diff --git a/docker/adbhoney/docker-compose.yml b/docker/adbhoney/docker-compose.yml index 1c720021..c767d9f9 100644 --- a/docker/adbhoney/docker-compose.yml +++ b/docker/adbhoney/docker-compose.yml @@ -14,8 +14,8 @@ services: - adbhoney_local ports: - "5555:5555" -# image: "dtagdevsec/adbhoney:2006" - image: "dtagdevsec/adbhoney:2006" +# image: "dtagdevsec/adbhoney:2203" + image: "dtagdevsec/adbhoney:2203" read_only: true volumes: - /data/adbhoney/log:/opt/adbhoney/log diff --git a/docker/ciscoasa/docker-compose.yml b/docker/ciscoasa/docker-compose.yml index bf85bc48..e45c1ae9 100644 --- a/docker/ciscoasa/docker-compose.yml +++ b/docker/ciscoasa/docker-compose.yml @@ -13,7 +13,7 @@ services: ports: - "5000:5000/udp" - "8443:8443" - image: "dtagdevsec/ciscoasa:2006" + image: "dtagdevsec/ciscoasa:2203" read_only: true volumes: - /data/ciscoasa/log:/var/log/ciscoasa diff --git a/docker/citrixhoneypot/docker-compose.yml b/docker/citrixhoneypot/docker-compose.yml index 16eea88f..eda9cd5a 100644 --- a/docker/citrixhoneypot/docker-compose.yml +++ b/docker/citrixhoneypot/docker-compose.yml @@ -14,7 +14,7 @@ services: - citrixhoneypot_local ports: - "443:443" - image: "dtagdevsec/citrixhoneypot:2006" + image: "dtagdevsec/citrixhoneypot:2203" read_only: true volumes: - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs diff --git a/docker/conpot/docker-compose.yml b/docker/conpot/docker-compose.yml index 297488c0..90e3a18d 100644 --- a/docker/conpot/docker-compose.yml +++ b/docker/conpot/docker-compose.yml @@ -35,7 +35,7 @@ services: - "2121:21" - "44818:44818" - "47808:47808/udp" - image: "dtagdevsec/conpot:2006" + image: "dtagdevsec/conpot:2203" read_only: true volumes: - /data/conpot/log:/var/log/conpot @@ -58,7 +58,7 @@ services: ports: # - "161:161/udp" - "2404:2404" - image: "dtagdevsec/conpot:2006" + image: "dtagdevsec/conpot:2203" read_only: true volumes: - /data/conpot/log:/var/log/conpot @@ -80,7 +80,7 @@ services: - conpot_local_guardian_ast ports: - "10001:10001" - image: "dtagdevsec/conpot:2006" + image: "dtagdevsec/conpot:2203" read_only: true volumes: - /data/conpot/log:/var/log/conpot @@ -102,7 +102,7 @@ services: - conpot_local_ipmi ports: - "623:623/udp" - image: "dtagdevsec/conpot:2006" + image: "dtagdevsec/conpot:2203" read_only: true volumes: - /data/conpot/log:/var/log/conpot @@ -125,7 +125,7 @@ services: ports: - "1025:1025" - "50100:50100" - image: "dtagdevsec/conpot:2006" + image: "dtagdevsec/conpot:2203" read_only: true volumes: - /data/conpot/log:/var/log/conpot diff --git a/docker/cowrie/docker-compose.yml b/docker/cowrie/docker-compose.yml index 181a9bd7..ac09e9fa 100644 --- a/docker/cowrie/docker-compose.yml +++ b/docker/cowrie/docker-compose.yml @@ -18,7 +18,7 @@ services: ports: - "22:22" - "23:23" - image: "dtagdevsec/cowrie:2006" + image: "dtagdevsec/cowrie:2203" read_only: true volumes: - /data/cowrie/downloads:/home/cowrie/cowrie/dl diff --git a/docker/cyberchef/docker-compose.yml b/docker/cyberchef/docker-compose.yml index 6bb8c3b9..6202ebc2 100644 --- a/docker/cyberchef/docker-compose.yml +++ b/docker/cyberchef/docker-compose.yml @@ -14,5 +14,5 @@ services: - cyberchef_local ports: - "127.0.0.1:64299:8000" - image: "dtagdevsec/cyberchef:2006" + image: "dtagdevsec/cyberchef:2203" read_only: true diff --git a/docker/ddospot/docker-compose.yml b/docker/ddospot/docker-compose.yml index cfeaf7db..a9331579 100644 --- a/docker/ddospot/docker-compose.yml +++ b/docker/ddospot/docker-compose.yml @@ -18,7 +18,7 @@ services: - "123:123/udp" # - "161:161/udp" - "1900:1900/udp" - image: "dtagdevsec/ddospot:2006" + image: "dtagdevsec/ddospot:2203" read_only: true volumes: - /data/ddospot/log:/opt/ddospot/ddospot/logs diff --git a/docker/dicompot/docker-compose.yml b/docker/dicompot/docker-compose.yml index e06a4fad..7bba5efa 100644 --- a/docker/dicompot/docker-compose.yml +++ b/docker/dicompot/docker-compose.yml @@ -17,7 +17,7 @@ services: - dicompot_local ports: - "11112:11112" - image: "dtagdevsec/dicompot:2006" + image: "dtagdevsec/dicompot:2203" read_only: true volumes: - /data/dicompot/log:/var/log/dicompot diff --git a/docker/dionaea/docker-compose.yml b/docker/dionaea/docker-compose.yml index 07bd6336..aaeffaa9 100644 --- a/docker/dionaea/docker-compose.yml +++ b/docker/dionaea/docker-compose.yml @@ -31,7 +31,7 @@ services: - "5060:5060/udp" - "5061:5061" - "27017:27017" - image: "dtagdevsec/dionaea:2006" + image: "dtagdevsec/dionaea:2203" read_only: true volumes: - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 3bb1f328..635ffac7 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -10,98 +10,98 @@ services: # Adbhoney service adbhoney: build: adbhoney/. - image: "dtagdevsec/adbhoney:2006" + image: "dtagdevsec/adbhoney:2203" # Ciscoasa service ciscoasa: build: ciscoasa/. - image: "dtagdevsec/ciscoasa:2006" + image: "dtagdevsec/ciscoasa:2203" # CitrixHoneypot service citrixhoneypot: build: citrixhoneypot/. - image: "dtagdevsec/citrixhoneypot:2006" + image: "dtagdevsec/citrixhoneypot:2203" # Conpot IEC104 service conpot_IEC104: build: conpot/. - image: "dtagdevsec/conpot:2006" + image: "dtagdevsec/conpot:2203" # Cowrie service cowrie: build: cowrie/. - image: "dtagdevsec/cowrie:2006" + image: "dtagdevsec/cowrie:2203" # Dicompot service dicompot: build: dicompot/. - image: "dtagdevsec/dicompot:2006" + image: "dtagdevsec/dicompot:2203" # Dionaea service dionaea: build: dionaea/. - image: "dtagdevsec/dionaea:2006" + image: "dtagdevsec/dionaea:2203" # ElasticPot service elasticpot: build: elasticpot/. - image: "dtagdevsec/elasticpot:2006" + image: "dtagdevsec/elasticpot:2203" # Glutton service glutton: build: glutton/. - image: "dtagdevsec/glutton:2006" + image: "dtagdevsec/glutton:2203" # Heralding service heralding: build: heralding/. - image: "dtagdevsec/heralding:2006" + image: "dtagdevsec/heralding:2203" # HoneyPy service honeypy: build: honeypy/. - image: "dtagdevsec/honeypy:2006" + image: "dtagdevsec/honeypy:2203" # Honeytrap service honeytrap: build: honeytrap/. - image: "dtagdevsec/honeytrap:2006" + image: "dtagdevsec/honeytrap:2203" # Mailoney service mailoney: build: mailoney/. - image: "dtagdevsec/mailoney:2006" + image: "dtagdevsec/mailoney:2203" # Medpot service medpot: build: medpot/. - image: "dtagdevsec/medpot:2006" + image: "dtagdevsec/medpot:2203" # Rdpy service rdpy: build: rdpy/. - image: "dtagdevsec/rdpy:2006" + image: "dtagdevsec/rdpy:2203" #### Snare / Tanner ## Tanner Redis Service tanner_redis: build: tanner/redis/. - image: "dtagdevsec/redis:2006" + image: "dtagdevsec/redis:2203" ## PHP Sandbox service tanner_phpox: build: tanner/phpox/. - image: "dtagdevsec/phpox:2006" + image: "dtagdevsec/phpox:2203" ## Tanner API Service tanner_api: build: tanner/tanner/. - image: "dtagdevsec/tanner:2006" + image: "dtagdevsec/tanner:2203" ## Snare Service snare: build: tanner/snare/. - image: "dtagdevsec/snare:2006" + image: "dtagdevsec/snare:2203" ################## @@ -111,17 +111,17 @@ services: # Fatt service fatt: build: fatt/. - image: "dtagdevsec/fatt:2006" + image: "dtagdevsec/fatt:2203" # P0f service p0f: build: p0f/. - image: "dtagdevsec/p0f:2006" + image: "dtagdevsec/p0f:2203" # Suricata service suricata: build: suricata/. - image: "dtagdevsec/suricata:2006" + image: "dtagdevsec/suricata:2203" ################## @@ -131,40 +131,40 @@ services: # Cyberchef service cyberchef: build: cyberchef/. - image: "dtagdevsec/cyberchef:2006" + image: "dtagdevsec/cyberchef:2203" #### ELK ## Elasticsearch service elasticsearch: build: elk/elasticsearch/. - image: "dtagdevsec/elasticsearch:2006" + image: "dtagdevsec/elasticsearch:2203" ## Kibana service kibana: build: elk/kibana/. - image: "dtagdevsec/kibana:2006" + image: "dtagdevsec/kibana:2203" ## Logstash service logstash: build: elk/logstash/. - image: "dtagdevsec/logstash:2006" + image: "dtagdevsec/logstash:2203" ## Elasticsearch-head service head: build: elk/head/. - image: "dtagdevsec/head:2006" + image: "dtagdevsec/head:2203" # Ewsposter service ewsposter: build: ews/. - image: "dtagdevsec/ewsposter:2006" + image: "dtagdevsec/ewsposter:2203" # Nginx service nginx: build: heimdall/. - image: "dtagdevsec/nginx:2006" + image: "dtagdevsec/nginx:2203" # Spiderfoot service spiderfoot: build: spiderfoot/. - image: "dtagdevsec/spiderfoot:2006" + image: "dtagdevsec/spiderfoot:2203" diff --git a/docker/elasticpot/docker-compose.yml b/docker/elasticpot/docker-compose.yml index 16ce22cf..3d81fe2b 100644 --- a/docker/elasticpot/docker-compose.yml +++ b/docker/elasticpot/docker-compose.yml @@ -14,7 +14,7 @@ services: - elasticpot_local ports: - "9200:9200" - image: "dtagdevsec/elasticpot:2006" + image: "dtagdevsec/elasticpot:2203" read_only: true volumes: - /data/elasticpot/log:/opt/elasticpot/log diff --git a/docker/elk/docker-compose.yml b/docker/elk/docker-compose.yml index 155ff483..0235b946 100644 --- a/docker/elk/docker-compose.yml +++ b/docker/elk/docker-compose.yml @@ -24,7 +24,7 @@ services: # mem_limit: 4g ports: - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:2006" + image: "dtagdevsec/elasticsearch:2203" volumes: - /data:/data @@ -39,7 +39,7 @@ services: condition: service_healthy ports: - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:2006" + image: "dtagdevsec/kibana:2203" ## Logstash service logstash: @@ -53,7 +53,7 @@ services: condition: service_healthy env_file: - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/logstash:2006" + image: "dtagdevsec/logstash:2203" volumes: - /data:/data # - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf @@ -68,5 +68,5 @@ services: condition: service_healthy ports: - "127.0.0.1:64302:9100" - image: "dtagdevsec/head:2006" + image: "dtagdevsec/head:2203" read_only: true diff --git a/docker/elk/elasticsearch/docker-compose.yml b/docker/elk/elasticsearch/docker-compose.yml index 3f51dcb5..694ae35b 100644 --- a/docker/elk/elasticsearch/docker-compose.yml +++ b/docker/elk/elasticsearch/docker-compose.yml @@ -24,6 +24,6 @@ services: mem_limit: 2g ports: - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:2006" + image: "dtagdevsec/elasticsearch:2203" volumes: - /data:/data diff --git a/docker/elk/head/docker-compose.yml b/docker/elk/head/docker-compose.yml index 5cfaafdb..b1dc7725 100644 --- a/docker/elk/head/docker-compose.yml +++ b/docker/elk/head/docker-compose.yml @@ -12,5 +12,5 @@ services: # condition: service_healthy ports: - "127.0.0.1:64302:9100" - image: "dtagdevsec/head:2006" + image: "dtagdevsec/head:2203" read_only: true diff --git a/docker/elk/kibana/docker-compose.yml b/docker/elk/kibana/docker-compose.yml index 2f464089..4cf49df3 100644 --- a/docker/elk/kibana/docker-compose.yml +++ b/docker/elk/kibana/docker-compose.yml @@ -12,4 +12,4 @@ services: # condition: service_healthy ports: - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:2006" + image: "dtagdevsec/kibana:2203" diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile index 95e08c54..94480f06 100644 --- a/docker/elk/logstash/Dockerfile +++ b/docker/elk/logstash/Dockerfile @@ -67,6 +67,4 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600' # # Start logstash #USER logstash:logstash -#CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic --java-execution --log.level debug -#CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/http_output.conf --config.reload.automatic --java-execution CMD update.sh && exec /usr/share/logstash/bin/logstash --config.reload.automatic --java-execution diff --git a/docker/elk/logstash/dist/http_input.conf b/docker/elk/logstash/dist/http_input.conf index 43773654..d1fea672 100644 --- a/docker/elk/logstash/dist/http_input.conf +++ b/docker/elk/logstash/dist/http_input.conf @@ -11,9 +11,10 @@ input { output { elasticsearch { hosts => ["elasticsearch:9200"] - # With templates now being legacy and ILM in place we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana. + # With templates now being legacy we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana. index => "logstash-%{+YYYY.MM.dd}" template => "/etc/logstash/tpot_es_template.json" + template_overwrite => "true" } } diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf index 63fd324e..48ccce1a 100644 --- a/docker/elk/logstash/dist/logstash.conf +++ b/docker/elk/logstash/dist/logstash.conf @@ -740,9 +740,10 @@ if "_jsonparsefailure" in [tags] { drop {} } output { elasticsearch { hosts => ["elasticsearch:9200"] - # With templates now being legacy and ILM in place we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana. + # With templates now being legacy we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana. index => "logstash-%{+YYYY.MM.dd}" template => "/etc/logstash/tpot_es_template.json" + template_overwrite => "true" #document_type => "doc" } diff --git a/docker/elk/logstash/dist/tpot_es_template.json b/docker/elk/logstash/dist/tpot_es_template.json index 0ee8dd62..24ecf624 100644 --- a/docker/elk/logstash/dist/tpot_es_template.json +++ b/docker/elk/logstash/dist/tpot_es_template.json @@ -2,6 +2,7 @@ "index_patterns" : "logstash-*", "version" : 60001, "settings" : { + "index.lifecycle.name": "tpot", "index.refresh_interval" : "5s", "number_of_shards" : 1, "index.number_of_replicas" : "0", diff --git a/docker/elk/logstash/dist/update.sh b/docker/elk/logstash/dist/update.sh index 0ec6f57f..37581bea 100644 --- a/docker/elk/logstash/dist/update.sh +++ b/docker/elk/logstash/dist/update.sh @@ -51,72 +51,35 @@ if [ "$MY_TPOT_TYPE" == "POT" ]; exit 0 fi -# We do want to enforce our es_template thus we always need to delete the default template, putting our default afterwards -# This is now done via common_configs.rb => overwrite default logstash template -echo "Removing logstash template." -curl -s -XDELETE http://elasticsearch:9200/_template/logstash -echo -echo "Checking if empty." -curl -s -XGET http://elasticsearch:9200/_template/logstash -echo -echo "Putting default template." -curl -XPUT "http://elasticsearch:9200/_template/logstash" -H 'Content-Type: application/json' -d' -{ - "index_patterns" : "logstash-*", - "version" : 60001, - "settings" : { - "index.refresh_interval" : "5s", - "number_of_shards" : 1, - "index.number_of_replicas" : "0", - "index.mapping.total_fields.limit" : "2000", - "index.query": { - "default_field": "*" - } - }, - "mappings" : { - "dynamic_templates" : [ { - "message_field" : { - "path_match" : "message", - "match_mapping_type" : "string", - "mapping" : { - "type" : "text", - "norms" : false - } - } - }, { - "string_fields" : { - "match" : "*", - "match_mapping_type" : "string", - "mapping" : { - "type" : "text", "norms" : false, - "fields" : { - "keyword" : { "type": "keyword", "ignore_above": 256 } +# Index Management is happening through ILM, but we need to put T-Pot ILM setting on ES. +myTPOTILM=$(curl -s -XGET "http://elasticsearch:9200/_ilm/policy/tpot" | grep "Lifecycle policy not found: tpot" -c) +if [ "$myTPOTILM" == "1" ]; + then + echo "T-Pot ILM template not found on ES, putting it on ES now." + curl -XPUT "http://elasticsearch:9200/_ilm/policy/tpot" -H 'Content-Type: application/json' -d' + { + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": {} + }, + "delete": { + "min_age": "30d", + "actions": { + "delete": { + "delete_searchable_snapshot": true + } + } } + }, + "_meta": { + "managed": true, + "description": "T-Pot ILM policy with a retention of 30 days" } } - } ], - "properties" : { - "@timestamp": { "type": "date"}, - "@version": { "type": "keyword"}, - "geoip" : { - "dynamic": true, - "properties" : { - "ip": { "type": "ip" }, - "location" : { "type" : "geo_point" }, - "latitude" : { "type" : "half_float" }, - "longitude" : { "type" : "half_float" } - } - }, - "geoip_ext" : { - "dynamic": true, - "properties" : { - "ip": { "type": "ip" }, - "location" : { "type" : "geo_point" }, - "latitude" : { "type" : "half_float" }, - "longitude" : { "type" : "half_float" } - } - } - } - } -}' + }' + else + echo "T-Pot ILM already configured." +fi echo diff --git a/docker/elk/logstash/docker-compose.yml b/docker/elk/logstash/docker-compose.yml index 8a044257..d480d051 100644 --- a/docker/elk/logstash/docker-compose.yml +++ b/docker/elk/logstash/docker-compose.yml @@ -16,7 +16,7 @@ services: - /opt/tpot/etc/compose/elk_environment ports: - "127.0.0.1:64305:80" - image: "dtagdevsec/logstash:2006" + image: "dtagdevsec/logstash:2203" volumes: - /data:/data # - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf diff --git a/docker/endlessh/docker-compose.yml b/docker/endlessh/docker-compose.yml index eb2359dd..678c5add 100644 --- a/docker/endlessh/docker-compose.yml +++ b/docker/endlessh/docker-compose.yml @@ -14,7 +14,7 @@ services: - endlessh_local ports: - "22:2222" - image: "dtagdevsec/endlessh:2006" + image: "dtagdevsec/endlessh:2203" read_only: true volumes: - /data/endlessh/log:/var/log/endlessh diff --git a/docker/ews/docker-compose.yml b/docker/ews/docker-compose.yml index f172fb28..0f00719a 100644 --- a/docker/ews/docker-compose.yml +++ b/docker/ews/docker-compose.yml @@ -23,7 +23,7 @@ services: - EWS_HPFEEDS_FORMAT=json env_file: - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:2006" + image: "dtagdevsec/ewsposter:2203" volumes: - /data:/data # - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip diff --git a/docker/fatt/docker-compose.yml b/docker/fatt/docker-compose.yml index 1550ed3a..e5d43676 100644 --- a/docker/fatt/docker-compose.yml +++ b/docker/fatt/docker-compose.yml @@ -12,6 +12,6 @@ services: - NET_ADMIN - SYS_NICE - NET_RAW - image: "dtagdevsec/fatt:2006" + image: "dtagdevsec/fatt:2203" volumes: - /data/fatt/log:/opt/fatt/log diff --git a/docker/glutton/docker-compose.yml b/docker/glutton/docker-compose.yml index 68843e9d..d32ee96d 100644 --- a/docker/glutton/docker-compose.yml +++ b/docker/glutton/docker-compose.yml @@ -13,7 +13,7 @@ services: network_mode: "host" cap_add: - NET_ADMIN - image: "dtagdevsec/glutton:2006" + image: "dtagdevsec/glutton:2203" read_only: true volumes: - /data/glutton/log:/var/log/glutton diff --git a/docker/heimdall/docker-compose.yml b/docker/heimdall/docker-compose.yml index 98346f10..62ed1683 100644 --- a/docker/heimdall/docker-compose.yml +++ b/docker/heimdall/docker-compose.yml @@ -26,7 +26,7 @@ services: ports: - "64297:64297" - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:2006" + image: "dtagdevsec/nginx:2203" read_only: true volumes: - /data/nginx/cert/:/etc/nginx/cert/:ro diff --git a/docker/hellpot/docker-compose.yml b/docker/hellpot/docker-compose.yml index 150520db..477326c8 100644 --- a/docker/hellpot/docker-compose.yml +++ b/docker/hellpot/docker-compose.yml @@ -14,7 +14,7 @@ services: - hellpot_local ports: - "80:8080" - image: "dtagdevsec/hellpot:2006" + image: "dtagdevsec/hellpot:2203" read_only: true volumes: - /data/hellpot/log:/var/log/hellpot diff --git a/docker/heralding/docker-compose.yml b/docker/heralding/docker-compose.yml index 9df2f1e7..0b2010a3 100644 --- a/docker/heralding/docker-compose.yml +++ b/docker/heralding/docker-compose.yml @@ -31,7 +31,7 @@ services: - "3389:3389" - "5432:5432" - "5900:5900" - image: "dtagdevsec/heralding:2006" + image: "dtagdevsec/heralding:2203" read_only: true volumes: - /data/heralding/log:/var/log/heralding diff --git a/docker/honeypots/docker-compose.yml b/docker/honeypots/docker-compose.yml index 7bf3df65..8307657a 100644 --- a/docker/honeypots/docker-compose.yml +++ b/docker/honeypots/docker-compose.yml @@ -36,7 +36,7 @@ services: - "6379:6379" - "8080:8080" - "9200:9200" - image: "dtagdevsec/honeypots:2006" + image: "dtagdevsec/honeypots:2203" read_only: true volumes: - /data/honeypots/log:/var/log/honeypots diff --git a/docker/honeypy/docker-compose.yml b/docker/honeypy/docker-compose.yml index dd12fa2d..f9623011 100644 --- a/docker/honeypy/docker-compose.yml +++ b/docker/honeypy/docker-compose.yml @@ -20,7 +20,7 @@ services: - "2324:2324" - "4096:4096" - "9200:9200" - image: "dtagdevsec/honeypy:2006" + image: "dtagdevsec/honeypy:2203" read_only: true volumes: - /data/honeypy/log:/opt/honeypy/log diff --git a/docker/honeysap/docker-compose.yml b/docker/honeysap/docker-compose.yml index 830a8c0b..a216c55f 100644 --- a/docker/honeysap/docker-compose.yml +++ b/docker/honeysap/docker-compose.yml @@ -14,6 +14,6 @@ services: - honeysap_local ports: - "3299:3299" - image: "dtagdevsec/honeysap:2006" + image: "dtagdevsec/honeysap:2203" volumes: - /data/honeysap/log:/opt/honeysap/log diff --git a/docker/honeytrap/docker-compose.yml b/docker/honeytrap/docker-compose.yml index 7573b3d5..1658ae7e 100644 --- a/docker/honeytrap/docker-compose.yml +++ b/docker/honeytrap/docker-compose.yml @@ -12,7 +12,7 @@ services: network_mode: "host" cap_add: - NET_ADMIN - image: "dtagdevsec/honeytrap:2006" + image: "dtagdevsec/honeytrap:2203" read_only: true volumes: - /data/honeytrap/attacks:/opt/honeytrap/var/attacks diff --git a/docker/ipphoney/docker-compose.yml b/docker/ipphoney/docker-compose.yml index 69328fc0..aa53128f 100644 --- a/docker/ipphoney/docker-compose.yml +++ b/docker/ipphoney/docker-compose.yml @@ -14,7 +14,7 @@ services: - ipphoney_local ports: - "631:631" - image: "dtagdevsec/ipphoney:2006" + image: "dtagdevsec/ipphoney:2203" read_only: true volumes: - /data/ipphoney/log:/opt/ipphoney/log diff --git a/docker/log4pot/docker-compose.yml b/docker/log4pot/docker-compose.yml index 408129e0..f6d3ac52 100644 --- a/docker/log4pot/docker-compose.yml +++ b/docker/log4pot/docker-compose.yml @@ -20,7 +20,7 @@ services: - "8080:8080" - "9200:8080" - "25565:8080" - image: "dtagdevsec/log4pot:2006" + image: "dtagdevsec/log4pot:2203" read_only: true volumes: - /data/log4pot/log:/var/log/log4pot/log diff --git a/docker/mailoney/docker-compose.yml b/docker/mailoney/docker-compose.yml index c5979e6b..01fd5f1b 100644 --- a/docker/mailoney/docker-compose.yml +++ b/docker/mailoney/docker-compose.yml @@ -20,7 +20,7 @@ services: - mailoney_local ports: - "25:25" - image: "dtagdevsec/mailoney:2006" + image: "dtagdevsec/mailoney:2203" read_only: true volumes: - /data/mailoney/log:/opt/mailoney/logs diff --git a/docker/medpot/docker-compose.yml b/docker/medpot/docker-compose.yml index a5565475..ceb98128 100644 --- a/docker/medpot/docker-compose.yml +++ b/docker/medpot/docker-compose.yml @@ -14,7 +14,7 @@ services: - medpot_local ports: - "2575:2575" - image: "dtagdevsec/medpot:2006" + image: "dtagdevsec/medpot:2203" read_only: true volumes: - /data/medpot/log/:/var/log/medpot diff --git a/docker/p0f/docker-compose.yml b/docker/p0f/docker-compose.yml index 0b1329b8..f3f0ade8 100644 --- a/docker/p0f/docker-compose.yml +++ b/docker/p0f/docker-compose.yml @@ -8,7 +8,7 @@ services: container_name: p0f restart: always network_mode: "host" - image: "dtagdevsec/p0f:2006" + image: "dtagdevsec/p0f:2203" read_only: true volumes: - /data/p0f/log:/var/log/p0f diff --git a/docker/rdpy/docker-compose.yml b/docker/rdpy/docker-compose.yml index c991c270..251983ba 100644 --- a/docker/rdpy/docker-compose.yml +++ b/docker/rdpy/docker-compose.yml @@ -22,7 +22,7 @@ services: - rdpy_local ports: - "3389:3389" - image: "dtagdevsec/rdpy:2006" + image: "dtagdevsec/rdpy:2203" read_only: true volumes: - /data/rdpy/log:/var/log/rdpy diff --git a/docker/redishoneypot/docker-compose.yml b/docker/redishoneypot/docker-compose.yml index f06e1bd4..b2b8d2d8 100644 --- a/docker/redishoneypot/docker-compose.yml +++ b/docker/redishoneypot/docker-compose.yml @@ -14,7 +14,7 @@ services: - redishoneypot_local ports: - "6379:6379" - image: "dtagdevsec/redishoneypot:2006" + image: "dtagdevsec/redishoneypot:2203" read_only: true volumes: - /data/redishoneypot/log:/var/log/redishoneypot diff --git a/docker/spiderfoot/docker-compose.yml b/docker/spiderfoot/docker-compose.yml index efc808c9..8ef7a998 100644 --- a/docker/spiderfoot/docker-compose.yml +++ b/docker/spiderfoot/docker-compose.yml @@ -14,6 +14,6 @@ services: - spiderfoot_local ports: - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:2006" + image: "dtagdevsec/spiderfoot:2203" volumes: - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db diff --git a/docker/suricata/docker-compose.yml b/docker/suricata/docker-compose.yml index 4568fba9..ef98f5ff 100644 --- a/docker/suricata/docker-compose.yml +++ b/docker/suricata/docker-compose.yml @@ -15,6 +15,6 @@ services: - NET_ADMIN - SYS_NICE - NET_RAW - image: "dtagdevsec/suricata:2006" + image: "dtagdevsec/suricata:2203" volumes: - /data/suricata/log:/var/log/suricata diff --git a/docker/tanner/docker-compose.yml b/docker/tanner/docker-compose.yml index b70977a3..5f272a2a 100644 --- a/docker/tanner/docker-compose.yml +++ b/docker/tanner/docker-compose.yml @@ -14,7 +14,7 @@ services: tty: true networks: - tanner_local - image: "dtagdevsec/redis:2006" + image: "dtagdevsec/redis:2203" read_only: true # PHP Sandbox service @@ -28,7 +28,7 @@ services: tty: true networks: - tanner_local - image: "dtagdevsec/phpox:2006" + image: "dtagdevsec/phpox:2203" read_only: true # Tanner API Service @@ -42,7 +42,7 @@ services: tty: true networks: - tanner_local - image: "dtagdevsec/tanner:2006" + image: "dtagdevsec/tanner:2203" read_only: true volumes: - /data/tanner/log:/var/log/tanner @@ -63,7 +63,7 @@ services: - tanner_local # ports: # - "127.0.0.1:8091:8091" - image: "dtagdevsec/tanner:2006" + image: "dtagdevsec/tanner:2203" command: tannerweb read_only: true volumes: @@ -82,7 +82,7 @@ services: tty: true networks: - tanner_local - image: "dtagdevsec/tanner:2006" + image: "dtagdevsec/tanner:2203" command: tanner read_only: true volumes: @@ -104,6 +104,6 @@ services: - tanner_local ports: - "80:80" - image: "dtagdevsec/snare:2006" + image: "dtagdevsec/snare:2203" depends_on: - tanner diff --git a/etc/curator/actions.yml b/etc/curator/actions.yml deleted file mode 100644 index 5b7645fd..00000000 --- a/etc/curator/actions.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Remember, leave a key empty if there is no value. None will be a string, -# not a Python "NoneType" -# -# Also remember that all examples have 'disable_action' set to True. If you -# want to use this action as a template, be sure to set this to False after -# copying it. -actions: - 1: - action: delete_indices - description: >- - Delete indices older than 90 days (based on index name), for logstash- - prefixed indices. Ignore the error if the filter does not result in an - actionable list of indices (ignore_empty_list) and exit cleanly. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: timestring - value: '%Y.%m.%d' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: 90 diff --git a/etc/curator/curator.yml b/etc/curator/curator.yml deleted file mode 100644 index 715bcd06..00000000 --- a/etc/curator/curator.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Remember, leave a key empty if there is no value. None will be a string, -# not a Python "NoneType" -client: - hosts: - - 127.0.0.1 - port: 64298 - url_prefix: - use_ssl: False - certificate: - client_cert: - client_key: - ssl_no_validate: False - http_auth: - timeout: 30 - master_only: False - -logging: - loglevel: INFO - logfile: /var/log/curator.log - logformat: default - blacklist: ['elasticsearch', 'urllib3'] diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 9e33fda4..200f5068 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -172,9 +172,6 @@ myCRONJOBS=" # Check if updated images are available and download them $myRANDOM_MINUTE $myPULL_HOUR * * * root docker-compose -f /opt/tpot/etc/tpot.yml pull -# Delete elasticsearch logstash indices older than 90 days -$myRANDOM_MINUTE $myDEL_HOUR * * * root curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml - # Uploaded binaries are not supposed to be downloaded */1 * * * * root mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/ @@ -312,7 +309,7 @@ function fuGET_DEPS { echo "### Removing and holding back problematic packages ..." apt-fast -y purge exim4-base mailutils pcp cockpit-pcp elasticsearch-curator apt-fast -y autoremove - apt-mark hold exim4-base mailutils pcp cockpit-pcp elasticsearch-curator + apt-mark hold exim4-base mailutils pcp cockpit-pcp } # Check for other services @@ -683,10 +680,10 @@ echo "$myNETWORK_WLANEXAMPLE" | tee -a /etc/network/interfaces fuBANNER "SSH roaming off" echo "UseRoaming no" | tee -a /etc/ssh/ssh_config -# Installing elasticdump, elasticsearch-curator, yq +# Installing elasticdump, yq fuBANNER "Installing pkgs" npm install elasticdump -g -pip3 install elasticsearch-curator yq +pip3 install yq hash -r # Cloning T-Pot from GitHub diff --git a/update.sh b/update.sh index d28600c2..bf173f62 100755 --- a/update.sh +++ b/update.sh @@ -184,7 +184,7 @@ function fuUPDATER () { export DEBIAN_FRONTEND=noninteractive echo "### Installing apt-fast" /bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)" -local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass syslinux psmisc pv python3-elasticsearch-curator python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" +local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass syslinux psmisc pv python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" # Remove purge in the future echo "### Removing repository based install of elasticsearch-curator" apt-get purge elasticsearch-curator -y @@ -204,12 +204,10 @@ dpkg --configure -a npm cache clean --force npm install elasticdump -g pip3 install --upgrade yq -# Remove --force switch in the future ... -pip3 install elasticsearch-curator --force hash -r echo "### Removing and holding back problematic packages ..." apt-fast -y purge exim4-base mailutils pcp cockpit-pcp elasticsearch-curator -apt-mark hold exim4-base mailutils pcp cockpit-pcp elasticsearch-curator +apt-mark hold exim4-base mailutils pcp cockpit-pcp echo echo "### Now replacing T-Pot related config files on host"