#404 MacOS support

[vid-pas]

My goal, was to use a locally hosted docker install for threat hunter and read a remote suricata install.
On the way there, I wanted to stand up this SELKS stack on my Mac.

I made the following changes which enabled me to start and run the SELKS stack successfully on MacOS Monterey v12.6 on an M1 MBPro.

This might address #404; though I haven't tested the impact of these changes on a linux box.

Steps:

1. I tried the easy-setup
2. When that failed (failed to mount local volume: mount ./containers-data/suricata/logrotate...), I tried the Manual Docker install
   2a. That required several docker-compose edits updating the start of the local volume paths ./ to ${pwd}/ as well as adding required directories (that failed to be created in the easy-setup.
   2b. I also had to bypass the declared name for the suricata-logrotate volume; something about that was still not mac friendly. but it worked below with the explicit path.
3. I then returned to the docker wiki page and logged in to https://localhost/ with selks-user, selks-user (after accepting the invalid SSL cert)

I have working localhost access to scirius, threat hunting, evebox, kibana, etc...
Basically I've removed the MacOS specific issues with the docker compose and easy-setup.sh.

However; one key remaining issue is the network interface SELKS should listen on. That's a big one.
I tried capturing the macOS equivalent to /sys/class/net; ex: en1; but that's not usable in the container.

if $isMacOS; then
    ifaceSource=$(networksetup -listallhardwareports | grep Device | awk '{ print $2}')
  else
    ifaceSource=$(ls /sys/class/net)
  fi

I tried pulling the shared network iface from a debian container with elevated perms (ex: eth1) but that was a no-go too;

YMMV; This might help address the mac issues with bash (although I am running bash v5.1 and not the default v3).

---

Testing steps:

cd docker;
docker-compose down; 
git clean -df
docker network prune
docker volume prune
docker container prune
./easy-setup.sh
docker-compose up -d --build --force-recreate

[pevma]

@vid-pas - thanks for the contribution !

[pevma]

With regards to the interface - as long as it is listed or passed - it should be usable by the container - just like in Linux, unless we need to pass a specific option to the containers for MacOS ?

[pevma]

Passed in here https://github.com/StamusNetworks/SELKS/blob/master/docker/docker-compose.yml#L113