tpotce/etc/compose/collector.yml

# T-Pot (Collector)
# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
version: '2.3'

networks:
  cyberchef_local:
  heralding_local:
  ewsposter_local:
  spiderfoot_local:

services:

##################
#### Honeypots
##################

# Heralding service
  heralding:
    container_name: heralding
    restart: always
    tmpfs:
     - /tmp/heralding:uid=2000,gid=2000
    networks:
     - heralding_local
    ports:
     - "21:21"
     - "22:22"
     - "23:23"
     - "25:25"
     - "80:80"
     - "110:110"
     - "143:143"
     - "443:443"
     - "993:993"
     - "995:995"
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
    image: "dtagdevsec/heralding:1903"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding

# Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:1903"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log


##################
#### NSM
##################

# P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:1903"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f

# Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:1903"
    volumes:
     - /data/suricata/log:/var/log/suricata


##################
#### Tools
##################

# Cyberchef service
  cyberchef:
    container_name: cyberchef
    restart: always
    networks:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
    image: "dtagdevsec/cyberchef:1903"
    read_only: true

#### ELK
## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms1024m -Xmx1024m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:1903"
    volumes:
     - /data:/data

## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:1903"

## Logstash service
  logstash:
    container_name: logstash
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/logstash:1903"
    volumes:
     - /data:/data

## Elasticsearch-head service
  head:
    container_name: head
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
    image: "dtagdevsec/head:1903"
    read_only: true

# Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:1903"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip

# Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
    network_mode: "host"
    ports:
     - "64297:64297"
    image: "dtagdevsec/nginx:1903"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/

# Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:1903"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
prep for 18.04 2018-03-25 18:35:32 +00:00			`# T-Pot (Collector)`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)`
			`version: '2.3'`
prep for 18.04 2018-03-25 18:35:32 +00:00
			`networks:`
Add cyberchef to docker-compose configs / T-Pot flavors 2018-07-31 14:05:57 +00:00			`cyberchef_local:`
prep for 18.04 2018-03-25 18:35:32 +00:00			`heralding_local:`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`ewsposter_local:`
prep for 18.04 2018-03-25 18:35:32 +00:00			`spiderfoot_local:`

			`services:`

Continue work on editions. 2018-06-11 12:34:46 +00:00			`##################`
			`#### Honeypots`
			`##################`

			`# Heralding service`
			`heralding:`
			`container_name: heralding`
			`restart: always`
			`tmpfs:`
			`- /tmp/heralding:uid=2000,gid=2000`
			`networks:`
			`- heralding_local`
			`ports:`
			`- "21:21"`
			`- "22:22"`
			`- "23:23"`
			`- "25:25"`
			`- "80:80"`
			`- "110:110"`
			`- "143:143"`
			`- "443:443"`
			`- "993:993"`
			`- "995:995"`
tweaking Update Heralding to support SOCKS5 Correct Readme Resize tped.sh 2019-03-27 13:39:23 +00:00			`- "1080:1080"`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`- "5432:5432"`
			`- "5900:5900"`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/heralding:1903"`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`read_only: true`
			`volumes:`
			`- /data/heralding/log:/var/log/heralding`

			`# Honeytrap service`
			`honeytrap:`
			`container_name: honeytrap`
			`restart: always`
			`tmpfs:`
			`- /tmp/honeytrap:uid=2000,gid=2000`
			`network_mode: "host"`
			`cap_add:`
			`- NET_ADMIN`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/honeytrap:1903"`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`read_only: true`
			`volumes:`
			`- /data/honeytrap/attacks:/opt/honeytrap/var/attacks`
			`- /data/honeytrap/downloads:/opt/honeytrap/var/downloads`
			`- /data/honeytrap/log:/opt/honeytrap/var/log`


			`##################`
			`#### NSM`
			`##################`

			`# P0f service`
			`p0f:`
			`container_name: p0f`
			`restart: always`
			`network_mode: "host"`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/p0f:1903"`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`read_only: true`
			`volumes:`
			`- /data/p0f/log:/var/log/p0f`

			`# Suricata service`
			`suricata:`
			`container_name: suricata`
			`restart: always`
			`environment:`
			`# For ET Pro ruleset replace "OPEN" with your OINKCODE`
			`- OINKCODE=OPEN`
			`network_mode: "host"`
			`cap_add:`
			`- NET_ADMIN`
			`- SYS_NICE`
			`- NET_RAW`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/suricata:1903"`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`volumes:`
			`- /data/suricata/log:/var/log/suricata`


			`##################`
			`#### Tools`
			`##################`

Add cyberchef to docker-compose configs / T-Pot flavors 2018-07-31 14:05:57 +00:00			`# Cyberchef service`
			`cyberchef:`
			`container_name: cyberchef`
			`restart: always`
			`networks:`
			`- cyberchef_local`
			`ports:`
			`- "127.0.0.1:64299:8000"`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/cyberchef:1903"`
Add cyberchef to docker-compose configs / T-Pot flavors 2018-07-31 14:05:57 +00:00			`read_only: true`

Continue work on editions. 2018-06-11 12:34:46 +00:00			`#### ELK`
prep for 18.04 2018-03-25 18:35:32 +00:00			`## Elasticsearch service`
			`elasticsearch:`
			`container_name: elasticsearch`
			`restart: always`
			`environment:`
			`- bootstrap.memory_lock=true`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`- ES_JAVA_OPTS=-Xms1024m -Xmx1024m`
			`- ES_TMPDIR=/tmp`
prep for 18.04 2018-03-25 18:35:32 +00:00			`cap_add:`
			`- IPC_LOCK`
			`ulimits:`
			`memlock:`
			`soft: -1`
			`hard: -1`
			`nofile:`
			`soft: 65536`
			`hard: 65536`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`mem_limit: 4g`
prep for 18.04 2018-03-25 18:35:32 +00:00			`ports:`
			`- "127.0.0.1:64298:9200"`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/elasticsearch:1903"`
prep for 18.04 2018-03-25 18:35:32 +00:00			`volumes:`
			`- /data:/data`

			`## Kibana service`
			`kibana:`
			`container_name: kibana`
			`restart: always`
			`depends_on:`
			`elasticsearch:`
			`condition: service_healthy`
			`ports:`
			`- "127.0.0.1:64296:5601"`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/kibana:1903"`
prep for 18.04 2018-03-25 18:35:32 +00:00
			`## Logstash service`
			`logstash:`
			`container_name: logstash`
			`restart: always`
			`depends_on:`
			`elasticsearch:`
			`condition: service_healthy`
			`env_file:`
			`- /opt/tpot/etc/compose/elk_environment`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/logstash:1903"`
prep for 18.04 2018-03-25 18:35:32 +00:00			`volumes:`
			`- /data:/data`

			`## Elasticsearch-head service`
			`head:`
			`container_name: head`
			`restart: always`
			`depends_on:`
			`elasticsearch:`
			`condition: service_healthy`
			`ports:`
			`- "127.0.0.1:64302:9100"`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/head:1903"`
tweaking, hardening 2018-03-31 15:18:28 +00:00			`read_only: true`
prep for 18.04 2018-03-25 18:35:32 +00:00
			`# Ewsposter service`
			`ewsposter:`
			`container_name: ewsposter`
			`restart: always`
			`networks:`
			`- ewsposter_local`
prepare for sissden opt-in 2019-03-15 15:59:02 +00:00			`environment:`
			`- EWS_HPFEEDS_ENABLE=false`
			`- EWS_HPFEEDS_HOST=host`
			`- EWS_HPFEEDS_PORT=port`
			`- EWS_HPFEEDS_CHANNELS=channels`
			`- EWS_HPFEEDS_IDENT=user`
			`- EWS_HPFEEDS_SECRET=secret`
prepare for hpfeeds opt in 2019-04-01 07:42:24 +00:00			`- EWS_HPFEEDS_TLSCERT=false`
prepare for sissden opt-in 2019-03-15 15:59:02 +00:00			`- EWS_HPFEEDS_FORMAT=json`
prep for 18.04 2018-03-25 18:35:32 +00:00			`env_file:`
			`- /opt/tpot/etc/compose/elk_environment`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/ewsposter:1903"`
prep for 18.04 2018-03-25 18:35:32 +00:00			`volumes:`
			`- /data:/data`
			`- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip`

Continue work on editions. 2018-06-11 12:34:46 +00:00			`# Nginx service`
prep for 18.04 2018-03-25 18:35:32 +00:00			`nginx:`
			`container_name: nginx`
			`restart: always`
tweaking 2018-03-29 16:21:00 +00:00			`tmpfs:`
			`- /var/tmp/nginx/client_body`
			`- /var/tmp/nginx/proxy`
			`- /var/tmp/nginx/fastcgi`
			`- /var/tmp/nginx/uwsgi`
			`- /var/tmp/nginx/scgi`
			`- /run`
prep for 18.04 2018-03-25 18:35:32 +00:00			`network_mode: "host"`
			`ports:`
			`- "64297:64297"`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/nginx:1903"`
tweaking 2018-03-29 16:21:00 +00:00			`read_only: true`
prep for 18.04 2018-03-25 18:35:32 +00:00			`volumes:`
start working on glutton 2018-04-13 18:22:49 +00:00			`- /data/nginx/cert/:/etc/nginx/cert/:ro`
			`- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro`
prep for 18.04 2018-03-25 18:35:32 +00:00			`- /data/nginx/log/:/var/log/nginx/`

Continue work on editions. 2018-06-11 12:34:46 +00:00			`# Spiderfoot service`
			`spiderfoot:`
			`container_name: spiderfoot`
prep for 18.04 2018-03-25 18:35:32 +00:00			`restart: always`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`networks:`
			`- spiderfoot_local`
			`ports:`
			`- "127.0.0.1:64303:8080"`
move to 1903 images 2019-02-25 18:59:40 +00:00			`image: "dtagdevsec/spiderfoot:1903"`
prep for 18.04 2018-03-25 18:35:32 +00:00			`volumes:`
Continue work on editions. 2018-06-11 12:34:46 +00:00			`- /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db`