tpotce/docker/suricata/Dockerfile

FROM alpine:latest
#
# Include dist
ADD dist/ /root/dist/
#
# Install packages
RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    apk -U --no-cache add \
                 ca-certificates \
                 curl \
                 file \
                 libcap \
                 wget && \
    apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
                 suricata && \
#
# Setup user, groups and configs
    addgroup -g 2000 suri && \
    adduser -S -H -u 2000 -D -g 2000 suri && \
    chmod 644 /etc/suricata/*.config && \
    cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
    cp /root/dist/*.bpf /etc/suricata/ && \
#
# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
    cp /root/dist/update.sh /usr/bin/ && \
    chmod 755 /usr/bin/update.sh && \
    update.sh OPEN && \
#
# Clean up
    rm -rf /root/* && \
    rm -rf /tmp/* && \
    rm -rf /var/cache/apk/*
#
# Start suricata
STOPSIGNAL SIGINT
CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
tweaking ELK 7.6.0 is not ready for production, however it works if APM is enabled (disabled in config, so image wont build as precaution) Remove SISSDEN from ewsposter, suricata Bump suricata to 5.0.1 Alpine now support suricata incl. enabled JA3 support, move back to Alpine install 2020-02-14 15:28:06 +00:00			`FROM alpine:latest`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Include dist`
			`ADD dist/ /root/dist/`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Install packages`
prep for new listbot FQDN 2020-05-12 09:19:09 +00:00			`RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \`
			`apk -U --no-cache add \`
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`ca-certificates \`
			`curl \`
			`file \`
tweaking ELK 7.6.0 is not ready for production, however it works if APM is enabled (disabled in config, so image wont build as precaution) Remove SISSDEN from ewsposter, suricata Bump suricata to 5.0.1 Alpine now support suricata incl. enabled JA3 support, move back to Alpine install 2020-02-14 15:28:06 +00:00			`libcap \`
			`wget && \`
			`apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \`
			`suricata && \`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Setup user, groups and configs`
			`addgroup -g 2000 suri && \`
			`adduser -S -H -u 2000 -D -g 2000 suri && \`
Bump Suricata to 4.1.3 Build with Rust Enable JA3 Enable more protocols Improve payload logging ... and more. 2019-03-26 16:26:47 +00:00			`chmod 644 /etc/suricata/*.config && \`
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \`
			`cp /root/dist/*.bpf /etc/suricata/ && \`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules`
			`cp /root/dist/update.sh /usr/bin/ && \`
update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking 2018-03-30 16:41:46 +00:00			`chmod 755 /usr/bin/update.sh && \`
			`update.sh OPEN && \`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Clean up`
			`rm -rf /root/* && \`
Bump Suricata to 5.0.0 2019-10-22 15:20:23 +00:00			`rm -rf /tmp/* && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`rm -rf /var/cache/apk/*`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Start suricata`
tweaking 2018-09-11 12:19:26 +00:00			`STOPSIGNAL SIGINT`
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address \| grep '^2: ' \| awk '{ print $2 }' \| tr -d [:punct:])`