Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. This container is designed to run snort with standard configurations and forward logs to the DNIF Adapter (AD) over the http API.
On startup the container runs snort with the given parameters, and also runs snort-agent in the background that collects log entries generated by snort and transmits them over HTTP to the DNIF Adapter.
- Install
docker-cemore information available on the Docker Site - Download and run (dry-run) dnif/snort image using
docker run --rm -it dnif/snort /bin/bash
Snort is desinged to run at container initialization, however it needs to be initiated with dynamic variables.
HOME_NETis the local network definition used by snort.INTERFACEis the local interface that needs to be monitoredADis the address of the DNIF Adapter (AD)
docker run --rm -it snort /bin/bash
docker run -d -e HOME_NET=1.2.3.4 -e INTERFACE=eth0 -e AD=172.16.10.156 --net=host --cap-add=NET_ADMIN dnif/snort