Suricata

Basic steps, but I haven't tried myself, have only thought about it:

- build static versions of all the C dependencies, most modern Linux distributions as far as I know don't provide static versions for everything needed
- point Suricata at these static versions instead of shared ones, it can probably all be done with ./configure flags, but I wouldn't be surprised if some patching required
- the last bit, static libc - I'm not so sure, final build with MUSL maybe

We've managed to do this successfully, however, the plugin loading has a dlopen, patching this out (Its sadly not a configuration option) gave a fully static build of suricata.
Most dependencies (In (docker) ubuntu at least) came with a static library. We only had to rebuild libpcap without some dependencies, for example:

CFLAGS="-static" ./configure --disable-rdma --disable-shared --disable-usb --disable-netmap --disable-bluetooth --disable-dbus --without-libnl --with-pcap=linux

A command like

CFLAGS="-static" LDFLAGS="-static-libgcc -static -L/path/to/libpcap -L/lib/x86_64-linux-gnu/ -L/usr/lib/gcc/x86_64-linux-gnu/11/ -l:libgcc.a -l:libjansson.a -l:libm.a -l:liblz4.a -l:libyaml.a -l:libcap-ng.a -l:libyaml.a -l:libpcre2-8.a -l:libc.a -l:libz.a" CPPFLAGS="-I/path/to/libpcap" ./configure --disable-shared --enable-static --disable-gccmarch-native

Is probably enough to build suricata statically