From 744f1857c50b3de958c630e4938d3cfcf580dc8b Mon Sep 17 00:00:00 2001 From: Yun Zheng Hu Date: Mon, 2 Dec 2024 09:24:08 +0000 Subject: [PATCH] Add netcat-openbsd to Suricata image for PCAP_OVER_IP The Suricata entrypoint.sh uses `nc -d` to detach from stdin when using PCAP_OVER_IP mode, however the builtin nc of BusyBox does not have this flag. This ensures that netcat-openbsd is installed so it can use this flag. --- suricata/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/suricata/Dockerfile b/suricata/Dockerfile index 06e0587..f5b2d4a 100644 --- a/suricata/Dockerfile +++ b/suricata/Dockerfile @@ -7,7 +7,7 @@ COPY ./suricata-eve-sqlite-output/ /src/ RUN RUSTFLAGS="-C target-feature=-crt-static" cargo build --release FROM alpine:3.20 -RUN apk add --no-cache suricata lua5.1-sqlite +RUN apk add --no-cache suricata lua5.1-sqlite netcat-openbsd COPY . /suricata COPY --from=builder /src/target/release/libeve_sqlite_output.so /suricata/ ENTRYPOINT ["/suricata/entrypoint.sh"]