lanakod/snort-docker
1
0
Fork 0
mirror of https://github.com/Lanakod-Networks/snort-docker.git synced 2025-07-04 13:26:38 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Some tweaks

Browse Source
This commit is contained in:
Maxim Malakhov 2024-08-16 12:01:05 +03:00
parent ba2f7a5e03
commit 5c306c01af
No known key found for this signature in database
GPG Key ID: A77DC2E5B79AF357
8 changed files with 28 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Dockerfile
View File

@ -7,11 +7,14 @@ ENV HOME=/root
RUN apt-get -y update && apt-get -y upgrade RUN apt-get -y update && apt-get -y upgrade
RUN apt-get -y install \ RUN apt-get -y install \
wget git cmake make g++ bison flex cppcheck cpputest autoconf automake libtool curl gdb vim build-essential luajit hwloc openssl pkg-config openssh-server \ wget git cmake make g++ bison flex cppcheck cpputest autoconf automake libtool curl gdb vim build-essential luajit hwloc openssl pkg-config openssh-server \
strace perl libio-socket-ssl-perl libcrypt-ssleay-perl ca-certificates libwww-perl python3-pip python3-pcapy python3-dpkt supervisor net-tools iputils-ping python3 \ strace perl libio-socket-ssl-perl libcrypt-ssleay-perl ca-certificates libwww-perl supervisor net-tools iputils-ping iproute2 ethtool \
libdumbnet-dev libdnet-dev libpcap-dev libtirpc-dev libmnl-dev libunwind-dev libpcre3-dev zlib1g-dev libnet1-dev liblzma-dev \ libdumbnet-dev libdnet-dev libpcap-dev libtirpc-dev libmnl-dev libunwind-dev libpcre3-dev zlib1g-dev libnet1-dev liblzma-dev \
libssl-dev libhwloc-dev libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev autotools-dev libluajit-5.1-dev libfl-dev \ libssl-dev libhwloc-dev libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev autotools-dev libluajit-5.1-dev libfl-dev \
libpcre3 libpcre3-dbg libyaml-0-2 libyaml-dev zlib1g libcap-ng-dev libcap-ng0 libmagic-dev libnuma-dev libpcre3 libpcre3-dbg libyaml-0-2 libyaml-dev zlib1g libcap-ng-dev libcap-ng0 libmagic-dev libnuma-dev
# Some network tweaks
RUN ip add sh eth0
# Build libdaq # Build libdaq
WORKDIR $HOME WORKDIR $HOME
RUN git clone https://github.com/snort3/libdaq.git RUN git clone https://github.com/snort3/libdaq.git
@ -44,8 +47,8 @@ RUN mkdir ${PREFIX_DIR}/etc/rules && \
touch ${PREFIX_DIR}/etc/rules/local.rules && \ touch ${PREFIX_DIR}/etc/rules/local.rules && \
touch ${PREFIX_DIR}/etc/lists/default.blocklist && \ touch ${PREFIX_DIR}/etc/lists/default.blocklist && \
mkdir /var/log/snort mkdir /var/log/snort
COPY snort3-community-rules.tar ${HOME}/snort3-community-rules.tar COPY snort3-community-rules.tar.gz ${HOME}/snort3-community-rules.tar.gz
RUN tar -xvzf snort3-community-rules.tar && cd snort3-community-rules && cp * ${PREFIX_DIR}/etc/rules/ RUN tar -xvzf snort3-community-rules.tar.gz && cd snort3-community-rules && mkdir ${PREFIX_DIR}/etc/rules/snort3-community-rules/ && cp * ${PREFIX_DIR}/etc/rules/snort3-community-rules/
RUN snort --version RUN snort --version
# Install OpenAppID # Install OpenAppID
@ -53,16 +56,6 @@ WORKDIR $HOME
COPY snort-openappid.tar.gz ${HOME}/OpenAppId-23020.tar.gz COPY snort-openappid.tar.gz ${HOME}/OpenAppId-23020.tar.gz
RUN tar -xzvf OpenAppId-23020.tar.gz && cp -R odp /usr/local/lib/ RUN tar -xzvf OpenAppId-23020.tar.gz && cp -R odp /usr/local/lib/
RUN pip3 install pygeoip dnif idstools
#RUN mkdir /usr/local/lookups && cd /usr/local/lookups && \
# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz && \
# wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz && \
# gunzip GeoLiteCity.dat.gz GeoIPASNum.dat.gz
# Install snort-sgent
WORKDIR /usr/local/src
RUN wget https://github.com/dnif/snort-agent/archive/0.8.tar.gz && tar -zxvf 0.8.tar.gz && mv snort-agent-* snort-agent
# Set up SSH # Set up SSH
RUN mkdir /var/run/sshd RUN mkdir /var/run/sshd
RUN echo 'root:screencast' | chpasswd RUN echo 'root:screencast' | chpasswd
@ -74,8 +67,5 @@ EXPOSE 22
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY entrypoint.sh ${HOME}/entrypoint.sh COPY entrypoint.sh ${HOME}/entrypoint.sh
#CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
#ENTRYPOINT ["snort", "-c", "/usr/local/etc/snort/snort.lua", "-R", "/usr/local/etc/rules/snort3-community.rules", "-i", "wl01", "-s", "65535", "-k", "none"]
#ENTRYPOINT ["tail", "-f", "/dev/null"]
ENTRYPOINT ["/bin/bash", "/root/entrypoint.sh"] ENTRYPOINT ["/bin/bash", "/root/entrypoint.sh"]

17
docker-compose.yml
View File

@ -2,23 +2,26 @@ name: snort
services: services:
snort: snort:
restart: always restart: always
cap_add:
- NET_ADMIN
build: build:
dockerfile: Dockerfile dockerfile: Dockerfile
context: ./ context: ./
volumes: volumes:
- ./snort-conf:/usr/local/etc/snort - ./snort-conf:/usr/local/etc/snort
- ./snort-rules.txt:/usr/local/etc/rules/local.rules - ./snort-rules.txt:/usr/local/etc/rules/local.rules
- ./logs:/var/log/snort
ports: ports:
- 22:22 - 22:22
networks: networks:
snort_lan: snort_lan:
ping: # ping:
image: willfarrell/ping # image: willfarrell/ping
environment: # environment:
HOSTNAME: snort # HOSTNAME: snort
TIMEOUT: 10 # TIMEOUT: 10
networks: # networks:
snort_lan: # snort_lan:
networks: networks:
snort_lan: snort_lan:
driver: bridge driver: bridge

5
entrypoint.sh
View File

@ -1 +1,6 @@
ip route del default
#ip route add default via 192.168.88.108
ip route add default dev eth0
/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf

12
snort-agent.conf
View File

@ -1,12 +0,0 @@
[program:snort-agent]
command=/usr/bin/python -u /usr/local/src/snort-agent/snort-agent.py
process_name=%(program_name)s
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/var/log/snort-agent.log
stderr_logfile=/var/log/snort-agent.log
stderr_events_enabled=true
directory=/tmp/
stopasgroup=true
stdout_logfile_maxbytes=10MB

9
snort-conf/snort.lua
View File

@ -21,7 +21,7 @@
-- HOME_NET and EXTERNAL_NET must be set now -- HOME_NET and EXTERNAL_NET must be set now
-- setup the network addresses you are protecting -- setup the network addresses you are protecting
HOME_NET = '172.20.0.0/24' HOME_NET = '192.168.88.0/24'
-- set up the external network addresses. -- set up the external network addresses.
-- (leave as "any" in most situations) -- (leave as "any" in most situations)
@ -191,8 +191,11 @@ ips =
-- use include for rules files; be sure to set your path -- use include for rules files; be sure to set your path
-- note that rules files can include other rules files -- note that rules files can include other rules files
-- (see also related path vars at the top of snort_defaults.lua) -- (see also related path vars at the top of snort_defaults.lua)
variables = default_variables,
variables = default_variables rules = [[
include $RULE_PATH/snort3-community-rules/snort3-community.rules
include $RULE_PATH/local.rules
]]
} }
-- use these to configure additional rule actions -- use these to configure additional rule actions

BIN
snort3-community-rules.tar
View File

Binary file not shown.

BIN
snort3-community-rules.tar.gz Normal file
View File

Binary file not shown.

3
supervisord.conf
View File

@ -11,8 +11,7 @@ command=/usr/sbin/sshd -D
#autorestart=true #autorestart=true
[program:snort] [program:snort]
#command=snort -i eth0s -d -c /usr/local/etc/snort/snort.lua -l /var/log/snort command=snort -c /usr/local/etc/snort/snort.lua -i eth0 -s 65535 -k none -l /var/log/snort
command=snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i eth0 -s 65535 -k none -l /var/log/snort
stdout_logfile=/var/log/snort/supervisor.log stdout_logfile=/var/log/snort/supervisor.log
stderr_logfile=/var/log/snort/supervisor.log stderr_logfile=/var/log/snort/supervisor.log
autorestart=true autorestart=true