########################################################
# T-Pot                                                #
# Suricata upstart script                              #
#                                                      #
# v16.03.2 by mo, DTAG, 2016-02-08                     #
########################################################

description "Suricata"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
  # Remove any existing suricata containers
  myCID=$(docker ps -a | grep suricata | awk '{ print $1 }')
  if [ "$myCID" != "" ];
    then docker rm -v $myCID;
  fi
  # Remove any data from previous container
  rm -rf /data/suricata/* || true
  mkdir -p /data/suricata/log
  chmod 760 -R /data/suricata
  chown tpot:tpot -R /data/suricata
  myIF=$(route | grep default | awk '{ print $8 }')
  /sbin/ethtool --offload $myIF rx off tx off
  /sbin/ethtool -K $myIF gso off gro off
  /sbin/ip link set $myIF promisc on
end script
script
  # Delayed start to avoid rapid respawning
  sleep $(((RANDOM % 5)+5))
  /usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:latest1603
end script
post-start script
  sleep $(((RANDOM % 5)+5))
end script