search

jasonish / docker-suricata

A Suricata Docker image.
https://hub.docker.com/r/jasonish/suricata/
MIT License
250 stars 76 forks source link

Suricata Update #30

Closed gFazzari closed 1 year ago

gFazzari commented 1 year ago

Hi!

I'd like to know if there is a way to run suricata-update inside the container. I tried to extend the base image installing the crontab package, but I think the crond process is not running. Do you have any advice to make it work?

Thanks.

jasonish commented 1 year ago

Suricata-Update can run inside the container, but you still have to execute on your own. Just adding cron to the container is not enough.

Say you have Suricata running in a container:

docker run --rm -it --privileged --name=suricata --net=host jasonish/suricata:latest -i enp10s0 -vvv

from outside the container you can do something like:

docker exec -it suricata suricata-update

If watching the output of the Suricata container you will see that suricata-update does trigger a rule reload.

Cron is already installed, so you could extend the image, add the relevant cron files to run Suriata-Update and then start cron after your Suricata container is started:

docker exec suricata crond

But this isn't provided out of the box. Its up to the user to work into their own container orchestration, at least for now.