From c3e12eb154782aadcbc6ff19f719410b46a60d2c Mon Sep 17 00:00:00 2001 From: Maxim Malakhov Date: Tue, 13 Aug 2024 15:35:40 +0300 Subject: [PATCH] Initial commit --- Dockerfile | 146 +++++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 11 ++++ 2 files changed, 157 insertions(+) create mode 100644 Dockerfile create mode 100644 docker-compose.yml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..26fb92f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,146 @@ +# +# BUILD CONTAINER +# (Note that this is a multi-phase Dockerfile) +# To build run `docker build --rm -t tebedwel/snort3-alpine:latest` +# +FROM ubuntu:22.04 AS builder + +ENV PREFIX_DIR=/usr/local +ENV HOME=/root + +# Update apt-get adding the @testing repo for hwloc (as of Alpine v3.7) +# RUN apt-get add -X https://dl-cdn.alpinelinux.org/alpine/v3.16/main -u alpine-keys +# RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apt-get/repositories + +# Prep apt-get for installing packages +RUN apt-get update -y && apt-get upgrade -y + +# BUILD DEPENDENCIES: +RUN apt-get install -y \ + wget \ + git \ + cmake \ + make \ + g++ \ + bison \ + flex \ + cppcheck \ + cpputest \ + autoconf \ + automake \ + libtool \ + # Libraries + libdumbnet-dev \ + libdnet-dev \ + libpcap-dev \ + libtirpc-dev \ + libmnl-dev \ + libunwind-dev \ +# Install the Snort developer requirements + curl \ + gdb \ + vim \ + build-essential \ + libpcre3-dev \ + libnet1-dev \ + zlib1g-dev \ + luajit \ + hwloc \ + liblzma-dev \ + openssl \ + libssl-dev \ + pkg-config \ + libhwloc-dev \ + libsqlite3-dev \ + uuid-dev \ + libcmocka-dev \ + libnetfilter-queue-dev \ + autotools-dev \ + libluajit-5.1-dev \ + libfl-dev + +# One of the quirks of alpine is that unistd.h is in /usr/include. Lots of +# software looks for it in /usr/include/linux or /usr/include/sys. +# So, we'll make symlinks +# RUN mkdir /usr/include/linux && \ +# ln -s /usr/include/unistd.h /usr/include/linux/unistd.h && \ +# ln -s /usr/include/unistd.h /usr/include/sys/unistd.h + +# The Alpine hwloc on testing is not reliable from a build perspective. +# So, lets just build it ourselves. +# +#WORKDIR $HOME +#RUN wget https://download.open-mpi.org/release/hwloc/v2.0/hwloc-2.0.3.tar.gz &&\ +# tar zxvf hwloc-2.0.3.tar.gz +#WORKDIR $HOME/hwloc-2.0.3 +#RUN ./configure --prefix=${PREFIX_DIR} && \ +# make && \ +# make install + +# BUILD Daq on alpine: + +WORKDIR $HOME +RUN git clone https://github.com/snort3/libdaq.git +WORKDIR $HOME/libdaq +RUN ./bootstrap && \ + ./configure --prefix=${PREFIX_DIR} && make && \ + make install + +# BUILD gperftools + +WORKDIR $HOME +RUN wget https://github.com/gperftools/gperftools/releases/download/gperftools-2.9.1/gperftools-2.9.1.tar.gz &&\ + tar xzf gperftools-2.9.1.tar.gz + +WORKDIR $HOME/gperftools-2.9.1 +RUN ./configure && make && make install + + +# BUILD Snort on alpine +WORKDIR $HOME +# RUN git clone https://github.com/snort3/snort3.git +RUN wget https://github.com/snort3/snort3/archive/refs/tags/3.3.2.0.tar.gz &&\ + tar xzf 3.3.2.0.tar.gz + +WORKDIR $HOME/snort3-3.3.2.0 +RUN ./configure_cmake.sh \ + --prefix=${PREFIX_DIR} \ + --enable-tcmalloc \ + --disable-docs + +WORKDIR $HOME/snort3-3.3.2.0/build +RUN make && make install +RUN ln -s /usr/local/lib/libtcmalloc.so.4 /lib/ && \ + ln -s /usr/local/lib/libdaq.so.3 /lib/ && \ + ldconfig + + +# +# RUNTIME CONTAINER +# +#FROM ubuntu:22.04 + +#ENV PREFIX_DIR=/usr/local +#WORKDIR ${PREFIX_DIR} + +# Prep apt-get for installing packages +#RUN apt-get update -y +#RUN apt-get upgrade -y + +# RUNTIME DEPENDENCIES: +#RUN apt-get install \ +# libdnet \ +# luajit \ +# musl \ +# libstdc++ + +# Copy the build artifacts from the build container to the runtime file system +#COPY --from=builder ${PREFIX_DIR}/etc/ /etc/ +#COPY --from=builder ${PREFIX_DIR}/lib/ /lib/ +#COPY --from=builder ${PREFIX_DIR}/lib64/ ${PREFIX_DIR}/lib64/ +#COPY --from=builder ${PREFIX_DIR}/bin/ /bin/ + +WORKDIR / +RUN snort --version + +ENTRYPOINT ["tail", "-f", "/dev/null"] \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..747df6b --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,11 @@ +name: snort +services: + snort: + restart: always + build: + dockerfile: Dockerfile + context: ./ + volumes: + - snort:/usr/local/etc/snort +volumes: + snort: \ No newline at end of file