tweaking

docker/ciscoasa/Dockerfile

@@ -7,7 +7,6 @@ ADD dist/ /root/dist/
 RUN apk -U upgrade && \
     apk add build-base \
             git \
-            libcap \
             libffi \
             libffi-dev \
             openssl \
@@ -28,12 +27,10 @@ RUN apk -U upgrade && \
     pip3 install --no-cache-dir -r requirements.txt && \
     cp /root/dist/asa_server.py /opt/ciscoasa_honeypot && \
     chown -R ciscoasa:ciscoasa /opt/ciscoasa_honeypot && \
-    setcap cap_net_bind_service=+ep /usr/bin/python3.6 && \
 
 # Clean up
     apk del --purge build-base \
                     git \
-                    libcap \
                     libffi-dev \
                     openssl-dev \
                     python3-dev && \
@@ -43,4 +40,4 @@ RUN apk -U upgrade && \
 # Start ciscoasa
 WORKDIR /tmp/ciscoasa/
 USER ciscoasa:ciscoasa
-CMD cp -R /opt/ciscoasa_honeypot/* /tmp/ciscoasa && exec python3 asa_server.py --ike-port 500 --enable_ssl --port 443 --verbose >> /var/log/ciscoasa/ciscoasa.log 2>&1
+CMD cp -R /opt/ciscoasa_honeypot/* /tmp/ciscoasa && exec python3 asa_server.py --ike-port 5000 --enable_ssl --port 8443 --verbose >> /var/log/ciscoasa/ciscoasa.log 2>&1

docker/ciscoasa/docker-compose.yml

@@ -1,8 +1,5 @@
 version: '2.3'
 
-networks:
-  ciscoasa_local:
-
 services:
 
 # Ciscoasa service
@@ -13,11 +10,10 @@ services:
     stop_signal: SIGINT
     tmpfs:
      - /tmp/ciscoasa:uid=2000,gid=2000
-    networks:
-     - ciscoasa_local
+    network_mode: "host"
     ports:
-     - "5000:500"
-     - "8443:443"
+     - "5000:5000/udp"
+     - "8443:8443"
     image: "dtagdevsec/ciscoasa:1804"
     read_only: true
     volumes:

docker/elk/logstash/dist/logstash.conf

@@ -158,6 +158,11 @@ filter {
     date {
       match => [ "timestamp", "ISO8601" ]
     }
+    mutate {
+      add_field => {
+        "dest_ip" => "${MY_EXTIP}"
+      }
+    }
   }
 
 # Conpot

docker/ews/dist/ews.cfg

@@ -116,3 +116,8 @@ logfile = /data/vnclowpot/log/vnclowpot.log
 heralding = true
 nodeid = heralding-community-01
 logfile = /data/heralding/log/auth.csv
+
+[CISCOASA]
+ciscoasa = true
+nodeid = ciscoasa-community-01
+logfile = /data/ciscoasa/log/ciscoasa.log

etc/compose/tpot.yml

@@ -4,7 +4,6 @@
 version: '2.2'
 
 networks:
-  ciscoasa_local:
   cowrie_local:
   elasticpot_local:
   ewsposter_local:
@@ -22,8 +21,7 @@ services:
     container_name: ciscoasa
     restart: always
     stop_signal: SIGINT
-    networks:
-     - ciscoasa_local
+    network_mode: "host"
     ports:
      - "5000:5000/udp"
      - "8443:8443"
@@ -38,8 +36,8 @@ services:
     networks:
      - cowrie_local
     ports:
-     - "22:2222"
-     - "23:2223"
+     - "22:22"
+     - "23:23"
     image: "dtagdevsec/cowrie:1804"
     volumes:
      - /data/cowrie/downloads:/home/cowrie/cowrie/dl