Suricata: use suricata-update for rule management

As a bonus we can now run "suricata-update" using docker-exec,
triggering both a rule update and a Suricata rule reload.

docker/suricata/Dockerfile.from.source

@@ -59,8 +59,7 @@ RUN    apk -U add \
                libhtp \
                libhtp-dev && \
 #
-# Upgrade pip, install suricata-update to meet deps, however we will not be using it 
-# to reduce image (no python needed) and use the update script.
+# Upgrade pip, install suricata-update to meet deps
     pip3 install --no-cache-dir --upgrade pip && \
     pip3 install --no-cache-dir suricata-update && \
 #
@@ -93,15 +92,17 @@ RUN    apk -U add \
     addgroup -g 2000 suri && \
     adduser -S -H -u 2000 -D -g 2000 suri && \
     chmod 644 /etc/suricata/*.config && \
-    cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
+    cp /root/dist/*.yaml /etc/suricata/ && \
+    cp /root/dist/*.conf /etc/suricata/ && \
     cp /root/dist/*.bpf /etc/suricata/ && \
     mkdir -p /etc/suricata/rules && \
     cp /opt/builder/rules/* /etc/suricata/rules/ && \
 #
-# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
+# Download the latest EmergingThreats OPEN ruleset
     cp /root/dist/update.sh /usr/bin/ && \
     chmod 755 /usr/bin/update.sh && \
-    update.sh OPEN && \
+    suricata-update update-sources && \
+    suricata-update --no-reload && \
 #
 # Clean up
     apk del --purge \
@@ -126,8 +127,6 @@ RUN    apk -U add \
                  nss-dev \
                  nspr-dev \
                  pcre-dev \
-		 python3 \
-                 rust \
                  yaml-dev && \
     rm -rf /opt/builder && \
     rm -rf /root/* && \