You can run RITA using Docker! You have several options depending on your specific needs.
- Running RITA with Docker Compose - This is the simplest option and requires the least setup. You will have to provide your own Zeek logs.
- Running RITA with Docker Using External Mongo - This option is useful if you do not want to use Docker Compose or you have an external Mongo server you wish to use.
- Using Docker to Build RITA - You can use Docker to build a standalone RITA binary that runs on any Linux 64-bit CPU. This is useful if you want a portable binary but don't want to use Docker to actually run RITA.
The easiest way is to pull down the pre-built image.
sudo docker pull quay.io/activecm/rita-legacy
You can also build the image from source.
sudo docker build -t quay.io/activecm/rita-legacy .
You will need a config file where you have put in your InternalSubnets
.
You will also need the path to your Zeek log files.
export CONFIG=/path/to/your/rita/config.yaml
export LOGS=/path/to/your/zeek/logs
sudo -E docker compose run --rm rita import /logs your-dataset
Note: If you'd like to use a specific version of RITA than the default latest
you can do so using the VERSION
variable.
export VERSION=v4.3.0
sudo -E docker compose run --rm rita --version
If you don't need/want the convenience of Docker Compose running the Mongo server for you, you can also use RITA without it. You will need to modify RITA's config file to point to your external Mongo server and invoke RITA like this:
sudo docker run -it --rm \
-v /path/to/your/zeek/logs:/logs:ro \
-v /path/to/your/rita/config.yaml:/etc/rita/config.yaml:ro \
quay.io/activecm/rita-legacy import /logs your-dataset
You can use Docker to build a statically linked RITA binary for you. This binary should be portable between Linux 64-bit systems. Once you've obtained the RITA docker image (see the "Obtaining the RITA Docker Image" section above) you can run the following commands to copy the binary to your host system.
sudo docker create --name rita quay.io/activecm/rita-legacy
sudo docker cp rita:/rita ./rita
sudo docker rm rita
Note that you will have to manually install the config.yaml
files into /etc/rita/
as well as create any directories referenced inside the config.yaml
file.