Tricky script which mades Snort installation simply as a script execution is. The script installs:

• Snort: Open Source IDS.
• Barnyard2: Interpreter for Snort unified2 binary output files.
• PulledPork: Snort rule management.
• WebSnort: Web Interface for PCAP analysis.

Successfully tested in:

• Raspberry Pi + Raspbian Jessie
• Kali Linux Rolling Release
• Debian 8.0+
• Ubuntu 14.04 using the Snorter_Ubuntu-14.04.sh script.

Detailed install instructions.

Simply run on your terminal:

git clone https://github.com/joanbono/Snorter.git
cd Snorter/src

Printing the USAGE:

bash Snorter.sh -h

OR

bash Snorter.sh --help

RECOMMENDED: Executing the script using an OINKCODE

bash Snorter.sh -o <oinkcode> -i <interface>

Dockerfile content. Use your personal OINKCODE.

#Kali docker with SNORT + BARNYARD2 + PULLEDPORK
#Version 0.1.0
From kalilinux/kali-linux-docker:latest
MAINTAINER Joan Bono <@joan_bono>

ENV OINKCODE
ENV INTERFACE

RUN apt-get update && apt-get upgrade -y && apt-get install -y git curl wget
RUN git clone https://github.com/joanbono/Snorter.git /opt/Snorter
RUN /opt/Snorter/src/Snorter.sh -o ${OINKCODE} -i ${INTERFACE}
USER root
WORKDIR /opt/Snorter

Start the docker daemon.

• With websnort:

cd Snorter/src/
docker build SnorterDock -p 80:80 -e OINKCODE=<oinkcode> -e INTERFACE=<interface>

• Without websnort:

cd Snorter/src/
docker build SnorterDock -e OINKCODE=<oinkcode> -e INTERFACE=<interface>

• Submit a pcap using the web browser:

• Watch the alerts on the web browser:

• Submit a pcap using the API:

curl -i --form [email protected] http://ADDRESS/api/submit

• English: PDF - MarkDown
• Spanish: PDF - MarkDown
• Catalan: PDF - MarkDown

• @goffinet for the rule enabler and for solving solving the systemctl issue.
• @rbshadow for the Snorter script adapted to Ubuntu 14.04.