diff --git a/compose/mac_win.yml b/compose/mac_win.yml index f3b77e66..b9266566 100644 --- a/compose/mac_win.yml +++ b/compose/mac_win.yml @@ -39,6 +39,7 @@ services: env_file: - .env restart: always + stop_grace_period: 60s tmpfs: - /tmp/etc:uid=2000,gid=2000 - /tmp/:uid=2000,gid=2000 @@ -109,7 +110,7 @@ services: pull_policy: ${TPOT_PULL_POLICY} read_only: true volumes: - - ${TPOT_DATA_PATH}/citrixhoneypot/logs:/opt/citrixhoneypot/logs + - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs # Conpot IEC104 service conpot_IEC104: diff --git a/compose/mobile.yml b/compose/mobile.yml index cfeb0b62..e4ae3748 100644 --- a/compose/mobile.yml +++ b/compose/mobile.yml @@ -39,6 +39,7 @@ services: env_file: - .env restart: always + stop_grace_period: 60s tmpfs: - /tmp/etc:uid=2000,gid=2000 - /tmp/:uid=2000,gid=2000 @@ -92,7 +93,7 @@ services: pull_policy: ${TPOT_PULL_POLICY} read_only: true volumes: - - ${TPOT_DATA_PATH}/citrixhoneypot/logs:/opt/citrixhoneypot/logs + - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs # Conpot IEC104 service conpot_IEC104: diff --git a/compose/raspberry_showcase.yml b/compose/raspberry_showcase.yml index cfeb0b62..e4ae3748 100644 --- a/compose/raspberry_showcase.yml +++ b/compose/raspberry_showcase.yml @@ -39,6 +39,7 @@ services: env_file: - .env restart: always + stop_grace_period: 60s tmpfs: - /tmp/etc:uid=2000,gid=2000 - /tmp/:uid=2000,gid=2000 @@ -92,7 +93,7 @@ services: pull_policy: ${TPOT_PULL_POLICY} read_only: true volumes: - - ${TPOT_DATA_PATH}/citrixhoneypot/logs:/opt/citrixhoneypot/logs + - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs # Conpot IEC104 service conpot_IEC104: diff --git a/compose/sensor.yml b/compose/sensor.yml index 0db1caee..d545bdbc 100644 --- a/compose/sensor.yml +++ b/compose/sensor.yml @@ -37,6 +37,7 @@ services: env_file: - .env restart: always + stop_grace_period: 60s tmpfs: - /tmp/etc:uid=2000,gid=2000 - /tmp/:uid=2000,gid=2000 @@ -108,7 +109,7 @@ services: pull_policy: ${TPOT_PULL_POLICY} read_only: true volumes: - - ${TPOT_DATA_PATH}/citrixhoneypot/logs:/opt/citrixhoneypot/logs + - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs # Conpot IEC104 service conpot_IEC104: diff --git a/compose/standard.yml b/compose/standard.yml index b6214e85..d71b7e33 100644 --- a/compose/standard.yml +++ b/compose/standard.yml @@ -38,6 +38,7 @@ services: env_file: - .env restart: always + stop_grace_period: 60s tmpfs: - /tmp/etc:uid=2000,gid=2000 - /tmp/:uid=2000,gid=2000 @@ -110,7 +111,7 @@ services: pull_policy: ${TPOT_PULL_POLICY} read_only: true volumes: - - ${TPOT_DATA_PATH}/citrixhoneypot/logs:/opt/citrixhoneypot/logs + - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs # Conpot IEC104 service conpot_IEC104: diff --git a/compose/tpot_services.yml b/compose/tpot_services.yml index f1521534..ae567f18 100644 --- a/compose/tpot_services.yml +++ b/compose/tpot_services.yml @@ -44,6 +44,7 @@ services: env_file: - .env restart: always + stop_grace_period: 60s tmpfs: - /tmp/etc:uid=2000,gid=2000 - /tmp/:uid=2000,gid=2000 @@ -115,7 +116,7 @@ services: pull_policy: ${TPOT_PULL_POLICY} read_only: true volumes: - - ${TPOT_DATA_PATH}/citrixhoneypot/logs:/opt/citrixhoneypot/logs + - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs # Conpot IEC104 service conpot_IEC104: diff --git a/docker-compose.yml b/docker-compose.yml index b6214e85..d71b7e33 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,6 +38,7 @@ services: env_file: - .env restart: always + stop_grace_period: 60s tmpfs: - /tmp/etc:uid=2000,gid=2000 - /tmp/:uid=2000,gid=2000 @@ -110,7 +111,7 @@ services: pull_policy: ${TPOT_PULL_POLICY} read_only: true volumes: - - ${TPOT_DATA_PATH}/citrixhoneypot/logs:/opt/citrixhoneypot/logs + - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs # Conpot IEC104 service conpot_IEC104: diff --git a/docker/citrixhoneypot/docker-compose.yml b/docker/citrixhoneypot/docker-compose.yml index af1168bb..0245d320 100644 --- a/docker/citrixhoneypot/docker-compose.yml +++ b/docker/citrixhoneypot/docker-compose.yml @@ -19,4 +19,4 @@ services: image: "dtagdevsec/citrixhoneypot:alpha" read_only: true volumes: - - $HOME/tpotce/data/citrixhoneypot/logs:/opt/citrixhoneypot/logs + - $HOME/tpotce/data/citrixhoneypot/log:/opt/citrixhoneypot/logs diff --git a/docker/elk/docker-compose.yml b/docker/elk/docker-compose.yml index 12db2db0..4ed568a4 100644 --- a/docker/elk/docker-compose.yml +++ b/docker/elk/docker-compose.yml @@ -26,7 +26,7 @@ services: - "127.0.0.1:64298:9200" image: "dtagdevsec/elasticsearch:alpha" volumes: - - /data:/data + - $HOME/tpotce/data:/data ## Kibana service kibana: @@ -37,6 +37,7 @@ services: depends_on: elasticsearch: condition: service_healthy + mem_limit: 1g ports: - "127.0.0.1:64296:5601" image: "dtagdevsec/kibana:alpha" @@ -51,11 +52,9 @@ services: depends_on: elasticsearch: condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment image: "dtagdevsec/logstash:alpha" volumes: - - /data:/data + - $HOME/tpotce/data:/data # - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf # Map Redis Service @@ -76,8 +75,6 @@ services: restart: always environment: - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment stop_signal: SIGKILL tty: true ports: @@ -92,8 +89,6 @@ services: restart: always environment: - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment stop_signal: SIGKILL tty: true image: "dtagdevsec/map:alpha" diff --git a/docker/elk/elasticsearch/Dockerfile b/docker/elk/elasticsearch/Dockerfile index 26a994b6..942d20b1 100644 --- a/docker/elk/elasticsearch/Dockerfile +++ b/docker/elk/elasticsearch/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:22.04 # # VARS -ENV ES_VER=8.6.2 +ENV ES_VER=8.12.2 # # Include dist COPY dist/ /root/dist/ diff --git a/docker/elk/elasticsearch/docker-compose.yml b/docker/elk/elasticsearch/docker-compose.yml index 415d8b7f..07405bc5 100644 --- a/docker/elk/elasticsearch/docker-compose.yml +++ b/docker/elk/elasticsearch/docker-compose.yml @@ -26,4 +26,4 @@ services: - "127.0.0.1:64298:9200" image: "dtagdevsec/elasticsearch:alpha" volumes: - - /data:/data + - $HOME/tpotce/data:/data diff --git a/docker/elk/kibana/Dockerfile b/docker/elk/kibana/Dockerfile index f4fc7368..1617761d 100644 --- a/docker/elk/kibana/Dockerfile +++ b/docker/elk/kibana/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:22.04 # # VARS -ENV KB_VER=8.6.2 +ENV KB_VER=8.12.2 # Include dist COPY dist/ /root/dist/ # diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile index 85c8b8da..55d17f1f 100644 --- a/docker/elk/logstash/Dockerfile +++ b/docker/elk/logstash/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:22.04 # # VARS -ENV LS_VER=8.6.2 +ENV LS_VER=8.12.2 # Include dist COPY dist/ /root/dist/ # diff --git a/docker/elk/logstash/dist/http_output.conf b/docker/elk/logstash/dist/http_output.conf index f97b763a..533f20e6 100644 --- a/docker/elk/logstash/dist/http_output.conf +++ b/docker/elk/logstash/dist/http_output.conf @@ -38,7 +38,7 @@ input { # CitrixHoneypot file { - path => ["/data/citrixhoneypot/logs/server.log"] + path => ["/data/citrixhoneypot/log/server.log"] codec => json type => "CitrixHoneypot" } @@ -182,6 +182,13 @@ input { type => "Tanner" } +# Wordpot + file { + path => ["/data/wordpot/log/wordpot.log"] + codec => json + type => "Wordpot" + } + } # Filter Section @@ -620,6 +627,13 @@ filter { } } +# Wordpot + if [type] == "Wordpot" { + date { + match => [ "timestamp", "ISO8601" ] + } + } + # Drop if parse fails if "_grokparsefailure" in [tags] { drop {} } if "_jsonparsefailure" in [tags] { drop {} } @@ -639,13 +653,13 @@ if "_jsonparsefailure" in [tags] { drop {} } cache_size => 10000 source => "src_ip" default_database_type => "City" -# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-City.mmdb" +# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.13-java/vendor/GeoLite2-City.mmdb" } geoip { cache_size => 10000 source => "src_ip" default_database_type => "ASN" -# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-ASN.mmdb" +# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.13-java/vendor/GeoLite2-ASN.mmdb" } translate { refresh_interval => 86400 @@ -660,14 +674,14 @@ if "_jsonparsefailure" in [tags] { drop {} } source => "t-pot_ip_ext" target => "geoip_ext" default_database_type => "City" -# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-City.mmdb" +# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.13-java/vendor/GeoLite2-City.mmdb" } geoip { cache_size => 10000 source => "t-pot_ip_ext" target => "geoip_ext" default_database_type => "ASN" -# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-ASN.mmdb" +# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.13-java/vendor/GeoLite2-ASN.mmdb" } } diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf index 1fda80a0..68a2b1d5 100644 --- a/docker/elk/logstash/dist/logstash.conf +++ b/docker/elk/logstash/dist/logstash.conf @@ -38,7 +38,7 @@ input { # CitrixHoneypot file { - path => ["/data/citrixhoneypot/logs/server.log"] + path => ["/data/citrixhoneypot/log/server.log"] codec => json type => "CitrixHoneypot" } @@ -182,6 +182,13 @@ input { type => "Tanner" } +# Wordpot + file { + path => ["/data/wordpot/log/wordpot.log"] + codec => json + type => "Wordpot" + } + } # Filter Section @@ -620,6 +627,13 @@ filter { } } +# Wordpot + if [type] == "Wordpot" { + date { + match => [ "timestamp", "ISO8601" ] + } + } + # Drop if parse fails if "_grokparsefailure" in [tags] { drop {} } if "_jsonparsefailure" in [tags] { drop {} } @@ -639,13 +653,13 @@ if "_jsonparsefailure" in [tags] { drop {} } cache_size => 10000 source => "src_ip" default_database_type => "City" -# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-City.mmdb" +# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.13-java/vendor/GeoLite2-City.mmdb" } geoip { cache_size => 10000 source => "src_ip" default_database_type => "ASN" -# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-ASN.mmdb" +# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.13-java/vendor/GeoLite2-ASN.mmdb" } translate { refresh_interval => 86400 @@ -660,14 +674,14 @@ if "_jsonparsefailure" in [tags] { drop {} } source => "t-pot_ip_ext" target => "geoip_ext" default_database_type => "City" -# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-City.mmdb" +# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.13-java/vendor/GeoLite2-City.mmdb" } geoip { cache_size => 10000 source => "t-pot_ip_ext" target => "geoip_ext" default_database_type => "ASN" -# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-ASN.mmdb" +# database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.13-java/vendor/GeoLite2-ASN.mmdb" } } diff --git a/docker/elk/logstash/docker-compose.yml b/docker/elk/logstash/docker-compose.yml index 190a9967..2fd78570 100644 --- a/docker/elk/logstash/docker-compose.yml +++ b/docker/elk/logstash/docker-compose.yml @@ -12,13 +12,11 @@ services: # depends_on: # elasticsearch: # condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment ports: - "127.0.0.1:64305:64305" image: "dtagdevsec/logstash:alpha" volumes: - - /data:/data -# - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf -# - /root/tpotce/docker/elk/logstash/dist/http.conf:/etc/logstash/conf.d/http.conf -# - /root/tpotce/docker/elk/logstash/dist/logstash.yml:/etc/logstash/conf.d/logstash.yml + - $HOME/tpotce/data:/data +# - /$HOME/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf +# - /$HOME/tpotce/docker/elk/logstash/dist/http.conf:/etc/logstash/conf.d/http.conf +# - /$HOME/tpotce/docker/elk/logstash/dist/logstash.yml:/etc/logstash/conf.d/logstash.yml diff --git a/docker/elk/map/Dockerfile b/docker/elk/map/Dockerfile index 33b91e93..9d7165f8 100644 --- a/docker/elk/map/Dockerfile +++ b/docker/elk/map/Dockerfile @@ -1,29 +1,23 @@ -FROM alpine:3.17 -# -# Include dist -#COPY dist/ /root/dist/ +FROM alpine:3.19 # # Install packages RUN apk -U --no-cache add \ - build-base \ - git \ - libcap \ - py3-pip \ - python3 \ - python3-dev \ - tzdata && \ + build-base \ + git \ + libcap \ + py3-pip \ + python3 \ + python3-dev \ + tzdata && \ # # Install from GitHub and setup mkdir -p /opt && \ cd /opt/ && \ - git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.1.0 && \ + git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.0 && \ cd t-pot-attack-map && \ -# git checkout eaf8d123d72a62e4c12093e4e8487e10e6ef60f3 && \ -# git branch -a && \ -# git checkout multi && \ - pip3 install --upgrade pip && \ - pip3 install -r requirements.txt && \ - setcap cap_net_bind_service=+ep /usr/bin/python3.10 && \ + pip3 install --break-system-packages --upgrade pip && \ + pip3 install --break-system-packages -r requirements.txt && \ + setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \ # # Setup user, groups and configs addgroup -g 2000 map && \ @@ -32,8 +26,8 @@ RUN apk -U --no-cache add \ # # Clean up apk del --purge build-base \ - git \ - python3-dev && \ + git \ + python3-dev && \ rm -rf /root/* /var/cache/apk/* /opt/t-pot-attack-map/.git # # Start T-Pot-Attack-Map diff --git a/docker/elk/map/dist/entrypoint.sh b/docker/elk/map/dist/entrypoint.sh deleted file mode 100755 index a63bb29e..00000000 --- a/docker/elk/map/dist/entrypoint.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/ash -sed -i "s/var hqLatLng = new L.LatLng(52.3058, 4.932);/var hqLatLng = new L.LatLng($MY_EXTIP_LAT, $MY_EXTIP_LONG);/g" /opt/geoip-attack-map/static/map.js diff --git a/docker/elk/map/docker-compose.yml b/docker/elk/map/docker-compose.yml index 14cced46..ac9de589 100644 --- a/docker/elk/map/docker-compose.yml +++ b/docker/elk/map/docker-compose.yml @@ -21,8 +21,6 @@ services: restart: always environment: - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment stop_signal: SIGKILL tty: true ports: @@ -37,8 +35,8 @@ services: restart: always environment: - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment +# - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT} +# - TZ=${TPOT_ATTACKMAP_TEXT_TIMEZONE} stop_signal: SIGKILL tty: true image: "dtagdevsec/map:alpha" diff --git a/docker/tpotinit/Dockerfile b/docker/tpotinit/Dockerfile index ed1445b5..7b06c051 100644 --- a/docker/tpotinit/Dockerfile +++ b/docker/tpotinit/Dockerfile @@ -43,5 +43,5 @@ RUN apk --no-cache -U add \ WORKDIR /opt/tpot #HEALTHCHECK --interval=5s --timeout=30s --retries=3 CMD pgrep -f autoheal || exit 1 HEALTHCHECK --retries=1000 --interval=5s CMD test -f /tmp/success || exit 1 -STOPSIGNAL SIGKILL -CMD ["/opt/tpot/entrypoint.sh"] +STOPSIGNAL SIGTERM +ENTRYPOINT ["/opt/tpot/entrypoint.sh"] diff --git a/docker/tpotinit/dist/bin/clean.sh b/docker/tpotinit/dist/bin/clean.sh index 4412a87c..897d08a0 100755 --- a/docker/tpotinit/dist/bin/clean.sh +++ b/docker/tpotinit/dist/bin/clean.sh @@ -106,7 +106,7 @@ fuCISCOASA () { # Let's create a function to clean up and prepare citrixhoneypot data fuCITRIXHONEYPOT () { if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/citrixhoneypot/*; fi - mkdir -vp /data/citrixhoneypot/logs/ + mkdir -vp /data/citrixhoneypot/log/ chmod 770 /data/citrixhoneypot/ -R chown tpot:tpot /data/citrixhoneypot/ -R } diff --git a/docker/tpotinit/dist/bin/tpdclean.sh b/docker/tpotinit/dist/bin/tpdclean.sh deleted file mode 100755 index 7ae50398..00000000 --- a/docker/tpotinit/dist/bin/tpdclean.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# T-Pot Compose and Container Cleaner -# Set colors -myRED="" -myGREEN="" -myWHITE="" - -# Only run with command switch -if [ "$1" != "-y" ]; then - echo $myRED"### WARNING"$myWHITE - echo "" - echo $myRED"###### This script is only intended for the tpot.service."$myWHITE - echo $myRED"###### Run first and then ."$myWHITE - echo $myRED"###### Be aware, all T-Pot container volumes and images will be removed."$myWHITE - echo "" - echo $myRED"### WARNING "$myWHITE - echo - exit -fi - -# Remove old containers, images and volumes -docker-compose -f /opt/tpot/etc/tpot.yml down -v >> /dev/null 2>&1 -docker-compose -f /opt/tpot/etc/tpot.yml rm -v >> /dev/null 2>&1 -docker network rm $(docker network ls -q) >> /dev/null 2>&1 -docker volume rm $(docker volume ls -q) >> /dev/null 2>&1 -docker rm -v $(docker ps -aq) >> /dev/null 2>&1 -docker rmi $(docker images | grep "" | awk '{print $3}') >> /dev/null 2>&1 -docker rmi $(docker images | grep "2203" | awk '{print $3}') >> /dev/null 2>&1 -exit 0 diff --git a/docker/tpotinit/dist/bin/tped.sh b/docker/tpotinit/dist/bin/tped.sh deleted file mode 100755 index 1eadbdff..00000000 --- a/docker/tpotinit/dist/bin/tped.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -# Run as root only. -myWHOAMI=$(whoami) -if [ "$myWHOAMI" != "root" ] - then - echo "Need to run as root ..." - exit -fi - -# set backtitle, get filename -myBACKTITLE="T-Pot Edition Selection Tool" -myYMLS=$(cd /opt/tpot/etc/compose/ && ls -1 *.yml) -myLINK="/opt/tpot/etc/tpot.yml" - -# Let's load docker images in parallel -function fuPULLIMAGES { -local myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" -for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | uniq) - do - docker pull $name & - done -wait -echo -} - -# setup menu -for i in $myYMLS; - do - myITEMS+="$i $(echo $i | cut -d "." -f1 | tr [:lower:] [:upper:]) " -done -myEDITION=$(dialog --backtitle "$myBACKTITLE" --menu "Select T-Pot Edition" 18 50 1 $myITEMS 3>&1 1>&2 2>&3 3>&-) -if [ "$myEDITION" == "" ]; - then - echo "Have a nice day!" - exit -fi -dialog --backtitle "$myBACKTITLE" --title "[ Activate now? ]" --yesno "\n$myEDITION" 7 50 -myOK=$? -if [ "$myOK" == "0" ]; - then - echo "OK - Activating and downloading latest images." - systemctl stop tpot - if [ "$(docker ps -aq)" != "" ]; - then - docker stop $(docker ps -aq) - docker rm $(docker ps -aq) - fi - rm -f $myLINK - ln -s /opt/tpot/etc/compose/$myEDITION $myLINK - fuPULLIMAGES - systemctl start tpot - echo "Done. Use \"dps.sh\" for monitoring" - else - echo "Have a nice day!" -fi diff --git a/docker/tpotinit/dist/entrypoint.sh b/docker/tpotinit/dist/entrypoint.sh index a6e1ded3..ad379fdf 100755 --- a/docker/tpotinit/dist/entrypoint.sh +++ b/docker/tpotinit/dist/entrypoint.sh @@ -3,6 +3,25 @@ COMPOSE="/tmp/tpot/docker-compose.yml" exec > >(tee /data/tpotinit.log) 2>&1 +# Function to handle SIGTERM +cleanup() { + echo "# SIGTERM received, cleaning up ..." + echo + echo "## ... removing firewall rules." + /opt/tpot/bin/rules.sh ${COMPOSE} unset + echo + if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ -f "/etc/blackhole/mass_scanner.txt" ]; + then + echo "## ... removing Blackhole routes." + /opt/tpot/bin/blackhole.sh del + echo + fi + kill -TERM "$PID" + echo "# Cleanup done." + echo +} +trap cleanup SIGTERM + # Function to check if a variable is set, not empty check_var() { local var_name="$1" @@ -315,7 +334,11 @@ if [ "${myOSTYPE}" != "linuxkit" ]; figlet "Autoheal" echo "# Now monitoring healthcheck enabled containers to automatically restart them when unhealthy." echo - exec /opt/tpot/autoheal.sh autoheal + # exec /opt/tpot/autoheal.sh autoheal + /opt/tpot/autoheal.sh autoheal & + PID=$! + wait $PID + echo "# T-Pot Init and Autoheal were stopped. Exiting." else echo echo "# Docker Desktop for macOS or Windows detected, Conntrack feature is not supported." diff --git a/docker/tpotinit/dist/etc/compose/collector.yml b/docker/tpotinit/dist/etc/compose/collector.yml deleted file mode 100644 index 2cc873ef..00000000 --- a/docker/tpotinit/dist/etc/compose/collector.yml +++ /dev/null @@ -1,260 +0,0 @@ -# T-Pot (Collector) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - heralding_local: - ewsposter_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Heralding service - heralding: - container_name: heralding - restart: always - tmpfs: - - /tmp/heralding:uid=2000,gid=2000 - networks: - - heralding_local - ports: - - "21:21" - - "22:22" - - "23:23" - - "25:25" - - "80:80" - - "110:110" - - "143:143" - - "443:443" - - "465:465" - - "993:993" - - "995:995" - - "1080:1080" - - "3306:3306" - - "3389:3389" - - "5432:5432" - - "5900:5900" - image: "dtagdevsec/heralding:alpha" - read_only: true - volumes: - - /data/heralding/log:/var/log/heralding - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - tmpfs: - - /tmp/honeytrap:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:alpha" - read_only: true - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms2048m -Xmx2048m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:alpha" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - mem_limit: 1g - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:alpha" - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/redis:alpha" - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - environment: - - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: "dtagdevsec/map:alpha" - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - elasticsearch: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/map:alpha" -#### /ELK - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:alpha" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:alpha" - volumes: - - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/docker/tpotinit/dist/etc/compose/hive.yml b/docker/tpotinit/dist/etc/compose/hive.yml deleted file mode 100644 index c104d3f8..00000000 --- a/docker/tpotinit/dist/etc/compose/hive.yml +++ /dev/null @@ -1,141 +0,0 @@ -# T-Pot (Hive) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - spiderfoot_local: - -services: - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms2048m -Xmx2048m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 -# mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:alpha" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy -# mem_limit: 1g - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:alpha" - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms2048m -Xmx2048m - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - ports: - - "127.0.0.1:64305:64305" -# mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/redis:alpha" - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - environment: - - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: "dtagdevsec/map:alpha" - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - elasticsearch: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/map:alpha" -#### /ELK - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:alpha" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:alpha" - volumes: - - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/docker/tpotinit/dist/etc/compose/hive_sensor.yml b/docker/tpotinit/dist/etc/compose/hive_sensor.yml deleted file mode 100644 index a3a623bf..00000000 --- a/docker/tpotinit/dist/etc/compose/hive_sensor.yml +++ /dev/null @@ -1,548 +0,0 @@ -# T-Pot (Hive_Sensor) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - adbhoney_local: - ciscoasa_local: - citrixhoneypot_local: - conpot_local_IEC104: - conpot_local_guardian_ast: - conpot_local_ipmi: - conpot_local_kamstrup_382: - cowrie_local: - ddospot_local: - dicompot_local: - dionaea_local: - elasticpot_local: - heralding_local: - ipphoney_local: - mailoney_local: - medpot_local: - redishoneypot_local: - tanner_local: - ewsposter_local: - sentrypeer_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Adbhoney service - adbhoney: - container_name: adbhoney - restart: always - networks: - - adbhoney_local - ports: - - "5555:5555" - image: "dtagdevsec/adbhoney:alpha" - read_only: true - volumes: - - /data/adbhoney/log:/opt/adbhoney/log - - /data/adbhoney/downloads:/opt/adbhoney/dl - -# Ciscoasa service - ciscoasa: - container_name: ciscoasa - restart: always - tmpfs: - - /tmp/ciscoasa:uid=2000,gid=2000 - networks: - - ciscoasa_local - ports: - - "5000:5000/udp" - - "8443:8443" - image: "dtagdevsec/ciscoasa:alpha" - read_only: true - volumes: - - /data/ciscoasa/log:/var/log/ciscoasa - -# CitrixHoneypot service - citrixhoneypot: - container_name: citrixhoneypot - restart: always - networks: - - citrixhoneypot_local - ports: - - "443:443" - image: "dtagdevsec/citrixhoneypot:alpha" - read_only: true - volumes: - - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs - -# Conpot IEC104 service - conpot_IEC104: - container_name: conpot_iec104 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json - - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log - - CONPOT_TEMPLATE=IEC104 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_IEC104 - ports: - - "161:161/udp" - - "2404:2404" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot guardian_ast service - conpot_guardian_ast: - container_name: conpot_guardian_ast - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json - - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log - - CONPOT_TEMPLATE=guardian_ast - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_guardian_ast - ports: - - "10001:10001" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot ipmi - conpot_ipmi: - container_name: conpot_ipmi - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json - - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log - - CONPOT_TEMPLATE=ipmi - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_ipmi - ports: - - "623:623/udp" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot kamstrup_382 - conpot_kamstrup_382: - container_name: conpot_kamstrup_382 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json - - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log - - CONPOT_TEMPLATE=kamstrup_382 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_kamstrup_382 - ports: - - "1025:1025" - - "50100:50100" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Cowrie service - cowrie: - container_name: cowrie - restart: always - tmpfs: - - /tmp/cowrie:uid=2000,gid=2000 - - /tmp/cowrie/data:uid=2000,gid=2000 - networks: - - cowrie_local - ports: - - "22:22" - - "23:23" - image: "dtagdevsec/cowrie:alpha" - read_only: true - volumes: - - /data/cowrie/downloads:/home/cowrie/cowrie/dl - - /data/cowrie/keys:/home/cowrie/cowrie/etc - - /data/cowrie/log:/home/cowrie/cowrie/log - - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - -# Ddospot service - ddospot: - container_name: ddospot - restart: always - networks: - - ddospot_local - ports: - - "19:19/udp" - - "53:53/udp" - - "123:123/udp" -# - "161:161/udp" - - "1900:1900/udp" - image: "dtagdevsec/ddospot:alpha" - read_only: true - volumes: - - /data/ddospot/log:/opt/ddospot/ddospot/logs - - /data/ddospot/bl:/opt/ddospot/ddospot/bl - - /data/ddospot/db:/opt/ddospot/ddospot/db - -# Dicompot service -# Get the Horos Client for testing: https://horosproject.org/ -# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ -# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images - dicompot: - container_name: dicompot - restart: always - networks: - - dicompot_local - ports: - - "11112:11112" - image: "dtagdevsec/dicompot:alpha" - read_only: true - volumes: - - /data/dicompot/log:/var/log/dicompot -# - /data/dicompot/images:/opt/dicompot/images - -# Dionaea service - dionaea: - container_name: dionaea - stdin_open: true - tty: true - restart: always - networks: - - dionaea_local - ports: - - "20:20" - - "21:21" - - "42:42" - - "69:69/udp" - - "81:81" - - "135:135" - # - "443:443" - - "445:445" - - "1433:1433" - - "1723:1723" - - "1883:1883" - - "3306:3306" - # - "5060:5060" - # - "5060:5060/udp" - # - "5061:5061" - - "27017:27017" - image: "dtagdevsec/dionaea:alpha" - read_only: true - volumes: - - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www - - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp - - /data/dionaea:/opt/dionaea/var/dionaea - - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries - - /data/dionaea/log:/opt/dionaea/var/log - - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp - -# ElasticPot service - elasticpot: - container_name: elasticpot - restart: always - networks: - - elasticpot_local - ports: - - "9200:9200" - image: "dtagdevsec/elasticpot:alpha" - read_only: true - volumes: - - /data/elasticpot/log:/opt/elasticpot/log - -# Heralding service - heralding: - container_name: heralding - restart: always - tmpfs: - - /tmp/heralding:uid=2000,gid=2000 - networks: - - heralding_local - ports: - # - "21:21" - # - "22:22" - # - "23:23" - # - "25:25" - # - "80:80" - - "110:110" - - "143:143" - # - "443:443" - - "465:465" - - "993:993" - - "995:995" - # - "3306:3306" - # - "3389:3389" - - "1080:1080" - - "5432:5432" - - "5900:5900" - image: "dtagdevsec/heralding:alpha" - read_only: true - volumes: - - /data/heralding/log:/var/log/heralding - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - tmpfs: - - /tmp/honeytrap:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:alpha" - read_only: true - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - -# Ipphoney service - ipphoney: - container_name: ipphoney - restart: always - networks: - - ipphoney_local - ports: - - "631:631" - image: "dtagdevsec/ipphoney:alpha" - read_only: true - volumes: - - /data/ipphoney/log:/opt/ipphoney/log - -# Mailoney service - mailoney: - container_name: mailoney - restart: always - environment: - - HPFEEDS_SERVER= - - HPFEEDS_IDENT=user - - HPFEEDS_SECRET=pass - - HPFEEDS_PORT=20000 - - HPFEEDS_CHANNELPREFIX=prefix - networks: - - mailoney_local - ports: - - "25:25" - image: "dtagdevsec/mailoney:alpha" - read_only: true - volumes: - - /data/mailoney/log:/opt/mailoney/logs - -# Medpot service - medpot: - container_name: medpot - restart: always - networks: - - medpot_local - ports: - - "2575:2575" - image: "dtagdevsec/medpot:alpha" - read_only: true - volumes: - - /data/medpot/log/:/var/log/medpot - -# Redishoneypot service - redishoneypot: - container_name: redishoneypot - restart: always - networks: - - redishoneypot_local - ports: - - "6379:6379" - image: "dtagdevsec/redishoneypot:alpha" - read_only: true - volumes: - - /data/redishoneypot/log:/var/log/redishoneypot - -# SentryPeer service - sentrypeer: - container_name: sentrypeer - restart: always -# SentryPeer offers to exchange bad actor data via DHT / P2P mode by setting the ENV to true (1) -# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show -# the bad actors in its logs. Therefore this option is opt-in based. -# environment: -# - SENTRYPEER_PEER_TO_PEER=0 - networks: - - sentrypeer_local - ports: -# - "4222:4222/udp" - - "5060:5060/udp" -# - "127.0.0.1:8082:8082" - image: "dtagdevsec/sentrypeer:alpha" - read_only: true - volumes: - - /data/sentrypeer/log:/var/log/sentrypeer - -#### Snare / Tanner -## Tanner Redis Service - tanner_redis: - container_name: tanner_redis - restart: always - tty: true - networks: - - tanner_local - image: "dtagdevsec/redis:alpha" - read_only: true - -## PHP Sandbox service - tanner_phpox: - container_name: tanner_phpox - restart: always - tty: true - networks: - - tanner_local - image: "dtagdevsec/phpox:alpha" - read_only: true - -## Tanner API Service - tanner_api: - container_name: tanner_api - restart: always - tmpfs: - - /tmp/tanner:uid=2000,gid=2000 - tty: true - networks: - - tanner_local - image: "dtagdevsec/tanner:alpha" - read_only: true - volumes: - - /data/tanner/log:/var/log/tanner - command: tannerapi - depends_on: - - tanner_redis - -## Tanner Service - tanner: - container_name: tanner - restart: always - tmpfs: - - /tmp/tanner:uid=2000,gid=2000 - tty: true - networks: - - tanner_local - image: "dtagdevsec/tanner:alpha" - command: tanner - read_only: true - volumes: - - /data/tanner/log:/var/log/tanner - - /data/tanner/files:/opt/tanner/files - depends_on: - - tanner_api -# - tanner_web - - tanner_phpox - -## Snare Service - snare: - container_name: snare - restart: always - tty: true - networks: - - tanner_local - ports: - - "80:80" - image: "dtagdevsec/snare:alpha" - depends_on: - - tanner - - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - env_file: - - /opt/tpot/etc/compose/elk_environment - mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip diff --git a/docker/tpotinit/dist/etc/compose/industrial.yml b/docker/tpotinit/dist/etc/compose/industrial.yml deleted file mode 100644 index 58eafe68..00000000 --- a/docker/tpotinit/dist/etc/compose/industrial.yml +++ /dev/null @@ -1,431 +0,0 @@ -# T-Pot (Industrial) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - conpot_local_default: - conpot_local_IEC104: - conpot_local_guardian_ast: - conpot_local_ipmi: - conpot_local_kamstrup_382: - cowrie_local: - dicompot_local: - heralding_local: - medpot_local: - ewsposter_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Conpot default service - conpot_default: - container_name: conpot_default - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_default.json - - CONPOT_LOG=/var/log/conpot/conpot_default.log - - CONPOT_TEMPLATE=default - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_default - ports: - - "69:69/udp" - - "80:80" - - "102:102" - - "161:161/udp" - - "502:502" -# - "623:623/udp" - - "21:21" - - "44818:44818" - - "47808:47808/udp" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot IEC104 service - conpot_IEC104: - container_name: conpot_iec104 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json - - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log - - CONPOT_TEMPLATE=IEC104 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_IEC104 - ports: -# - "161:161/udp" - - "2404:2404" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot guardian_ast service - conpot_guardian_ast: - container_name: conpot_guardian_ast - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json - - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log - - CONPOT_TEMPLATE=guardian_ast - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_guardian_ast - ports: - - "10001:10001" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot ipmi - conpot_ipmi: - container_name: conpot_ipmi - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json - - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log - - CONPOT_TEMPLATE=ipmi - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_ipmi - ports: - - "623:623/udp" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot kamstrup_382 - conpot_kamstrup_382: - container_name: conpot_kamstrup_382 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json - - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log - - CONPOT_TEMPLATE=kamstrup_382 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_kamstrup_382 - ports: - - "1025:1025" - - "50100:50100" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Cowrie service - cowrie: - container_name: cowrie - restart: always - tmpfs: - - /tmp/cowrie:uid=2000,gid=2000 - - /tmp/cowrie/data:uid=2000,gid=2000 - networks: - - cowrie_local - ports: - - "22:22" - - "23:23" - image: "dtagdevsec/cowrie:alpha" - read_only: true - volumes: - - /data/cowrie/downloads:/home/cowrie/cowrie/dl - - /data/cowrie/keys:/home/cowrie/cowrie/etc - - /data/cowrie/log:/home/cowrie/cowrie/log - - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - -# Dicompot service -# Get the Horos Client for testing: https://horosproject.org/ -# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ -# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images - dicompot: - container_name: dicompot - restart: always - networks: - - dicompot_local - ports: - - "11112:11112" - image: "dtagdevsec/dicompot:alpha" - read_only: true - volumes: - - /data/dicompot/log:/var/log/dicompot -# - /data/dicompot/images:/opt/dicompot/images - -# Heralding service - heralding: - container_name: heralding - restart: always - tmpfs: - - /tmp/heralding:uid=2000,gid=2000 - networks: - - heralding_local - ports: - # - "21:21" - # - "22:22" - # - "23:23" - # - "25:25" - # - "80:80" - # - "110:110" - # - "143:143" - # - "443:443" - # - "465:465" - # - "993:993" - # - "995:995" - # - "3306:3306" - # - "3389:3389" - # - "5432:5432" - - "5900:5900" - image: "dtagdevsec/heralding:alpha" - read_only: true - volumes: - - /data/heralding/log:/var/log/heralding - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - tmpfs: - - /tmp/honeytrap:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:alpha" - read_only: true - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - -# Medpot service - medpot: - container_name: medpot - restart: always - networks: - - medpot_local - ports: - - "2575:2575" - image: "dtagdevsec/medpot:alpha" - read_only: true - volumes: - - /data/medpot/log/:/var/log/medpot - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms2048m -Xmx2048m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:alpha" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - mem_limit: 1g - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:alpha" - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/redis:alpha" - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - environment: - - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: "dtagdevsec/map:alpha" - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - elasticsearch: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/map:alpha" -#### /ELK - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:alpha" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:alpha" - volumes: - - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/docker/tpotinit/dist/etc/compose/log4j.yml b/docker/tpotinit/dist/etc/compose/log4j.yml deleted file mode 100644 index 5d64a1b9..00000000 --- a/docker/tpotinit/dist/etc/compose/log4j.yml +++ /dev/null @@ -1,250 +0,0 @@ -# T-Pot (Log4j) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - log4pot_local: - ewsposter_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Log4pot service - log4pot: - container_name: log4pot - restart: always - tmpfs: - - /tmp:uid=2000,gid=2000 - networks: - - log4pot_local - ports: - - "80:8080" - - "443:8080" - - "8080:8080" - - "9200:8080" - - "25565:8080" - image: "dtagdevsec/log4pot:alpha" - read_only: true - volumes: - - /data/log4pot/log:/var/log/log4pot/log - - /data/log4pot/payloads:/var/log/log4pot/payloads - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - tmpfs: - - /tmp/honeytrap:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:alpha" - read_only: true - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms2048m -Xmx2048m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:alpha" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - mem_limit: 1g - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:alpha" - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/redis:alpha" - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - environment: - - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: "dtagdevsec/map:alpha" - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - elasticsearch: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/map:alpha" -#### /ELK - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:alpha" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:alpha" - volumes: - - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/docker/tpotinit/dist/etc/compose/medical.yml b/docker/tpotinit/dist/etc/compose/medical.yml deleted file mode 100644 index a4f30480..00000000 --- a/docker/tpotinit/dist/etc/compose/medical.yml +++ /dev/null @@ -1,244 +0,0 @@ -# T-Pot (Medical) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - dicompot_local: - medpot_local: - ewsposter_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Dicompot service -# Get the Horos Client for testing: https://horosproject.org/ -# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ -# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images - dicompot: - container_name: dicompot - restart: always - networks: - - dicompot_local - ports: - - "11112:11112" - image: "dtagdevsec/dicompot:alpha" - read_only: true - volumes: - - /data/dicompot/log:/var/log/dicompot -# - /data/dicompot/images:/opt/dicompot/images - -# Medpot service - medpot: - container_name: medpot - restart: always - networks: - - medpot_local - ports: - - "2575:2575" - image: "dtagdevsec/medpot:alpha" - read_only: true - volumes: - - /data/medpot/log/:/var/log/medpot - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms2048m -Xmx2048m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:alpha" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - mem_limit: 1g - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:alpha" - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/redis:alpha" - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - environment: - - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: "dtagdevsec/map:alpha" - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - elasticsearch: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/map:alpha" -#### /ELK - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:alpha" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:alpha" - volumes: - - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/docker/tpotinit/dist/etc/compose/mini.yml b/docker/tpotinit/dist/etc/compose/mini.yml deleted file mode 100644 index 5eec0a58..00000000 --- a/docker/tpotinit/dist/etc/compose/mini.yml +++ /dev/null @@ -1,271 +0,0 @@ -# T-Pot (Mini) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - honeypots_local: - ewsposter_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# qHoneypots service - honeypots: - container_name: honeypots - stdin_open: true - tty: true - restart: always - tmpfs: - - /tmp:uid=2000,gid=2000 - networks: - - honeypots_local - ports: - - "21:21" - - "22:22" - - "23:23" - - "25:25" - - "53:53/udp" - - "80:80" - - "110:110" - - "123:123" - - "143:143" - - "161:161" - - "389:389" - - "443:443" - - "445:445" - - "1080:1080" - - "1433:1433" - - "1521:1521" - - "3306:3306" - - "5060:5060" - - "5432:5432" - - "5900:5900" - - "6379:6379" - - "6667:6667" - - "8080:8080" - - "9200:9200" - - "11211:11211" - image: "dtagdevsec/honeypots:alpha" - read_only: true - volumes: - - /data/honeypots/log:/var/log/honeypots - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - tmpfs: - - /tmp/honeytrap:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:alpha" - read_only: true - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms2048m -Xmx2048m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:alpha" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - mem_limit: 1g - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:alpha" - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/redis:alpha" - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - environment: - - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: "dtagdevsec/map:alpha" - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - elasticsearch: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/map:alpha" -#### /ELK - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:alpha" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:alpha" - volumes: - - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/docker/tpotinit/dist/etc/compose/nextgen.yml b/docker/tpotinit/dist/etc/compose/nextgen.yml deleted file mode 100644 index 5061a031..00000000 --- a/docker/tpotinit/dist/etc/compose/nextgen.yml +++ /dev/null @@ -1,575 +0,0 @@ -# T-Pot (NextGen) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - adbhoney_local: - ciscoasa_local: - citrixhoneypot_local: - conpot_local_IEC104: - conpot_local_guardian_ast: - conpot_local_ipmi: - conpot_local_kamstrup_382: - ddospot_local: - dicompot_local: - dionaea_local: - elasticpot_local: - endlessh_local: - hellpot_local: - heralding_local: - ipphoney_local: - mailoney_local: - medpot_local: - redishoneypot_local: - ewsposter_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Adbhoney service - adbhoney: - container_name: adbhoney - restart: always - networks: - - adbhoney_local - ports: - - "5555:5555" - image: "dtagdevsec/adbhoney:alpha" - read_only: true - volumes: - - /data/adbhoney/log:/opt/adbhoney/log - - /data/adbhoney/downloads:/opt/adbhoney/dl - -# Ciscoasa service - ciscoasa: - container_name: ciscoasa - restart: always - tmpfs: - - /tmp/ciscoasa:uid=2000,gid=2000 - networks: - - ciscoasa_local - ports: - - "5000:5000/udp" - - "8443:8443" - image: "dtagdevsec/ciscoasa:alpha" - read_only: true - volumes: - - /data/ciscoasa/log:/var/log/ciscoasa - -# CitrixHoneypot service - citrixhoneypot: - container_name: citrixhoneypot - restart: always - networks: - - citrixhoneypot_local - ports: - - "443:443" - image: "dtagdevsec/citrixhoneypot:alpha" - read_only: true - volumes: - - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs - -# Conpot IEC104 service - conpot_IEC104: - container_name: conpot_iec104 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json - - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log - - CONPOT_TEMPLATE=IEC104 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_IEC104 - ports: - - "161:161/udp" - - "2404:2404" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot guardian_ast service - conpot_guardian_ast: - container_name: conpot_guardian_ast - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json - - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log - - CONPOT_TEMPLATE=guardian_ast - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_guardian_ast - ports: - - "10001:10001" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot ipmi - conpot_ipmi: - container_name: conpot_ipmi - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json - - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log - - CONPOT_TEMPLATE=ipmi - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_ipmi - ports: - - "623:623/udp" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot kamstrup_382 - conpot_kamstrup_382: - container_name: conpot_kamstrup_382 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json - - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log - - CONPOT_TEMPLATE=kamstrup_382 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_kamstrup_382 - ports: - - "1025:1025" - - "50100:50100" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Ddospot service - ddospot: - container_name: ddospot - restart: always - networks: - - ddospot_local - ports: - - "19:19/udp" - - "53:53/udp" - - "123:123/udp" -# - "161:161/udp" - - "1900:1900/udp" - image: "dtagdevsec/ddospot:alpha" - read_only: true - volumes: - - /data/ddospot/log:/opt/ddospot/ddospot/logs - - /data/ddospot/bl:/opt/ddospot/ddospot/bl - - /data/ddospot/db:/opt/ddospot/ddospot/db - -# Dicompot service -# Get the Horos Client for testing: https://horosproject.org/ -# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ -# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images - dicompot: - container_name: dicompot - restart: always - networks: - - dicompot_local - ports: - - "11112:11112" - image: "dtagdevsec/dicompot:alpha" - read_only: true - volumes: - - /data/dicompot/log:/var/log/dicompot -# - /data/dicompot/images:/opt/dicompot/images - -# Dionaea service - dionaea: - container_name: dionaea - stdin_open: true - tty: true - restart: always - networks: - - dionaea_local - ports: - - "20:20" - - "21:21" - - "42:42" - - "69:69/udp" - - "81:81" - - "135:135" - # - "443:443" - - "445:445" - - "1433:1433" - - "1723:1723" - - "1883:1883" - - "3306:3306" - # - "5060:5060" - # - "5060:5060/udp" - # - "5061:5061" - - "27017:27017" - image: "dtagdevsec/dionaea:alpha" - read_only: true - volumes: - - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www - - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp - - /data/dionaea:/opt/dionaea/var/dionaea - - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries - - /data/dionaea/log:/opt/dionaea/var/log - - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp - -# ElasticPot service - elasticpot: - container_name: elasticpot - restart: always - networks: - - elasticpot_local - ports: - - "9200:9200" - image: "dtagdevsec/elasticpot:alpha" - read_only: true - volumes: - - /data/elasticpot/log:/opt/elasticpot/log - -# Endlessh service - endlessh: - container_name: endlessh - restart: always - networks: - - endlessh_local - ports: - - "22:2222" - image: "dtagdevsec/endlessh:alpha" - read_only: true - volumes: - - /data/endlessh/log:/var/log/endlessh - -# Glutton service - glutton: - container_name: glutton - restart: always - tmpfs: - - /var/lib/glutton:uid=2000,gid=2000 - - /run:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/glutton:alpha" - read_only: true - volumes: - - /data/glutton/log:/var/log/glutton -# - /root/tpotce/docker/glutton/dist/rules.yaml:/opt/glutton/rules/rules.yaml - -# Heralding service - heralding: - container_name: heralding - restart: always - tmpfs: - - /tmp/heralding:uid=2000,gid=2000 - networks: - - heralding_local - ports: - # - "21:21" - # - "22:22" - # - "23:23" - # - "25:25" - # - "80:80" - - "110:110" - - "143:143" - # - "443:443" - - "465:465" - - "993:993" - - "995:995" - # - "3306:3306" - # - "3389:3389" - - "1080:1080" - - "5432:5432" - - "5900:5900" - image: "dtagdevsec/heralding:alpha" - read_only: true - volumes: - - /data/heralding/log:/var/log/heralding - -# Ipphoney service - ipphoney: - container_name: ipphoney - restart: always - networks: - - ipphoney_local - ports: - - "631:631" - image: "dtagdevsec/ipphoney:alpha" - read_only: true - volumes: - - /data/ipphoney/log:/opt/ipphoney/log - -# Mailoney service - mailoney: - container_name: mailoney - restart: always - environment: - - HPFEEDS_SERVER= - - HPFEEDS_IDENT=user - - HPFEEDS_SECRET=pass - - HPFEEDS_PORT=20000 - - HPFEEDS_CHANNELPREFIX=prefix - networks: - - mailoney_local - ports: - - "25:25" - image: "dtagdevsec/mailoney:alpha" - read_only: true - volumes: - - /data/mailoney/log:/opt/mailoney/logs - -# Medpot service - medpot: - container_name: medpot - restart: always - networks: - - medpot_local - ports: - - "2575:2575" - image: "dtagdevsec/medpot:alpha" - read_only: true - volumes: - - /data/medpot/log/:/var/log/medpot - -# Redishoneypot service - redishoneypot: - container_name: redishoneypot - restart: always - networks: - - redishoneypot_local - ports: - - "6379:6379" - image: "dtagdevsec/redishoneypot:alpha" - read_only: true - volumes: - - /data/redishoneypot/log:/var/log/redishoneypot - -# Hellpot service - hellpot: - container_name: hellpot - restart: always - networks: - - hellpot_local - ports: - - "80:8080" - image: "dtagdevsec/hellpot:alpha" - read_only: true - volumes: - - /data/hellpot/log:/var/log/hellpot - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms2048m -Xmx2048m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:alpha" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - mem_limit: 1g - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:alpha" - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/redis:alpha" - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - environment: - - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: "dtagdevsec/map:alpha" - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - elasticsearch: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/map:alpha" -#### /ELK - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:alpha" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:alpha" - volumes: - - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/docker/tpotinit/dist/etc/compose/sensor.yml b/docker/tpotinit/dist/etc/compose/sensor.yml deleted file mode 100644 index 185e3de7..00000000 --- a/docker/tpotinit/dist/etc/compose/sensor.yml +++ /dev/null @@ -1,535 +0,0 @@ -# T-Pot (Sensor) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - adbhoney_local: - ciscoasa_local: - citrixhoneypot_local: - conpot_local_IEC104: - conpot_local_guardian_ast: - conpot_local_ipmi: - conpot_local_kamstrup_382: - cowrie_local: - ddospot_local: - dicompot_local: - dionaea_local: - elasticpot_local: - heralding_local: - ipphoney_local: - mailoney_local: - medpot_local: - redishoneypot_local: - tanner_local: - ewsposter_local: - sentrypeer_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Adbhoney service - adbhoney: - container_name: adbhoney - restart: always - networks: - - adbhoney_local - ports: - - "5555:5555" - image: "dtagdevsec/adbhoney:alpha" - read_only: true - volumes: - - /data/adbhoney/log:/opt/adbhoney/log - - /data/adbhoney/downloads:/opt/adbhoney/dl - -# Ciscoasa service - ciscoasa: - container_name: ciscoasa - restart: always - tmpfs: - - /tmp/ciscoasa:uid=2000,gid=2000 - networks: - - ciscoasa_local - ports: - - "5000:5000/udp" - - "8443:8443" - image: "dtagdevsec/ciscoasa:alpha" - read_only: true - volumes: - - /data/ciscoasa/log:/var/log/ciscoasa - -# CitrixHoneypot service - citrixhoneypot: - container_name: citrixhoneypot - restart: always - networks: - - citrixhoneypot_local - ports: - - "443:443" - image: "dtagdevsec/citrixhoneypot:alpha" - read_only: true - volumes: - - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs - -# Conpot IEC104 service - conpot_IEC104: - container_name: conpot_iec104 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json - - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log - - CONPOT_TEMPLATE=IEC104 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_IEC104 - ports: - - "161:161/udp" - - "2404:2404" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot guardian_ast service - conpot_guardian_ast: - container_name: conpot_guardian_ast - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json - - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log - - CONPOT_TEMPLATE=guardian_ast - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_guardian_ast - ports: - - "10001:10001" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot ipmi - conpot_ipmi: - container_name: conpot_ipmi - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json - - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log - - CONPOT_TEMPLATE=ipmi - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_ipmi - ports: - - "623:623/udp" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot kamstrup_382 - conpot_kamstrup_382: - container_name: conpot_kamstrup_382 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json - - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log - - CONPOT_TEMPLATE=kamstrup_382 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_kamstrup_382 - ports: - - "1025:1025" - - "50100:50100" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Cowrie service - cowrie: - container_name: cowrie - restart: always - tmpfs: - - /tmp/cowrie:uid=2000,gid=2000 - - /tmp/cowrie/data:uid=2000,gid=2000 - networks: - - cowrie_local - ports: - - "22:22" - - "23:23" - image: "dtagdevsec/cowrie:alpha" - read_only: true - volumes: - - /data/cowrie/downloads:/home/cowrie/cowrie/dl - - /data/cowrie/keys:/home/cowrie/cowrie/etc - - /data/cowrie/log:/home/cowrie/cowrie/log - - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - -# Ddospot service - ddospot: - container_name: ddospot - restart: always - networks: - - ddospot_local - ports: - - "19:19/udp" - - "53:53/udp" - - "123:123/udp" -# - "161:161/udp" - - "1900:1900/udp" - image: "dtagdevsec/ddospot:alpha" - read_only: true - volumes: - - /data/ddospot/log:/opt/ddospot/ddospot/logs - - /data/ddospot/bl:/opt/ddospot/ddospot/bl - - /data/ddospot/db:/opt/ddospot/ddospot/db - -# Dicompot service -# Get the Horos Client for testing: https://horosproject.org/ -# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ -# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images - dicompot: - container_name: dicompot - restart: always - networks: - - dicompot_local - ports: - - "11112:11112" - image: "dtagdevsec/dicompot:alpha" - read_only: true - volumes: - - /data/dicompot/log:/var/log/dicompot -# - /data/dicompot/images:/opt/dicompot/images - -# Dionaea service - dionaea: - container_name: dionaea - stdin_open: true - tty: true - restart: always - networks: - - dionaea_local - ports: - - "20:20" - - "21:21" - - "42:42" - - "69:69/udp" - - "81:81" - - "135:135" - # - "443:443" - - "445:445" - - "1433:1433" - - "1723:1723" - - "1883:1883" - - "3306:3306" - # - "5060:5060" - # - "5060:5060/udp" - # - "5061:5061" - - "27017:27017" - image: "dtagdevsec/dionaea:alpha" - read_only: true - volumes: - - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www - - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp - - /data/dionaea:/opt/dionaea/var/dionaea - - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries - - /data/dionaea/log:/opt/dionaea/var/log - - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp - -# ElasticPot service - elasticpot: - container_name: elasticpot - restart: always - networks: - - elasticpot_local - ports: - - "9200:9200" - image: "dtagdevsec/elasticpot:alpha" - read_only: true - volumes: - - /data/elasticpot/log:/opt/elasticpot/log - -# Heralding service - heralding: - container_name: heralding - restart: always - tmpfs: - - /tmp/heralding:uid=2000,gid=2000 - networks: - - heralding_local - ports: - # - "21:21" - # - "22:22" - # - "23:23" - # - "25:25" - # - "80:80" - - "110:110" - - "143:143" - # - "443:443" - - "465:465" - - "993:993" - - "995:995" - # - "3306:3306" - # - "3389:3389" - - "1080:1080" - - "5432:5432" - - "5900:5900" - image: "dtagdevsec/heralding:alpha" - read_only: true - volumes: - - /data/heralding/log:/var/log/heralding - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - tmpfs: - - /tmp/honeytrap:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:alpha" - read_only: true - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - -# Ipphoney service - ipphoney: - container_name: ipphoney - restart: always - networks: - - ipphoney_local - ports: - - "631:631" - image: "dtagdevsec/ipphoney:alpha" - read_only: true - volumes: - - /data/ipphoney/log:/opt/ipphoney/log - -# Mailoney service - mailoney: - container_name: mailoney - restart: always - environment: - - HPFEEDS_SERVER= - - HPFEEDS_IDENT=user - - HPFEEDS_SECRET=pass - - HPFEEDS_PORT=20000 - - HPFEEDS_CHANNELPREFIX=prefix - networks: - - mailoney_local - ports: - - "25:25" - image: "dtagdevsec/mailoney:alpha" - read_only: true - volumes: - - /data/mailoney/log:/opt/mailoney/logs - -# Medpot service - medpot: - container_name: medpot - restart: always - networks: - - medpot_local - ports: - - "2575:2575" - image: "dtagdevsec/medpot:alpha" - read_only: true - volumes: - - /data/medpot/log/:/var/log/medpot - -# Redishoneypot service - redishoneypot: - container_name: redishoneypot - restart: always - networks: - - redishoneypot_local - ports: - - "6379:6379" - image: "dtagdevsec/redishoneypot:alpha" - read_only: true - volumes: - - /data/redishoneypot/log:/var/log/redishoneypot - -# SentryPeer service - sentrypeer: - container_name: sentrypeer - restart: always -# SentryPeer offers to exchange bad actor data via DHT / P2P mode by setting the ENV to true (1) -# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show -# the bad actors in its logs. Therefore this option is opt-in based. -# environment: -# - SENTRYPEER_PEER_TO_PEER=0 - networks: - - sentrypeer_local - ports: -# - "4222:4222/udp" - - "5060:5060/udp" -# - "127.0.0.1:8082:8082" - image: "dtagdevsec/sentrypeer:alpha" - read_only: true - volumes: - - /data/sentrypeer/log:/var/log/sentrypeer - -#### Snare / Tanner -## Tanner Redis Service - tanner_redis: - container_name: tanner_redis - restart: always - tty: true - networks: - - tanner_local - image: "dtagdevsec/redis:alpha" - read_only: true - -## PHP Sandbox service - tanner_phpox: - container_name: tanner_phpox - restart: always - tty: true - networks: - - tanner_local - image: "dtagdevsec/phpox:alpha" - read_only: true - -## Tanner API Service - tanner_api: - container_name: tanner_api - restart: always - tmpfs: - - /tmp/tanner:uid=2000,gid=2000 - tty: true - networks: - - tanner_local - image: "dtagdevsec/tanner:alpha" - read_only: true - volumes: - - /data/tanner/log:/var/log/tanner - command: tannerapi - depends_on: - - tanner_redis - -## Tanner Service - tanner: - container_name: tanner - restart: always - tmpfs: - - /tmp/tanner:uid=2000,gid=2000 - tty: true - networks: - - tanner_local - image: "dtagdevsec/tanner:alpha" - command: tanner - read_only: true - volumes: - - /data/tanner/log:/var/log/tanner - - /data/tanner/files:/opt/tanner/files - depends_on: - - tanner_api -# - tanner_web - - tanner_phpox - -## Snare Service - snare: - container_name: snare - restart: always - tty: true - networks: - - tanner_local - ports: - - "80:80" - image: "dtagdevsec/snare:alpha" - depends_on: - - tanner - - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip diff --git a/docker/tpotinit/dist/etc/compose/standard.yml b/docker/tpotinit/dist/etc/compose/standard.yml deleted file mode 100644 index f801f613..00000000 --- a/docker/tpotinit/dist/etc/compose/standard.yml +++ /dev/null @@ -1,662 +0,0 @@ -# T-Pot (Standard) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - adbhoney_local: - ciscoasa_local: - citrixhoneypot_local: - conpot_local_IEC104: - conpot_local_guardian_ast: - conpot_local_ipmi: - conpot_local_kamstrup_382: - cowrie_local: - ddospot_local: - dicompot_local: - dionaea_local: - elasticpot_local: - heralding_local: - ipphoney_local: - mailoney_local: - medpot_local: - redishoneypot_local: - tanner_local: - ewsposter_local: - sentrypeer_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Adbhoney service - adbhoney: - container_name: adbhoney - restart: always - networks: - - adbhoney_local - ports: - - "5555:5555" - image: "dtagdevsec/adbhoney:alpha" - read_only: true - volumes: - - /data/adbhoney/log:/opt/adbhoney/log - - /data/adbhoney/downloads:/opt/adbhoney/dl - -# Ciscoasa service - ciscoasa: - container_name: ciscoasa - restart: always - tmpfs: - - /tmp/ciscoasa:uid=2000,gid=2000 - networks: - - ciscoasa_local - ports: - - "5000:5000/udp" - - "8443:8443" - image: "dtagdevsec/ciscoasa:alpha" - read_only: true - volumes: - - /data/ciscoasa/log:/var/log/ciscoasa - -# CitrixHoneypot service - citrixhoneypot: - container_name: citrixhoneypot - restart: always - networks: - - citrixhoneypot_local - ports: - - "443:443" - image: "dtagdevsec/citrixhoneypot:alpha" - read_only: true - volumes: - - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs - -# Conpot IEC104 service - conpot_IEC104: - container_name: conpot_iec104 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json - - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log - - CONPOT_TEMPLATE=IEC104 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_IEC104 - ports: - - "161:161/udp" - - "2404:2404" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot guardian_ast service - conpot_guardian_ast: - container_name: conpot_guardian_ast - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json - - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log - - CONPOT_TEMPLATE=guardian_ast - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_guardian_ast - ports: - - "10001:10001" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot ipmi - conpot_ipmi: - container_name: conpot_ipmi - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json - - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log - - CONPOT_TEMPLATE=ipmi - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_ipmi - ports: - - "623:623/udp" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Conpot kamstrup_382 - conpot_kamstrup_382: - container_name: conpot_kamstrup_382 - restart: always - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json - - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log - - CONPOT_TEMPLATE=kamstrup_382 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_kamstrup_382 - ports: - - "1025:1025" - - "50100:50100" - image: "dtagdevsec/conpot:alpha" - read_only: true - volumes: - - /data/conpot/log:/var/log/conpot - -# Cowrie service - cowrie: - container_name: cowrie - restart: always - tmpfs: - - /tmp/cowrie:uid=2000,gid=2000 - - /tmp/cowrie/data:uid=2000,gid=2000 - networks: - - cowrie_local - ports: - - "22:22" - - "23:23" - image: "dtagdevsec/cowrie:alpha" - read_only: true - volumes: - - /data/cowrie/downloads:/home/cowrie/cowrie/dl - - /data/cowrie/keys:/home/cowrie/cowrie/etc - - /data/cowrie/log:/home/cowrie/cowrie/log - - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - -# Ddospot service - ddospot: - container_name: ddospot - restart: always - networks: - - ddospot_local - ports: - - "19:19/udp" - - "53:53/udp" - - "123:123/udp" -# - "161:161/udp" - - "1900:1900/udp" - image: "dtagdevsec/ddospot:alpha" - read_only: true - volumes: - - /data/ddospot/log:/opt/ddospot/ddospot/logs - - /data/ddospot/bl:/opt/ddospot/ddospot/bl - - /data/ddospot/db:/opt/ddospot/ddospot/db - -# Dicompot service -# Get the Horos Client for testing: https://horosproject.org/ -# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ -# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images - dicompot: - container_name: dicompot - restart: always - networks: - - dicompot_local - ports: - - "11112:11112" - image: "dtagdevsec/dicompot:alpha" - read_only: true - volumes: - - /data/dicompot/log:/var/log/dicompot -# - /data/dicompot/images:/opt/dicompot/images - -# Dionaea service - dionaea: - container_name: dionaea - stdin_open: true - tty: true - restart: always - networks: - - dionaea_local - ports: - - "20:20" - - "21:21" - - "42:42" - - "69:69/udp" - - "81:81" - - "135:135" - # - "443:443" - - "445:445" - - "1433:1433" - - "1723:1723" - - "1883:1883" - - "3306:3306" - # - "5060:5060" - # - "5060:5060/udp" - # - "5061:5061" - - "27017:27017" - image: "dtagdevsec/dionaea:alpha" - read_only: true - volumes: - - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www - - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp - - /data/dionaea:/opt/dionaea/var/dionaea - - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries - - /data/dionaea/log:/opt/dionaea/var/log - - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp - -# ElasticPot service - elasticpot: - container_name: elasticpot - restart: always - networks: - - elasticpot_local - ports: - - "9200:9200" - image: "dtagdevsec/elasticpot:alpha" - read_only: true - volumes: - - /data/elasticpot/log:/opt/elasticpot/log - -# Heralding service - heralding: - container_name: heralding - restart: always - tmpfs: - - /tmp/heralding:uid=2000,gid=2000 - networks: - - heralding_local - ports: - # - "21:21" - # - "22:22" - # - "23:23" - # - "25:25" - # - "80:80" - - "110:110" - - "143:143" - # - "443:443" - - "465:465" - - "993:993" - - "995:995" - # - "3306:3306" - # - "3389:3389" - - "1080:1080" - - "5432:5432" - - "5900:5900" - image: "dtagdevsec/heralding:alpha" - read_only: true - volumes: - - /data/heralding/log:/var/log/heralding - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - tmpfs: - - /tmp/honeytrap:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:alpha" - read_only: true - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - -# Ipphoney service - ipphoney: - container_name: ipphoney - restart: always - networks: - - ipphoney_local - ports: - - "631:631" - image: "dtagdevsec/ipphoney:alpha" - read_only: true - volumes: - - /data/ipphoney/log:/opt/ipphoney/log - -# Mailoney service - mailoney: - container_name: mailoney - restart: always - environment: - - HPFEEDS_SERVER= - - HPFEEDS_IDENT=user - - HPFEEDS_SECRET=pass - - HPFEEDS_PORT=20000 - - HPFEEDS_CHANNELPREFIX=prefix - networks: - - mailoney_local - ports: - - "25:25" - image: "dtagdevsec/mailoney:alpha" - read_only: true - volumes: - - /data/mailoney/log:/opt/mailoney/logs - -# Medpot service - medpot: - container_name: medpot - restart: always - networks: - - medpot_local - ports: - - "2575:2575" - image: "dtagdevsec/medpot:alpha" - read_only: true - volumes: - - /data/medpot/log/:/var/log/medpot - -# Redishoneypot service - redishoneypot: - container_name: redishoneypot - restart: always - networks: - - redishoneypot_local - ports: - - "6379:6379" - image: "dtagdevsec/redishoneypot:alpha" - read_only: true - volumes: - - /data/redishoneypot/log:/var/log/redishoneypot - -# SentryPeer service - sentrypeer: - container_name: sentrypeer - restart: always -# SentryPeer offers to exchange bad actor data via DHT / P2P mode by setting the ENV to true (1) -# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show -# the bad actors in its logs. Therefore this option is opt-in based. -# environment: -# - SENTRYPEER_PEER_TO_PEER=0 - networks: - - sentrypeer_local - ports: -# - "4222:4222/udp" - - "5060:5060/udp" -# - "127.0.0.1:8082:8082" - image: "dtagdevsec/sentrypeer:alpha" - read_only: true - volumes: - - /data/sentrypeer/log:/var/log/sentrypeer - -#### Snare / Tanner -## Tanner Redis Service - tanner_redis: - container_name: tanner_redis - restart: always - tty: true - networks: - - tanner_local - image: "dtagdevsec/redis:alpha" - read_only: true - -## PHP Sandbox service - tanner_phpox: - container_name: tanner_phpox - restart: always - tty: true - networks: - - tanner_local - image: "dtagdevsec/phpox:alpha" - read_only: true - -## Tanner API Service - tanner_api: - container_name: tanner_api - restart: always - tmpfs: - - /tmp/tanner:uid=2000,gid=2000 - tty: true - networks: - - tanner_local - image: "dtagdevsec/tanner:alpha" - read_only: true - volumes: - - /data/tanner/log:/var/log/tanner - command: tannerapi - depends_on: - - tanner_redis - -## Tanner Service - tanner: - container_name: tanner - restart: always - tmpfs: - - /tmp/tanner:uid=2000,gid=2000 - tty: true - networks: - - tanner_local - image: "dtagdevsec/tanner:alpha" - command: tanner - read_only: true - volumes: - - /data/tanner/log:/var/log/tanner - - /data/tanner/files:/opt/tanner/files - depends_on: - - tanner_api -# - tanner_web - - tanner_phpox - -## Snare Service - snare: - container_name: snare - restart: always - tty: true - networks: - - tanner_local - ports: - - "80:80" - image: "dtagdevsec/snare:alpha" - depends_on: - - tanner - - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms2048m -Xmx2048m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:alpha" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - mem_limit: 1g - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:alpha" - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/redis:alpha" - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - environment: - - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: "dtagdevsec/map:alpha" - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - elasticsearch: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/map:alpha" -#### /ELK - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:alpha" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:alpha" - volumes: - - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/docker/tpotinit/dist/etc/compose/tarpit.yml b/docker/tpotinit/dist/etc/compose/tarpit.yml deleted file mode 100644 index 2ab8a3a5..00000000 --- a/docker/tpotinit/dist/etc/compose/tarpit.yml +++ /dev/null @@ -1,287 +0,0 @@ -# T-Pot (Tarpit) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - endlessh_local: - hellpot_local: - heralding_local: - ewsposter_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Endlessh service - endlessh: - container_name: endlessh - restart: always - networks: - - endlessh_local - ports: - - "22:2222" - image: "dtagdevsec/endlessh:alpha" - read_only: true - volumes: - - /data/endlessh/log:/var/log/endlessh - -# Heralding service - heralding: - container_name: heralding - restart: always - tmpfs: - - /tmp/heralding:uid=2000,gid=2000 - networks: - - heralding_local - ports: - # - "21:21" - # - "22:22" - # - "23:23" - # - "25:25" - # - "80:80" - - "110:110" - - "143:143" - # - "443:443" - - "465:465" - - "993:993" - - "995:995" - # - "3306:3306" - # - "3389:3389" - - "1080:1080" - - "5432:5432" - - "5900:5900" - image: "dtagdevsec/heralding:alpha" - read_only: true - volumes: - - /data/heralding/log:/var/log/heralding - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - tmpfs: - - /tmp/honeytrap:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:alpha" - read_only: true - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - -# Hellpot service - hellpot: - container_name: hellpot - restart: always - networks: - - hellpot_local - ports: - - "80:8080" - image: "dtagdevsec/hellpot:alpha" - read_only: true - volumes: - - /data/hellpot/log:/var/log/hellpot - -################## -#### NSM -################## - -# Fatt service - fatt: - container_name: fatt - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/fatt:alpha" - volumes: - - /data/fatt/log:/opt/fatt/log - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:alpha" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - # Loading externel Rules from URL - # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:alpha" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms2048m -Xmx2048m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:alpha" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - mem_limit: 1g - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:alpha" - -## Logstash service - logstash: - container_name: logstash - restart: always - environment: - - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - mem_limit: 2g - image: "dtagdevsec/logstash:alpha" - volumes: - - /data:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/redis:alpha" - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - environment: - - MAP_COMMAND=AttackMapServer.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: "dtagdevsec/map:alpha" - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - elasticsearch: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - env_file: - - /opt/tpot/etc/compose/elk_environment - stop_signal: SIGKILL - tty: true - image: "dtagdevsec/map:alpha" -#### /ELK - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=false - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:alpha" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: "dtagdevsec/nginx:alpha" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:alpha" - volumes: - - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/docker/tpotinit/docker-compose.yml b/docker/tpotinit/docker-compose.yml index bcaaafe3..9b032261 100644 --- a/docker/tpotinit/docker-compose.yml +++ b/docker/tpotinit/docker-compose.yml @@ -8,7 +8,8 @@ services: container_name: tpotinit env_file: - $HOME/tpotce/.env - restart: "no" + restart: "no" + stop_grace_period: 60s image: "dtagdevsec/tpotinit:alpha" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro