mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-07-02 01:27:27 -04:00 
			
		
		
		
	
		
			
				
	
	
		
			40 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			40 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| ########################################################
 | |
| # T-Pot                                                #
 | |
| # Suricata upstart script                              #
 | |
| #                                                      #
 | |
| # v16.03.3 by mo, DTAG, 2016-03-04                     #
 | |
| ########################################################
 | |
| 
 | |
| description "Suricata"
 | |
| author "mo"
 | |
| start on started docker and filesystem
 | |
| stop on runlevel [!2345]
 | |
| respawn
 | |
| pre-start script
 | |
|   # Remove any existing suricata containers
 | |
|   myCID=$(docker ps -a | grep suricata | awk '{ print $1 }')
 | |
|   if [ "$myCID" != "" ];
 | |
|     then docker rm -v $myCID;
 | |
|   fi
 | |
|   # Remove any data from previous container if persistence is not enabled 
 | |
|   if ! [ -f /data/persistence.on ];
 | |
|     then
 | |
|       rm -rf /data/suricata/* || true
 | |
|       mkdir -p /data/suricata/log
 | |
|       chmod 760 -R /data/suricata
 | |
|       chown tpot:tpot -R /data/suricata
 | |
|   fi
 | |
|   # Get IF, disable offloading, enable promiscious mode
 | |
|   myIF=$(route | grep default | awk '{ print $8 }')
 | |
|   /sbin/ethtool --offload $myIF rx off tx off
 | |
|   /sbin/ethtool -K $myIF gso off gro off
 | |
|   /sbin/ip link set $myIF promisc on
 | |
| end script
 | |
| script
 | |
|   /usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:latest1603
 | |
| end script
 | |
| post-start script
 | |
|   # Delay next start to avoid rapid respawning
 | |
|   sleep 2
 | |
| end script
 | 
