dockerfiles/snort/Dockerfile

#
# Dockerfile for snort
#

FROM centos:8
MAINTAINER EasyPi Software Foundation

ENV SNORT_VERSION=2.9.16.1
ENV SNORT_URL=https://www.snort.org/downloads/snort/snort-${SNORT_VERSION}-1.centos8.x86_64.rpm
ENV RULES_URL=https://www.snort.org/downloads/community/community-rules.tar.gz

RUN set -xe \
    && yum -y install epel-release jq libdnet \
    && yum -y install ${SNORT_URL} \
    && mkdir -p /etc/snort/rules \
    && curl -sSL ${RULES_URL} | \
       tar xz --strip 1 -C /etc/snort/rules/ community-rules/community.rules \
    && touch /etc/snort/rules/local.rules \
             /etc/snort/rules/black_list.rules \
             /etc/snort/rules/white_list.rules \
    && mkdir -p /etc/snort/so_rules \
                /etc/snort/preproc_rules \
                /usr/local/lib/snort_dynamicrules \
    && ln -s /usr/lib64/libdnet.so.1 /usr/local/lib/libdnet.1 \
    && curl -sSL https://bootstrap.pypa.io/get-pip.py | python \
    && pip install --no-cache-dir idstools \
    && yum clean all

COPY data/snort.conf /etc/snort/snort.conf
COPY data/u2json.conf /etc/snort/u2json.conf

ENTRYPOINT ["snort"]
CMD ["--help"]