update, tweaking, add

add wordpot incl. json logging with activated plugins bump snare, tanner, phpox, tanner_redis to latest master and to alpine 3.19
2025-04-20 06:02:24 +00:00 · 2024-03-11 17:33:53 +01:00 · 2024-03-11 17:33:53 +01:00 · 1da35284be
commit 1da35284be
parent 4baac7ac04
9 changed files with 98 additions and 100 deletions
--- a/compose/tpot_services.yml
+++ b/compose/tpot_services.yml
@ -717,7 +717,7 @@ services:
    pull_policy: ${TPOT_PULL_POLICY}
    read_only: true
    volumes:
-     - ${TPOT_DATA_PATH}/wordpot/log:/opt/wordpot/log
+     - ${TPOT_DATA_PATH}/wordpot/log:/opt/wordpot/logs/
 ##################
--- a/docker/tanner/docker-compose.yml
+++ b/docker/tanner/docker-compose.yml
@ -51,7 +51,7 @@ services:
    image: "dtagdevsec/tanner:alpha"
    read_only: true
    volumes:
-     - /data/tanner/log:/var/log/tanner
+     - $HOME/tpotce/data/tanner/log:/var/log/tanner
    command: tannerapi 
    depends_on:
     - tanner_redis
@ -94,8 +94,8 @@ services:
    command: tanner
    read_only: true
    volumes:
-     - /data/tanner/log:/var/log/tanner
+     - $HOME/tpotce/data/tanner/log:/var/log/tanner
-     - /data/tanner/files:/opt/tanner/files
+     - $HOME/tpotce/data/tanner/files:/opt/tanner/files
    depends_on:
     - tanner_api
 #     - tanner_web
--- a/docker/tanner/phpox/Dockerfile
+++ b/docker/tanner/phpox/Dockerfile
@ -1,42 +1,42 @@
-FROM alpine:3.15
+FROM alpine:3.19
 #
 # Install packages
 RUN apk -U --no-cache add \
-               build-base \
+		build-base \
-               file \
+		file \
-               git \
+		git \
-               make \
+		make \
-               php7 \
+		php83 \
-               php7-dev \
+		php83-dev \
-	       py3-aiohttp \
+		py3-aiohttp \
-               python3 \
+		python3 \
-               python3-dev \
+		python3-dev \
-               re2c && \
+		re2c && \
 #
 # Install bfr sandbox from git
-    git clone https://github.com/mushorg/BFR /opt/BFR && \
+    git clone https://github.com/mushorg/BFR -b v1.0.0 /opt/BFR && \
    cd /opt/BFR && \
-#    git checkout 508729202428a35bcc6bb27dd97b831f7e5009b5 && \
+#    git checkout 91a8a4e155875c50b69d5c6af454e304994815a7 && \
-    phpize7 && \
+    phpize83 && \
    ./configure \
-      --with-php-config=/usr/bin/php-config7 \
+      --with-php-config=/usr/bin/php-config83 \
      --enable-bfr && \
    make && \
    make install && \
    cd / && \
    rm -rf /opt/BFR /tmp/* /var/tmp/* && \
-    echo "zend_extension = "$(find /usr -name bfr.so) >> /etc/php7/php.ini && \
+    echo "zend_extension = "$(find /usr -name bfr.so) >> /etc/php83/php.ini && \
 #
 # Install PHP Sandbox
    git clone https://github.com/mushorg/phpox /opt/phpox && \
    cd /opt/phpox && \
-    git checkout a62c8136ec7b3ebab0c989f4235e2960175121f8 && \
+    #git checkout a62c8136ec7b3ebab0c989f4235e2960175121f8 && \
    make && \
 #
 # Clean up
    apk del --purge build-base \
                    git \
-                    php7-dev \
+                    php83-dev \
                    python3-dev && \
    rm -rf /root/* /var/cache/apk/* /opt/phpox/.git
 #
--- a/docker/tanner/redis/Dockerfile
+++ b/docker/tanner/redis/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.17
+FROM alpine:3.19
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/tanner/snare/Dockerfile
+++ b/docker/tanner/snare/Dockerfile
@ -1,31 +1,32 @@
-FROM alpine:3.17
+FROM alpine:3.19
 #
 # Include dist
 COPY dist/ /root/dist/
 #
 # Setup apt
 RUN apk -U --no-cache add \
-               build-base \
+		build-base \
-               git \
+		git \
-               linux-headers \
+		linux-headers \
-               python3 \
+		python3 \
-               python3-dev \
+		python3-dev \
-	       py3-aiohttp \
+		py3-aiohttp \
-	       py3-beautifulsoup4 \
+		py3-beautifulsoup4 \
-	       py3-gitpython \
+		py3-gitpython \
-	       py3-jinja2 \
+		py3-jinja2 \
-	       py3-markupsafe \
+		py3-markupsafe \
-	       py3-setuptools \
+		py3-setuptools \
-               py3-pip \
+		py3-pip \
-	       py3-pycodestyle \
+		py3-pycodestyle \
-	       py3-wheel && \
+		py3-wheel && \
 #
 # Setup Snare 
    git clone https://github.com/mushorg/snare /opt/snare && \
    cd /opt/snare/ && \
-    git checkout 0919a80838eb0823a3b7029b0264628ee0a36211 && \
+    # git checkout 0919a80838eb0823a3b7029b0264628ee0a36211 && \
 	git checkout 08c69b7165354ea2040b6170c37d92ff3c304f96 && \
    cp /root/dist/requirements.txt . && \
-    pip3 install --no-cache-dir -r requirements.txt && \
+    pip3 install --break-system-packages --no-cache-dir -r requirements.txt && \
    python3 setup.py install && \
    cd / && \
    rm -rf /opt/snare && \
--- a/docker/tanner/tanner/Dockerfile
+++ b/docker/tanner/tanner/Dockerfile
@ -5,41 +5,36 @@ COPY dist/ /root/dist/
 #
 # Setup apt
 RUN apk -U --no-cache add \
-               build-base \
+		build-base \
-               git \
+		git \
-               libcap \
+		libcap \
-               libffi-dev \
+		libffi-dev \
-               openssl-dev \
+		openssl-dev \
-               linux-headers \
+		linux-headers \
-	       py3-aiohttp \
+		py3-aiohttp \
-	       py3-geoip2 \
+		py3-geoip2 \
-	       py3-jinja2 \
+		py3-jinja2 \
-	       py3-jwt \
+		py3-jwt \
-	       py3-mako \
+		py3-mako \
-	       py3-mysqlclient \
+		py3-mysqlclient \
-	       py3-packaging \
+		py3-packaging \
-	       py3-pip \
+		py3-pip \
-	       py3-redis \
+		py3-redis \
-	       py3-pycodestyle \
+		py3-pycodestyle \
-	       py3-setuptools \
+		py3-setuptools \
-	       py3-tornado \
+		py3-tornado \
-	       py3-websocket-client \
+		py3-websocket-client \
-	       py3-wheel \
+		py3-wheel \
-	       py3-yaml \
+		py3-yaml \
-               py3-yarl \
+		py3-yarl \
-               python3 \
+		python3 \
-               python3-dev && \ 
+		python3-dev && \ 
 #
 # Setup Tanner
-#    git clone https://github.com/mushorg/tanner /opt/tanner && \
+#    git clone https://github.com/t3chn0m4g3/tanner /opt/tanner && \
-    git clone https://github.com/t3chn0m4g3/tanner /opt/tanner && \
+	git clone https://github.com/mushorg/tanner /opt/tanner && \
    cd /opt/tanner/ && \
-#    git fetch origin pull/364/head:test && \	
+    git checkout 245d628f4023e5462c7035e760a6b5eed0a33fbe && \
 #    git checkout test && \
 #    git checkout 20dabcbccc50f8878525677b925a4c9abcaf9f54 && \
 #    git checkout 2fdce2e2ad7e125012c7e6dcbfa02b50f73c128e && \
 #    sed -i 's/aioredis/aioredis==1.3.1/g' requirements.txt && \
 #    sed -i 's/^aiohttp$/aiohttp==3.7.4/g' requirements.txt && \
    cp /root/dist/config.yaml /opt/tanner/tanner/data && \
    cp /root/dist/requirements.txt . && \
    pip3 install --no-cache-dir -r requirements.txt && \
--- a/docker/wordpot/Dockerfile
+++ b/docker/wordpot/Dockerfile
@ -1,47 +1,48 @@
-FROM alpine:3.17
+FROM alpine:3.19
 #
 # Include dist
 COPY dist/ /root/dist/
 #
 # Install packages
 RUN apk -U --no-cache add \
-             build-base \
+		build-base \
-             git \
+		git \
-	     libcap \
+		libcap \
-	     py3-click \
+		py3-click \
-	     py3-flask \
+		py3-flask \
-	     py3-itsdangerous \
+		py3-itsdangerous \
-	     py3-jinja2 \
+		py3-jinja2 \
-	     py3-markupsafe \
+		py3-markupsafe \
-	     py3-pip \
+		py3-pip \
-	     py3-werkzeug \
+		py3-ua-parser \
-             python3 \
+		py3-werkzeug \
-             python3-dev && \
+		py3-yaml \
 		python3 \
 		python3-dev && \
 #	     
 # Install wordpot from GitHub and setup
    mkdir -p /opt && \
    cd /opt/ && \
-    git clone https://github.com/Will-777/wordpot2 && \
+    git clone https://github.com/t3chn0m4g3/wordpot && \
-    cd wordpot2 && \
+    cd wordpot && \
-    git checkout e93a2e00d84d280b0acd58ba6889b4bee8a6e4d2 && \
+    git checkout 8fedeb1b74e1d225da2a7273656bf0afa84a20aa && \
 #    cp /root/dist/views.py /opt/wordpot2/wordpot/views.py && \
    cp /root/dist/requirements.txt . && \
-    pip3 install -r requirements.txt && \
+    pip3 install --break-system-packages -r requirements.txt && \
-    setcap cap_net_bind_service=+ep /usr/bin/python3.10 && \
+    setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 wordpot && \
    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 wordpot && \
-    chown wordpot:wordpot -R /opt/wordpot2 && \
+    chown wordpot:wordpot -R /opt/wordpot && \
 #
 # Clean up
    apk del --purge build-base \
-                    git \
+		git \
-		    python3-dev && \
+		python3-dev && \
-    rm -rf /root/* /var/cache/apk/* /opt/wordpot2/.git
+    rm -rf /root/* /var/cache/apk/* /opt/wordpot/.git
 #
 # Start wordpot
 STOPSIGNAL SIGINT
 USER wordpot:wordpot
-WORKDIR /opt/wordpot2
+WORKDIR /opt/wordpot
-CMD ["/usr/bin/python3","wordpot2.py", "--host", "0.0.0.0", "--port", "80", "--title", "Wordpress"]
+CMD ["/usr/bin/python3","wordpot.py", "--host", "0.0.0.0", "--port", "80", "--title", "Wordpress"]
--- a/docker/wordpot/dist/requirements.txt
+++ b/docker/wordpot/dist/requirements.txt
@ -1 +1,2 @@
 hpfeeds-threatstream==1.1
 user-agents
--- a/docker/wordpot/docker-compose.yml
+++ b/docker/wordpot/docker-compose.yml
@ -17,6 +17,6 @@ services:
    ports:
     - "80:80"
    image: "dtagdevsec/wordpot:alpha"
-    #    read_only: true
+    read_only: true
-    #    volumes:
+    volumes:
-            # - /data/wordpot/log:/opt/ddospot/ddospot/db
+     - $HOME/tpotce/data/wordpot/log:/opt/wordpot/logs/
`@ -1 +1,2 @@`
	`hpfeeds-threatstream==1.1`	`hpfeeds-threatstream==1.1`
		`user-agents`