Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-09 00:28:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

begin with hardening, tweaking

Browse source
This commit is contained in:
Marco Ochse 2018-05-28 16:36:02 +00:00
parent 88e252fbfb
commit 4bbc63fd02
9 changed files with 33 additions and 118 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docker/tanner/docker-compose.yml
View file

@ -14,6 +14,7 @@ services:
networks: networks:
- tanner_local - tanner_local
image: "dtagdevsec/redis:1804" image: "dtagdevsec/redis:1804"
read_only: true
# PHP Sandbox service # PHP Sandbox service
tanner_phpox: tanner_phpox:
@ -25,6 +26,7 @@ services:
networks: networks:
- tanner_local - tanner_local
image: "dtagdevsec/phpox:1804" image: "dtagdevsec/phpox:1804"
read_only: true
# Tanner API Service # Tanner API Service
tanner_api: tanner_api:
@ -32,10 +34,15 @@ services:
container_name: tanner_api container_name: tanner_api
restart: always restart: always
stop_signal: SIGKILL stop_signal: SIGKILL
tmpfs:
- /tmp/tanner:uid=2000,gid=2000
tty: true tty: true
networks: networks:
- tanner_local - tanner_local
image: "dtagdevsec/tanner:1804" image: "dtagdevsec/tanner:1804"
read_only: true
volumes:
- /data/tanner/log:/var/log/tanner
command: tannerapi command: tannerapi
depends_on: depends_on:
- tanner_redis - tanner_redis
@ -46,11 +53,16 @@ services:
container_name: tanner_web container_name: tanner_web
restart: always restart: always
stop_signal: SIGKILL stop_signal: SIGKILL
tmpfs:
- /tmp/tanner:uid=2000,gid=2000
tty: true tty: true
networks: networks:
- tanner_local - tanner_local
image: "dtagdevsec/tanner:1804" image: "dtagdevsec/tanner:1804"
command: tannerweb command: tannerweb
read_only: true
volumes:
- /data/tanner/log:/var/log/tanner
depends_on: depends_on:
- tanner_redis - tanner_redis
@ -60,11 +72,16 @@ services:
container_name: tanner container_name: tanner
restart: always restart: always
stop_signal: SIGKILL stop_signal: SIGKILL
tmpfs:
- /tmp/tanner:uid=2000,gid=2000
tty: true tty: true
networks: networks:
- tanner_local - tanner_local
image: "dtagdevsec/tanner:1804" image: "dtagdevsec/tanner:1804"
command: tanner command: tanner
read_only: true
volumes:
- /data/tanner/log:/var/log/tanner
depends_on: depends_on:
- tanner_api - tanner_api
- tanner_web - tanner_web

8
docker/tanner/phpox/Dockerfile
View file

@ -17,9 +17,8 @@ RUN apk -U --no-cache add \
pip3 install --no-cache-dir --upgrade pip && \ pip3 install --no-cache-dir --upgrade pip && \
# Install bfr sandbox from git # Install bfr sandbox from git
git clone https://github.com/mushorg/BFR /opt/BFR && \ git clone --depth=1 https://github.com/mushorg/BFR /opt/BFR && \
cd /opt/BFR && \ cd /opt/BFR && \
git checkout 508729202428a35bcc6bb27dd97b831f7e5009b5 && \
phpize7 && \ phpize7 && \
./configure \ ./configure \
--with-php-config=/usr/bin/php-config7 \ --with-php-config=/usr/bin/php-config7 \
@ -31,7 +30,7 @@ RUN apk -U --no-cache add \
echo "zend_extension = "$(find /usr -name bfr.so) >> /etc/php7/php.ini && \ echo "zend_extension = "$(find /usr -name bfr.so) >> /etc/php7/php.ini && \
# Install PHP Sandbox # Install PHP Sandbox
git clone https://github.com/mushorg/phpox /opt/phpox && \ git clone --depth=1 https://github.com/mushorg/phpox /opt/phpox && \
cd /opt/phpox && \ cd /opt/phpox && \
cp /root/dist/sandbox.py . && \ cp /root/dist/sandbox.py . && \
pip3 install -r requirements.txt && \ pip3 install -r requirements.txt && \
@ -46,5 +45,6 @@ RUN apk -U --no-cache add \
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*
# Set workdir and start phpsandbox # Set workdir and start phpsandbox
USER nobody:nobody
WORKDIR /opt/phpox WORKDIR /opt/phpox
CMD python3.6 sandbox.py CMD ["python3.6", "sandbox.py"]

17
docker/tanner/phpox/docker-compose.yml
View file

@ -1,17 +0,0 @@
version: '2.3'
networks:
phpox_local:
services:
# PHP Sandbox service
phpox:
build: .
container_name: phpox
restart: always
stop_signal: SIGKILL
tty: true
networks:
- phpox_local
image: "dtagdevsec/phpox:1804"

4
docker/tanner/redis/Dockerfile
View file

@ -4,8 +4,7 @@ FROM redis:alpine
ADD dist/ /root/dist/ ADD dist/ /root/dist/
# Setup apt # Setup apt
RUN apk -U --no-cache add \ RUN apk -U --no-cache add redis && \
redis && \
cp /root/dist/redis.conf /etc && \ cp /root/dist/redis.conf /etc && \
@ -15,4 +14,5 @@ RUN apk -U --no-cache add \
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*
# Start conpot # Start conpot
USER nobody:nobody
CMD redis-server /etc/redis.conf CMD redis-server /etc/redis.conf

14
docker/tanner/snare/Dockerfile
View file

@ -1,30 +1,20 @@
FROM alpine FROM alpine
# Include dist
#ADD dist/ /root/dist/
# Setup apt # Setup apt
RUN apk -U --no-cache add \ RUN apk -U --no-cache add \
build-base \ build-base \
git \ git \
libcap \
linux-headers \ linux-headers \
python3 \ python3 \
python3-dev && \ python3-dev && \
# Setup ConPot # Setup Snare
git clone https://github.com/mushorg/snare /opt/snare && \ git clone --depth=1 https://github.com/mushorg/snare /opt/snare && \
cd /opt/snare/ && \ cd /opt/snare/ && \
pip3 install --no-cache-dir --upgrade pip setuptools && \ pip3 install --no-cache-dir --upgrade pip setuptools && \
pip3 install --no-cache-dir -r requirements.txt && \ pip3 install --no-cache-dir -r requirements.txt && \
python3.6 clone.py --target http://example.com && \ python3.6 clone.py --target http://example.com && \
cd / && \
#setcap cap_net_bind_service=+ep /usr/bin/python3.6 && \
# Get wireshark manuf db for scapy, setup configs, user, groups
addgroup -g 2000 snare && \
adduser -S -s /bin/ash -u 2000 -D -g 2000 snare && \
# Clean up # Clean up
apk del --purge \ apk del --purge \
build-base \ build-base \

19
docker/tanner/snare/docker-compose.yml
View file

@ -1,19 +0,0 @@
version: '2.3'
networks:
snare_local:
services:
# Snare service
snare:
build: .
container_name: snare
restart: always
stop_signal: SIGKILL
tty: true
networks:
- snare_local
ports:
- "80:80"
image: "dtagdevsec/snare:1804"

9
docker/tanner/tanner/Dockerfile
View file

@ -13,8 +13,8 @@ RUN apk -U --no-cache add \
python3 \ python3 \
python3-dev && \ python3-dev && \
# Setup ConPot # Setup Tanner
git clone https://github.com/mushorg/tanner /opt/tanner && \ git clone --depth=1 https://github.com/mushorg/tanner /opt/tanner && \
cp /root/dist/config.py /opt/tanner/tanner/ && \ cp /root/dist/config.py /opt/tanner/tanner/ && \
cp /root/dist/requirements.txt /opt/tanner/ && \ cp /root/dist/requirements.txt /opt/tanner/ && \
cd /opt/tanner/ && \ cd /opt/tanner/ && \
@ -23,9 +23,11 @@ RUN apk -U --no-cache add \
python3 setup.py install && \ python3 setup.py install && \
cd / && \ cd / && \
# Get wireshark manuf db for scapy, setup configs, user, groups # Setup configs, user, groups
addgroup -g 2000 tanner && \ addgroup -g 2000 tanner && \
adduser -S -s /bin/ash -u 2000 -D -g 2000 tanner && \ adduser -S -s /bin/ash -u 2000 -D -g 2000 tanner && \
mkdir /var/log/tanner && \
chown -R tanner:tanner /opt/tanner /var/log/tanner && \
# Clean up # Clean up
apk del --purge \ apk del --purge \
@ -37,5 +39,6 @@ RUN apk -U --no-cache add \
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*
# Start conpot # Start conpot
USER tanner:tanner
WORKDIR /opt/tanner WORKDIR /opt/tanner
CMD tanner CMD tanner

4
docker/tanner/tanner/dist/config.py vendored
View file

@ -18,11 +18,11 @@ config_template = {'DATA': {'db_config': '/opt/tanner/db/db_config.json', 'dorks
'SQLI': {'type': 'SQLITE', 'db_name': 'tanner_db', 'host': 'localhost', 'user': 'root', 'SQLI': {'type': 'SQLITE', 'db_name': 'tanner_db', 'host': 'localhost', 'user': 'root',
'password': 'user_pass'}, 'password': 'user_pass'},
'DOCKER': {'host_image': 'busybox:latest'}, 'DOCKER': {'host_image': 'busybox:latest'},
'LOGGER': {'log_debug': '/opt/tanner/tanner.log', 'log_err': '/opt/tanner/tanner.err'}, 'LOGGER': {'log_debug': '/tmp/tanner/tanner.log', 'log_err': '/tmp/tanner/tanner.err'},
'MONGO': {'enabled': False, 'URI': 'mongodb://localhost'}, 'MONGO': {'enabled': False, 'URI': 'mongodb://localhost'},
'HPFEEDS': {'enabled': False, 'HOST': 'localhost', 'PORT': 10000, 'IDENT': '', 'SECRET': '', 'HPFEEDS': {'enabled': False, 'HOST': 'localhost', 'PORT': 10000, 'IDENT': '', 'SECRET': '',
'CHANNEL': 'tanner.events'}, 'CHANNEL': 'tanner.events'},
'LOCALLOG': {'enabled': True, 'PATH': '/tmp/tanner_report.json'}, 'LOCALLOG': {'enabled': True, 'PATH': '/var/log/tanner/tanner_report.json'},
'CLEANLOG': {'enabled': False} 'CLEANLOG': {'enabled': False}
} }

59
docker/tanner/tanner/docker-compose.yml
View file

@ -1,59 +0,0 @@
version: '2.3'
networks:
tanner_local:
services:
# Tanner Redis Service
tanner_redis:
container_name: tanner_redis
restart: always
stop_signal: SIGKILL
tty: true
networks:
- tanner_local
image: "dtagdevsec/redis:1804"
# Tanner API Service
tanner_api:
build: .
container_name: tanner_api
restart: always
stop_signal: SIGKILL
tty: true
networks:
- tanner_local
image: "dtagdevsec/tanner:1804"
command: tannerapi
depends_on:
- redis
# Tanner WEB Service
tanner_web:
build: .
container_name: tanner_web
restart: always
stop_signal: SIGKILL
tty: true
networks:
- tanner_local
image: "dtagdevsec/tanner:1804"
command: tannerweb
depends_on:
- redis
# Tanner Service
tanner:
build: .
container_name: tanner
restart: always
stop_signal: SIGKILL
tty: true
networks:
- tanner_local
image: "dtagdevsec/tanner:1804"
command: tanner
depends_on:
- tanner_api
- tanner_web