Builds and configures a working Snort image provisioned using Ansible.
319
Builds and configures a working Snort image provisioned using Ansible.
docker-entrypoint.yml to define
additional settings. You will need to rebuild the image.docker build -t snort .
docker run -d -e "SNORT_INT=eth0" --net=host mrlesmithjr/snort
git clone https://github.com/mrlesmithjr/docker-ansible-snort.gitcd docker-ansible-snortdocker-compose up -d --build
docker-entrypoint.ymlsnort_blacklist_path: '/etc/snort/rules'snort_debian_rules: #These rules are installed by default on Debian - local.rules #- app-detect.rules - attack-responses.rules - backdoor.rules - bad-traffic.rules #- blacklist.rules #- botnet-cnc.rules #- browser-chrome.rules #- browser-firefox.rules #- browser-ie.rules #- browser-other.rules #- browser-plugins.rules #- browser-webkit.rules - chat.rules - community-sql-injection.rules - community-web-client.rules - community-web-dos.rules - community-web-iis.rules - community-web-misc.rules - community-web-php.rules - community-sql-injection.rules - community-web-client.rules - community-web-dos.rules - community-web-iis.rules - community-web-misc.rules - community-web-php.rules #- content-replace.rules - ddos.rules - dns.rules - dos.rules - experimental.rules #- exploit-kit.rules - exploit.rules #- file-executable.rules #- file-flash.rules #- file-identify.rules #- file-image.rules #- file-java.rules #- file-multimedia.rules #- file-office.rules #- file-other.rules #- file-pdf.rules - finger.rules - ftp.rules - icmp-info.rules - icmp.rules - imap.rules #- indicator-compromise.rules #- indicator-obfuscation.rules #- indicator-scan.rules #- indicator-shellcode.rules - info.rules #- malware-backdoor.rules #- malware-cnc.rules #- malware-other.rules #- malware-tools.rules - misc.rules - multimedia.rules - mysql.rules - netbios.rules - nntp.rules - oracle.rules #- os-linux.rules #- os-mobile.rules #- os-other.rules #- os-solaris.rules #- os-windows.rules - other-ids.rules - p2p.rules #- phishing-spam.rules #- policy-multimedia.rules #- policy-other.rules - policy.rules #- policy-social.rules #- policy-spam.rules - pop2.rules - pop3.rules #- protocol-dns.rules #- protocol-finger.rules #- protocol-ftp.rules #- protocol-icmp.rules #- protocol-imap.rules #- protocol-nntp.rules #- protocol-pop.rules #- protocol-rpc.rules #- protocol-scada.rules #- protocol-services.rules #- protocol-snmp.rules #- protocol-telnet.rules #- protocol-tftp.rules #- protocol-voip.rules #- pua-adware.rules #- pua-other.rules #- pua-p2p.rules #- pua-toolbars.rules - rpc.rules - rservices.rules #- scada.rules - scan.rules #- server-apache.rules #- server-iis.rules #- server-mail.rules #- server-mssql.rules #- server-mysql.rules #- server-oracle.rules #- server-other.rules #- server-samba.rules #- server-webapp.rules #- shellcode.rules - smtp.rules - snmp.rules #- specific-threats.rules #- spyware-put.rules - sql.rules - telnet.rules - tftp.rules - virus.rules #- voip.rules #- web-activex.rules - web-attacks.rules - web-cgi.rules - web-client.rules - web-coldfusion.rules - web-frontpage.rules - web-iis.rules - web-misc.rules - web-php.rules - x11.rulessnort_dynamic_library_rules: [] #- bad-traffic.rules #- chat.rules #- dos.rules #- exploit.rules #- icmp.rules #- imap.rules #- misc.rules #- multimedia.rules #- netbios.rules #- nntp.rules #- p2p.rules #- smtp.rules #- snmp.rules #- specific-threats.rules #- web-activex.rules #- web-client.rules #- web-iis.rules #- web-misc.rulessnort_external_net: '!$HOME_NET'snort_home_net: - '10.0.0.0/8' - '172.16.0.0/12' - '192.168.0.0/16'snort_preproc_rule_path: '/etc/snort/preproc_rules'snort_rule_path: '/etc/snort/rules'snort_so_rule_path: '/etc/snort/so_rules'snort_whitelist_path: '/etc/snort/rules'
BSD
Larry Smith Jr.
docker pull mrlesmithjr/snort