek:master-debug` + - `oci.guero.org/zeek:latest` and `oci.guero.org/zeek:v7.0.0` + - `oci.guero.org/zeek:latest-debug` and `oci.guero.org/zeek:v7.0.0-debug` + - `oci.guero.org/zeek:plus` and `oci.guero.org/zeek:v7.0.0-plus` + - `oci.guero.org/zeek:master` + - `oci.guero.org/zeek:master-debug` * ARM64 - - `oci.guero.top/zeek:latest-arm64` and `oci.guero.top/zeek:v7.0.0-arm64` - - `oci.guero.top/zeek:latest-debug-arm64` and `oci.guero.top/zeek:v7.0.0-debug-arm64` - - `oci.guero.top/zeek:plus-arm64` and `oci.guero.top/zeek:v7.0.0-plus-arm64` - - `oci.guero.top/zeek:master-arm64` - - `oci.guero.top/zeek:master-debug-arm64` \ No newline at end of file + - `oci.guero.org/zeek:latest-arm64` and `oci.guero.org/zeek:v7.0.0-arm64` + - `oci.guero.org/zeek:latest-debug-arm64` and `oci.guero.org/zeek:v7.0.0-debug-arm64` + - `oci.guero.org/zeek:plus-arm64` and `oci.guero.org/zeek:v7.0.0-plus-arm64` + - `oci.guero.org/zeek:master-arm64` + - `oci.guero.org/zeek:master-debug-arm64` \ No newline at end of file diff --git a/spicy-development-workflow.md b/spicy-development-workflow.md index 1526818..71bd8a5 100644 --- a/spicy-development-workflow.md +++ b/spicy-development-workflow.md @@ -1,10 +1,10 @@ -Using the [`oci.guero.top/zeek:latest`](https://github.com/mmguero/zeek-docker) image for [Spicy](https://docs.zeek.org/projects/spicy/en/latest/index.html) parser development. +Using the [`oci.guero.org/zeek:latest`](https://github.com/mmguero/zeek-docker) image for [Spicy](https://docs.zeek.org/projects/spicy/en/latest/index.html) parser development. * Pull the latest build of the image (or build it yourself): ```bash -user@host tmp › docker pull oci.guero.top/zeek:latest -Trying to pull oci.guero.top/zeek:latest... +user@host tmp › docker pull oci.guero.org/zeek:latest +Trying to pull oci.guero.org/zeek:latest... Getting image source signatures ... Storing signatures @@ -24,12 +24,12 @@ Receiving objects: 100% (55/55), 17.33 KiB | 844.00 KiB/s, done. Resolving deltas: 100% (5/5), done. ``` -* Run `bash` in a `oci.guero.top/zeek:latest` container, bind-mounting your parser repository working copy and any other folders you need: +* Run `bash` in a `oci.guero.org/zeek:latest` container, bind-mounting your parser repository working copy and any other folders you need: ```bash user@host tmp › docker run -t -i -P --rm --entrypoint=/bin/bash \ -v $(pwd)/spicy-http:/spicy-http:rw \ - oci.guero.top/zeek:latest + oci.guero.org/zeek:latest ``` * I've written this convenient bash function to extract a particular TCP payload from a PCAP file using `tshark`. There's probably a more elegant way to do this but it's worked for me. It'd need to be tweaked slightly for UDP, or for fragmented payloads, etc. but you get the idea: diff --git a/zeek-docker.sh b/zeek-docker.sh index 5867fc2..6081220 100755 --- a/zeek-docker.sh +++ b/zeek-docker.sh @@ -49,7 +49,7 @@ while IFS='=' read -r ZEEK_ENV_VAR value ; do fi done < <(env) -ZEEK_IMAGE=${ZEEK_IMAGE:-oci.guero.top/zeek:latest} +ZEEK_IMAGE=${ZEEK_IMAGE:-oci.guero.org/zeek:latest} IMAGE_ARCH_SUFFIX="$(uname -m | sed 's/^x86_64$//' | sed 's/^arm64$/-arm64/' | sed 's/^aarch64$/-arm64/')" [[ -n "$IMAGE_ARCH_SUFFIX" ]] && [[ "$ZEEK_IMAGE" != *"$IMAGE_ARCH_SUFFIX" ]] && ZEEK_IMAGE="${ZEEK_IMAGE}${IMAGE_ARCH_SUFFIX}" export ZEEK_IMAGE