2017-10-13 18:58:14 +00:00
|
|
|
FROM alpine
|
2019-06-07 13:00:20 +00:00
|
|
|
#
|
2017-10-13 18:58:14 +00:00
|
|
|
# Include dist
|
|
|
|
ADD dist/ /root/dist/
|
2019-06-07 13:00:20 +00:00
|
|
|
#
|
2017-10-13 18:58:14 +00:00
|
|
|
# Install packages
|
2019-06-07 13:00:20 +00:00
|
|
|
#RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
|
|
|
|
RUN apk -U --no-cache add \
|
2018-05-23 13:02:19 +00:00
|
|
|
ca-certificates \
|
|
|
|
curl \
|
|
|
|
file \
|
2019-03-26 16:26:47 +00:00
|
|
|
geoip \
|
|
|
|
hiredis \
|
|
|
|
jansson \
|
|
|
|
libcap-ng \
|
|
|
|
libhtp \
|
|
|
|
libmagic \
|
|
|
|
libnet \
|
|
|
|
libnetfilter_queue \
|
|
|
|
libnfnetlink \
|
|
|
|
libpcap \
|
|
|
|
luajit \
|
|
|
|
lz4-libs \
|
|
|
|
musl \
|
|
|
|
nspr \
|
|
|
|
nss \
|
|
|
|
pcre \
|
|
|
|
yaml \
|
|
|
|
wget \
|
|
|
|
automake \
|
|
|
|
autoconf \
|
|
|
|
build-base \
|
|
|
|
cargo \
|
|
|
|
file-dev \
|
|
|
|
geoip-dev \
|
|
|
|
hiredis-dev \
|
|
|
|
jansson-dev \
|
|
|
|
libtool \
|
|
|
|
libhtp-dev \
|
|
|
|
libcap-ng-dev \
|
|
|
|
luajit-dev \
|
|
|
|
libpcap-dev \
|
|
|
|
libnet-dev \
|
|
|
|
libnetfilter_queue-dev \
|
|
|
|
libnfnetlink-dev \
|
|
|
|
lz4-dev \
|
|
|
|
nss-dev \
|
|
|
|
nspr-dev \
|
|
|
|
pcre-dev \
|
|
|
|
python2 \
|
|
|
|
py2-pip \
|
|
|
|
rust \
|
|
|
|
yaml-dev && \
|
2019-06-07 13:00:20 +00:00
|
|
|
#
|
2019-03-26 16:26:47 +00:00
|
|
|
# Upgrade pip, install virtualenv
|
|
|
|
pip install --no-cache-dir --upgrade pip && \
|
|
|
|
pip install --no-cache-dir suricata-update && \
|
2019-06-07 13:00:20 +00:00
|
|
|
#
|
2019-03-26 16:26:47 +00:00
|
|
|
# Get and build Suricata
|
|
|
|
mkdir -p /opt/builder/ && \
|
2019-06-07 13:00:20 +00:00
|
|
|
wget https://www.openinfosecfoundation.org/download/suricata-4.1.4.tar.gz && \
|
|
|
|
tar xvfz suricata-4.1.4.tar.gz --strip-components=1 -C /opt/builder/ && \
|
|
|
|
rm suricata-4.1.4.tar.gz && \
|
2019-03-26 16:26:47 +00:00
|
|
|
cd /opt/builder && \
|
|
|
|
./configure \
|
|
|
|
--prefix=/usr \
|
|
|
|
--sysconfdir=/etc \
|
|
|
|
--mandir=/usr/share/man \
|
|
|
|
--localstatedir=/var \
|
|
|
|
--enable-non-bundled-htp \
|
|
|
|
--enable-nfqueue \
|
|
|
|
--enable-rust \
|
|
|
|
--disable-gccmarch-native \
|
|
|
|
--enable-hiredis \
|
|
|
|
--enable-geoip \
|
|
|
|
--enable-gccprotect \
|
|
|
|
--enable-pie \
|
|
|
|
--enable-luajit && \
|
|
|
|
make && \
|
|
|
|
make check && \
|
|
|
|
make install && \
|
|
|
|
make install-full && \
|
2019-06-07 13:00:20 +00:00
|
|
|
#
|
2017-10-13 18:58:14 +00:00
|
|
|
# Setup user, groups and configs
|
|
|
|
addgroup -g 2000 suri && \
|
|
|
|
adduser -S -H -u 2000 -D -g 2000 suri && \
|
2019-03-26 16:26:47 +00:00
|
|
|
chmod 644 /etc/suricata/*.config && \
|
2018-05-23 13:02:19 +00:00
|
|
|
cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
|
|
|
|
cp /root/dist/*.bpf /etc/suricata/ && \
|
2019-03-26 16:26:47 +00:00
|
|
|
mkdir -p /etc/suricata/rules && \
|
|
|
|
cp /opt/builder/rules/* /etc/suricata/rules/ && \
|
2019-06-07 13:00:20 +00:00
|
|
|
#
|
2017-10-13 18:58:14 +00:00
|
|
|
# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
|
|
|
|
cp /root/dist/update.sh /usr/bin/ && \
|
2018-03-30 16:41:46 +00:00
|
|
|
chmod 755 /usr/bin/update.sh && \
|
|
|
|
update.sh OPEN && \
|
2019-06-07 13:00:20 +00:00
|
|
|
#
|
2017-10-13 18:58:14 +00:00
|
|
|
# Clean up
|
2019-03-26 16:26:47 +00:00
|
|
|
apk del --purge \
|
|
|
|
automake \
|
|
|
|
autoconf \
|
|
|
|
build-base \
|
|
|
|
cargo \
|
|
|
|
file-dev \
|
|
|
|
geoip-dev \
|
|
|
|
hiredis-dev \
|
|
|
|
jansson-dev \
|
|
|
|
libtool \
|
|
|
|
libhtp-dev \
|
|
|
|
libcap-ng-dev \
|
|
|
|
luajit-dev \
|
|
|
|
libpcap-dev \
|
|
|
|
libnet-dev \
|
|
|
|
libnetfilter_queue-dev \
|
|
|
|
libnfnetlink-dev \
|
|
|
|
lz4-dev \
|
|
|
|
nss-dev \
|
|
|
|
nspr-dev \
|
|
|
|
pcre-dev \
|
|
|
|
python2 \
|
|
|
|
py2-pip \
|
|
|
|
rust \
|
|
|
|
yaml-dev && \
|
|
|
|
rm -rf /opt/builder && \
|
2017-10-13 18:58:14 +00:00
|
|
|
rm -rf /root/* && \
|
|
|
|
rm -rf /var/cache/apk/*
|
2019-06-07 13:00:20 +00:00
|
|
|
#
|
2017-10-13 18:58:14 +00:00
|
|
|
# Start suricata
|
2018-09-11 12:19:26 +00:00
|
|
|
STOPSIGNAL SIGINT
|
2018-05-23 13:02:19 +00:00
|
|
|
CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
|