Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 12:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tweaking, hardening

Browse source
This commit is contained in:
Marco Ochse 2018-03-31 15:18:28 +00:00
parent 4ee334aee8
commit 2f6a8014bc
18 changed files with 214 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docker/dionaea/Dockerfile
View file

@ -15,6 +15,7 @@ RUN apt-get update -y && \
check \ check \
cython3 \ cython3 \
git \ git \
libcap2-bin \
libcurl4-openssl-dev \ libcurl4-openssl-dev \
libemu-dev \ libemu-dev \
libev-dev \ libev-dev \
@ -54,6 +55,7 @@ RUN apt-get update -y && \
# Setup user and groups # Setup user and groups
addgroup --gid 2000 dionaea && \ addgroup --gid 2000 dionaea && \
adduser --system --no-create-home --shell /bin/bash --uid 2000 --disabled-password --disabled-login --gid 2000 dionaea && \ adduser --system --no-create-home --shell /bin/bash --uid 2000 --disabled-password --disabled-login --gid 2000 dionaea && \
setcap cap_net_bind_service=+ep /opt/dionaea/bin/dionaea && \
# Supply configs and set permissions # Supply configs and set permissions
chown -R dionaea:dionaea /opt/dionaea/var && \ chown -R dionaea:dionaea /opt/dionaea/var && \
@ -105,4 +107,5 @@ RUN apt-get update -y && \
rm -rf /root/* /var/lib/apt/lists/* /tmp/* /var/tmp/* rm -rf /root/* /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Start dionaea # Start dionaea
USER dionaea:dionaea
CMD ["/opt/dionaea/bin/dionaea", "-u", "dionaea", "-g", "dionaea", "-c", "/opt/dionaea/etc/dionaea/dionaea.cfg"] CMD ["/opt/dionaea/bin/dionaea", "-u", "dionaea", "-g", "dionaea", "-c", "/opt/dionaea/etc/dionaea/dionaea.cfg"]

2
docker/dionaea/dist/etc/services/http.yaml vendored
View file

@ -2,7 +2,7 @@
config: config:
root: "/opt/dionaea/var/dionaea/roots/www" root: "/opt/dionaea/var/dionaea/roots/www"
ports: ports:
- 80 - 8081
ssl_ports: ssl_ports:
- 443 - 443
max_request_size: 32768 # maximum size in kbytes of the request (32MB) max_request_size: 32768 # maximum size in kbytes of the request (32MB)

14
docker/dionaea/docker-compose.yml
View file

@ -2,8 +2,8 @@
# For docker-compose ... # For docker-compose ...
version: '2.2' version: '2.2'
networks: #networks:
dionaea_local: # dionaea_local:
services: services:
@ -13,16 +13,15 @@ services:
container_name: dionaea container_name: dionaea
stdin_open: true stdin_open: true
restart: always restart: always
networks: network_mode: "host"
- dionaea_local # networks:
cap_add: # - dionaea_local
- NET_BIND_SERVICE
ports: ports:
- "20:20" - "20:20"
- "21:21" - "21:21"
- "42:42" - "42:42"
- "69:69/udp" - "69:69/udp"
- "8081:80" - "8081:8081"
- "135:135" - "135:135"
- "443:443" - "443:443"
- "445:445" - "445:445"
@ -35,6 +34,7 @@ services:
- "5061:5061" - "5061:5061"
- "27017:27017" - "27017:27017"
image: "dtagdevsec/dionaea:1804" image: "dtagdevsec/dionaea:1804"
read_only: true
volumes: volumes:
- /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp

4
docker/elasticpot/Dockerfile
View file

@ -24,11 +24,11 @@ RUN apk -U upgrade && \
mkdir /opt/ElasticpotPY/log && \ mkdir /opt/ElasticpotPY/log && \
# Clean up # Clean up
apk del git && \ apk del --purge git && \
rm -rf /root/* && \ rm -rf /root/* && \
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*
# Start elasticpot # Start elasticpot
USER elasticpot USER elasticpot:elasticpot
WORKDIR /opt/ElasticpotPY/ WORKDIR /opt/ElasticpotPY/
CMD ["/usr/bin/python3","main.py"] CMD ["/usr/bin/python3","main.py"]

3
docker/elasticpot/docker-compose.yml
View file

@ -1,4 +1,4 @@
version: '2.1' version: '2.2'
networks: networks:
elasticpot_local: elasticpot_local:
@ -15,5 +15,6 @@ services:
ports: ports:
- "9200:9200" - "9200:9200"
image: "dtagdevsec/elasticpot:1804" image: "dtagdevsec/elasticpot:1804"
read_only: true
volumes: volumes:
- /data/elasticpot/log:/opt/ElasticpotPY/log - /data/elasticpot/log:/opt/ElasticpotPY/log

65
docker/elk/docker-compose.yml Normal file
View file

@ -0,0 +1,65 @@
# T-Pot (Standard)
# For docker-compose ...
version: '2.2'
services:
# ELK services
## Elasticsearch service
elasticsearch:
container_name: elasticsearch
restart: always
environment:
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
cap_add:
- IPC_LOCK
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
mem_limit: 2g
ports:
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elasticsearch:1804"
volumes:
- /data:/data
## Kibana service
kibana:
container_name: kibana
restart: always
depends_on:
elasticsearch:
condition: service_healthy
ports:
- "127.0.0.1:64296:5601"
image: "dtagdevsec/kibana:1804"
## Logstash service
logstash:
container_name: logstash
restart: always
depends_on:
elasticsearch:
condition: service_healthy
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/logstash:1804"
volumes:
- /data:/data
- /var/log:/data/host/log
## Elasticsearch-head service
head:
container_name: head
restart: always
depends_on:
elasticsearch:
condition: service_healthy
ports:
- "127.0.0.1:64302:9100"
image: "dtagdevsec/head:1804"

4
docker/elk/elasticsearch/Dockerfile
View file

@ -28,12 +28,12 @@ RUN apk -U upgrade && \
chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/ && \ chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/ && \
# Clean up # Clean up
apk del wget && \ apk del --purge wget && \
rm -rf /root/* rm -rf /root/*
# Healthcheck # Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health' HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health'
# Start ELK # Start ELK
USER elasticsearch USER elasticsearch:elasticsearch
CMD ["/usr/share/elasticsearch/bin/elasticsearch"] CMD ["/usr/share/elasticsearch/bin/elasticsearch"]

30
docker/elk/elasticsearch/docker-compose.yml Normal file
View file

@ -0,0 +1,30 @@
# T-Pot (Standard)
# For docker-compose ...
version: '2.2'
services:
# ELK services
## Elasticsearch service
elasticsearch:
build: .
container_name: elasticsearch
restart: always
environment:
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
cap_add:
- IPC_LOCK
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
mem_limit: 2g
ports:
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elasticsearch:1804"
volumes:
- /data:/data

4
docker/elk/head/Dockerfile
View file

@ -22,12 +22,12 @@ RUN apk -U upgrade && \
chown -R head:head /usr/src/app/ && \ chown -R head:head /usr/src/app/ && \
# Clean up # Clean up
apk del git apk del --purge git
# Healthcheck # Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9100' HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9100'
# Start elasticsearch-head # Start elasticsearch-head
USER head USER head:head
WORKDIR /usr/src/app WORKDIR /usr/src/app
CMD ["node_modules/http-server/bin/http-server", "_site", "-p", "9100"] CMD ["node_modules/http-server/bin/http-server", "_site", "-p", "9100"]

18
docker/elk/head/docker-compose.yml Normal file
View file

@ -0,0 +1,18 @@
# T-Pot (Standard)
# For docker-compose ...
version: '2.2'
services:
## Elasticsearch-head service
head:
build: .
container_name: head
restart: always
# depends_on:
# elasticsearch:
# condition: service_healthy
ports:
- "127.0.0.1:64302:9100"
image: "dtagdevsec/head:1804"
read_only: true

4
docker/elk/kibana/Dockerfile
View file

@ -44,12 +44,12 @@ RUN apk -U upgrade && \
chown -R kibana:kibana /usr/share/kibana/ && \ chown -R kibana:kibana /usr/share/kibana/ && \
# Clean up # Clean up
apk del wget && \ apk del --purge wget && \
rm -rf /root/* rm -rf /root/*
# Healthcheck # Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:5601' HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:5601'
# Start kibana # Start kibana
USER kibana USER kibana:kibana
CMD ["/usr/share/kibana/bin/kibana"] CMD ["/usr/share/kibana/bin/kibana"]

17
docker/elk/kibana/docker-compose.yml Normal file
View file

@ -0,0 +1,17 @@
# T-Pot (Standard)
# For docker-compose ...
version: '2.2'
services:
## Kibana service
kibana:
build: .
container_name: kibana
restart: always
# depends_on:
# elasticsearch:
# condition: service_healthy
ports:
- "127.0.0.1:64296:5601"
image: "dtagdevsec/kibana:1804"

10
docker/elk/logstash/Dockerfile
View file

@ -33,12 +33,20 @@ RUN apk -U upgrade && \
cp logstash.conf /etc/logstash/conf.d/ && \ cp logstash.conf /etc/logstash/conf.d/ && \
cp elasticsearch-template-es5x.json /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-7.4.2-java/lib/logstash/outputs/elasticsearch/ && \ cp elasticsearch-template-es5x.json /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-7.4.2-java/lib/logstash/outputs/elasticsearch/ && \
# Setup user, groups and configs
addgroup -g 2000 logstash && \
adduser -S -H -s /bin/bash -u 2000 -D -g 2000 logstash && \
chown -R logstash:logstash /usr/share/logstash && \
chown -R logstash:logstash /etc/listbot && \
chmod 755 /usr/bin/update.sh && \
# Clean up # Clean up
apk del wget && \ apk del --purge wget && \
rm -rf /root/* rm -rf /root/*
# Healthcheck # Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600' HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'
# Start logstash # Start logstash
USER logstash:logstash
CMD update.sh && /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf CMD update.sh && /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf

20
docker/elk/logstash/docker-compose.yml Normal file
View file

@ -0,0 +1,20 @@
# T-Pot (Standard)
# For docker-compose ...
version: '2.2'
services:
## Logstash service
logstash:
build: .
container_name: logstash
restart: always
# depends_on:
# elasticsearch:
# condition: service_healthy
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/logstash:1804"
volumes:
- /data:/data
- /var/log:/data/host/log

2
docker/ews/Dockerfile
View file

@ -30,6 +30,7 @@ RUN apk -U upgrade && \
# Setup user and groups # Setup user and groups
addgroup -g 2000 ews && \ addgroup -g 2000 ews && \
adduser -S -H -u 2000 -D -g 2000 ews && \ adduser -S -H -u 2000 -D -g 2000 ews && \
chown -R ews:ews /opt/ewsposter && \
# Supply configs # Supply configs
mv /root/dist/ews.cfg /opt/ewsposter/ && \ mv /root/dist/ews.cfg /opt/ewsposter/ && \
@ -45,4 +46,5 @@ RUN apk -U upgrade && \
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*
# Run ewsposter # Run ewsposter
USER ews:ews
CMD sleep 10 && /usr/bin/python /opt/ewsposter/ews.py -l 60 CMD sleep 10 && /usr/bin/python /opt/ewsposter/ews.py -l 60

23
docker/ews/docker-compose.yml Normal file
View file

@ -0,0 +1,23 @@
# T-Pot (Standard)
# For docker-compose ...
version: '2.2'
networks:
ewsposter_local:
services:
# Ewsposter service
ewsposter:
build: .
container_name: ewsposter
restart: always
networks:
- ewsposter_local
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/ewsposter:1804"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip

1
etc/compose/collect.yml
View file

@ -69,6 +69,7 @@ services:
ports: ports:
- "127.0.0.1:64302:9100" - "127.0.0.1:64302:9100"
image: "dtagdevsec/head:1804" image: "dtagdevsec/head:1804"
read_only: true
# Ewsposter service # Ewsposter service
ewsposter: ewsposter:

14
etc/compose/tpot.yml
View file

@ -5,7 +5,7 @@ version: '2.2'
networks: networks:
ciscoasa_local: ciscoasa_local:
cowrie_local: cowrie_local:
dionaea_local: # dionaea_local:
elasticpot_local: elasticpot_local:
ewsposter_local: ewsposter_local:
glastopf_local: glastopf_local:
@ -51,16 +51,15 @@ services:
container_name: dionaea container_name: dionaea
stdin_open: true stdin_open: true
restart: always restart: always
networks: network_mode: "host"
- dionaea_local # networks:
cap_add: # - dionaea_local
- NET_BIND_SERVICE
ports: ports:
- "20:20" - "20:20"
- "21:21" - "21:21"
- "42:42" - "42:42"
- "69:69/udp" - "69:69/udp"
- "8081:80" - "8081:8081"
- "135:135" - "135:135"
- "443:443" - "443:443"
- "445:445" - "445:445"
@ -73,6 +72,7 @@ services:
- "5061:5061" - "5061:5061"
- "27017:27017" - "27017:27017"
image: "dtagdevsec/dionaea:1804" image: "dtagdevsec/dionaea:1804"
read_only: true
volumes: volumes:
- /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
@ -92,6 +92,7 @@ services:
ports: ports:
- "9200:9200" - "9200:9200"
image: "dtagdevsec/elasticpot:1804" image: "dtagdevsec/elasticpot:1804"
read_only: true
volumes: volumes:
- /data/elasticpot/log:/opt/ElasticpotPY/log - /data/elasticpot/log:/opt/ElasticpotPY/log
@ -154,6 +155,7 @@ services:
ports: ports:
- "127.0.0.1:64302:9100" - "127.0.0.1:64302:9100"
image: "dtagdevsec/head:1804" image: "dtagdevsec/head:1804"
read_only: true
# Ewsposter service # Ewsposter service
ewsposter: ewsposter: