Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-19 21:52:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

bump suricata to 4.1.4

Browse source
This commit is contained in:
t3chn0m4g3 2019-06-07 13:00:20 +00:00
parent 3acb52ce63
commit 28f5491977
2 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
docker/suricata/Dockerfile
View file

@ -1,11 +1,11 @@
FROM alpine FROM alpine
#
# Include dist # Include dist
ADD dist/ /root/dist/ ADD dist/ /root/dist/
#
# Install packages # Install packages
RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \ #RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
apk -U --no-cache add \ RUN apk -U --no-cache add \
ca-certificates \ ca-certificates \
curl \ curl \
file \ file \
@ -51,16 +51,16 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
py2-pip \ py2-pip \
rust \ rust \
yaml-dev && \ yaml-dev && \
#
# Upgrade pip, install virtualenv # Upgrade pip, install virtualenv
pip install --no-cache-dir --upgrade pip && \ pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir suricata-update && \ pip install --no-cache-dir suricata-update && \
#
# Get and build Suricata # Get and build Suricata
mkdir -p /opt/builder/ && \ mkdir -p /opt/builder/ && \
wget https://www.openinfosecfoundation.org/download/suricata-4.1.3.tar.gz && \ wget https://www.openinfosecfoundation.org/download/suricata-4.1.4.tar.gz && \
tar xvfz suricata-4.1.3.tar.gz --strip-components=1 -C /opt/builder/ && \ tar xvfz suricata-4.1.4.tar.gz --strip-components=1 -C /opt/builder/ && \
rm suricata-4.1.3.tar.gz && \ rm suricata-4.1.4.tar.gz && \
cd /opt/builder && \ cd /opt/builder && \
./configure \ ./configure \
--prefix=/usr \ --prefix=/usr \
@ -80,7 +80,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
make check && \ make check && \
make install && \ make install && \
make install-full && \ make install-full && \
#
# Setup user, groups and configs # Setup user, groups and configs
addgroup -g 2000 suri && \ addgroup -g 2000 suri && \
adduser -S -H -u 2000 -D -g 2000 suri && \ adduser -S -H -u 2000 -D -g 2000 suri && \
@ -89,12 +89,12 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
cp /root/dist/*.bpf /etc/suricata/ && \ cp /root/dist/*.bpf /etc/suricata/ && \
mkdir -p /etc/suricata/rules && \ mkdir -p /etc/suricata/rules && \
cp /opt/builder/rules/* /etc/suricata/rules/ && \ cp /opt/builder/rules/* /etc/suricata/rules/ && \
#
# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules # Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
cp /root/dist/update.sh /usr/bin/ && \ cp /root/dist/update.sh /usr/bin/ && \
chmod 755 /usr/bin/update.sh && \ chmod 755 /usr/bin/update.sh && \
update.sh OPEN && \ update.sh OPEN && \
#
# Clean up # Clean up
apk del --purge \ apk del --purge \
automake \ automake \
@ -124,7 +124,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
rm -rf /opt/builder && \ rm -rf /opt/builder && \
rm -rf /root/* && \ rm -rf /root/* && \
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*
#
# Start suricata # Start suricata
STOPSIGNAL SIGINT STOPSIGNAL SIGINT
CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])

2
docker/suricata/dist/capture-filter.bpf vendored
View file

@ -1,4 +1,4 @@
not (host sicherheitstacho.eu or community.sicherheitstacho.eu) and not (host sicherheitstacho.eu or community.sicherheitstacho.eu) and
not (host archive.ubuntu.com or security.ubuntu.com) and not (host deb.debian.org) and
not (host index.docker.io or docker.io) and not (host index.docker.io or docker.io) and
not (host hpfeeds.sissden.eu) not (host hpfeeds.sissden.eu)