########################################################
# T-Pot Community Edition                              #
# Suricata upstart script                              #
#                                                      #
# v0.50 by mo, DTAG, 2015-01-27                        #
########################################################

description "Suricata"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
  # Remove any existing suricata containers
  myCID=$(docker ps -a | grep suricata | awk '{ print $1 }')
  if [ "$myCID" != "" ];
    then docker rm -v $myCID;
  fi
  myIF=$(route | grep default | awk '{ print $8 }')
  /sbin/ethtool --offload $myIF rx off tx off
  /sbin/ethtool -K $myIF gso off gro off
  /sbin/ip link set $myIF promisc on
end script
script
  # Delayed start to avoid rapid respawning
  sleep $(((RANDOM % 5)+5))
  /usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata/ dtagdevsec/suricata
end script