{"id":47123,"date":"2023-08-03T15:28:38","date_gmt":"2023-01-01T08:59:11","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/"},"modified":"2024-04-30T16:47:51","modified_gmt":"2024-04-30T08:47:51","slug":"%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/","title":{"rendered":"\u4f7f\u7528Ubuntu 18.04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08RPOT\uff09"},"content":{"rendered":"<h1>\u5b89\u88c5\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177<\/h1>\n<h2>\u7b80\u8ff0<\/h2>\n<p>\u5728\u5b89\u88c5 Real-time Packet Observation Tool\uff08RPOT\uff09\u65f6\uff0c\u8bf7\u53c2\u8003 README.md \u6587\u4ef6\u3002\u539f\u6587\u4e2d\u7701\u7565\u4e86\u4e00\u4e9b\u5185\u5bb9\uff0c\u4f46\u4e0b\u9762\u8bb0\u5f55\u4e86\u6240\u6709\u7528\u4e8e\u5b89\u88c5\u8fc7\u7a0b\u7684\u547d\u4ee4\uff08\u4e2d\u95f4\u7684\u8f93\u51fa\u7ed3\u679c\u5df2\u7ecf\u9002\u5f53\u7701\u7565\uff09\u3002<\/p>\n<h2>\u73af\u5883<\/h2>\n<p>\u6839\u636e\u89e3\u6790\u7684pcap\u6587\u4ef6\u7684\u5927\u5c0f\uff0c\u8fd9\u662f\u4e00\u4e2a\u975e\u5e38\u91cd\u7684\u5e94\u7528\u7a0b\u5e8f\u3002<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">ubuntu 18.04<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">core-i5 \u30e1\u30e2\u30ea 8G<\/ul>\n<h2>\u5b89\u88c5<\/h2>\n<p>docker-compose \u3068\u5fc5\u8981\u306a\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/p>\n<p>apt_install_docker-compose<br \/>\n[yamachan@ubuntu ~]$ sudo su<br \/>\n[sudo] yamachan \u306e\u30d1\u30b9\u30ef\u30fc\u30c9:<br \/>\n[root@ubuntu yamachan]# apt update<br \/>\n&#8211; \u7565 &#8211;<br \/>\n[root@ubuntu yamachan]# apt upgrade<br \/>\n&#8211; \u7565 &#8211;<br \/>\n\u7d9a\u884c\u3057\u307e\u3059\u304b? [Y\/n] y<br \/>\n&#8211; \u7565 &#8211;<br \/>\n[root@ubuntu yamachan]# apt install docker-compose<br \/>\n\u30d1\u30c3\u30b1\u30fc\u30b8\u30ea\u30b9\u30c8\u3092\u8aad\u307f\u8fbc\u3093\u3067\u3044\u307e\u3059&#8230; \u5b8c\u4e86<br \/>\n\u4f9d\u5b58\u95a2\u4fc2\u30c4\u30ea\u30fc\u3092\u4f5c\u6210\u3057\u3066\u3044\u307e\u3059<br \/>\n\u72b6\u614b\u60c5\u5831\u3092\u8aad\u307f\u53d6\u3063\u3066\u3044\u307e\u3059&#8230; \u5b8c\u4e86<br \/>\n\u4ee5\u4e0b\u306e\u8ffd\u52a0\u30d1\u30c3\u30b1\u30fc\u30b8\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u307e\u3059:<br \/>\nbridge-utils cgroupfs-mount docker.io golang-docker-credential-helpers pigz python-asn1crypto python-backports.ssl-match-hostname python-cached-property<br \/>\npython-certifi python-cffi-backend python-chardet python-cryptography python-docker python-dockerpty python-dockerpycreds python-docopt python-enum34<br \/>\npython-funcsigs python-functools32 python-idna python-ipaddress python-jsonschema python-mock python-openssl python-pbr python-pkg-resources python-requests<br \/>\npython-six python-texttable python-urllib3 python-websocket python-yaml ubuntu-fan<br \/>\n\u63d0\u6848\u30d1\u30c3\u30b1\u30fc\u30b8:<br \/>\naufs-tools btrfs-progs debootstrap docker-doc rinse python-cryptography-doc python-cryptography-vectors python-enum34-doc python-funcsigs-doc python-mock-doc<br \/>\npython-openssl-doc python-openssl-dbg python-setuptools python-socks python-ntlm<br \/>\n\u4ee5\u4e0b\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u304c\u65b0\u305f\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u307e\u3059:<br \/>\nbridge-utils cgroupfs-mount docker-compose docker.io golang-docker-credential-helpers pigz python-asn1crypto python-backports.ssl-match-hostname<br \/>\npython-cached-property python-certifi python-cffi-backend python-chardet python-cryptography python-docker python-dockerpty python-dockerpycreds python-docopt<br \/>\npython-enum34 python-funcsigs python-functools32 python-idna python-ipaddress python-jsonschema python-mock python-openssl python-pbr python-pkg-resources<br \/>\npython-requests python-six python-texttable python-urllib3 python-websocket python-yaml ubuntu-fan<br \/>\n\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9: 0 \u500b\u3001\u65b0\u898f\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb: 34 \u500b\u3001\u524a\u9664: 0 \u500b\u3001\u4fdd\u7559: 0 \u500b\u3002<br \/>\n42.3 MB \u306e\u30a2\u30fc\u30ab\u30a4\u30d6\u3092\u53d6\u5f97\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\n\u3053\u306e\u64cd\u4f5c\u5f8c\u306b\u8ffd\u52a0\u3067 207 MB \u306e\u30c7\u30a3\u30b9\u30af\u5bb9\u91cf\u304c\u6d88\u8cbb\u3055\u308c\u307e\u3059\u3002<br \/>\n\u7d9a\u884c\u3057\u307e\u3059\u304b? [Y\/n] y<br \/>\n\u7565<br \/>\n[root@ubuntu yamachan]# exit<br \/>\nexit<\/p>\n<p>README.md \u306e\u3068\u304a\u308a\u30b9\u30ec\u30c3\u30c9\u306e\u4e0a\u9650\u3092\u3042\u3052\u308b<\/p>\n<p>\u8a73\u3057\u304f\u306f Linux \u306b\u304a\u3051\u308b\u30b9\u30ec\u30c3\u30c9\u6570\u306e\u4e0a\u9650 \u306a\u3069\u3092\u53c2\u7167<\/p>\n<p>max_map_count<br \/>\n[yamachan@ubuntu ~]$ cat \/proc\/sys\/vm\/max_map_count<br \/>\n65530<br \/>\n[yamachan@ubuntu ~]$ echo &#8216;vm.max_map_count = 262144&#8217; | sudo tee -a \/etc\/sysctl.conf<br \/>\n[sudo] yamachan \u306e\u30d1\u30b9\u30ef\u30fc\u30c9:<br \/>\nvm.max_map_count = 262144<br \/>\n[yamachan@ubuntu ~]$ sudo sysctl -p<br \/>\nvm.max_map_count = 262144<br \/>\n[yamachan@ubuntu ~]$ cat \/proc\/sys\/vm\/max_map_count<br \/>\n262144<\/p>\n<p>\u3053\u3053\u3067 docker-compose pull \u3092\u5b9f\u884c\u3057\u3066\u3082\u5931\u6557\u3057\u307e\u3059\u3002\u3042\u305f\u308a\u307e\u3048\u304b\u3002<\/p>\n<p>git_clone<br \/>\n[yamachan@ubuntu ~]$ docker-compose pull<br \/>\nERROR:<br \/>\nCan&#8217;t find a suitable configuration file in this directory or any<br \/>\nparent. Are you in the right directory?<\/p>\n<p>Supported filenames: docker-compose.yml, docker-compose.yaml<\/p>\n<p>git \u30ec\u30dd\u30b8\u30c8\u30ea\u3088\u308a\u3001rpot \u3092 clone \u3057\u307e\u3059\u3002<\/p>\n<p>clone \u3057\u305f\u3089\u3001docker-compose pull \u3092\u5b9f\u884c\u3059\u308b\u3082\u5931\u6557\u3001\u306a\u305c\u3060\u3002<\/p>\n<p>git_clone<br \/>\n[yamachan@ubuntu ~]$ git clone https:\/\/github.com\/super-a1ice\/rpot.git<br \/>\nCloning into &#8216;rpot&#8217;&#8230;<br \/>\nremote: Enumerating objects: 308, done.<br \/>\nremote: Total 308 (delta 0), reused 0 (delta 0), pack-reused 308<br \/>\nReceiving objects: 100% (308\/308), 25.44 MiB | 1.92 MiB\/s, done.<br \/>\nResolving deltas: 100% (129\/129), done.<\/p>\n<p>[yamachan@ubuntu ~]$ cd rpot\/<br \/>\n[yamachan@ubuntu rpot]$ docker-compose pull<br \/>\nPulling zookeeper (wurstmeister\/zookeeper:latest)&#8230;<br \/>\nERROR: Couldn&#8217;t connect to Docker daemon at http+docker:\/\/localunixsocket &#8211; is it running?<\/p>\n<p>If it&#8217;s at a non-standard location, specify the URL with the DOCKER_HOST environment variable.<\/p>\n<p>\u3053\u306e\u554f\u984c\u306e\u89e3\u6c7a\u306b\u306f\u3001\u5358\u306b docker \u30b0\u30eb\u30fc\u30d7\u306b\u81ea\u8eab\u3092\u52a0\u3048\u308c\u3070\u3044\u3044\u3068\u3044\u3046\u8a18\u4e8b\u304c\u591a\u3044\u4e2d If you faced an issue like \u201cCouldn\u2019t connect to Docker daemon at http+docker:\/\/localunixsocket\u200a\u2014\u200ais it running?\u201d\u2026 \u304c\u89aa\u5207\u306b\u8aac\u660e\u3057\u3066\u3044\u308b\u306e\u3067\u305d\u306e\u901a\u308a\u306b\u8abf\u3079\u3066\u307f\u308b<\/p>\n<p>\u307e\u305a\u306f docker daemon \u304c\u52d5\u3044\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3001\u3069\u3046\u3084\u3089\u307e\u3068\u3082\u306b\u52d5\u3044\u3066\u3044\u308b\u3063\u307d\u3044<\/p>\n<p>Check_docker_operation<br \/>\n[yamachan@ubuntu rpot]$ sudo service docker status<br \/>\n\u25cf docker.service &#8211; Docker Application Container Engine<br \/>\nLoaded: loaded (\/lib\/systemd\/system\/docker.service; disabled; vendor preset: enabled)<br \/>\nActive: active (running) since Thu 2019-01-10 10:05:33 JST; 19min ago<br \/>\nDocs: https:\/\/docs.docker.com<br \/>\nMain PID: 26791 (dockerd)<br \/>\nTasks: 30<br \/>\nCGroup: \/system.slice\/docker.service<br \/>\ntq26791 \/usr\/bin\/dockerd -H fd:\/\/<br \/>\nmq26815 docker-containerd &#8211;config \/var\/run\/docker\/containerd\/containerd.toml<\/p>\n<p>1\u6708 10 10:05:31 ubuntu dockerd[26791]: time=&#8221;2019-01-10T10:05:31.803620849+09:00&#8243; level=info msg=&#8221;pickfirstBalancer: HandleSubConnStateChange: 0xc42023<br \/>\n1\u6708 10 10:05:31 ubuntu dockerd[26791]: time=&#8221;2019-01-10T10:05:31.803871119+09:00&#8243; level=info msg=&#8221;pickfirstBalancer: HandleSubConnStateChange: 0xc42023<br \/>\n1\u6708 10 10:05:31 ubuntu dockerd[26791]: time=&#8221;2019-01-10T10:05:31.803955441+09:00&#8243; level=info msg=&#8221;Loading containers: start.&#8221;<br \/>\n1\u6708 10 10:05:32 ubuntu dockerd[26791]: time=&#8221;2019-01-10T10:05:32.523214514+09:00&#8243; level=info msg=&#8221;Default bridge (docker0) is assigned with an IP addre<br \/>\n1\u6708 10 10:05:32 ubuntu dockerd[26791]: time=&#8221;2019-01-10T10:05:32.920223182+09:00&#8243; level=info msg=&#8221;Loading containers: done.&#8221;<br \/>\n1\u6708 10 10:05:32 ubuntu dockerd[26791]: time=&#8221;2019-01-10T10:05:32.985440077+09:00&#8243; level=warning msg=&#8221;failed to retrieve docker-runc version: unknown ou<br \/>\n1\u6708 10 10:05:32 ubuntu dockerd[26791]: time=&#8221;2019-01-10T10:05:32.989692423+09:00&#8243; level=info msg=&#8221;Docker daemon&#8221; commit=e68fc7a graphdriver(s)=zfs vers<br \/>\n1\u6708 10 10:05:32 ubuntu dockerd[26791]: time=&#8221;2019-01-10T10:05:32.992411718+09:00&#8243; level=info msg=&#8221;Daemon has completed initialization&#8221;<br \/>\n1\u6708 10 10:05:33 ubuntu dockerd[26791]: time=&#8221;2019-01-10T10:05:33.160966540+09:00&#8243; level=info msg=&#8221;API listen on \/var\/run\/docker.sock&#8221;<br \/>\n1\u6708 10 10:05:33 ubuntu systemd[1]: Started Docker Application Container Engine.<\/p>\n<p>\u6b21\u306b socket \u306e\u6a29\u9650\u3001\u81ea\u8eab\uff08yamachan\uff09\u306b\u6a29\u9650\u304c\u306a\u3044\u306e\u3067\u52a0\u3048\u308b\u3001\u30b0\u30eb\u30fc\u30d7\u3092\u6709\u52b9\u306b\u3059\u308b\u305f\u3081\u30b7\u30a7\u30eb\u304b\u3089\u629c\u3051\u307e\u3059<\/p>\n<p>Add_to_docker_group<br \/>\n[yamachan@ubuntu rpot]$ sudo ls -la \/var\/run\/docker.sock<br \/>\nsrw-rw&#8212;- 1 root docker 0 1\u6708 10 10:05 \/var\/run\/docker.sock<br \/>\n[yamachan@ubuntu rpot]$ sudo usermod -aG docker ${USER}<br \/>\n[yamachan@ubuntu rpot]$ exit<br \/>\nexit<\/p>\n<p>\u518d\u3073\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3001docker \u30b0\u30eb\u30fc\u30d7\u306b\u81ea\u8eab\uff08yamachan\uff09\u304c\u52a0\u308f\u3063\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u3001<\/p>\n<p>docker-compose pull \uff08\u6570\u767e\u30e1\u30ac\u5f15\u3063\u5f35\u3063\u3066\u304d\u307e\u3059\u306e\u3067\u5f85\u3061\u307e\u3059\uff09<\/p>\n<p>docker-compose_pull<br \/>\n[yamachan@ubuntu ~]$ id<br \/>\nuid=1000(yamachan) gid=1000(yamachan) groups=1000(yamachan),4(adm),20(dialout),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare),127(vboxusers),133(docker),10000(admin),10001(public)<br \/>\n[yamachan@ubuntu ~]$ cd rpot\/<br \/>\n[yamachan@ubuntu rpot]$ docker-compose pull<br \/>\nPulling zookeeper (wurstmeister\/zookeeper:latest)&#8230;<br \/>\nlatest: Pulling from wurstmeister\/zookeeper<br \/>\n\u7565<br \/>\nDigest: sha256:f8122897f0a30b314234151789cc4b69dc579762ee9a380faa83b67a4b5bad99<br \/>\nStatus: Downloaded newer image for tatsui\/bro:latest<\/p>\n<p>docker-compose up manager \uff08\u7acb\u3061\u4e0a\u304c\u308b\u307e\u3067 90 \u79d2\u304f\u3089\u3044\u304b\u304b\u308a\u307e\u3059\uff09<\/p>\n<p>docker-compose_up_manager<br \/>\n[yamachan@ubuntu rpot]$ docker-compose up manager<br \/>\nelasticsearch is up-to-date<br \/>\nrpot_zookeeper_1 is up-to-date<br \/>\nrpot_kafka_1 is up-to-date<br \/>\nrpot_logstash_1 is up-to-date<br \/>\nCreating rpot_kibana_1 &#8230;<br \/>\nCreating rpot_kibana_1 &#8230; done<br \/>\nCreating rpot_manager_1 &#8230;<br \/>\nCreating rpot_manager_1 &#8230; done<br \/>\nAttaching to rpot_manager_1<br \/>\n\u7565<br \/>\nmanager_1 | {&#8220;acknowledged&#8221;:true}rpot_manager_1 exited with code 0<br \/>\n[yamachan@ubuntu rpot]$<\/p>\n<p>docker-compose up bro \u3053\u3053\u3067\u306f\u89e3\u6790\u5bfe\u8c61 pcap \u30d5\u30a1\u30a4\u30eb\u304c\u306a\u3044\u3068\u6012\u3089\u308c\u307e\u3059\u3002<\/p>\n<p>\u305d\u3046\u3044\u3048\u3070 README.md \u306b step 1 copy or mount pcap file directory \u3068\u304b\u3044\u3066\u3042\u308a\u307e\u3057\u305f\u306d&#8230; \u3057\u304b\u3057\u30b3\u30d4\u30fc\u5148\u306e pcap \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c git clone \u306e\u3068\u304d\u306f\u306a\u304b\u3063\u305f\u3051\u3069<\/p>\n<p>docker-compose_up_bro<br \/>\n[yamachan@ubuntu rpot]$ docker-compose up bro<br \/>\nelasticsearch is up-to-date<br \/>\nrpot_zookeeper_1 is up-to-date<br \/>\nrpot_kafka_1 is up-to-date<br \/>\nrpot_logstash_1 is up-to-date<br \/>\nCreating rpot_bro_1 &#8230;<br \/>\nCreating rpot_bro_1 &#8230; done<br \/>\nAttaching to rpot_bro_1<br \/>\nbro_1 | ls: cannot access &#8216;*.pcap&#8217;: No such file or directory<br \/>\nrpot_bro_1 exited with code 0<\/p>\n<p>\u898b\u3066\u307f\u308b\u3068\u3001docker-compose up bro \u5b9f\u884c\u6642\u306b pcap \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u4f5c\u3089\u308c\u3066\u3044\u308b<\/p>\n<p>Put_a_pcap_file_1<br \/>\n[yamachan@ubuntu rpot]$ ls -la<br \/>\n\u5408\u8a08 114<br \/>\ndrwxrwxr-x 13 yamachan yamachan 20 1\u6708 10 11:24 .<br \/>\ndrwxr-xr-x 51 yamachan yamachan 77 1\u6708 10 11:15 ..<br \/>\ndrwxrwxr-x 8 yamachan yamachan 13 1\u6708 10 10:15 .git<br \/>\n-rw-rw-r&#8211; 1 yamachan yamachan 64 1\u6708 10 10:15 .gitignore<br \/>\n-rw-rw-r&#8211; 1 yamachan yamachan 87 1\u6708 10 10:15 .gitmodules<br \/>\n-rw-rw-r&#8211; 1 yamachan yamachan 11337 1\u6708 10 10:15 LICENSE<br \/>\n-rw-rw-r&#8211; 1 yamachan yamachan 3129 1\u6708 10 10:15 README.md<br \/>\ndrwxrwxr-x 11 yamachan yamachan 11 1\u6708 10 10:15 antivirus<br \/>\ndrwxrwxr-x 3 yamachan yamachan 5 1\u6708 10 10:15 bro<br \/>\ndrwxrwxr-x 3 yamachan yamachan 3 1\u6708 10 10:15 doc<br \/>\n-rw-rw-r&#8211; 1 yamachan yamachan 2034 1\u6708 10 10:15 docker-compose-hunting.yml<br \/>\n-rw-rw-r&#8211; 1 yamachan yamachan 4161 1\u6708 10 10:15 docker-compose-scale.yml<br \/>\n-rw-rw-r&#8211; 1 yamachan yamachan 2507 1\u6708 10 10:15 docker-compose.yml<br \/>\ndrwxr-xr-x 2 root root 2 1\u6708 10 11:24 extract_files<br \/>\ndrwxrwxr-x 3 yamachan yamachan 9 1\u6708 10 10:15 logstash<br \/>\ndrwxrwxr-x 4 yamachan yamachan 7 1\u6708 10 10:15 manager<br \/>\ndrwxr-xr-x 2 root root 2 1\u6708 10 11:24 pcap<br \/>\ndrwxrwxr-x 4 yamachan yamachan 8 1\u6708 10 10:15 suricata<br \/>\ndrwxrwxr-x 3 yamachan yamachan 5 1\u6708 10 10:15 yara<br \/>\ndrwxrwxr-x 2 yamachan yamachan 5 1\u6708 10 10:15 yara-gen<\/p>\n<p>pcap \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u6a29\u9650\u304c\u306a\u3044\u306e\u3067\u5909\u66f4\u3057\u3001<br \/>\n\u3042\u3089\u304b\u3058\u3081\u7528\u610f\u3057\u3066\u3044\u305f\u89e3\u6790\u7528\u30d5\u30a1\u30a4\u30eb\uff08example.pcap\uff09\u3092 pcap \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u5165\u308c\u3001<\/p>\n<p>docker-compose up bro \u3067\u8d77\u52d5\u3057\u307e\u3059<\/p>\n<p>Put_a_pcap_file_2<br \/>\n[yamachan@ubuntu rpot]$ sudo chown -R yamachan:yamachan pcap extract_files<br \/>\n[yamachan@ubuntu rpot]$ mv ~\/example.pcap pcap<br \/>\n[yamachan@ubuntu rpot]$ docker-compose up bro<br \/>\nrpot_zookeeper_1 is up-to-date<br \/>\nelasticsearch is up-to-date<br \/>\nrpot_kafka_1 is up-to-date<br \/>\nrpot_logstash_1 is up-to-date<br \/>\nStarting rpot_bro_1 &#8230;<br \/>\nStarting rpot_bro_1 &#8230; done<br \/>\nAttaching to rpot_bro_1<br \/>\nbro_1 | scan example.pcap standard mode<br \/>\nbro_1 | packet_filter\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | loaded_scripts\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | 1544593781.729090 reporter\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | 1544593781.729090 stats\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | 1544593784.054183 weird\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | 1544593787.078383 conn\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | 1544593791.991236 dns\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | 1544593828.634234 files\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | 1544593828.634234 http\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | 1544593838.324624 capture_loss\/Log::WRITER_KAFKAWRITER: Debug is turned off.<br \/>\nbro_1 | WARNING: No Site::local_nets have been defined. It&#8217;s usually a good idea to define your local networks.<br \/>\nrpot_bro_1 exited with code 0<\/p>\n<p>README.md \u306b\u306flocalhost \u3092\u30d6\u30e9\u30a6\u30b6\u3067\u898b\u308d\uff08ttp:\/\/localhost:5601\uff09\u3068\u3042\u308a\u307e\u3059\u304c localhost \u4ee5\u5916\u3067\u3082\u898b\u308c\u306a\u3044\u304b\u3069\u3046\u78ba\u8a8d\u3057\u307e\u3059<\/p>\n<p>\u3069\u3053\u304b\u3089\u3067\u3082 OK \u306a\u3088\u3046\u3067\u3059\u3002<\/p>\n<p>Check_access_permission<br \/>\n[yamachan@ubuntu rpot]$ sudo lsof -i | grep 5601<br \/>\ndocker-pr 26590 root 4u IPv6 66894 0t0 TCP *:5601 (LISTEN)<\/p>\n<p>\u73fe\u5728\u306e IP \u30a2\u30c9\u30ec\u30b9\u3092\u8abf\u3079\u3066\u30d6\u30e9\u30a6\u30b6\u304b\u3089 ttp:\/\/192.168.1.199:5601\uff08\u79c1\u306e\u5834\u5408\uff09\u306b\u30a2\u30af\u30bb\u30b9\u3057\u307e\u3059<\/p>\n<p>[yamachan@ubuntu rpot]$ ifconfig | grep -1 eno1<\/p>\n<p>eno1: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt; mtu 1500<br \/>\ninet 192.168.1.199 netmask 255.255.255.0 broadcast 192.168.1.255<\/p>\n<p>kibana \u306e\u753b\u9762\u304c\u51fa\u3066\u304d\u307e\u3059<\/p>\n<p>\u3068\u3081\u307e\u3059<\/p>\n<p>docker-compose_down<br \/>\n[yamachan@ubuntu rpot]$ docker-compose down -v<br \/>\nStopping rpot_logstash_1 &#8230; done<br \/>\nStopping rpot_kafka_1 &#8230; done<br \/>\nStopping rpot_kibana_1 &#8230; done<br \/>\nStopping rpot_zookeeper_1 &#8230; done<br \/>\nStopping elasticsearch &#8230; done<br \/>\nRemoving rpot_bro_1 &#8230; done<br \/>\nRemoving rpot_manager_1 &#8230; done<br \/>\nRemoving rpot_logstash_1 &#8230; done<br \/>\nRemoving rpot_kafka_1 &#8230; done<br \/>\nRemoving rpot_kibana_1 &#8230; done<br \/>\nRemoving rpot_zookeeper_1 &#8230; done<br \/>\nRemoving elasticsearch &#8230; done<br \/>\nRemoving network rpot_frontend<br \/>\nRemoving network rpot_backend<br \/>\nRemoving volume rpot_rules-data<br \/>\nRemoving volume rpot_json-data<br \/>\nRemoving volume rpot_es-data<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5b89\u88c5\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177 \u7b80\u8ff0 \u5728\u5b89\u88c5 Real-time Packet Observation Tool\uff08RP [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-47123","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u4f7f\u7528Ubuntu 18.04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08RPOT\uff09 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528ubuntu-18-04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08rpot\uff09\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528Ubuntu 18.04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08RPOT\uff09\" \/>\n<meta property=\"og:description\" content=\"\u5b89\u88c5\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177 \u7b80\u8ff0 \u5728\u5b89\u88c5 Real-time Packet Observation Tool\uff08RP [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528ubuntu-18-04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08rpot\uff09\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-01T08:59:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-30T08:47:51+00:00\" \/>\n<meta name=\"author\" content=\"\u96c5, \u609f\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u96c5, \u609f\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/\",\"name\":\"\u4f7f\u7528Ubuntu 18.04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08RPOT\uff09 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-01-01T08:59:11+00:00\",\"dateModified\":\"2024-04-30T08:47:51+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/f044a4b7fa4ee2701702942002419ca6\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528Ubuntu 18.04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08RPOT\uff09\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/f044a4b7fa4ee2701702942002419ca6\",\"name\":\"\u96c5, \u609f\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e71a913e914f1aad1efc391f92084294bac54bc782acd289638580134cf667a6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e71a913e914f1aad1efc391f92084294bac54bc782acd289638580134cf667a6?s=96&d=mm&r=g\",\"caption\":\"\u96c5, \u609f\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/yawu\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528Ubuntu 18.04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08RPOT\uff09 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528ubuntu-18-04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08rpot\uff09\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528Ubuntu 18.04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08RPOT\uff09","og_description":"\u5b89\u88c5\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177 \u7b80\u8ff0 \u5728\u5b89\u88c5 Real-time Packet Observation Tool\uff08RP [&hellip;]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528ubuntu-18-04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08rpot\uff09\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-01-01T08:59:11+00:00","article_modified_time":"2024-04-30T08:47:51+00:00","author":"\u96c5, \u609f","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u96c5, \u609f","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"6 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/","name":"\u4f7f\u7528Ubuntu 18.04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08RPOT\uff09 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-01-01T08:59:11+00:00","dateModified":"2024-04-30T08:47:51+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/f044a4b7fa4ee2701702942002419ca6"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528Ubuntu 18.04\u64cd\u4f5c\u7cfb\u7edf\u6765\u8fd0\u884c\u5b9e\u65f6\u6570\u636e\u5305\u89c2\u6d4b\u5de5\u5177\uff08RPOT\uff09"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/f044a4b7fa4ee2701702942002419ca6","name":"\u96c5, \u609f","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e71a913e914f1aad1efc391f92084294bac54bc782acd289638580134cf667a6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e71a913e914f1aad1efc391f92084294bac54bc782acd289638580134cf667a6?s=96&d=mm&r=g","caption":"\u96c5, \u609f"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/yawu\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8ubuntu-18-04%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e6%9d%a5%e8%bf%90%e8%a1%8c%e5%ae%9e%e6%97%b6%e6%95%b0%e6%8d%ae%e5%8c%85%e8%a7%82%e6%b5%8b%e5%b7%a5%e5%85%b7%ef%bc%88rpot%ef%bc%89\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/47123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=47123"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/47123\/revisions"}],"predecessor-version":[{"id":93092,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/47123\/revisions\/93092"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=47123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=47123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=47123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}