Docker Image with Snorby using latest CentOS-7, Ruby on Rails, Daq and Snort.
Using ENV variable called OINKCODE
this docker image can download rules provided for registered and subscribed users from snort.org.
Snorby is build on:
ruby-1.9.3-p551
recent version of snort using community rules
This container is built that any extra parameters provided to docker run
will be passed directly to rails server command. For example, if you run docker run [run options] schachr/snorby -e production
you pass -e production
to rails server daemon.
This image has a repository link to the underlying base image centos
. Whenever this receives an update this container will automatically build itself again.
There is an automatic build
dependency to the github repository https://github.com/schachr/docker-snorby and crontab scheduled builds as well.
All you need to do is to pull it, remove the container (docker rm
) if neccessary and restart it (docker create/run
).
To be able to connect to database we would need one to be running first.
In this Image you can use environmental variables to connect into external MySQL/MariaDB database.
DB_USER
= database user
DB_PASS
= database password
DB_ADDRESS
= database address (either ip or domain-name)
DB_DATABASE
= database itself.
Snorby Config:
SNORBY_CONFIG=/usr/local/src/snorby/config/snorby_config.yml
If you mount your config to different location, simply edit it.
Timezone:
TIMEZONE=Atlantic/Faeroe
Defaults to UTC.
docker run \
-d \
--name snorby \
-p 3000:3000 \
--env="DB_ADDRESS=database_ip" \
--env="DB_USER=snorbyuser" \
--env="DB_PASS=password" \
--env="DB_DATABASE=database" \
schachr/snorby
docker run \
-d \
--name snorby \
-p 80:80 \
--env="DB_ADDRESS=database_ip" \
--env="DB_USER=snorbyuser" \
--env="DB_PASS=password" \
--env="DB_DATABASE=database" \
--env="OINKCODE=my_oinkcode" \
--env="TIMEZONE=Atlantic/Faeroe" \
-v /my-snorby-config.yml:/usr/local/src/snorby/config/snorby_config.yml \
-v /my-email-settings.rb:/usr/local/src/snorby/config/initializers/mail_config.rb \
schachr/snorby \
-e development -p 80
rails server
command can be used with some parameters to define address and port on which rails server should work.
Simple --help
output below:
Usage: rails server [mongrel, thin, etc] [options]
-p, --port=port Runs Rails on the specified port.
Default: 3000
-b, --binding=ip Binds Rails to the specified ip.
Default: 0.0.0.0
-c, --config=file Use custom rackup configuration file
-d, --daemon Make server run as a Daemon.
-u, --debugger Enable ruby-debugging for the server.
-e, --environment=name Specifies the environment to run this server under (test/development/production).
Default: development
-P, --pid=pid Specifies the PID file.
Default: tmp/pids/server.pid
-h, --help Show this help message.
Visit your snorby_ip:port
to access snorby interface and use default credentials:
Username: snorby@snorby.org
Password: snorby