Docker environment to compile Snort from source
- docker-snort-compile
- tl;dr
- What
- Why
- Usage
- Versions of packages tested
- About IPQ and netmap modules for DAQ
- Contributing
- License
Just build the image, start the container and open a shell. This will leave you inside the container ready to perform any build tasks.
This container sets-up the programs, related libraries and dependencies to compile Snort and the DAQ libraries. It is intended as a helper to create a clean compiling environment, and not a container to run Snort and perform any traffic analysis.
The container has a developer user with sudo rights to make a proper building process without having to use root.
To see a list of the libraries and dependencies included, please check the Dockerfile
Please note that neither the source code for Snort or DAQ are included: you must download those once inside the container, and then run all the desired compilation steps, including defining any extra settings you want to use during compilation.
Installing all the dependencies in your machine to simply compile Snort can leave quite a lot of libraries and tools you probably will not use anymore.
This container allows you to have a clean environment to compile the code, and once the final packages have been obtained you can simply copy those out of the container to deploy in your desired target.
Your require docker and docker-compose to use this container.
There are some shell scripts to help with usage:
- docker-snort-compile-build: builds the docker image
- docker-snort-compile-start: runs the container
- docker-snort-compile-shell: opens a shell (bash) inside the container as the developer user
- docker-snort-compile-stop: stops the container
The data folder is mapped as a volume inside the container (/data) to allow you to easily move files in and out of the container. The UID and GID of the developer user are matched to those of your local user to avoid permissions problems.
The container also maps the local user ~/.ssh folder to the container's developer user .ssh folder so you can use ssh and git inside the container with your own local keys.
You can also ssh into the container (for example to set up a remote build environment). The port 22 is exposed in the container and mapped to the port 22122 in the host.
This container has been created and tested using:
- Ubuntu 18.04
- docker 18.06.0-ce, (https://docs.docker.com/)
- docker-compose 1.13.0 (https://docs.docker.com/compose/)
- daq 2.0.6 (https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz)
- snort 2.9.12 (https://www.snort.org/downloads/snort/snort-2.9.12.tar.gz)
- libipq is deprecated (replaced by libnetfilter_queue), so DAQ (and Snort) will not be able to use the old IPQ module. You can use the current NFQ module instead, and its requirements are included in the container.
- netmap (https://github.com/luigirizzo/netmap) requires compilation packages and procedures dependent on the specific kernel and hardware for the target machine, so its requirements are not included in the container. If you want to compile DAQ with the netmap module, you will need to solve all the required dependencies.
- Fork the repository on Github
- Create a named feature branch (like
add_component_x) - Write your changes
- Submit a Pull Request using Github
Copyright © 2018 Héctor Fiel < https://github.com/hfiel >
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
The license text is available at https://www.gnu.org/licenses/agpl-3.0.html