2015-09-03 04:08:27 +02:00
|
|
|
snort
|
|
|
|
=====
|
2015-09-02 19:58:29 +02:00
|
|
|
|
|
|
|
![](https://badge.imagelayers.io/vimagick/snort:latest.svg)
|
|
|
|
|
2020-06-08 07:20:41 +02:00
|
|
|
[Snort][1] is an open source intrusion prevention system capable of real-time
|
2015-09-02 19:58:29 +02:00
|
|
|
traffic analysis and packet logging.
|
|
|
|
|
2018-08-26 08:55:20 +02:00
|
|
|
```yaml
|
|
|
|
snort:
|
|
|
|
image: vimagick/snort
|
2018-08-26 09:36:51 +02:00
|
|
|
command: -q -c /etc/snort/snort.conf -A fast -y -i eth0
|
2018-08-26 08:55:20 +02:00
|
|
|
volumes:
|
|
|
|
- ./data/snort.conf:/etc/snort/snort.conf
|
|
|
|
- ./data/rules:/etc/snort/rules
|
|
|
|
- ./data/log:/var/log/snort
|
|
|
|
cap_add:
|
|
|
|
- NET_ADMIN
|
|
|
|
net: host
|
|
|
|
restart: unless-stopped
|
|
|
|
```
|
2015-09-03 04:08:27 +02:00
|
|
|
|
2018-08-26 08:55:20 +02:00
|
|
|
```bash
|
|
|
|
# /etc/snort/rules/local.rules
|
|
|
|
alert icmp any any -> any any (msg:"ICMP Echo Request"; itype:8; sid:10000;)
|
|
|
|
alert icmp any any -> any any (msg:"ICMP Echo Reply"; itype:0; sid:10001;)
|
2015-09-03 04:08:27 +02:00
|
|
|
```
|
2018-08-26 08:55:20 +02:00
|
|
|
|
|
|
|
```bash
|
|
|
|
$ docker-compose up -d
|
2018-08-26 09:15:42 +02:00
|
|
|
|
2018-08-26 09:36:51 +02:00
|
|
|
$ tail -f data/log/alert
|
|
|
|
snort_1 | 08/26/18-06:47:35.460754 [**] [1:10000:0] ICMP Echo Request [**] [Priority: 0] {ICMP} x.x.x.x -> y.y.y.y
|
|
|
|
snort_1 | 08/26/18-06:47:35.460835 [**] [1:10001:0] ICMP Echo Reply [**] [Priority: 0] {ICMP} y.y.y.y -> x.x.x.x
|
2018-08-26 09:15:42 +02:00
|
|
|
|
|
|
|
$ tcpdump -n -r data/log/snort.log.xxx
|
|
|
|
06:47:35.460754 IP x.x.x.x > y.y.y.y: ICMP echo request, id 17767, seq 933, length 12
|
|
|
|
06:47:35.460835 IP y.y.y.y > x.x.x.x: ICMP echo reply, id 17767, seq 933, length 12
|
2018-08-26 12:48:38 +02:00
|
|
|
|
|
|
|
$ while :; do inotifywait -q -e modify data/log/alert && play -q alert.wav; done
|
2015-09-03 04:08:27 +02:00
|
|
|
```
|
|
|
|
|
2015-09-02 19:58:29 +02:00
|
|
|
[1]: https://snort.org/
|