Tweaking

Remove Elasticsearch-Curator in packages, configs and references (BREAKING CHANGE)
Add Index Lifecycle Management in favor of elasticsearch-curator
Point all images to 2203 tags

docker/adbhoney/docker-compose.yml

@@ -14,8 +14,8 @@ services:
      - adbhoney_local
     ports:
      - "5555:5555"
-#    image: "dtagdevsec/adbhoney:2006"
-    image: "dtagdevsec/adbhoney:2006"
+#    image: "dtagdevsec/adbhoney:2203"
+    image: "dtagdevsec/adbhoney:2203"
     read_only: true
     volumes:
      - /data/adbhoney/log:/opt/adbhoney/log

docker/ciscoasa/docker-compose.yml

@@ -13,7 +13,7 @@ services:
     ports:
      - "5000:5000/udp"
      - "8443:8443"
-    image: "dtagdevsec/ciscoasa:2006"
+    image: "dtagdevsec/ciscoasa:2203"
     read_only: true
     volumes:
      - /data/ciscoasa/log:/var/log/ciscoasa

docker/citrixhoneypot/docker-compose.yml

@@ -14,7 +14,7 @@ services:
      - citrixhoneypot_local
     ports:
      - "443:443"
-    image: "dtagdevsec/citrixhoneypot:2006"
+    image: "dtagdevsec/citrixhoneypot:2203"
     read_only: true
     volumes:
      - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs

docker/conpot/docker-compose.yml

@@ -35,7 +35,7 @@ services:
      - "2121:21"
      - "44818:44818"
      - "47808:47808/udp"
-    image: "dtagdevsec/conpot:2006"
+    image: "dtagdevsec/conpot:2203"
     read_only: true
     volumes:
      - /data/conpot/log:/var/log/conpot
@@ -58,7 +58,7 @@ services:
     ports:
 #     - "161:161/udp"
      - "2404:2404"
-    image: "dtagdevsec/conpot:2006"
+    image: "dtagdevsec/conpot:2203"
     read_only: true
     volumes:
      - /data/conpot/log:/var/log/conpot
@@ -80,7 +80,7 @@ services:
      - conpot_local_guardian_ast
     ports:
      - "10001:10001"
-    image: "dtagdevsec/conpot:2006"
+    image: "dtagdevsec/conpot:2203"
     read_only: true
     volumes:
      - /data/conpot/log:/var/log/conpot
@@ -102,7 +102,7 @@ services:
      - conpot_local_ipmi
     ports:
      - "623:623/udp"
-    image: "dtagdevsec/conpot:2006"
+    image: "dtagdevsec/conpot:2203"
     read_only: true
     volumes:
      - /data/conpot/log:/var/log/conpot
@@ -125,7 +125,7 @@ services:
     ports:
      - "1025:1025"
      - "50100:50100"
-    image: "dtagdevsec/conpot:2006"
+    image: "dtagdevsec/conpot:2203"
     read_only: true
     volumes:
      - /data/conpot/log:/var/log/conpot

docker/cowrie/docker-compose.yml

@@ -18,7 +18,7 @@ services:
     ports:
      - "22:22"
      - "23:23"
-    image: "dtagdevsec/cowrie:2006"
+    image: "dtagdevsec/cowrie:2203"
     read_only: true
     volumes:
      - /data/cowrie/downloads:/home/cowrie/cowrie/dl

docker/cyberchef/docker-compose.yml

@@ -14,5 +14,5 @@ services:
      - cyberchef_local
     ports:
      - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2006"
+    image: "dtagdevsec/cyberchef:2203"
     read_only: true

docker/ddospot/docker-compose.yml

@@ -18,7 +18,7 @@ services:
      - "123:123/udp"
 #     - "161:161/udp"
      - "1900:1900/udp"
-    image: "dtagdevsec/ddospot:2006"
+    image: "dtagdevsec/ddospot:2203"
     read_only: true
     volumes:
      - /data/ddospot/log:/opt/ddospot/ddospot/logs

docker/dicompot/docker-compose.yml

@@ -17,7 +17,7 @@ services:
      - dicompot_local
     ports:
      - "11112:11112"
-    image: "dtagdevsec/dicompot:2006"
+    image: "dtagdevsec/dicompot:2203"
     read_only: true
     volumes:
      - /data/dicompot/log:/var/log/dicompot

docker/dionaea/docker-compose.yml

@@ -31,7 +31,7 @@ services:
      - "5060:5060/udp"
      - "5061:5061"
      - "27017:27017"
-    image: "dtagdevsec/dionaea:2006"
+    image: "dtagdevsec/dionaea:2203"
     read_only: true
     volumes:
      - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp

docker/docker-compose.yml

@@ -10,98 +10,98 @@ services:
 # Adbhoney service
   adbhoney:
     build: adbhoney/.
-    image: "dtagdevsec/adbhoney:2006"
+    image: "dtagdevsec/adbhoney:2203"
 
 # Ciscoasa service
   ciscoasa:
     build: ciscoasa/.
-    image: "dtagdevsec/ciscoasa:2006"
+    image: "dtagdevsec/ciscoasa:2203"
 
 # CitrixHoneypot service
   citrixhoneypot:
     build: citrixhoneypot/.
-    image: "dtagdevsec/citrixhoneypot:2006"
+    image: "dtagdevsec/citrixhoneypot:2203"
 
 # Conpot IEC104 service
   conpot_IEC104:
     build: conpot/.
-    image: "dtagdevsec/conpot:2006"
+    image: "dtagdevsec/conpot:2203"
 
 # Cowrie service
   cowrie:
     build: cowrie/.
-    image: "dtagdevsec/cowrie:2006"
+    image: "dtagdevsec/cowrie:2203"
 
 # Dicompot service
   dicompot:
     build: dicompot/.
-    image: "dtagdevsec/dicompot:2006"
+    image: "dtagdevsec/dicompot:2203"
 
 # Dionaea service
   dionaea:
     build: dionaea/.
-    image: "dtagdevsec/dionaea:2006"
+    image: "dtagdevsec/dionaea:2203"
 
 # ElasticPot service
   elasticpot:
     build: elasticpot/.
-    image: "dtagdevsec/elasticpot:2006"
+    image: "dtagdevsec/elasticpot:2203"
 
 # Glutton service
   glutton:
     build: glutton/.
-    image: "dtagdevsec/glutton:2006"
+    image: "dtagdevsec/glutton:2203"
 
 # Heralding service
   heralding:
     build: heralding/.
-    image: "dtagdevsec/heralding:2006"
+    image: "dtagdevsec/heralding:2203"
 
 # HoneyPy service
   honeypy:
     build: honeypy/.
-    image: "dtagdevsec/honeypy:2006"
+    image: "dtagdevsec/honeypy:2203"
 
 # Honeytrap service
   honeytrap:
     build: honeytrap/.
-    image: "dtagdevsec/honeytrap:2006"
+    image: "dtagdevsec/honeytrap:2203"
 
 # Mailoney service
   mailoney:
     build: mailoney/.
-    image: "dtagdevsec/mailoney:2006"
+    image: "dtagdevsec/mailoney:2203"
 
 # Medpot service
   medpot:
     build: medpot/.
-    image: "dtagdevsec/medpot:2006"
+    image: "dtagdevsec/medpot:2203"
 
 # Rdpy service
   rdpy:
     build: rdpy/.
-    image: "dtagdevsec/rdpy:2006"
+    image: "dtagdevsec/rdpy:2203"
 
 #### Snare / Tanner
 ## Tanner Redis Service
   tanner_redis:
     build: tanner/redis/.
-    image: "dtagdevsec/redis:2006"
+    image: "dtagdevsec/redis:2203"
 
 ## PHP Sandbox service
   tanner_phpox:
     build: tanner/phpox/.
-    image: "dtagdevsec/phpox:2006"
+    image: "dtagdevsec/phpox:2203"
 
 ## Tanner API Service
   tanner_api:
     build: tanner/tanner/.
-    image: "dtagdevsec/tanner:2006"
+    image: "dtagdevsec/tanner:2203"
 
 ## Snare Service
   snare:
     build: tanner/snare/.
-    image: "dtagdevsec/snare:2006"
+    image: "dtagdevsec/snare:2203"
 
 
 ##################
@@ -111,17 +111,17 @@ services:
 # Fatt service
   fatt:
     build: fatt/.
-    image: "dtagdevsec/fatt:2006"
+    image: "dtagdevsec/fatt:2203"
 
 # P0f service
   p0f:
     build: p0f/.
-    image: "dtagdevsec/p0f:2006"
+    image: "dtagdevsec/p0f:2203"
 
 # Suricata service
   suricata:
     build: suricata/.
-    image: "dtagdevsec/suricata:2006"
+    image: "dtagdevsec/suricata:2203"
 
 
 ##################
@@ -131,40 +131,40 @@ services:
 # Cyberchef service
   cyberchef:
     build: cyberchef/.
-    image: "dtagdevsec/cyberchef:2006"
+    image: "dtagdevsec/cyberchef:2203"
 
 #### ELK
 ## Elasticsearch service
   elasticsearch:
     build: elk/elasticsearch/.
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "dtagdevsec/elasticsearch:2203"
 
 ## Kibana service
   kibana:
     build: elk/kibana/.
-    image: "dtagdevsec/kibana:2006"
+    image: "dtagdevsec/kibana:2203"
 
 ## Logstash service
   logstash:
     build: elk/logstash/.
-    image: "dtagdevsec/logstash:2006"
+    image: "dtagdevsec/logstash:2203"
 
 ## Elasticsearch-head service
   head:
     build: elk/head/.
-    image: "dtagdevsec/head:2006"
+    image: "dtagdevsec/head:2203"
 
 # Ewsposter service
   ewsposter:
     build: ews/.
-    image: "dtagdevsec/ewsposter:2006"
+    image: "dtagdevsec/ewsposter:2203"
 
 # Nginx service
   nginx:
     build: heimdall/.
-    image: "dtagdevsec/nginx:2006"
+    image: "dtagdevsec/nginx:2203"
 
 # Spiderfoot service
   spiderfoot:
     build: spiderfoot/.
-    image: "dtagdevsec/spiderfoot:2006"
+    image: "dtagdevsec/spiderfoot:2203"

docker/elasticpot/docker-compose.yml

@@ -14,7 +14,7 @@ services:
      - elasticpot_local
     ports:
      - "9200:9200"
-    image: "dtagdevsec/elasticpot:2006"
+    image: "dtagdevsec/elasticpot:2203"
     read_only: true
     volumes:
      - /data/elasticpot/log:/opt/elasticpot/log

docker/elk/docker-compose.yml

@@ -24,7 +24,7 @@ services:
 #    mem_limit: 4g
     ports:
      - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "dtagdevsec/elasticsearch:2203"
     volumes:
      - /data:/data
 
@@ -39,7 +39,7 @@ services:
         condition: service_healthy
     ports:
      - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:2006"
+    image: "dtagdevsec/kibana:2203"
 
 ## Logstash service
   logstash:
@@ -53,7 +53,7 @@ services:
         condition: service_healthy
     env_file:
      - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/logstash:2006"
+    image: "dtagdevsec/logstash:2203"
     volumes:
      - /data:/data
 #     - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf
@@ -68,5 +68,5 @@ services:
         condition: service_healthy
     ports:
      - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:2006"
+    image: "dtagdevsec/head:2203"
     read_only: true

docker/elk/elasticsearch/docker-compose.yml

@@ -24,6 +24,6 @@ services:
     mem_limit: 2g
     ports:
      - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "dtagdevsec/elasticsearch:2203"
     volumes:
      - /data:/data

docker/elk/head/docker-compose.yml

@@ -12,5 +12,5 @@ services:
     #        condition: service_healthy
     ports:
      - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:2006"
+    image: "dtagdevsec/head:2203"
     read_only: true

docker/elk/kibana/docker-compose.yml

@@ -12,4 +12,4 @@ services:
 #        condition: service_healthy
     ports:
      - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:2006"
+    image: "dtagdevsec/kibana:2203"

docker/elk/logstash/Dockerfile

@@ -67,6 +67,4 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'
 #
 # Start logstash
 #USER logstash:logstash
-#CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic --java-execution --log.level debug
-#CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/http_output.conf --config.reload.automatic --java-execution
 CMD update.sh && exec /usr/share/logstash/bin/logstash --config.reload.automatic --java-execution

docker/elk/logstash/dist/http_input.conf

@@ -11,9 +11,10 @@ input {
 output {
   elasticsearch {
     hosts => ["elasticsearch:9200"]
-    # With templates now being legacy and ILM in place we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
+    # With templates now being legacy we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
     index => "logstash-%{+YYYY.MM.dd}"
     template => "/etc/logstash/tpot_es_template.json"
+    template_overwrite => "true"
   }
 
 }

docker/elk/logstash/dist/logstash.conf

@@ -740,9 +740,10 @@ if "_jsonparsefailure" in [tags] { drop {} }
 output {
   elasticsearch {
     hosts => ["elasticsearch:9200"]
-    # With templates now being legacy and ILM in place we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
+    # With templates now being legacy we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
     index => "logstash-%{+YYYY.MM.dd}"
     template => "/etc/logstash/tpot_es_template.json"
+    template_overwrite => "true"
     #document_type => "doc"
   }
 

docker/elk/logstash/dist/tpot_es_template.json

@@ -2,6 +2,7 @@
   "index_patterns" : "logstash-*",
   "version" : 60001,
   "settings" : {
+    "index.lifecycle.name": "tpot",
     "index.refresh_interval" : "5s",
     "number_of_shards" : 1,
     "index.number_of_replicas" : "0",

docker/elk/logstash/dist/update.sh

@@ -51,72 +51,35 @@ if [ "$MY_TPOT_TYPE" == "POT" ];
     exit 0
 fi
 
-# We do want to enforce our es_template thus we always need to delete the default template, putting our default afterwards
-# This is now done via common_configs.rb => overwrite default logstash template
-echo "Removing logstash template."
-curl -s -XDELETE http://elasticsearch:9200/_template/logstash
-echo
-echo "Checking if empty."
-curl -s -XGET http://elasticsearch:9200/_template/logstash
-echo
-echo "Putting default template."
-curl -XPUT "http://elasticsearch:9200/_template/logstash" -H 'Content-Type: application/json' -d'
-{
-  "index_patterns" : "logstash-*",
-  "version" : 60001,
-  "settings" : {
-    "index.refresh_interval" : "5s",
-    "number_of_shards" : 1,
-    "index.number_of_replicas" : "0",
-    "index.mapping.total_fields.limit" : "2000",
-    "index.query": {
-      "default_field": "*"
-     }
-  },
-  "mappings" : {
-    "dynamic_templates" : [ {
-      "message_field" : {
-        "path_match" : "message",
-        "match_mapping_type" : "string",
-        "mapping" : {
-          "type" : "text",
-          "norms" : false
-        }
-      }
-    }, {
-      "string_fields" : {
-        "match" : "*",
-        "match_mapping_type" : "string",
-        "mapping" : {
-          "type" : "text", "norms" : false,
-          "fields" : {
-            "keyword" : { "type": "keyword", "ignore_above": 256 }
+# Index Management is happening through ILM, but we need to put T-Pot ILM setting on ES.
+myTPOTILM=$(curl -s -XGET "http://elasticsearch:9200/_ilm/policy/tpot" | grep "Lifecycle policy not found: tpot" -c)
+if [ "$myTPOTILM" == "1" ];
+  then
+    echo "T-Pot ILM template not found on ES, putting it on ES now."
+    curl -XPUT "http://elasticsearch:9200/_ilm/policy/tpot" -H 'Content-Type: application/json' -d'
+    {
+      "policy": {
+        "phases": {
+          "hot": {
+            "min_age": "0ms",
+            "actions": {}
+          },
+          "delete": {
+            "min_age": "30d",
+            "actions": {
+              "delete": {
+                "delete_searchable_snapshot": true
+              }
+            }
           }
+        },
+        "_meta": {
+          "managed": true,
+          "description": "T-Pot ILM policy with a retention of 30 days"
         }
       }
-    } ],
-    "properties" : {
-      "@timestamp": { "type": "date"},
-      "@version": { "type": "keyword"},
-      "geoip"  : {
-        "dynamic": true,
-        "properties" : {
-          "ip": { "type": "ip" },
-          "location" : { "type" : "geo_point" },
-          "latitude" : { "type" : "half_float" },
-          "longitude" : { "type" : "half_float" }
-        }
-      },
-      "geoip_ext"  : {
-        "dynamic": true,
-        "properties" : {
-          "ip": { "type": "ip" },
-          "location" : { "type" : "geo_point" },
-          "latitude" : { "type" : "half_float" },
-          "longitude" : { "type" : "half_float" }
-        }
-      }
-    }
-  }
-}'
+    }'
+  else
+    echo "T-Pot ILM already configured."
+fi
 echo

docker/elk/logstash/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - /opt/tpot/etc/compose/elk_environment
     ports:
      - "127.0.0.1:64305:80"
-    image: "dtagdevsec/logstash:2006"
+    image: "dtagdevsec/logstash:2203"
     volumes:
      - /data:/data
 #     - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf

docker/endlessh/docker-compose.yml

@@ -14,7 +14,7 @@ services:
      - endlessh_local
     ports:
      - "22:2222"
-    image: "dtagdevsec/endlessh:2006"
+    image: "dtagdevsec/endlessh:2203"
     read_only: true
     volumes:
      - /data/endlessh/log:/var/log/endlessh

docker/ews/docker-compose.yml

@@ -23,7 +23,7 @@ services:
      - EWS_HPFEEDS_FORMAT=json
     env_file:
      - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/ewsposter:2006"
+    image: "dtagdevsec/ewsposter:2203"
     volumes:
      - /data:/data
 #     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip

docker/fatt/docker-compose.yml

@@ -12,6 +12,6 @@ services:
      - NET_ADMIN
      - SYS_NICE
      - NET_RAW
-    image: "dtagdevsec/fatt:2006"
+    image: "dtagdevsec/fatt:2203"
     volumes:
      - /data/fatt/log:/opt/fatt/log

docker/glutton/docker-compose.yml

@@ -13,7 +13,7 @@ services:
     network_mode: "host"
     cap_add:
      - NET_ADMIN
-    image: "dtagdevsec/glutton:2006"
+    image: "dtagdevsec/glutton:2203"
     read_only: true
     volumes:
      - /data/glutton/log:/var/log/glutton

docker/heimdall/docker-compose.yml

@@ -26,7 +26,7 @@ services:
     ports:
      - "64297:64297"
      - "127.0.0.1:64304:64304"
-    image: "dtagdevsec/nginx:2006"
+    image: "dtagdevsec/nginx:2203"
     read_only: true
     volumes:
      - /data/nginx/cert/:/etc/nginx/cert/:ro

docker/hellpot/docker-compose.yml

@@ -14,7 +14,7 @@ services:
      - hellpot_local
     ports:
      - "80:8080"    
-    image: "dtagdevsec/hellpot:2006"
+    image: "dtagdevsec/hellpot:2203"
     read_only: true
     volumes:
      - /data/hellpot/log:/var/log/hellpot

docker/heralding/docker-compose.yml

@@ -31,7 +31,7 @@ services:
      - "3389:3389"
      - "5432:5432"
      - "5900:5900"
-    image: "dtagdevsec/heralding:2006"
+    image: "dtagdevsec/heralding:2203"
     read_only: true
     volumes:
      - /data/heralding/log:/var/log/heralding

docker/honeypots/docker-compose.yml

@@ -36,7 +36,7 @@ services:
      - "6379:6379"
      - "8080:8080"
      - "9200:9200"
-    image: "dtagdevsec/honeypots:2006"
+    image: "dtagdevsec/honeypots:2203"
     read_only: true
     volumes:
      - /data/honeypots/log:/var/log/honeypots

docker/honeypy/docker-compose.yml

@@ -20,7 +20,7 @@ services:
      - "2324:2324"
      - "4096:4096"
      - "9200:9200"
-    image: "dtagdevsec/honeypy:2006"
+    image: "dtagdevsec/honeypy:2203"
     read_only: true
     volumes:
      - /data/honeypy/log:/opt/honeypy/log

docker/honeysap/docker-compose.yml

@@ -14,6 +14,6 @@ services:
      - honeysap_local
     ports:
      - "3299:3299"
-    image: "dtagdevsec/honeysap:2006"
+    image: "dtagdevsec/honeysap:2203"
     volumes:
      - /data/honeysap/log:/opt/honeysap/log

docker/honeytrap/docker-compose.yml

@@ -12,7 +12,7 @@ services:
     network_mode: "host"
     cap_add:
      - NET_ADMIN
-    image: "dtagdevsec/honeytrap:2006"
+    image: "dtagdevsec/honeytrap:2203"
     read_only: true
     volumes:
      - /data/honeytrap/attacks:/opt/honeytrap/var/attacks

docker/ipphoney/docker-compose.yml

@@ -14,7 +14,7 @@ services:
      - ipphoney_local
     ports:
      - "631:631"
-    image: "dtagdevsec/ipphoney:2006"
+    image: "dtagdevsec/ipphoney:2203"
     read_only: true
     volumes:
      - /data/ipphoney/log:/opt/ipphoney/log

docker/log4pot/docker-compose.yml

@@ -20,7 +20,7 @@ services:
      - "8080:8080"
      - "9200:8080"
      - "25565:8080"
-    image: "dtagdevsec/log4pot:2006"
+    image: "dtagdevsec/log4pot:2203"
     read_only: true
     volumes:
      - /data/log4pot/log:/var/log/log4pot/log

docker/mailoney/docker-compose.yml

@@ -20,7 +20,7 @@ services:
      - mailoney_local
     ports:
      - "25:25"
-    image: "dtagdevsec/mailoney:2006"
+    image: "dtagdevsec/mailoney:2203"
     read_only: true
     volumes:
      - /data/mailoney/log:/opt/mailoney/logs

docker/medpot/docker-compose.yml

@@ -14,7 +14,7 @@ services:
      - medpot_local
     ports:
      - "2575:2575"
-    image: "dtagdevsec/medpot:2006"
+    image: "dtagdevsec/medpot:2203"
     read_only: true
     volumes:
      - /data/medpot/log/:/var/log/medpot

docker/p0f/docker-compose.yml

@@ -8,7 +8,7 @@ services:
     container_name: p0f
     restart: always
     network_mode: "host"
-    image: "dtagdevsec/p0f:2006"
+    image: "dtagdevsec/p0f:2203"
     read_only: true
     volumes:
      - /data/p0f/log:/var/log/p0f

docker/rdpy/docker-compose.yml

@@ -22,7 +22,7 @@ services:
      - rdpy_local
     ports:
      - "3389:3389"
-    image: "dtagdevsec/rdpy:2006"
+    image: "dtagdevsec/rdpy:2203"
     read_only: true
     volumes:
      - /data/rdpy/log:/var/log/rdpy

docker/redishoneypot/docker-compose.yml

@@ -14,7 +14,7 @@ services:
      - redishoneypot_local
     ports:
      - "6379:6379"    
-    image: "dtagdevsec/redishoneypot:2006"
+    image: "dtagdevsec/redishoneypot:2203"
     read_only: true
     volumes:
      - /data/redishoneypot/log:/var/log/redishoneypot

docker/spiderfoot/docker-compose.yml

@@ -14,6 +14,6 @@ services:
      - spiderfoot_local
     ports:
      - "127.0.0.1:64303:8080"
-    image: "dtagdevsec/spiderfoot:2006"
+    image: "dtagdevsec/spiderfoot:2203"
     volumes:
      - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db

docker/suricata/docker-compose.yml

@@ -15,6 +15,6 @@ services:
      - NET_ADMIN
      - SYS_NICE
      - NET_RAW
-    image: "dtagdevsec/suricata:2006"
+    image: "dtagdevsec/suricata:2203"
     volumes:
      - /data/suricata/log:/var/log/suricata

docker/tanner/docker-compose.yml

@@ -14,7 +14,7 @@ services:
     tty: true
     networks:
      - tanner_local
-    image: "dtagdevsec/redis:2006"
+    image: "dtagdevsec/redis:2203"
     read_only: true
 
 # PHP Sandbox service
@@ -28,7 +28,7 @@ services:
     tty: true
     networks:
      - tanner_local
-    image: "dtagdevsec/phpox:2006"
+    image: "dtagdevsec/phpox:2203"
     read_only: true
 
 # Tanner API Service
@@ -42,7 +42,7 @@ services:
     tty: true
     networks:
      - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "dtagdevsec/tanner:2203"
     read_only: true
     volumes:
      - /data/tanner/log:/var/log/tanner
@@ -63,7 +63,7 @@ services:
      - tanner_local
 #    ports:
 #     - "127.0.0.1:8091:8091"
-    image: "dtagdevsec/tanner:2006"
+    image: "dtagdevsec/tanner:2203"
     command: tannerweb
     read_only: true
     volumes:
@@ -82,7 +82,7 @@ services:
     tty: true
     networks:
      - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "dtagdevsec/tanner:2203"
     command: tanner
     read_only: true
     volumes:
@@ -104,6 +104,6 @@ services:
      - tanner_local
     ports:
      - "80:80"
-    image: "dtagdevsec/snare:2006"
+    image: "dtagdevsec/snare:2203"
     depends_on:
      - tanner

etc/curator/actions.yml

@@ -1,26 +0,0 @@
-# Remember, leave a key empty if there is no value.  None will be a string,
-# not a Python "NoneType"
-#
-# Also remember that all examples have 'disable_action' set to True.  If you
-# want to use this action as a template, be sure to set this to False after
-# copying it.
-actions:
-  1:
-    action: delete_indices
-    description: >-
-      Delete indices older than 90 days (based on index name), for logstash-
-      prefixed indices. Ignore the error if the filter does not result in an
-      actionable list of indices (ignore_empty_list) and exit cleanly.
-    options:
-      ignore_empty_list: True
-      disable_action: False
-    filters:
-    - filtertype: pattern
-      kind: timestring
-      value: '%Y.%m.%d'
-    - filtertype: age
-      source: name
-      direction: older
-      timestring: '%Y.%m.%d'
-      unit: days
-      unit_count: 90

etc/curator/curator.yml

@@ -1,21 +0,0 @@
-# Remember, leave a key empty if there is no value.  None will be a string,
-# not a Python "NoneType"
-client:
-  hosts:
-    - 127.0.0.1
-  port: 64298
-  url_prefix:
-  use_ssl: False
-  certificate:
-  client_cert:
-  client_key:
-  ssl_no_validate: False
-  http_auth:
-  timeout: 30
-  master_only: False
-
-logging:
-  loglevel: INFO
-  logfile: /var/log/curator.log
-  logformat: default
-  blacklist: ['elasticsearch', 'urllib3']

iso/installer/install.sh

@@ -172,9 +172,6 @@ myCRONJOBS="
 # Check if updated images are available and download them
 $myRANDOM_MINUTE $myPULL_HOUR * * *      root    docker-compose -f /opt/tpot/etc/tpot.yml pull
 
-# Delete elasticsearch logstash indices older than 90 days
-$myRANDOM_MINUTE $myDEL_HOUR * * *      root    curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml
-
 # Uploaded binaries are not supposed to be downloaded
 */1 * * * *     root    mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/
 
@@ -312,7 +309,7 @@ function fuGET_DEPS {
   echo "### Removing and holding back problematic packages ..."
   apt-fast -y purge exim4-base mailutils pcp cockpit-pcp elasticsearch-curator
   apt-fast -y autoremove
-  apt-mark hold exim4-base mailutils pcp cockpit-pcp elasticsearch-curator
+  apt-mark hold exim4-base mailutils pcp cockpit-pcp
 }
 
 # Check for other services
@@ -683,10 +680,10 @@ echo "$myNETWORK_WLANEXAMPLE" | tee -a /etc/network/interfaces
 fuBANNER "SSH roaming off"
 echo "UseRoaming no" | tee -a /etc/ssh/ssh_config
 
-# Installing elasticdump, elasticsearch-curator, yq
+# Installing elasticdump, yq
 fuBANNER "Installing pkgs"
 npm install elasticdump -g
-pip3 install elasticsearch-curator yq
+pip3 install yq
 hash -r
 
 # Cloning T-Pot from GitHub

update.sh

@@ -184,7 +184,7 @@ function fuUPDATER () {
 export DEBIAN_FRONTEND=noninteractive
 echo "### Installing apt-fast"
 /bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)"
-local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass syslinux psmisc pv python3-elasticsearch-curator python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant"
+local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass syslinux psmisc pv python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant"
 # Remove purge in the future
 echo "### Removing repository based install of elasticsearch-curator"
 apt-get purge elasticsearch-curator -y
@@ -204,12 +204,10 @@ dpkg --configure -a
 npm cache clean --force
 npm install elasticdump -g
 pip3 install --upgrade yq
-# Remove --force switch in the future ...
-pip3 install elasticsearch-curator --force
 hash -r
 echo "### Removing and holding back problematic packages ..."
 apt-fast -y purge exim4-base mailutils pcp cockpit-pcp elasticsearch-curator
-apt-mark hold exim4-base mailutils pcp cockpit-pcp elasticsearch-curator
+apt-mark hold exim4-base mailutils pcp cockpit-pcp
 echo
 
 echo "### Now replacing T-Pot related config files on host"