diff --git a/docker/glutton/Dockerfile b/docker/glutton/Dockerfile index 496f8cea..895515fc 100644 --- a/docker/glutton/Dockerfile +++ b/docker/glutton/Dockerfile @@ -12,7 +12,8 @@ RUN apk -U --no-cache add bash \ iptables-dev \ libnetfilter_queue-dev \ libpcap-dev \ - procps && \ + procps \ + upx && \ # Setup go, glutton export GOPATH=/opt/go/ && \ @@ -27,6 +28,7 @@ RUN apk -U --no-cache add bash \ mv /opt/go/src/github.com/mushorg/glutton/bin /opt/glutton/ && \ mv /opt/go/src/github.com/mushorg/glutton/config /opt/glutton/ && \ mv /opt/go/src/github.com/mushorg/glutton/rules /opt/glutton/ && \ + upx /opt/glutton/bin/server && \ # Setup user, groups and configs addgroup -g 2000 glutton && \ @@ -38,7 +40,8 @@ RUN apk -U --no-cache add bash \ apk del --purge build-base \ git \ go \ - g++ && \ + g++ \ + upx && \ rm -rf /var/cache/apk/* \ /opt/go \ /root/dist diff --git a/docker/glutton/dist/rules.yaml b/docker/glutton/dist/rules.yaml index 11b4b957..837a078d 100644 --- a/docker/glutton/dist/rules.yaml +++ b/docker/glutton/dist/rules.yaml @@ -1,22 +1,27 @@ +# Put passthrough rules on top, drop rules on bottom, rules are applied in order (top down) rules: + - match: udp dst port 53 + type: passthrough + - match: tcp dst port 21 + type: conn_handler + target: ftp - match: tcp dst port 23 or port 2323 or port 23231 type: conn_handler target: telnet - match: tcp dst port 25 type: conn_handler target: smtp - - match: tcp dst port 3389 - type: conn_handler - target: rdp - match: tcp dst port 445 type: conn_handler target: smb - - match: tcp dst port 21 + - match: tcp dst port 3389 type: conn_handler - target: ftp + target: rdp - match: tcp dst port 5060 type: conn_handler target: sip - match: tcp type: conn_handler target: default + - match: + type: drop diff --git a/docker/glutton/notes b/docker/glutton/notes new file mode 100644 index 00000000..656b3489 --- /dev/null +++ b/docker/glutton/notes @@ -0,0 +1,2 @@ +dtagdevsec/glutton 1804 44eed3090ae5 12 hours ago 35.3 MB + diff --git a/docker/heralding/Dockerfile b/docker/heralding/Dockerfile index 780e9128..193230af 100644 --- a/docker/heralding/Dockerfile +++ b/docker/heralding/Dockerfile @@ -46,4 +46,4 @@ RUN apk -U upgrade && \ # Start elasticpot WORKDIR /tmp/heralding/ -CMD ["heralding","-c","/etc/heralding/heralding.yml","-l","/var/log/heralding/heralding.log"] +CMD exec heralding -c /etc/heralding/heralding.yml -l /var/log/heralding/heralding.log diff --git a/docker/heralding/docker-compose.yml b/docker/heralding/docker-compose.yml index 82a5dbea..44e2d11a 100644 --- a/docker/heralding/docker-compose.yml +++ b/docker/heralding/docker-compose.yml @@ -10,6 +10,7 @@ services: build: . container_name: heralding restart: always + stop_signal: SIGINT environment: - PYTHON_EGG_CACHE=/tmp/heralding tmpfs: diff --git a/docker/mailoney/docker-compose.yml b/docker/mailoney/docker-compose.yml index d48986f6..52296e2e 100644 --- a/docker/mailoney/docker-compose.yml +++ b/docker/mailoney/docker-compose.yml @@ -10,6 +10,7 @@ services: build: . container_name: mailoney restart: always + stop_signal: SIGINT networks: - mailoney_local ports: diff --git a/docker/p0f/Dockerfile b/docker/p0f/Dockerfile index ab75e0bd..025bdcde 100644 --- a/docker/p0f/Dockerfile +++ b/docker/p0f/Dockerfile @@ -35,4 +35,4 @@ RUN apk -U upgrade && \ # Start suricata WORKDIR /opt/p0f USER p0f:p0f -CMD /bin/bash -c "exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])" +CMD exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) diff --git a/docker/rdpy/Dockerfile b/docker/rdpy/Dockerfile index 88b2e1d9..3f848a82 100644 --- a/docker/rdpy/Dockerfile +++ b/docker/rdpy/Dockerfile @@ -53,4 +53,4 @@ RUN apk -U upgrade && \ # Start rdpy USER rdpy:rdpy -CMD /usr/bin/python2 -i /usr/bin/rdpy-rdphoneypot.py /home/rdpy/$(shuf -i 1-3 -n 1) >> /var/log/rdpy/rdpy.log +CMD exec /usr/bin/python2 -i /usr/bin/rdpy-rdphoneypot.py /home/rdpy/$(shuf -i 1-3 -n 1) >> /var/log/rdpy/rdpy.log diff --git a/docker/suricata/Dockerfile b/docker/suricata/Dockerfile index 67c8af1d..00f9e53d 100644 --- a/docker/suricata/Dockerfile +++ b/docker/suricata/Dockerfile @@ -30,4 +30,4 @@ RUN apk -U upgrade && \ rm -rf /var/cache/apk/* # Start suricata -CMD update.sh $OINKCODE && suricata -v -F /etc/suricata/capture-filter.bpf -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) +CMD update.sh $OINKCODE && exec suricata -v -F /etc/suricata/capture-filter.bpf -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) diff --git a/docker/suricata/docker-compose.yml b/docker/suricata/docker-compose.yml index 2748b458..cbc131cc 100644 --- a/docker/suricata/docker-compose.yml +++ b/docker/suricata/docker-compose.yml @@ -9,6 +9,7 @@ services: build: . container_name: suricata restart: always + stop_signal: SIGINT environment: # For ET Pro ruleset replace with your OINKCODE - OINKCODE=OPEN diff --git a/docker/vnclowpot/Dockerfile b/docker/vnclowpot/Dockerfile index 7cd1a0cc..1d7e39c6 100644 --- a/docker/vnclowpot/Dockerfile +++ b/docker/vnclowpot/Dockerfile @@ -23,8 +23,9 @@ RUN apk -U add bash \ apk del build-base \ git \ go && \ - rm -rf /var/cache/apk/* + rm -rf /opt/go/src \ + /var/cache/apk/* \ # Run supervisor upon container start USER vnclowpot:vnclowpot -CMD /opt/go/bin/vnclowpot -j >> /var/log/vnclowpot/vnclowpot.log +CMD exec /opt/go/bin/vnclowpot -j >> /var/log/vnclowpot/vnclowpot.log diff --git a/docker/wetty/Dockerfile b/docker/wetty/Dockerfile index e507db13..03da6cf2 100644 --- a/docker/wetty/Dockerfile +++ b/docker/wetty/Dockerfile @@ -29,4 +29,4 @@ RUN apk -U upgrade && \ # Start elasticsearch-head WORKDIR /opt USER wetty:wetty -CMD /usr/bin/node /opt/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295 --sshuser $MY_SSHUSER +CMD exec /usr/bin/node /opt/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295 --sshuser $MY_SSHUSER diff --git a/docker/wetty/docker-compose.yml b/docker/wetty/docker-compose.yml index ed3dcb12..faf72f11 100644 --- a/docker/wetty/docker-compose.yml +++ b/docker/wetty/docker-compose.yml @@ -9,6 +9,7 @@ services: build: . container_name: wetty restart: always + stop_signal: SIGKILL network_mode: "host" env_file: - /opt/tpot/etc/compose/wetty_environment