tpotce/docker/suricata/Dockerfile

FROM alpine:edge
#
# Include dist
ADD dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
                 ca-certificates \
                 curl \
                 file \
		 hiredis \
                 libcap \
                 wget \
                 suricata && \
#
# Setup user, groups and configs
    addgroup -g 2000 suri && \
    adduser -S -H -u 2000 -D -g 2000 suri && \
    chmod 644 /etc/suricata/*.config && \
    cp /root/dist/*.yaml /etc/suricata/ && \
    cp /root/dist/*.conf /etc/suricata/ && \
    cp /root/dist/*.bpf /etc/suricata/ && \
#
# Download the latest EmergingThreats OPEN ruleset
    cp /root/dist/update.sh /usr/bin/ && \
    chmod 755 /usr/bin/update.sh && \
    suricata-update update-sources && \
    suricata-update --no-reload && \
#
# Clean up
    rm -rf /root/* && \
    rm -rf /tmp/* && \
    rm -rf /var/cache/apk/*
#
# Start suricata
STOPSIGNAL SIGINT
CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
bump suricata to 5.0.4 2020-10-28 17:53:23 +00:00			`FROM alpine:edge`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Include dist`
			`ADD dist/ /root/dist/`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Install packages`
bump suricata to 5.0.4 2020-10-28 17:53:23 +00:00			`RUN apk -U --no-cache add \`
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`ca-certificates \`
			`curl \`
			`file \`
continue pin / prep images ghcr 2020-09-04 12:37:28 +00:00			`hiredis \`
tweaking ELK 7.6.0 is not ready for production, however it works if APM is enabled (disabled in config, so image wont build as precaution) Remove SISSDEN from ewsposter, suricata Bump suricata to 5.0.1 Alpine now support suricata incl. enabled JA3 support, move back to Alpine install 2020-02-14 15:28:06 +00:00			`libcap \`
bump suricata to 5.0.4 2020-10-28 17:53:23 +00:00			`wget \`
tweaking ELK 7.6.0 is not ready for production, however it works if APM is enabled (disabled in config, so image wont build as precaution) Remove SISSDEN from ewsposter, suricata Bump suricata to 5.0.1 Alpine now support suricata incl. enabled JA3 support, move back to Alpine install 2020-02-14 15:28:06 +00:00			`suricata && \`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Setup user, groups and configs`
			`addgroup -g 2000 suri && \`
			`adduser -S -H -u 2000 -D -g 2000 suri && \`
Bump Suricata to 4.1.3 Build with Rust Enable JA3 Enable more protocols Improve payload logging ... and more. 2019-03-26 16:26:47 +00:00			`chmod 644 /etc/suricata/*.config && \`
Suricata: use suricata-update for rule management As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload. 2020-11-26 17:10:16 +00:00			`cp /root/dist/*.yaml /etc/suricata/ && \`
			`cp /root/dist/*.conf /etc/suricata/ && \`
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`cp /root/dist/*.bpf /etc/suricata/ && \`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
Suricata: use suricata-update for rule management As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload. 2020-11-26 17:10:16 +00:00			`# Download the latest EmergingThreats OPEN ruleset`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`cp /root/dist/update.sh /usr/bin/ && \`
update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking 2018-03-30 16:41:46 +00:00			`chmod 755 /usr/bin/update.sh && \`
Suricata: use suricata-update for rule management As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload. 2020-11-26 17:10:16 +00:00			`suricata-update update-sources && \`
			`suricata-update --no-reload && \`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Clean up`
			`rm -rf /root/* && \`
Bump Suricata to 5.0.0 2019-10-22 15:20:23 +00:00			`rm -rf /tmp/* && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`rm -rf /var/cache/apk/*`
bump suricata to 4.1.4 2019-06-07 13:00:20 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Start suricata`
tweaking 2018-09-11 12:19:26 +00:00			`STOPSIGNAL SIGINT`
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address \| grep '^2: ' \| awk '{ print $2 }' \| tr -d [:punct:])`