tpotce/etc/compose/log4j.yml

# T-Pot (Log4j)
# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
version: '2.3'

networks:
  log4pot_local:
  ewsposter_local:
  spiderfoot_local:

services:

##################
#### Honeypots
##################

# Log4pot service
  log4pot:
    container_name: log4pot
    restart: always
    tmpfs:
     - /tmp:uid=2000,gid=2000
    networks:
     - log4pot_local
    ports:
     - "80:8080"
     - "443:8080"
     - "8080:8080"
     - "9200:8080"
     - "25565:8080"
    image: "dtagdevsec/log4pot:2203"
    read_only: true
    volumes:
     - /data/log4pot/log:/var/log/log4pot/log
     - /data/log4pot/payloads:/var/log/log4pot/payloads

# Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:2203"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log


##################
#### NSM
##################

# Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2203"
    volumes:
     - /data/fatt/log:/opt/fatt/log

# P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2203"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f

# Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2203"
    volumes:
     - /data/suricata/log:/var/log/suricata


##################
#### Tools
##################

#### ELK
## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2203"
    volumes:
     - /data:/data

## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2203"

## Logstash service
  logstash:
    container_name: logstash
    restart: always
#    environment:
#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2203"
    volumes:
     - /data:/data

# Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2203"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip

# Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2203"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/

# Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2203"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`# T-Pot (Log4j)`
			`# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)`
			`version: '2.3'`

			`networks:`
			`log4pot_local:`
			`ewsposter_local:`
			`spiderfoot_local:`

			`services:`

			`##################`
			`#### Honeypots`
			`##################`

			`# Log4pot service`
			`log4pot:`
			`container_name: log4pot`
			`restart: always`
bump log4pot to latest master rebuild on ubuntu for payload download support 2021-12-20 18:40:38 +00:00			`tmpfs:`
			`- /tmp:uid=2000,gid=2000`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`networks:`
			`- log4pot_local`
			`ports:`
			`- "80:8080"`
			`- "443:8080"`
			`- "8080:8080"`
			`- "9200:8080"`
bump log4pot to latest master rebuild on ubuntu for payload download support 2021-12-20 18:40:38 +00:00			`- "25565:8080"`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/log4pot:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`read_only: true`
			`volumes:`
bump log4pot to latest master rebuild on ubuntu for payload download support 2021-12-20 18:40:38 +00:00			`- /data/log4pot/log:/var/log/log4pot/log`
			`- /data/log4pot/payloads:/var/log/log4pot/payloads`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00
			`# Honeytrap service`
			`honeytrap:`
			`container_name: honeytrap`
			`restart: always`
			`tmpfs:`
			`- /tmp/honeytrap:uid=2000,gid=2000`
			`network_mode: "host"`
			`cap_add:`
			`- NET_ADMIN`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/honeytrap:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`read_only: true`
			`volumes:`
			`- /data/honeytrap/attacks:/opt/honeytrap/var/attacks`
			`- /data/honeytrap/downloads:/opt/honeytrap/var/downloads`
			`- /data/honeytrap/log:/opt/honeytrap/var/log`


			`##################`
			`#### NSM`
			`##################`

			`# Fatt service`
			`fatt:`
			`container_name: fatt`
			`restart: always`
			`network_mode: "host"`
			`cap_add:`
			`- NET_ADMIN`
			`- SYS_NICE`
			`- NET_RAW`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/fatt:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`volumes:`
			`- /data/fatt/log:/opt/fatt/log`

			`# P0f service`
			`p0f:`
			`container_name: p0f`
			`restart: always`
			`network_mode: "host"`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/p0f:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`read_only: true`
			`volumes:`
			`- /data/p0f/log:/var/log/p0f`

			`# Suricata service`
			`suricata:`
			`container_name: suricata`
			`restart: always`
			`environment:`
			`# For ET Pro ruleset replace "OPEN" with your OINKCODE`
			`- OINKCODE=OPEN`
re-add FROMURL example for Suricata in compose files 2022-01-20 18:34:51 +00:00			`# Loading externel Rules from URL`
			`# - FROMURL="https://username:password@yoururl.com\|https://username:password@otherurl.com"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`network_mode: "host"`
			`cap_add:`
			`- NET_ADMIN`
			`- SYS_NICE`
			`- NET_RAW`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/suricata:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`volumes:`
			`- /data/suricata/log:/var/log/suricata`


			`##################`
			`#### Tools`
			`##################`

			`#### ELK`
			`## Elasticsearch service`
			`elasticsearch:`
			`container_name: elasticsearch`
			`restart: always`
			`environment:`
			`- bootstrap.memory_lock=true`
Optimize RAM management for Elastic Stack. 2022-01-14 18:08:55 +00:00			`- ES_JAVA_OPTS=-Xms2048m -Xmx2048m`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`- ES_TMPDIR=/tmp`
			`cap_add:`
			`- IPC_LOCK`
			`ulimits:`
			`memlock:`
			`soft: -1`
			`hard: -1`
			`nofile:`
			`soft: 65536`
			`hard: 65536`
Optimize RAM management for Elastic Stack. 2022-01-14 18:08:55 +00:00			`mem_limit: 4g`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`ports:`
			`- "127.0.0.1:64298:9200"`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/elasticsearch:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`volumes:`
			`- /data:/data`

			`## Kibana service`
			`kibana:`
			`container_name: kibana`
			`restart: always`
			`depends_on:`
			`elasticsearch:`
			`condition: service_healthy`
Optimize RAM management for Elastic Stack. 2022-01-14 18:08:55 +00:00			`mem_limit: 1g`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`ports:`
			`- "127.0.0.1:64296:5601"`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/kibana:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00
			`## Logstash service`
			`logstash:`
			`container_name: logstash`
			`restart: always`
			`# environment:`
			`# - LS_JAVA_OPTS=-Xms2048m -Xmx2048m`
			`depends_on:`
			`elasticsearch:`
			`condition: service_healthy`
			`env_file:`
			`- /opt/tpot/etc/compose/elk_environment`
Optimize RAM management for Elastic Stack. 2022-01-14 18:08:55 +00:00			`mem_limit: 2g`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/logstash:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`volumes:`
			`- /data:/data`

			`# Ewsposter service`
			`ewsposter:`
			`container_name: ewsposter`
			`restart: always`
			`networks:`
			`- ewsposter_local`
			`environment:`
			`- EWS_HPFEEDS_ENABLE=false`
			`- EWS_HPFEEDS_HOST=host`
			`- EWS_HPFEEDS_PORT=port`
			`- EWS_HPFEEDS_CHANNELS=channels`
			`- EWS_HPFEEDS_IDENT=user`
			`- EWS_HPFEEDS_SECRET=secret`
			`- EWS_HPFEEDS_TLSCERT=false`
			`- EWS_HPFEEDS_FORMAT=json`
			`env_file:`
			`- /opt/tpot/etc/compose/elk_environment`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/ewsposter:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`volumes:`
			`- /data:/data`
			`- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip`

			`# Nginx service`
			`nginx:`
			`container_name: nginx`
			`restart: always`
			`tmpfs:`
			`- /var/tmp/nginx/client_body`
			`- /var/tmp/nginx/proxy`
			`- /var/tmp/nginx/fastcgi`
			`- /var/tmp/nginx/uwsgi`
adjust editions for new nginx 2022-01-29 00:45:41 +00:00			`- /var/tmp/nginx/scgi`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`- /run`
adjust editions for new nginx 2022-01-29 00:45:41 +00:00			`- /var/lib/nginx/tmp:uid=100,gid=82`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`network_mode: "host"`
			`ports:`
			`- "64297:64297"`
			`- "127.0.0.1:64304:64304"`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/nginx:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`read_only: true`
			`volumes:`
			`- /data/nginx/cert/:/etc/nginx/cert/:ro`
			`- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro`
			`- /data/nginx/log/:/var/log/nginx/`

			`# Spiderfoot service`
			`spiderfoot:`
			`container_name: spiderfoot`
			`restart: always`
			`networks:`
			`- spiderfoot_local`
			`ports:`
			`- "127.0.0.1:64303:8080"`
point editions to 2203 images 2022-01-14 16:24:15 +00:00			`image: "dtagdevsec/spiderfoot:2203"`
Prep for Log4Pot integration 2021-12-16 20:25:40 +00:00			`volumes:`
spiderfoot, editions tweaking 2022-02-28 22:00:54 +00:00			`- /data/spiderfoot:/home/spiderfoot/.spiderfoot`