FROM alpine:latest # # Include dist ADD dist/ /root/dist/ # # Install packages RUN apk -U --no-cache add \ ca-certificates \ curl \ file \ libcap \ python3 \ python3-dev \ wget && \ apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \ suricata && \ pip3 install --no-cache-dir --upgrade pip && \ # # Install python module pip3 install sqlitedict && \ # # Setup user, groups, configs and scripts addgroup -g 2000 suri && \ adduser -S -H -u 2000 -D -g 2000 suri && \ chmod 644 /etc/suricata/*.config && \ cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \ cp /root/dist/*.bpf /etc/suricata/ && \ cp /root/dist/create_capec_db.py /usr/bin && \ cp /root/dist/process_suricata_log.py /usr/bin && \ chmod 755 /usr/bin/create_capec_db.py && \ chmod 755 /usr/bin/process_suricata_log.py && \ mkdir /opt/capec && \ chmod a+rwx -R /opt/capec && \ # # Download the latest EmergingThreats ruleset, replace rulebase and enable all rules cp /root/dist/setup-rules.sh /usr/bin/ && \ chmod 755 /usr/bin/setup-rules.sh && \ setup-rules.sh && \ # # Download the latest CAPEC, CWE, CVE and suricata rules mapping to create CAPEC db cp /root/dist/setup-capec.sh /usr/bin/ && \ chmod 755 /usr/bin/setup-capec.sh && \ setup-capec.sh && \ # # Clean up rm -rf /root/* && \ rm -rf /tmp/* && \ rm -rf /var/cache/apk/* COPY docker-entrypoint.sh /usr/local/bin ENTRYPOINT ["docker-entrypoint.sh"]