FROM Alpine Linux 3.21.2
This repository serves as a reference for building a custom Alpine container images based on the Alpine Linux. We make use of the Alpine Packaging tools abuild
and apk
to build a package repository local to the image itself. The local package repo builds package and subpackage targets from the software listed below.
Several dependencies to build a complete version of Snort 3 are not part officially supported by Alpine Linux or what does exist did not meet my expectations so they've been pulled directly. Additionally, the Snort3, Snort3 Extra and LibDAQ packages were solely produced for Krakatoa.
- Snort3 3.6.2.0
- Snort3 Extra 3.3.2.0
- hwloc 2.9.1
- jemalloc 5.3.0
- Vectorscan 5.4.11
- LibDAQ 3.0.18
- AbcIP 2.4.11
- Lightspd Manifest 0.1.0
-
Build Krakatoa image along with all packages
make [build]
-
Run Krakatoa
# From your host system, create a new Krakatoa container. docker run --rm -ti krakatoa # Now you are in the Krakatoa runtime, we will now install # packages from the @local repository. # 1st Install Snort3 sudo apk add snort3@local # 2nd Install DAQ modules # You wont be able to do much until you install some DAQ # modules; by default Snort3 will use pcap daq. sudo apk add libdaq-pcap-module@local # However I prefer to use the afpacket module. sudo apk add libdaq-afpacket-module@local # You can install any of the packaged modules using `apk`. # All modules that can be built for Linux are available. # sudo apk add libdaq-fst-module@local libdaq-dump-module@local # 3rd, Test your new Snort installation sudo snort --daq-dir /usr/local/lib/daq \ -c /usr/local/etc/snort/snort.lua \ -k none \ --daq afpacket -i eth0
-
Persistent environment
# Launch a new Krakatoa container in the background make start # Attach to running Krakatoa container make attach # Terminate the container make stop
- Victor Roemer (wtfbbqhax)
Footnotes
-
AbcIP version 2.4.1 is not a real tagged build, our package builds the HEAD of master. -wtfbbqhax ↩