scirius

extra/scirius.yml

@@ -0,0 +1,30 @@
+version: '3'
+
+services:
+  scirius:
+    container_name: mistborn_production_scirius
+    image: "cyber5k/scirius:${MISTBORN_TAG}"
+    #environment:
+    #  - SECRET_KEY: <SECRET KEY>
+    volumes:
+      - ../../mistborn_volumes/extra/scirius/data:/data
+      - ../../mistborn_volumes/extra/scirius/logs:/logs
+      - ../../mistborn_volumes/extra/scirius/static:/static
+      - ../../mistborn_volumes/extra/scirius/rules:/rules
+      - /var/run/suricata-command.socket:/var/run/suricata-command.socket
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.homeassistant-http.rule=Host(`suricata.mistborn`)"
+      - "traefik.http.routers.homeassistant-http.entrypoints=web"
+      - "traefik.http.routers.homeassistant-http.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.homeassistant-https.rule=Host(`suricata.mistborn`)"
+      - "traefik.http.routers.homeassistant-https.entrypoints=websecure"
+      - "traefik.http.routers.homeassistant-https.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.homeassistant-https.tls.certresolver=basic"
+      - "traefik.http.services.homeassistant-service.loadbalancer.server.port=8000"
+    restart: unless-stopped 
+
+networks:
+  default:
+    external:
+      name: mistborn_default

scripts/env/suricata_init.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+set -e
+
+# minimal dependencies
+sudo -E apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev   \
+                libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev \
+                make libmagic-dev libjansson-dev
+
+## recommended dependencies
+#sudo -E apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev   \
+#                libnet1-dev libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev \
+#                libcap-ng-dev libcap-ng0 make libmagic-dev         \
+#                libgeoip-dev liblua5.1-dev libhiredis-dev libevent-dev \
+#                python-yaml rustc cargo
+
+# iptables/nftables integration
+sudo -E apt-get -y install libnetfilter-queue-dev libnetfilter-queue1  \
+                libnetfilter-log-dev libnetfilter-log1      \
+                libnfnetlink-dev libnfnetlink0
+
+
+if [ "$DISTRO" == "ubuntu" ]; then
+    echo "Installing Suricata Ubuntu PPA"
+    sudo -E add-apt-repository -y ppa:oisf/suricata-stable
+    sudo -E apt-get update
+    sudo -E apt-get install -y suricata
+elif [ "$DISTRO" == "debian" ]; then
+    echo "deb http://http.debian.net/debian $VERSION_CODENAME-backports main" | \
+        sudo -E tee -a /etc/apt/sources.list.d/backports.list
+    sudo -E apt-get update
+    sudo -E apt-get install -y suricata -t ${VERSION_CODENAME}-backports
+else
+    echo "Basic Suricata installation"
+    sudo -E apt-get install -y suricata
+fi
+
+# # iptables
+# sudo iptables -A INPUT -j NFQUEUE
+# sudo iptables -I FORWARD -j NFQUEUE
+# sudo iptables -I OUTPUT -j NFQUEUE
+
+# # rsyslog to create /var/log/suricata.log
+# sudo cp ./scripts/conf/20-suricata.conf /etc/rsyslog.d/
+# sudo chown root:root /etc/rsyslog.d/20-suricata.conf
+# sudo systemctl restart rsyslog

scripts/services/Mistborn-scirius.service

@@ -0,0 +1,24 @@
+[Unit]
+Description=Mistborn Scirius
+Requires=Mistborn-base.service
+After=Mistborn-base.service
+PartOf=Mistborn-base.service
+
+[Service]
+Restart=always
+User=root
+Group=docker
+PermissionsStartOnly=true
+#EnvironmentFile=/opt/mistborn/.envs/.production/.scirius
+ExecStartPre=/opt/mistborn/scripts/env/suricata_init.sh
+# Shutdown container (if running) when unit is stopped
+ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/scirius.yml down
+
+# Start container when unit is started
+ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/scirius.yml up --build
+# Stop container when unit is stopped
+ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/scirius.yml down
+# Post stop
+
+[Install]
+WantedBy=multi-user.target