mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-26 18:24:45 +00:00 
			
		
		
		
	 481a7ab732
			
		
	
	
		481a7ab732
		
			
		
	
	
	
	
		
			
			# Summary of Changes ## Bugfixes 🐛 * Add `py3-pip` (Alpine apk package for Python3 Pip). The absence of this APK dependency will cause the container build to fail. * Add a step to create an empty file at `/root/dist/empty.conf`, this ensures subsequent steps to cleanup don't cause the container build to fail. ## Improvements ✨ * Invoke `make` with `-j $(nproc)`. This forces `make` to spread the build process out over the number of logical cores available to the `make` process, significantly decreasing build times on multi-core systems.
		
			
				
	
	
		
			140 lines
		
	
	
	
		
			4 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			140 lines
		
	
	
	
		
			4 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| FROM alpine
 | |
| #
 | |
| # VARS
 | |
| ENV VER=6.0.0
 | |
| #
 | |
| # Include dist
 | |
| ADD dist/ /root/dist/
 | |
| #
 | |
| # Install packages
 | |
| #RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 | |
| RUN    apk -U add \
 | |
| 		 py3-pip \
 | |
|                  ca-certificates \
 | |
|                  curl \
 | |
|                  file \
 | |
|                  geoip \
 | |
|                  hiredis \
 | |
|                  jansson \
 | |
|                  libcap-ng \
 | |
|                  libmagic \
 | |
| 		 libmaxminddb \
 | |
|                  libnet \
 | |
|                  libnetfilter_queue \
 | |
|                  libnfnetlink \
 | |
|                  libpcap \
 | |
|                  luajit \
 | |
|                  lz4-libs \
 | |
|                  musl \
 | |
|                  nspr \
 | |
|                  nss \
 | |
|                  pcre \
 | |
|                  yaml \
 | |
|                  wget \
 | |
|                  automake \
 | |
|                  autoconf \
 | |
|                  build-base \
 | |
|                  cargo \
 | |
|                  file-dev \
 | |
|                  geoip-dev \
 | |
|                  hiredis-dev \
 | |
|                  jansson-dev \
 | |
|                  libtool \
 | |
|                  libcap-ng-dev \
 | |
|                  luajit-dev \
 | |
| 		 libmaxminddb-dev \
 | |
|                  libpcap-dev \
 | |
|                  libnet-dev \
 | |
|                  libnetfilter_queue-dev \
 | |
|                  libnfnetlink-dev \
 | |
|                  lz4-dev \
 | |
|                  nss-dev \
 | |
|                  nspr-dev \
 | |
|                  pcre-dev \
 | |
|                  python3 \
 | |
|                  rust \
 | |
|                  yaml-dev && \
 | |
| #
 | |
| # We need latest libhtp[-dev] which is only available in community
 | |
|     apk -U add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
 | |
|                libhtp \
 | |
|                libhtp-dev && \
 | |
| #
 | |
| # Upgrade pip, install suricata-update to meet deps
 | |
|     pip3 install --no-cache-dir --upgrade pip && \
 | |
|     pip3 install --no-cache-dir suricata-update && \
 | |
| #
 | |
| # Get and build Suricata
 | |
|     mkdir -p /opt/builder/ && \
 | |
|     wget https://www.openinfosecfoundation.org/download/suricata-$VER.tar.gz && \
 | |
|     tar xvfz suricata-$VER.tar.gz --strip-components=1 -C /opt/builder/ && \
 | |
|     rm suricata-$VER.tar.gz && \
 | |
|     cd /opt/builder && \
 | |
|     ./configure \
 | |
| 	--prefix=/usr \
 | |
| 	--sysconfdir=/etc \
 | |
| 	--mandir=/usr/share/man \
 | |
| 	--localstatedir=/var \
 | |
| 	--enable-non-bundled-htp \
 | |
| 	--enable-nfqueue \
 | |
|         --enable-rust \
 | |
| 	--disable-gccmarch-native \
 | |
| 	--enable-hiredis \
 | |
| 	--enable-geoip \
 | |
| 	--enable-gccprotect \
 | |
| 	--enable-pie \
 | |
| 	--enable-luajit && \
 | |
|     make -j $(nproc) && \
 | |
|     make check -j $(nproc) && \
 | |
|     make install -j $(nproc) && \
 | |
|     make install-full -j $(nproc) && \
 | |
| #
 | |
| # Setup user, groups and configs
 | |
|     addgroup -g 2000 suri && \
 | |
|     adduser -S -H -u 2000 -D -g 2000 suri && \
 | |
|     chmod 644 /etc/suricata/*.config && \
 | |
|     cp /root/dist/*.yaml /etc/suricata/ && \
 | |
|     touch /root/dist/empty.conf && \
 | |
|     cp /root/dist/*.conf /etc/suricata/ && \
 | |
|     cp /root/dist/*.bpf /etc/suricata/ && \
 | |
|     mkdir -p /etc/suricata/rules && \
 | |
|     cp /opt/builder/rules/* /etc/suricata/rules/ && \
 | |
| #
 | |
| # Download the latest EmergingThreats OPEN ruleset
 | |
|     cp /root/dist/update.sh /usr/bin/ && \
 | |
|     chmod 755 /usr/bin/update.sh && \
 | |
|     suricata-update update-sources && \
 | |
|     suricata-update --no-reload && \
 | |
| #
 | |
| # Clean up
 | |
|     apk del --purge \
 | |
|                  automake \
 | |
|                  autoconf \
 | |
|                  build-base \
 | |
|                  cargo \
 | |
|                  file-dev \
 | |
|                  geoip-dev \
 | |
|                  hiredis-dev \
 | |
|                  jansson-dev \
 | |
|                  libtool \
 | |
|                  libhtp-dev \
 | |
|                  libcap-ng-dev \
 | |
|                  luajit-dev \
 | |
|                  libpcap-dev \
 | |
| 		 libmaxminddb-dev \
 | |
|                  libnet-dev \
 | |
|                  libnetfilter_queue-dev \
 | |
|                  libnfnetlink-dev \
 | |
|                  lz4-dev \
 | |
|                  nss-dev \
 | |
|                  nspr-dev \
 | |
|                  pcre-dev \
 | |
|                  yaml-dev && \
 | |
|     rm -rf /opt/builder && \
 | |
|     rm -rf /root/* && \
 | |
|     rm -rf /tmp/* && \
 | |
|     rm -rf /var/cache/apk/*
 | |
| #
 | |
| # Start suricata
 | |
| STOPSIGNAL SIGINT
 | |
| CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
 |