Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-19 21:52:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Finish work on new builder, tweaking

Browse source
This commit is contained in:
t3chn0m4g3 2024-09-11 10:42:17 +00:00
parent 4f3edb61b3
commit 29ad2a507d
41 changed files with 307 additions and 235 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docker/_builder/.env
View file

@ -21,7 +21,3 @@ TPOT_VERSION=testing
# Most docker features are available on linux
TPOT_AMD64=linux/amd64
TPOT_ARM64=linux/arm64
# Proxy
# Set Proxy (i.e. "http://proxy:3128") to improve speed (while caching)
PROXY="http://proxy:3128"

85
docker/_builder/builder.sh
View file

@ -1,13 +1,16 @@
#!/bin/bash
#!/usr/bin/env bash
# ANSI color codes for green (OK) and red (FAIL)
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
# Default flags
# Default settings
PUSH_IMAGES=false
NO_CACHE=false
PARALLELBUILDS=8
UPLOAD_BANDWIDTH=40mbit # Set this to max 90% of available upload bandwidth
INTERFACE=$(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }')
# Help message
usage() {
@ -37,6 +40,45 @@ while getopts ":pnh" opt; do
esac
done
# Function to apply upload bandwidth limit using tc
apply_bandwidth_limit() {
echo -n "Applying upload bandwidth limit of $UPLOAD_BANDWIDTH on interface $INTERFACE..."
if sudo tc qdisc add dev $INTERFACE root tbf rate $UPLOAD_BANDWIDTH burst 32kbit latency 400ms >/dev/null 2>&1; then
echo -e " [${GREEN}OK${NC}]"
else
echo -e " [${RED}FAIL${NC}]"
remove_bandwidth_limit
# Try to reapply the limit
echo -n "Reapplying upload bandwidth limit of $UPLOAD_BANDWIDTH on interface $INTERFACE..."
if sudo tc qdisc add dev $INTERFACE root tbf rate $UPLOAD_BANDWIDTH burst 32kbit latency 400ms >/dev/null 2>&1; then
echo -e " [${GREEN}OK${NC}]"
else
echo -e " [${RED}FAIL${NC}]"
echo "Failed to apply bandwidth limit on $INTERFACE. Exiting."
echo
exit 1
fi
fi
}
# Function to check if the bandwidth limit is set
is_bandwidth_limit_set() {
sudo tc qdisc show dev $INTERFACE | grep -q 'tbf'
}
# Function to remove the bandwidth limit using tc if it is set
remove_bandwidth_limit() {
if is_bandwidth_limit_set; then
echo -n "Removing upload bandwidth limit on interface $INTERFACE..."
if sudo tc qdisc del dev $INTERFACE root; then
echo -e " [${GREEN}OK${NC}]"
else
echo -e " [${RED}FAIL${NC}]"
fi
fi
}
echo "###########################"
echo "# T-Pot Image Builder"
echo "###########################"
@ -86,6 +128,24 @@ else
echo -e " [${RED}FAIL${NC}]"
fi
# Apply bandwidth limit only if pushing images
if $PUSH_IMAGES; then
echo
echo "########################################"
echo "# Setting Upload Bandwidth limit ..."
echo "########################################"
echo
apply_bandwidth_limit
fi
# Trap to ensure bandwidth limit is removed on script error, exit
trap_cleanup() {
if is_bandwidth_limit_set; then
remove_bandwidth_limit
fi
}
trap trap_cleanup INT ERR EXIT
echo
echo "################################"
echo "# Now building images ..."
@ -95,11 +155,10 @@ echo
mkdir -p log
# List of services to build
#services=$(docker compose config --services)
services="tpotinit beelzebub nginx p0f"
services=$(docker compose config --services | sort)
# Loop through each service
echo $services | tr ' ' '\n' | xargs -I {} -P 3 bash -c '
# Loop through each service to build
echo $services | tr ' ' '\n' | xargs -I {} -P $PARALLELBUILDS bash -c '
echo "Building image: {}" && \
build_cmd="docker compose build {}" && \
if '$PUSH_IMAGES'; then \
@ -109,10 +168,20 @@ echo $services | tr ' ' '\n' | xargs -I {} -P 3 bash -c '
build_cmd="$build_cmd --no-cache"; \
fi && \
eval "$build_cmd 2>&1 > log/{}.log" && \
echo -e "Service {}: ['$GREEN'OK'$NC']" || \
echo -e "Service {}: ['$RED'FAIL'$NC']"
echo -e "Image {}: ['$GREEN'OK'$NC']" || \
echo -e "Image {}: ['$RED'FAIL'$NC']"
'
# Remove bandwidth limit if it was applied
if is_bandwidth_limit_set; then
echo
echo "########################################"
echo "# Removiong Upload Bandwidth limit ..."
echo "########################################"
echo
remove_bandwidth_limit
fi
echo
echo "#######################################################"
echo "# Done."

2
docker/_builder/docker-compose.yml
View file

@ -7,8 +7,6 @@
# Common build config
x-common-build: &common-build
args:
PROXY: ${PROXY}
dockerfile: ./Dockerfile
platforms:
- ${TPOT_AMD64}

134
docker/_builder/setup_builder.sh
View file

@ -1,57 +1,99 @@
#!/usr/bin/env bash
# Got root?
myWHOAMI=$(whoami)
if [ "$myWHOAMI" != "root" ]
then
echo "Need to run as root ..."
exit
# ANSI color codes for green (OK) and red (FAIL)
BLUE='\033[0;34m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
# Check if the user is in the docker group
if ! groups $(whoami) | grep &>/dev/null '\bdocker\b'; then
echo -e "${RED}You need to be in the docker group to run this script without root privileges.${NC}"
echo "Please run the following command to add yourself to the docker group:"
echo " sudo usermod -aG docker $(whoami)"
echo "Then log out and log back in or run the script with sudo."
exit 1
fi
# Only run with command switch
# Command-line switch check
if [ "$1" != "-y" ]; then
echo "### Setting up docker for Multi Arch Builds."
echo "### Requires Docker packages from https://get.docker.com/"
echo "### Use on x64 only!"
echo "### Run with -y if you fit the requirements!"
echo
exit
echo "### Setting up Docker for Multi-Arch Builds."
echo "### Requires Docker packages from https://get.docker.com/"
echo "### Use on x64 only!"
echo "### Run with -y if you fit the requirements!"
exit 0
fi
# We need to create a new builder as the default one cannot handle multi-arch builds
# https://docs.docker.com/desktop/multi-arch/
docker buildx create --name mybuilder
# Check if the mybuilder exists and is running
echo -n "Checking if buildx builder 'mybuilder' exists and is running..."
if ! docker buildx inspect mybuilder --bootstrap >/dev/null 2>&1; then
echo
echo -n " Creating and starting buildx builder 'mybuilder'..."
if docker buildx create --name mybuilder --driver docker-container --use >/dev/null 2>&1 && \
docker buildx inspect mybuilder --bootstrap >/dev/null 2>&1; then
echo -e " [${GREEN}OK${NC}]"
else
echo -e " [${RED}FAIL${NC}]"
exit 1
fi
else
echo -e " [${GREEN}OK${NC}]"
fi
# Set as default
docker buildx use mybuilder
# Ensure QEMU is set up for cross-platform builds
echo -n "Ensuring QEMU is configured for cross-platform builds..."
if docker run --rm --privileged multiarch/qemu-user-static --reset -p yes >/dev/null 2>&1; then
echo -e " [${GREEN}OK${NC}]"
else
echo -e " [${RED}FAIL${NC}]"
exit 1
fi
# We need to install emulators, arm64 should be fine for now
# https://github.com/tonistiigi/binfmt/
docker run --privileged --rm tonistiigi/binfmt --install arm64
# Ensure arm64 and amd64 platforms are active
echo -n "Ensuring 'mybuilder' supports linux/arm64 and linux/amd64..."
active_platforms=$(docker buildx inspect mybuilder --bootstrap | grep -oP '(?<=Platforms: ).*')
# Check if everything is setup correctly
docker buildx inspect --bootstrap
echo
echo "### Done."
echo
echo "Example (manual build): docker buildx build --platform linux/amd64,linux/arm64 -t username/demo:latest --push ."
echo "Docs: https://docs.docker.com/desktop/multi-arch/"
echo
echo "Example (build release): docker compose build"
echo
echo "Example (build and push release): docker compose build --push"
echo
echo "Example (build single image): docker compose build tpotinit"
echo
echo "Example (build and push single image): docker compose build tpotinit --push"
echo
echo "Resolve problems running buildx:"
echo "docker buildx create --use --name mybuilder"
echo "docker buildx inspect mybuilder --bootstrap"
echo "docker login -u <username>"
echo "docker login ghcr.io - <username>"
echo
echo "Resolve segmentation faults when building arm64 images in qemu on amd64:"
echo "docker run --rm --privileged multiarch/qemu-user-static --reset -p yes"
echo
if [[ "$active_platforms" == *"linux/arm64"* && "$active_platforms" == *"linux/amd64"* ]]; then
echo -e " [${GREEN}OK${NC}]"
else
echo
echo -n " Enabling platforms linux/arm64 and linux/amd64..."
if docker buildx create --name mybuilder --driver docker-container --use --platform linux/amd64,linux/arm64 >/dev/null 2>&1 && \
docker buildx inspect mybuilder --bootstrap >/dev/null 2>&1; then
echo -e " [${GREEN}OK${NC}]"
else
echo -e " [${RED}FAIL${NC}]"
exit 1
fi
fi
echo
echo -e "${BLUE}### Done.${NC}"
echo
echo -e "${BLUE}Examples:${NC}"
echo -e " ${BLUE}Manual multi-arch build:${NC}"
echo " docker buildx build --platform linux/amd64,linux/arm64 -t username/demo:latest --push ."
echo
echo -e " ${BLUE}Documentation:${NC} https://docs.docker.com/desktop/multi-arch/"
echo
echo -e " ${BLUE}Build release with Docker Compose:${NC}"
echo " docker compose build"
echo
echo -e " ${BLUE}Build and push release with Docker Compose:${NC}"
echo " docker compose build --push"
echo
echo -e " ${BLUE}Build a single image with Docker Compose:${NC}"
echo " docker compose build tpotinit"
echo
echo -e " ${BLUE}Build and push a single image with Docker Compose:${NC}"
echo " docker compose build tpotinit --push"
echo
echo -e "${BLUE}Resolve buildx issues:${NC}"
echo " docker buildx create --use --name mybuilder"
echo " docker buildx inspect mybuilder --bootstrap"
echo " docker login -u <username>"
echo " docker login ghcr.io -u <username>"
echo
echo -e "${BLUE}Fix segmentation faults when building arm64 images:${NC}"
echo " docker run --rm --privileged multiarch/qemu-user-static --reset -p yes"
echo

15
docker/adbhoney/Dockerfile
View file

@ -1,19 +1,10 @@
FROM alpine:3.19
ARG PROXY
ENV http_proxy=${PROXY}
#
# Include dist
COPY dist/ /root/dist/
#
# Install packages, use proxy if available and cache using http
RUN ash -c 'if [ -n "${http_proxy}" ]; then \
sed -i "s/https/http/g" /etc/apk/repositories; \
echo "Using HTTP Proxy at ${http_proxy}"; \
else \
echo "HTTP Proxy not configured, proceeding without proxy"; \
fi' && \
# Setup apk
apk --no-cache -U add \
# Install packages
RUN apk --no-cache -U add \
git \
procps \
py3-psutil \
@ -37,9 +28,7 @@ RUN ash -c 'if [ -n "${http_proxy}" ]; then \
#
# Clean up
apk del --purge git && \
sed -i "s/http/https/g" /etc/apk/repositories && \
rm -rf /root/* /opt/adbhoney/.git /var/cache/apk/*
ENV http_proxy=""
#
# Set workdir and start adbhoney
STOPSIGNAL SIGINT

3
docker/beelzebub/Dockerfile
View file

@ -4,7 +4,8 @@ ENV GO111MODULE=on \
CGO_ENABLED=0 \
GOOS=linux
#
RUN apk add git
# Install packages
RUN apk -U add git
#
WORKDIR /root
#

11
docker/ciscoasa/Dockerfile
View file

@ -3,9 +3,8 @@ FROM alpine:3.19
# Include dist
COPY dist/ /root/dist/
#
# Setup env and apt
RUN apk --no-cache -U upgrade && \
apk --no-cache add build-base \
# Install packages
RUN apk --no-cache -U add build-base \
git \
libffi \
libffi-dev \
@ -37,9 +36,9 @@ RUN apk --no-cache -U upgrade && \
libffi-dev \
openssl-dev \
python3-dev && \
rm -rf /root/* && \
rm -rf /opt/ciscoasa_honeypot/.git && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/opt/ciscoasa_honeypot/.git \
/var/cache/apk/*
#
# Start ciscoasa
STOPSIGNAL SIGINT

6
docker/citrixhoneypot/Dockerfile
View file

@ -33,9 +33,9 @@ RUN apk --no-cache -U add \
# Clean up
apk del --purge git \
openssl && \
rm -rf /root/* && \
rm -rf /opt/citrixhoneypot/.git && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/opt/citrixhoneypot/.git \
/var/cache/apk/*
#
# Set workdir and start citrixhoneypot
STOPSIGNAL SIGINT

11
docker/conpot/Dockerfile
View file

@ -3,9 +3,8 @@ FROM alpine:3.19
# Include dist
COPY dist/ /root/dist/
#
# Setup apt
RUN apk --no-cache -U add \
build-base \
# Install packages
RUN apk --no-cache -U add build-base \
cython \
file \
git \
@ -88,9 +87,9 @@ RUN apk --no-cache -U add \
pkgconfig \
python3-dev \
wget && \
rm -rf /root/* && \
rm -rf /tmp/* && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/tmp/* \
/var/cache/apk/*
#
# Start conpot
STOPSIGNAL SIGINT

13
docker/cowrie/Dockerfile
View file

@ -3,7 +3,7 @@ FROM alpine:3.19
# Include dist
COPY dist/ /root/dist/
#
# Get and install dependencies & packages
# Install packages
RUN apk --no-cache -U add \
bash \
build-base \
@ -50,7 +50,6 @@ RUN apk --no-cache -U add \
pip3 install --break-system-packages -r requirements.txt && \
#
# Setup configs
#export PYTHON_DIR=$(python3 --version | tr '[A-Z]' '[a-z]' | tr -d ' ' | cut -d '.' -f 1,2 ) && \
setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
cp /root/dist/cowrie.cfg /home/cowrie/cowrie/cowrie.cfg && \
chown cowrie:cowrie -R /home/cowrie/* /usr/lib/$(readlink -f $(type -P python3) | cut -f4 -d"/")/site-packages/twisted/plugins && \
@ -72,12 +71,10 @@ RUN apk --no-cache -U add \
openssl-dev \
python3-dev \
py3-mysqlclient && \
rm -rf /root/* /tmp/* && \
rm -rf /var/cache/apk/* && \
rm -rf /home/cowrie/cowrie/cowrie.pid && \
rm -rf /home/cowrie/cowrie/.git && \
# ln -s /usr/bin/python3 /usr/bin/python && \
unset PYTHON_DIR
rm -rf /root/* /tmp/* \
/var/cache/apk/* \
/home/cowrie/cowrie/cowrie.pid \
/home/cowrie/cowrie/.git
#
# Start cowrie
ENV PYTHONPATH /home/cowrie/cowrie:/home/cowrie/cowrie/src

6
docker/ddospot/Dockerfile
View file

@ -52,9 +52,9 @@ RUN apk --no-cache -U add \
apk del --purge build-base \
git \
python3-dev && \
rm -rf /root/* && \
rm -rf /opt/ddospot/.git && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/opt/ddospot/.git \
/var/cache/apk/*
#
# Start ddospot
STOPSIGNAL SIGINT

6
docker/dicompot/Dockerfile
View file

@ -3,8 +3,8 @@ FROM golang:1.21-alpine AS builder
# Include dist
COPY dist/ /root/dist/
#
# Setup apk
RUN apk -U add --no-cache \
# Install packages
RUN apk --no-cache -U add \
build-base \
git \
g++ && \
@ -32,7 +32,7 @@ RUN addgroup -g 2000 dicompot && \
adduser -S -s /bin/ash -u 2000 -D -g 2000 dicompot && \
chown -R dicompot:dicompot /opt/dicompot
#
# Start dicompot
# Start dicompot
WORKDIR /opt/dicompot
USER dicompot:dicompot
CMD ["./server","-ip","0.0.0.0","-dir","images","-log","/var/log/dicompot/dicompot.log"]

10
docker/dionaea/Dockerfile
View file

@ -1,7 +1,5 @@
FROM ubuntu:22.04
ENV DEBIAN_FRONTEND noninteractive
ARG PROXY
ENV http_proxy=${PROXY}
#
# Include dist
COPY dist/ /root/dist/
@ -121,8 +119,12 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \
#
apt-get autoremove --purge -y && \
apt-get clean && \
rm -rf /root/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /opt/dionaea/.git
ENV http_proxy=""
rm -rf /root/* \
/var/lib/apt/lists/* \
/tmp/* \
/var/tmp/* \
/root/.cache \
/opt/dionaea/.git
#
# Start dionaea
STOPSIGNAL SIGINT

7
docker/elasticpot/Dockerfile
View file

@ -4,7 +4,7 @@ FROM alpine:3.19
COPY dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
build-base \
ca-certificates \
git \
@ -48,8 +48,9 @@ RUN apk -U --no-cache add \
openssl-dev \
postgresql-dev \
python3-dev && \
rm -rf /root/* && \
rm -rf /var/cache/apk/* /opt/elasticpot/.git
rm -rf /root/* \
/var/cache/apk/* \
/opt/elasticpot/.git
#
# Start elasticpot
STOPSIGNAL SIGINT

21
docker/elk/elasticsearch/Dockerfile
View file

@ -1,22 +1,12 @@
FROM ubuntu:22.04
ENV DEBIAN_FRONTEND noninteractive
ARG PROXY
ENV ES_VER=8.14.2
ENV http_proxy=${PROXY}
#
# Include dist
COPY dist/ /root/dist/
#
# Check if APT_PROXY is set and configure apt to use the proxy only if it's available
RUN bash -c 'if [ -n "${http_proxy}" ]; then \
echo "Using APT proxy at ${http_proxy}"; \
echo "Acquire::http::Proxy \"${http_proxy}\";" > /etc/apt/apt.conf.d/01proxy; \
else \
echo "APT proxy not configured, proceeding without proxy"; \
fi' && \
# bash -c 'echo "Acquire::http::Proxy::ports.ubuntu.com DIRECT;" > /etc/apt/apt.conf.d/99force-no-proxy' && \
# Setup apt
apt-get update -y && \
# Install packages
RUN apt-get update -y && \
apt-get install -y \
aria2 \
curl && \
@ -48,8 +38,11 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \
# Clean up
apt-get purge aria2 -y && \
apt-get autoremove -y --purge && \
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /root/*
ENV http_proxy=""
apt-get clean && \
rm -rf /var/lib/apt/lists/* \
/tmp/* /var/tmp/* \
/root/.cache \
/root/*
#
# Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health'

11
docker/elk/kibana/Dockerfile
View file

@ -1,12 +1,11 @@
FROM node:20.13.1-alpine3.20
#
# VARS
ENV KB_VER=8.14.2
#
# Include dist
COPY dist/ /root/dist/
#
RUN apk -U --no-cache add \
# Install packages
RUN apk --no-cache -U add \
aria2 \
curl \
gcompat && \
@ -44,9 +43,9 @@ RUN apk -U --no-cache add \
#
# Clean up
apk del --purge aria2 && \
rm -rf /root/* && \
rm -rf /tmp/* && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/tmp/* \
/var/cache/apk/*
#
# Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:5601'

21
docker/elk/logstash/Dockerfile
View file

@ -1,22 +1,12 @@
FROM ubuntu:22.04
ENV DEBIAN_FRONTEND noninteractive
ARG PROXY
ENV LS_VER=8.14.2
ENV http_proxy=${PROXY}
#
# Include dist
COPY dist/ /root/dist/
#
# Check if PROXY is set and configure apt to use the proxy
RUN bash -c 'if [ -n "${http_proxy}" ]; then \
echo "Using APT proxy at ${http_proxy}"; \
echo "Acquire::http::Proxy \"${http_proxy}\";" > /etc/apt/apt.conf.d/01proxy; \
else \
echo "APT proxy not configured, proceeding without proxy"; \
fi' && \
# bash -c 'echo "Acquire::http::Proxy::ports.ubuntu.com DIRECT;" > /etc/apt/apt.conf.d/99force-no-proxy' && \
# Setup apt
apt-get update -y && \
# Install packages
RUN apt-get update -y && \
apt-get install -y \
aria2 \
bash \
@ -66,8 +56,11 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \
#
# Clean up
apt-get autoremove -y --purge && \
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /root/*
ENV http_proxy=""
apt-get clean && \
rm -rf /var/lib/apt/lists/* \
/tmp/* /var/tmp/* \
/root/.cache \
/root/*
#
# Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'

2
docker/elk/map/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:3.19
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
build-base \
git \
libcap \

9
docker/endlessh/Dockerfile
View file

@ -1,11 +1,10 @@
FROM alpine:3.16 AS builder
#
# Include dist
ADD dist/ /root/dist/
COPY dist/ /root/dist/
#
# Install packages
RUN apk -U add --no-cache \
build-base \
RUN build-base \
git \
libcap && \
#
@ -32,8 +31,8 @@ RUN apk -U add --no-cache \
#setcap cap_net_bind_service=+ep /usr/bin/python3.8 && \
#
# Clean up
rm -rf /root/* && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/var/cache/apk/*
#
# Set workdir and start endlessh
STOPSIGNAL SIGINT

3
docker/ewsposter/Dockerfile
View file

@ -4,7 +4,7 @@ FROM alpine:3.19
COPY dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
build-base \
git \
libffi-dev \
@ -25,7 +25,6 @@ RUN apk -U --no-cache add \
pip3 install --break-system-packages --upgrade pip && \
pip3 install --break-system-packages --no-cache-dir configparser hpfeeds3 influxdb influxdb-client xmljson && \
#
#
# Setup ewsposter
git clone https://github.com/telekom-security/ewsposter -b v1.25.0 /opt/ewsposter && \
mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \

8
docker/fatt/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:3.19
#
# Get and install dependencies & packages
RUN apk -U --no-cache add \
# Install packages
RUN apk --no-cache -U add \
git \
libcap \
py3-libxml2 \
@ -35,7 +35,9 @@ RUN apk -U --no-cache add \
# Clean up
apk del --purge git \
python3-dev && \
rm -rf /root/* /var/cache/apk/* /opt/fatt/.git
rm -rf /root/* \
/var/cache/apk/* \
/opt/fatt/.git
#
# Start fatt
STOPSIGNAL SIGINT

4
docker/hellpot/Dockerfile
View file

@ -3,8 +3,8 @@ FROM golang:1.21-alpine AS builder
# Include dist
COPY dist/ /root/dist/
#
# Setup apk
RUN apk -U --no-cache add \
# Install packages
RUN apk --no-cache -U add \
build-base \
git \
g++ && \

2
docker/heralding/Dockerfile
View file

@ -4,7 +4,7 @@ FROM alpine:3.19
COPY dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
build-base \
git \
libcap \

7
docker/honeypots/Dockerfile
View file

@ -4,7 +4,7 @@ FROM alpine:3.19
COPY dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
build-base \
freetds \
freetds-dev \
@ -78,8 +78,9 @@ RUN apk -U --no-cache add \
postgresql-dev \
python3-dev \
zlib-dev && \
rm -rf /root/* /var/cache/apk/* /opt/honeypots/.git
rm -rf /root/* \
/var/cache/apk/* \
/opt/honeypots/.git
#
# Start honeypots
STOPSIGNAL SIGINT

22
docker/honeytrap/Dockerfile
View file

@ -1,21 +1,11 @@
FROM ubuntu:22.04
ENV DEBIAN_FRONTEND noninteractive
ARG PROXY
ENV http_proxy=${PROXY}
#
# Include dist
COPY dist/ /root/dist/
#
# Check if APT_PROXY is set and configure apt to use the proxy only if it's available
RUN bash -c 'if [ -n "${http_proxy}" ]; then \
echo "Using APT proxy at ${http_proxy}"; \
echo "Acquire::http::Proxy \"${http_proxy}\";" > /etc/apt/apt.conf.d/01proxy; \
else \
echo "APT proxy not configured, proceeding without proxy"; \
fi' && \
# bash -c 'echo "Acquire::http::Proxy::ports.ubuntu.com DIRECT;" > /etc/apt/apt.conf.d/99force-no-proxy' && \
# Setup apt
apt-get update && \
# Install packages
RUN apt-get update && \
#
# Install packages
apt-get install -y autoconf \
@ -64,8 +54,12 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \
libnetfilter-queue-dev \
libpq-dev && \
apt-get autoremove -y --purge && \
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /root/* /opt/honeytrap/.git
ENV http_proxy=""
apt-get clean && \
rm -rf /var/lib/apt/lists/* \
/tmp/* /var/tmp/* \
/root/.cache \
/root/* \
/opt/honeytrap/.git
#
# Start honeytrap
USER honeytrap:honeytrap

2
docker/ipphoney/Dockerfile
View file

@ -4,7 +4,7 @@ FROM alpine:3.19
COPY dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
build-base \
ca-certificates \
git \

22
docker/log4pot/Dockerfile
View file

@ -1,18 +1,8 @@
FROM ubuntu:22.04
ENV DEBIAN_FRONTEND noninteractive
ARG PROXY
ENV http_proxy=${PROXY}
#
# Check if APT_PROXY is set and configure apt to use the proxy
RUN bash -c 'if [ -n "${http_proxy}" ]; then \
echo "Using APT proxy at ${http_proxy}"; \
echo "Acquire::http::Proxy \"${http_proxy}\";" > /etc/apt/apt.conf.d/01proxy; \
else \
echo "APT proxy not configured, proceeding without proxy"; \
fi' && \
# bash -c 'echo "Acquire::http::Proxy::ports.ubuntu.com DIRECT;" > /etc/apt/apt.conf.d/99force-no-proxy' && \
# Setup apt
apt-get update -y && \
# Install packages
RUN apt-get update -y && \
apt-get install -y \
build-essential \
cargo \
@ -57,8 +47,12 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \
python3-dev \
rust-all && \
apt-get autoremove -y --purge && \
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /opt/Log4Pot/.git
ENV http_proxy=""
apt-get clean && \
rm -rf /var/lib/apt/lists/* \
/tmp/* \
/var/tmp/* \
/root/.cache \
/opt/Log4Pot/.git
#
# Start log4pot
STOPSIGNAL SIGINT

2
docker/mailoney/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:3.19
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
git \
libcap \
py3-pip \

4
docker/medpot/Dockerfile
View file

@ -1,7 +1,7 @@
FROM golang:1.21-alpine AS builder
#
# Setup apk
RUN apk -U --no-cache add \
# Install packages
RUN apk --no-cache -U add \
build-base \
git \
go \

8
docker/nginx/Dockerfile
View file

@ -3,8 +3,8 @@ FROM alpine:3.19
# Include dist
COPY dist/ /root/dist/
#
# Get and install dependencies & packages
RUN apk -U --no-cache add \
# Install packages
RUN apk --no-cache -U add \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-headers-more \
@ -32,8 +32,8 @@ RUN apk -U --no-cache add \
cp /root/dist/conf/lsweb.conf /etc/nginx/conf.d/ && \
#
# Clean up
rm -rf /root/* && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/var/cache/apk/*
#
# Start nginx
CMD ["nginx", "-g", "daemon off;"]

8
docker/p0f/Dockerfile
View file

@ -1,12 +1,10 @@
# In case of problems Alpine 3.13 needs to be used:
# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2
FROM alpine:3.19
#
# Add source
COPY . /opt/p0f
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
bash \
build-base \
jansson \
@ -28,8 +26,8 @@ RUN apk -U --no-cache add \
apk del --purge build-base \
jansson-dev \
libpcap-dev && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/var/cache/apk/*
#
# Start p0f
WORKDIR /opt/p0f

6
docker/redishoneypot/Dockerfile
View file

@ -3,14 +3,14 @@ FROM golang:1.21-alpine as builder
# Include dist
COPY dist/ /root/dist/
#
# Setup apk
RUN apk -U --no-cache add \
# Install packages
RUN apk --no-cache -U add \
build-base \
git \
go \
g++ && \
#
# Setup go, hellpot
# Setup go, redishoneypot
cd /root && \
export GOPATH=/opt/go/ && \
mkdir -p /opt/go && \

4
docker/sentrypeer/Dockerfile
View file

@ -11,8 +11,8 @@ RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
chown -R sentrypeer:sentrypeer /usr/bin/sentrypeer && \
#
# Clean up
rm -rf /root/* && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/var/cache/apk/*
#
# Set workdir and start sentrypeer
STOPSIGNAL SIGKILL

6
docker/spiderfoot/Dockerfile
View file

@ -3,8 +3,8 @@ FROM alpine:3.19
# Include dist
COPY dist/ /root/dist/
#
# Get and install dependencies & packages
RUN apk -U --no-cache add \
# Install packages
RUN apk --no-cache -U add \
build-base \
curl \
git \
@ -82,7 +82,7 @@ RUN apk -U --no-cache add \
python3-dev \
swig \
tinyxml-dev && \
rm -rf /var/cache/apk/* /home/spiderfoot/.git
rm -rf /var/cache/apk/* /home/spiderfoot/.git
#
# Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:8080/spiderfoot/'

8
docker/suricata/Dockerfile
View file

@ -4,7 +4,7 @@ FROM alpine:edge
COPY dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
ca-certificates \
curl \
file \
@ -30,9 +30,9 @@ RUN apk -U --no-cache add \
suricata-update --no-test --no-reload && \
#
# Clean up
rm -rf /root/* && \
rm -rf /tmp/* && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/tmp/* \
/var/cache/apk/*
#
# Start suricata
STOPSIGNAL SIGINT

2
docker/tanner/phpox/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:3.19
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
build-base \
file \
git \

11
docker/tanner/redis/Dockerfile
View file

@ -3,8 +3,8 @@ FROM alpine:3.19
# Include dist
COPY dist/ /root/dist/
#
# Setup apk and redis
RUN apk -U --no-cache add redis shadow && \
# Install packages
RUN apk --no-cache -U add redis shadow && \
cp /root/dist/redis.conf /etc && \
#
# Setup user and group
@ -14,9 +14,10 @@ RUN apk -U --no-cache add redis shadow && \
# Clean up
apk del --purge \
shadow && \
rm -rf /root/* && \
rm -rf /tmp/* /var/tmp/* && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/tmp/* \
/var/tmp/* \
/var/cache/apk/*
#
# Start redis
STOPSIGNAL SIGKILL

10
docker/tanner/snare/Dockerfile
View file

@ -3,8 +3,8 @@ FROM alpine:3.19
# Include dist
COPY dist/ /root/dist/
#
# Setup apt
RUN apk -U --no-cache add \
# Install packages
RUN apk --no-cache -U add \
build-base \
git \
linux-headers \
@ -45,9 +45,9 @@ RUN apk -U --no-cache add \
build-base \
linux-headers \
python3-dev && \
rm -rf /root/* && \
rm -rf /tmp/* /var/tmp/* && \
rm -rf /var/cache/apk/*
rm -rf /root/* \
/tmp/* /var/tmp/* \
/var/cache/apk/*
#
# Start snare
STOPSIGNAL SIGKILL

11
docker/tanner/tanner/Dockerfile
View file

@ -3,8 +3,8 @@ FROM alpine:3.17
# Include dist
COPY dist/ /root/dist/
#
# Setup apt
RUN apk -U --no-cache add \
# Install packages
RUN apk --no-cache -U add \
build-base \
git \
libcap \
@ -67,8 +67,11 @@ RUN apk -U --no-cache add \
# libressl-dev \
linux-headers \
python3-dev && \
rm -rf /root/* && \
rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /opt/tanner/.git
rm -rf /root/* \
/tmp/* \
/var/tmp/* \
/var/cache/apk/* \
/opt/tanner/.git
#
# Start tanner
STOPSIGNAL SIGKILL

9
docker/tpotinit/Dockerfile
View file

@ -3,7 +3,7 @@ FROM alpine:edge
# Include dist
COPY dist/ /opt/tpot/
#
# Get and install dependencies & packages
# Install packages
RUN apk --no-cache -U add \
aria2 \
apache2-utils \
@ -36,9 +36,10 @@ RUN apk --no-cache -U add \
#
# Clean up
apk del --purge git && \
rm -rf /root/* /tmp/* && \
rm -rf /root/.cache /opt/tpot/.git && \
rm -rf /var/cache/apk/*
rm -rf /root/* /tmp/* \
/root/.cache \
/opt/tpot/.git \
/var/cache/apk/*
#
# Run tpotinit
WORKDIR /opt/tpot

6
docker/wordpot/Dockerfile
View file

@ -4,7 +4,7 @@ FROM alpine:3.19
COPY dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
RUN apk --no-cache -U add \
build-base \
git \
libcap \
@ -39,7 +39,9 @@ RUN apk -U --no-cache add \
apk del --purge build-base \
git \
python3-dev && \
rm -rf /root/* /var/cache/apk/* /opt/wordpot/.git
rm -rf /root/* \
/var/cache/apk/* \
/opt/wordpot/.git
#
# Start wordpot
STOPSIGNAL SIGINT