diff --git a/docker/elk/docker-compose.yml b/docker/elk/docker-compose.yml index e6ad5b5c..75d7702c 100644 --- a/docker/elk/docker-compose.yml +++ b/docker/elk/docker-compose.yml @@ -64,8 +64,6 @@ services: restart: always stop_signal: SIGKILL tty: true - # networks: - # - map_local ports: - "127.0.0.1:6379:6379" image: "dtagdevsec/redis:2203" @@ -82,11 +80,9 @@ services: - /opt/tpot/etc/compose/elk_environment stop_signal: SIGKILL tty: true - # networks: - # - map_local ports: - "127.0.0.1:64299:64299" - image: "dtagdevsec/map_web:2203" + image: "dtagdevsec/map_server:2203" depends_on: - map_redis @@ -100,8 +96,6 @@ services: - /opt/tpot/etc/compose/elk_environment stop_signal: SIGKILL tty: true - # networks: - # - map_local - image: "dtagdevsec/map_web:2203" + image: "dtagdevsec/map_server:2203" depends_on: - map_redis diff --git a/docker/elk/map/Dockerfile b/docker/elk/map/Dockerfile index 49144efd..9eecba49 100644 --- a/docker/elk/map/Dockerfile +++ b/docker/elk/map/Dockerfile @@ -1,5 +1,8 @@ FROM alpine:3.15 # +# Include dist +#ADD dist/ /root/dist/ +# # Install packages RUN apk -U add \ build-base \ diff --git a/docker/elk/map/docker-compose.yml b/docker/elk/map/docker-compose.yml index c8be8bbb..ef2cbe31 100644 --- a/docker/elk/map/docker-compose.yml +++ b/docker/elk/map/docker-compose.yml @@ -11,8 +11,6 @@ services: restart: always stop_signal: SIGKILL tty: true - # networks: - # - map_local ports: - "127.0.0.1:6379:6379" image: "dtagdevsec/redis:2203" @@ -29,11 +27,9 @@ services: - /opt/tpot/etc/compose/elk_environment stop_signal: SIGKILL tty: true - # networks: - # - map_local ports: - "127.0.0.1:64299:64299" - image: "dtagdevsec/map_web:2203" + image: "dtagdevsec/map_server:2203" depends_on: - map_redis @@ -47,8 +43,6 @@ services: - /opt/tpot/etc/compose/elk_environment stop_signal: SIGKILL tty: true - # networks: - # - map_local - image: "dtagdevsec/map_web:2203" + image: "dtagdevsec/map_server:2203" depends_on: - map_redis diff --git a/docker/nginx/dist/conf/tpotweb.conf b/docker/nginx/dist/conf/tpotweb.conf index 861dd08c..22fafc4a 100644 --- a/docker/nginx/dist/conf/tpotweb.conf +++ b/docker/nginx/dist/conf/tpotweb.conf @@ -27,7 +27,7 @@ server { ############################################## ssl_certificate /etc/nginx/cert/nginx.crt; ssl_certificate_key /etc/nginx/cert/nginx.key; - + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE:!SHA:!SHA256'; ssl_ecdh_curve secp384r1; ssl_dhparam /etc/nginx/ssl/dhparam4096.pem; @@ -40,8 +40,8 @@ server { ### OWASP recommendations / settings #################################### - ### Size Limits & Buffer Overflows - ### the size may be configured based on the needs. + ### Size Limits & Buffer Overflows + ### the size may be configured based on the needs. client_body_buffer_size 128k; client_header_buffer_size 1k; client_max_body_size 2M; @@ -65,7 +65,7 @@ server { ### This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; - +# add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; ################################## ### Restrict access and basic auth @@ -118,19 +118,28 @@ server { rewrite /kibana/(.*)$ /$1 break; } - ### ES + ### ES location /es/ { proxy_pass http://127.0.0.1:64298/; rewrite /es/(.*)$ /$1 break; } ### Map - location /map/ { - proxy_pass http://127.0.0.1:64299/; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - } +# location /map/ { +# proxy_pass http://127.0.0.1:64299/; +# rewrite /map/(.*)$ /$1 break; +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "Upgrade"; +# proxy_set_header Host $host; +# } +# location /websocket { +# proxy_pass http://127.0.0.1:64299; +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "Upgrade"; +# proxy_set_header Host $host; +# } ### spiderfoot location /spiderfoot { @@ -144,7 +153,7 @@ server { location /scanviz { proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz; } - + location /scandelete { proxy_pass http://127.0.0.1:64303/spiderfoot/scandelete; } diff --git a/docker/nginx/dist/html/esvue/esvue.tgz b/docker/nginx/dist/html/esvue/esvue.tgz index 6f7ed808..9a364e8c 100644 Binary files a/docker/nginx/dist/html/esvue/esvue.tgz and b/docker/nginx/dist/html/esvue/esvue.tgz differ diff --git a/etc/compose/standard.yml b/etc/compose/standard.yml index 3985ebf3..4e86d6a0 100644 --- a/etc/compose/standard.yml +++ b/etc/compose/standard.yml @@ -511,6 +511,51 @@ services: volumes: - /data:/data +## Map Redis Service + map_redis: + container_name: map_redis + restart: always + stop_signal: SIGKILL + tty: true + ports: + - "127.0.0.1:6379:6379" + image: "dtagdevsec/redis:2203" + read_only: true + +## Map Web Service + map_web: + container_name: map_web + restart: always + environment: + - MAP_COMMAND=AttackMapServer.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + ports: + - "127.0.0.1:64299:64299" + image: "dtagdevsec/map_server:2203" + depends_on: + - map_redis + +## Map Data Service + map_data: + container_name: map_data + restart: always + depends_on: + elasticsearch: + condition: service_healthy + environment: + - MAP_COMMAND=DataServr_v2.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/map_server:2203" + depends_on: + - map_redise +#### /ELK + # Ewsposter service ewsposter: container_name: ewsposter