Beta version. In progress, see the To-Do section

Unofficial snort3 IDS/IPS software docker image.

• From : Debian Bookworm Slim.
• Size : 778 MB.
• Time : Build from source. Take multiples minutes depending on your system.
• Trivy : 0 unfixed vulnerabilities.

docker pull mikehorn/snort3:latest

git clone https://github.com/MikeHorn-git/docker-snort3.git
cd docker-snort3/
docker compose build

To use file from your host :

• Create a directory in your home with the name snort.
• Modify the docker-compose.yml, to replace the $USER var to your username in the volumes section.
• Place the files you want in host : /home/$USER/snort
• In the docker container they are available at /files

docker compose run --rm snort3 -i eth0

docker compose run --rm snort3 -r /files/file.pcap

• The snort3 Docker image is scanned with trivy to improve security.
• Install docker-bench-security for hardening your host.

• Create and configure snort.conf file.
• Add docker-compose.yml file.
• Push image to Docker Hub.