Suricata

Suricata

About

Suricata Docker Image based on Alpine image.

Build info

Expand

``` Suricata Configuration: AF_PACKET support: yes eBPF support: no XDP support: no PF_RING support: no NFQueue support: yes NFLOG support: no IPFW support: no Netmap support: no DAG enabled: no Napatech enabled: no WinDivert enabled: no Unix socket enabled: yes Detection enabled: yes Libmagic support: yes libnss support: yes libnspr support: yes libjansson support: yes hiredis support: yes hiredis async with libevent: no Prelude support: no PCRE jit: yes LUA support: yes libluajit: no GeoIP2 support: yes Non-bundled htp: no Hyperscan support: no Libnet support: no liblz4 support: yes HTTP2 decompression: no Rust support: yes Rust strict mode: no Rust compiler path: /usr/bin/rustc Rust compiler version: rustc 1.47.0 Cargo path: /usr/bin/cargo Cargo version: cargo 1.47.0 Cargo vendor: yes Python support: yes Python path: /usr/bin/python3 Python distutils yes Python yaml yes Install suricatactl: yes Install suricatasc: yes Install suricata-update: yes Profiling enabled: no Profiling locks enabled: no Plugin support (experimental): yes ```

Supported tags

latest

Usage

Create volumes:

docker volume create suricata
docker volume create rules
docker volume create suricata_log

Pull image (latest or specified version)
```
docker pull malinkinsa/suricata:latest
```

Launch container

docker run --rm -it \
--net=host \
--cap-add=net_admin \
--cap-add=sys_nice \
-v suricata:/etc/suricata \
-v rules:/etc/suricata/rules \
-v suricata_log:/var/log/suricata \
-e CONFIG="-i eth0" \
malinkinsa/suricata:latest

Variables:
- CONFIG - any others command line options of suricata; For example: "-i eth0" or "-i eth0 -S <filename.rules>"

Usage via docker-compose

Clone repo

git clone git@github.com:malinkinsa/docker-suricata.git
cd docker-suricata/docker-compose/

Configure command line options and tag in docker-compose.yml
Launch container
```
docker-compose up -d
```
To-Do
[x] Add example with docker-compose;
[x] Add NFQ;
[x] Change base image to Alpine;
[ ] Add version with enabled profiling;

malinkinsa / docker-suricata