initial commit

README.md

@@ -0,0 +1,2 @@
+# What is ist
+Odin is an all-in-one NSM 

containers/elasticsearch

@@ -0,0 +1,97 @@
+#!/bin/bash
+# Configure Elasticsearch for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export IP=$(ip route | awk '/src/{print $9}')
+echo "elasticsearch" >/etc/hostname
+echo -e "${IP}\telasticsearch" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove snapd lxd -y
+apt-get upgrade -y
+apt-get install -y htop wget default-jre python-pip
+
+wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
+echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" >/etc/apt/sources.list.d/elastic-5.x.list
+apt-get update
+apt-get install elasticsearch -y
+apt-get clean
+pip install elasticsearch-curator
+
+sed -i 's/#cluster.name: my-application/cluster.name: odin/g' /etc/elasticsearch/elasticsearch.yml
+sed -i 's/#node.name: node-1/node.name: node-1/g' /etc/elasticsearch/elasticsearch.yml
+sed -i 's/#bootstrap.memory_lock: true/bootstrap.memory_lock: true/g' /etc/elasticsearch/elasticsearch.yml
+sed -i "s/#network.host: 192.168.0.1/network.host: ${IP}/g" /etc/elasticsearch/elasticsearch.yml
+
+sed -i 's/-Xms2g/-Xms8g/g' /etc/elasticsearch/jvm.options
+sed -i 's/-Xmx2g/-Xmx8g/g' /etc/elasticsearch/jvm.options
+
+mkdir /etc/curator/
+cat >/etc/curator/delete_indices.yml <<EOF
+---
+actions:
+  1:
+    action: delete_indices
+    description: >-
+      Delete indices older than 30 days for odin- prefixed indices.
+    options:
+      ignore_empty_list: True
+      timeout_override:
+      continue_if_exception: False
+      disable_action: False
+    filters:
+    - filtertype: pattern
+      kind: prefix
+      value: odin-
+      exclude:
+    - filtertype: age
+      source: name
+      direction: older
+      timestring: '%Y.%m.%d'
+      unit: days
+      unit_count: 30
+      exclude:
+EOF
+
+cat >/etc/curator/curator.yml<<EOF
+---
+client:
+  hosts:
+    - elasticsearch
+  port: 9200
+  url_prefix:
+  use_ssl: False
+  certificate:
+  client_cert:
+  client_key:
+  ssl_no_validate: False
+  http_auth:
+  timeout: 30
+  master_only: False
+
+logging:
+  loglevel: INFO
+  logfile:
+  logformat: default
+  blacklist: ['elasticsearch', 'urllib3']
+EOF
+
+cat > /etc/cron.daily/curator <<EOF
+#!/bin/bash
+/usr/local/bin/curator /etc/curator/delete_index.yml --config /etc/curator/curator.yml
+EOF
+chmod +x /etc/cron.daily/curator
+
+apt-get install -y prometheus-node-exporter
+
+systemctl enable elasticsearch
+systemctl start elasticsearch
+echo -e "\e[0m"

containers/fouroneone

@@ -0,0 +1,129 @@
+#!/bin/bash
+# Configure Etsy 411 for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export CONF_411=https://gist.githubusercontent.com/scoutsec/4a4841ad4ea019190bfcc7d87b663600/raw/4424e66e50033c2e72559310a7bd25d8e959f023/411.conf
+export FOUR11_URL=https://github.com/etsy/411/releases/download/v1.4.0/release-es5x.tgz
+export IP=$(ip route | awk '/src/{print $9}')
+echo "fouroneone" >/etc/hostname
+echo -e "${IP}\tfouroneone" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove -y snapd lxd
+apt-get upgrade -y
+apt-get install -y htop  wget unzip apache2 libapache2-mod-php php-xml php7.0-mbstring php7.0-sqlite php7.0-curl sqlite3
+apt-get clean
+
+curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
+a2enmod rewrite headers ssl
+wget -O /tmp/411.conf ${CONF_411}
+sed -i 's/HOSTNAME/fouroneone/g' /tmp/411.conf
+mv /tmp/411.conf /etc/apache2/sites-available/411.conf
+
+cd /tmp
+openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
+openssl rsa -passin pass:x -in server.pass.key -out server.key
+rm server.pass.key
+openssl req -new -key server.key -out server.csr \
+  -subj "/C=US/ST=Ohio/L=Lima/O=SecOps/OU=Odin/CN=fouroneone"
+openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+mv server.crt /etc/ssl/certs/411.pem
+mv server.key /etc/ssl/private/411.key
+
+a2dissite 000-default
+a2ensite 411
+systemctl restart apache2
+
+wget -O /tmp/411.tgz ${FOUR11_URL}
+mkdir /var/www/411; sudo tar -xzf /tmp/411.tgz -C /var/www/411
+chown -R www-data:www-data /var/www/411
+cd /var/www/411/
+sudo -u www-data composer install --no-dev --optimize-autoloader
+apt-get install -y prometheus-node-exporter
+
+cat >config.php <<EOF
+<?php
+\$config = [];
+\$config['auth'] = [
+    'proxy' => [
+        'enabled' => false,
+        'header' => null,
+        'auto_create' => false,
+        'domain' =>null,
+    ],
+    'api' => [
+        'enabled' => true
+    ]
+];
+
+\$config['db'] = [
+    'dsn' => 'sqlite:' . realpath(__DIR__ . '/data.db'),
+    'user' => 'root',
+    'pass' => null,
+];
+
+\$config['elasticsearch'] = [
+    'alerts' => [
+        'hosts' => ['http://elasticsearch'],
+        'index_hosts' => [],
+        'ssl_cert' => null,
+        'index' => 411,
+        'date_based' => false,
+        'date_interval' => null,
+        'date_field' => 'alert_date',
+        'date_type' => null,
+        'src_url' => null,
+    ],
+    'odin' => [
+        'hosts' => ['http://elasticsearch'],
+        'index_hosts' => [],
+        'ssl_cert' => null,
+        'index'=> '[odin-]Y.m.d',
+        'date_based' => true,
+        'date_interval' => 'd',
+        'date_field' => '@timestamp',
+        'date_type' => null,
+        'src_url' => null,
+    ],
+];
+
+\$config['graphite'] = [
+    'graphite' => [
+        'host' => null,
+    ],
+];
+
+\$config['threatexchange'] = [
+    'api_token' => null,
+    'api_secret' => null,
+];
+
+\$config['jira'] = [
+    'host' => null,
+    'user' => null,
+    'pass' => null,
+];
+
+\$config['slack'] = [
+    'webhook_url' => null
+];
+EOF
+
+sudo -u www-data sqlite3 data.db < db.sql
+sudo -u www-data bin/migration.php
+chown -R www-data:www-data /var/www/411
+cat >/etc/cron.d/411 <<EOF
+* * * * * www-data /var/www/411/bin/cron.php > /dev/null 2>&1 && /var/www/411/bin/worker.php > /dev/null 2>&1
+EOF
+systemctl restart cron
+sudo -u www-data /var/www/411/bin/create_site.php && sudo -u www-data /var/www/411/bin/create_user.php
+
+echo -e "\e[0m"

containers/fsf

@@ -0,0 +1,119 @@
+#!/bin/bash
+# Configure FSF for Odin
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export VT_KEY=99dfd41c7ff9cd406982f801f2393907678f562fb149a8e538d0680c14e0060a
+export FSF_URL="https://github.com/EmersonElectricCo/fsf/archive/master.zip"
+export IP=$(ip route | awk '/src/{print $9}')
+echo "fsf" >/etc/hostname
+echo -e "${IP}\tfsf" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove snapd lxd -y
+apt-get upgrade -y
+apt-get install -y jq htop wget python-pip
+
+wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
+echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" >/etc/apt/sources.list.d/elastic-5.x.list
+apt-get update
+apt-get install -y filebeat
+
+apt-get install -y python-yara autoconf dh-autoreconf python-dev \
+  libpython2.7-stdlib python-pip libffi-dev ssdeep python-ssdeep upx unrar \
+  libfuzzy-dev unzip libssl-dev net-tools cabextract python-pefile \
+  python-cffi yara python-yara
+
+pip install czipfile hachoir-parser hachoir-core hachoir-regex \
+  hachoir-metadata hachoir-subfile ConcurrentLogHandler pypdf2 xmltodict \
+  rarfile pylzma oletools pyasn1_modules pyasn1 pyelftools javatools \
+  requests git+https://github.com/aaronst/macholibre.git
+
+useradd -r -c "File Scanner" -m -d /opt/fsf -s /bin/true fsf
+cd /opt/fsf
+wget -O fsf.zip ${FSF_URL}
+unzip fsf.zip && rm fsf.zip
+touch scan.log
+mv fsf-master bin && chown -R fsf:fsf bin scan.log
+cd bin
+
+sed -i 's/FULL\/PATH\/TO\/fsf/opt\/fsf\/bin/g' /opt/fsf/bin/fsf-server/conf/config.py
+sed -i 's/tmp/opt\/fsf/g' /opt/fsf/bin/fsf-server/conf/config.py
+
+if [ ! -z ${VT_KEY} ]; then
+  echo " [*] Enabling VirusTotal Checks for PE and ELF files."
+  sed -i "s/YOUR API KEY HERE/${VT_KEY}/g" /opt/fsf/bin/fsf-server/modules/META_VT_INSPECT.py
+  sed -i "s/META_PE'/META_PE', 'META_VT_INSPECT'/g" /opt/fsf/bin/fsf-server/conf/disposition.py
+  sed -i "s/META_ELF'/META_ELF', 'META_VT_INSPECT'/g" /opt/fsf/bin/fsf-server/conf/disposition.py
+fi
+
+cat >/etc/logrotate.d/scanner <<EOF
+compress
+copytruncate
+
+/opt/fsf/*.log {
+        weekly
+        create 0664 fsf
+        rotate 3
+}
+EOF
+
+cat >/etc/systemd/system/fsf.service <<EOF
+[Unit]
+Description=Odin File Scanner
+Requires=network.target
+After=network.target
+
+[Service]
+Type=forking
+User=fsf
+Group=fsf
+PIDFile=/opt/fsf/scanner.pid
+ExecStart=/opt/fsf/bin/fsf-server/main.py start
+ExecStop=/opt/fsf/bin/fsf-server/main.py stop
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /etc/logrotate.d/scanner <<EOF
+compress
+copytruncate
+
+/opt/fsf/*.log {
+        weekly
+        create 0664 fsf
+        rotate 3
+}
+EOF
+
+cat > /etc/filebeat/filebeat.yml <<EOF
+filebeat.prospectors:
+- input_type: log
+  paths:
+    - /opt/fsf/scan.log
+  encoding: utf-8
+  tags: ["fsf"]
+  json.keys_under_root: true
+
+output.kafka:
+  hosts: ["kafka:9092"]
+  topic: 'fsf'
+
+  required_acks: 1
+  compression: gzip
+  max_message_bytes: 1000000
+EOF
+
+apt-get install -y prometheus-node-exporter
+
+systemctl daemon-reload
+systemctl enable fsf && systemctl enable filebeat 
+systemctl start fsf && systemctl start filebeat
+echo -e "\e[0m"

containers/graylog

@@ -0,0 +1,22 @@
+#!/bin/bash
+# Configure Logstash for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export IP=$(ip route | awk '/src/{print $9}')
+echo "logstash" >/etc/hostname
+echo -e "${IP}\tlogstash" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove snapd lxd -y
+apt-get upgrade -y
+apt-get install -y htop wget openjdk-8-jre-headless uuid-runtime pwgen mongodb-server prometheus-node-exporter
+
+echo -e "\e[0m"

containers/ids

@@ -0,0 +1,232 @@
+#!/bin/bash
+# Configure Elasticsearech for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export CRITSTACK_KEY=f9bc6af4-5cc6-4fa5-623b-b0906572d703
+export BRO_FACE=eth1
+export BRO_URL=https://www.bro.org/downloads/bro-2.5.2.tar.gz
+export BROPKG_URL=https://github.com/bro/package-manager/archive/master.zip
+export LIBKAFKA_URL=https://github.com/edenhill/librdkafka/archive/master.zip
+export FSF_URL=https://github.com/EmersonElectricCo/fsf/archive/master.zip
+export NCPU=$(grep processor /proc/cpuinfo |tail -1 |awk '/:/{print $3}') && let NCPU=$NCPU+1
+export IP=$(ip route | awk '/src/{print $9}')
+echo "bro" >/etc/hostname
+echo -e "${IP}\tbro" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove snapd lxd mdadm -y
+apt-get upgrade -y
+apt-get clean
+apt-get install -y htop wget cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev unzip python-pip  linux-headers-`uname -r`
+
+useradd -r -c "Bro IDS" -m -d /opt/bro -s /bin/bash bro
+
+cd /opt
+wget -O fsf.zip ${FSF_URL}
+unzip fsf.zip && rm fsf.zip
+mv fsf-master/fsf-client /opt/fsf
+rm -rf /opt/fsf-master /opt/master.zip
+sed -i 's/127.0.0.1/fsf/g' /opt/fsf/conf/config.py
+chown -R bro:bro /opt/fsf
+
+cd /usr/local/src
+wget -O bro.tgz ${BRO_URL}
+tar xzf bro.tgz
+rm bro.tgz
+mv bro-2* bro
+cd bro
+./configure --prefix=/opt/bro
+make -j${NCPU}
+make install
+
+cd ../
+wget -O librdkafka.zip ${LIBKAFKA_URL}
+unzip librdkafka.zip
+rm librdkafka.zip
+mv librdkafka-* librdkafka
+cd librdkafka
+./configure && make && make install
+
+cd /usr/local/src/bro/aux/plugins/kafka
+./configure && make && make install
+
+chown -R bro:bro /opt/bro
+#pip install bro-pkg -- currently out of date?
+cd /usr/local/src
+wget -O bropkg.zip ${BROPKG_URL}
+unzip bropkg.zip
+rm bropkg.zip
+mv package-manager* bro-pkg
+cd bro-pkg
+python setup.py install
+
+echo 'PATH="/opt/bro/bin:$PATH"' >> /etc/profile
+export PATH="/opt/bro/bin:$PATH"
+sudo -i -u bro env PATH=/opt/bro/bin:$PATH bro-pkg --verbose autoconfig
+sudo -i -u bro env PATH=/opt/bro/bin:$PATH bro-pkg --verbose refresh --aggregate
+sudo -i -u bro env PATH=/opt/bro/bin:$PATH bro-pkg --verbose install bro-af_packet-plugin --force
+
+sed -i 's/MailConnectionSummary = 1/MailConnectionSummary = 0/g' /opt/bro/etc/broctl.cfg
+sed -i 's/MinDiskSpace = 5/MinDiskSpace = 0/g' /opt/bro/etc/broctl.cfg
+sed -i 's/MailHostUpDown = 1/MailHostUpDown = 0/g' /opt/bro/etc/broctl.cfg
+sed -i 's/LogRotationInterval = 3600/LogRotationInterval = 86400/g' /opt/bro/etc/broctl.cfg
+sed -i 's/LogExpireInterval = 0/LogExpireInterval = 60/g' /opt/bro/etc/broctl.cfg
+sed -i 's/StatsLogExpireInterval = 0/StatsLogExpireInterval = 1/g' /opt/bro/etc/broctl.cfg
+
+cat >> /opt/bro/share/bro/site/local.bro <<EOF
+@load policy/protocols/smb
+@load packages
+@load policy/protocols/smb
+@load policy/protocols/conn/mac-logging
+@load policy/protocols/conn/vlan-logging
+@load Bro/Kafka/logs-to-kafka.bro
+redef Kafka::logs_to_send = set(Stats::LOG, Conn::LOG, DHCP::LOG, DNS::LOG, FTP::LOG, HTTP::LOG, IRC::LOG, KRB::LOG, NTLM::LOG, RADIUS::LOG, RDP::LOG, SIP::LOG, SMB::CMD_LOG, SMB::FILES_LOG, SMB::MAPPING_LOG, SMTP::LOG, SNMP::LOG, SOCKS::LOG, SSH::LOG, SSL::LOG, Syslog::LOG, Tunnel::LOG, Files::LOG, PE::LOG, X509::LOG, Intel::LOG, Notice::LOG, Software::LOG, Weird::LOG, CaptureLoss::LOG);
+redef Kafka::kafka_conf = table(
+    ["metadata.broker.list"] = "kafka:9092"
+);
+
+export
+{
+        const ext_map: table[string] of string = {
+                ["application/x-dosexec"] = "exe",
+                ["application/x-compress"] = "",
+                ["application/zip"] = "zip",
+                ["application/x-dmg"] = "dmg",
+                ["application/pdf"] = "pdf",
+                ["application/hta"] = "hta",
+                ["application/java-archive"] = "jar",
+                ["application/x-java-applet"] = "jar",
+                ["application/x-java-jnlp-file"] = "jnlp",
+                ["application/x-shockwave-flash"] = "swf",
+                ["application/vnd.ms-cab-compressed"] = "cab",
+                ["application/font-woff"] = "woff",
+                ["application/x-font-ttf"] = "ttf",
+                ["application/vnd.ms-fontobject"] = "eot",
+                ["application/x-font-sfn"] = "",
+                ["application/vnd.ms-opentype"] = "otf",
+                ["application/x-mif"] = "mif",
+                ["application/vnd.font-fontforge-sfd"] = "sfd",
+                ["application/msword"] = "doc",
+                ["application/vnd.openxmlformats-officedocument.wordprocessingml.document"] = "docx",
+                ["application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"] = "xlsx",
+                ["application/vnd.openxmlformats-officedocument.presentationml.presentation"] ="pptx",
+        } &redef &default="";
+}
+
+redef FileExtract::prefix = "/opt/bro/file_extract";
+
+event file_sniff(f: fa_file, meta: fa_metadata)
+{
+        local ext = "";
+
+        if ( meta?\$mime_type )
+        {
+                ext = ext_map[meta\$mime_type];
+        }
+
+        if ( ext == "" )
+        {
+                return;
+        }
+        # Hash the file for good measure
+        Files::add_analyzer(f, Files::ANALYZER_MD5);
+
+        local fname = fmt("%s-%s-%s", f\$source, f\$id, ext);
+        Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [\$extract_filename=fname, \$extract_limit=104857600]);
+}
+
+event file_state_remove(f: fa_file)
+{
+        if ( f\$info?\$extracted )
+        {
+                local scan_cmd = fmt("%s %s/%s", "/opt/fsf/fsf_client.py --delete --source EVision --suppress-report --archive all-on-alert", FileExtract::prefix, f\$info\$extracted);
+                system(scan_cmd);
+        }
+}
+EOF
+
+cat > /opt/bro/etc/node.cfg <<EOF
+[logger]
+type=logger
+host=localhost
+
+[manager]
+type=manager
+host=localhost
+
+[proxy-1]
+type=proxy
+host=localhost
+
+[odin]
+type=worker
+host=localhost
+interface=af_packet::${BRO_FACE}
+lb_method=custom
+lb_procs=4
+#pin_cpus=0,1,2,3
+af_packet_fanout_id=24
+af_packet_fanout_mode=AF_Packet::FANOUT_HASH
+EOF
+
+cat > /etc/network/interfaces.d/60-ids.cfg <<EOF
+auto eth1
+iface eth1 inet manual
+  up ifconfig ${BRO_FACE} -arp up
+  up ip link set ${BRO_FACE} promisc on
+  down ip link set ${BRO_FACE} promisc off
+  down ifconfig ${BRO_FACE} down
+  post-up for i in rx tx sg tso ufo gso gro lro; do ethtool -K ${BRO_FACE} \${i} off 2>/dev/null; done
+  post-up echo 1 > /proc/sys/net/ipv6/conf/${BRO_FACE}/disable_ipv6
+EOF
+ifup eth1
+
+cat >/etc/systemd/system/bro.service <<EOF
+[Unit]
+Description=Bro Network Intrusion Detection System (NIDS)
+After=network.target
+
+[Service]
+Type=forking
+User=bro
+Group=bro
+Environment=HOME=/opt/bro/spool
+ExecStart=/opt/bro/bin/broctl deploy
+ExecStop=/opt/bro/bin/broctl stop
+
+[Install]
+WantedBy=multi-user.target
+EOF
+chown -R bro:bro /opt/bro
+# Interesting note, a chown erases capabilities on files.
+# So we have to do it after the chown -R
+setcap cap_net_raw,cap_net_admin=eip /opt/bro/bin/bro
+
+
+if [ -z ${CRITSTACK_KEY} ]; then
+        log "Please provide your Critical Stack API key\!."
+        log "Not installing Critical Stack."
+        exit 0
+else
+        wget -q --no-check-certificate https://intel.criticalstack.com/client/critical-stack-intel-amd64.deb
+        dpkg -i critical-stack-intel-amd64.deb
+        export PATH="/opt/bro/bin:$PATH"
+        critical-stack-intel config --set=bro.path=/opt/bro #--set=app.user=bro
+        critical-stack-intel api ${CRITSTACK_KEY}
+        critical-stack-intel pull
+fi
+
+add-apt-repository -y -u ppa:oisf/suricata-stable
+apt-get install -y prometheus-node-exporter suricata
+
+systemctl enable bro
+systemctl start bro
+echo -e "\e[0m"

containers/kafka

@@ -0,0 +1,71 @@
+#!/bin/bash
+# Configure Apache Kafka for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export KAFKA_URL='http://apache.claz.org/kafka/0.11.0.0/kafka_2.11-0.11.0.0.tgz'
+export IP=$(ip route | awk '/src/{print $9}')
+echo "kafka" >/etc/hostname
+echo "${IP}\tkafka" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove snapd lxd -y
+apt-get upgrade -y
+apt-get install -y htop  wget default-jre zookeeperd prometheus-node-exporter
+
+useradd -r -d /opt/kafka -s /bin/true kafka
+mkdir /var/lib/kafka && chown kafka /var/lib/kafka
+wget -O /opt/kafka.tgz ${KAFKA_URL}
+tar -xzf /opt/kafka.tgz -C /opt
+rm /opt/kafka.tgz
+mv /opt/kafka_* /opt/kafka
+chown -R kafka /opt/kafka
+
+cat >/etc/systemd/system/kafka.service<<EOF
+[Unit]
+Description=Apache Kafka server (broker)
+Documentation=http://kafka.apache.org/documentation.html
+Requires=network.target
+After=network.target zookeeper.service
+
+[Service]
+Type=simple
+User=kafka
+Group=kafka
+Environment=JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre
+ExecStart=/opt/kafka/bin/kafka-server-start.sh /opt/kafka/config/server.properties
+ExecStop=/opt/kafka/bin/kafka-server-stop.sh
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+sed -i 's/#delete.topic.enable=true/delete.topic.enable=true/g' /opt/kafka/config/server.properties
+sed -i 's/log.dirs=\/tmp\/kafka-logs/log.dirs=\/var\/lib\/kafka/g' /opt/kafka/config/server.properties
+sed -i 's/log.dirs=\/tmp\/kafka-logs/log.dirs=\/var\/lib\/kafka/g' /opt/kafka/config/server.properties
+sed -i 's/#listeners=PLAINTEXT:\/\/:9092/listeners=PLAINTEXT:\/\/kafka:9092/g' /opt/kafka/config/server.properties
+
+cat >> /etc/cron.weekly/kafka_cleanup<<EOF
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+export PATH=\${PATH}:/opt/kafka/bin
+export zk="127.0.0.1:2181"
+
+for i in \$(kafka-topics.sh --list --zookeeper \${zk} |grep -v __consumer_offsets); do
+	kafka-topics.sh --zookeeper \${zk} --delete --topic \${i}
+done
+EOF
+
+apt-get install -y prometheus-node-exporter
+
+systemctl enable kafka
+systemctl start kafka
+echo -e "\e[0m"

containers/kibana

@@ -0,0 +1,36 @@
+#!/bin/bash
+# Configure Elasticsearch for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export IP=$(ip route | awk '/src/{print $9}')
+echo "kibana" >/etc/hostname
+echo -e "${IP}\tkibana" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove snapd lxd -y
+apt-get upgrade -y
+apt-get install -y htop  wget default-jre
+
+wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
+echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" >/etc/apt/sources.list.d/elastic-5.x.list
+apt-get update
+apt-get install kibana -y
+apt-get clean
+
+sed -i 's/#server.host: "localhost"/server.host: "kibana"/g' /etc/kibana/kibana.yml
+sed -i 's/#server.name: "your-hostname"/server.name: "kibana"/g' /etc/kibana/kibana.yml
+sed -i 's/#elasticsearch.url: "http:\/\/localhost:9200"/elasticsearch.url: "http:\/\/elasticsearch:9200"/g' /etc/kibana/kibana.yml
+
+apt-get install -y prometheus-node-exporter
+
+systemctl enable kibana
+systemctl start kibana
+echo -e "\e[0m"

containers/logstash

@@ -0,0 +1,235 @@
+#!/bin/bash
+# Configure Logstash for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export IP=$(ip route | awk '/src/{print $9}')
+echo "logstash" >/etc/hostname
+echo -e "${IP}\tlogstash" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove snapd lxd -y
+apt-get upgrade -y
+apt-get install -y htop  wget default-jre prometheus-node-exporter
+
+wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
+echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" >/etc/apt/sources.list.d/elastic-5.x.list
+apt-get update
+apt-get install logstash -y
+apt-get clean
+
+cat >/etc/logstash/conf.d/odin.conf <<EOF
+input{
+    kafka {
+        bootstrap_servers => "kafka:9092"
+        topics => ["conn", "dhcp", "dns", "files", "http", "intel", "notice", "software", "ssh", "ssl", "weird", "x509", "stats", "smtp", "fsf"]
+        consumer_threads => 4
+        decorate_events => true
+        codec => "json"
+        type => "odin"
+    }
+}
+
+filter{
+    mutate {
+        remove_field => ["[kafka][key]", "[beat]"]
+    }
+    if [id.orig_h]  {
+        geoip {
+            source => "id.orig_h"
+            target => "geoip"
+        }
+        if ![geoip.ip] {
+            if [id.resp_h]  {
+                geoip {
+                    source => "id.resp_h"
+                    target => "geoip"
+                }
+            }
+        }
+    }
+    mutate {
+        remove_tag => ["_geoip_lookup_failure"]
+    }  
+}
+
+output{
+    if [type] == "odin" {
+        elasticsearch {
+            hosts => ["elasticsearch:9200"]
+            index => "odin-%{+YYYY.MM.dd}"
+            template => "/etc/logstash/odin_mapping.json"
+            template_name => "odin-*"
+            template_overwrite => true
+        }
+    }
+
+    if "fsf" in [tags] {
+        elasticsearch {
+            hosts => ["elasticsearch:9200"]
+            index => "fsf-%{+YYYY.MM.dd}"
+            template => "/etc/logstash/fsf_mapping.json"
+            template_name => "fsf-*"
+            template_overwrite => true
+        }
+    }
+
+}
+EOF
+
+cat >> /etc/logstash/odinmap.gz.b64 <<EOFLOL
+H4sICHhPglkAA29kaW5fbWFwcGluZy5qc29uAO1dz5PbJhS+56/Y8bGTzrSbSQ85NdMee+rk1AuD
+xZNMjIAAsteb2f+9gHfVIEtC1rK9+OWwE0ufP9DHM7z3xI/v7+7uNlRwasFuPt19f3ofLjhotaAO
+Np82inH580+beNmCc1w2Eeg/+ytcMnjoP/oLsmu3YIiqid1RwwJ08yF+e3DbgBa8ohHwyybef/J/
+z+W3VOukIH8tVOSHz/GaNkqDcRzs4E68+7vjLVhHWz1yNyLcSUOoAAvPOgA8vb/gO4CxXA1r0d+v
+OQg2VpMesYfTURk2A4kw3khlgNCtOoTq3X/8bViX0ad4YZ/APo1cv3jIhNDBg8vL8vlzTt6tUgKo
+zFP9XZDqz2JUX/4oR/XlrykD6clqoegC2f/J8QglmzwNrZw36clK3ahNB1UOQJi0vqP61vleJNts
+y+X2xDUXo33WekZetZpUSk435SpaV70Jq++YTVnKjpWtqKTi9DhTyVv9YUh7RFUuVLHWVxgY4ZOu
+xq0q07kdoS44lMW60EBpu6oCm2VcPDBvTw5CX18dylSy8m4pqXaUS1J3fLLhb9UsKq53YFCUBH0W
+hVDRoDAJuhIcpENREnSlWm18F+i9dzSZEXWkJD72DzkMFOYHdBQGR6RLXTpzQFtJ0Qy025Xxhxj3
+vpXD5NmFLsUzDMworWFKpus9Y2Zx5E3RrDN0zpSvTOSFFPVWcLsr2Ghw8A6TJdqoqoxVPRN6Q+3y
+1VxGGXJgkrbY6abogqnBEHmiugm6ATWdo5l9ndSjKu5OZMZwe2BW4h65TOoefp3k/dcWSv/yb6wJ
++nuL2nisSbIMwUN1XPruhlSKoci5gtaK3ElnTlHie9Q4U9DrNf6AGmcKep3G2B8vKGidxKyli3ri
+Od8kX8rkqNwjsPlWNZ/wsYrrljffaNSyoBhVzQVFF8V4R4xoxeWqomTzfzySVj4yE+iFvJ1tGmhC
++hoVXlDQqxTG4XFBQesUDnNZHpVEeXMFzco7Fu5ng/kdCIX5jQS949Ypc0JVEvROYRJ7gA6SEF82
+ypKgX2TBV+rj0mSn0i/LTJeerTqd516W01WGN2TqVWePwiF8lYcUxc2G969LHxiwGhswW9DaIMKL
+W6YBV/l53JJgQ7muYvHbUc93hG1LuShIaTuc0Dh8KFrv6es6Zj9G2K4FQxqjOkwR5gpa2UHXtYUp
+B/mijHUdtKa+ra9JEK4rxinNp6Y89CA0k+Kh+B4e0GW+UEVQ7zKHla4YZqVoP6ja8zKw3Ai8cBJV
+eP0gynoJZ8rg+xSjbOnkdKwbNQSvCPYbI6pwURvVoiwJumUfUZEE3cKkjVyXQGnB7RROFkzRrR+f
+yPNXUJf/0K2PdoGRuGaykPl5Ri6bopQWR5UUjZOtLyXxqDBL3qlKTSaDblUbhYvnBmgvCa+yIcvi
+cCAmxgt2eZEPl5tPCMN1ca3FPaGMYdo3RUdpet8JbTFFn9+G7Ust9/PPbGqhjiVtu9BLXk2nV4/e
+aONrwJdEA3SQhDCwFQqTon0fQQTN5jMXJkhDj0MWrg1e+PMOjILLfUG6cgtWo1OPFpWgvSYPfLr5
+b1SVb5Wg+Z2kllndmWtuuvXNqjyXR7tS5ABHjUeE6QCn/g7QZmZxyZV2F6nQ7saE0Q4H2wHagB8J
+oI1bvRLLH0sZ4Qutoc0b0Ib9XsuzdnIv1VEWZa7BGAymBmgDX6FyBTeSed6biGwVOxEB2T1vlrae
+LZqMi3wv+8lgwilFn8XBrPC4MGWzwpESs8KT0mBWePwbz1Psi2WFA52SFsr3211bcnRxk8vyrkxv
+mQcS1iehWaVoCyBL9m8WzAGdrgH6LAoGhuPKzLwwv1VVdvRXlCRBW1W7IzU4225Um87gb2iAtgZn
+0qfosNl5Z+f20rl2rD8T4jzKC2G6LSqSoL0iIe+EqiRo2+l4QgOp1aTLfGWYU/g4rrAAi6kuG4Qt
+DuhKHuzlRLnjfZwKO7kVDIScodKSghvknwmn97G4kq3UKYMO4+pRWdBNHUpS+AA+3Lr8QhGpqQnr
+bvAY2lF5DEdFEnRnw2liDR6dNRTmQAVncbdacg5yUJ8EjR1MyvLy/3hA+bund/8CSVx0OTV9AAA=
+EOFLOL
+base64 -d /etc/logstash/odinmap.gz.b64 > /etc/logstash/odin_mapping.json.gz
+gunzip /etc/logstash/odin_mapping.json.gz
+
+cat > /etc/logstash/fsfmap.gz.b64 <<EOFLOL
+H4sICDhfg1kAA2ZzZl9tYXBwaW5nLmpzb24A7V3bdts4ln3PV2jpcVa8pqrTme6pp2IkJtaUbyOp
+nLheuGAKklnmRUNS6bh65d+HoizJpA4IwJJjQNx4SQwcEtA+Fx7sA0r/ftPpdFkYsIxn3V86//7+
+tlNty/GcR/OQ5bz7S3eaTU/+o/u2MpzxPA/iWXl9Z/fyQiKIJ/wbNbwaLyTiRXTLUy+ZetkdSyfL
+e3XfFfPsjqd8HgY+KyV+6pbj33du+/T+39+uFhGx+bxcZqdYyPq+YTJ7+nfRM0+TOU/zgGfVgWLo
+1zyIeJazaF4fWoL0MOfL7u5kidSTscf51/f4ytMsSOKmO+T8W959Wx2cBjyc7CypHLrnD/9K0gk1
+9vSua7G3uzLBLE5S7rHb5Gsp+7f3/1UT+v5G9Ff14zlhgV3TZ7tNkpCzWAzQxyDkMYv4kQJ0efsn
+9ymExHZXDp+7Y8f74IwGPW9w8fFS8Fmab7K6Uf+9aEwC8UZIDPVGpBHy3dnE0G9k5SpYt+9kP9X7
+nZqvOzp1fgZE6z4RRMXNAdK6TwTS+5//BpDWfTRIwV9EqN9ddIshyrIJ50TKsbvsdoC001fv2YFx
+9fS8cp//1HRS/y7Iiyf3IoW5bvpIc+0Ne0Bo3UcjVGxxmJ/zNMjywG/4nAqWWYo5o7OhKhINuJeC
+cuxLMSX8qzPLdVDKq+th2WhdNI2QOiln7rtXQFFxRIzix8thzy02KWP303AwvgGiiiNiRC8uvcHo
+8swZDy4vAKfiiBjOkXsKFBVHxCiO3eH54MI580bu8Nodes5nZyhIsDbXANdNvxDXz/1zrz8cFJAC
+TMWRvfOxJJoHIW/46Ehbi5ncOE8frpIgJujL3aW3GKglhd0ZPy5tv8y+f3aGMKA4Io6p7hc8mVRH
+GvKmm9HYPQeQiiP7RpFBxGb8A8vAN236BDjNkzTvFJHyAEzKp/7gXQNlX8rAxDf9wljxmzu8cM8A
+pfKIGMrfiw0WgFQeOVA4OWXZHQLvuo9EasizZJH6q1S3KfYCrCJ54n4eJDFg2vTRMOVpEM+WG6hB
+PE1UwEpWB2qoGXb6FAuF12NvcDG6cntjegEqBcNogmM2mz5S1QWCEQuD+B44rftonJIsyIOvahE2
+TOIZ6QvkrdPHCA4NrPtEMM2L0M09P5koYaWnhcxnsVeeGoUaHvvEOAVgaTd9QpQOcaTg7Ib5EgDU
+blWKTvjy8EwTxb4RbToqXG/CXVN5p8W82at2p5TsnkphtR1UKaq8i6quQm0nVV6jt5taNvGOSjba
+DLbwXPuOJNBWGT0kheBcf4IrE8LtNS64srWu/C/WdAS1FII3Nwken33Bm231Zj4LsjN2C38mhNtr
+YfBnW/15Fgf5IoI7E8LtNTC4s63ufBcXD+eT63dwaEK4vSYGh7bVocPglt0yuDMh3F4Dgzvb6s5x
+HjycONeyM/Jw6CbB4zMxOLStDp367DZoeL+olII7Nwken4HBnW11568sgzNTwu01Lziztc4cpNg5
+U8LtNS84s6XO/IEFk8XJIM55GrPliykshGsTwu01Nri2ra4d5H0+5fGEp3BpQri9RgaXttWl79lX
++DIh3F7rgi/b6ssPOT/lacO7zaUY/LlJ8PgsDP5sqT/3nPHJ/y4C//6UYw9NCrfXzODUtjr1ecN3
+2JcScOUmweMzLriyra4cssi5hjcTwu21L3izrd6cRMkEe2dKuL32BW+21ZsfUi7RDJy5ZeYFZ7bU
+mfvpZ44vMqCE22tecGZLndkdueOTi8u+9IvH4dFNgsdnY/BoWz06yoIsmeJ1DEq4vRYGf7bUnz+e
+XKUJvJkSbq99wZut9eYR9xt/W74Ugz83CR6fhcGfbfXnpPDSmOP5TAm318Lgz5b686c+y/HyMyXc
+XvOCM1vqzIN7li4kIMKbW2Zf8GZLvfl/AhbPogDnSCjh9loY/NlSf/7tH8uv9bwO8IimhdtrZHBp
+a13602f4MiHcXuuCL9vqyywrHDW7f4BDE8LtNTE4tKUOfc7C5U9K3j7kMleFT7fMyuDTtvq070w5
+DpNQwu21L3iz1d588unziTsJcqmW4NgtMzU4tq2OHfhp8jlJw8kJH/kMfk0Jt9fS4Nc2+zVethII
+t9fE4NCWOvSFc3F5sixLf0VZWiDcXjuDV1vq1VcsnuBQNyXcXvOCM1vqzMMgC+IZvJkQbq99wZst
+9ebR71fucJlwj+YPy+o0/JoQbq+lwa9t9etkfpdgA00Jt9e+4M22evNDxOLCAeHPhHB7LQz+bKk/
+j3ns8xhVK0q4vQYGd7bVne/4KfPv8TvQpHB7TQwObatDJzkLyx93z8CIUcLttTL4tK0+nfJ4Uh4Y
+g0cTwu21MXi09R59cposMt5jIX4YmhJur7XBty317esPDn4ShxRur3nBmW115sHV0IUzE8LtNS84
+s63OHAyTW/wgDincXgODO1vqzn8EYfiAlzMo4fbaF7zZVm9OYlShSeH2mhec2VJnjpc/PFn4H/yZ
+EG6vhcGfzfZnsp/qJTXZze7Yz2LwlNSmoC41NemoR0MtB4CouDlAWveRIOXLM0wqGIVJPKOiO33b
+IsDcJhn3oqzhHeC2KWCnr96zg2V31HMuvBtn6NCfTeGp3p3mHv/W8GBVzAy6bJHfJbJdg+rjQvFR
+of6Y0H1EaD4eDpmw+Uk0Z7HsC9uB5KZfiOSEZ7KXnQDjpl8IY8iyPEqUwyeQPGTIfyP6q6Kv7vL7
+KDvjICICeaNmGrTRrAEV1BWQVv58ySL1j/bDLaKIpUTElzx7u+fJZBGKnstSj5R4otwDVT1P0eOe
+kwBd3mY8/cqWX7PcZhhuWCqovhzjx1d0qyCeL3JvvbojjBv3bHpPqF0WNfzCVxYRT71Zmizm7TGb
+Ha9JptOMC4jR5p3t7r3mrABc/G3vurfLk3kgyF2PUTWKBi9SmBjd6vXZMWcROZsRizyOj3ZUMfxN
+/X+bD9udZtPqqhpieffXvMj3s5xFRAzffoqybCJE9lch1W8rupWP54QFdk2fjahLVe/wMQh5zI52
+X3V5+ydZG5TlEO6X8dDpjT33/IPb77v95/OPqxV4P+3PQPZ55qfBXOEnV8BVbPqFrM9aw38MriRo
+apSO5cp+xl1L8d6wpyKnofzNBeply1Jcq3RZXZF6+bK8Tr+EuWzNZUwVicbicbmyXhJF0q+m2UhD
+I/tKKGlknvIs64zJXIq8BnrZV0JdL3zSGQV/QTMGaSblRercGT1kOY+gF2P0csayvBMlk6DATvuA
+EPTyTAm5Xs7dseN9cEaDnje4+HipqBm9NG81Uf/9c4BWVH15kZ76y0u0TaC6Oj0zKK99niksm9wc
+VKWkZrFs3dGp03AabUccKtttr6CyxtNxOxdAabvtFZT2/mfJFx5ULoDSdtsPV5py2l+KQ2W77Uer
+LMsmnAsqp+QFUNpuO6DSfkB2e0HWAEhRbDb2lZCr44pl2fKTdIb8/xZBqr8RVHghSW0lv8c+KJzX
+sZLG8ee//fRYpFDYsaBIIb/O3BiCIoWBGkGRwmC94AlnnGZQpDBSLyhSmKkXFCnayA+gSHG0KkOR
+YnWtVUpDkWJ1rUVKQ5Fida09KkORYnOtEUr7AdktihRGbTZQpJCJt8BKGsf3LlIo5FEoUsivMzeG
+oEhhoEZQpDBYL3jCGacZFCmM1AuKFGbqBUWKNvIDKFIcrcpQpFhda5XSUKRYXWuR0lCkWF1rj8pQ
+pNhca4TSfkB2iyKFUZsNFClk4i2wksbxvYsU71CkIFdki3WgSCG4zmiNoEhhsF7whDNOMyhSGKkX
+FCnM1AuKFG3kB1CkOFqVoUixutYqpaFIsbrWIqWhSLG61h6VoUixudYIpf2A7BZFCqM2GyhSyMRb
+YCWN43sXKf6OIgW5IlusA0UKwXVGawRFCoP1gieccZpBkcJIvaBIYaZeUKRoIz+AIsXRqgxFitW1
+VikNRYrVtRYpDUWK1bX2qAxFis21RijtB2S3KFIYtdlAkUIm3gIraRxvLFIIx0QjDb/dHUswVtZ0
+m38BXYs80PkVdCWyQMsZNRxRzwmf44DPcL6Xqu2pbfIBtdKoFGqlzTnAVhqVgq20qQbYSqMSsJUS
+KECtNNoMteomFmArjR4yGxr1nAvvxhk6h8uDprmXTKeBz73iktj7FoUKmtc8g8MW+V2SYv9jzC55
+uTNl8QM0YoxGJjzzoQ5j1BGyLI8SnCKwgLJpzGWKp9tfgUougyeaynXmOiyeaKZpBE80o9SBJ5o1
+T7RDbhhzlkpO26MMIemnenf76j07Oum6X8ZDpzf2Pv0xuKLBUchC1AsiiimNvBACA9n2ix1NWuQA
+jNv+JhilBQwAue1vAlJanACQ234xkNLCA2Dc9gthVCkqAEhJ/6Ezkb0SkcdXdn/aPwORvqILw9j2
+Cz1M6dVaILntb0JS9ZVY4Lntl+KpdA4SiG77xYiqv4IKPLf9Qjw1Xh0Fntt+nNpUWoWpB1NwatMY
+qHFqs95warO6CjvBxqnNesOpzeoqTAX7gNmQ/BVBJJXbfiGMmq/2Kb/SJ55R8xU+aFHST/KX1ErX
+5GJDBgpyEeQiMbMNSIJcfAE8EaH1RkAuglwkZzYeT5CLNuyfQC4aAzXIxXoDuVhdhZ1gg1ysN5CL
+1VWYCvYBsyGQixojIBe3YhZrkezXJxdxdLEiD3ZROrMNSIJdfAE8EaL1RsAugl0kZzYeT7CLNmyg
+wC4aAzXYxXoDu1hdhZ1gg12sN7CL1VWYCvYBsyGwixojYBe3YhZrkezXZxdxdrEiD3ZROrMNSIJd
+fAE8EaL1RsAugl0kZzYeT7CLNmygwC4aAzXYxXoDu1hdhZ1gg12sN7CL1VWYCvYBsyGwixojYBe3
+YhZrkezXZxcbHtRgF8EuEjPbgCTYxRfAEyFabwTsIthFcmbj8QS7aMMGCuyiMVCDXaw3sIvVVdgJ
+NtjFegO7WF2FqWAfMBsCu6gxAnZxK2axFsl+fXbxHdjFp/JgF6Uz24Ak2MUXwBMhWm8E7CLYRXJm
+4/FEPq0xgnx6K2axFg+UT/8d+fRTeeTT0pltQBL5NPJpkxFFPo182mA8kU9rjCCf3opZrMUD5dMN
+p1GQTyOfJma2AUnk08inTUYU+TTyaYPxxOlXfXWV15hzmgqnX3caTr9WV2Er2Dj9Wm84/Wo91Dj9
+SjScfj2ipBLsoljSOC2S/frsYkNWBHYR7CIxsw1Igl18ATwRovVGwC6CXSRnNh5PsIs2bKDALhoD
+NdjFegO7WF2FnWCDXaw3sIvVVZgK9gGzIbCLGiNgF7diFmuR7NdmF/HFnRV5kIvSmW1AEuTiC+CJ
+CK03AnIR5CI5s/F4gly0Yf8EctEYqEEu1hvIxeoq7AQb5GK9gVysrsJUsA+YDYFc1BgBubgVs1iL
+ZL82uYjv7azIg1yUzmwDkiAXXwBPRGi9EZCLIBfJmY3HE+SiDfsnkIvGQA1ysd5ALlZXYSfYIBfr
+DeRidRWmgn3AbAjkosYIyMWtmMVaJPu1yUV8iXlFHuSidGYbkAS5+AJ4IkLrjYBcBLlIzmw8niAX
+bdg/gVw0BmqQi/UGcrG6CjvBBrlYbyAXq6swFewDZkMgFzVGQC5uxSzWItmvTS7iF10q8iAXpTPb
+gCTIxRfAExFabwTkIshFcmbj8QS5aMP+CeSiMVCDXKw3kIvVVdgJNsjFegO5WF2FqWAfMBsCuagx
+AnJxK2axFsl+bXIRP+hSkQe5KJ3ZBiRBLr4AnojQeiMgF0EukjMbjyfIRRv2TyAXjYEa5GK9gVys
+rsJOsEEu1hvIxeoqTAX7gNkQyEWNEZCLWzGLtUj2a5OL/wC5+FQe5KJ0ZhuQBLn4AngiQuuNgFwE
+uUjObDyeIBdt2D+BXDQGapCL9QZysboKO8EGuVhvIBerqzAV7ANmQyAXNUZALm7FLNYi2a9NLv4T
+5OJTeZCL0pltQBLk4gvgiQitNwJyEeQiObPxeIJctGH/BHLRGKhBLtYbyMXqKuwEG+RivYFcrK7C
+VLAPmA2BXNQYAbm4FbNYi2S/Nrn43yAXn8qDXJTObAOSIBdfAE9EaL0RkIsgF8mZjccT5KIN+yeQ
+i8ZADXKx3kAuVldhJ9ggF+sN5GJ1FaaCfehs6PLyy/nZ4RIhf/6LX4BxpXyF1u1XU5SbDG2FToqL
+RDzeujWa8nbyJNWdXMGmywvU7boU17Lt6orU7bu8Tt/Gl63ZzlUk5BoJiz3S+eMW6cMDFGOMYtT2
+rRvxAztqyr8GWZDEMIgfZRBGPNNQMNMYMalgNuo5F96NM3QOl4tEQeZ7SfItCr1lTuLp5Bm6SQlb
+5HdICwx6+izLryxGPmCORiY886EOY9SxzJuLFA0aaVV+hHMpq/ai51J2+uo9O/pRq0wpJCXNlSgl
+dSqoUk2NOirUUN++B4SaK0iASKHyA5AUKjYASVppAUQKFZK2gfTcp6d79vH5j00n9e+ggnUf7crc
+z4Mk7iwptoZPCayWWD1Et0kIqCR9ip59eeb29vBtGTfXNjWQFuvLjmkDpc5j+bcIgl5ZpAJWj30k
+VjyeBKyh/gaQHlk4b1Up9UvLAl7rPhKvKIi4t14acOqIcIpvvTmbAaVNH4lSkTxMFj5HbiDuU0zR
+rvp7JGj/2Xt8rPbxVH3SR5rsCiuks9s+GqbfVqvB7mvTR+N0nkzgdU/7aJiu8KSo9dE4jYM8hDGJ
++1Qfp+5+VGaQcz9fpNDEpo8018Y3/IHQEqE7ljI/52mQ5YHf9DRV/FIFZ3Q2VEUCZw6E5zj67hVQ
+VBwRo/jxcthzvcHF2P00HIxvgKjiSMP560tvMLo8c8aDywvAqTjScCraPQWKiiNiFMfu8Hxw4Zx5
+I3d47Q4957MzFCRYm2uA66ZfiOvn/rnXHw4KSAGm4sje+VgSzYOw6X0MpK3FTG6cpw9XSYCC5raP
+BOpjYUyS75NSzez7Z7L3iBEGNv3CmOp+wZNJdaQhb7oZjd1zAKk4sm8UGURsxj+wDHzTpk+A0zxJ
+804RKQ/BpPSvnavBO8l3xsDKt/3CcPGbO7xwzwCl8siBHOGUZTh1u+lrOnWLOuamj4YpT4N4tsxm
+B/E0UQErKb8nmHpR/TlVG8nr6yp1m2nu8XC6/3NB5VV0hLJtv/CpoPQKOZDc9guRlL/6DRi3/UIY
+lV7ZBpKSfvWHyjIifzsAM4KIrDWCiEw3RGSBPCKydGZTkNw/Is/+CppelkVIRkgmZzYeSYRkjRGE
+ZLq9Skj+kzWdi0ZERkQmZzYeSURkjRFEZLq9SkROptPA514ReGPvWxQiOtfkEZ2lMxuPJKKzxgii
+M91eJzqH3PNR6avLIyhLZzYeSQRljREEZbq9SlCeTxCR6/KIyNKZjUcSEVljBBGZbq8SkdMcEbku
+j4gsndl4JBGRNUYQken2KhEZRy925RGRpTMbjyQissYIIjLdXjQi7/TtvJLyRvRXRV/dkc/izjig
+fiWzUTMN2mjWgArqCkgrf75kkfpH++EWUcRSIuJLnr3d82SyCEXPZalHSjxR7oGqnqfocc95QeuG
+paw9H1/RnoJ4vsgFX6d9FA5zz6b3hNpl7uIncbaIeOrN0mQhSHmP0Wx2vCaZTjMu+A6V7fLCJJ7V
+X6TcvdecFYCLv+Je93Z5Mg8ESdsxqkbR4EUKE6NbvT475sfncQW6N/X/rf79/ub7m/8HxfVkGcd9
+AwA=
+EOFLOL
+
+base64 -d /etc/logstash/fsfmap.gz.b64 > /etc/logstash/fsf_mapping.json.gz
+gunzip /etc/logstash/fsf_mapping.json.gz
+
+rm /etc/logstash/odinmap.gz.b64
+rm /etc/logstash/fsfmap.gz.b64
+
+apt-get install -y prometheus-node-exporter
+
+systemctl enable logstash
+systemctl start logstash
+echo -e "\e[0m"

containers/prometheus

@@ -0,0 +1,380 @@
+#!/bin/bash
+# Configure FSF for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export IP=$(ip route | awk '/src/{print $9}')
+echo "prometheus" >/etc/hostname
+echo -e "${IP}\tprometheus" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove snapd lxd -y
+apt-get upgrade -y
+apt-get install -y htop  wget libfreetype6 fontconfig-config prometheus
+
+#ubuntu ships with very old version of grafana (2.x)
+wget https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana_4.4.1_amd64.deb
+dpkg -i grafana_4.4.1_amd64.deb
+apt-get -f install -y
+
+cat > /etc/prometheus/prometheus.yml <<EOF
+global:
+  scrape_interval:     15s
+  evaluation_interval: 15s
+scrape_configs:
+  - job_name: odin
+    target_groups:
+      - targets: ['MGMT:9100']
+      - targets: ['localhost:9100']
+      - targets: ['bro:9100']
+      - targets: ['kafka:9100']
+      - targets: ['elasticsearch:9100']
+      - targets: ['logstash:9100']
+      - targets: ['kibana:9100']
+      - targets: ['fsf:9100']
+      #- targets: ['icap:9100']
+      #- targets: ['squid:9100']
+      - targets: ['rita:9100']
+      - targets: ['fouroneone:9100']
+EOF
+
+mkdir /var/lib/grafana
+cat > /var/lib/grafana/t.gz.b64 <<EOFLOL
+H4sICNbEgVkCA2dyYWZhbmEuZGIA7D1rbBzHeTM3R+4eZUqiZPosSxRXR8sULVK845HiQ5ZlmjzJ
+rPiQ+LAkq8pxebckzzre0ffQI7JKLClLToIitpsgCVKgCFC0qYO0aYH8KQqkaIsWRosUqIEgQVGk
+6I/2R5O4Rdq4iR2gM7t7u7N7s3tHStSL8+E43J3Zmfl2Zr7Z7zUzU2dHUwVFms/mluSCFAV+ACF4
+SZIAAO8CALfj//+J/67gvyT+8wMLIKgM74KOn/5TDb7Yjv6c3CfQJ+gX6L/RT9B/oH9D/4J+iD5E
+30cfoL9B39Mf2BC86q8NtjXCm6lMUrk2czYWL+aVXDydXUhlyFXN0GRscDomzYyPnJ2JSSPjw7Hz
+0qz9uVlpYlyaJfez0qFZPaptrQ4JwcZG+NbVgjyXVkgq+fMb5U0PvjwaMzPVzaaSs7jw6dip2KR0
+ZnJkbHDygnQ6dkEanJmeGBnHmcZi49PS+AT+mxkdrWuXZq8ouXwqm7Gy0YkGXtOx8/ZMypKcSjPi
+M/KSUoo2opblfP5qNpd0ROfldMERlZMzybwjLpFdWpYz1x2xciKRLWYKcfptaTRS+bicXEq5vFQi
+p8gFBWcdxi04PTIWs6UWl5NuqW1nfLXBw4fhBa0r8m+k8bCN55U3ikom4bxFtg5yJB4i7dSO79pW
+IRSCra1wbVArcym1kJMLuDvIiLDd+OwdbkvbYM9bZaSSjL7EOLNiiwn8rnm9LjzuZ0/g4LUXcDDT
+h4Pxbhyc6sLBSx046G/DQddBHDzfjIOWfTjYG8TBkztxENiGA6GG0OYz6CahogUv2kTfRd9B30J/
+gL6Bfhd9Bb2Hfhu9jdb0jCXI+AUwtBKoj8rJpFTMpHB7SxpJSoREjmjj1psUjaFNk6Ie1XasKxzp
+7Qj3dYS7pHDXQOToQDiaQZ71afSzUdJn1bcW9omg83YjrlEfxlo9kjZ4bCNk5KTWbbHzI1PTU3yC
+uE8TBKvLVvdDEQyuxa0usxFv5b7bVFonH1UV4fAzKzg4/1kcTJEv7UQWB6fTOHglhYOhORy8eAkH
+A+dx0DeNg+4JHLS9goPIIA46juPgcD8Omntw0NqJg2cP4WB/Cw6eJvS/i5B+/S4cPEG+6mIdDmr8
+9egHIIDSCFP2R+hf0d9iSk+j/8OU/TuAAwcOG4bGWtQJk3J+cS4r55JxPJOXx5C5XdgmoqZANreg
+fZIwOTYEUCv1WEFeEHZB1OqzTUXgVl0N2ivKy6n4ZeX6dj9qCeCZUY7ns8VcQsHV14laEfUINVuF
++QUfagyQemoFtJtUWg8cXD0HDhy2DNRr5D8KfD+G7eAv8MVdAOf/Of/P+f/NkPWdjaTkctkcI1Mh
+taTkC/LSctUNROgfon6A+vlcyIFD1aAOw11ADB6uV2cOHKgPBMT6aFTU5jUteCmdTcjpxWy+0J2c
+nw/39c31d0e6esNzSm9fpK9P7uue75KjshJN9IQj4Tk52p/omuuf600eDYe7E5GjvXNzkWS0pyuR
+SHT1K5F5JSxHI11zvXJElvt6wnPzXeHE0d6w3N+nRJSjJ6euLReO9r6mKCfzb2SGr6WvnsyXE3s3
+I0r//l8Gvk9974O/xhe7wau1LG269lEhV9s2+gl/tcZTS1+3YS09FmuIlv7OYZuWvnZLa+mJPLmx
+D7CGOBFOU/MphS6h9I1ZVMreYMMfbZy6qKSX4/NpeSEfKUdIGo6dHJwZnZbCXP+/KTwBof9a0ALQ
+t9Crvp/DevBV0OKY6fJ1AhhbsTgoncW2E7zUIV3pupe8fT7gWalGdVVUuk4GPyGKoOd2kcXgW1Vx
+Hv+RmV6YvSwLApi4gPt4UiGtZXSv3tNZ7X/8SoSMrcjg6DTGzPYBmYyND+Iapif0CPzkLKOKqVoB
+jAzhKpK57LIrwUSGJyfOuNAJq9Aaj0JNgmAXqg8jF/6/FpwA6JvwRzAP68A3wYl1cEEL24RgTzNU
+BQ2dkeHz8YKytKzXiSedQjFv3jcY5GOgxnpWJ1QzllCrkdA2W1cbjDTDFUY9iWxSMe92etVCnmTU
+oUW3LQTcX0Uf7ub9Dq9KSqRRVo2R0JYUhWAUV4QYFWmdb95u96qHmk9t1RiT6tqoIASbm+HtBW18
+m4+YFw4vBrqMjcxiXjOC5wy3jpksl02XTQ1al5Z/KY3xVJaQylzBzEAyPnddb8UUYwrSp6i8kil4
+TWEkPU5eypp2SmgqS1nMcMjJZO6eTWSbxZTXafL/xwD/OHDgsDVARMGAxqTp9P9TgH8cOHB4nGEX
+OhxwaCc1/R98Hfju+HrhH+MLDpsEL28XwInDWHyb0dg8WrWQWJRzeaXQ0aExfJOxszMjk7FhhrSm
+1taLYEbdi0sZTCalRDZdXMpIlAatJMHqBWMJ36zDYPwGh4eloYnRmbHxqjVvEgOR8ScE0D+C0Rgm
+smg2naSk6Lghg5p6ElpH4iIwr17ZJoITbzUQzUt2+bpE+bJgkZa81ZWukfGp2OQ0QXTCYmNN5Qat
+q6DkEZqv1vh//V9JIjEFDVMjQrPplgLGElQsPYlN19EmTcVGY0PTkjtGlF30fmElnZycGPNseF3/
+/3ng2wa/AAV88cDgxi4RXFChU+VXLsFrWo6O3g0L+iydkAobRHBJDXjXro+pKuqvqANg4fBbO0Vw
+Ua3xRsFSHnljUEE7wNR+5naIYOgOhQDJaVOBWpUylaBch/BQ6xBYnU74f+7/x4HD1gRO/xw4cPrn
+wIEDp38OHDhsHSD6vxowANCbKOrLwu/jyyphrSEoguhbU5a6KJtbMBVFXmoi/NxmuMrRyh4qmqhQ
+lDxRcdtXqejRXU7tSqrg9HUjeiCnyuizqeU4rTYyNUnFTCHnLGAulU6nMgtxm5ZqM7Q53er+p0Qg
+qydYa6Lwa+SOGPqquLW8NJV0dR0hOeKsHLpekSQTlWJJB9Y+a3uGrWcdbBRB52qvNWhIKZWX4Rh1
+bWTMlKvoqET7W5U9wXyHU08KYIQy5Jhaz3Vbc+DuKpTOuhqyCpVvRR86t/U//PvPgcNW/v63AjTn
++xHMwv34kgVqYacQbGqCa8e0Oa60W0Hp/x67L2kpehPMQJ6zOW3buSdLSid21AYP7oZF0+uSoEb4
+DPw/6PrdLD2kT8U6t6NzJ22rC9uF4O7d8K2eUjvi31NlrcfZo7vuOrW2XgieaoTqcbPzXPkZktC4
+WWyQuvcJbXna6h595RJ+nPzttnf6g2JwuPzPgcPW/v5D9FcA/zhw4PDIwQuwHojN9RqAaHRMTmWk
+idzCkerW/+v+/z8H+MeBA4fHH55AzQFzliDffxGEAHrXV4Qfw3NQAN8Gr+MIE042C+AUpe4sCffr
+1HZ2D+4XwHF7Oest4nyTAIamyr3OS57VBC226zn9BMMNunt8H9uf3cjnWSirPLVprwgW1F7WBgal
+BjS8hEuipabh9dQpMDKZKganh3G7KRYyDQVvPiOCc2xfY0dNNFqU2tnxlCsezNpX9+wRwfG1CzbT
+UdzmaFzBfvR4qJdYbbP0tABGrrqNG23DgooDxUX5dMxl/x+I/gHgHwcOHB5h6MIf70AgGI0OksU/
+6+H/PwX4x4EDhy0ECAUC+vq/DwH6OnrSJ4MP4ST4TildbWgUgqcOQnXINKFY5gRrNWM8ny4uUNua
+RyRX5sQ1u8athOhCQphtoVZMts9qj7Wp4ae0PdtWmzVO0bZNunGzti2o7XzzlmJ/xLwI2U0vZvxm
+WN30l2NsylZg8pJk3Ssj2otlvZu994zU+Nx1+wo2q1hW0kJGKZQteiMbjeF3TdEb2uHoajpMvzng
+0iskbYM9U8H4RfpByS0527tN9e8SgkNNUO2x2X0Z4lcpet9myG2JBiEYbaL3iXIUVrp95i7EM/37
+/wnAPw4cOGwd8PsDgYBO/78E6JfcAsCBwxaAWuSD8Mt66Nf5/78Evj/zReA7+OIRA3WsRQSDq8ct
+hamNcazsWf4A+Uy2B3/I1YPfVXraoLxlk3xYwhYLwZUDIhhR9xj4ORA7YhVSzpOykPHGg208OC2J
+oP/WIKPH19HbD6+sV+n4lHtrbtD2/4UxgFbRE74r8J/hezDGp8h1wukeAZylTJuMKah6I+epbvvy
+Esforr4g9emoCBJqxNgsTCfV+WxOoqcrHG1H14tucTLDAdY5g1ZeBtSt7u4i+5j1lKFmqhBseHnh
+ZMjVlO6hbEYxRWvrISZWhYgAJlbse6uxEbJtrEbVRe+uxtKGSCxTbFgEE2p9WVMQLctI9e1gKmXK
+Xr+Uwnxnnf//FUC/Qv+LL5s4MXPg8JhDjT9QD7XAr9v/PwLoI/Rj3jAcODxWsKPWD+AB/3Iuu6QU
+FpXiDsF+n9fp/xbAv0+4DeDu1RG/fwHuAIFYbPXv5EA0Ggj46jPZpNKhvnPKp8f/3nE6Xrm2nM1h
+XrIjr+SwbNmBeyWXSuTHyTanMS3t031+LaP6i4X1ZcQM6pSWJo3paTdC8XhOeaOYyin50MDFG6FU
+MjQQWsjJy4uh9hBxEcO3p4zbwvVlcrssZ5Q0vjXkXhwTutlu5ZyXM7ItrxFh5LaesPJHj0SOhK1C
+rJFolXOGjjOKIsKyvh+wrTRcFintUntIzmSyBe1ELfxyN0LpVL6AX/LSzfZQUskncqnlgp5j2BKn
+stKVlHJVWiqmC6llzMnrTUkqVZIpjbkPDRRyRaU9pPPioYHucE97aDGVVIaymUIum8ZVzcvpPH6C
+vEymmE6345ozl0n7Ypxy2at6S2NhIi0v5xXzcVsF6tth3Mfw4MHVL44afezLJlMZo2/zE/ja6Evc
+iffuRfF4/bQe7gM14D2AvoKe8r0P3vPt9z31gElI2CsER5qhGjXtnu7SniUcb4KMiGdG39Z0JKht
+qtX7IrAP90UrVDsZfeHUBthSDt1zPcLrzwjBXjwstjFQMURcM6LpLiXllT1C8ASuq4Ph+GIMJpvT
+y3NVaGCpfF7jT9e8LjztPIzKWZB5f7DyyHevr01f//8OQOO+f/Sdhw348oHCyiGyCzhzSxTnW9HH
+/23s5Znq5eFWEURv9bPUy95HAG5VPyJmMxafE0BiyXnIXpL+JtlcxsqO26Nakzpzj87DWndx86AA
+8kvlZ+S5zz1xYpphHpxXIQ9z2UfnsyK4rJ7ztt7g4o7gO1tpVUwgbCyqmDrbdfOTh/6P+P/wE8A4
+cNgi4EcBqP3p9P8zgH6GfsKbhQOHRxUO+AMx6KUb8gPQ4A8chLRqQdP/C2T/z3nfBR+CfwrD4E+q
+2wM030kcQaDdXMowWlZjK2V6lLOMpStHyBk5gr1Sy1XdVrEmH1RTu5urOxOBDgYClhv9xhBwc8Nn
+IXCmXQDnOgmDqRVsud4Qlp+w1UtKMlVcKijXCpinNQ6lCkvnXolNxqQwiwWcPiyAY1MlntnBqLse
+5lWJE1+te14Ex9aOWyd6mVIU6zwvm3xGn4OlSTLO468YZ2dpApIlElHSjnU01z0ql/bQ0Q/YqtQY
+arCNuGJ0spb1MjUE3kfbb1CpUIX9nwMHDo871CAI/Vog6N//ToBuo2O+nfDL8BD4Er51g8QrArgw
+ZdevEKWbvJyKX1auU56dZSoV9mPM2bLhFHGJ6rX5mBpZKQ9TbZsD1zmyvCpqWwQjsczt1X2fhMsn
+RdCrIiZK+K8iGlptjqrJP2Zl12MiiKkNFd6/XPXJaF6P12WrPw8Ni6BnbcX6UhmZK/vWWrVsRPtZ
+ye3VZftSrcKy2PuyU8fIkADGbI6a1pml63TVvPayCIa0DidcZV5JFHOK9Ho+m9EKNdhMBydpVmbn
+JfXMcZI5TmuBXdjJelQDfOBrAHwNfRFfvvvA56baA7rp6VZqvxBsaYGf22MY38z3pS7bnQY4qlHu
+7wmUxExd4QBK+2BX8qyjJYs51jGW5pGy9s1x9bWctijSAnNy3rnxLo5KJeJysbDIxt5KjzMKpVJd
+MEnl40llXi6mXU67ZI3Gu127fDWF8cEFJJVMISWn815HGLd70kUbHm6fDw610At+qaFUYrJJX1LR
+YQ/2nJm3xKDTY9Ri0fVPT7ZZCPZjRHZQdj9nYVRMJ8v85Xzeq942ff3PAIA/gOPgD6s//QOAy/0C
+kC+WswI0AhXYAfajTJbg2T4RKOoptmHFLKVq7oBds3s3VcklqDW9IhhTDzhWx7Dw8+658hUybugw
+8bjVelQEx+8UaSOm4+Pkbcm823m00tecz6Ubnkvv/fofiL4K8K+DC0YcODwUsDAPnwSBwIHGYG99
+fb2IfzujUbHB8pYkPoH47tr1xUJheaCzM51NyOnFbL4w0B/uD9+4SZF6pGsg3DMQ7S+L6j5646b+
+/R8E6HOoDnyAL9YLas1xcohRA9tjx8mLuPrsrItpYX7yXnwBy1BvN3l88ir673DpYWtID8wBdPOY
+AC4Xyz2WqEGUpW9dvJaoMWTzW6LzsTjc4gCuXmF5Lrlyqi5eS+6crcv33zj/ow38++M6naqCJGxR
+Ae/WPl2PcmeF61H4TFg2E/L9Pzlw2JpA9v/U6f9jwL1/OXDYMiD6A40BokPQ5f8CQLNQhgBf3A9u
+PDBIzJ1RuxOd055TnblzPVYglv0z/pIAxs6VH/zhEPRauty84CrJdWtvnhDBiTtNlh+cJVC6eMKx
++Hgb+2rjUB18KYsNdWM+KTc3je82OW2TK3YwpTT7TvHfJY7bzZ3O8sCj7AKP9BuZfn+Vul9tetH1
+IBgXMbKS79+GZU+m/h/+D6gBEeD7Nfgv8A6IoDsViPfSs0Lw8F6oQlOSplxcjMujG3eH+UxLbTCy
+F66Y4nEph/4uxl3U3feFFompwkvi8CoMCcG9e+HaBY3OjSeMfz12MfjuHFq8ROAH68yCOb5A8MAB
+uLZAtwEewNbVEVtLhKyEUPWNsdr2nBCMRODaTcfO3/mMvJxfzBbKY4647QFeemCDfeHS3g+PWujq
+QSF4DFPVwTKqogoyonorUldZ5eWEUKqYOv+3h7NFHDhsLdD9f/cA9EdowPf38BvwOfBtfEsO/5gQ
+QVxtZTEujHnGm2nZwMTEYlaujhO/YOSFEvFUrQqV9TnkjpHtKiHLxml/NRf7ZpXMCdMht3WUrKO5
+6uKQW8Gm+biyMMyT804L4KLiNOCZrZWVLC6m3HBnNhRltLOeZ3H2S78hgMSlcoOdi+M501jn5qTO
+qG5mRACnY+7VGQPftQryct72Pw4cOGwxqOP0z4EDp38OHDhsSfm/BnwAUKPve75rMIIvH02YnxbA
+VNxtF4uS/jh+pVtqqbijhaltZu4POCWCs7f2sg4cKuUriebd1R08tDnKbbYkTu0PUZamXFsmewO7
+iOP3VliPTQogRi2etSs1ql44O31WACcmys23lujO7mtv0V5dPCOC3tWbJZttCTmmvZbS4xiWR8pk
+a9oeyROmJqSyndTI7jCXrq80w0bp/aq6/X8N+Abhd+GT+OLGfaPY2ueNTWa3twnBkQh7k1mTcI1j
+UctTjnttAerM7twukSI96+BVdf8hITiBERphbP9qlphU0kpBIU1bnvhCFVu3MArywo56qk0NtArB
+wQh7f1qzXCZmx9aDWQWUNFzWXtCtfLdbHlYrn8tESLX6uvZJNUcSK1G5VlByGTntnRpnuyc/iLlZ
+p/8+4GuBb4Mf4osqQW06L4Il7XApj416neRHNJQ995xemStxO86JIK+e9t5xiUGDNIqbRL5MfJ9+
+lSxw7qwS340gWg01s1Bbe21GBOduD1bD8fRILV0PIdPDad2ND+PyPwcOXP/HgQMHTv8cOHDYYvp/
+OADQ++i8rwOuwAHeJtXB0CUBDFIa7DeKWbIB9zrP6D78myLIstUUWoEll0lDEo0X5NyCUtA8vVxl
+f4+MugJAe8Dmc1kSdNtnjedcNge9KILetZsWtvRLmxgxJf9SnffED9FVPC/tImC8bJlonU4tpe7L
+vlpnXhPAReaR8A6VSfWmjgsCiDM2fqcKtG/+3lXN5u/c/48Dh639/feDMeD7te8yGIP/z97VPbeR
+HPddUieQ8p1dtlNB2a7LQbizSeogEQBJUWKi6EiK1PFEiZRI6uLoFHgJDIC1gF1od8EPUbwLqKPP
+duI4/0QqyUNe8pCU/wGn8pSHvCV5vlSqLk4q5XK54kpVume/F7uLxRc/Z+4E7sfsTO9Md093z8xv
+f879NvzHXR2/GJ/9Fs/RwUh9XhE1ghstZXqeU4mK+yVzGeNgER4bwsIOtlKx+NgYfzhCdZvxKU3Q
+bpooldxnc+45IPfNHg8Tju9+NsdaJTpr5T8k1ERJCroXBMUSgjPbLeKt8R4Wfo4NYNtIXo3F18b4
+xoY1Iehu0aZPoLpv3wm0JVoUo9sTTb3n+znVxlfejcXvxZ3TqiGWCr01218b54C7EovH4/yrHOVX
++gj9ue3mzjNsuzD/nyWWzvf4z+SfJZbOcfyPW+QGPuP/iZ/jfgmHHaTGu5tD3NTBa3ZgyHANWmPN
+GxmpdWUv0HDaVs3ftZ5bXplrXjGx62Mb+cZmloUYt+aIzbjN17ZDeJe+hyt3vu5GM3Lb6hiacdfi
+hjfyGtBOhKNAq98PzqgxlRvitukHqJviiS1M+fCYYg/9AN/I4tYfDXHzh2/YdPt1ShgfMQ+Srf9h
+iSWWmP3PEkssRUps/GeJpfPu/6e5wfrg4sBP+D+Hw1G/fBcn9M16B0+z9HMSh7w+xaeQIlGIlCeq
+43DZM7ln3+kDEFXoHo3Qb02U5SpxbJQJKkMTq+SFLPltN9HKpNpbYKvGi0wsPjLCv5owplCF3Yqo
+ajlRI1XXyQfeCVTHvQ5b2S6j0NbHObaESt23dUTNF/ZLVgr4bYzmYE3jejoWf/NN/uC26+XNv0v+
+r9zbHUSipBFlS6i0s1NorM358sbQNQpC29ABWI3Lxp8F91v2OT6m4//luMG/Avkv8/f4Qe7v4LRX
+aUOMcbcfmrvyHYrAQq/z35/tVBk+UYt75Rj30BXBc3B/uwG8xVKMu+tTWLvlHHyzOMTdffXQGcMy
+SnKQFY7XdybE2Hd/4xMyxN06eOrTOO20ywmQdb+3+14B+HGjGYbAhy8D+N3V7z41PM4Dk94LriFK
+4Qz/jyWWWGLxP5ZYYsmU/0H+37jBvx4YgT8snaG0VIlx952OTZP7Fd23+eQZzs+/5TDfm325iVAL
+ngWBupqo3/h+C096oiNPmo3/LLHE7H+WWGLpfMr/AP9ljlfg52fcg87W/16c1mcHxeux+M248+v2
+QoUomsu+olce+Xwjpymn8Z0cvE4h9Jy3xtamLsbfjfOqpyZVA6uKHj4MqoJm8ZStXxvbnIzFJ4D+
+mKdUY7mrQfxqUMlWNk/p1ipYJPzwSxN009mP6vrX9zAT/bnv+fqg8XQnpnKoxdva2K0JEqkE3u3g
+q0BVoqpCye+O0RnN141l0j63igp5XgeDdjfAoBekQsV3YoIWC00jan44gKpYQSs5EOyP5OsazuIR
+RZEVv3XAW0LFb72ueZ04TX2zuci2zo5NGbxNlANXTSoRtdf7/6j/z0kc/wH3z/Cnzykvx7jpOmIY
+FArGynTK5gn6jh0IrJ+nVJeGuIXGsE8txje6vpOAn65k2K/aw4nqEDf94687PtRFK40CjsFkncl6
+/2Wdrf9niSWWnInJP0ssMflniSWWzmf8L8b9Djd4OPAe/zP+y9w/cttwaqQPt2LcguvzSoIkyeCj
+WFv7E1uTAV9YsjL6TTuu1t3wiLrvDU+IRTHvLD7yDPW85objdDrf0ffyj6pDnNBYa44duGmzAgno
+Awd/arzpQZ8PoDflifgt9MYFZYibbky5YQdENVcgRaFe0Vz4An61ODEG7Meafc7EnYXF2Y1lxJH0
+Wxgw9xw/hxb3RD38ujJCCMTbEEf00fKABdEhcYneOuG7NYxYfdUnYuWM33QdMmf4nyyxxJJ3/L/A
+3+X4v+XvDvzNQAxO/zUo76s/uBmLX77M/2BPn7myRnj76EPPHJZtBPRemevary1sxYBweHAo3FT3
+oM5LsrLrD9gIo8dpn/hsvH0jFn+Y4RsPLWzOcOul+e7j/ttBB6vT9FuDn96zp05dzzRfWfeZVD37
+VkYqqknH8D9ZYumcj/9M/lli6Rzb/1yeGxjgt7lfwkHvU+PLL4a4241Zd3jDjiNm7Z0jTpPVymAa
+iy4jnNqMTu/CthWd+fxDZ9wuEvTtIIIyEQnSDboQSmgGfxKGdpCEqSAS0hFJsH2gEDKsTP6f993b
+HuJmP/uGI4LXFOOdCo3cnRcnrw1sBPwCj+/aKE0R855FQzWFbOWC1kZZq4Z8vyFsL0ByLk6qyfly
+VOQCZv+zxNJ5H/8LHL81WOd+zRX4b/bBAPjq78XiK5f5xm07ZhU2uts3P+qbXfDyd2PxWSDp7RCS
+UOfbV5/00CR49VKPpH42zyKpZ2uQhVsKKSFHeF/QEXRrDM3E4kvAfRMh3Gd2in3nu32wCNn4zxJL
+5zcx+WeJJSb/LLHE0vn0/1/j/pAbvDfw84GX/H/BYY/Sq699MsTdPFyx48oaUTW6a7L115ysrB16
+u7oPmPE4gfrVrOcqxb3NbYrgG0las1Oq3y7I9U10QoHmZc+tYkUWNN87vuUhklQuxH2k93FlRw6P
+AlZ30Ez0B/zWai3yStPGpY+HuKeNb7lXDVseK36nzBv9dy8kdviTzgXELX1ev7XD7+/HuHvOJdve
+eYfo67YHXuJ0yljQdMpkxOkUo1tCPGc9h3/bZveAiIPhICImIhLhDK3kzEhKBNJcIZmUHYMJJZqN
+/yyxdI7H/4FfcINchhv4Dv8X8GcMLo35Zrz4nvEBkOe3Y/G33uIPM1RHWwO1dSC4A9dsJO9+JP/k
+92Px+ct8YyQkXEzpcFzu6XDXWLgVi8uX+YNYCAUh45ad+emxjoAcx3+NzUQ5Z6LY+j+WWDrf/v8A
+3+D4/+Ybg78Z/BVrkfDU+PuVgde54eEhfmL4zYNfPBlw+FSZ7Ez6xszU9TWiJR4IVbKXtFWvmpzZ
+S+JHWJIzT57up5IFouYVsaaJjR8Ox17neKPAn96/4CkxOzUzdaOtEmUpOZO8Yw6F6NJviWQ7Ua0D
++f/ym/sXobahoeGJ4Tcavypd8FQ2MTM1vZfM5RB2S1QI1PFkLykWoMCSItTKyVQSN7fA6V3jFEcR
+OKVDLZwaYGRwJbmfsp8sCpLgeta4YDxt57Cfn7iWuZa2C6kpMth8ZVJX7XJWndeMotDSVOW6kieu
+0qAsLO1pqqsGrGhirYLftlewZKiAFERqBSdnNKVOUsmSRLQlIHcyPZVKlsUCmZclTZErUFVRqKiQ
+A19GqlcqKahZeobtCzQp8rbe0nm5UhFqKrGyeysoE7FUBoKT2anaDhBA2918VtKIhPd8CKNAZi4i
+MpkU8MP/6fj/KW7gkP8PPsXkO1T2Z+ZicWGcbzy3NsnZFqfBa27b1bjYlKsYuFcuWoG6YdeUt2mz
+YMpCBxxrfGM2Fn847jR9w+tquuuDzxheQlQqxw523ovFx8f5w7co0zY90XRh0+1j+lXRia8ZBS1R
+ARnLhWIugtrUZIUUckXQTx18kSB8159xN7cZAIkYDL/ot5JpTF//t8UNlPl/4P4dDo4kSY3BGPfw
++fAbEziyWc2eMNoFVW4msV0mCkmkN1axHRyZ1hbWrYy3IN+H7y88WnBcSfvFZj9qDAxzjZGGakRn
+65L4vE6MIG0T/1xzckJCkAo+WYy/Ry/JvrHnNxs8BvbdmyzC36tv4uy7y+C3GtwQt3J4y54Oaiop
+Ek4Ik/WOZd03/j/4P9zA4Bfc4BeD/wv/vmCjPEssnc302iDPX8Ao/tCgeRa7NPifIP+fc4OfD/4a
+/n3OWoklls5auniBH9ZF/0v8IAr/67ELPIj/QAztf35A4+B/llg6kvRqqHEBnDH+U3QAVWGLJMiO
+qCIIjsPLo+vERCnES1h6sLbwaB0N45XmXJdGLw07TfzUpWHjDhy5LXu44DLj4dwwvO0jMMHhxLC3
+U1i0Jlwau7S2sLwwv+6o6RqtyT61q2j/moHvA9fmV2aXF9bmF0abbiJdiauZMcg0MuJ6mlK4+Gjl
+vt02fvY/dMdf1sn+UwyNKqQGL2vGJ/WzJY0ogh4SdV5+JG8vWZFMtSxvr+MeLSvAqOlnyQdkO6HI
+20njypr4Aq+Wr9O4blOw0xHcTHujm0JFFNR5uSIrGLbdTyU3BcWOquIrLhOppJWTM5m0fk6ct62g
+8ExypSBKLSOkRbFSgaJSyZKCwVKsEP9mJ1LJCikRCa8lha2S9UC+rig0+mqcV4Ud+xgqNI+xrcwq
+NVkTKtYdutDApHmfxofxVM+KJ9tiAd8v6wodQ9lr0Ez0MvbGqixK2n25gG+alyWJ5IFLsCkJvL2k
+AfdaFdYwqyIUxDqUNWWc240Gr1MgCoE2SRYrspa0+SMpYfnwLnm5RgqPaUfs6Rfhr0oqeqXmW5Id
+fIZUBBDxvEoEJV+euZlJp5PGO/vf3IcmUIkiEnUFhAN6gTgYAR4Zv3Zlpa5duzKOzKUIklqUlSrS
+RkrAr1vk6ncpk5nZNwq13AN5VVY0jNvvCqBwoM2Q69WakCdO5lFpe2agQVVNyD+zu04jNXjfZegK
+m9EFpUQ0nTKyU8PGEkFeyCi2Rk6CW5qg5bDyJekOcGFJEarqnijBZSlPbn38UfIdzPlRcv/JVPXp
+GJAGfUAUaJdFIa8hQ2ZNjluE96Ot7ymNdkwRpTE5m9SpTM5cT6dN4sy5GH/yQP6/HzyrYbyla1qD
+TgStyzJOhiRn0iHzHJmIkxw9ndRwSURVF4SyVq0cC/86OGkX6UY9YurGdwwqjIkrWk1/tLB+tW0d
+3NQXQr5M1sUqkesWeXnUyHMgJSVFrqNWNNUhXn+st47zEpaUVEqbwmh2ciqVmJrU/6Wv3UTe129M
+TKcSmezNVGIyjXdu2Lem4EJmOgt3pugz02PJpx1pd1OUJFnChikJ9RLte9DaBtEZFCBgJeM0bWpu
+s2nLYDKU5UphWdgkDra3rt8XlGcoTbR+c/RI2+LtMwtYFWo1sIHWKT9kXOd6BxjTnpTpMEROWcZi
+wgz2p5FFwe8HNWeh+g7eEXXHqq7tQf6fWS8baSTBe+tUJvQ3qMmqVhR3dBE1ThZBbA1Gm0p/G6+D
+irLy0OOmLJTm+8CM9F3REMMOgiqSlgw+GEcNp8nmDae4HIdQgx35rEKHgz1qMVD7BJsfmXUiA8ya
+uQE/N24it2ZuIB8XkW6TW/BZxzP6I1lk8psTmNnBcqg46KYJumJfb0ifwScPUqjp2j1fq/sNNKkE
+KsVbHyXVXRgqqjDyOEcdveDWYxBk0pdg6sfNA1BmctIzBD11SIdqvIChoOZXNxLzMi43sNShCpxf
+ITh6mj3iYJgblGHoVYthZKg0ecvLK2ZfWuxCLzzQpQTtt3Nn9xZIXqwKWPoEqkmQ/0oEQzjttYSn
+XYZwRSxJs+q6y2gIs47RZFio1rTdlvaygk2zJhZIDy3odNcWtF7kaTSgIxm8er0R7V21Xk1s7iZG
+Ua2MjTrMS1RAHl2TshXSCNVHI7rd24kK2qOF7++3VEXBtnBr0kcQAGWkl2RjgQ4y55xktkeaJOZJ
+16SB/Fed5GGhDvLmOydPlLcFUetp2+lFOshb6Jw8FdGyI1EXTA8tw0HO+120VqFCettWhYqzI+90
+QZryvLeUKc8dhC120YVyUes1cUaZDgLvdk5gCYaj3koALdFB3JKLOI+JpfvasmIOZnVVA6PaHNN1
+JY+LcZpM12zmeiqRBbWZyE6j6ZqdRlqphVVyuBN6heAQLlJjXTeK8HytLBY1+4Jl5FHj3QgcgLOl
+PiIqmLO6lWWN7oJiD32qrGh0vNZ34Ri2oSgVxC2xUIdm23euIaULUnf00M5ecrOef0aHKp0MIxSA
+5FkrSG0zzqzQNCHogtBdYcfwvCyHEfIq2AIVdPvgHO3QilyaE1TTZ9uxfUeH26h7gX4FeR82qBWl
+ZvL6FaU1eqanlmpyDZoIMr69MDV7YyELWde2hRq9kJ28M5lN9tSUzXYYz81Mn/d4Lsi/fHJiurO1
+mvpyrl4sEkV9OY/xpsLLRYWQl8hNL5GDjIur8OLU3VBfPgYWqMj5DZUUxi3lNuWyZZ2BYMqGAdn6
+EA0eTdAxoUqquN/rPqmuI5PsNQ8JiavenPjirTMardU6o95yrfPZrRwhL3RL61x2Z7XO6+hNv8yd
+jJnIVF04CdEauwO6jMIiOAORurEDCqAskP9amWqUVpZiNO5M6s69HZVvkyQsNoKBH4EJO2gPOma1
+Nk0jS0snJFjlRTBBIwtZB4TY5UVwcKJLcAeUOAoMEOOlALJGvT0VUfli1gD+HuuwTwMon48i8XK1
+Kmo42T+71iO5N0tM4o6f576UfRBFDQg4BPaGJr0sBwH3IhAwm8ep3t4QoJcV0E/LEYhZkoQekmOW
+FkDQ/VDHrx2/7D6l/vS7Zpu7GtVVpmt2d65d9+qk+md2D/V+MgHkXzmGhTQZtpDmFMwDtOfqUF1Y
+kYVCxneBSwc6EAtr23LvRhcu6xX2QhPm69V6ha5EOr4gVQTdBfKvnngFaHbLCZ9L7UAP3mRq8Kyp
+QajsWhocCvibuJLQXRDofaLPgeaELUH0cUFSBbIl5kni8scjWrVWVM0LcL65e7VeFwvgpYwnvKWp
+IA2dFWY4MiD/7U+71iWNdm4Hk6/daOc7ovossYbdlTCcwUBFbWjmk62nDRk6C1MItGvMTjkTS70z
+50M1g/zXz5V6dkzUFoBpc6Kso++FLcsez6Q7WqCia93j0JIbmlgRX+i4s8APiTuUkjZMW/P0VOrM
+U+PZe/vq6LUnyP9WvzToJDNuT85mmZxChMI7YbtljkDZIg1qLi9Xa4gc6xc59m6D8Ve2kyHKllbS
+en1yNsoOGUr0tiJqpD2qowwKerkBhM71LLxLVczSihowDID8b5/SocC7FmdpZVwlIMaFBHJAYvTq
+GDhMtJETo++OnZVgsKs/C1Z/ng2b+wYbMY54xAD532k1ahzzoAFCDcpUpaQE6d7ElcRUJtuTcaNZ
+BeNYETI+mPShqtGI1E8Sw4aMkLGt6/FjvazI9VK5VtfOljfhnTOcw/NzM4pgr4L87zp69owNKNks
+G1DOcACH7g7f0XLqtqjlyyTaxvqo4Ruj8IRZ+JEGceaNytfsyvszKQny/+JETkyeeBX6gGjbsgJa
+VBGKReCKM2OEM515ksI2otRX8xvkf68VhgmyOVjHeQKV5qjJFGTjXrnRVZw8R7m204XaPkTTZquK
+Wn+pRjyMfoRufDTM6V6YsilqTmsbTxHiS7ex6Rk05Vkys08+/hXIf7lNmzrDxoczuXTPRKtaz9dy
+89CVC3DWYmNFsHpE6I7Niqi6NzL0x1h+oBN+vhbu9Uj3gfzvewCo3LBRvpqqnc+SMNSoPqNGOeGc
+TgiUk1dJHh9kEkNICkdIAvn/OBpKktemaVcxtG3S9GK9rY1bZDdthgqmfRoB+sDKnLXGHuuK+/GJ
+SWThrPEDz2ddzzsGYgak1EMgpQAj6SzDGoWsYGgD1wjk/5P+Yxt5ZtCOCtwoErBR+7QdLbJR+/T1
+F9qog/Y6MmyjDmg7InCjDnrxSNCNQP7/+G4XVB4lxBGlrt+QQx1sZ3U6YycUNMjZIj023DpA+ukp
+lI/LsPMYZ/237U47kBB+1rI/gbETj/PDYH3OPqxPiJF8LLg+ngG2j8A+QaA+HgpA/g+OGdknpE2O
+ANonrPajxfYJoeSIwX1CKDlWdB8PXacJ3idM8PuJ79MC2yeDn2PKHjfAT0jjHAPCTwg1xwTx07bj
+0yGmTx98n5OCyuNpmWMIXp9Mrwbk/9Nwz4Yh9bQdaD4VuDm+uwT6CpTTwTR75NDK8WkU2hSnYjLM
+T7mA/B8eX9iEwd/0WbecLjCafgLRdKXuukSe6YPi6xV2DMj/DzpWfTbqC7OnIkWJmb7rs747kegu
+3aueXsG5NCsikP/PjkYZ9dkMa4JSYSopkkpiIC1RJ62iY6icIsgUkP8ftgGbkp08JbApbYfMWuCk
+dKpfe+fhnmCUkzBsEqaGI6nh40I+Afn/0alVxUeriY8dhwSV72nCIclOdmv39gh3pA9q+ZQgh4S1
+Ju1NkP8fMyUdTUkzNJEjdN9PFrZHVy5812AefTQrQf7/5Bj1kneLO1NEkaxFpojasBSjIGj0SGmd
+NLCM1iinIP9/enIQM9r22ruFyOiHZXiaQC5OwKbO02gInh0IDJD/n5zkdTFHCkrRlZXXKQrF2VwV
+wxRKWwrl2BbZgfz/2Sk06lbq2rUrYWadYyfQRqGWeyCvAkfjuLyrC1G254YfVVNY15KEgBwgtNVo
+TmuwvvKU1gWQvZu+BZSI3hCnF9UmbLKTGujJ9porqrnpLTzKsvwAGg3u6UGD2XwYsDOnnRFn485q
+Yg1o7CagAPL/UzbunNtxh83+H4kRW8RwJhKXf5YDqrGaXEUEN9tXpZjblfwea7VEPFj9FN3774wR
+BOSf60F8UyfynNu+LVxrZKZ8mVSFx0RRaZtQrqINMq/IKhyJioO/dunjBUGh7SqUKApaDTqEaGUC
+PI5dRKo1bDKphE0Dno1m6K6KDadQkXHjoyXPe2ZRT00gKJ1cAwOKQtP5aTd97yfFIstX6gUy6wTl
+MmIdGI+qQ/eb3UtPLEoU4MedhKEWTJA8U/bkGrKJQdfzOlF2cR8DlpvTn9BH5U1Z1uiKvlTCFIQx
+nalR99G+0lH9MhYH6YXt43tReD4EHqNcDVVvX53WF/PqZ0kjT03MP0NFsUcvGi9j1JEzJY12xxS+
+SSaNvxP0N1OFnyn8ydDfiTQ9RhbO4k+mkDREK2e/svMBmvU6zUofyE7SXyST0jqRhhIMOl8gEN3M
+/7d35U9uHFV4DQFiSOAf4IepJVRss3Z0rLSyq/JDEi+pVGHHKW+ooiC1Je/KWuFdSZZGsR3bQLhv
+AiSQAxICSUgI932T++SGcBT3TVIBwhUI4fped480MyuNRqMZzfW2/Nar2dGot7u/1+/18X3T+9C9
+JPNOt8+hrrT5w01URaWl7UV58d8uMVVIhbyw2wGPA/4P9A0rSyxJx5J0oUjSsRzdBHlrgf+3VWQl
+GT3gFHWLbuYFFW0Oz1dX3IbOTSBiy4L1L1RgW9HXVqeHdtxsIZMtzhWK2zO5Yt74/R7qUtSHs9kR
+iXcPlPcfKNsJd00XBdGuKGixO/IOrZJA4Cevjow5Zl2dNOtqs4moa0H0h6zltWwAFd2IvqbpDU10
+mW7fy1J7qlta5Xq1zy1igip4clfg/+0eCF6pzF1iUSOcIvZQK7uoiqwMWtHJk2d3MT1p3ln0Z9ze
+WasrHlcmoh1CROuChHaG/dr4fq1o9WvA/6VJ9W0T92ueghkaaQIMZtjxxd/xBahNAvxfFkl9knG4
+vpla20dq7SgJnBSTyuVd8oPL20u5gf93jMjlXYowl3cp4lzepYhxeZcizOVdiiyXdymaXN5neygh
+8P/OULi8S33E8Y7KBM0Y2DptvbHW5fCVHn9dCNt/dVxEWlVTyhE8cXj/dQl3LHrBqkmFRDs+E82o
+MMdhoSksBP4vHzU09JTmzgWR5XLoGGLoyGFjAsJG4P8KDh05dByjhBw2xjhsBP6vjKRijf8Tnqp1
+fJ3o9CB+M0bMm/O69WWOt76EOqMZNembXoAM/F/VL0hmOZxEyuGUIiaHUwpdDmdwCcKQwilNWgoH
++H+XQ4AaphxOKTJyOKWIyuGU4iuHU4qmHE4pdCmc0mSlcID/dw+RwylFTg6nXxI4AXmcyM3wR0Jc
+ZyaeOVGuxDkR2hP4v9rTFvzJzOdHN3HipImTpgQkTcD/NZw4jashykkTJ03xTJqA//dw4uS/hign
+TZw0TXqBq9dC7te4gP9ro3xom9VHo78XPx5yp34SWniSP40ccQX5LuD/vXoUZo3C8jA51uTzTMOQ
+j8yeTnZBHl0Q8P++CLghPSkxmNEs8T9OaXeU7CeTFomRODTwfx0LRAfDeOZdMDqeHGcJPUFkd4T5
+TII8IfB//WSjxu0xDRrJW7KnZE8ZSU/pOZYF/m8YTgepGiYZPJAcyCYtkLUrodYagiN40UlR4LRs
+ZiwNqxC8ZBAMusD/Jelm0Y3MTGQ+y47J60xkXIPK0D0X8H/jpIVhitHXhSlGRxamOOa6vXeVmEgu
+WCVmptjQhQg3rgb+b/JxMY051qMaWydWwUa6SN8ibe9iNrF0l6T/kwCX2UdbZ9Z3DR1cUlTMini6
+p6nTA3UXSFaRHUd8v7Dfb2MvxCM+Rhamp8lTrooqbJ+nnjxtqSr8ZP6FWcBnhqiFFsStcgRIlaAP
+tb0G16SX4a1bFg2fHGn4jPN1M+t6sK4H63qkk/se+P8g63owvT3reiRL18OtXwP+P8S6HqzrwY4v
+WboebucVgf8Ps64H63qwrkc6yZmB/48wQTPrejA5czrJmYH/jzJBM+t6sK5HOsNC4P9jrOvBoSPr
+eqQzbAT+P86hI4eOrOuRzrAR+P8E63qwrgdvt0yWrofbownA/yeZopYpalnXI530tMD/p5iililq
+WdcjnfS0wP+nmaKWKWpZ1yOdp6iB/8+wrgfrenDSlM6kCfj/LCdOrOvBSVM6kybg/3OcOLGuBydN
+ydL1cLuZH/j/POt6MFEIk+onS9fDre8C/r/Auh48D8S6Hul0QcD/F5mtjXU9OBJLlq6HW6Z64P9L
+zFbPbPWs65EsXQ+3nhD4/zLrerCuB3vKZOl6uNX0AP6/wroeHMiyrkeydD3c+kzg/xbW9WBdD9b1
+SKfnAv5vja/3SqbnCjDo67VVcvTcWHNijLgP+L/N34OQ27Ystirl5VNoYy7+lHqb4EAFrFQFjre+
+YPp48A6XitBeXGqsNVcret9tSu70g2YdHK74kKFeN18cuM3UXuhDrZpeGa3UbgYG+dwBBT3Tv51E
+wsWcc247WcOA/dz8Oeee1q4AxssaNb+2aetm7TRN1LC26Tmbo3BQYxRPDPzf7muwm2Nv7DXYnZ30
+0Qt21al31cD/HeyuY789wTL0LnfbMhkBPp/oC25iF/i/01uAH+6gAUzDmbZFSQb5Xm2LVsjmfBk3
+1rvg/ECJUEv5yNPolXqQRXQaMhzGtrGHj4WVVqNTXWl29GQF/PaDBGfS6yTF/GbnDPzfNXbMz5v5
+Pcf8pZBifvbe7L3JewP/d7MHT1QaYBuXE5YN5HiCyc9sAPi/J2JbPZZIj/Swvtg+VNOXVioOK6Ye
+lkvVwzXj4ZPd7nGW+vS9vU9P0VmzZO7uiPfyI/B/b5gBMLnzuO/wYIfFDiuceG93RT/UaCHka5X3
+70eXGD3IA/7vi+i0Lwd6kSG33rZlsVYPbcqgLns5svmlCj5vUaR3g3LyLaWxNtEtig7rmTisT6lF
+la3V9GCLTbrJXlYKgf/7h44CfdxMvAeBfTXdPD9AL7VaXc0KiFeoz7hP7Y4d2RbYAXud1s2FMK3r
+yUMD/1Npi5kG6SNTFSHIXSs/v9Jqy1amLTn6EfG+5XLrgBC+rgqh+SacZ0VfqaA/kTutrDXJl9Wr
+1Mirtbaumme1J36z2iCWQVxSuu9K5d7AkrlvGEWWnWNfq2HvGt1Lx/sDXrIxZmgQWVrtLFfOMCt/
+K69H41wHXtzoiuJFt7gtIP+wpnqG4WmNaKTRpOpXqDzYqbSOEFcGPXdRvkMOgfsaDV3se5/RjGFv
+sxylaDASvUB8jCyMHCWyoopFFbXPU0/uVfsF8ifzL+S4IQsxQzplC+JW6VmoQ4uxYkdP9r1xaOvc
+clfrHT1B3dOsYaRpSbB23ZYq66IxGIu2L1CNZDP0PS++Z0mXqEDfsuJ7PiN+poEsR9+yy9NqzF3s
+VZ35DeLWorhVvCE3K75TMUVZ8xk8QZXzokZddYFDUpTN6NnU9tpeFFMyjF5o9OLc8Smnr/utHWq4
+pzm3o2/b4uRrTNS75y83F3c39qBpqUhH5Kiec4gXhescP2Ak9fZF+vBz6juBD4QVa+7y8sHRlu1p
+fUPDosvI0FS8eRqL/SmbfFTfOHDgepe5MGjY0SrLbaBqf3hfGkxXRVR9yYfq6vXK9eohxTG3152/
+c4+2F0WO/nwJ8P9VP9cWd8u24nmimMQ8MV0E5B0nXueGbMEk8P+1WKTFjAs3uOCjxj7hwkVMHEAM
+awl3Fpaai2eh2ebxagjT/eBIp0JvRj5qJZbvBazA/9e53Udqd3/mxX3KcyI1MV6Mz7z4uBF+UqbE
+gf9vBO/XIrtYXuS1cl4rj/nxqLHWyYH/bzK3WzK53XjDL+c0w2Jb4P9bzIzNzNgJTKaZ2NVFlAv8
+f5sFe1IyszR5aYwii/NEO6cC/r/ju2ZfMUqSfcWoKfYVWbCPBfuikoEB/98NRrq3GKZybzEqwr3F
+qOj2FqMp21uMrWpvMTzRXgfB3uKIer3A/wNjLICR0PoxJWp+TMLgGDXEMULmsR42jvV65zFT96Cl
+M5lwFLpxreHZjc9QjdH3tgAC5U2aTfLcZRccLI5uu3GwnrztxoFeqk/nd31vf9dru8vRNdnudfYe
+mhf4UacaY63RXWV7KJd6mIv9la6a0YsfsA80O90Af2DPlPof3xtljWvP+fEPPO0Ugc9OwsS/ahlf
+A04ZX+2YftZ84YzSPBHdCGdMF3KzO2dz075O0+a8LoDN8dSU56kp4P/7hKrNm8xr9M3OUbp4+qm1
+xqFyTT91ZsDuDC/eXT7SRcrQ7qxp+45omxyKh7eVV12VbnB5xDNchMwuilNbXq34W1d4oAtv76Zo
+rYP+lqx10EXi5aYJG/t1vwunnukiIXNRwCocgL8IEE8cmA3Zp4aEB2+0DPfRaeuNtW48LNFMPwun
+Tee2qvvKm3LZ4oyWwwim5eZmtMy23NxmcWqLPlzvBfr4MOD/BxZvanWmq7Vq/Yz2gvTJygc5eVia
+Sphfa+pHhvrcFg1Ce80zD+N74czYXlg+MhHrAyr4cpf1DMfBi6blSteLpv2EwlHxcA9LWCNBuIMq
+9BXBHXnwblga4KJo9dqSv0NGXZK9DZuvMIoG/P+IYvnVitbunhzshWGqx1TrFZ0eN5spzMggfcFI
+ATIS9LT5rdVY7YGEfMmsBY90XtHwZwMjUntAKnb01XX51zuHhyIWzFpxrxKGFX1tNXCYmgAoTgwf
+Pd6Lzk9Rn6jyHPHIYPIAeXXkTGBdvVOmuYA8izbQGkeVaYg5E86l2mp06r1jyuK6OtRsviQOucrx
+aLYwoxVmpWW2bRengMUv8hifsrntM9pshn5T6v2qgAvZuRx+UxDvwRB2gadtRV1k0LlZdN9ypyra
+GSOTKrSR66mX3YTPqFpjOH4eJYzt9dd3lVsHCDkqQ5TbljJm7MoKNA9O5WazVq8uiP6QtbyWDaAO
+XIuupukNTXSZbtfLUnuqW1rlerXPLeKQLf5GOnS5Rw1gxh/aGxeB/x86jI1U7gXR/+Vf0Gy09f01
+dWBbvXguIKo6WiFDuXQTzqd7j/h53S2izLvQGWVmrk5m4yOmu3jbfdoZ3UPa9AszXIIGcBMNuiqG
+zKPrg6t8Fh0zW8K30nbqmdkS9dn9HfMRe7zX9B75lhx16O15utnUvchJUOfF7Z21unHYfd0AvUT7
+PXqDR581/BnNNk57mvoeTn4zO+u8pj89bZmU0M5qtOReaOn62ujlqxV1RlS0g6lzlETnEFe7nUNE
+rafb+4XRgt2uIS7sloigCDV1B8ZG3++G51aJAIAZP5jxgxk/ksX4kctk57ZmSlszOQw8O3L5HYU5
+26XCjkJpw2WA/4+Z8YMZP5jxIy2MH9blMeD/J8z4wYwfzPiRzv3nwP9PmfGDGT8YF2lh/LAGrMD/
+z7jdmfGDGT/SSYIN/P+cGT+Y8YMZP9LC+GGN+YD/XzDjBzN+MONHOmNb4P+XzPjBjB/M+JEWxg9r
+lAv8/4oZP5jxgxk/0plTAf+/ZsYPZvxgxo+0MH5Y42Dg/zfM+MGMH8z4kRbGD2t5gP/fMuMHM34w
+40daGD+sbF/A/++Y8YMZP5jxI51TU8D/75nxgxk/mPEjLYwf1nkn4P9BZvxgxg9m/EgL44e1aEoD
+nPzAv6amNpyE/z8Auxn2QdiHYB+GfQT2UdjHYB+HfQL2SdinYJ+GfQb2WdjnYJ+HfQH2RdiXYF+G
+fQV2C+xW2G2w22F3wO6E3QW7G3YP7F7YfbB/wP4Jexj2B9gfYX+CPQL7M+wvsL/CHkOZT8b/x2B0
+luElsJfCXga7GPZy2Ctgr4S9CvZq2Gtgr4W9DvZ62Btgb4S9CfZm2FvwzKfjf8qNXgw7AKN5kjUY
+8SVQnTVhB2G0ftqG6aoOL4Qdgh2mY9Wwi2BHYSuw98NuhN0EeyvsbbC3wy6F0TnMd8DeCbscdgXs
+SthVsHfB3g27GnYN7D2wa2Hvhb0Pdh3setgNsEtgf4P9HfboCPXY7z2PyT4x9SDsIXucztQhIVKH
+DOH0GIXPg/rFtEfyGivlTN/Mk7tNMruNXzQw9igqPAqWlDKu0JjgM+uK/ajdqI5h5DVRv7hQ5BxT
+r2qzApi9ly4Sru7Nue48aveK9e35WerCOfUN789Z3m8K35mY0cc0bUBmleREKptzyKQoHoxQNkVl
+jWo6NXrZJjuXOnr5gp1M9VBfE5tN9VC2CU2nemjFceZTKRf0MKc6eiknOakqSndBwLIGHtY2zYuK
+EV2mNNeIz4Gbh7VFXxcPLYGdLTgLPraL6NIlzQOFvHwZ+d1GvLko+ZuLHILkUHYX2QbYwLYX0Rzw
+4C1GDqUYYY+RX/uLHUozgQ3GTp8+2R3GDiWZ8BZjh5KEusfYVq44bTJ2An4Au4xp/cftTmMnb+Bi
+q7EPx4wcShDCOSOH0oR00GjkxMfjyaIAcp+onA2y1UwIk9cTzWpo7denzIbPC4880RyLE73rQuPA
+j/B6OLnremolPI8iqiJqi2G07yMG0yZMzBGwb2HqDF/c3Zg8WQE4viFMV7TnK/jZ5B5HVdLjKX/c
+HTNgBe3vIstPOZb7GZ2QkvZ7piL6spNBsiNyldSxI3K7VOWSGTpiRNC019svMmiHNZTIsUGPPFM2
+Lv1zAF5VEDjHRbwhArtC4xgIBi3vQOc8eGJt4iIMY0V5XhWXkhrYsUMZwaHYZunpjBcHdZOQPoy9
+0qHr8G7iUoe2hdhIah26K+NkxA5NwS8d/g1a4TDh404fEeGcUQVntRpt/FRrmRDvq7iwSUzYJJhr
+OqqnjmwJZqRY6wb3xILN+r/p0vvdjbrS5g83URWVlhL+1XaJpNyi/5t1of9Ll4T+70OTOepZrld7
+xwuNlqJzhLYzhrLRjAOGwfJshHfcFFEjbu+s1Q2x65SeP/X57GmqBCPHOeVqHCoF/h+3ZDLqDVVE
+JVQ9s5nCjByeF4wxPyMHDVpraDVMh9PpebOWsJ78l8FnNLCe1vEA0BpGXfVM579KzFBnremDIgxc
+0ddWpyfnPtyTJvjfQ+XVkfsn8y9Mmn+h2YQnXBD9IWt5LRtABU6iq2l6QxNdptv1stSe6hYxlq6/
+RWSaI9I8AP//HQU/zBPCPCHME5KcOA34/19IsRrzhDBPCPOEhMwTMjW1YcotVwjzhDBPCPOEJIsn
+BPjfECD3MvOEME8I84REmCcE+H9CAtbpmSeEeUKYJ8QDTwjw/8TxpYiYJ4R5QpgnJI48IcD/CX4r
+EjJPCPOEME9IPHYfA/9PmnBmwzwhzBPCPCER4QkB/p881oIY84QwTwjzhMSWJwT4f4pbrhDmCWGe
+EOYJSRZPCPB/oluuEOYJYUfEPCHJ4gkB/jf6SrjBPCHME8I8IbHhCQH+n8rBIPOEME9IOh0K8P80
+t1whHNQxTwjzhCSLJ4T4P9xyhTBPCPOEME9IsnhCCP8+zCbS0Lp0IOWIH5LIMv4Z/5HD/8lTdALo
+2in8468ofv37mSc8Y2rj/PzFj1Y35vMbNz7hZALC1opq3K1t0bhb5Yxr26nhj04vLrYqBzu1lvKZ
+lON1HayC49nqpQKPSHvNPUaG88Y795frZct71YWe81YXeu/Pb8tuy/QeYvJn3efsMV9TjzK5JPPT
+8Cx6GiBVrteRYCpEdX2h8GaV9lKr1pTD0PTOcntlX6PcWib+jAtrcM7CSzVXK5qsynafhN3ChjOQ
+/GYdlcJg/ptR+C4C48NB73pY4v+RKfzjrxR8Pb7rySdNbTjxxI35jSfDpZzQhxSO/URK/AS6w3/+
+D1bVK2UAOAQA
+EOFLOL
+
+base64 -d /var/lib/grafana/t.gz.b64 > /var/lib/grafana/grafana.db.gz
+gunzip /var/lib/grafana/grafana.db.gz
+rm /var/lib/grafana/t.gz.b64
+chown -R grafana:grafana /var/lib/grafana
+
+systemctl daemon-reload
+systemctl start grafana-server
+systemctl enable grafana-server
+systemctl enable prometheus
+systemctl restart prometheus
+echo -e "\e[0m"

containers/rita

@@ -0,0 +1,50 @@
+#!/bin/bash
+# Configure BHIS RITA for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export IP=$(ip route | awk '/src/{print $9}')
+echo "rita" >/etc/hostname
+echo -e "${IP}\trita" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove snapd lxd -y
+apt-get upgrade -y
+apt-get install -y htop wget unzip
+
+wget https://github.com/ocmdev/rita/archive/master.zip
+unzip master.zip
+cd rita-master
+bash install.sh
+cd ../
+rm -rf rita-master master.zip
+systemctl enable mongod
+systemctl start mongod
+
+sed -i 's/\/path\/to\/top\/level\/directory\//\/opt\/bro\/logs/g' /root/.rita/config.yaml
+sed -i 's/PrefixForDatabase/rita-/g' /root/.rita/config.yaml
+sed -i 's/UseDates: false/UseDates: true/g' /root/.rita/config.yaml
+sed -i 's/#DefaultDatabase: DefaultDatabaseName/DefaultDatabase: odin/g' /root/.rita/config.yaml
+sed -i 's/DirectoryMap/#DirectoryMap/g' /root/.rita/config.yaml
+sed -i 's/UniqueDir/#UniqueDir/g' /root/.rita/config.yaml
+sed -i 's/UniqueDir2/#UniqueDir2/g' /root/.rita/config.yaml
+
+cat >/etc/cron.daily/rita <<EOF
+#!/bin/bash
+export PATH=\$PATH:/root/go/bin
+cd /root
+rita import
+rita analyze
+rita html-report
+EOF
+chmod +x /etc/cron.daily/rita
+systemctl restart cron
+apt-get install -y prometheus-node-exporter
+echo -e "\e[0m"

deploy

@@ -0,0 +1,155 @@
+#!/bin/bash
+# Odin install script.
+# From bare metal to complete monitoring.
+
+exec > >(tee -i odin_log.txt)
+
+log() {
+    echo -en "\t\e[96m[*] ${1}\e[0m\n"
+}
+
+if [ "$#" -lt 2 ]; then
+    log "If you want deploy SSL-inspection proxy, provide ICAP_INTERFACE."
+    log "Make sure your switch is configured to mirror traffic from this port "
+    log "to the TAP_INTERFACE so Bro can see and utilize it's icap analyzer."
+    log " ** MUST USE SUDO ** "
+    log "usage: sudo ${0} ZFS_DATASET TAP_INTERFACE MGMT_INTERFACE [ICAP_INTERFACE]"
+    exit 1
+fi
+
+export ZPOOL=${1}
+export TAP=${2}
+export MGMT=${3}
+export ICAP=${4}
+export MGMT_IP=$(ip -o -4 a show ${MGMT} | awk '{print $4}' |cut -d '/' -f 1)
+
+source limits
+zfs get all ${ZPOOL} >/dev/null || need_zfs ${ZPOOL}
+
+need_zfs() {
+    log "ZFS dataset \"${1}\" wasn't found. I suggest you create it and restart the deploy."
+    log "Here are the available disks. *** DON'T OVERWRITE YOUR OS! *** :"
+    ls -l /dev/disk/by-path/ |egrep -v "total|ata|part" |awk '{print $9, "  ===>  ", $11}'
+    exit 1
+}
+
+
+setup_packages() {
+    apt-get remove -y snapd
+    apt-add-repository -y ppa:ubuntu-lxc/stable
+    apt-get update
+    apt-get upgrade -y
+    apt-get install -y lxd zfsutils-linux htop unzip vim jq httpie prometheus-node-exporter
+}
+
+
+setup_limits_on_profile() {
+    cCPU=CPU_${1}
+    cMEM=MEM_${1}
+    cDISK=DISK_${1}
+
+    lxc profile set ${1} limits.cpu ${!cCPU}
+    lxc profile set ${1} limits.memory ${!cMEM}
+    lxc profile device set ${1} root size ${!cDISK}
+    return
+}
+
+
+setup_lxd() {
+    ZPOOL=${1}
+    log "Deploying lxd on ${ZPOOL}."
+    sed -i 's/Restart=on-failure/Restart=on-failure\nLimitMEMLOCK=infinity/g' /lib/systemd/system/lxd.service
+    systemctl daemon-reload
+    systemctl restart lxd.service
+
+    lxd init --auto --storage-backend=zfs --storage-pool="${ZPOOL}"
+    lxc network create odinbr0 dns.domain="odin" ipv4.address="10.13.37.1/24" ipv4.nat=true ipv6.address=none
+    lxc network attach-profile odinbr0 default eth0
+    chown -R ${SUDO_USER}:${SUDO_USER} ${HOME}/.config/lxc
+}
+
+
+setup_containers() {
+    export BROFACE=${1}
+    export ICAPFACE=${2}
+    # Order is important - start the pipeline (kafka) first, fsf is before bro because it bro submits files to it, etc...
+    export CONTAINERS="kafka elasticsearch graylog fsf ids rita prometheus fouroneone"
+
+    for CON in ${CONTAINERS}; do
+        lxc profile copy default ${CON}
+
+        if [[ "${CON}" == "ids" ]]; then
+            lxc profile device add ${CON} eth1 nic nictype=physical parent=${BROFACE}
+            lxc profile set ${CON} security.privileged true
+        elif [[ "${CON}" == "rita" ]]; then
+            mkdir -p /var/lib/lxd/storage-pools/default/containers/ids/rootfs/opt/bro/logs
+            lxc profile device add ${CON} brologs disk source=/var/lib/lxd/storage-pools/default/containers/ids/rootfs/opt/bro/logs path=/opt/bro/logs
+        fi
+
+        setup_limits_on_profile ${CON}
+        lxc launch ubuntu:xenial ${CON} -p ${CON}
+        lxc file push containers/${CON} ${CON}/
+
+    done
+
+    sleep 10 #startup and DHCP
+
+    for CON in ${CONTAINERS}; do
+        log "Installing ${CON}"
+        lxc exec ${CON} -- /${CON}
+    done
+
+    lxc list -c 4n |egrep -v "NAME|\+" | awk '{print $2, $5}' |tr ' ' '\t' >> /etc/hosts
+}
+
+setup_firewall() {
+    kibana_ip=$(lxc list -c n4 |awk '/kibana/{print $4}')
+    fouroneone_ip=$(lxc list -c n4 |awk '/fouroneone/{print $4}')
+    prometheus_ip=$(lxc list -c n4 |awk '/prometheus/{print $4}')
+
+    iptables -t nat -A PREROUTING -i ${MGMT} -p tcp -m tcp --dport 443  -j DNAT --to-destination ${fouroneone_ip}
+    iptables -t nat -A PREROUTING -i ${MGMT} -p tcp -m tcp --dport 9090 -j DNAT --to-destination ${prometheus_ip}
+    iptables -t nat -A PREROUTING -i ${MGMT} -p tcp -m tcp --dport 3000 -j DNAT --to-destination ${prometheus_ip}
+    iptables -t nat -A PREROUTING -i ${MGMT} -p tcp -m tcp --dport 5601 -j DNAT --to-destination ${kibana_ip}
+    iptables -t nat -A INPUT      -i ${MGMT} -p tcp -m tcp --dport 22   -j ACCEPT
+    iptables-save > /etc/network/iptables.up.rules
+    cat > /etc/network/if-pre-up.d/iptablesload <<EOF
+#!/bin/sh
+iptables-apply
+exit 0
+EOF
+    chmod +x /etc/network/if-pre-up.d/iptablesload
+    sed -i "s/MGMT/${MGMT}/g" destroy
+}
+
+
+setup_system() {
+    cat >> /etc/sysctl.conf <<EOF
+net.ipv4.ip_forward=1
+net.ipv4.tcp_mem=182757 243679 365514
+net.core.netdev_max_backlog=182757
+fs.inotify.max_queued_events=1048576
+fs.inotify.max_user_instances=1048576
+fs.inotify.max_user_watches=1048576
+vm.max_map_count=262144
+kernel.dmesg_restrict=1
+EOF
+    sysctl -p
+    cat >> /etc/security/limits.conf <<EOF
+# LXD
+*           soft 	nofile 	1048576
+*           hard 	nofile 	1048576
+root        soft 	nofile 	1048576
+root        hard 	nofile 	1048576
+*           soft 	memlock unlimited
+*           hard 	memlock unlimited
+EOF
+
+}
+
+sed -i "s/MGMT/${MGMT_IP}/g" containers/prometheus
+setup_system
+setup_packages
+setup_lxd ${ZPOOL}
+setup_containers ${TAP} ${ICAP}
+setup_firewall

destroy

@@ -0,0 +1,46 @@
+#!/bin/bash
+# Odin tear down script. Destroys all data.
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -en "--------------------\n"
+    echo -en "\t\e[96m[*]${1}\e[0m\n"
+    echo -en "--------------------\n"
+}
+
+ID=$(whoami)
+if [[ "${ID}" != "root" ]]; then
+    log "Please run with sudo."
+    exit 1
+fi
+kibana_ip=$(lxc list -c n4 |awk '/kibana/{print $4}')
+fouroneone_ip=$(lxc list -c n4 |awk '/fouroneone/{print $4}')
+prometheus_ip=$(lxc list -c n4 |awk '/prometheus/{print $4}')
+    
+iptables -t nat -D PREROUTING -i MGMT -p tcp -m tcp --dport 443  -j DNAT --to-destination ${fouroneone_ip}
+iptables -t nat -D PREROUTING -i MGMT -p tcp -m tcp --dport 9090 -j DNAT --to-destination ${prometheus_ip}
+iptables -t nat -D PREROUTING -i MGMT -p tcp -m tcp --dport 3000 -j DNAT --to-destination ${prometheus_ip}
+iptables -t nat -D PREROUTING -i MGMT -p tcp -m tcp --dport 5601 -j DNAT --to-destination ${kibana_ip}
+iptables-save > /etc/network/iptables.up.rules
+
+export CONTAINERS=" bro kafka elasticsearch logstash kibana fouroneone icap squid rita fsf prometheus"
+for CONT in ${CONTAINERS}; do
+    echo "Destroying ${CONT}"
+    lxc stop ${CONT} 2>/dev/null
+    lxc delete ${CONT} 2>/dev/null
+done
+
+sudo kill -9 `ps ax |awk '/odinbr0/{print $1}' | head -1`
+ip link del dev odinbr0
+systemctl stop lxd.socket
+systemctl stop lxd.service
+
+zfs destroy -r tank/lxd
+rm -rf /var/lib/lxd
+
+sed -i 's/LimitMEMLOCK=infinity//g' /lib/systemd/system/lxd.service
+systemctl daemon-reload
+
+echo -e "\e[0m"

extra/bro_api.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+
+import sys
+import base64
+from subprocess import check_output
+from flask import Flask
+
+BRO_CONFIG='/opt/bro/share/bro/site/local.bro'
+
+@app.route('/config')
+def config_get():
+	cmd = ['cat', BRO_CONFIG]
+	res = check_output(cmd)
+	res = base64.b64encode(res)
+	data = {'acknowledged':'true', 'config':str(res)}
+	return data
+
+app = Flask(__name__)

extra/kibana_dashboards.json

@@ -0,0 +1,550 @@
+[
+  {
+    "_id": "SOFTWARE",
+    "_type": "dashboard",
+    "_source": {
+      "title": "SOFTWARE",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"col\":1,\"id\":\"Software-Software-List\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":5,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Software-Unique\",\"panelIndex\":3,\"row\":1,\"size_x\":3,\"size_y\":5,\"type\":\"visualization\"},{\"col\":8,\"id\":\"Software-Top-Types\",\"panelIndex\":2,\"row\":1,\"size_x\":5,\"size_y\":5,\"type\":\"visualization\"},{\"id\":\"Software-Search\",\"type\":\"search\",\"panelIndex\":4,\"size_x\":12,\"size_y\":9,\"col\":1,\"row\":6,\"columns\":[\"host\",\"name\",\"unparsed_version\",\"software_type\"],\"sort\":[\"@timestamp\",\"desc\"]}]",
+      "optionsJSON": "{\"darkTheme\":false}",
+      "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}",
+      "version": 1,
+      "timeRestore": true,
+      "timeTo": "now",
+      "timeFrom": "now-24h",
+      "refreshInterval": {
+        "display": "Off",
+        "pause": false,
+        "value": 0
+      },
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
+      }
+    }
+  },
+  {
+    "_id": "FILES",
+    "_type": "dashboard",
+    "_source": {
+      "title": "FILES",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"col\":1,\"id\":\"Files-Top-Mime-Types\",\"panelIndex\":1,\"row\":3,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Files-Analyzers\",\"panelIndex\":3,\"row\":3,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"rx_hosts\",\"tx_hosts\",\"mime_type\",\"seen_bytes\"],\"id\":\"Files\",\"panelIndex\":2,\"row\":7,\"size_x\":12,\"size_y\":6,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"id\":\"Files-Events\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":9,\"size_y\":2,\"col\":1,\"row\":1},{\"id\":\"File-Total-Events\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1}]",
+      "optionsJSON": "{\"darkTheme\":false}",
+      "uiStateJSON": "{}",
+      "version": 1,
+      "timeRestore": true,
+      "timeTo": "now",
+      "timeFrom": "now-24h",
+      "refreshInterval": {
+        "display": "Off",
+        "pause": false,
+        "value": 0
+      },
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
+      }
+    }
+  },
+  {
+    "_id": "DNS",
+    "_type": "dashboard",
+    "_source": {
+      "title": "DNS",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"col\":1,\"id\":\"DNS-Top-Queries\",\"panelIndex\":2,\"row\":4,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":5,\"id\":\"DNS-Top-Query-Types\",\"panelIndex\":4,\"row\":4,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"DNS-Top-Answers\",\"panelIndex\":3,\"row\":4,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"srcip\",\"dstip\",\"query\",\"answers\",\"qtype_name\",\"rcode_name\",\"rtt\",\"geoip.region_name\",\"qclass_name\"],\"id\":\"DNS-Connections\",\"panelIndex\":1,\"row\":8,\"size_x\":12,\"size_y\":10,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"id\":\"DNS-Events\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":8,\"size_y\":3,\"col\":1,\"row\":1},{\"id\":\"DNS-Total-Events\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":4,\"size_y\":3,\"col\":9,\"row\":1}]",
+      "optionsJSON": "{\"darkTheme\":false}",
+      "uiStateJSON": "{\"P-5\":{\"vis\":{\"legendOpen\":false}}}",
+      "version": 1,
+      "timeRestore": true,
+      "timeTo": "now",
+      "timeFrom": "now-24h",
+      "refreshInterval": {
+        "display": "Off",
+        "pause": false,
+        "value": 0
+      },
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
+      }
+    }
+  },
+  {
+    "_id": "STATS",
+    "_type": "dashboard",
+    "_source": {
+      "title": "STATS",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"col\":1,\"id\":\"Stats-Totals\",\"panelIndex\":6,\"row\":1,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Stats-Bytes-Received\",\"panelIndex\":8,\"row\":3,\"size_x\":9,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Stats-Pkts-Processed-Per-Worker\",\"panelIndex\":7,\"row\":5,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Stats-Mem-Usage\",\"panelIndex\":2,\"row\":5,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Stats-Packet-Lag\",\"panelIndex\":1,\"row\":9,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Stats-Events-Processed\",\"panelIndex\":3,\"row\":9,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Stats-Total-Bytes\",\"panelIndex\":9,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"}]",
+      "optionsJSON": "{\"darkTheme\":false}",
+      "uiStateJSON": "{\"P-1\":{\"vis\":{\"legendOpen\":false}},\"P-2\":{\"vis\":{\"legendOpen\":false}},\"P-3\":{\"vis\":{\"legendOpen\":false}},\"P-7\":{\"vis\":{\"legendOpen\":false}},\"P-6\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-9\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}",
+      "version": 1,
+      "timeRestore": true,
+      "timeTo": "now",
+      "timeFrom": "now-24h",
+      "refreshInterval": {
+        "display": "Off",
+        "pause": false,
+        "value": 0
+      },
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}"
+      }
+    }
+  },
+  {
+    "_id": "DNS-Connections",
+    "_type": "search",
+    "_source": {
+      "title": "DNS Connections",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "srcip",
+        "dstip",
+        "query",
+        "answers",
+        "qtype_name",
+        "rcode_name",
+        "rtt",
+        "geoip.region_name",
+        "qclass_name"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}}}"
+      }
+    }
+  },
+  {
+    "_id": "Bro-Stats",
+    "_type": "search",
+    "_source": {
+      "title": "Bro Stats",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "mem",
+        "peer",
+        "pkt_lag",
+        "tcp_conns",
+        "dns_requests",
+        "events_queued",
+        "events_proc",
+        "udp_conns"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\"\",\"analyze_wildcard\":true}}}"
+      }
+    }
+  },
+  {
+    "_id": "Notice",
+    "_type": "search",
+    "_source": {
+      "title": "Notice",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "srcip",
+        "dstip",
+        "p",
+        "note",
+        "geoip.postal_code",
+        "geoip.region_name",
+        "geoip.country_code2"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"notice\\\"\",\"analyze_wildcard\":true}}}"
+      }
+    }
+  },
+  {
+    "_id": "Files",
+    "_type": "search",
+    "_source": {
+      "title": "Files",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "rx_hosts",
+        "tx_hosts",
+        "mime_type",
+        "seen_bytes",
+        "analyzers",
+        "md5",
+        "timedout"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"kafka.topic:\\\"files\\\"\"}}}"
+      }
+    }
+  },
+  {
+    "_id": "Software-Search",
+    "_type": "search",
+    "_source": {
+      "title": "Software Search",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "host",
+        "name",
+        "unparsed_version",
+        "software_type"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"software\\\"\",\"analyze_wildcard\":true}}}"
+      }
+    }
+  },
+  {
+    "_id": "Stats-Packet-Lag",
+    "_type": "visualization",
+    "_source": {
+      "title": "Stats - Packet Lag",
+      "visState": "{\"title\":\"Stats - Packet Lag\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":false,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"legendPosition\":\"top\",\"radiusRatio\":9,\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":true,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"pkt_lag\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"h\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
+      "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\" AND peer:\\\"odin-*\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Stats-Mem-Usage",
+    "_type": "visualization",
+    "_source": {
+      "title": "Stats - Mem Usage",
+      "visState": "{\"title\":\"Stats - Mem Usage\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{\"max\":0.2}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"mem\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"h\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"peer.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"row\":true}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Stats-Events-Processed",
+    "_type": "visualization",
+    "_source": {
+      "title": "Stats - Events Processed",
+      "visState": "{\"title\":\"Stats - Events Processed\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"mode\":\"silhouette\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"events_proc\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"events_queued\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"kafka.topic:\\\"stats\\\"\"}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Conns-Top-Dest-Ports",
+    "_type": "visualization",
+    "_source": {
+      "title": "Conns - Top Dest Ports",
+      "visState": "{\"title\":\"Conns - Top Dest Ports\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"id.resp_p\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Top Dest Ports\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"conn\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Stats-Packets-Dropped",
+    "_type": "visualization",
+    "_source": {
+      "title": "Stats - Packets Dropped",
+      "visState": "{\"title\":\"Stats - Packets Dropped\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"pkts_dropped\",\"customLabel\":\"Packets Dropped\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\" AND peer:\\\"odin-*\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "DNS-Events",
+    "_type": "visualization",
+    "_source": {
+      "title": "DNS - Events",
+      "visState": "{\"title\":\"DNS - Events\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "DNS-Top-Query-Types",
+    "_type": "visualization",
+    "_source": {
+      "title": "DNS - Top Query Types",
+      "visState": "{\"title\":\"DNS - Top Query Types\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"qtype_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "DNS-Top-Queries",
+    "_type": "visualization",
+    "_source": {
+      "title": "DNS - Top Queries",
+      "visState": "{\"title\":\"DNS - Top Queries\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"query.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Files-Analyzers",
+    "_type": "visualization",
+    "_source": {
+      "title": "Files - Analyzers",
+      "visState": "{\"title\":\"Files - Analyzers\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"analyzers.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Analyzers Used\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"files\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Files-Events",
+    "_type": "visualization",
+    "_source": {
+      "title": "Files - Events",
+      "visState": "{\"title\":\"Files - Events\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"File Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"files\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Notice-Events",
+    "_type": "visualization",
+    "_source": {
+      "title": "Notice - Events",
+      "visState": "{\"title\":\"Notice - Events\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"notice\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "File-Total-Events",
+    "_type": "visualization",
+    "_source": {
+      "title": "File - Total Events",
+      "visState": "{\"title\":\"File - Total Events\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"File Events\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"files\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Stats-Bytes-Received",
+    "_type": "visualization",
+    "_source": {
+      "title": "Stats - Bytes Received",
+      "visState": "{\"title\":\"Stats - Bytes Received\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_recv\",\"customLabel\":\"Bytes Received\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Stats-Totals",
+    "_type": "visualization",
+    "_source": {
+      "title": "Stats - Totals",
+      "visState": "{\"title\":\"Stats - Totals\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\"},\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"tcp_conns\",\"customLabel\":\"TCP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"udp_conns\",\"customLabel\":\"UDP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"icmp_conns\",\"customLabel\":\"ICMP\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\" AND peer:\\\"odin-*\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Stats-Total-Bytes",
+    "_type": "visualization",
+    "_source": {
+      "title": "Stats - Total Bytes",
+      "visState": "{\"title\":\"Stats - Total Bytes\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_recv\",\"customLabel\":\"Total Bytes\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "DNS-Top-Answers",
+    "_type": "visualization",
+    "_source": {
+      "title": "DNS - Top Answers",
+      "visState": "{\"title\":\"DNS - Top Answers\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"legendPosition\":\"right\",\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"answers.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"kafka.topic:\\\"dns\\\"\"}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "DNS-Total-Events",
+    "_type": "visualization",
+    "_source": {
+      "title": "DNS - Total Events",
+      "visState": "{\"title\":\"DNS - Total Events\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"72\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Events\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Files-Top-Mime-Types",
+    "_type": "visualization",
+    "_source": {
+      "title": "Files - Top Mime Types",
+      "visState": "{\"title\":\"Files - Top Mime Types\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mime_type.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"files\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Software-Software-List",
+    "_type": "visualization",
+    "_source": {
+      "title": "Software - Software List",
+      "visState": "{\"title\":\"Software - Software List\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Frequent Software\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"software\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Software-Top-Types",
+    "_type": "visualization",
+    "_source": {
+      "title": "Software - Top Types",
+      "visState": "{\"title\":\"Software - Top Types\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"software_type.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"kafka.topic:\\\"software\\\"\"}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Software-Unique",
+    "_type": "visualization",
+    "_source": {
+      "title": "Software - Unique",
+      "visState": "{\"title\":\"Software - Unique\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"name.keyword\",\"customLabel\":\"Unique Softwares\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"software\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Notice-Types",
+    "_type": "visualization",
+    "_source": {
+      "title": "Notice - Types",
+      "visState": "{\"title\":\"Notice - Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Top Notice Types\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"notice\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "Stats-Pkts-Processed-Per-Worker",
+    "_type": "visualization",
+    "_source": {
+      "title": "Stats - Pkts Processed Per Worker",
+      "visState": "{\"title\":\"Stats - Pkts Processed Per Worker\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"pkts_proc\",\"customLabel\":\"Processed Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"h\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"peer.keyword\",\"size\":12,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Peer\",\"row\":true}}],\"listeners\":{}}",
+      "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\" AND peer:\\\"odin-*\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
+      }
+    }
+  }
+]

extra/squid.conf

@@ -0,0 +1,113 @@
+http_port 0.0.0.0:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/etc/squid/serverkey.pem capath=/usr/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
+
+icp_port 0
+digest_generation off
+dns_v4_first off
+pid_filename /var/run/squid/squid.pid
+cache_effective_user squid
+cache_effective_group proxy
+error_default_language en
+icon_directory /usr/local/etc/squid/icons
+visible_hostname odin
+cache_mgr odin@infosec
+access_log /var/squid/logs/access.log
+cache_log /var/squid/logs/cache.log
+cache_store_log none
+netdb_filename /var/squid/logs/netdb.state
+pinger_enable on
+pinger_program /usr/local/libexec/squid/pinger
+sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
+sslcrtd_children 5
+sslproxy_capath /usr/local/share/certs/
+sslproxy_options NO_SSLv2,NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE
+sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
+sslproxy_cert_error allow all
+sslproxy_cert_adapt setValidAfter all
+sslproxy_cert_adapt setValidBefore all
+
+logfile_rotate 10
+debug_options rotate=10
+shutdown_lifetime 3 seconds
+# Allow local network(s) on interface(s)
+acl localnet src 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12
+forwarded_for transparent
+via off
+httpd_suppress_version_string on
+uri_whitespace encode
+
+acl dynamic urlpath_regex cgi-bin \?
+cache deny dynamic
+
+cache_mem 4096 MB
+maximum_object_size_in_memory 102400 KB
+memory_replacement_policy heap GDSF
+cache_replacement_policy heap LFUDA
+minimum_object_size 0 KB
+maximum_object_size 51200 MB
+cache_dir aufs /var/squid/cache 150000 16 256
+offline_mode off
+cache_swap_low 90
+cache_swap_high 95
+cache allow all
+# Add any of your own refresh_pattern entries above these.
+refresh_pattern ^ftp:    1440  20%  10080
+refresh_pattern ^ftp:    1440  20%  10080
+refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
+refresh_pattern .    0  20%  4320
+
+# Setup some default acls
+# ACLs all, manager, localhost, and to_localhost are predefined.
+acl allsrc src all
+acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535 
+acl sslports port 443 563  
+
+acl purge method PURGE
+acl connect method CONNECT
+
+# Define protocols used for redirects
+acl HTTP proto HTTP
+acl HTTPS proto HTTPS
+
+# SslBump Peek and Splice
+# http://wiki.squid-cache.org/Features/SslPeekAndSplice
+# http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
+# Match against the current step during ssl_bump evaluation [fast]
+# Never matches and should not be used outside the ssl_bump context.
+#
+# At each SslBump step, Squid evaluates ssl_bump directives to find
+# the next bumping action (e.g., peek or splice). Valid SslBump step
+# values and the corresponding ssl_bump evaluation moments are:
+#   SslBump1: After getting TCP-level and HTTP CONNECT info.
+#   SslBump2: After getting TLS Client Hello info.
+#   SslBump3: After getting TLS Server Hello info.
+# These ACLs exist even when 'SSL/MITM Mode' is set to 'Custom' so that
+# they can be used there for custom configuration.
+acl step1 at_step SslBump1
+acl step2 at_step SslBump2
+acl step3 at_step SslBump3
+http_access allow manager localhost
+
+http_access deny manager
+http_access allow purge localhost
+http_access deny purge
+http_access deny !safeports
+http_access deny CONNECT !sslports
+
+# Always allow localhost connections
+http_access allow localhost
+
+request_body_max_size 0 KB
+delay_pools 1
+delay_class 1 2
+delay_parameters 1 -1/-1 -1/-1
+delay_initial_bucket_level 100
+delay_access 1 allow allsrc
+
+
+ssl_bump peek step1
+ssl_bump bump all
+# Setup allowed ACLs
+# Allow local network(s) on interface(s)
+http_access allow localnet
+# Default block all to be sure
+http_access deny allsrc

limits

@@ -0,0 +1,36 @@
+export CPU_bro="6"
+export CPU_kafka="2"
+export CPU_elasticsearch="4"
+export CPU_logstash="1"
+export CPU_kibana="2"
+export CPU_fouroneone="2"
+export CPU_icap="2"
+export CPU_squid="2"
+export CPU_rita="4"
+export CPU_fsf="4"
+export CPU_prometheus="2"
+
+export MEM_bro="8192MB"
+export MEM_kafka="1024MB"
+export MEM_elasticsearch="16384MB"
+export MEM_logstash="1024MB"
+export MEM_kibana="1024MB"
+export MEM_fouroneone="2048MB"
+export MEM_icap="512MB"
+export MEM_squid="4096MB"
+export MEM_rita="8192MB"
+export MEM_fsf="4096MB"
+export MEM_prometheus="2048MB"
+
+export DISK_bro="20GB"
+export DISK_kafka="20GB"
+export DISK_elasticsearch="250GB"
+export DISK_logstash="10GB"
+export DISK_kibana="10GB"
+export DISK_fouroneone="10GB"
+export DISK_icap="10GB"
+export DISK_squid="20GB"
+export DISK_rita="120GB"
+export DISK_fsf="80GB"
+export DISK_prometheus="60GB"
+