FROM ubuntu:24.04 in order to use Ubuntu 24.04 as the base container image
Changed python3.8 package and instead acquires python3, python3-dev, and python3-pip to mirror the packages pulled for the zeek container
Final CMD that launches dalton-agent.py uses python3 instead of python3.8 to run the agent.
Tested and Confirmed to for Suricata versions 4.1.0 and above successfully
Dockerfile_snort:
FROM ubuntu:24.04 in order to use Ubuntu 24.04 as the base container image
Changed python3.8 package and instead acquires python3, python3-dev, and python3-pip to mirror the packages pulled for the zeek container
Additional new packages acquired via apt-get: libtoollibtirpc-dev
Added autoreconf -f -i to the ./configure && make && make install command chain to avoid a failure to compile the DAQ libraries
Appended CFLAGS="-I/usr/include/tirpc" to Snort's ./configure command. This was necessary because by default Snort tries to look for the RPC headers in /usr/include/rpc. This is no longer correct, so we have to point to the new location of the RPC headers (/usr/include/tirpc) for snort to compile successfully)
Final CMD that launches dalton-agent.py uses python3 instead of python3.8 to run the agent.
Tested and confirmed to work for Snort versions 2.16.x and above successfully
Greetings!
This PR is to address #199
Here is a summary of changes:
Dockerfile_suricata:
FROM ubuntu:24.04in order to use Ubuntu 24.04 as the base container imageChanged python3.8 package and instead acquires
python3,python3-dev, andpython3-pipto mirror the packages pulled for the zeek containerFinal CMD that launches
dalton-agent.pyusespython3instead ofpython3.8to run the agent.Tested and Confirmed to for Suricata versions 4.1.0 and above successfully
Dockerfile_snort:
FROM ubuntu:24.04in order to use Ubuntu 24.04 as the base container imageChanged python3.8 package and instead acquires
python3,python3-dev, andpython3-pipto mirror the packages pulled for the zeek containerAdditional new packages acquired via
apt-get:libtoollibtirpc-devAdded
autoreconf -f -ito the./configure && make && make installcommand chain to avoid a failure to compile the DAQ librariesAppended
CFLAGS="-I/usr/include/tirpc"to Snort's./configurecommand. This was necessary because by default Snort tries to look for the RPC headers in/usr/include/rpc. This is no longer correct, so we have to point to the new location of the RPC headers (/usr/include/tirpc) for snort to compile successfully)Final CMD that launches
dalton-agent.pyusespython3instead ofpython3.8to run the agent.Tested and confirmed to work for Snort versions 2.16.x and above successfully