On some systems, interface number 2 is not always the correct one.
With AWK we now collect the first active interface having both an
address and a broadcast.
# Summary of Changes
## Bugfixes 🐛
* Add `py3-pip` (Alpine apk package for Python3 Pip). The absence of this APK dependency will cause the container build to fail.
* Add a step to create an empty file at `/root/dist/empty.conf`, this ensures subsequent steps to cleanup don't cause the container build to fail.
## Improvements ✨
* Invoke `make` with `-j $(nproc)`. This forces `make` to spread the build process out over the number of logical cores available to the `make` process, significantly decreasing build times on multi-core systems.
Prevent the error below by disabling stats globally and in eve-log:
<Error> - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true.
ELK 7.6.0 is not ready for production, however it works if APM is enabled (disabled in config, so image wont build as precaution)
Remove SISSDEN from ewsposter, suricata
Bump suricata to 5.0.1
Alpine now support suricata incl. enabled JA3 support, move back to Alpine install
fix condition when no internet connection is available
check internet connection before download of rules and avoid errors
check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available
