Snort Docker Image
This is a Docker image with a ready to use Snort and PulledPork
install. Just provide your oinkcode.
Checkout This Git Repo
First you should check out this git repository. There is a launcher
script that should be run instead of running docker directly to make
sure everything is setup properly. If you need to do further
customizations, the script can serve as a template.
git clone https://github.com/jasonish/docker-snort.git
Download Some Rules
echo OINKCODE=<YOUR_OINKCODE> >> config ./launcher run /tools/update-rules
./launcher run snort -c /etc/snort/snort.conf -i <interface>
The path to the snort.conf is the path inside the container rather
than on the host.
By default, the launcher script will start Docker with host network to
give Snort access to the host interfaces.
Review The Logs
tail -f ./data/var/log/snort/alert
Note that the above command is run outside of the container. By
default, Snort will log to /data/var/log/snort, which is mapped into
the ./data directory on the host.
Tune Your Rules with Pulled Pork
After you have run the container at least once, you will find the
basic set of Pulled Pork configuration files in ./data/etc. Just edit
these files as you normally would, then run:
./launcher run /tools/update-rules
Then restart Snort.