From 5ebeffe31cbb444375c13c7fec3e952916205683 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Tue, 31 Oct 2023 17:33:40 +0100 Subject: [PATCH] Finetune raspberry_showcase.yml --- compose/raspberry_showcase.yml | 148 ++++++--------------------------- 1 file changed, 26 insertions(+), 122 deletions(-) diff --git a/compose/raspberry_showcase.yml b/compose/raspberry_showcase.yml index 68297935..cb35297c 100644 --- a/compose/raspberry_showcase.yml +++ b/compose/raspberry_showcase.yml @@ -1,16 +1,14 @@ # T-Pot: RASPBERRY_SHOWCASE # Note: This docker compose file has been adjusted to limit the number of tools, services and honeypots to run -# T-Pot on a Raspberry Pi 4 (8GB of RAM, SSD) with an enabled desktop environment. +# T-Pot on a Raspberry Pi 4 (8GB of RAM, SSD). # The standard docker compose file should work mostly fine (depending on traffic) if you do not enable a # desktop environment such as LXDE and meet the minimum requirements of 8GB and a SSD. version: '3.9' networks: - adbhoney_local: ciscoasa_local: citrixhoneypot_local: conpot_local_IEC104: - conpot_local_guardian_ast: conpot_local_ipmi: conpot_local_kamstrup_382: cowrie_local: @@ -19,12 +17,12 @@ networks: elasticpot_local: heralding_local: ipphoney_local: + log4pot_local: mailoney_local: medpot_local: redishoneypot_local: sentrypeer_local: tanner_local: - spiderfoot_local: ewsposter_local: services: @@ -59,24 +57,6 @@ services: #### Honeypots ################## -# Adbhoney service - adbhoney: - container_name: adbhoney - restart: always - depends_on: - logstash: - condition: service_healthy - networks: - - adbhoney_local - ports: - - "5555:5555" - image: ${TPOT_REPO}/adbhoney:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/adbhoney/log:/opt/adbhoney/log - - ${TPOT_DATA_PATH}/adbhoney/downloads:/opt/adbhoney/dl - # Ciscoasa service ciscoasa: container_name: ciscoasa @@ -140,31 +120,6 @@ services: volumes: - ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot -# Conpot guardian_ast service - conpot_guardian_ast: - container_name: conpot_guardian_ast - restart: always - depends_on: - logstash: - condition: service_healthy - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json - - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log - - CONPOT_TEMPLATE=guardian_ast - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_guardian_ast - ports: - - "10001:10001" - image: ${TPOT_REPO}/conpot:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot - # Conpot ipmi conpot_ipmi: container_name: conpot_ipmi @@ -413,6 +368,30 @@ services: volumes: - ${TPOT_DATA_PATH}/mailoney/log:/opt/mailoney/logs +# Log4pot service + log4pot: + container_name: log4pot + restart: always + depends_on: + logstash: + condition: service_healthy + tmpfs: + - /tmp:uid=2000,gid=2000 + networks: + - log4pot_local + ports: + # - "80:8080" + # - "443:8080" + - "8080:8080" + # - "9200:8080" + - "25565:8080" + image: ${TPOT_REPO}/log4pot:${TPOT_VERSION} + pull_policy: ${TPOT_PULL_POLICY} + read_only: true + volumes: + - ${TPOT_DATA_PATH}/log4pot/log:/var/log/log4pot/log + - ${TPOT_DATA_PATH}/log4pot/payloads:/var/log/log4pot/payloads + # Medpot service medpot: container_name: medpot @@ -600,51 +579,6 @@ services: pull_policy: ${TPOT_PULL_POLICY} volumes: - ${TPOT_DATA_PATH}:/data - -## Map Redis Service - map_redis: - container_name: map_redis - restart: always - depends_on: - tpotinit: - condition: service_healthy - stop_signal: SIGKILL - tty: true - image: ${TPOT_REPO}/redis:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - -## Map Web Service - map_web: - container_name: map_web - restart: always - depends_on: - tpotinit: - condition: service_healthy - environment: - - MAP_COMMAND=AttackMapServer.py - stop_signal: SIGKILL - tty: true - ports: - - "127.0.0.1:64299:64299" - image: ${TPOT_REPO}/map:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - -## Map Data Service - map_data: - container_name: map_data - restart: always - depends_on: - logstash: - condition: service_healthy - environment: - - MAP_COMMAND=DataServer_v2.py - - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT} - - TZ=${TPOT_ATTACKMAP_TEXT_TIMEZONE} - stop_signal: SIGKILL - tty: true - image: ${TPOT_REPO}/map:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} #### /ELK # Ewsposter service @@ -670,33 +604,3 @@ services: volumes: - ${TPOT_DATA_PATH}:/data - ${TPOT_DATA_PATH}/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - environment: - - COCKPIT=${COCKPIT} - - TPOT_OSTYPE=${TPOT_OSTYPE} - depends_on: - tpotinit: - condition: service_healthy - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" - ports: - - "64297:64297" - - "127.0.0.1:64304:64304" - image: ${TPOT_REPO}/nginx:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/nginx/cert/:/etc/nginx/cert/:ro - - ${TPOT_DATA_PATH}/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - ${TPOT_DATA_PATH}/nginx/log/:/var/log/nginx/ \ No newline at end of file