If I install suricata on Nethserver than run WordPress via Docker, does my webapps will be under suricata protection ?
Good question. I think it’s not possible to activate Neth suricata for a docker network but I didn’t test…
Maybe this could be helpful:
How the apps will be available?
- On Internet?
- On LAN?
- On other network segments?
Through which method? - Port Forwarding?
- Firewall rules?
- Reverse Proxy?
- Virtual Host?
Any option can dramatically change the environment, therefore the security considerations.
Using IPS/IDS is par se a tough job in balancing load, rules, behaviors, interoperability. Adding the container approach is a further step into design the security of the setup, not a blind try-error-solve-gotobegin experience.
the query arrives from internet to nethserver (single interface green).
which host the nethserver-docker and nethserver-suricata
my 2 scenarios are:
- nethserver-apache is used as reverse-proxy which redirect the query to the wordpress container
- my reverse proxy is a container nginx which redirect the query https to the wordpress container
My thought is suricata inspects the network traffic so it could intercept suspicious query at TCP level before sending it to apache and/or nginx, but this come from my experience with snort on pfSense which act as a gateway for a network so I’m not sure.
If the traffic comes from Internet, suricata Will inspect it.
As far as I remember, the only traffic not inspected should be the one inside docker network itself
3 Likes
so we understand it the same way since the docker network throught another interface 
thanks!