Merge cbcf7871ec into 39193ecd98

docker/suricata/Dockerfile

@@ -20,10 +20,10 @@ RUN apk --no-cache -U upgrade && \
     cp /root/dist/*.yaml /etc/suricata/ && \
     cp /root/dist/*.conf /etc/suricata/ && \
     cp /root/dist/*.bpf /etc/suricata/ && \
-    cp /root/dist/entrypoint.sh /usr/bin/ && \
+    cp /root/dist/update.sh /usr/bin/ && \
     chmod 644 /etc/suricata/*.config && \
     chmod 755 -R /var/lib/suricata && \
-    chmod 755 /usr/bin/entrypoint.sh && \
+    chmod 755 /usr/bin/update.sh && \
     chown -R root:suri /tmp /run && \
 #
 # Download the latest EmergingThreats OPEN ruleset
@@ -37,4 +37,4 @@ RUN apk --no-cache -U upgrade && \
 #
 # Start suricata
 STOPSIGNAL SIGINT
-ENTRYPOINT ["entrypoint.sh"]
+CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(ip route | grep "^default" | awk '{ print $5 }')

docker/suricata/dist/update.sh

@@ -1,5 +1,4 @@
 #!/bin/ash
-set -eo pipefail
 
 # Let's ensure normal operation on exit or if interrupted ...
 function fuCLEANUP {
@@ -8,7 +7,7 @@ function fuCLEANUP {
 trap fuCLEANUP EXIT
 
 ### Vars
-myOINKCODE="${OINKCODE}"
+myOINKCODE="$1"
 
 # Check internet availability 
 function fuCHECKINET () {
@@ -16,7 +15,7 @@ mySITES=$1
 error=0
 for i in $mySITES;
   do
-    curl --connect-timeout 5 -Is "$i" 2>&1 > /dev/null
+    curl --connect-timeout 5 -Is $i 2>&1 > /dev/null
       if [ $? -ne 0 ];
         then
 	  let error+=1
@@ -29,17 +28,17 @@ for i in $mySITES;
 myCHECK=$(fuCHECKINET "rules.emergingthreatspro.com rules.emergingthreats.net")
 if [ "$myCHECK" == "0" ];
   then
-    if [ "${myOINKCODE}" != "" ] && [ "${myOINKCODE}" != "OPEN" ];
+    if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" != "OPEN" ];
       then
-        suricata-update -q enable-source et/pro secret-code="${myOINKCODE}"
+        suricata-update -q enable-source et/pro secret-code=$myOINKCODE > /dev/null
       else
         # suricata-update uses et/open ruleset by default if not configured
         rm -f /var/lib/suricata/update/sources/et-pro.yaml 2>&1 > /dev/null
     fi
-    suricata-update -q --no-test --no-reload
+    suricata-update -q --no-test --no-reload > /dev/null
-    SURICATA_CAPTURE_FILTER="/etc/suricata/capture-filter.bpf"
+    echo "/etc/suricata/capture-filter.bpf"
   else
-    SURICATA_CAPTURE_FILTER="/etc/suricata/null.bpf"
+    echo "/etc/suricata/null.bpf"
 fi
 
 # Download rules via URL
@@ -58,13 +57,3 @@ if [ "$FROMURL" != "" ] ; then
     done
     IFS=$SAVEIFS
 fi
-
-# Determine IF
-myIF="$(ip route | grep "^default" | awk '{ print $5 }')"
-
-# Info
-echo "- Capture filter: ${SURICATA_CAPTURE_FILTER}"
-echo "- Interface: ${myIF}"
-
-# Run Suricata
-exec suricata -v -F "${SURICATA_CAPTURE_FILTER}" -i "${myIF}"