Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com
I've been trying out Stenographer on Alpine and have some notes that I wanted to share (in addition to possibly adding a few pull requests in the near future to help handle the easier ones).
Extra Packages Required
apk add libaio-dev leveldb-dev snappy-dev g++ \
make libcap libseccomp-dev jq openssl go libunwind-dev argp-standalone bash curl
Note: libunwind-dev, argp-standalone, and bash are not required on other platforms.
Unwind provides execinfo for backtrace information. Argp-standalone provides functions included in glibc but not included in musl. Bash is required because a number of the scripts distributed with stenographer require it to function.
A number of these packages are not available in the main repository and you must install the community and testing repositories to install them.
seccomp sandboxing
So far, I have been unable to get seccomp functioning with Alpine. I'm not sure what's missing, since I haven't had the time to troubleshoot. For now it is running with --seccomp=none as an argument for stenotype.
service script
These are simple to write, but slightly different from upstart and systemd.
#!/sbin/openrc-run
name=$RC_SVCNAME
description="Stenographer - packet capture to disk."
command="/usr/bin/stenographer"
command_args=" "
command_user="stenographer"
command_background="yes"
pidfile="/var/run/stenographer.pid"
rc_ulimit="-n 1000000"
depend() {
need net
}
stop_post() {
/usr/bin/pkill -9 stenotype
}
Start on boot
rc-update add stenographer default
Setting ulimits
While it is always good to declare ulimits in /etc/security/limits.d/stenographer.conf, this will do absolutely nothing for modifying a service's ulimit in Alpine. You'll need to modify the ulimit in the rc configuration file (this is already done above, but called out for awareness) using the rc_ulimit argument.
I've been trying out Stenographer on Alpine and have some notes that I wanted to share (in addition to possibly adding a few pull requests in the near future to help handle the easier ones).
Extra Packages Required
Note: libunwind-dev, argp-standalone, and bash are not required on other platforms.
Unwind provides
execinfofor backtrace information. Argp-standalone provides functions included in glibc but not included in musl. Bash is required because a number of the scripts distributed with stenographer require it to function.A number of these packages are not available in the main repository and you must install the community and testing repositories to install them.
seccomp sandboxing
So far, I have been unable to get seccomp functioning with Alpine. I'm not sure what's missing, since I haven't had the time to troubleshoot. For now it is running with
--seccomp=noneas an argument for stenotype.service script
These are simple to write, but slightly different from upstart and systemd.
Start on boot
rc-update add stenographer defaultSetting ulimits
While it is always good to declare ulimits in
/etc/security/limits.d/stenographer.conf, this will do absolutely nothing for modifying a service's ulimit in Alpine. You'll need to modify the ulimit in the rc configuration file (this is already done above, but called out for awareness) using the rc_ulimit argument.