search

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
https://securityonion.net
3.06k stars 521 forks source link

securityonion-elastic: Docker daemon.json conflict #1674

Closed dougburks closed 4 years ago

dougburks commented 4 years ago

https://github.com/docker/for-linux/issues/165

https://forums.docker.com/t/systemctl-start-docker-fails-with-bip-solved/74214

dougburks commented 4 years ago

https://github.com/Security-Onion-Solutions/securityonion-elastic/blob/master/usr/sbin/so-elastic-configure-network

This script creates a /etc/daemon/docker.json with default configuration as follows:

{
  "bip": "172.17.0.1/24"
}

On some boxes, this file is causing docker to fail. Removing the file allows docker to start.

One option would be to update /usr/sbin/so-elastic-configure-network such that it checks to see if /etc/daemon/docker.json exists and has an MD5 of 0bcf8587dea814c9b712064c28da3d82. If so, remove the file. If not, then the user has modified the file and it should be retained. Additionally, /usr/sbin/so-elastic-configure-network can continue to include the code that updates /etc/daemon/docker.json with the DOCKER_BRIDGE from /etc/nsm/securityonion.conf (but only if it doesn't match the MD5 above).

dougburks commented 4 years ago

https://github.com/Security-Onion-Solutions/securityonion-elastic/commit/6f2384f223b32d39721f8fec84dcfda74e44425b

weslambert commented 4 years ago

Looks good 👍

dougburks commented 4 years ago

Published: https://blog.securityonion.net/2020/02/zeek-301-elastic-686-and-cyberchef-9120.html