-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathDockerfile
147 lines (126 loc) · 3.75 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
FROM ubuntu:16.04
MAINTAINER Fabrizio Galiano <[email protected]>
#Gen Env
ENV LVERS libpcap-1.7.4
ENV DVERS daq-2.0.6
ENV HOST_INT ""
ENV HOST_NAME ""
#PulledPork Env
ENV PPORK_VERSION 0.7.0
ENV PPORK_OINKCODE ""
#Snort Env
ENV SNVERS 2.9.9.0
ENV SNORT_NET ""
#Barnyard2 Env
ENV BARN_VERSION 2-1.13
ENV BARN_DBUSER ""
ENV BARN_DBPASS ""
ENV BARN_DBHOST ""
# Install Dependencies
RUN apt-get update -qq
RUN apt-get -y install \
wget \
build-essential \
libtool \
automake \
gcc \
flex \
bison \
libnet1 \
libnet1-dev \
libpcre3 \
libpcre3-dev \
autoconf \
libcrypt-ssleay-perl \
libwww-perl \
git \
zlib1g \
zlib1g-dev \
libssl-dev \
libmysqlclient-dev \
imagemagick \
wkhtmltopdf \
libyaml-dev \
libxml2-dev \
libxslt1-dev \
openssl \
libreadline6-dev \
unzip \
libcurl4-openssl-dev \
libapr1-dev \
libaprutil1-dev \
supervisor \
net-tools \
gettext-base
#Install LIBDNET - LIBPCAP
RUN apt-get install -y libdumbnet-dev libpcap-dev
#Install compiled LIBPCAP
# RUN cd /tmp \
# && wget http://www.tcpdump.org/release/{$LVERS}.tar.gz \
# && tar zxf {$LVERS}.tgz \
# && cd {$LVERS} \
# && ./configure \
# && make && make install \
# && ldconfig
#Install DAQ
RUN cd /tmp \
&& wget https://snort.org/downloads/snort/$DVERS.tar.gz \
&& tar zxf $DVERS.tar.gz \
&& cd $DVERS \
&& ./configure \
&& make && make install \
&& ldconfig
#Install SNORT
RUN cd /tmp \
&& wget https://snort.org/downloads/snort/snort-$SNVERS.tar.gz \
&& tar zxf snort-$SNVERS.tar.gz \
&& cd snort-$SNVERS \
&& ./configure --enable-sourcefire \
&& make && make install
#User/group/dir for Snort
RUN groupadd snort \
&& useradd snort -d /var/log/snort -s /sbin/nologin -c SNORT_IDS -g snort \
&& mkdir -p /var/log/snort \
&& chown snort:snort /var/log/snort -R \
&& mkdir -p /etc/snort \
&& cd /tmp/snort-$SNVERS \
&& cp -r etc/* /etc/snort/
#Install Pulledpork
RUN cd /tmp \
&& wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/pulledpork/pulledpork-$PPORK_VERSION.tar.gz \
&& tar zxf pulledpork-$PPORK_VERSION.tar.gz \
&& cd pulledpork-$PPORK_VERSION \
&& cp pulledpork.pl /usr/sbin/ \
&& chmod 755 /usr/sbin/pulledpork.pl \
&& cp -r etc/* /etc/snort/ \
&& cpan install LWP::Protocol::https \
&& cpan install Crypt::SSLeay \
&& cpan Mozilla::CA IO::Socket::SSL
#Snort
RUN cd /etc/snort \
&& chown -R snort:snort * \
&& mkdir -p /usr/local/lib/snort_dynamicrules \
&& mkdir /etc/snort/rules \
&& touch /etc/snort/rules/so_rules.rules \
&& touch /etc/snort/rules/local.rules \
&& touch /etc/snort/rules/white_list.rules
#Install Barnyard2
RUN cd /tmp \
&& wget https://github.com/firnsy/barnyard2/archive/v$BARN_VERSION.tar.gz \
&& tar zxf v$BARN_VERSION.tar.gz \
&& cd barnyard2-$BARN_VERSION/ \
&& ./autogen.sh \
&& ./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu \
&& make && make install
#Clean APT
RUN apt-get clean \
&& rm -rf /var/cache/apt/*
RUN rm -rf /tmp/*
COPY docker /docker
#Subst Oinkcode tu pulledpork conf
# RUN cp /docker/configuration/pulledpork/pulledpork.conf /etc/snort/pulledpork.conf
# RUN sed -i -e 's|<'PPORK_OINKCODE'>|'$PPORK_OINKCODE'|g' '/etc/snort/pulledpork.conf'
# RUN sed -i -e 's|<'PPORK_VERSION'>|'$PPORK_VERSION'|g' '/etc/snort/pulledpork.conf'
#Pulling down the Rules
# RUN /usr/sbin/pulledpork.pl -c /etc/snort/pulledpork.conf
CMD ["/bin/bash", "/docker/scripts/entrypoint.sh", "start-stack"]