FROM alpine:3.12.0
#
# Include dist
ADD dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
                 ca-certificates \
                 curl \
                 file \
                 libcap \
                 libnet \
                 wget \
                 python3 \
                 python3-dev && \
                 if [ ! -e /usr/bin/python ]; then ln -sf python3 /usr/bin/python ; fi && \
                 python3 -m ensurepip && \
                 rm -r /usr/lib/python*/ensurepip && \
                 pip3 install --no-cache --upgrade pip setuptools wheel && \
                 if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi && \
		 apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
                 suricata && \
#
# Install python module
    pip install sqlitedict && \
#
# Setup user, groups, configs and scripts
    addgroup -g 2000 suri && \
    adduser -S -H -u 2000 -D -g 2000 suri && \
    chmod 644 /etc/suricata/*.config && \
    cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
    cp /root/dist/*.bpf /etc/suricata/ && \
	cp /root/dist/create_capec_db.py /usr/bin && \
	cp /root/dist/process_suricata_log.py /usr/bin && \
    chmod 755 /usr/bin/create_capec_db.py && \  
    chmod 755 /usr/bin/process_suricata_log.py && \ 
    mkdir /opt/capec && \
    chmod a+rwx -R /opt/capec && \
#
# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
    cp /root/dist/setup-rules.sh /usr/bin/ && \
    chmod 755 /usr/bin/setup-rules.sh && \
    setup-rules.sh  && \
#
# Download the latest CAPEC, CWE, CVE and suricata rules mapping to create CAPEC db
    cp /root/dist/setup-capec.sh /usr/bin/ && \
    chmod 755 /usr/bin/setup-capec.sh && \
    setup-capec.sh  && \
#
# Clean up
    rm -rf /root/* && \
    rm -rf /tmp/* && \
    rm -rf /var/cache/apk/*

COPY docker-entrypoint.sh /usr/local/bin
ENTRYPOINT ["docker-entrypoint.sh"]