Initial commit

Dockerfile

@@ -0,0 +1,146 @@
+#
+# BUILD CONTAINER
+# (Note that this is a multi-phase Dockerfile)
+# To build run `docker build --rm -t tebedwel/snort3-alpine:latest`
+#
+FROM ubuntu:22.04 AS builder
+
+ENV PREFIX_DIR=/usr/local
+ENV HOME=/root
+
+# Update apt-get adding the @testing repo for hwloc (as of Alpine v3.7)
+# RUN apt-get add -X https://dl-cdn.alpinelinux.org/alpine/v3.16/main -u alpine-keys
+# RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apt-get/repositories
+
+# Prep apt-get for installing packages
+RUN apt-get update -y && apt-get upgrade -y
+
+# BUILD DEPENDENCIES:
+RUN apt-get install -y \
+  wget \
+  git \
+  cmake \
+  make \
+  g++ \
+  bison \
+  flex \
+  cppcheck \
+  cpputest \
+  autoconf \
+  automake \
+  libtool \
+  # Libraries
+  libdumbnet-dev \
+  libdnet-dev \
+  libpcap-dev \
+  libtirpc-dev \
+  libmnl-dev \
+  libunwind-dev \
+# Install the Snort developer requirements
+  curl \
+  gdb \
+  vim \
+  build-essential \
+  libpcre3-dev \
+  libnet1-dev \
+  zlib1g-dev \
+  luajit \
+  hwloc \
+  liblzma-dev \
+  openssl \
+  libssl-dev \
+  pkg-config \
+  libhwloc-dev \
+  libsqlite3-dev \
+  uuid-dev \
+  libcmocka-dev \
+  libnetfilter-queue-dev \
+  autotools-dev \
+  libluajit-5.1-dev \
+  libfl-dev
+
+# One of the quirks of alpine is that unistd.h is in /usr/include. Lots of
+# software looks for it in /usr/include/linux or /usr/include/sys.
+# So, we'll make symlinks
+# RUN mkdir /usr/include/linux && \
+#     ln -s /usr/include/unistd.h /usr/include/linux/unistd.h && \
+#     ln -s /usr/include/unistd.h /usr/include/sys/unistd.h
+
+# The Alpine hwloc on testing is not reliable from a build perspective.
+# So, lets just build it ourselves.
+#
+#WORKDIR $HOME
+#RUN wget https://download.open-mpi.org/release/hwloc/v2.0/hwloc-2.0.3.tar.gz &&\
+#    tar zxvf hwloc-2.0.3.tar.gz
+#WORKDIR $HOME/hwloc-2.0.3
+#RUN ./configure --prefix=${PREFIX_DIR} && \
+#    make && \
+#    make install
+
+# BUILD Daq on alpine:
+
+WORKDIR $HOME
+RUN git clone https://github.com/snort3/libdaq.git
+WORKDIR $HOME/libdaq
+RUN ./bootstrap && \
+  ./configure --prefix=${PREFIX_DIR} && make && \
+  make install
+    
+# BUILD gperftools
+
+WORKDIR $HOME
+RUN wget https://github.com/gperftools/gperftools/releases/download/gperftools-2.9.1/gperftools-2.9.1.tar.gz &&\
+  tar xzf gperftools-2.9.1.tar.gz
+
+WORKDIR $HOME/gperftools-2.9.1
+RUN ./configure && make && make install
+
+
+# BUILD Snort on alpine
+WORKDIR $HOME
+# RUN git clone https://github.com/snort3/snort3.git
+RUN wget https://github.com/snort3/snort3/archive/refs/tags/3.3.2.0.tar.gz &&\
+  tar xzf 3.3.2.0.tar.gz
+
+WORKDIR $HOME/snort3-3.3.2.0
+RUN ./configure_cmake.sh \
+  --prefix=${PREFIX_DIR} \
+  --enable-tcmalloc \
+  --disable-docs
+  
+WORKDIR $HOME/snort3-3.3.2.0/build
+RUN make && make install
+RUN ln -s /usr/local/lib/libtcmalloc.so.4 /lib/ && \
+  ln -s /usr/local/lib/libdaq.so.3 /lib/ && \
+  ldconfig
+  
+
+#
+# RUNTIME CONTAINER
+#
+#FROM ubuntu:22.04
+
+#ENV PREFIX_DIR=/usr/local
+#WORKDIR ${PREFIX_DIR}
+
+# Prep apt-get for installing packages
+#RUN apt-get update -y
+#RUN apt-get upgrade -y
+
+# RUNTIME DEPENDENCIES:
+#RUN apt-get install \
+#    libdnet \
+#    luajit \
+#    musl \
+#    libstdc++
+
+# Copy the build artifacts from the build container to the runtime file system
+#COPY --from=builder ${PREFIX_DIR}/etc/ /etc/
+#COPY --from=builder ${PREFIX_DIR}/lib/ /lib/
+#COPY --from=builder ${PREFIX_DIR}/lib64/ ${PREFIX_DIR}/lib64/
+#COPY --from=builder ${PREFIX_DIR}/bin/ /bin/
+
+WORKDIR /
+RUN snort --version
+
+ENTRYPOINT ["tail", "-f", "/dev/null"]

docker-compose.yml

@@ -0,0 +1,11 @@
+name: snort
+services:
+    snort:
+        restart: always
+        build:
+            dockerfile: Dockerfile
+            context: ./
+        volumes:
+            - snort:/usr/local/etc/snort
+volumes:
+    snort: