Merge cbcf7871ec into 04e44dfd43

docker/suricata/Dockerfile

@@ -20,10 +20,10 @@ RUN apk --no-cache -U upgrade && \
     cp /root/dist/*.yaml /etc/suricata/ && \
     cp /root/dist/*.conf /etc/suricata/ && \
     cp /root/dist/*.bpf /etc/suricata/ && \
-    cp /root/dist/update.sh /usr/bin/ && \
+    cp /root/dist/entrypoint.sh /usr/bin/ && \
     chmod 644 /etc/suricata/*.config && \
     chmod 755 -R /var/lib/suricata && \
-    chmod 755 /usr/bin/update.sh && \
+    chmod 755 /usr/bin/entrypoint.sh && \
     chown -R root:suri /tmp /run && \
 #
 # Download the latest EmergingThreats OPEN ruleset
@@ -37,4 +37,4 @@ RUN apk --no-cache -U upgrade && \
 #
 # Start suricata
 STOPSIGNAL SIGINT
-CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(ip route | grep "^default" | awk '{ print $5 }')
+ENTRYPOINT ["entrypoint.sh"]

docker/suricata/dist/entrypoint.sh

@@ -1,4 +1,5 @@
 #!/bin/ash
+set -eo pipefail
 
 # Let's ensure normal operation on exit or if interrupted ...
 function fuCLEANUP {
@@ -7,7 +8,7 @@ function fuCLEANUP {
 trap fuCLEANUP EXIT
 
 ### Vars
-myOINKCODE="$1"
+myOINKCODE="${OINKCODE}"
 
 # Check internet availability 
 function fuCHECKINET () {
@@ -15,7 +16,7 @@ mySITES=$1
 error=0
 for i in $mySITES;
   do
-    curl --connect-timeout 5 -Is $i 2>&1 > /dev/null
+    curl --connect-timeout 5 -Is "$i" 2>&1 > /dev/null
       if [ $? -ne 0 ];
         then
 	  let error+=1
@@ -28,17 +29,17 @@ for i in $mySITES;
 myCHECK=$(fuCHECKINET "rules.emergingthreatspro.com rules.emergingthreats.net")
 if [ "$myCHECK" == "0" ];
   then
-    if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" != "OPEN" ];
+    if [ "${myOINKCODE}" != "" ] && [ "${myOINKCODE}" != "OPEN" ];
       then
-        suricata-update -q enable-source et/pro secret-code=$myOINKCODE > /dev/null
+        suricata-update -q enable-source et/pro secret-code="${myOINKCODE}"
       else
         # suricata-update uses et/open ruleset by default if not configured
         rm -f /var/lib/suricata/update/sources/et-pro.yaml 2>&1 > /dev/null
     fi
-    suricata-update -q --no-test --no-reload > /dev/null
-    echo "/etc/suricata/capture-filter.bpf"
+    suricata-update -q --no-test --no-reload
+    SURICATA_CAPTURE_FILTER="/etc/suricata/capture-filter.bpf"
   else
-    echo "/etc/suricata/null.bpf"
+    SURICATA_CAPTURE_FILTER="/etc/suricata/null.bpf"
 fi
 
 # Download rules via URL
@@ -57,3 +58,13 @@ if [ "$FROMURL" != "" ] ; then
     done
     IFS=$SAVEIFS
 fi
+
+# Determine IF
+myIF="$(ip route | grep "^default" | awk '{ print $5 }')"
+
+# Info
+echo "- Capture filter: ${SURICATA_CAPTURE_FILTER}"
+echo "- Interface: ${myIF}"
+
+# Run Suricata
+exec suricata -v -F "${SURICATA_CAPTURE_FILTER}" -i "${myIF}"

update.sh

@@ -53,6 +53,7 @@ function fuCHECKINET () {
 function fuSELFUPDATE () {
 	echo
 	echo "### Now checking for newer files in repository ..."
+	echo "### T-Pot... TPOT_TYPE is set to: $myTPOT_TYPE"
 	git fetch --all
 	myREMOTESTAT=$(git status | grep -c "up-to-date")
 	if [ "$myREMOTESTAT" != "0" ];
@@ -67,13 +68,31 @@ function fuSELFUPDATE () {
 	    echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE"
 	    git reset --hard
 	    git pull --force
-	    exec ./update.sh -y
-	    exit 1
-	  else
+		# check if myTPOT_TYPE is set
+		if [ -z "$myTPOT_TYPE" ]; then
+			exec ./update.sh
+		else
+        	exec ./update.sh -y $myTPOT_TYPE
+		fi
+	else
 	    echo "###### $myBLUE""Pulling updates from repository.""$myWHITE"
 	    git reset --hard
 	    git pull --force
 	fi
+	if [ -z "$myTPOT_TYPE" ]; then
+		echo
+	else
+		grep -q "^TPOT_TYPE=" .env && sed -i "s/^TPOT_TYPE=.*/TPOT_TYPE=${myTPOT_TYPE}/" .env
+		echo "### T-Pot type set to: $myTPOT_TYPE in .env"
+		if [ "$myTPOT_TYPE" == "SENSOR" ]; then
+			echo "### Copying compose/sensor.yml to docker-compose.yml"
+			cp compose/sensor.yml docker-compose.yml
+		else
+			echo
+		fi
+	fi
+	exit 1
+
 	echo
 }
 
@@ -194,6 +213,19 @@ function fuRESTORE () {
 	sed -i "s/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/" $HOME/tpotce/.env
 }
 
+function fuREADTPOT_TYPE () {
+	if [ -f .env ]; then
+		# reads the TPOT_TYPE from the .env file
+		myTPOT_TYPE=$(grep -E '^TPOT_TYPE=' .env | cut -d '=' -f2)
+		# Verify if TPOT_TYPE is set
+		if [ -z "$myTPOT_TYPE" ]; then
+			myTPOT_TYPE="HIVE"
+		fi
+	else
+		myTPOT_TYPE="HIVE"
+	fi
+}
+
 ################
 # Main section #
 ################
@@ -211,11 +243,23 @@ if [ "$1" != "-y" ]; then
   exit
 fi
 
+# if exists second argument, use it as T-Pot type, only if SENSOR or HIVE
+if [ -n "$2" ]; then
+  if [[ "$2" == "SENSOR" || "$2" == "HIVE" ]]; then
+	myTPOT_TYPE="$2"
+  else
+	myTPOT_TYPE="HIVE"
+  fi
+else
+  myTPOT_TYPE="HIVE"
+fi
+
+fuREADTPOT_TYPE
 fuCHECK_VERSION
 fuCHECKINET "https://index.docker.io https://github.com"
 fuSTOP_TPOT
 fuBACKUP
-fuSELFUPDATE "$0" "$@"
+fuSELFUPDATE "$0" "$@" "$myTPOT_TYPE"
 fuUPDATER
 fuRESTORE