tweaking

fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available
2025-07-02 04:52:11 +00:00 · 2018-05-23 13:02:19 +00:00 · 2018-05-23 13:02:19 +00:00 · 38fce345cf
commit 38fce345cf
parent fbe1fff088
3 changed files with 38 additions and 20 deletions
--- a/docker/suricata/Dockerfile
+++ b/docker/suricata/Dockerfile
@ -4,12 +4,11 @@ FROM alpine
 ADD dist/ /root/dist/
 # Install packages
-RUN apk -U upgrade && \
+RUN apk -U --no-cache add \
    apk add bash \
                 ca-certificates \
                 curl \
                 file \
                 libcap \
            procps \
                 wget && \
    apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
                 suricata && \
@ -17,8 +16,8 @@ RUN apk -U upgrade && \
 # Setup user, groups and configs
    addgroup -g 2000 suri && \
    adduser -S -H -u 2000 -D -g 2000 suri && \
-    mv /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
+    cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
-    mv /root/dist/capture-filter.bpf /etc/suricata/capture-filter.bpf && \
+    cp /root/dist/*.bpf /etc/suricata/ && \
 # Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
    cp /root/dist/update.sh /usr/bin/ && \
@ -30,4 +29,4 @@ RUN apk -U upgrade && \
    rm -rf /var/cache/apk/*
 # Start suricata
-CMD update.sh $OINKCODE && exec suricata -v -F /etc/suricata/capture-filter.bpf -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
+CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
--- a/docker/suricata/dist/null.bpf
+++ b/docker/suricata/dist/null.bpf
--- a/docker/suricata/dist/update.sh
+++ b/docker/suricata/dist/update.sh
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/ash
 # Let's ensure normal operation on exit or if interrupted ...
 function fuCLEANUP {
@ -11,16 +11,15 @@ myOINKCODE="$1"
 function fuDLRULES {
 ### Check if args are present then download rules, if not throw error
 if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" == "OPEN" ];
  then
    echo "Downloading ET open ruleset."
-    wget --tries=2 --timeout=2 https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz -O /tmp/rules.tar.gz
+    wget -q --tries=2 --timeout=2 https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz -O /tmp/rules.tar.gz
  else
    if [ "$myOINKCODE" != "" ];
      then
 	echo "Downloading ET pro ruleset with Oinkcode $myOINKCODE."
-	wget --tries=2 --timeout=2 https://rules.emergingthreatspro.com/$myOINKCODE/suricata-4.0/etpro.rules.tar.gz -O /tmp/rules.tar.gz
+	wget -q --tries=2 --timeout=2 https://rules.emergingthreatspro.com/$myOINKCODE/suricata-4.0/etpro.rules.tar.gz -O /tmp/rules.tar.gz
      else	
        echo "Usage: update.sh <[OPEN, OINKCODE]>"
 	exit
@ -28,9 +27,29 @@ if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" == "OPEN" ];
 fi
 }
-# Download rules
+# Check internet availability 
-fuDLRULES
+function fuCHECKINET () {
 mySITES=$1
 error=0
 for i in $mySITES;
  do
    curl --connect-timeout 5 -Is $i 2>&1 > /dev/null
      if [ $? -ne 0 ];
        then
 	  let error+=1
      fi;
  done;
  echo $error
 }
-# Extract and enable all rules  
+# Check for connectivity and download rules
-tar xvfz /tmp/rules.tar.gz -C /etc/suricata/
+myCHECK=$(fuCHECKINET "rules.emergingthreatspro.com rules.emergingthreats.net")
-sed -i s/^#alert/alert/ /etc/suricata/rules/*.rules
+if [ "$myCHECK" == "0" ];
  then
    fuDLRULES 2>&1 > /dev/null
    tar xvfz /tmp/rules.tar.gz -C /etc/suricata/ 2>&1 > /dev/null
    sed -i s/^#alert/alert/ /etc/suricata/rules/*.rules 2>&1 > /dev/null
    echo "/etc/suricata/capture-filter.bpf"
  else
    echo "/etc/suricata/null.bpf"
 fi