Dockerfile 7.66 KB
Newer Older
Alija's avatar
Alija committed
1
2
FROM ubuntu:16.04

3
4
# Partially based on 
# https://sublimerobots.com/2017/07/installing-snort-3-b237-in-ubuntu
5

6
ENV DOWNLOAD_DIR 	/home/temp
7
8
ENV SNORT_DIR_AUTO	snort_auto
ENV SNORT_DIR_CMAKE	snort_cmake
9
ENV SNORT_PRJ_DIR	snort_project_cdt
10
ENV SNORT_DIR		/opt/snort
11
ENV SNORT_VER		3.0.0-239
12
ENV SNORT_VER_M		3.0.0
13
14
ENV SNORT_EXTRA_VER	1.0.0-239
ENV DAQ_VER		2.2.2
15
16
17
ENV HWLOC_VER		1.11.8
ENV LUAJIT_VER		2.0.5
ENV SSL_VER		1.1.0g
18
19
ENV PCAP_VER		1.8.1
ENV PCRE_VER		8.41
20
21
ENV PKG_CONFIG_VER	0.29.2
ENV ZLIB_VER 		1.2.11
22
23
24
25
26
ENV LIBSAFEC_VER	10052013
ENV RAGEL_VER		6.10
ENV BOOST_VER		1.64.0
ENV BOOST_DIR		boost_1_64_0
ENV HYPERSCAN_VER	4.5.1
27
28
# ENV LIBDNET_GIT	https://github.com/dugsong/libdnet.git
ENV LIBDNET_GIT		https://github.com/jncornett/libdnet.git
29
30
ENV LUA_PATH		/opt/snort/include/snort/lua/\?.lua\;\;
ENV SNORT_LUA_PATH      /opt/snort/etc/snort
31
ENV JAVA_HOME 		/usr/lib/jvm/java-8-oracle
32
33
34

# Needed tools
RUN apt-get update && apt-get install -y \
35
    wget \
36
37
    cmake-curses-gui \
    gdb
38

39
# Snort Dependencies ---------------------------------------------------------/
40
RUN apt-get install linux-headers-$(uname -r) -y
41

42
43
44
45
46
47
48
49
50
51
52
# Prerequisites
RUN apt-get install -y \
    build-essential \
    autotools-dev \
    libpcap-dev

# DAQ Prerequisites
RUN apt-get install -y \
    bison \
    flex

53
54
55
56
# Hyperscan Prerequisities
RUN apt-get install -y \
    python

57
58
59
60
61
62
63
64
65
66
67
68
69
70
# for compiling source from github
RUN apt-get install -y \
    libtool \
    git \
    autoconf

# Recommended software (optional)
RUN apt-get install -y \
    liblzma-dev \
    cpputest \
    libsqlite3-dev \
    cmake

# Documentation
71
72
73
74
RUN apt-get install -y \
    asciidoc \
    dblatex \
    source-highlight
75
76
    

77
# Download packages need for snort
78
# git clone https://github.com/snortadmin/snort3.git && \
79
80
# wget -qO- https://github.com/snortadmin/snort3/archive/master.tar.gz | tar xvz && \
# wget -qO- https://github.com/Xiche/libdaq/archive/v$DAQ_VER.tar.gz | tar xvz && \
81
RUN mkdir -p $DOWNLOAD_DIR && cd $DOWNLOAD_DIR && mkdir $SNORT_DIR_AUTO && mkdir $SNORT_DIR_CMAKE && \
82
83
84
85
    wget -qO- http://downloads.sourceforge.net/project/safeclib/libsafec-10052013.tar.gz | tar xvz && \
    wget -qO- http://www.colm.net/files/ragel/ragel-$RAGEL_VER.tar.gz | tar xvz && \
    wget -qO- https://dl.bintray.com/boostorg/release/$BOOST_VER/source/$BOOST_DIR.tar.gz | tar xvz && \
    wget -qO- https://github.com/01org/hyperscan/archive/v$HYPERSCAN_VER.tar.gz | tar xvz && \
86
    cd $SNORT_DIR_AUTO && \
87
    wget -qO- https://www.snort.org/downloads/snortplus/snort-$SNORT_VER-auto.tar.gz | tar xvz && \
88
89
    wget -qO- https://www.snort.org/downloads/snortplus/snort_extra-$SNORT_EXTRA_VER-auto.tar.gz | tar xvz && cd .. && \
    cd $SNORT_DIR_CMAKE && \
90
    wget -qO- https://www.snort.org/downloads/snortplus/snort-$SNORT_VER-cmake.tar.gz | tar xvz && \
91
    wget -qO- https://www.snort.org/downloads/snortplus/snort_extra-$SNORT_EXTRA_VER-cmake.tar.gz | tar xvz && cd .. && \
92
    wget -qO- https://www.snort.org/downloads/snortplus/daq-$DAQ_VER.tar.gz | tar xvz && \
93
94
95
96
    git clone $LIBDNET_GIT && \
    wget -qO- https://www.open-mpi.org/software/hwloc/v1.11/downloads/hwloc-$HWLOC_VER.tar.gz | tar xvz && \
    wget -qO- http://luajit.org/download/LuaJIT-$LUAJIT_VER.tar.gz | tar xvz && \
    wget -qO- https://www.openssl.org/source/openssl-$SSL_VER.tar.gz | tar xvz && \
97
98
    wget -qO- http://www.tcpdump.org/release/libpcap-$PCAP_VER.tar.gz | tar xvz && \
    wget -qO- ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$PCRE_VER.tar.gz | tar xvz && \
99
100
    wget -qO- https://pkg-config.freedesktop.org/releases/pkg-config-$PKG_CONFIG_VER.tar.gz | tar xvz && \
    wget -qO- www.zlib.net/zlib-$ZLIB_VER.tar.gz | tar xvz
101

102
103
104
# Zlib
WORKDIR $DOWNLOAD_DIR/zlib-$ZLIB_VER
RUN ./configure && make && make install
105
106
107
108
109
110
111
112
113
114
115
116
117

# Pkg Config
WORKDIR $DOWNLOAD_DIR/pkg-config-$PKG_CONFIG_VER
RUN ./configure --with-internal-glib && make && make install

# PCAP
WORKDIR $DOWNLOAD_DIR/libpcap-$PCAP_VER
RUN ./configure && make && make install

# PCRE
WORKDIR $DOWNLOAD_DIR/pcre-$PCRE_VER
RUN ./configure && make && make install

118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# OpenSSL
WORKDIR $DOWNLOAD_DIR/openssl-$SSL_VER
RUN ./config && make && make install

# LuaJIT
WORKDIR $DOWNLOAD_DIR/LuaJIT-$LUAJIT_VER
RUN make && make install

# hwloc
WORKDIR $DOWNLOAD_DIR/hwloc-$HWLOC_VER
RUN ./configure && make && make install

# libdnet
WORKDIR $DOWNLOAD_DIR/libdnet
RUN ./configure && make && make install

134
135
136
137
138
139
140
141
142
143
144
145
146
147
# libsafec
WORKDIR $DOWNLOAD_DIR/libsafec-10052013
RUN ./configure && make && make install

# Ragel
WORKDIR $DOWNLOAD_DIR/ragel-$RAGEL_VER
RUN ./configure && make && make install

# Hyperscan
WORKDIR $DOWNLOAD_DIR
RUN mkdir hyperscan-$HYPERSCAN_VER-build && cd hyperscan-$HYPERSCAN_VER-build && \
    cmake -DCMAKE_INSTALL_PREFIX=/usr/local \
          -DBOOST_ROOT=$DOWNLOAD_DIR/$BOOST_DIR/ \
          ../hyperscan-$HYPERSCAN_VER && \
148
    make && make install && ./bin/unit-hyperscan
149
150
    

151
152
153
154
155
156
# netmap
#WORKDIR $DOWNLOAD_DIR
#RUN git clone https://github.com/luigirizzo/netmap.git && \
#    cd netmap && ./configure --no-drivers && make && make install

# DAQ
157
WORKDIR $DOWNLOAD_DIR/daq-$DAQ_VER
158
RUN ./configure && make && make install && ldconfig
159
160

# Snort 3
161
162
163
WORKDIR $DOWNLOAD_DIR/$SNORT_DIR_CMAKE/snort-$SNORT_VER_M-a4
#RUN autoreconf -isvf && ./configure_cmake.sh --prefix=$SNORT_DIR && cd build && make -j 8 install
RUN ./configure_cmake.sh --prefix=$SNORT_DIR && cd build && make -j 8 install
164
RUN ln -s /opt/snort/bin/snort /usr/sbin/snort
165
166
#RUN sh -c "echo 'export LUA_PATH=/opt/snort/include/snort/lua/\?.lua\;\;' >> ~/.bashrc"
#RUN sh -c "echo 'export SNORT_LUA_PATH=/opt/snort/etc/snort' >> ~/.bashrc
167

168
169
170
# Snort Eclipse CDT Project
WORKDIR $DOWNLOAD_DIR
RUN mkdir $SNORT_PRJ_DIR && cd $SNORT_PRJ_DIR && \
171
    cmake ../$SNORT_DIR_CMAKE/snort-$SNORT_VER_M-a4 -G"Eclipse CDT4 - Unix Makefiles"
172
173

# Install java
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
RUN apt-get update && \
    apt-get upgrade -y && \
    apt-get install -y  software-properties-common && \
    add-apt-repository ppa:webupd8team/java -y && \
    apt-get update && \
    echo oracle-java7-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections && \
    apt-get install -y oracle-java8-installer && \
    apt-get clean

# Replace 1000 with your user / group id
RUN export uid=1000 gid=1000 && \
    mkdir -p /home/developer && \
    echo "developer:x:${uid}:${gid}:Developer,,,:/home/developer:/bin/bash" >> /etc/passwd && \
    echo "developer:x:${uid}:" >> /etc/group && \
    mkdir -p /etc/sudoers.d && \	
    echo "developer ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/developer && \
    chmod 0440 /etc/sudoers.d/developer && \
    chown ${uid}:${gid} -R /home/developer

193
194
195
196
197
198
199
200

# Gtk, X11
RUN apt-get install -y \
    dbus-x11 \
    packagekit-gtk3-module \
    libcanberra-gtk-module \
    libcanberra-gtk-module \
    libcanberra-gtk3-module
201
202
203
204
205
206

# Eclipse CDT
WORKDIR $DOWNLOAD_DIR
RUN wget -qO- http://eclipse.mirror.rafal.ca/technology/epp/downloads/release/oxygen/R/eclipse-cpp-oxygen-R-linux-gtk-x86_64.tar.gz | tar xvz && \
    mv eclipse /opt/

207
208
209
210
211
# Fix dbus error message
#RUN dbus-uuidgen > /var/lib/dbus/machine-id
ENV NO_AT_BRIDGE 1

# Change permissions
212
213
214
RUN chmod 777 /home/developer
RUN chown -R developer:developer /home/temp/$SNORT_PRJ_DIR
RUN chmod 777 /home/temp
215

216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
# Nautilus (File Explorer)
RUN apt-get install -y nautilus

# Setup ssh server
#RUN apt-get install -y openssh-server && \
#    mkdir /var/run/sshd && \
#    echo 'root:embsys' | chpasswd && \
#    sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

# SSH login fix. Otherwise user is kicked off after login
#RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

#ENV NOTVISIBLE "in user profile"
#RUN echo "export VISIBLE=now" >> /etc/profile

#EXPOSE 22
#CMD ["/usr/sbin/sshd", "-D"]


235
USER developer
236
CMD ["/bin/bash"]
237