From 28f5491977be8944920f6c25ea15bf8fe69b9a58 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Fri, 7 Jun 2019 13:00:20 +0000
Subject: [PATCH] bump suricata to 4.1.4

---
 docker/suricata/Dockerfile              | 26 ++++++++++++-------------
 docker/suricata/dist/capture-filter.bpf |  2 +-
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/docker/suricata/Dockerfile b/docker/suricata/Dockerfile
index 44c900fd..c450d691 100644
--- a/docker/suricata/Dockerfile
+++ b/docker/suricata/Dockerfile
@@ -1,11 +1,11 @@
 FROM alpine
-
+#
 # Include dist
 ADD dist/ /root/dist/
-
+#
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+#RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
+RUN    apk -U --no-cache add \
                  ca-certificates \
                  curl \
                  file \
@@ -51,16 +51,16 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
                  py2-pip \
                  rust \
                  yaml-dev && \
-
+#
 # Upgrade pip, install virtualenv
     pip install --no-cache-dir --upgrade pip && \
     pip install --no-cache-dir suricata-update && \
-
+#
 # Get and build Suricata
     mkdir -p /opt/builder/ && \
-    wget https://www.openinfosecfoundation.org/download/suricata-4.1.3.tar.gz && \
-    tar xvfz suricata-4.1.3.tar.gz --strip-components=1 -C /opt/builder/ && \
-    rm suricata-4.1.3.tar.gz && \
+    wget https://www.openinfosecfoundation.org/download/suricata-4.1.4.tar.gz && \
+    tar xvfz suricata-4.1.4.tar.gz --strip-components=1 -C /opt/builder/ && \
+    rm suricata-4.1.4.tar.gz && \
     cd /opt/builder && \
     ./configure \
 	--prefix=/usr \
@@ -80,7 +80,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
     make check && \
     make install && \
     make install-full && \
-
+#
 # Setup user, groups and configs
     addgroup -g 2000 suri && \
     adduser -S -H -u 2000 -D -g 2000 suri && \
@@ -89,12 +89,12 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
     cp /root/dist/*.bpf /etc/suricata/ && \
     mkdir -p /etc/suricata/rules && \
     cp /opt/builder/rules/* /etc/suricata/rules/ && \
-
+#
 # Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
     cp /root/dist/update.sh /usr/bin/ && \
     chmod 755 /usr/bin/update.sh && \
     update.sh OPEN && \
-
+#
 # Clean up
     apk del --purge \
                  automake \
@@ -124,7 +124,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
     rm -rf /opt/builder && \
     rm -rf /root/* && \
     rm -rf /var/cache/apk/*
-
+#
 # Start suricata
 STOPSIGNAL SIGINT
 CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
diff --git a/docker/suricata/dist/capture-filter.bpf b/docker/suricata/dist/capture-filter.bpf
index 80fa12d1..9f798d44 100644
--- a/docker/suricata/dist/capture-filter.bpf
+++ b/docker/suricata/dist/capture-filter.bpf
@@ -1,4 +1,4 @@
 not (host sicherheitstacho.eu or community.sicherheitstacho.eu) and
-not (host archive.ubuntu.com or security.ubuntu.com) and
+not (host deb.debian.org) and
 not (host index.docker.io or docker.io) and
 not (host hpfeeds.sissden.eu)