openeuler/suricata Docker 镜像 - 轩辕镜像 | Docker 镜像高效稳定拉取服务
openeuler/suricataopeneuler
下载次数: 0状态:社区镜像维护者:openeuler仓库类型:镜像最近更新:6 个月前
Quick reference
-
The official Suricata docker image.
-
Maintained by: openEuler CloudNative SIG.
-
Where to get help: openEuler CloudNative SIG, openEuler.
Suricata | openEuler
Current Suricata docker images are built on the openEuler. This repository is free to use and exempted from per-user rate limits.
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. It is open source and owned by a community-run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF.
Supported tags and respective Dockerfile links
The tag of each suricata docker image is consist of the version of suricata and the version of basic image. The details are as follows
| Tags | Currently | Architectures |
|---|---|---|
| 8.0.1-oe2403sp2 | suricata 8.0.1 on openEuler 24.03-LTS-SP2 | amd64, arm64 |
| 7.0.8-oe2403lts | suricata 7.0.8 on openEuler 24.03-LTS | amd64, arm64 |
Usage
In this usage, users can select the corresponding {Tag} based on their requirements.
-
Online Documentation You can find the latest suricata documentation, including a programming guide, on the project web page. This README file only contains basic setup instructions.
-
Pull the
openeuler/suricataimage from dockerbashdocker pull openeuler/suricata:{Tag} -
Usage You will most likely want to run Suricata on a network interface on your host machine rather than the network interfaces normally provided inside a container:
bashdocker run -it --rm \ -v /var/log/suricata:/var/log/suricata \ -v /var/lib/suricata:/var/lib/suricata \ -v /var/run/suricata:/var/run/suricata \ -v /etc/suricata:/etc/suricata \ --net=host \ --cap-add=net_admin \ --cap-add=net_raw \ --cap-add=sys_nice \ openeuler/suricata:<Tag> \ -i eth0Additionally, this container will attempt to run Suricata as a non-root user provided the containers has the capabilities to do so. In order to monitor a network interface, and drop root privileges the container must have the
sys_nice,net_admin, andnet_rawcapabilities. If the container detects that it does not have these capabilities, Suricata will be run as root. -
Container startup options
Option Description -i eth0Specify that Suricata should monitor the network interface eth0.-v /var/log/suricata:/var/log/suricataMount the log directory. -v /var/lib/suricata:/var/lib/suricataMount the lib directory. -v /etc/suricata:/etc/suricataMount the configuration file directory. -v /etc/suricata:/etc/suricataMount the configuration file directory. --cap-add=net_adminAllow the container to perform network administration tasks. --cap-add=sys_niceAllow the container to adjust the priority (nice value) of processes running inside it. --cap-add=net_rawGrant the container the ability to send and receive raw network packets. --net=hostAllows the container to use the host's network directly. -
To get an interactive shell
bashdocker run -it --rm --entrypoint bash openeuler/suricata:{Tag} bash
Question and answering
If you have any questions or want to use some special features, please submit an issue or a pull request on openeuler-docker-images.
镜像拉取常见问题
使用与功能问题
错误码与失败问题
manifest unknown 错误:镜像不存在或标签错误
manifest unknown 错误
TLS/SSL 证书验证失败:Docker pull 时 HTTPS 证书错误
TLS 证书验证失败
DNS 解析超时:无法解析镜像仓库地址或连接超时
DNS 解析超时
410 Gone 错误:Docker 版本过低导致协议不兼容
410 错误:版本过低
402 Payment Required 错误:流量耗尽错误提示
402 错误:流量耗尽
401 UNAUTHORIZED 错误:身份认证失败或登录信息错误
身份认证失败错误
429 Too Many Requests 错误:请求频率超出专业版限制
429 限流错误
Docker login 凭证保存错误:Cannot autolaunch D-Bus(不影响登录)
凭证保存错误
账号 / 计费 / 权限
用户好评
来自真实用户的反馈,见证轩辕镜像的优质服务
oldzhang
运维工程师
Linux服务器
5
"Docker访问体验非常流畅,大镜像也能快速完成下载。"