fix offline suricata Docker container does not initialize suricata co…

…nfig file #564
idaholab · Sep 17, 2024 · 4e245e1 · 4e245e1
1 parent 6c69a92
commit 4e245e1
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 5 deletions.
diff --git a/Dockerfiles/suricata.Dockerfile b/Dockerfiles/suricata.Dockerfile
@@ -118,8 +118,8 @@ RUN export BINARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
       usermod -a -G tty ${PUSER} && \
     ln -sfr /usr/local/bin/pcap_processor.py /usr/local/bin/pcap_suricata_processor.py && \
         (echo "0 */6 * * * /bin/bash /usr/local/bin/suricata-update-rules.sh\n" > ${SUPERCRONIC_CRONTAB}) && \
-    mkdir -p "$SURICATA_CUSTOM_RULES_DIR" "$SURICATA_DEFAULT_RULES_DIR" "$SURICATA_CUSTOM_CONFIG_DIR" && \
-        chown -R ${PUSER}:${PGROUP} "$SURICATA_CUSTOM_RULES_DIR" "$SURICATA_DEFAULT_RULES_DIR" "$SURICATA_CUSTOM_CONFIG_DIR" && \
+    mkdir -p "$SURICATA_CUSTOM_RULES_DIR" "$SURICATA_DEFAULT_RULES_DIR" "$SURICATA_CONFIG_DIR" "$SURICATA_CUSTOM_CONFIG_DIR" && \
+        chown -R ${PUSER}:${PGROUP} "$SURICATA_CUSTOM_RULES_DIR" "$SURICATA_DEFAULT_RULES_DIR" "$SURICATA_CONFIG_DIR" "$SURICATA_CUSTOM_CONFIG_DIR" && \
     cp "$(dpkg -L suricata-update | grep 'update\.yaml$' | head -n 1)" \
         "$SURICATA_UPDATE_CONFIG_FILE" && \
     suricata-update update-sources --verbose --data-dir "$SURICATA_MANAGED_DIR" --config "$SURICATA_UPDATE_CONFIG_FILE" --suricata-conf "$SURICATA_CONFIG_FILE" && \

diff --git a/shared/bin/suricata_config_populate.py b/shared/bin/suricata_config_populate.py
@@ -702,6 +702,16 @@ def main():
         metavar='<string>',
         help="Output YAML file (take precedence over --inplace)",
     )
+    parser.add_argument(
+        '-s',
+        '--suricata',
+        dest='suricataBin',
+        type=str,
+        default=os.getenv('SURICATA_BIN', '/usr/bin/suricata'),
+        required=False,
+        metavar='<string>',
+        help="Suricata binary",
+    )
     try:
         parser.error = parser.exit
         args = parser.parse_args()
@@ -1264,7 +1274,7 @@ def main():
 
             script_return_code, output = run_process(
                 [
-                    'suricata',
+                    args.suricataBin,
                     f"-{('v' * (argsOrigVerbose-1)) if (argsOrigVerbose > 1) else 'v'}",
                     '-c',
                     os.path.join(tmpLogDir, 'suricata.yaml'),

diff --git a/suricata/scripts/docker_entrypoint.sh b/suricata/scripts/docker_entrypoint.sh
@@ -3,13 +3,15 @@
 # ensure capabilities for capture
 setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' /usr/bin/suricata || true
 
+[[ -x /usr/bin/suricata-offline ]] && SURICATA_TEST_CONFIG_BIN=/usr/bin/suricata-offline || SURICATA_TEST_CONFIG_BIN=/usr/bin/suricata
+
 # modify suricata.yaml according to environment variables (as non-root)
 if [[ "$(id -u)" == "0" ]] && [[ -n "$PUSER" ]]; then
     su -s /bin/bash -p ${PUSER} << EOF
-        /usr/local/bin/suricata_config_populate.py ${SURICATA_TEST_CONFIG_VERBOSITY:-} >&2
+        /usr/local/bin/suricata_config_populate.py --suricata ${SURICATA_TEST_CONFIG_BIN} ${SURICATA_TEST_CONFIG_VERBOSITY:-} >&2
 EOF
 else
-    /usr/local/bin/suricata_config_populate.py ${SURICATA_TEST_CONFIG_VERBOSITY:-} >&2
+    /usr/local/bin/suricata_config_populate.py --suricata ${SURICATA_TEST_CONFIG_BIN} ${SURICATA_TEST_CONFIG_VERBOSITY:-} >&2
 fi
 
 # start supervisor (which will spawn pcap-suricata, cron, etc.) or whatever the default command is