Closed bitvijays closed 3 years ago
It would be nice if this could be passed as an environment variable or something. Perhaps some day. For now the only way to do this is with a command line parameter.. Something like:
suricata --set vars.address-groups.HOME_NET="[10.16.1.3/32]"
will override the HOME_NET in the configuration file.
Hey @jasonish ,
Thanks Jason :) . I tried that giving the args in Kubernetes and for some reason it doesn't work. Anyways, I tried building a image using Dockerfile and got the below error:
Step 5/24 : RUN if [ "${VERSION}" = "master" ]; then git clone https://github.com/OISF/suricata.git suricata-${VERSION}; git clone https://github.com/OISF/libhtp.git suricata-${VERSION}/libhtp; (cd suricata-${VERSION}/suricata-update && curl -L https://github.com/OISF/suricata-update/archive/master.tar.gz | tar zxf - --strip-components=1); (cd suricata-${VERSION} && ./autogen.sh); else curl -OL https://www.openinfosecfoundation.org/download/suricata-${VERSION}.tar.gz; tar zxf suricata-${VERSION}.tar.gz; fi
---> Running in f9deeac66515
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 196 100 196 0 0 408 0 --:--:-- --:--:-- --:--:-- 407
tar: invalid magic
tar: short read
The command '/bin/sh -c if [ "${VERSION}" = "master" ]; then git clone https://github.com/OISF/suricata.git suricata-${VERSION}; git clone https://github.com/OISF/libhtp.git suricata-${VERSION}/libhtp; (cd suricata-${VERSION}/suricata-update && curl -L https://github.com/OISF/suricata-update/archive/master.tar.gz | tar zxf - --strip-components=1); (cd suricata-${VERSION} && ./autogen.sh); else curl -OL https://www.openinfosecfoundation.org/download/suricata-${VERSION}.tar.gz; tar zxf suricata-${VERSION}.tar.gz; fi' returned a non-zero code: 1
Came across How to solve tar invalid magic error in Alpine Linux added tar
from apk add tar
. However, still getting the same error
Step 5/24 : RUN if [ "${VERSION}" = "master" ]; then git clone https://github.com/OISF/suricata.git suricata-${VERSION}; git clone https://github.com/OISF/libhtp.git suricata-${VERSION}/libhtp; (cd suricata-${VERSION}/suricata-update && curl -L https://github.com/OISF/suricata-update/archive/master.tar.gz | tar zxf - --strip-components=1); (cd suricata-${VERSION} && ./autogen.sh); else curl -OL https://www.openinfosecfoundation.org/download/suricata-${VERSION}.tar.gz; tar zxf suricata-${VERSION}.tar.gz; fi
---> Running in 18fb0479df5f
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 196 100 196 0 0 412 0 --:--:-- --:--:-- --:--:-- 412
gzip: invalid magic
tar: Child returned status 1
tar: Error is not recoverable: exiting now
The command '/bin/sh -c if [ "${VERSION}" = "master" ]; then git clone https://github.com/OISF/suricata.git suricata-${VERSION}; git clone https://github.com/OISF/libhtp.git suricata-${VERSION}/libhtp; (cd suricata-${VERSION}/suricata-update && curl -L https://github.com/OISF/suricata-update/archive/master.tar.gz | tar zxf - --strip-components=1); (cd suricata-${VERSION} && ./autogen.sh); else curl -OL https://www.openinfosecfoundation.org/download/suricata-${VERSION}.tar.gz; tar zxf suricata-${VERSION}.tar.gz; fi' returned a non-zero code: 2
I am building the docker image using a RaspberryPi 4.
These Dockerfiles are really usable as-is. They require some build-args that get passed to them with the "build.sh"... Which may or may not work on the Pi. I've only ever built on x86_64 but tested the images on a Pi4.
You could try:
docker build --build-arg VERSION="6.0.0" -f Dockerfile.alpine-arm64v8 .
if you haven't updated your Pi4 to be in 64 bit mode you should use the arm32v6 Dockerfile instead.
I just tried building the Arm64v8 on my Pi4 that has been updated to 64 bit mode, and it doesn't build. Looks like the arm32v6 one will build tho.
Okies.. No worries.. I will try to build it on my laptop and check. Thank you for the support @jasonish Much appreciated 👍
Dear @jasonish ,
Hope you are doing well. Thank you for creating docker for suricata 👍
I was wondering if there's a way to sent
HOME_NET
variable in thesuricata.yaml
file? For instance, if we are testing suricata in the internal network as a Host IDS, I want to set theHOME_NET
to be the ip address of that machine such as192.168.1.99
. Is that possible without editing the file manually?Also, IP address can change in different deployments (such as deploying it on Kubernetes), so automatic way would be more preferred.
Thank you :)