########################################################
# T-Pot                                                #
# Suricata upstart script                              #
#                                                      #
# v0.04 by mo, DTAG, 2015-12-08                        #
########################################################

description "Suricata"
author "mo"
start on (started docker and filesystem)
stop on runlevel [!2345]
respawn
pre-start script
  # Remove any existing suricata containers
  myCID=$(docker ps -a | grep suricata | awk '{ print $1 }')
  if [ "$myCID" != "" ];
    then docker rm -v $myCID;
  fi
  myIF=$(route | grep default | awk '{ print $8 }')
  /sbin/ethtool --offload $myIF rx off tx off
  /sbin/ethtool -K $myIF gso off gro off
  /sbin/ip link set $myIF promisc on
end script
script
  # Delayed start to avoid rapid respawning
  sleep $(((RANDOM % 5)+5))
  /usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data:/data dtagdevsec/suricata:latest1603
end script
post-start script
  sleep $(((RANDOM % 5)+5))
end script