update latest snort2 version

2023-11-05 14:44:53 +01:00 · 2023-11-05 14:44:53 +01:00 · 5271ab4a94
commit 5271ab4a94
parent 0bab9298d0
3 changed files with 27 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,3 @@
 Snort 2 in a docker container
+
+Forked from [snort2-docker](https://github.com/Cisco-Talos/snort2-docker)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,19 @@
+version: '3'
+
+services:
+  snort2:
+    image: snort2
+    build: ./docker
+    hostname: snort2
+    container_name: snort2
+    restart: always
+    command: >
+      /bin/bash -c "sleep 20s
+      && snort -c /etc/snort/snort.conf"
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    volumes:
+      - ./docker/etc:/etc/snort
+      - ./log:/var/log/snort
+    network_mode: host
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -1,5 +1,5 @@
-FROM debian:buster-slim
-ENV VERSION 2.9.19
+FROM debian:bookworm-slim
+ENV VERSION 2.9.20

 RUN mkdir -p /root/pcaps/
 COPY labs /root/
@ -8,6 +8,7 @@ WORKDIR /root/src/

 RUN  apt-get update && \
  apt-get -y install \
+file \
  build-essential \
  vim \
  curl \
@ -29,14 +30,15 @@ RUN  apt-get update && \
  liblzma-dev \
  luajit \
  libluajit-5.1-dev \
-  libssl1.1 \
+  libssl3 \
  libssl-dev \
+libntirpc-dev \
  tcpreplay && \
  apt-get clean && \
  curl -L -O https://snort.org/downloads/snort/snort-$VERSION.tar.gz && \
  tar xf ./snort-$VERSION.tar.gz && \
  cd ./snort-$VERSION && \
-  ./configure --enable-sourcefire --enable-open-appid && \
+  ./configure CFLAGS="-I/usr/include/ntirpc/" --enable-sourcefire --enable-open-appid && \
  make -j$(nproc) && \
  make install && \
  ldconfig && \