Merge pull request #484 from Security-Onion-Solutions/TOoSmOotH-patch-5

Update Dockerfile

so-suricata/Dockerfile

@@ -1,41 +1,35 @@
-# Copyright 2014-2023 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-FROM ghcr.io/security-onion-solutions/centos:7 as builder
-
-RUN yum -y install epel-release
-RUN yum -y install jansson-devel libpcap-devel python3 libpcap-devel openssl-devel zlib-devel jemalloc-devel python3-devel kernel-devel kernel-headers libjansson libgeoip liblua5.1 curl wget make gcc pkg-config libhiredis libevent pcre-devel libpcre libmagic zlib libyaml rustc cargo libyaml-devel libcap-ng-devel file-devel nss-devel nspr-devel python3-yaml luajit-devel luajit
-
-ENV SURIVERSION=6.0.15
+FROM ghcr.io/security-onion-solutions/oraclelinux:9 as builder
+
+RUN yum -y install epel-release && \
+    dnf config-manager --enable ol9_codeready_builder
+
+RUN dnf -y install oraclelinux-developer-release-el9 
+RUN dnf repolist
+RUN dnf -y install autoconf automake diffutils file-devel gcc gcc-c++ git \
+               jansson-devel jq libcap-ng-devel libevent-devel \
+               libmaxminddb-devel libnet-devel libnetfilter_queue-devel \
+               libnfnetlink-devel libpcap-devel libtool libyaml-devel \
+               lua-devel lz4-devel make nss-devel pcre-devel pcre2-devel pkgconfig \
+               python3-devel python3-sphinx python3-yaml sudo which cargo \
+               zlib-devel luajit-devel cargo && cargo install --force cbindgen
+ENV SURIVERSION=7.0.2
 RUN mkdir /suricata
 
 WORKDIR /suricata
 
 RUN curl -vO https://www.openinfosecfoundation.org/download/suricata-$SURIVERSION.tar.gz && tar zxvf suricata-$SURIVERSION.tar.gz && \
-    cd suricata-$SURIVERSION && ./configure --enable-rust --enable-luajit --prefix=/opt/suricata --sysconfdir=/etc --disable-gccmarch-native --localstatedir=/var && make
+    cd suricata-$SURIVERSION && ./configure --enable-rust --enable-luajit --prefix=/opt/suricata --sysconfdir=/etc --disable-gccmarch-native --localstatedir=/var && make -j4
 RUN mkdir suriinstall && cd suricata-$SURIVERSION && make install DESTDIR=/suricata/suriinstall && make install-conf DESTDIR=/suricata/suriinstall && rm -rf /suricata/suriinstall/var/run
 
-FROM ghcr.io/security-onion-solutions/centos:7
+FROM ghcr.io/security-onion-solutions/oraclelinux:9
 
 LABEL maintainer "Security Onion Solutions, LLC"
 LABEL description="Suricata running in a docker with AF_Packet for use with Security Onion."
 
 COPY --from=builder /suricata/suriinstall/ /
 
 RUN yum -y install epel-release bash libpcap iproute && \
-    yum -y install GeoIP luajit libnet jansson libyaml cargo rustc && \
+    yum -y install luajit libnet jansson libyaml cargo rustc nss nss-devel && \
     yum -y erase epel-release && yum clean all && rm -rf /var/cache/yum && \
     groupadd --gid 940 suricata && \
     adduser --uid 940 --gid 940 --home-dir /etc/suricata --no-create-home suricata && \
@@ -46,6 +40,6 @@ RUN yum -y install epel-release bash libpcap iproute && \
 ADD files/so-suricata.sh /usr/local/sbin/so-suricata.sh
 
 RUN chmod +x /usr/local/sbin/so-suricata.sh
-RUN rpm -i https://github.com/axellioinc/fx-libpcap/releases/download/fxlibpcap-1.9.1/fx-libpcap-1.9.1-1.el7.x86_64.rpm
+RUN rpm -i https://github.com/axellioinc/fx-libpcap/releases/download/px3_1.9.1-3/fx-libpcap-1.9.1-3.el7_9.x86_64.rpm
 
 ENTRYPOINT ["/usr/local/sbin/so-suricata.sh"]