From 5271ab4a94533755994c68a9a89d735a446b98a9 Mon Sep 17 00:00:00 2001 From: ale Date: Sun, 5 Nov 2023 14:44:53 +0100 Subject: [PATCH] update latest snort2 version --- README.md | 2 ++ docker-compose.yml | 19 +++++++++++++++++++ docker/Dockerfile | 10 ++++++---- 3 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 docker-compose.yml diff --git a/README.md b/README.md index e232cdd..2c90ba9 100644 --- a/README.md +++ b/README.md @@ -1 +1,3 @@ Snort 2 in a docker container + +Forked from [snort2-docker](https://github.com/Cisco-Talos/snort2-docker) diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..57960a0 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3' + +services: + snort2: + image: snort2 + build: ./docker + hostname: snort2 + container_name: snort2 + restart: always + command: > + /bin/bash -c "sleep 20s + && snort -c /etc/snort/snort.conf" + cap_add: + - NET_ADMIN + - NET_RAW + volumes: + - ./docker/etc:/etc/snort + - ./log:/var/log/snort + network_mode: host diff --git a/docker/Dockerfile b/docker/Dockerfile index 56d6f00..8cc7e05 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,5 +1,5 @@ -FROM debian:buster-slim -ENV VERSION 2.9.19 +FROM debian:bookworm-slim +ENV VERSION 2.9.20 RUN mkdir -p /root/pcaps/ COPY labs /root/ @@ -8,6 +8,7 @@ WORKDIR /root/src/ RUN apt-get update && \ apt-get -y install \ +file \ build-essential \ vim \ curl \ @@ -29,14 +30,15 @@ RUN apt-get update && \ liblzma-dev \ luajit \ libluajit-5.1-dev \ - libssl1.1 \ + libssl3 \ libssl-dev \ +libntirpc-dev \ tcpreplay && \ apt-get clean && \ curl -L -O https://snort.org/downloads/snort/snort-$VERSION.tar.gz && \ tar xf ./snort-$VERSION.tar.gz && \ cd ./snort-$VERSION && \ - ./configure --enable-sourcefire --enable-open-appid && \ + ./configure CFLAGS="-I/usr/include/ntirpc/" --enable-sourcefire --enable-open-appid && \ make -j$(nproc) && \ make install && \ ldconfig && \