telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

tweaking

Browse Source 
fix condition when no internet connection is available
check internet connection before download of rules and avoid errors
check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available
This commit is contained in:
Marco Ochse
2018-05-23 13:02:19 +00:00
parent fbe1fff088
commit 38fce345cf
3 changed files with 38 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
docker/suricata/Dockerfile
View File

@ -4,21 +4,20 @@ FROM alpine
ADD dist/ /root/dist/
# Install packages
RUN apk -U upgrade && \
apk add bash \
ca-certificates \
file \
libcap \
procps \
wget && \
RUN apk -U --no-cache add \
ca-certificates \
curl \
file \
libcap \
wget && \
apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
suricata && \
suricata && \
# Setup user, groups and configs
addgroup -g 2000 suri && \
adduser -S -H -u 2000 -D -g 2000 suri && \
mv /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
mv /root/dist/capture-filter.bpf /etc/suricata/capture-filter.bpf && \
cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
cp /root/dist/*.bpf /etc/suricata/ && \
# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
cp /root/dist/update.sh /usr/bin/ && \
@ -30,4 +29,4 @@ RUN apk -U upgrade && \
rm -rf /var/cache/apk/*
# Start suricata
CMD update.sh $OINKCODE && exec suricata -v -F /etc/suricata/capture-filter.bpf -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])