tpotce/docker/suricata/Dockerfile

FROM alpine:edge
#
# Include dist
COPY dist/ /root/dist/
#
# Install packages
RUN apk --no-cache -U add \
		ca-certificates \
		curl \
		file \
		hiredis \
		libcap \
		wget \
		suricata && \
#
# Setup user, groups and configs
    addgroup -g 2000 suri && \
    adduser -S -H -u 2000 -D -g 2000 suri && \
    cp /root/dist/*.yaml /etc/suricata/ && \
    cp /root/dist/*.conf /etc/suricata/ && \
    cp /root/dist/*.bpf /etc/suricata/ && \
    cp /root/dist/update.sh /usr/bin/ && \
    chmod 644 /etc/suricata/*.config && \
    chmod 755 -R /var/lib/suricata && \
    chmod 755 /usr/bin/update.sh && \
    chown -R root:suri /tmp /run && \
#
# Download the latest EmergingThreats OPEN ruleset
    suricata-update update-sources && \
    suricata-update --no-test --no-reload && \
#
# Clean up
    rm -rf /root/* \
           /tmp/* \
           /var/cache/apk/*
#
# Start suricata
STOPSIGNAL SIGINT
CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }')
drop root privileges for suricata 2022-03-08 17:29:03 +00:00			`FROM alpine:edge`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Include dist`
drop root privileges for suricata 2022-03-08 17:29:03 +00:00			`COPY dist/ /root/dist/`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Install packages`
Finish work on new builder, tweaking 2024-09-11 10:42:17 +00:00			`RUN apk --no-cache -U add \`
tweaking updating .env, env.example and compose files regarding sentrypeer ENVs make glutton image aware of payloads feature bump glutton to latest master, alpine 3.19, multi-stage build bump ipphoney to alpine 3.19 bump mailoney to alpine 3.19, adjust for py3 revert medpot to previous master, use multi stage build and alpine 3.19 bump cyberchef to latest master bump ngninx to alpine 3.19 bump p0f to alpine 3.19, use multi stage build bump redishoneypot to alpine 3.19, use multi stage build bump sentrypeer to latest master, fix bug for open ports in compose files, now all tcp/5060, udp/5060 traffic will be seen bump spiderfoot to latest master bump spiderfoot to alpine 3.19 bump suricata to 7.0.2, fix performance issue with capture-filter-bpf by reducing the rules update clean.sh to include glutton payloads folder 2024-03-09 11:11:14 +00:00			`ca-certificates \`
			`curl \`
			`file \`
			`hiredis \`
			`libcap \`
			`wget \`
			`suricata && \`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Setup user, groups and configs`
			`addgroup -g 2000 suri && \`
			`adduser -S -H -u 2000 -D -g 2000 suri && \`
Suricata: use suricata-update for rule management As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload. 2020-11-26 17:10:16 +00:00			`cp /root/dist/*.yaml /etc/suricata/ && \`
			`cp /root/dist/*.conf /etc/suricata/ && \`
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`cp /root/dist/*.bpf /etc/suricata/ && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`cp /root/dist/update.sh /usr/bin/ && \`
drop root privileges for suricata 2022-03-08 17:29:03 +00:00			`chmod 644 /etc/suricata/*.config && \`
			`chmod 755 -R /var/lib/suricata && \`
update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking 2018-03-30 16:41:46 +00:00			`chmod 755 /usr/bin/update.sh && \`
drop root privileges for suricata 2022-03-08 17:29:03 +00:00			`chown -R root:suri /tmp /run && \`
			`#`
			`# Download the latest EmergingThreats OPEN ruleset`
Suricata: use suricata-update for rule management As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload. 2020-11-26 17:10:16 +00:00			`suricata-update update-sources && \`
drop root privileges for suricata 2022-03-08 17:29:03 +00:00			`suricata-update --no-test --no-reload && \`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Clean up`
Finish work on new builder, tweaking 2024-09-11 10:42:17 +00:00			`rm -rf /root/* \`
			`/tmp/* \`
			`/var/cache/apk/*`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Start suricata`
tweaking 2018-09-11 12:19:26 +00:00			`STOPSIGNAL SIGINT`
Change method to get default Suricata interface On some systems, interface number 2 is not always the correct one. With AWK we now collect the first active interface having both an address and a broadcast. 2021-01-06 10:14:24 +00:00			`CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address show \| /usr/bin/awk '/inet.*brd/{ print $NF; exit }')`