tpotce/docker/conpot/Dockerfile

FROM alpine:3.23
#
# Include dist
COPY dist/ /root/dist/
#
# Install packages
RUN apk --no-cache -U upgrade && \
    apk --no-cache -U add \
            build-base \
			cython \
			file \
			git \
			libev \
			libtool \
			libcap \
			libffi-dev \
			libxslt \
			libxslt-dev \
			mariadb-dev \
			pkgconfig \
			procps \
			python3 \
			python3-dev \
			py3-cffi \
			py3-cryptography \
			py3-freezegun \
			py3-gevent \
			py3-lxml \
			py3-natsort \
			py3-pip \
			py3-ply \
			py3-psutil \
			py3-pycryptodomex \
			py3-pytest \
			py3-requests \
			py3-pyserial \
			py3-setuptools \
			py3-slugify \
			py3-snmp \
			py3-sphinx \
			py3-wheel \
			py3-zope-event \
			py3-zope-interface \
			wget && \
#
# Setup ConPot
    git clone https://github.com/mushorg/conpot /opt/conpot && \
    cd /opt/conpot/ && \
	git checkout 31b1f7d273ee4f8c121eb59dcfce4ec2cb35e612 && \
    # Change template default ports if <1024
    sed -i 's/port="2121"/port="21"/' /opt/conpot/conpot/templates/default/ftp/ftp.xml && \
    sed -i 's/port="8800"/port="80"/' /opt/conpot/conpot/templates/default/http/http.xml && \
    sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/default/ipmi/ipmi.xml && \
    sed -i 's/port="5020"/port="502"/' /opt/conpot/conpot/templates/default/modbus/modbus.xml && \
    sed -i 's/port="10201"/port="102"/' /opt/conpot/conpot/templates/default/s7comm/s7comm.xml && \
    sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/default/snmp/snmp.xml && \
    sed -i 's/port="6969"/port="69"/' /opt/conpot/conpot/templates/default/tftp/tftp.xml && \
    sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/IEC104/snmp/snmp.xml && \
    sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/ipmi/ipmi/ipmi.xml && \
    cp /root/dist/requirements.txt . && \
    pip3 install --break-system-packages --no-cache-dir . && \
    cd / && \
    rm -rf /opt/conpot /tmp/* /var/tmp/* && \
    setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
#
# Get wireshark manuf db for scapy, setup configs, user, groups
    mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \
    wget https://www.wireshark.org/download/automated/data/manuf -O /usr/share/wireshark/manuf && \
    cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
    cp -R /root/dist/templates /usr/lib/$(readlink -f $(type -P python3) | cut -f4 -d"/")/site-packages/conpot/ && \
    cp /root/dist/cpu_check.py / && \
    addgroup -g 2000 conpot && \
    adduser -S -s /bin/ash -u 2000 -D -g 2000 conpot && \
#
# Clean up
    apk del --purge \
            build-base \
            file \
            git \
            libev \
            libtool \
            libxslt-dev \
            mariadb-dev \
            pkgconfig \
            py3-pip \
            python3-dev \
            wget && \
    rm -rf /root/* \
           /tmp/* \
           /var/cache/apk/* \
           /opt/cpppo/.git \
           /opt/conpot/.git
#
# Start conpot
STOPSIGNAL SIGINT
# Conpot sometimes hangs at 100% CPU usage, if detected container will become unhealthy and restarted by tpotinit
HEALTHCHECK --interval=5m --timeout=30s --retries=3 CMD python3 /cpu_check.py $(pgrep -of conpot) 99
USER conpot:conpot
CMD ["/bin/sh", "-c", "exec /usr/bin/conpot --mibcache \"$CONPOT_TMP\" --temp_dir \"$CONPOT_TMP\" --template \"$CONPOT_TEMPLATE\" --logfile \"$CONPOT_LOG\" --config \"$CONPOT_CONFIG\""]
bump conpot to latest master with py 3.12 support, update tags 2026-05-27 17:54:18 +00:00			`FROM alpine:3.23`
bump conpot to latest master 2019-12-27 16:21:12 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Include dist`
tweaking 2022-03-05 00:50:47 +00:00			`COPY dist/ /root/dist/`
bump conpot to latest master 2019-12-27 16:21:12 +00:00			`#`
Finish work on new builder, tweaking 2024-09-11 10:42:17 +00:00			`# Install packages`
tweaking, cleanup 2024-12-05 20:12:18 +00:00			`RUN apk --no-cache -U upgrade && \`
			`apk --no-cache -U add \`
			`build-base \`
tweak deploy, add autoheal, start update Dockerfiles - tweak deploy a little further - start with rebuilding Dockerfiles - rework healthcheck for adbhoney CPU issues - bump adbhoney, ciscoasa, citrixhoneypot, conpot, cowriepot, ddospot to alpine 3.19 - fix conpot issue with py 3.11 - bump conpot to latest master - bump cowrie to latest master - add autoheal to tpotinit to restart unhealthy container (if healthcheck enabled) 2024-02-27 19:11:16 +00:00			`cython \`
			`file \`
			`git \`
			`libev \`
			`libtool \`
			`libcap \`
			`libffi-dev \`
			`libxslt \`
			`libxslt-dev \`
			`mariadb-dev \`
			`pkgconfig \`
			`procps \`
			`python3 \`
			`python3-dev \`
			`py3-cffi \`
			`py3-cryptography \`
			`py3-freezegun \`
			`py3-gevent \`
			`py3-lxml \`
			`py3-natsort \`
			`py3-pip \`
			`py3-ply \`
			`py3-psutil \`
			`py3-pycryptodomex \`
			`py3-pytest \`
			`py3-requests \`
			`py3-pyserial \`
			`py3-setuptools \`
			`py3-slugify \`
			`py3-snmp \`
			`py3-sphinx \`
			`py3-wheel \`
			`py3-zope-event \`
			`py3-zope-interface \`
			`wget && \`
bump conpot to latest master 2019-12-27 16:21:12 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Setup ConPot`
pin conpot to latest master 2026-05-28 06:56:17 +00:00			`git clone https://github.com/mushorg/conpot /opt/conpot && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`cd /opt/conpot/ && \`
pin conpot to latest master 2026-05-28 06:56:17 +00:00			`git checkout 31b1f7d273ee4f8c121eb59dcfce4ec2cb35e612 && \`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`# Change template default ports if <1024`
conpot, test reduce build times 2022-03-12 13:13:31 +00:00			`sed -i 's/port="2121"/port="21"/' /opt/conpot/conpot/templates/default/ftp/ftp.xml && \`
			`sed -i 's/port="8800"/port="80"/' /opt/conpot/conpot/templates/default/http/http.xml && \`
			`sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/default/ipmi/ipmi.xml && \`
			`sed -i 's/port="5020"/port="502"/' /opt/conpot/conpot/templates/default/modbus/modbus.xml && \`
			`sed -i 's/port="10201"/port="102"/' /opt/conpot/conpot/templates/default/s7comm/s7comm.xml && \`
			`sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/default/snmp/snmp.xml && \`
			`sed -i 's/port="6969"/port="69"/' /opt/conpot/conpot/templates/default/tftp/tftp.xml && \`
			`sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/IEC104/snmp/snmp.xml && \`
bump conpot to latest master, cleanup 2022-03-09 15:19:51 +00:00			`sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/ipmi/ipmi/ipmi.xml && \`
conpot, test reduce build times 2022-03-12 13:13:31 +00:00			`cp /root/dist/requirements.txt . && \`
tweak deploy, add autoheal, start update Dockerfiles - tweak deploy a little further - start with rebuilding Dockerfiles - rework healthcheck for adbhoney CPU issues - bump adbhoney, ciscoasa, citrixhoneypot, conpot, cowriepot, ddospot to alpine 3.19 - fix conpot issue with py 3.11 - bump conpot to latest master - bump cowrie to latest master - add autoheal to tpotinit to restart unhealthy container (if healthcheck enabled) 2024-02-27 19:11:16 +00:00			`pip3 install --break-system-packages --no-cache-dir . && \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`cd / && \`
			`rm -rf /opt/conpot /tmp/* /var/tmp/* && \`
tweak deploy, add autoheal, start update Dockerfiles - tweak deploy a little further - start with rebuilding Dockerfiles - rework healthcheck for adbhoney CPU issues - bump adbhoney, ciscoasa, citrixhoneypot, conpot, cowriepot, ddospot to alpine 3.19 - fix conpot issue with py 3.11 - bump conpot to latest master - bump cowrie to latest master - add autoheal to tpotinit to restart unhealthy container (if healthcheck enabled) 2024-02-27 19:11:16 +00:00			`setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \`
conpot, test reduce build times 2022-03-12 13:13:31 +00:00			`#`
update conpot, pull from master 2018-02-27 17:49:58 +00:00			`# Get wireshark manuf db for scapy, setup configs, user, groups`
			`mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \`
bump conpot to latest master with py 3.12 support, update tags 2026-05-27 17:54:18 +00:00			`wget https://www.wireshark.org/download/automated/data/manuf -O /usr/share/wireshark/manuf && \`
prep for 18.04 2018-03-25 18:35:32 +00:00			`cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \`
tweak deploy, add autoheal, start update Dockerfiles - tweak deploy a little further - start with rebuilding Dockerfiles - rework healthcheck for adbhoney CPU issues - bump adbhoney, ciscoasa, citrixhoneypot, conpot, cowriepot, ddospot to alpine 3.19 - fix conpot issue with py 3.11 - bump conpot to latest master - bump cowrie to latest master - add autoheal to tpotinit to restart unhealthy container (if healthcheck enabled) 2024-02-27 19:11:16 +00:00			`cp -R /root/dist/templates /usr/lib/$(readlink -f $(type -P python3) \| cut -f4 -d"/")/site-packages/conpot/ && \`
tweaking healthcheck, watch pid not cpu cleanup dockerfiles bump dicompot, heralding, elasticpot, endlessh to alpine 3.19 bump dionaea, heralding to latest master 2024-02-28 18:07:22 +00:00			`cp /root/dist/cpu_check.py / && \`
update conpot, pull from master 2018-02-27 17:49:58 +00:00			`addgroup -g 2000 conpot && \`
tweaking 2018-05-15 16:24:10 +00:00			`adduser -S -s /bin/ash -u 2000 -D -g 2000 conpot && \`
bump conpot to latest master 2019-12-27 16:21:12 +00:00			`#`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`# Clean up`
tweaking, hardening 2018-05-04 16:29:55 +00:00			`apk del --purge \`
			`build-base \`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`file \`
			`git \`
			`libev \`
			`libtool \`
			`libxslt-dev \`
			`mariadb-dev \`
			`pkgconfig \`
optimize build 2024-11-29 15:47:57 +00:00			`py3-pip \`
bump conpot to 0.6.x 2018-08-22 13:43:27 +00:00			`python3-dev \`
update conpot, pull from master 2018-02-27 17:49:58 +00:00			`wget && \`
Finish work on new builder, tweaking 2024-09-11 10:42:17 +00:00			`rm -rf /root/* \`
			`/tmp/* \`
tweaking, cleanup 2024-12-05 20:12:18 +00:00			`/var/cache/apk/* \`
			`/opt/cpppo/.git \`
			`/opt/conpot/.git`
bump conpot to latest master 2019-12-27 16:21:12 +00:00			`#`
prep for 18.04 2018-03-25 18:35:32 +00:00			`# Start conpot`
tweaking 2018-09-11 12:19:26 +00:00			`STOPSIGNAL SIGINT`
tweaking healthcheck, watch pid not cpu cleanup dockerfiles bump dicompot, heralding, elasticpot, endlessh to alpine 3.19 bump dionaea, heralding to latest master 2024-02-28 18:07:22 +00:00			`# Conpot sometimes hangs at 100% CPU usage, if detected container will become unhealthy and restarted by tpotinit`
			`HEALTHCHECK --interval=5m --timeout=30s --retries=3 CMD python3 /cpu_check.py $(pgrep -of conpot) 99`
tweaking 2018-04-26 15:18:23 +00:00			`USER conpot:conpot`
bump conpot to latest master with py 3.12 support, update tags 2026-05-27 17:54:18 +00:00			`CMD ["/bin/sh", "-c", "exec /usr/bin/conpot --mibcache \"$CONPOT_TMP\" --temp_dir \"$CONPOT_TMP\" --template \"$CONPOT_TEMPLATE\" --logfile \"$CONPOT_LOG\" --config \"$CONPOT_CONFIG\""]`