tpotce/docker/conpot/Dockerfile

FROM alpine

# Include dist
ADD dist/ /root/dist/

# Setup apt
RUN apk -U --no-cache add \
               build-base \
               file \
               git \
               libev \
               libtool \
               libcap \
               libxslt \
               libxslt-dev \
               mariadb-dev \
               pkgconfig \
               python3 \
               python3-dev \
               py-cffi \
               py-cryptography \
               tcpdump \
               wget && \

# Setup ConPot
    git clone --depth=1 https://github.com/mushorg/conpot /opt/conpot && \
    cd /opt/conpot/ && \
    # Patch to accept ENV for MIB path
    sed -i "s/tmp_mib_dir = tempfile.mkdtemp()/tmp_mib_dir = tempfile.mkdtemp(dir=os.environ['CONPOT_TMP'])/" /opt/conpot/conpot/protocols/snmp/snmp_server.py && \
    # Increase logging for debug mushorg/conpot/issues/#399
    cp /root/dist/command_responder.py /opt/conpot/conpot/protocols/http/ && \
    # Change template default ports if <1024
    sed -i 's/port="2121"/port="21"/' /opt/conpot/conpot/templates/default/ftp/ftp.xml && \ 
    sed -i 's/port="8800"/port="80"/' /opt/conpot/conpot/templates/default/http/http.xml && \ 
    sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/default/ipmi/ipmi.xml && \ 
    sed -i 's/port="5020"/port="502"/' /opt/conpot/conpot/templates/default/modbus/modbus.xml && \ 
    sed -i 's/port="10201"/port="102"/' /opt/conpot/conpot/templates/default/s7comm/s7comm.xml && \ 
    sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/default/snmp/snmp.xml && \ 
    sed -i 's/port="6969"/port="69"/' /opt/conpot/conpot/templates/default/tftp/tftp.xml && \ 
    sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/IEC104/snmp/snmp.xml && \ 
    sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/ipmi/ipmi/ipmi.xml && \ 
    pip3 install --no-cache-dir -U pip setuptools && \
    pip3 install --no-cache-dir . && \
    cd / && \
    rm -rf /opt/conpot /tmp/* /var/tmp/* && \
    setcap cap_net_bind_service=+ep /usr/bin/python3.6 && \
    # Fix kamstrup not starting error / #398 Workaround
    ln -s /usr/lib/python3.6/site-packages/conpot/protocols/kamstrup/meter_protocol /usr/lib/python3.6/site-packages/conpot/protocols/kamstrup_meter && \
    ln -s /usr/lib/python3.6/site-packages/conpot/protocols/kamstrup/management_protocol /usr/lib/python3.6/site-packages/conpot/protocols/kamstrup_management && \
    
# Get wireshark manuf db for scapy, setup configs, user, groups
    mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \
    wget https://github.com/wireshark/wireshark/raw/master/manuf -o /usr/share/wireshark/manuf && \
    cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
    cp -R /root/dist/templates /usr/lib/python3.6/site-packages/conpot/ && \
    addgroup -g 2000 conpot && \
    adduser -S -s /bin/ash -u 2000 -D -g 2000 conpot && \

# Clean up
    apk del --purge \
            build-base \
            cython-dev \
            file \
            git \
            libev \
            libtool \
            libxslt-dev \
            mariadb-dev \
            pkgconfig \
            python3-dev \
            py-cffi \
            wget && \
    rm -rf /root/* && \
    rm -rf /var/cache/apk/*

# Start conpot
USER conpot:conpot
#CMD exec /usr/bin/conpot --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
CMD exec /usr/bin/conpot -v --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`FROM alpine`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00
			`# Include dist`
			`ADD dist/ /root/dist/`

			`# Setup apt`
tweaking, hardening 2018-05-04 16:29:55 +00:00			`RUN apk -U --no-cache add \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`build-base \`
			`file \`
			`git \`
			`libev \`
			`libtool \`
prep for 18.04 2018-03-25 18:35:32 +00:00			`libcap \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`libxslt \`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`libxslt-dev \`
tweaking updater, conpot 2018-08-20 15:06:10 +00:00			`mariadb-dev \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`pkgconfig \`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`python3 \`
			`python3-dev \`
update conpot, pull from master 2018-02-27 17:49:58 +00:00			`py-cffi \`
			`py-cryptography \`
			`tcpdump \`
			`wget && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00
			`# Setup ConPot`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`git clone --depth=1 https://github.com/mushorg/conpot /opt/conpot && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`cd /opt/conpot/ && \`
prep for 18.04 2018-03-25 18:35:32 +00:00			`# Patch to accept ENV for MIB path`
conpot cleanup 2018-08-28 13:47:20 +00:00			`sed -i "s/tmp_mib_dir = tempfile.mkdtemp()/tmp_mib_dir = tempfile.mkdtemp(dir=os.environ['CONPOT_TMP'])/" /opt/conpot/conpot/protocols/snmp/snmp_server.py && \`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`# Increase logging for debug mushorg/conpot/issues/#399`
			`cp /root/dist/command_responder.py /opt/conpot/conpot/protocols/http/ && \`
			`# Change template default ports if <1024`
			`sed -i 's/port="2121"/port="21"/' /opt/conpot/conpot/templates/default/ftp/ftp.xml && \`
			`sed -i 's/port="8800"/port="80"/' /opt/conpot/conpot/templates/default/http/http.xml && \`
			`sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/default/ipmi/ipmi.xml && \`
			`sed -i 's/port="5020"/port="502"/' /opt/conpot/conpot/templates/default/modbus/modbus.xml && \`
			`sed -i 's/port="10201"/port="102"/' /opt/conpot/conpot/templates/default/s7comm/s7comm.xml && \`
			`sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/default/snmp/snmp.xml && \`
			`sed -i 's/port="6969"/port="69"/' /opt/conpot/conpot/templates/default/tftp/tftp.xml && \`
			`sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/IEC104/snmp/snmp.xml && \`
			`sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/ipmi/ipmi/ipmi.xml && \`
			`pip3 install --no-cache-dir -U pip setuptools && \`
			`pip3 install --no-cache-dir . && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`cd / && \`
			`rm -rf /opt/conpot /tmp/* /var/tmp/* && \`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`setcap cap_net_bind_service=+ep /usr/bin/python3.6 && \`
tweaking conpot 2018-08-24 16:01:27 +00:00			`# Fix kamstrup not starting error / #398 Workaround`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`ln -s /usr/lib/python3.6/site-packages/conpot/protocols/kamstrup/meter_protocol /usr/lib/python3.6/site-packages/conpot/protocols/kamstrup_meter && \`
			`ln -s /usr/lib/python3.6/site-packages/conpot/protocols/kamstrup/management_protocol /usr/lib/python3.6/site-packages/conpot/protocols/kamstrup_management && \`
prep for 18.04 2018-03-25 18:35:32 +00:00
update conpot, pull from master 2018-02-27 17:49:58 +00:00			`# Get wireshark manuf db for scapy, setup configs, user, groups`
			`mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \`
			`wget https://github.com/wireshark/wireshark/raw/master/manuf -o /usr/share/wireshark/manuf && \`
prep for 18.04 2018-03-25 18:35:32 +00:00			`cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`cp -R /root/dist/templates /usr/lib/python3.6/site-packages/conpot/ && \`
update conpot, pull from master 2018-02-27 17:49:58 +00:00			`addgroup -g 2000 conpot && \`
tweaking 2018-05-15 16:24:10 +00:00			`adduser -S -s /bin/ash -u 2000 -D -g 2000 conpot && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00
			`# Clean up`
tweaking, hardening 2018-05-04 16:29:55 +00:00			`apk del --purge \`
			`build-base \`
update conpot, pull from master 2018-02-27 17:49:58 +00:00			`cython-dev \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`file \`
			`git \`
			`libev \`
			`libtool \`
			`libxslt-dev \`
			`mariadb-dev \`
			`pkgconfig \`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`python3-dev \`
update conpot, pull from master 2018-02-27 17:49:58 +00:00			`py-cffi \`
			`wget && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`rm -rf /root/* && \`
			`rm -rf /var/cache/apk/*`

prep for 18.04 2018-03-25 18:35:32 +00:00			`# Start conpot`
tweaking 2018-04-26 15:18:23 +00:00			`USER conpot:conpot`
tweaking conpot 2018-08-24 16:01:27 +00:00			`#CMD exec /usr/bin/conpot --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG`
			`CMD exec /usr/bin/conpot -v --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG`