mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-29 03:38:51 +00:00
38fce345cf
fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available
32 lines
1,016 B
Docker
32 lines
1,016 B
Docker
FROM alpine
|
|
|
|
# Include dist
|
|
ADD dist/ /root/dist/
|
|
|
|
# Install packages
|
|
RUN apk -U --no-cache add \
|
|
ca-certificates \
|
|
curl \
|
|
file \
|
|
libcap \
|
|
wget && \
|
|
apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
|
|
suricata && \
|
|
|
|
# Setup user, groups and configs
|
|
addgroup -g 2000 suri && \
|
|
adduser -S -H -u 2000 -D -g 2000 suri && \
|
|
cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
|
|
cp /root/dist/*.bpf /etc/suricata/ && \
|
|
|
|
# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
|
|
cp /root/dist/update.sh /usr/bin/ && \
|
|
chmod 755 /usr/bin/update.sh && \
|
|
update.sh OPEN && \
|
|
|
|
# Clean up
|
|
rm -rf /root/* && \
|
|
rm -rf /var/cache/apk/*
|
|
|
|
# Start suricata
|
|
CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
|