diff --git a/docker/conpot/docker-compose.yml b/docker/conpot/docker-compose.yml
deleted file mode 100644
index e64a510c..00000000
--- a/docker/conpot/docker-compose.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-version: '2.1'
-
-networks:
- conpot_local:
-
-services:
-
-# Conpot service
- conpot:
- container_name: conpot
- restart: always
- networks:
- - conpot_local
- ports:
- - "1025:1025"
- - "50100:50100"
- image: "dtagdevsec/conpot:1710"
- volumes:
- - /data/conpot/log:/var/log/conpot
diff --git a/docker/conpot_default/Dockerfile b/docker/conpot_default/Dockerfile
new file mode 100644
index 00000000..366f0507
--- /dev/null
+++ b/docker/conpot_default/Dockerfile
@@ -0,0 +1,59 @@
+FROM alpine
+MAINTAINER MO
+
+# Include dist
+ADD dist/ /root/dist/
+
+# Define Environment Variables
+ENV CONPOT_TEMPLATE="default" CONPOT_LOG="/var/log/conpot/conpot_default.log" CONPOT_CONFIG="/etc/conpot/conpot_default.cfg"
+
+# Setup apt
+RUN apk -U add bash \
+ build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt \
+ libxslt-dev \
+ mariadb-dev \
+ mariadb-client-libs \
+ pkgconfig \
+ python \
+ python-dev \
+ py-gevent \
+ py-snmp \
+ py-cffi && \
+
+# Setup ConPot
+ git clone https://github.com/mushorg/conpot /opt/conpot_default/ && \
+ cd /opt/conpot_default/ && \
+ git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
+ cp /root/dist/requirements.txt /opt/conpot_default/ && \
+ python setup.py install && \
+ cd / && \
+ rm -rf /opt/conpot_default /tmp/* /var/tmp/* && \
+
+# Setup user, groups and configs
+ addgroup -g 2000 conpot_default && \
+ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_default && \
+ mkdir -p /etc/conpot /var/log/conpot && \
+ mv /root/dist/conpot.cfg /etc/conpot/conpot_default.cfg && \
+ mv /root/dist/default/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/templates/default/ && \
+
+# Clean up
+ apk del build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt-dev \
+ mariadb-dev \
+ pkgconfig \
+ python-dev \
+ py-cffi && \
+ rm -rf /root/* && \
+ rm -rf /var/cache/apk/*
+
+# Run supervisor upon container start
+CMD /usr/bin/conpot --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
diff --git a/docker/conpot/README.md b/docker/conpot_default/README.md
similarity index 100%
rename from docker/conpot/README.md
rename to docker/conpot_default/README.md
diff --git a/docker/conpot/dist/conpot.cfg b/docker/conpot_default/dist/conpot.cfg
similarity index 81%
rename from docker/conpot/dist/conpot.cfg
rename to docker/conpot_default/dist/conpot.cfg
index 72fc3430..c1c4fa01 100644
--- a/docker/conpot/dist/conpot.cfg
+++ b/docker/conpot_default/dist/conpot.cfg
@@ -1,16 +1,16 @@
[common]
-sensorid = conpot
+sensorid = conpot_default
[session]
timeout = 30
[daemon]
-user = conpot
-group = conpot
+user = conpot_default
+group = conpot_default
[json]
enabled = True
-filename = /var/log/conpot/conpot.json
+filename = /var/log/conpot/conpot_default.json
[sqlite]
enabled = False
@@ -20,9 +20,9 @@ enabled = False
device = /tmp/mysql.sock
host = localhost
port = 3306
-db = conpot
-username = conpot
-passphrase = conpot
+db = conpot_default
+username = conpot_default
+passphrase = conpot_default
socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
[syslog]
diff --git a/docker/conpot_default/dist/default/IEC104/IEC104.xml b/docker/conpot_default/dist/default/IEC104/IEC104.xml
new file mode 100644
index 00000000..dd11ffea
--- /dev/null
+++ b/docker/conpot_default/dist/default/IEC104/IEC104.xml
@@ -0,0 +1,324 @@
+
+
+
+
+ Siemens
+ SIMATIC
+
+
+
+
+
+ 13_20
+
+
+ 13_21
+
+
+ 13_22
+
+
+ 13_24
+
+
+ 13_25
+
+
+ 13_32
+
+
+ 13_33
+
+
+ 13_34
+
+
+ 13_35
+
+
+ 13_36
+
+
+ 13_37
+
+
+ 13_38
+
+
+ 13_39
+
+
+ 13_40
+
+
+ 13_41
+
+
+ 13_42
+
+
+
+
+
+ 22_19
+
+
+ 22_20
+
+
+ 22_21
+
+
+ 22_22
+
+
+ 22_24
+
+
+ 22_25
+
+
+ 22_42
+
+
+ 22_43
+
+
+ 22_54
+
+
+
+
+
+ 33_2
+
+
+ 33_3
+
+
+ 33_4
+
+
+ 33_5
+
+
+ 33_6
+
+
+ 33_7
+
+
+ 33_8
+
+
+ 33_9
+
+
+ 33_10
+
+
+ 33_11
+
+
+
+
+
+ 60_6
+
+
+ 60_7
+
+
+ 60_8
+
+
+ 60_9
+
+
+ 60_20
+
+
+ 60_21
+
+
+ 60_32
+
+
+ 60_34
+
+
+ 60_35
+
+
+ 60_36
+
+
+
+
+
+ 100_12
+
+
+ 100_13
+
+
+ 100_51
+
+
+ 100_108
+
+
+ 100_109
+
+
+ 100_178
+
+
+ 100_179
+
+
+ 100_190
+
+
+ 100_191
+
+
+ 100_192
+
+
+ 100_193
+
+
+
+
+
+ 101_63
+
+
+ 101_205
+
+
+ 101_100
+
+
+ 101_101
+
+
+ 101_102
+
+
+ 101_105
+
+
+ 101_106
+
+
+
+
+
+ 107_3
+
+
+ 107_77
+
+
+ 107_78
+
+
+ 107_79
+
+
+ 107_90
+
+
+ 107_130
+
+
+ 107_131
+
+
+ 107_132
+
+
+ 107_141
+
+
+ 107_200
+
+
+ 107_201
+
+
+ 107_202
+
+
+ 107_203
+
+
+ 107_204
+
+
+ 107_205
+
+
+ 107_206
+
+
+ 107_207
+
+
+ 107_208
+
+
+ 107_209
+
+
+ 107_210
+
+
+ 107_211
+
+
+ 107_212
+
+
+
+
+
+ 109_3
+
+
+ 109_7
+
+
+ 109_8
+
+
+ 109_10
+
+
+ 109_40
+
+
+ 109_41
+
+
+
+
+
\ No newline at end of file
diff --git a/docker/conpot_default/dist/default/bacnet/bacnet.xml b/docker/conpot_default/dist/default/bacnet/bacnet.xml
new file mode 100644
index 00000000..c1e36d55
--- /dev/null
+++ b/docker/conpot_default/dist/default/bacnet/bacnet.xml
@@ -0,0 +1,39 @@
+
+
+ SystemName
+ 36113
+ Alerton Technologies, Inc.
+ 15
+ 1024
+ segmentedBoth
+ VAV-DD Controller
+ 1
+
+
+
+
+
+
+
diff --git a/docker/conpot_default/dist/default/modbus/modbus.xml b/docker/conpot_default/dist/default/modbus/modbus.xml
new file mode 100644
index 00000000..32e3d671
--- /dev/null
+++ b/docker/conpot_default/dist/default/modbus/modbus.xml
@@ -0,0 +1,91 @@
+
+
+ Siemens
+ SIMATIC
+ S7-200
+
+ serial
+ 100
+
+
+
+
+
+ COILS
+ 1
+ 128
+ memoryModbusSlave0BlockA
+
+
+
+ DISCRETE_INPUTS
+ 10001
+ 32
+ memoryModbusSlave0BlockB
+
+
+
+
+
+
+
+ COILS
+ 1
+ 128
+ memoryModbusSlave255BlockA
+
+
+
+ DISCRETE_INPUTS
+ 10001
+ 32
+ memoryModbusSlave255BlockB
+
+
+
+
+
+
+
+ COILS
+ 1
+ 128
+ memoryModbusSlave1BlockA
+
+
+
+ DISCRETE_INPUTS
+ 10001
+ 32
+ memoryModbusSlave1BlockB
+
+
+
+
+
+
+
+
+ ANALOG_INPUTS
+ 30001
+ 8
+ memoryModbusSlave2BlockC
+
+
+
+ HOLDING_REGISTERS
+ 40001
+ 8
+ memoryModbusSlave2BlockD
+
+
+
+
+
diff --git a/docker/conpot_default/dist/default/s7comm/s7comm.xml b/docker/conpot_default/dist/default/s7comm/s7comm.xml
new file mode 100644
index 00000000..73391b48
--- /dev/null
+++ b/docker/conpot_default/dist/default/s7comm/s7comm.xml
@@ -0,0 +1,20 @@
+
+
+
+ SystemName
+ SystemDescription
+ FacilityName
+ Copyright
+ s7_id
+ s7_module_type
+ empty
+ empty
+
+
+
+ empty
+ empty
+ empty
+
+
+
\ No newline at end of file
diff --git a/docker/conpot_default/dist/default/snmp/snmp.xml b/docker/conpot_default/dist/default/snmp/snmp.xml
new file mode 100644
index 00000000..66a0c563
--- /dev/null
+++ b/docker/conpot_default/dist/default/snmp/snmp.xml
@@ -0,0 +1,38 @@
+
+
+
+ 0.1;0.2
+ 0.1;0.2
+ 0.0;0.1
+ 0.2;0.4
+
+
+ 120;240
+ 120;240
+ 240;600
+ 120;240
+
+
+
+
+
+ SystemDescription
+
+
+ Uptime
+
+
+ sysContact
+
+
+ sysName
+
+
+ sysLocation
+
+
+ sysServices
+
+
+
+
\ No newline at end of file
diff --git a/docker/conpot_default/dist/default/template.xml b/docker/conpot_default/dist/default/template.xml
new file mode 100644
index 00000000..16db522e
--- /dev/null
+++ b/docker/conpot_default/dist/default/template.xml
@@ -0,0 +1,78 @@
+
+
+
+ S7-200
+ Siemens
+ Rough simulation of a basic Siemens S7-200 CPU with 2 slaves
+ MODBUS, s7comm, SNMP, Bacnet, IEC104
+ the conpot team
+
+
+
+
+
+ "Mouser Factory"
+
+
+ "Technodrome"
+
+
+ "Siemens, SIMATIC, S7-200"
+
+
+ conpot.emulators.misc.uptime.Uptime
+
+
+ "0.0"
+
+
+ "Siemens AG"
+
+
+ "CP 443-1 EX40"
+
+
+ "Venus"
+
+
+ "72"
+
+
+ [random.randint(0,1) for b in range(0,128)]
+
+
+ [random.randint(0,1) for b in range(0,32)]
+
+
+ [random.randint(0,1) for b in range(0,128)]
+
+
+ [random.randint(0,1) for b in range(0,32)]
+
+
+ [random.randint(0,1) for b in range(0,128)]
+
+
+ [random.randint(0,1) for b in range(0,32)]
+
+
+ [random.randint(0,1) for b in range(0,8)]
+
+
+ [0 for b in range(0,32)]
+
+
+ "Original Siemens Equipment"
+
+
+ "88111222"
+
+
+ "IM151-8 PN/DP CPU"
+
+
+ ""
+
+
+
+
diff --git a/docker/conpot/dist/requirements.txt b/docker/conpot_default/dist/requirements.txt
similarity index 88%
rename from docker/conpot/dist/requirements.txt
rename to docker/conpot_default/dist/requirements.txt
index ca8e6871..47b11a01 100644
--- a/docker/conpot/dist/requirements.txt
+++ b/docker/conpot_default/dist/requirements.txt
@@ -1,6 +1,6 @@
gevent>=1.0
-pysnmp==4.3.5
-pysmi==0.1.3
+pysnmp==4.4.4
+pysmi==0.2.2
lxml
bottle
jinja2
diff --git a/docker/conpot/doc/dashboard.png b/docker/conpot_default/doc/dashboard.png
similarity index 100%
rename from docker/conpot/doc/dashboard.png
rename to docker/conpot_default/doc/dashboard.png
diff --git a/docker/conpot_default/docker-compose.yml b/docker/conpot_default/docker-compose.yml
new file mode 100644
index 00000000..dda5bec7
--- /dev/null
+++ b/docker/conpot_default/docker-compose.yml
@@ -0,0 +1,23 @@
+version: '2.0'
+
+networks:
+ conpot_default_local:
+
+services:
+
+# Conpot service using Default Siemens S7-200 Template
+ conpot_default:
+ container_name: conpot_default
+ restart: always
+ networks:
+ - conpot_default_local
+ ports:
+ - "102:102"
+ - "502:502"
+ - "623:623/udp"
+ - "47808:47808/udp"
+ - "161:161/udp"
+# image: "dtagdevsec/conpot:1710"
+ image: "uncleraymondo/conpot_default:1710"
+ volumes:
+ - /data/conpot/log:/var/log/conpot
\ No newline at end of file
diff --git a/docker/conpot_guardianast/Dockerfile b/docker/conpot_guardianast/Dockerfile
new file mode 100644
index 00000000..4d00c562
--- /dev/null
+++ b/docker/conpot_guardianast/Dockerfile
@@ -0,0 +1,59 @@
+FROM alpine
+MAINTAINER MO
+
+# Include dist
+ADD dist/ /root/dist/
+
+# Define Environment Variables
+ENV CONPOT_TEMPLATE="guardian_ast" CONPOT_LOG="/var/log/conpot/conpot_guardian_ast.log" CONPOT_CONFIG="/etc/conpot/conpot_guardian_ast.cfg"
+
+# Setup apt
+RUN apk -U add bash \
+ build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt \
+ libxslt-dev \
+ mariadb-dev \
+ mariadb-client-libs \
+ pkgconfig \
+ python \
+ python-dev \
+ py-gevent \
+ py-snmp \
+ py-cffi && \
+
+# Setup ConPot
+ git clone https://github.com/mushorg/conpot /opt/conpot_guardian_ast/ && \
+ cd /opt/conpot_guardian_ast/ && \
+ git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
+ cp /root/dist/requirements.txt /opt/conpot_guardian_ast/ && \
+ python setup.py install && \
+ cd / && \
+ rm -rf /opt/conpot_guardian_ast /tmp/* /var/tmp/* && \
+
+# Setup user, groups and configs
+ addgroup -g 2000 conpot_guardian_ast && \
+ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_guardian_ast && \
+ mkdir -p /etc/conpot /var/log/conpot && \
+ mv /root/dist/conpot.cfg /etc/conpot/conpot_guardian_ast.cfg && \
+ mv /root/dist/guardian_ast/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/templates/guardian_ast/ && \
+
+# Clean up
+ apk del build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt-dev \
+ mariadb-dev \
+ pkgconfig \
+ python-dev \
+ py-cffi && \
+ rm -rf /root/* && \
+ rm -rf /var/cache/apk/*
+
+# Run supervisor upon container start
+CMD /usr/bin/conpot --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
\ No newline at end of file
diff --git a/docker/conpot_guardianast/README.md b/docker/conpot_guardianast/README.md
new file mode 100644
index 00000000..6b8c2078
--- /dev/null
+++ b/docker/conpot_guardianast/README.md
@@ -0,0 +1,15 @@
+[](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
+
+# conpot
+
+[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behavior of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
+
+This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+
+The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.
+
+The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
+
+# ConPot Dashboard
+
+
diff --git a/docker/conpot_guardianast/dist/conpot.cfg b/docker/conpot_guardianast/dist/conpot.cfg
new file mode 100644
index 00000000..2dcc0a9e
--- /dev/null
+++ b/docker/conpot_guardianast/dist/conpot.cfg
@@ -0,0 +1,58 @@
+[common]
+sensorid = conpot_guardian_ast
+
+[session]
+timeout = 30
+
+[daemon]
+user = conpot_guardian_ast
+group = conpot_guardian_ast
+
+[json]
+enabled = True
+filename = /var/log/conpot/conpot_guardian_ast.json
+
+[sqlite]
+enabled = False
+
+[mysql]
+enabled = False
+device = /tmp/mysql.sock
+host = localhost
+port = 3306
+db = conpot_guardian_ast
+username = conpot_guardian_ast
+passphrase = conpot_guardian_ast
+socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
+
+[syslog]
+enabled = False
+device = /dev/log
+host = localhost
+port = 514
+facility = local0
+socket = dev ; udp (sends to host:port), dev (sends to device)
+
+[hpfriends]
+enabled = False
+host = hpfriends.honeycloud.net
+port = 20000
+ident = 3Ykf9Znv
+secret = 4nFRhpm44QkG9cvD
+channels = ["conpot.events", ]
+
+[taxii]
+enabled = False
+host = taxiitest.mitre.org
+port = 80
+inbox_path = /services/inbox/default/
+use_https = False
+
+[fetch_public_ip]
+enabled = True
+urls = ["http://whatismyip.akamai.com/", "http://wgetip.com/"]
+
+[change_mac_addr]
+enabled = False
+iface = eth0
+addr = 00:de:ad:be:ef:00
diff --git a/docker/conpot_guardianast/dist/guardian_ast/guardian_ast/guardian_ast.xml b/docker/conpot_guardianast/dist/guardian_ast/guardian_ast/guardian_ast.xml
new file mode 100644
index 00000000..11705f00
--- /dev/null
+++ b/docker/conpot_guardianast/dist/guardian_ast/guardian_ast/guardian_ast.xml
@@ -0,0 +1,6 @@
+
+
+ Guardian
+ Guardian AST
+
+
diff --git a/docker/conpot_guardianast/dist/guardian_ast/template.xml b/docker/conpot_guardianast/dist/guardian_ast/template.xml
new file mode 100644
index 00000000..7f6c7a7c
--- /dev/null
+++ b/docker/conpot_guardianast/dist/guardian_ast/template.xml
@@ -0,0 +1,93 @@
+
+
+
+ Guardian AST tank-monitoring system
+ Guardian
+ Guardian AST tank-monitoring system
+ guardian_ast
+ the conpot team
+
+
+
+
+
+ "SUPER"
+
+
+ "UNLEAD"
+
+
+ "DIESEL"
+
+
+ "PREMIUM"
+
+
+ "STATOIL STATION"
+
+
+ random.randint(1000, 9050)
+
+
+ random.randint(1000, 9050)
+
+
+ random.randint(1000, 9050)
+
+
+ random.randint(1000, 9050)
+
+
+ random.randint(3000, 9999)
+
+
+ random.randint(3000, 9999)
+
+
+ random.randint(3000, 9999)
+
+
+ random.randint(3000, 9999)
+
+
+ round(random.uniform(25.00, 75.99), 2)
+
+
+ round(random.uniform(25.00, 75.99), 2)
+
+
+ round(random.uniform(25.00, 75.99), 2)
+
+
+ round(random.uniform(25.00, 75.99), 2)
+
+
+ round(random.uniform(0.0, 9.99), 2)
+
+
+ round(random.uniform(0.0, 9.99), 2)
+
+
+ round(random.uniform(0.0, 9.99), 2)
+
+
+ round(random.uniform(0.0, 9.99), 2)
+
+
+ round(random.uniform(50.0, 59.99), 2)
+
+
+ round(random.uniform(50.0, 59.99), 2)
+
+
+ round(random.uniform(50.0, 59.99), 2)
+
+
+ round(random.uniform(50.0, 59.99), 2)
+
+
+ ""
+
+
+
+
diff --git a/docker/conpot_guardianast/dist/requirements.txt b/docker/conpot_guardianast/dist/requirements.txt
new file mode 100644
index 00000000..47b11a01
--- /dev/null
+++ b/docker/conpot_guardianast/dist/requirements.txt
@@ -0,0 +1,23 @@
+gevent>=1.0
+pysnmp==4.4.4
+pysmi==0.2.2
+lxml
+bottle
+jinja2
+beautifulsoup4
+requests
+sphinx==1.5.5
+libtaxii>=1.1.0
+MySQL-python
+xlrd
+crc16
+enum
+hpfeeds
+modbus-tk
+stix-validator
+stix
+cybox
+bacpypes==0.13.8
+pyghmi
+mixbox
+modbus-tk
diff --git a/docker/conpot_guardianast/doc/dashboard.png b/docker/conpot_guardianast/doc/dashboard.png
new file mode 100644
index 00000000..b4830b52
Binary files /dev/null and b/docker/conpot_guardianast/doc/dashboard.png differ
diff --git a/docker/conpot_guardianast/docker-compose.yml b/docker/conpot_guardianast/docker-compose.yml
new file mode 100644
index 00000000..168a2c30
--- /dev/null
+++ b/docker/conpot_guardianast/docker-compose.yml
@@ -0,0 +1,19 @@
+version: '2.0'
+
+networks:
+ conpot_guardianast_local:
+
+services:
+
+# Conpot service using the Guardian AST Tank Monitoring System Template
+ conpot_guardianast:
+ container_name: conpot_guardianast
+ restart: always
+ networks:
+ - conpot_guardianast_local
+ ports:
+ - "10001:10001"
+# image: "dtagdevsec/conpot:1710"
+ image: "uncleraymodo/conpot_guardianast:1710"
+ volumes:
+ - /data/conpot/log:/var/log/conpot
\ No newline at end of file
diff --git a/docker/conpot/Dockerfile b/docker/conpot_kamstrup/Dockerfile
similarity index 60%
rename from docker/conpot/Dockerfile
rename to docker/conpot_kamstrup/Dockerfile
index 97b1fc09..595bf8d7 100644
--- a/docker/conpot/Dockerfile
+++ b/docker/conpot_kamstrup/Dockerfile
@@ -4,6 +4,9 @@ MAINTAINER MO
# Include dist
ADD dist/ /root/dist/
+# Define Environment Variables
+ENV CONPOT_TEMPLATE="kamstrup_382" CONPOT_LOG="/var/log/conpot/conpot_kamstrup.log" CONPOT_CONFIG="/etc/conpot/conpot_kamstrup.cfg"
+
# Setup apt
RUN apk -U add bash \
build-base \
@@ -18,22 +21,24 @@ RUN apk -U add bash \
pkgconfig \
python \
python-dev \
+ py-gevent \
+ py-snmp \
py-cffi && \
# Setup ConPot
- git clone https://github.com/mushorg/conpot /opt/conpot/ && \
- cd /opt/conpot/ && \
+ git clone https://github.com/mushorg/conpot /opt/conpot_kamstrup/ && \
+ cd /opt/conpot_kamstrup/ && \
git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
- cp /root/dist/requirements.txt /opt/conpot/ && \
+ cp /root/dist/requirements.txt /opt/conpot_kamstrup/ && \
python setup.py install && \
cd / && \
- rm -rf /opt/conpot /tmp/* /var/tmp/* && \
+ rm -rf /opt/conpot_kamstrup /tmp/* /var/tmp/* && \
# Setup user, groups and configs
- addgroup -g 2000 conpot && \
- adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot && \
+ addgroup -g 2000 conpot_kamstrup && \
+ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_kamstrup && \
mkdir -p /etc/conpot /var/log/conpot && \
- mv /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
+ mv /root/dist/conpot.cfg /etc/conpot/conpot_kamstrup.cfg && \
mv /root/dist/kamstrup_382/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/templates/kamstrup_382/ && \
# Clean up
@@ -45,10 +50,10 @@ RUN apk -U add bash \
libxslt-dev \
mariadb-dev \
pkgconfig \
- python-dev \
+ python-dev \
py-cffi && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
# Run supervisor upon container start
-CMD ["/usr/bin/conpot", "--template", "kamstrup_382", "--logfile", "/var/log/conpot/conpot.log", "--config", "/etc/conpot/conpot.cfg"]
+CMD /usr/bin/conpot --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
\ No newline at end of file
diff --git a/docker/conpot_kamstrup/README.md b/docker/conpot_kamstrup/README.md
new file mode 100644
index 00000000..6b8c2078
--- /dev/null
+++ b/docker/conpot_kamstrup/README.md
@@ -0,0 +1,15 @@
+[](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
+
+# conpot
+
+[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behavior of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
+
+This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+
+The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.
+
+The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
+
+# ConPot Dashboard
+
+
diff --git a/docker/conpot_kamstrup/dist/conpot.cfg b/docker/conpot_kamstrup/dist/conpot.cfg
new file mode 100644
index 00000000..9c257648
--- /dev/null
+++ b/docker/conpot_kamstrup/dist/conpot.cfg
@@ -0,0 +1,58 @@
+[common]
+sensorid = conpot_kamstrup
+
+[session]
+timeout = 30
+
+[daemon]
+user = conpot_kamstrup
+group = conpot_kamstrup
+
+[json]
+enabled = True
+filename = /var/log/conpot/conpot_kamstrup.json
+
+[sqlite]
+enabled = False
+
+[mysql]
+enabled = False
+device = /tmp/mysql.sock
+host = localhost
+port = 3306
+db = conpot_kamstrup
+username = conpot_kamstrup
+passphrase = conpot_kamstrup
+socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
+
+[syslog]
+enabled = False
+device = /dev/log
+host = localhost
+port = 514
+facility = local0
+socket = dev ; udp (sends to host:port), dev (sends to device)
+
+[hpfriends]
+enabled = False
+host = hpfriends.honeycloud.net
+port = 20000
+ident = 3Ykf9Znv
+secret = 4nFRhpm44QkG9cvD
+channels = ["conpot.events", ]
+
+[taxii]
+enabled = False
+host = taxiitest.mitre.org
+port = 80
+inbox_path = /services/inbox/default/
+use_https = False
+
+[fetch_public_ip]
+enabled = True
+urls = ["http://whatismyip.akamai.com/", "http://wgetip.com/"]
+
+[change_mac_addr]
+enabled = False
+iface = eth0
+addr = 00:de:ad:be:ef:00
diff --git a/docker/conpot/dist/kamstrup_382/template.xml b/docker/conpot_kamstrup/dist/kamstrup_382/template.xml
similarity index 100%
rename from docker/conpot/dist/kamstrup_382/template.xml
rename to docker/conpot_kamstrup/dist/kamstrup_382/template.xml
diff --git a/docker/conpot_kamstrup/dist/requirements.txt b/docker/conpot_kamstrup/dist/requirements.txt
new file mode 100644
index 00000000..47b11a01
--- /dev/null
+++ b/docker/conpot_kamstrup/dist/requirements.txt
@@ -0,0 +1,23 @@
+gevent>=1.0
+pysnmp==4.4.4
+pysmi==0.2.2
+lxml
+bottle
+jinja2
+beautifulsoup4
+requests
+sphinx==1.5.5
+libtaxii>=1.1.0
+MySQL-python
+xlrd
+crc16
+enum
+hpfeeds
+modbus-tk
+stix-validator
+stix
+cybox
+bacpypes==0.13.8
+pyghmi
+mixbox
+modbus-tk
diff --git a/docker/conpot_kamstrup/doc/dashboard.png b/docker/conpot_kamstrup/doc/dashboard.png
new file mode 100644
index 00000000..b4830b52
Binary files /dev/null and b/docker/conpot_kamstrup/doc/dashboard.png differ
diff --git a/docker/conpot_kamstrup/docker-compose.yml b/docker/conpot_kamstrup/docker-compose.yml
new file mode 100644
index 00000000..9319b896
--- /dev/null
+++ b/docker/conpot_kamstrup/docker-compose.yml
@@ -0,0 +1,20 @@
+version: '2.0'
+
+networks:
+ conpot_kamstrup_local:
+
+services:
+
+# Conpot service using Kamstrup Template
+ conpot_kamstrup:
+ container_name: conpot_kamstrup
+ restart: always
+ networks:
+ - conpot_kamstrup_local
+ ports:
+ - "1025:1025"
+ - "50100:50100"
+# image: "dtagdevsec/conpot:1710"
+ image: "uncleraymondo/conpot_kamstrup:1710"
+ volumes:
+ - /data/conpot/log:/var/log/conpot
\ No newline at end of file
diff --git a/etc/compose/all.yml b/etc/compose/all.yml
index 130af3aa..1b95c967 100644
--- a/etc/compose/all.yml
+++ b/etc/compose/all.yml
@@ -3,7 +3,9 @@
version: '2.2'
networks:
- conpot_local:
+ conpot_kamstrup_local:
+ conpot_default_local:
+ conpot_guardian_ast_local:
cowrie_local:
dionaea_local:
elasticpot_local:
@@ -18,19 +20,50 @@ networks:
services:
-# Conpot service
- conpot:
- container_name: conpot
+# Conpot service - Kamstrup Template
+ conpot_kamstrup:
+ container_name: conpot_kamstrup
restart: always
networks:
- - conpot_local
+ - conpot_kamstrup_local
ports:
- "1025:1025"
- "50100:50100"
- image: "dtagdevsec/conpot:1710"
+# image: "dtagdevsec/conpot:1710"
+ image: "uncleraymondo/conpot_kamstrup:1710"
volumes:
- /data/conpot/log:/var/log/conpot
+# Conpot service - Default Template
+ conpot_default:
+ container_name: conpot_default
+ restart: always
+ networks:
+ - conpot_default_local
+ ports:
+ - "102:102"
+ - "502:502"
+ - "623:623/udp"
+ - "47808:47808/udp"
+ - "161:161/udp"
+# image: "dtagdevsec/conpot:1710"
+ image: "uncleraymondo/conpot_default:1710"
+ volumes:
+ - /data/conpot/log:/var/log/conpot
+
+# Conpot service - Guardian AST Template
+ conpot_guardian_ast:
+ container_name: conpot_guardian_ast
+ restart: always
+ networks:
+ - conpot_guardian_ast_local
+ ports:
+ - "10001:10001"
+# image: "dtagdevsec/conpot:1710"
+ image: "uncleraymondo/conpot_guardianast:1710"
+ volumes:
+ - /data/conpot/log:/var/log/conpot
+
# Cowrie service
cowrie:
container_name: cowrie
diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml
index 29262782..12d08b45 100644
--- a/etc/compose/industrial.yml
+++ b/etc/compose/industrial.yml
@@ -3,7 +3,9 @@
version: '2.2'
networks:
- conpot_local:
+ conpot_kamstrup_local:
+ conpot_default_local:
+ conpot_guardian_ast_local:
emobility_local:
ewsposter_local:
spiderfoot_local:
@@ -11,16 +13,47 @@ networks:
services:
-# Conpot service
- conpot:
- container_name: conpot
+# Conpot service - Kamstrup Template
+ conpot_kamstrup:
+ container_name: conpot_kamstrup
restart: always
networks:
- - conpot_local
+ - conpot_kamstrup_local
ports:
- "1025:1025"
- "50100:50100"
- image: "dtagdevsec/conpot:1710"
+# image: "dtagdevsec/conpot:1710"
+ image: "uncleraymondo/conpot_kamstrup:1710"
+ volumes:
+ - /data/conpot/log:/var/log/conpot
+
+# Conpot service - Default Template
+ conpot_default:
+ container_name: conpot_default
+ restart: always
+ networks:
+ - conpot_default_local
+ ports:
+ - "102:102"
+ - "502:502"
+ - "623:623/udp"
+ - "47808:47808/udp"
+ - "161:161/udp"
+# image: "dtagdevsec/conpot:1710"
+ image: "uncleraymondo/conpot_default:1710"
+ volumes:
+ - /data/conpot/log:/var/log/conpot
+
+# Conpot service - Guardian AST Template
+ conpot_guardian_ast:
+ container_name: conpot_guardian_ast
+ restart: always
+ networks:
+ - conpot_guardian_ast_local
+ ports:
+ - "10001:10001"
+# image: "dtagdevsec/conpot:1710"
+ image: "uncleraymondo/conpot_guardianast:1710"
volumes:
- /data/conpot/log:/var/log/conpot
diff --git a/etc/logrotate/logrotate.conf b/etc/logrotate/logrotate.conf
index 85d889bb..1bf89135 100644
--- a/etc/logrotate/logrotate.conf
+++ b/etc/logrotate/logrotate.conf
@@ -1,5 +1,5 @@
-/data/conpot/log/conpot.json
-/data/conpot/log/conpot.log
+/data/conpot/log/conpot_*.json
+/data/conpot/log/conpot_*.log
/data/cowrie/log/cowrie.json
/data/cowrie/log/cowrie-textlog.log
/data/cowrie/log/lastlog.txt
diff --git a/host/etc/systemd/tpot.service b/host/etc/systemd/tpot.service
index 9de26330..638f1b61 100644
--- a/host/etc/systemd/tpot.service
+++ b/host/etc/systemd/tpot.service
@@ -37,6 +37,8 @@ ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 102,502,10001 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p udp -m multiport --dports 69,161,623,5060,47808 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
# Compose T-Pot up
@@ -46,12 +48,14 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color
ExecStop=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v
# Remove only previously set iptables rules
-ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
-ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
-ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
-ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
-ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p udp -m multiport --dports 69,161,623,5060,47808 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 102,502,10001 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
[Install]