diff --git a/docker/_builder/.env b/docker/_builder/.env index 45eaa863..8a9bac68 100644 --- a/docker/_builder/.env +++ b/docker/_builder/.env @@ -21,7 +21,3 @@ TPOT_VERSION=testing # Most docker features are available on linux TPOT_AMD64=linux/amd64 TPOT_ARM64=linux/arm64 - -# Proxy -# Set Proxy (i.e. "http://proxy:3128") to improve speed (while caching) -PROXY="http://proxy:3128" diff --git a/docker/_builder/builder.sh b/docker/_builder/builder.sh index 52ed92aa..d18e3fad 100755 --- a/docker/_builder/builder.sh +++ b/docker/_builder/builder.sh @@ -1,13 +1,16 @@ -#!/bin/bash +#!/usr/bin/env bash # ANSI color codes for green (OK) and red (FAIL) GREEN='\033[0;32m' RED='\033[0;31m' NC='\033[0m' # No Color -# Default flags +# Default settings PUSH_IMAGES=false NO_CACHE=false +PARALLELBUILDS=8 +UPLOAD_BANDWIDTH=40mbit # Set this to max 90% of available upload bandwidth +INTERFACE=$(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }') # Help message usage() { @@ -37,6 +40,45 @@ while getopts ":pnh" opt; do esac done +# Function to apply upload bandwidth limit using tc +apply_bandwidth_limit() { + echo -n "Applying upload bandwidth limit of $UPLOAD_BANDWIDTH on interface $INTERFACE..." + if sudo tc qdisc add dev $INTERFACE root tbf rate $UPLOAD_BANDWIDTH burst 32kbit latency 400ms >/dev/null 2>&1; then + echo -e " [${GREEN}OK${NC}]" + else + echo -e " [${RED}FAIL${NC}]" + remove_bandwidth_limit + + # Try to reapply the limit + echo -n "Reapplying upload bandwidth limit of $UPLOAD_BANDWIDTH on interface $INTERFACE..." + if sudo tc qdisc add dev $INTERFACE root tbf rate $UPLOAD_BANDWIDTH burst 32kbit latency 400ms >/dev/null 2>&1; then + echo -e " [${GREEN}OK${NC}]" + else + echo -e " [${RED}FAIL${NC}]" + echo "Failed to apply bandwidth limit on $INTERFACE. Exiting." + echo + exit 1 + fi + fi +} + +# Function to check if the bandwidth limit is set +is_bandwidth_limit_set() { + sudo tc qdisc show dev $INTERFACE | grep -q 'tbf' +} + +# Function to remove the bandwidth limit using tc if it is set +remove_bandwidth_limit() { + if is_bandwidth_limit_set; then + echo -n "Removing upload bandwidth limit on interface $INTERFACE..." + if sudo tc qdisc del dev $INTERFACE root; then + echo -e " [${GREEN}OK${NC}]" + else + echo -e " [${RED}FAIL${NC}]" + fi + fi +} + echo "###########################" echo "# T-Pot Image Builder" echo "###########################" @@ -86,6 +128,24 @@ else echo -e " [${RED}FAIL${NC}]" fi +# Apply bandwidth limit only if pushing images +if $PUSH_IMAGES; then + echo + echo "########################################" + echo "# Setting Upload Bandwidth limit ..." + echo "########################################" + echo + apply_bandwidth_limit +fi + +# Trap to ensure bandwidth limit is removed on script error, exit +trap_cleanup() { + if is_bandwidth_limit_set; then + remove_bandwidth_limit + fi +} +trap trap_cleanup INT ERR EXIT + echo echo "################################" echo "# Now building images ..." @@ -95,11 +155,10 @@ echo mkdir -p log # List of services to build -#services=$(docker compose config --services) -services="tpotinit beelzebub nginx p0f" +services=$(docker compose config --services | sort) -# Loop through each service -echo $services | tr ' ' '\n' | xargs -I {} -P 3 bash -c ' +# Loop through each service to build +echo $services | tr ' ' '\n' | xargs -I {} -P $PARALLELBUILDS bash -c ' echo "Building image: {}" && \ build_cmd="docker compose build {}" && \ if '$PUSH_IMAGES'; then \ @@ -109,10 +168,20 @@ echo $services | tr ' ' '\n' | xargs -I {} -P 3 bash -c ' build_cmd="$build_cmd --no-cache"; \ fi && \ eval "$build_cmd 2>&1 > log/{}.log" && \ - echo -e "Service {}: ['$GREEN'OK'$NC']" || \ - echo -e "Service {}: ['$RED'FAIL'$NC']" + echo -e "Image {}: ['$GREEN'OK'$NC']" || \ + echo -e "Image {}: ['$RED'FAIL'$NC']" ' +# Remove bandwidth limit if it was applied +if is_bandwidth_limit_set; then + echo + echo "########################################" + echo "# Removiong Upload Bandwidth limit ..." + echo "########################################" + echo + remove_bandwidth_limit +fi + echo echo "#######################################################" echo "# Done." diff --git a/docker/_builder/docker-compose.yml b/docker/_builder/docker-compose.yml index 7523466f..ef50e777 100644 --- a/docker/_builder/docker-compose.yml +++ b/docker/_builder/docker-compose.yml @@ -7,8 +7,6 @@ # Common build config x-common-build: &common-build - args: - PROXY: ${PROXY} dockerfile: ./Dockerfile platforms: - ${TPOT_AMD64} diff --git a/docker/_builder/setup_builder.sh b/docker/_builder/setup_builder.sh index 0d431621..a7f761f4 100755 --- a/docker/_builder/setup_builder.sh +++ b/docker/_builder/setup_builder.sh @@ -1,57 +1,99 @@ #!/usr/bin/env bash -# Got root? -myWHOAMI=$(whoami) -if [ "$myWHOAMI" != "root" ] - then - echo "Need to run as root ..." - exit +# ANSI color codes for green (OK) and red (FAIL) +BLUE='\033[0;34m' +GREEN='\033[0;32m' +RED='\033[0;31m' +NC='\033[0m' # No Color + +# Check if the user is in the docker group +if ! groups $(whoami) | grep &>/dev/null '\bdocker\b'; then + echo -e "${RED}You need to be in the docker group to run this script without root privileges.${NC}" + echo "Please run the following command to add yourself to the docker group:" + echo " sudo usermod -aG docker $(whoami)" + echo "Then log out and log back in or run the script with sudo." + exit 1 fi -# Only run with command switch +# Command-line switch check if [ "$1" != "-y" ]; then - echo "### Setting up docker for Multi Arch Builds." - echo "### Requires Docker packages from https://get.docker.com/" - echo "### Use on x64 only!" - echo "### Run with -y if you fit the requirements!" - echo - exit + echo "### Setting up Docker for Multi-Arch Builds." + echo "### Requires Docker packages from https://get.docker.com/" + echo "### Use on x64 only!" + echo "### Run with -y if you fit the requirements!" + exit 0 fi -# We need to create a new builder as the default one cannot handle multi-arch builds -# https://docs.docker.com/desktop/multi-arch/ -docker buildx create --name mybuilder +# Check if the mybuilder exists and is running +echo -n "Checking if buildx builder 'mybuilder' exists and is running..." +if ! docker buildx inspect mybuilder --bootstrap >/dev/null 2>&1; then + echo + echo -n " Creating and starting buildx builder 'mybuilder'..." + if docker buildx create --name mybuilder --driver docker-container --use >/dev/null 2>&1 && \ + docker buildx inspect mybuilder --bootstrap >/dev/null 2>&1; then + echo -e " [${GREEN}OK${NC}]" + else + echo -e " [${RED}FAIL${NC}]" + exit 1 + fi +else + echo -e " [${GREEN}OK${NC}]" +fi -# Set as default -docker buildx use mybuilder +# Ensure QEMU is set up for cross-platform builds +echo -n "Ensuring QEMU is configured for cross-platform builds..." +if docker run --rm --privileged multiarch/qemu-user-static --reset -p yes >/dev/null 2>&1; then + echo -e " [${GREEN}OK${NC}]" +else + echo -e " [${RED}FAIL${NC}]" + exit 1 +fi -# We need to install emulators, arm64 should be fine for now -# https://github.com/tonistiigi/binfmt/ -docker run --privileged --rm tonistiigi/binfmt --install arm64 +# Ensure arm64 and amd64 platforms are active +echo -n "Ensuring 'mybuilder' supports linux/arm64 and linux/amd64..." +active_platforms=$(docker buildx inspect mybuilder --bootstrap | grep -oP '(?<=Platforms: ).*') -# Check if everything is setup correctly -docker buildx inspect --bootstrap -echo -echo "### Done." -echo -echo "Example (manual build): docker buildx build --platform linux/amd64,linux/arm64 -t username/demo:latest --push ." -echo "Docs: https://docs.docker.com/desktop/multi-arch/" -echo -echo "Example (build release): docker compose build" -echo -echo "Example (build and push release): docker compose build --push" -echo -echo "Example (build single image): docker compose build tpotinit" -echo -echo "Example (build and push single image): docker compose build tpotinit --push" -echo -echo "Resolve problems running buildx:" -echo "docker buildx create --use --name mybuilder" -echo "docker buildx inspect mybuilder --bootstrap" -echo "docker login -u " -echo "docker login ghcr.io - " -echo -echo "Resolve segmentation faults when building arm64 images in qemu on amd64:" -echo "docker run --rm --privileged multiarch/qemu-user-static --reset -p yes" -echo +if [[ "$active_platforms" == *"linux/arm64"* && "$active_platforms" == *"linux/amd64"* ]]; then + echo -e " [${GREEN}OK${NC}]" +else + echo + echo -n " Enabling platforms linux/arm64 and linux/amd64..." + if docker buildx create --name mybuilder --driver docker-container --use --platform linux/amd64,linux/arm64 >/dev/null 2>&1 && \ + docker buildx inspect mybuilder --bootstrap >/dev/null 2>&1; then + echo -e " [${GREEN}OK${NC}]" + else + echo -e " [${RED}FAIL${NC}]" + exit 1 + fi +fi +echo +echo -e "${BLUE}### Done.${NC}" +echo +echo -e "${BLUE}Examples:${NC}" +echo -e " ${BLUE}Manual multi-arch build:${NC}" +echo " docker buildx build --platform linux/amd64,linux/arm64 -t username/demo:latest --push ." +echo +echo -e " ${BLUE}Documentation:${NC} https://docs.docker.com/desktop/multi-arch/" +echo +echo -e " ${BLUE}Build release with Docker Compose:${NC}" +echo " docker compose build" +echo +echo -e " ${BLUE}Build and push release with Docker Compose:${NC}" +echo " docker compose build --push" +echo +echo -e " ${BLUE}Build a single image with Docker Compose:${NC}" +echo " docker compose build tpotinit" +echo +echo -e " ${BLUE}Build and push a single image with Docker Compose:${NC}" +echo " docker compose build tpotinit --push" +echo +echo -e "${BLUE}Resolve buildx issues:${NC}" +echo " docker buildx create --use --name mybuilder" +echo " docker buildx inspect mybuilder --bootstrap" +echo " docker login -u " +echo " docker login ghcr.io -u " +echo +echo -e "${BLUE}Fix segmentation faults when building arm64 images:${NC}" +echo " docker run --rm --privileged multiarch/qemu-user-static --reset -p yes" +echo diff --git a/docker/adbhoney/Dockerfile b/docker/adbhoney/Dockerfile index 834acf1a..5d09e5b4 100644 --- a/docker/adbhoney/Dockerfile +++ b/docker/adbhoney/Dockerfile @@ -1,19 +1,10 @@ FROM alpine:3.19 -ARG PROXY -ENV http_proxy=${PROXY} # # Include dist COPY dist/ /root/dist/ # -# Install packages, use proxy if available and cache using http -RUN ash -c 'if [ -n "${http_proxy}" ]; then \ - sed -i "s/https/http/g" /etc/apk/repositories; \ - echo "Using HTTP Proxy at ${http_proxy}"; \ - else \ - echo "HTTP Proxy not configured, proceeding without proxy"; \ - fi' && \ -# Setup apk - apk --no-cache -U add \ +# Install packages +RUN apk --no-cache -U add \ git \ procps \ py3-psutil \ @@ -37,9 +28,7 @@ RUN ash -c 'if [ -n "${http_proxy}" ]; then \ # # Clean up apk del --purge git && \ - sed -i "s/http/https/g" /etc/apk/repositories && \ rm -rf /root/* /opt/adbhoney/.git /var/cache/apk/* -ENV http_proxy="" # # Set workdir and start adbhoney STOPSIGNAL SIGINT diff --git a/docker/beelzebub/Dockerfile b/docker/beelzebub/Dockerfile index f514af27..f3b6ae58 100644 --- a/docker/beelzebub/Dockerfile +++ b/docker/beelzebub/Dockerfile @@ -4,7 +4,8 @@ ENV GO111MODULE=on \ CGO_ENABLED=0 \ GOOS=linux # -RUN apk add git +# Install packages +RUN apk -U add git # WORKDIR /root # diff --git a/docker/ciscoasa/Dockerfile b/docker/ciscoasa/Dockerfile index da7f2714..518cdfb7 100644 --- a/docker/ciscoasa/Dockerfile +++ b/docker/ciscoasa/Dockerfile @@ -3,9 +3,8 @@ FROM alpine:3.19 # Include dist COPY dist/ /root/dist/ # -# Setup env and apt -RUN apk --no-cache -U upgrade && \ - apk --no-cache add build-base \ +# Install packages +RUN apk --no-cache -U add build-base \ git \ libffi \ libffi-dev \ @@ -37,9 +36,9 @@ RUN apk --no-cache -U upgrade && \ libffi-dev \ openssl-dev \ python3-dev && \ - rm -rf /root/* && \ - rm -rf /opt/ciscoasa_honeypot/.git && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /opt/ciscoasa_honeypot/.git \ + /var/cache/apk/* # # Start ciscoasa STOPSIGNAL SIGINT diff --git a/docker/citrixhoneypot/Dockerfile b/docker/citrixhoneypot/Dockerfile index b51dd882..ab9be1ce 100644 --- a/docker/citrixhoneypot/Dockerfile +++ b/docker/citrixhoneypot/Dockerfile @@ -33,9 +33,9 @@ RUN apk --no-cache -U add \ # Clean up apk del --purge git \ openssl && \ - rm -rf /root/* && \ - rm -rf /opt/citrixhoneypot/.git && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /opt/citrixhoneypot/.git \ + /var/cache/apk/* # # Set workdir and start citrixhoneypot STOPSIGNAL SIGINT diff --git a/docker/conpot/Dockerfile b/docker/conpot/Dockerfile index 792210d3..97f6b93a 100644 --- a/docker/conpot/Dockerfile +++ b/docker/conpot/Dockerfile @@ -3,9 +3,8 @@ FROM alpine:3.19 # Include dist COPY dist/ /root/dist/ # -# Setup apt -RUN apk --no-cache -U add \ - build-base \ +# Install packages +RUN apk --no-cache -U add build-base \ cython \ file \ git \ @@ -88,9 +87,9 @@ RUN apk --no-cache -U add \ pkgconfig \ python3-dev \ wget && \ - rm -rf /root/* && \ - rm -rf /tmp/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /tmp/* \ + /var/cache/apk/* # # Start conpot STOPSIGNAL SIGINT diff --git a/docker/cowrie/Dockerfile b/docker/cowrie/Dockerfile index 1c2573b6..e1c44e76 100644 --- a/docker/cowrie/Dockerfile +++ b/docker/cowrie/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.19 # Include dist COPY dist/ /root/dist/ # -# Get and install dependencies & packages +# Install packages RUN apk --no-cache -U add \ bash \ build-base \ @@ -50,7 +50,6 @@ RUN apk --no-cache -U add \ pip3 install --break-system-packages -r requirements.txt && \ # # Setup configs - #export PYTHON_DIR=$(python3 --version | tr '[A-Z]' '[a-z]' | tr -d ' ' | cut -d '.' -f 1,2 ) && \ setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \ cp /root/dist/cowrie.cfg /home/cowrie/cowrie/cowrie.cfg && \ chown cowrie:cowrie -R /home/cowrie/* /usr/lib/$(readlink -f $(type -P python3) | cut -f4 -d"/")/site-packages/twisted/plugins && \ @@ -72,12 +71,10 @@ RUN apk --no-cache -U add \ openssl-dev \ python3-dev \ py3-mysqlclient && \ - rm -rf /root/* /tmp/* && \ - rm -rf /var/cache/apk/* && \ - rm -rf /home/cowrie/cowrie/cowrie.pid && \ - rm -rf /home/cowrie/cowrie/.git && \ -# ln -s /usr/bin/python3 /usr/bin/python && \ - unset PYTHON_DIR + rm -rf /root/* /tmp/* \ + /var/cache/apk/* \ + /home/cowrie/cowrie/cowrie.pid \ + /home/cowrie/cowrie/.git # # Start cowrie ENV PYTHONPATH /home/cowrie/cowrie:/home/cowrie/cowrie/src diff --git a/docker/ddospot/Dockerfile b/docker/ddospot/Dockerfile index f1754d0e..2613f155 100644 --- a/docker/ddospot/Dockerfile +++ b/docker/ddospot/Dockerfile @@ -52,9 +52,9 @@ RUN apk --no-cache -U add \ apk del --purge build-base \ git \ python3-dev && \ - rm -rf /root/* && \ - rm -rf /opt/ddospot/.git && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /opt/ddospot/.git \ + /var/cache/apk/* # # Start ddospot STOPSIGNAL SIGINT diff --git a/docker/dicompot/Dockerfile b/docker/dicompot/Dockerfile index ea130040..8db8e882 100644 --- a/docker/dicompot/Dockerfile +++ b/docker/dicompot/Dockerfile @@ -3,8 +3,8 @@ FROM golang:1.21-alpine AS builder # Include dist COPY dist/ /root/dist/ # -# Setup apk -RUN apk -U add --no-cache \ +# Install packages +RUN apk --no-cache -U add \ build-base \ git \ g++ && \ @@ -32,7 +32,7 @@ RUN addgroup -g 2000 dicompot && \ adduser -S -s /bin/ash -u 2000 -D -g 2000 dicompot && \ chown -R dicompot:dicompot /opt/dicompot # -# Start dicompot +# Start dicompot WORKDIR /opt/dicompot USER dicompot:dicompot CMD ["./server","-ip","0.0.0.0","-dir","images","-log","/var/log/dicompot/dicompot.log"] diff --git a/docker/dionaea/Dockerfile b/docker/dionaea/Dockerfile index 481426be..ff3929f6 100644 --- a/docker/dionaea/Dockerfile +++ b/docker/dionaea/Dockerfile @@ -1,7 +1,5 @@ FROM ubuntu:22.04 ENV DEBIAN_FRONTEND noninteractive -ARG PROXY -ENV http_proxy=${PROXY} # # Include dist COPY dist/ /root/dist/ @@ -121,8 +119,12 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \ # apt-get autoremove --purge -y && \ apt-get clean && \ - rm -rf /root/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /opt/dionaea/.git -ENV http_proxy="" + rm -rf /root/* \ + /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* \ + /root/.cache \ + /opt/dionaea/.git # # Start dionaea STOPSIGNAL SIGINT diff --git a/docker/elasticpot/Dockerfile b/docker/elasticpot/Dockerfile index 597b0a95..14185bc1 100644 --- a/docker/elasticpot/Dockerfile +++ b/docker/elasticpot/Dockerfile @@ -4,7 +4,7 @@ FROM alpine:3.19 COPY dist/ /root/dist/ # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ build-base \ ca-certificates \ git \ @@ -48,8 +48,9 @@ RUN apk -U --no-cache add \ openssl-dev \ postgresql-dev \ python3-dev && \ - rm -rf /root/* && \ - rm -rf /var/cache/apk/* /opt/elasticpot/.git + rm -rf /root/* \ + /var/cache/apk/* \ + /opt/elasticpot/.git # # Start elasticpot STOPSIGNAL SIGINT diff --git a/docker/elk/elasticsearch/Dockerfile b/docker/elk/elasticsearch/Dockerfile index 6430899b..4f24b957 100644 --- a/docker/elk/elasticsearch/Dockerfile +++ b/docker/elk/elasticsearch/Dockerfile @@ -1,22 +1,12 @@ FROM ubuntu:22.04 ENV DEBIAN_FRONTEND noninteractive -ARG PROXY ENV ES_VER=8.14.2 -ENV http_proxy=${PROXY} # # Include dist COPY dist/ /root/dist/ # -# Check if APT_PROXY is set and configure apt to use the proxy only if it's available -RUN bash -c 'if [ -n "${http_proxy}" ]; then \ - echo "Using APT proxy at ${http_proxy}"; \ - echo "Acquire::http::Proxy \"${http_proxy}\";" > /etc/apt/apt.conf.d/01proxy; \ - else \ - echo "APT proxy not configured, proceeding without proxy"; \ - fi' && \ -# bash -c 'echo "Acquire::http::Proxy::ports.ubuntu.com DIRECT;" > /etc/apt/apt.conf.d/99force-no-proxy' && \ -# Setup apt - apt-get update -y && \ +# Install packages +RUN apt-get update -y && \ apt-get install -y \ aria2 \ curl && \ @@ -48,8 +38,11 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \ # Clean up apt-get purge aria2 -y && \ apt-get autoremove -y --purge && \ - apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /root/* -ENV http_proxy="" + apt-get clean && \ + rm -rf /var/lib/apt/lists/* \ + /tmp/* /var/tmp/* \ + /root/.cache \ + /root/* # # Healthcheck HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health' diff --git a/docker/elk/kibana/Dockerfile b/docker/elk/kibana/Dockerfile index 863f8256..95235a10 100644 --- a/docker/elk/kibana/Dockerfile +++ b/docker/elk/kibana/Dockerfile @@ -1,12 +1,11 @@ FROM node:20.13.1-alpine3.20 -# -# VARS ENV KB_VER=8.14.2 # # Include dist COPY dist/ /root/dist/ # -RUN apk -U --no-cache add \ +# Install packages +RUN apk --no-cache -U add \ aria2 \ curl \ gcompat && \ @@ -44,9 +43,9 @@ RUN apk -U --no-cache add \ # # Clean up apk del --purge aria2 && \ - rm -rf /root/* && \ - rm -rf /tmp/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /tmp/* \ + /var/cache/apk/* # # Healthcheck HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:5601' diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile index bb698d2d..8fd418be 100644 --- a/docker/elk/logstash/Dockerfile +++ b/docker/elk/logstash/Dockerfile @@ -1,22 +1,12 @@ FROM ubuntu:22.04 ENV DEBIAN_FRONTEND noninteractive -ARG PROXY ENV LS_VER=8.14.2 -ENV http_proxy=${PROXY} # # Include dist COPY dist/ /root/dist/ # -# Check if PROXY is set and configure apt to use the proxy -RUN bash -c 'if [ -n "${http_proxy}" ]; then \ - echo "Using APT proxy at ${http_proxy}"; \ - echo "Acquire::http::Proxy \"${http_proxy}\";" > /etc/apt/apt.conf.d/01proxy; \ - else \ - echo "APT proxy not configured, proceeding without proxy"; \ - fi' && \ -# bash -c 'echo "Acquire::http::Proxy::ports.ubuntu.com DIRECT;" > /etc/apt/apt.conf.d/99force-no-proxy' && \ -# Setup apt - apt-get update -y && \ +# Install packages +RUN apt-get update -y && \ apt-get install -y \ aria2 \ bash \ @@ -66,8 +56,11 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \ # # Clean up apt-get autoremove -y --purge && \ - apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /root/* -ENV http_proxy="" + apt-get clean && \ + rm -rf /var/lib/apt/lists/* \ + /tmp/* /var/tmp/* \ + /root/.cache \ + /root/* # # Healthcheck HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600' diff --git a/docker/elk/map/Dockerfile b/docker/elk/map/Dockerfile index c490eb50..fde3fba6 100644 --- a/docker/elk/map/Dockerfile +++ b/docker/elk/map/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:3.19 # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ build-base \ git \ libcap \ diff --git a/docker/endlessh/Dockerfile b/docker/endlessh/Dockerfile index 2dc20db8..e4f766a6 100644 --- a/docker/endlessh/Dockerfile +++ b/docker/endlessh/Dockerfile @@ -1,11 +1,10 @@ FROM alpine:3.16 AS builder # # Include dist -ADD dist/ /root/dist/ +COPY dist/ /root/dist/ # # Install packages -RUN apk -U add --no-cache \ - build-base \ +RUN build-base \ git \ libcap && \ # @@ -32,8 +31,8 @@ RUN apk -U add --no-cache \ #setcap cap_net_bind_service=+ep /usr/bin/python3.8 && \ # # Clean up - rm -rf /root/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /var/cache/apk/* # # Set workdir and start endlessh STOPSIGNAL SIGINT diff --git a/docker/ewsposter/Dockerfile b/docker/ewsposter/Dockerfile index 2fe92d59..9df14a2f 100644 --- a/docker/ewsposter/Dockerfile +++ b/docker/ewsposter/Dockerfile @@ -4,7 +4,7 @@ FROM alpine:3.19 COPY dist/ /root/dist/ # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ build-base \ git \ libffi-dev \ @@ -25,7 +25,6 @@ RUN apk -U --no-cache add \ pip3 install --break-system-packages --upgrade pip && \ pip3 install --break-system-packages --no-cache-dir configparser hpfeeds3 influxdb influxdb-client xmljson && \ # -# # Setup ewsposter git clone https://github.com/telekom-security/ewsposter -b v1.25.0 /opt/ewsposter && \ mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \ diff --git a/docker/fatt/Dockerfile b/docker/fatt/Dockerfile index 1c3baa4e..78df3f49 100644 --- a/docker/fatt/Dockerfile +++ b/docker/fatt/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:3.19 # -# Get and install dependencies & packages -RUN apk -U --no-cache add \ +# Install packages +RUN apk --no-cache -U add \ git \ libcap \ py3-libxml2 \ @@ -35,7 +35,9 @@ RUN apk -U --no-cache add \ # Clean up apk del --purge git \ python3-dev && \ - rm -rf /root/* /var/cache/apk/* /opt/fatt/.git + rm -rf /root/* \ + /var/cache/apk/* \ + /opt/fatt/.git # # Start fatt STOPSIGNAL SIGINT diff --git a/docker/hellpot/Dockerfile b/docker/hellpot/Dockerfile index ad4e1cf1..880fb67b 100644 --- a/docker/hellpot/Dockerfile +++ b/docker/hellpot/Dockerfile @@ -3,8 +3,8 @@ FROM golang:1.21-alpine AS builder # Include dist COPY dist/ /root/dist/ # -# Setup apk -RUN apk -U --no-cache add \ +# Install packages +RUN apk --no-cache -U add \ build-base \ git \ g++ && \ diff --git a/docker/heralding/Dockerfile b/docker/heralding/Dockerfile index c4b46cc5..27ef41f2 100644 --- a/docker/heralding/Dockerfile +++ b/docker/heralding/Dockerfile @@ -4,7 +4,7 @@ FROM alpine:3.19 COPY dist/ /root/dist/ # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ build-base \ git \ libcap \ diff --git a/docker/honeypots/Dockerfile b/docker/honeypots/Dockerfile index 07be79eb..c6310d8e 100644 --- a/docker/honeypots/Dockerfile +++ b/docker/honeypots/Dockerfile @@ -4,7 +4,7 @@ FROM alpine:3.19 COPY dist/ /root/dist/ # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ build-base \ freetds \ freetds-dev \ @@ -78,8 +78,9 @@ RUN apk -U --no-cache add \ postgresql-dev \ python3-dev \ zlib-dev && \ - rm -rf /root/* /var/cache/apk/* /opt/honeypots/.git - + rm -rf /root/* \ + /var/cache/apk/* \ + /opt/honeypots/.git # # Start honeypots STOPSIGNAL SIGINT diff --git a/docker/honeytrap/Dockerfile b/docker/honeytrap/Dockerfile index b2b85be9..1494fd20 100644 --- a/docker/honeytrap/Dockerfile +++ b/docker/honeytrap/Dockerfile @@ -1,21 +1,11 @@ FROM ubuntu:22.04 ENV DEBIAN_FRONTEND noninteractive -ARG PROXY -ENV http_proxy=${PROXY} # # Include dist COPY dist/ /root/dist/ # -# Check if APT_PROXY is set and configure apt to use the proxy only if it's available -RUN bash -c 'if [ -n "${http_proxy}" ]; then \ - echo "Using APT proxy at ${http_proxy}"; \ - echo "Acquire::http::Proxy \"${http_proxy}\";" > /etc/apt/apt.conf.d/01proxy; \ - else \ - echo "APT proxy not configured, proceeding without proxy"; \ - fi' && \ -# bash -c 'echo "Acquire::http::Proxy::ports.ubuntu.com DIRECT;" > /etc/apt/apt.conf.d/99force-no-proxy' && \ -# Setup apt - apt-get update && \ +# Install packages +RUN apt-get update && \ # # Install packages apt-get install -y autoconf \ @@ -64,8 +54,12 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \ libnetfilter-queue-dev \ libpq-dev && \ apt-get autoremove -y --purge && \ - apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /root/* /opt/honeytrap/.git -ENV http_proxy="" + apt-get clean && \ + rm -rf /var/lib/apt/lists/* \ + /tmp/* /var/tmp/* \ + /root/.cache \ + /root/* \ + /opt/honeytrap/.git # # Start honeytrap USER honeytrap:honeytrap diff --git a/docker/ipphoney/Dockerfile b/docker/ipphoney/Dockerfile index fe315a47..6833c1d9 100644 --- a/docker/ipphoney/Dockerfile +++ b/docker/ipphoney/Dockerfile @@ -4,7 +4,7 @@ FROM alpine:3.19 COPY dist/ /root/dist/ # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ build-base \ ca-certificates \ git \ diff --git a/docker/log4pot/Dockerfile b/docker/log4pot/Dockerfile index 1f4b6066..76a4d0e0 100644 --- a/docker/log4pot/Dockerfile +++ b/docker/log4pot/Dockerfile @@ -1,18 +1,8 @@ FROM ubuntu:22.04 ENV DEBIAN_FRONTEND noninteractive -ARG PROXY -ENV http_proxy=${PROXY} # -# Check if APT_PROXY is set and configure apt to use the proxy -RUN bash -c 'if [ -n "${http_proxy}" ]; then \ - echo "Using APT proxy at ${http_proxy}"; \ - echo "Acquire::http::Proxy \"${http_proxy}\";" > /etc/apt/apt.conf.d/01proxy; \ - else \ - echo "APT proxy not configured, proceeding without proxy"; \ - fi' && \ -# bash -c 'echo "Acquire::http::Proxy::ports.ubuntu.com DIRECT;" > /etc/apt/apt.conf.d/99force-no-proxy' && \ -# Setup apt - apt-get update -y && \ +# Install packages +RUN apt-get update -y && \ apt-get install -y \ build-essential \ cargo \ @@ -57,8 +47,12 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \ python3-dev \ rust-all && \ apt-get autoremove -y --purge && \ - apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /opt/Log4Pot/.git -ENV http_proxy="" + apt-get clean && \ + rm -rf /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* \ + /root/.cache \ + /opt/Log4Pot/.git # # Start log4pot STOPSIGNAL SIGINT diff --git a/docker/mailoney/Dockerfile b/docker/mailoney/Dockerfile index 2f31ba8e..815d3d72 100644 --- a/docker/mailoney/Dockerfile +++ b/docker/mailoney/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:3.19 # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ git \ libcap \ py3-pip \ diff --git a/docker/medpot/Dockerfile b/docker/medpot/Dockerfile index 0b5968a2..666189e0 100644 --- a/docker/medpot/Dockerfile +++ b/docker/medpot/Dockerfile @@ -1,7 +1,7 @@ FROM golang:1.21-alpine AS builder # -# Setup apk -RUN apk -U --no-cache add \ +# Install packages +RUN apk --no-cache -U add \ build-base \ git \ go \ diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile index fe724c66..bed43559 100644 --- a/docker/nginx/Dockerfile +++ b/docker/nginx/Dockerfile @@ -3,8 +3,8 @@ FROM alpine:3.19 # Include dist COPY dist/ /root/dist/ # -# Get and install dependencies & packages -RUN apk -U --no-cache add \ +# Install packages +RUN apk --no-cache -U add \ nginx \ nginx-mod-http-brotli \ nginx-mod-http-headers-more \ @@ -32,8 +32,8 @@ RUN apk -U --no-cache add \ cp /root/dist/conf/lsweb.conf /etc/nginx/conf.d/ && \ # # Clean up - rm -rf /root/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /var/cache/apk/* # # Start nginx CMD ["nginx", "-g", "daemon off;"] diff --git a/docker/p0f/Dockerfile b/docker/p0f/Dockerfile index 0fc64988..4d7af3b9 100644 --- a/docker/p0f/Dockerfile +++ b/docker/p0f/Dockerfile @@ -1,12 +1,10 @@ -# In case of problems Alpine 3.13 needs to be used: -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2 FROM alpine:3.19 # # Add source COPY . /opt/p0f # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ bash \ build-base \ jansson \ @@ -28,8 +26,8 @@ RUN apk -U --no-cache add \ apk del --purge build-base \ jansson-dev \ libpcap-dev && \ - rm -rf /root/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /var/cache/apk/* # # Start p0f WORKDIR /opt/p0f diff --git a/docker/redishoneypot/Dockerfile b/docker/redishoneypot/Dockerfile index d04f6aa1..4fabfa55 100644 --- a/docker/redishoneypot/Dockerfile +++ b/docker/redishoneypot/Dockerfile @@ -3,14 +3,14 @@ FROM golang:1.21-alpine as builder # Include dist COPY dist/ /root/dist/ # -# Setup apk -RUN apk -U --no-cache add \ +# Install packages +RUN apk --no-cache -U add \ build-base \ git \ go \ g++ && \ # -# Setup go, hellpot +# Setup go, redishoneypot cd /root && \ export GOPATH=/opt/go/ && \ mkdir -p /opt/go && \ diff --git a/docker/sentrypeer/Dockerfile b/docker/sentrypeer/Dockerfile index 641ee719..88de6907 100644 --- a/docker/sentrypeer/Dockerfile +++ b/docker/sentrypeer/Dockerfile @@ -11,8 +11,8 @@ RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \ chown -R sentrypeer:sentrypeer /usr/bin/sentrypeer && \ # # Clean up - rm -rf /root/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /var/cache/apk/* # # Set workdir and start sentrypeer STOPSIGNAL SIGKILL diff --git a/docker/spiderfoot/Dockerfile b/docker/spiderfoot/Dockerfile index c18b4ca9..e7dbb6e1 100644 --- a/docker/spiderfoot/Dockerfile +++ b/docker/spiderfoot/Dockerfile @@ -3,8 +3,8 @@ FROM alpine:3.19 # Include dist COPY dist/ /root/dist/ # -# Get and install dependencies & packages -RUN apk -U --no-cache add \ +# Install packages +RUN apk --no-cache -U add \ build-base \ curl \ git \ @@ -82,7 +82,7 @@ RUN apk -U --no-cache add \ python3-dev \ swig \ tinyxml-dev && \ - rm -rf /var/cache/apk/* /home/spiderfoot/.git + rm -rf /var/cache/apk/* /home/spiderfoot/.git # # Healthcheck HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:8080/spiderfoot/' diff --git a/docker/suricata/Dockerfile b/docker/suricata/Dockerfile index cd5454fe..b6f36878 100644 --- a/docker/suricata/Dockerfile +++ b/docker/suricata/Dockerfile @@ -4,7 +4,7 @@ FROM alpine:edge COPY dist/ /root/dist/ # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ ca-certificates \ curl \ file \ @@ -30,9 +30,9 @@ RUN apk -U --no-cache add \ suricata-update --no-test --no-reload && \ # # Clean up - rm -rf /root/* && \ - rm -rf /tmp/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /tmp/* \ + /var/cache/apk/* # # Start suricata STOPSIGNAL SIGINT diff --git a/docker/tanner/phpox/Dockerfile b/docker/tanner/phpox/Dockerfile index dd214f13..eb4f0620 100644 --- a/docker/tanner/phpox/Dockerfile +++ b/docker/tanner/phpox/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:3.19 # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ build-base \ file \ git \ diff --git a/docker/tanner/redis/Dockerfile b/docker/tanner/redis/Dockerfile index 4d05379b..91579152 100644 --- a/docker/tanner/redis/Dockerfile +++ b/docker/tanner/redis/Dockerfile @@ -3,8 +3,8 @@ FROM alpine:3.19 # Include dist COPY dist/ /root/dist/ # -# Setup apk and redis -RUN apk -U --no-cache add redis shadow && \ +# Install packages +RUN apk --no-cache -U add redis shadow && \ cp /root/dist/redis.conf /etc && \ # # Setup user and group @@ -14,9 +14,10 @@ RUN apk -U --no-cache add redis shadow && \ # Clean up apk del --purge \ shadow && \ - rm -rf /root/* && \ - rm -rf /tmp/* /var/tmp/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /tmp/* \ + /var/tmp/* \ + /var/cache/apk/* # # Start redis STOPSIGNAL SIGKILL diff --git a/docker/tanner/snare/Dockerfile b/docker/tanner/snare/Dockerfile index fade6ede..dd5e3657 100644 --- a/docker/tanner/snare/Dockerfile +++ b/docker/tanner/snare/Dockerfile @@ -3,8 +3,8 @@ FROM alpine:3.19 # Include dist COPY dist/ /root/dist/ # -# Setup apt -RUN apk -U --no-cache add \ +# Install packages +RUN apk --no-cache -U add \ build-base \ git \ linux-headers \ @@ -45,9 +45,9 @@ RUN apk -U --no-cache add \ build-base \ linux-headers \ python3-dev && \ - rm -rf /root/* && \ - rm -rf /tmp/* /var/tmp/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /tmp/* /var/tmp/* \ + /var/cache/apk/* # # Start snare STOPSIGNAL SIGKILL diff --git a/docker/tanner/tanner/Dockerfile b/docker/tanner/tanner/Dockerfile index 4deaa0f6..4c2566a4 100644 --- a/docker/tanner/tanner/Dockerfile +++ b/docker/tanner/tanner/Dockerfile @@ -3,8 +3,8 @@ FROM alpine:3.17 # Include dist COPY dist/ /root/dist/ # -# Setup apt -RUN apk -U --no-cache add \ +# Install packages +RUN apk --no-cache -U add \ build-base \ git \ libcap \ @@ -67,8 +67,11 @@ RUN apk -U --no-cache add \ # libressl-dev \ linux-headers \ python3-dev && \ - rm -rf /root/* && \ - rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /opt/tanner/.git + rm -rf /root/* \ + /tmp/* \ + /var/tmp/* \ + /var/cache/apk/* \ + /opt/tanner/.git # # Start tanner STOPSIGNAL SIGKILL diff --git a/docker/tpotinit/Dockerfile b/docker/tpotinit/Dockerfile index f78354f8..37c27ad3 100644 --- a/docker/tpotinit/Dockerfile +++ b/docker/tpotinit/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:edge # Include dist COPY dist/ /opt/tpot/ # -# Get and install dependencies & packages +# Install packages RUN apk --no-cache -U add \ aria2 \ apache2-utils \ @@ -36,9 +36,10 @@ RUN apk --no-cache -U add \ # # Clean up apk del --purge git && \ - rm -rf /root/* /tmp/* && \ - rm -rf /root/.cache /opt/tpot/.git && \ - rm -rf /var/cache/apk/* + rm -rf /root/* /tmp/* \ + /root/.cache \ + /opt/tpot/.git \ + /var/cache/apk/* # # Run tpotinit WORKDIR /opt/tpot diff --git a/docker/wordpot/Dockerfile b/docker/wordpot/Dockerfile index 9b862f67..1b631f9c 100644 --- a/docker/wordpot/Dockerfile +++ b/docker/wordpot/Dockerfile @@ -4,7 +4,7 @@ FROM alpine:3.19 COPY dist/ /root/dist/ # # Install packages -RUN apk -U --no-cache add \ +RUN apk --no-cache -U add \ build-base \ git \ libcap \ @@ -39,7 +39,9 @@ RUN apk -U --no-cache add \ apk del --purge build-base \ git \ python3-dev && \ - rm -rf /root/* /var/cache/apk/* /opt/wordpot/.git + rm -rf /root/* \ + /var/cache/apk/* \ + /opt/wordpot/.git # # Start wordpot STOPSIGNAL SIGINT