FROM alpine:3.12.0 # # Include dist ADD dist/ /root/dist/ # # Install packages RUN apk -U --no-cache add \ ca-certificates \ curl \ file \ libcap \ libnet \ wget \ python3 \ python3-dev && \ if [ ! -e /usr/bin/python ]; then ln -sf python3 /usr/bin/python ; fi && \ python3 -m ensurepip && \ rm -r /usr/lib/python*/ensurepip && \ pip3 install --no-cache --upgrade pip setuptools wheel && \ if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi && \ apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \ suricata && \ # # Install python module pip install sqlitedict && \ # # Setup user, groups, configs and scripts addgroup -g 2000 suri && \ adduser -S -H -u 2000 -D -g 2000 suri && \ chmod 644 /etc/suricata/*.config && \ cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \ cp /root/dist/*.bpf /etc/suricata/ && \ cp /root/dist/create_capec_db.py /usr/bin && \ cp /root/dist/process_suricata_log.py /usr/bin && \ chmod 755 /usr/bin/create_capec_db.py && \ chmod 755 /usr/bin/process_suricata_log.py && \ mkdir /opt/capec && \ chmod a+rwx -R /opt/capec && \ # # Download the latest EmergingThreats ruleset, replace rulebase and enable all rules cp /root/dist/setup-rules.sh /usr/bin/ && \ chmod 755 /usr/bin/setup-rules.sh && \ setup-rules.sh && \ # # Download the latest CAPEC, CWE, CVE and suricata rules mapping to create CAPEC db cp /root/dist/setup-capec.sh /usr/bin/ && \ chmod 755 /usr/bin/setup-capec.sh && \ setup-capec.sh && \ # # Clean up rm -rf /root/* && \ rm -rf /tmp/* && \ rm -rf /var/cache/apk/* COPY docker-entrypoint.sh /usr/local/bin ENTRYPOINT ["docker-entrypoint.sh"]