telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Suricata: use suricata-update for rule management

Browse Source 
As a bonus we can now run "suricata-update" using docker-exec,
triggering both a rule update and a Suricata rule reload.
This commit is contained in:
Andrea De Pasquale
2020-11-26 18:10:16 +01:00
parent 2ecef8c607
commit 87a27e4f2b
9 changed files with 39 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docker/suricata/Dockerfile
View File

@ -17,13 +17,15 @@ RUN apk -U --no-cache add \
addgroup -g 2000 suri && \
adduser -S -H -u 2000 -D -g 2000 suri && \
chmod 644 /etc/suricata/*.config && \
cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
cp /root/dist/*.yaml /etc/suricata/ && \
cp /root/dist/*.conf /etc/suricata/ && \
cp /root/dist/*.bpf /etc/suricata/ && \
#
# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
# Download the latest EmergingThreats OPEN ruleset
cp /root/dist/update.sh /usr/bin/ && \
chmod 755 /usr/bin/update.sh && \
update.sh OPEN && \
suricata-update update-sources && \
suricata-update --no-reload && \
#
# Clean up
rm -rf /root/* && \