Docker Image with Snorby using CentOS-7, Ruby on Rails, Daq and Snort.
Using ENV variable called OINKCODE
this docker image can download rules provided for registered and subscribed users from snort.org.
Snorby is build on:
ruby-1.9.3-p551
daq-2.0.4
snort-2.9.7.0 using community rules.
This container is built that any extra parameters provided to docker run
will be passed directly to rails server command. For example, if you run docker run [run options] polinux/snorby -e production
you pass -e production
to rails server daemon.
To be able to connect to database we would need one to be running first. Easiest way to do that is to use another docker image. For this purpose we will use our million12/mariadb image as our database.
**For more information about million12/MariaDB see our documentation. **
Example:
docker run \
-d \
--name snorby-db \
-p 3306:3306 \
--env="MARIADB_USER=snorbyuser" \
--env="MARIADB_PASS=my_password" \
million12/mariadb
In this Image you can use environmental variables to connect into external MySQL/MariDB database.
DB_USER
= database user
DB_PASS
= database password
DB_ADDRESS
= database address (either ip or domain-name).
Snorby Config:
SNORBY_CONFIG=/usr/local/src/snorby/config/snorby_config.yml
If you mount your config to different location, simply edit it.
docker run \
-d \
--name snorby \
-p 3000:3000 \
--env="DB_ADDRESS=database_ip" \
--env="DB_USER=snorbyuser" \
--env="DB_PASS=password" \
polinux/snorby
docker run \
-d \
--name snorby \
-p 80:80 \
--env="DB_ADDRESS=database_ip" \
--env="DB_USER=snorbyuser" \
--env="DB_PASS=password" \
--env="OINKCODE=my_oinkcode" \
-v /my-snorby-config.yml:/usr/local/src/snorby/config/snorby_config.yml \
-v /my-email-settings.rb:/usr/local/src/snorby/config/initializers/mail_config.rb \
polinux/snorby \
-e development -p 80
rails server
command can be used with some parameters to define address and port on which rails server should work.
Simple --help
output below:
Usage: rails server [mongrel, thin, etc] [options]
-p, --port=port Runs Rails on the specified port.
Default: 3000
-b, --binding=ip Binds Rails to the specified ip.
Default: 0.0.0.0
-c, --config=file Use custom rackup configuration file
-d, --daemon Make server run as a Daemon.
-u, --debugger Enable ruby-debugging for the server.
-e, --environment=name Specifies the environment to run this server under (test/development/production).
Default: development
-P, --pid=pid Specifies the PID file.
Default: tmp/pids/server.pid
-h, --help Show this help message.
Visit your snorby_ip:port
to access snorby interface and use default credentials:
Username: snorby@snorby.org
Password: snorby
Author: Przemyslaw Ozgo (linux@ozgo.info)