diff --git a/etc/compose/hive.yml b/etc/compose/hive.yml index a004becc..d37f486b 100644 --- a/etc/compose/hive.yml +++ b/etc/compose/hive.yml @@ -43,6 +43,7 @@ services: depends_on: elasticsearch: condition: service_healthy +# mem_limit: 1g ports: - "127.0.0.1:64296:5601" image: "dtagdevsec/kibana:2203" @@ -60,6 +61,7 @@ services: - /opt/tpot/etc/compose/elk_environment ports: - "127.0.0.1:64305:64305" +# mem_limit: 2g image: "dtagdevsec/logstash:2203" volumes: - /data:/data diff --git a/etc/compose/hive_sensor.yml b/etc/compose/hive_sensor.yml index aed3b9bd..5a49d7f9 100644 --- a/etc/compose/hive_sensor.yml +++ b/etc/compose/hive_sensor.yml @@ -1,25 +1,29 @@ -# T-Pot (Hive-Sensor) +# T-Pot (Hive_Sensor) # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) version: '2.3' networks: adbhoney_local: + ciscoasa_local: citrixhoneypot_local: conpot_local_IEC104: conpot_local_guardian_ast: conpot_local_ipmi: conpot_local_kamstrup_382: cowrie_local: - cyberchef_local: + ddospot_local: dicompot_local: dionaea_local: elasticpot_local: heralding_local: - logstash_local: + ipphoney_local: mailoney_local: medpot_local: + redishoneypot_local: tanner_local: ewsposter_local: + sentrypeer_local: + spiderfoot_local: services: @@ -175,6 +179,25 @@ services: - /data/cowrie/log:/home/cowrie/cowrie/log - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty +# Ddospot service + ddospot: + container_name: ddospot + restart: always + networks: + - ddospot_local + ports: + - "19:19/udp" + - "53:53/udp" + - "123:123/udp" +# - "161:161/udp" + - "1900:1900/udp" + image: "dtagdevsec/ddospot:2203" + read_only: true + volumes: + - /data/ddospot/log:/opt/ddospot/ddospot/logs + - /data/ddospot/bl:/opt/ddospot/ddospot/bl + - /data/ddospot/db:/opt/ddospot/ddospot/db + # Dicompot service # Get the Horos Client for testing: https://horosproject.org/ # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ @@ -288,6 +311,19 @@ services: - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - /data/honeytrap/log:/opt/honeytrap/var/log +# Ipphoney service + ipphoney: + container_name: ipphoney + restart: always + networks: + - ipphoney_local + ports: + - "631:631" + image: "dtagdevsec/ipphoney:2203" + read_only: true + volumes: + - /data/ipphoney/log:/opt/ipphoney/log + # Mailoney service mailoney: container_name: mailoney @@ -320,6 +356,32 @@ services: volumes: - /data/medpot/log/:/var/log/medpot +# Redishoneypot service + redishoneypot: + container_name: redishoneypot + restart: always + networks: + - redishoneypot_local + ports: + - "6379:6379" + image: "dtagdevsec/redishoneypot:2203" + read_only: true + volumes: + - /data/redishoneypot/log:/var/log/redishoneypot + +# SentryPeer service + sentrypeer: + container_name: sentrypeer + restart: always + networks: + - sentrypeer_local + ports: + - "5060:5060/udp" + image: "dtagdevsec/sentrypeer:2203" + read_only: true + volumes: + - /data/sentrypeer/log:/var/log/sentrypeer + #### Snare / Tanner ## Tanner Redis Service tanner_redis: @@ -375,6 +437,7 @@ services: - /data/tanner/files:/opt/tanner/files depends_on: - tanner_api +# - tanner_web - tanner_phpox ## Snare Service @@ -441,14 +504,15 @@ services: #### Tools ################## -# Logstash service +## Logstash service logstash: container_name: logstash restart: always - networks: - - logstash_local # environment: # - LS_JAVA_OPTS=-Xms2048m -Xmx2048m + depends_on: + elasticsearch: + condition: service_healthy env_file: - /opt/tpot/etc/compose/elk_environment mem_limit: 2g diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml index 87da8387..46618355 100644 --- a/etc/compose/industrial.yml +++ b/etc/compose/industrial.yml @@ -334,6 +334,45 @@ services: volumes: - /data:/data +## Map Redis Service + map_redis: + container_name: map_redis + restart: always + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/redis:2203" + read_only: true + +## Map Web Service + map_web: + container_name: map_web + restart: always + environment: + - MAP_COMMAND=AttackMapServer.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + ports: + - "127.0.0.1:64299:64299" + image: "dtagdevsec/map_server:2203" + +## Map Data Service + map_data: + container_name: map_data + restart: always + depends_on: + elasticsearch: + condition: service_healthy + environment: + - MAP_COMMAND=DataServer_v2.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/map_server:2203" +#### /ELK + # Ewsposter service ewsposter: container_name: ewsposter diff --git a/etc/compose/log4j.yml b/etc/compose/log4j.yml index 3860ba33..34f99575 100644 --- a/etc/compose/log4j.yml +++ b/etc/compose/log4j.yml @@ -153,6 +153,45 @@ services: volumes: - /data:/data +## Map Redis Service + map_redis: + container_name: map_redis + restart: always + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/redis:2203" + read_only: true + +## Map Web Service + map_web: + container_name: map_web + restart: always + environment: + - MAP_COMMAND=AttackMapServer.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + ports: + - "127.0.0.1:64299:64299" + image: "dtagdevsec/map_server:2203" + +## Map Data Service + map_data: + container_name: map_data + restart: always + depends_on: + elasticsearch: + condition: service_healthy + environment: + - MAP_COMMAND=DataServer_v2.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/map_server:2203" +#### /ELK + # Ewsposter service ewsposter: container_name: ewsposter diff --git a/etc/compose/medical.yml b/etc/compose/medical.yml index c4562969..7db4992e 100644 --- a/etc/compose/medical.yml +++ b/etc/compose/medical.yml @@ -147,6 +147,45 @@ services: volumes: - /data:/data +## Map Redis Service + map_redis: + container_name: map_redis + restart: always + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/redis:2203" + read_only: true + +## Map Web Service + map_web: + container_name: map_web + restart: always + environment: + - MAP_COMMAND=AttackMapServer.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + ports: + - "127.0.0.1:64299:64299" + image: "dtagdevsec/map_server:2203" + +## Map Data Service + map_data: + container_name: map_data + restart: always + depends_on: + elasticsearch: + condition: service_healthy + environment: + - MAP_COMMAND=DataServer_v2.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/map_server:2203" +#### /ELK + # Ewsposter service ewsposter: container_name: ewsposter diff --git a/etc/compose/mini.yml b/etc/compose/mini.yml index f07dcad7..f2912da4 100644 --- a/etc/compose/mini.yml +++ b/etc/compose/mini.yml @@ -13,7 +13,7 @@ services: #### Honeypots ################## -# Honeypots service +# qHoneypots service honeypots: container_name: honeypots stdin_open: true @@ -172,6 +172,45 @@ services: volumes: - /data:/data +## Map Redis Service + map_redis: + container_name: map_redis + restart: always + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/redis:2203" + read_only: true + +## Map Web Service + map_web: + container_name: map_web + restart: always + environment: + - MAP_COMMAND=AttackMapServer.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + ports: + - "127.0.0.1:64299:64299" + image: "dtagdevsec/map_server:2203" + +## Map Data Service + map_data: + container_name: map_data + restart: always + depends_on: + elasticsearch: + condition: service_healthy + environment: + - MAP_COMMAND=DataServer_v2.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/map_server:2203" +#### /ELK + # Ewsposter service ewsposter: container_name: ewsposter diff --git a/etc/compose/nextgen.yml b/etc/compose/nextgen.yml index 2e5ab152..e203e553 100644 --- a/etc/compose/nextgen.yml +++ b/etc/compose/nextgen.yml @@ -10,9 +10,9 @@ networks: conpot_local_guardian_ast: conpot_local_ipmi: conpot_local_kamstrup_382: + ddospot_local: dicompot_local: dionaea_local: - ddospot_local: elasticpot_local: endlessh_local: hellpot_local: diff --git a/etc/compose/sensor.yml b/etc/compose/sensor.yml index df773b87..74bf099c 100644 --- a/etc/compose/sensor.yml +++ b/etc/compose/sensor.yml @@ -4,21 +4,26 @@ version: '2.3' networks: adbhoney_local: + ciscoasa_local: citrixhoneypot_local: conpot_local_IEC104: conpot_local_guardian_ast: conpot_local_ipmi: conpot_local_kamstrup_382: cowrie_local: - cyberchef_local: + ddospot_local: dicompot_local: dionaea_local: elasticpot_local: heralding_local: + ipphoney_local: mailoney_local: medpot_local: + redishoneypot_local: tanner_local: ewsposter_local: + sentrypeer_local: + spiderfoot_local: services: @@ -174,6 +179,25 @@ services: - /data/cowrie/log:/home/cowrie/cowrie/log - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty +# Ddospot service + ddospot: + container_name: ddospot + restart: always + networks: + - ddospot_local + ports: + - "19:19/udp" + - "53:53/udp" + - "123:123/udp" +# - "161:161/udp" + - "1900:1900/udp" + image: "dtagdevsec/ddospot:2203" + read_only: true + volumes: + - /data/ddospot/log:/opt/ddospot/ddospot/logs + - /data/ddospot/bl:/opt/ddospot/ddospot/bl + - /data/ddospot/db:/opt/ddospot/ddospot/db + # Dicompot service # Get the Horos Client for testing: https://horosproject.org/ # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ @@ -287,6 +311,19 @@ services: - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - /data/honeytrap/log:/opt/honeytrap/var/log +# Ipphoney service + ipphoney: + container_name: ipphoney + restart: always + networks: + - ipphoney_local + ports: + - "631:631" + image: "dtagdevsec/ipphoney:2203" + read_only: true + volumes: + - /data/ipphoney/log:/opt/ipphoney/log + # Mailoney service mailoney: container_name: mailoney @@ -319,6 +356,32 @@ services: volumes: - /data/medpot/log/:/var/log/medpot +# Redishoneypot service + redishoneypot: + container_name: redishoneypot + restart: always + networks: + - redishoneypot_local + ports: + - "6379:6379" + image: "dtagdevsec/redishoneypot:2203" + read_only: true + volumes: + - /data/redishoneypot/log:/var/log/redishoneypot + +# SentryPeer service + sentrypeer: + container_name: sentrypeer + restart: always + networks: + - sentrypeer_local + ports: + - "5060:5060/udp" + image: "dtagdevsec/sentrypeer:2203" + read_only: true + volumes: + - /data/sentrypeer/log:/var/log/sentrypeer + #### Snare / Tanner ## Tanner Redis Service tanner_redis: @@ -374,6 +437,7 @@ services: - /data/tanner/files:/opt/tanner/files depends_on: - tanner_api +# - tanner_web - tanner_phpox ## Snare Service diff --git a/etc/compose/standard.yml b/etc/compose/standard.yml index 6466ddc0..433f11c7 100644 --- a/etc/compose/standard.yml +++ b/etc/compose/standard.yml @@ -4,6 +4,7 @@ version: '2.3' networks: adbhoney_local: + ciscoasa_local: citrixhoneypot_local: conpot_local_IEC104: conpot_local_guardian_ast: @@ -15,8 +16,10 @@ networks: dionaea_local: elasticpot_local: heralding_local: + ipphoney_local: mailoney_local: medpot_local: + redishoneypot_local: tanner_local: ewsposter_local: sentrypeer_local: @@ -308,6 +311,19 @@ services: - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - /data/honeytrap/log:/opt/honeytrap/var/log +# Ipphoney service + ipphoney: + container_name: ipphoney + restart: always + networks: + - ipphoney_local + ports: + - "631:631" + image: "dtagdevsec/ipphoney:2203" + read_only: true + volumes: + - /data/ipphoney/log:/opt/ipphoney/log + # Mailoney service mailoney: container_name: mailoney @@ -340,6 +356,19 @@ services: volumes: - /data/medpot/log/:/var/log/medpot +# Redishoneypot service + redishoneypot: + container_name: redishoneypot + restart: always + networks: + - redishoneypot_local + ports: + - "6379:6379" + image: "dtagdevsec/redishoneypot:2203" + read_only: true + volumes: + - /data/redishoneypot/log:/var/log/redishoneypot + # SentryPeer service sentrypeer: container_name: sentrypeer @@ -391,23 +420,6 @@ services: depends_on: - tanner_redis -## Tanner WEB Service -# tanner_web: -# container_name: tanner_web -# restart: always -# tmpfs: -# - /tmp/tanner:uid=2000,gid=2000 -# tty: true -# networks: -# - tanner_local -# image: "dtagdevsec/tanner:2203" -# command: tannerweb -# read_only: true -# volumes: -# - /data/tanner/log:/var/log/tanner -# depends_on: -# - tanner_redis - ## Tanner Service tanner: container_name: tanner diff --git a/etc/compose/tarpit.yml b/etc/compose/tarpit.yml new file mode 100644 index 00000000..9666ff6b --- /dev/null +++ b/etc/compose/tarpit.yml @@ -0,0 +1,287 @@ +# T-Pot (Tarpit) +# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) +version: '2.3' + +networks: + endlessh_local: + hellpot_local: + heralding_local: + ewsposter_local: + spiderfoot_local: + +services: + +################## +#### Honeypots +################## + +# Endlessh service + endlessh: + container_name: endlessh + restart: always + networks: + - endlessh_local + ports: + - "22:2222" + image: "dtagdevsec/endlessh:2203" + read_only: true + volumes: + - /data/endlessh/log:/var/log/endlessh + +# Heralding service + heralding: + container_name: heralding + restart: always + tmpfs: + - /tmp/heralding:uid=2000,gid=2000 + networks: + - heralding_local + ports: + # - "21:21" + # - "22:22" + # - "23:23" + # - "25:25" + # - "80:80" + - "110:110" + - "143:143" + # - "443:443" + - "465:465" + - "993:993" + - "995:995" + # - "3306:3306" + # - "3389:3389" + - "1080:1080" + - "5432:5432" + - "5900:5900" + image: "dtagdevsec/heralding:2203" + read_only: true + volumes: + - /data/heralding/log:/var/log/heralding + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + tmpfs: + - /tmp/honeytrap:uid=2000,gid=2000 + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:2203" + read_only: true + volumes: + - /data/honeytrap/attacks:/opt/honeytrap/var/attacks + - /data/honeytrap/downloads:/opt/honeytrap/var/downloads + - /data/honeytrap/log:/opt/honeytrap/var/log + +# Hellpot service + hellpot: + container_name: hellpot + restart: always + networks: + - hellpot_local + ports: + - "80:8080" + image: "dtagdevsec/hellpot:2203" + read_only: true + volumes: + - /data/hellpot/log:/var/log/hellpot + +################## +#### NSM +################## + +# Fatt service + fatt: + container_name: fatt + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/fatt:2203" + volumes: + - /data/fatt/log:/opt/fatt/log + +# P0f service + p0f: + container_name: p0f + restart: always + network_mode: "host" + image: "dtagdevsec/p0f:2203" + read_only: true + volumes: + - /data/p0f/log:/var/log/p0f + +# Suricata service + suricata: + container_name: suricata + restart: always + environment: + # For ET Pro ruleset replace "OPEN" with your OINKCODE + - OINKCODE=OPEN + # Loading externel Rules from URL + # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/suricata:2203" + volumes: + - /data/suricata/log:/var/log/suricata + + +################## +#### Tools +################## + +#### ELK +## Elasticsearch service + elasticsearch: + container_name: elasticsearch + restart: always + environment: + - bootstrap.memory_lock=true + - ES_JAVA_OPTS=-Xms2048m -Xmx2048m + - ES_TMPDIR=/tmp + cap_add: + - IPC_LOCK + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + mem_limit: 4g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:2203" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + elasticsearch: + condition: service_healthy + mem_limit: 1g + ports: + - "127.0.0.1:64296:5601" + image: "dtagdevsec/kibana:2203" + +## Logstash service + logstash: + container_name: logstash + restart: always +# environment: +# - LS_JAVA_OPTS=-Xms2048m -Xmx2048m + depends_on: + elasticsearch: + condition: service_healthy + env_file: + - /opt/tpot/etc/compose/elk_environment + mem_limit: 2g + image: "dtagdevsec/logstash:2203" + volumes: + - /data:/data + +## Map Redis Service + map_redis: + container_name: map_redis + restart: always + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/redis:2203" + read_only: true + +## Map Web Service + map_web: + container_name: map_web + restart: always + environment: + - MAP_COMMAND=AttackMapServer.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + ports: + - "127.0.0.1:64299:64299" + image: "dtagdevsec/map_server:2203" + +## Map Data Service + map_data: + container_name: map_data + restart: always + depends_on: + elasticsearch: + condition: service_healthy + environment: + - MAP_COMMAND=DataServer_v2.py + env_file: + - /opt/tpot/etc/compose/elk_environment + stop_signal: SIGKILL + tty: true + image: "dtagdevsec/map_server:2203" +#### /ELK + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + environment: + - EWS_HPFEEDS_ENABLE=false + - EWS_HPFEEDS_HOST=host + - EWS_HPFEEDS_PORT=port + - EWS_HPFEEDS_CHANNELS=channels + - EWS_HPFEEDS_IDENT=user + - EWS_HPFEEDS_SECRET=secret + - EWS_HPFEEDS_TLSCERT=false + - EWS_HPFEEDS_FORMAT=json + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/ewsposter:2203" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Nginx service + nginx: + container_name: nginx + restart: always + tmpfs: + - /var/tmp/nginx/client_body + - /var/tmp/nginx/proxy + - /var/tmp/nginx/fastcgi + - /var/tmp/nginx/uwsgi + - /var/tmp/nginx/scgi + - /run + - /var/lib/nginx/tmp:uid=100,gid=82 + network_mode: "host" + ports: + - "64297:64297" + - "127.0.0.1:64304:64304" + image: "dtagdevsec/nginx:2203" + read_only: true + volumes: + - /data/nginx/cert/:/etc/nginx/cert/:ro + - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro + - /data/nginx/log/:/var/log/nginx/ + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + networks: + - spiderfoot_local + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:2203" + volumes: + - /data/spiderfoot:/home/spiderfoot/.spiderfoot diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 31b4ddc9..cbce86aa 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -519,14 +519,15 @@ fi if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; then myCONF_TPOT_FLAVOR=$(dialog --keep-window --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose Your T-Pot Edition ]" --menu \ - "\nRequired: 8GB RAM, 128GB SSD\nRecommended: 8GB RAM, 256GB SSD" 15 70 7 \ - "STANDARD" "Honeypots, ELK, NSM & Tools" \ + "\nRequired: 8-16GB RAM, 128GB SSD\nRecommended: 16GB RAM, 256GB SSD" 17 70 1 \ + "STANDARD" "T-Pot Standalone with everything you need" \ + "HIVE" "T-Pot Hive: ELK & Tools" \ + "HIVE_SENSOR" "T-Pot Hive Sensor: Honeypots & NSM" \ + "INDUSTRIAL" "Same as Standard with focus on Conpot" \ "LOG4J" "Log4Pot, ELK, NSM & Tools" \ - "SENSOR" "Just Honeypots, EWS Poster & NSM" \ - "INDUSTRIAL" "Conpot, RDPY, Vnclowpot, ELK, NSM & Tools" \ - "COLLECTOR" "Heralding, ELK, NSM & Tools" \ - "NEXTGEN" "NextGen (Glutton, HoneyPy)" \ - "MEDICAL" "Dicompot, Medpot, ELK, NSM & Tools" 3>&1 1>&2 2>&3 3>&-) + "MEDICAL" "Dicompot, Medpot, ELK, NSM & Tools" \ + "MINI" "Same as Standard with focus on qHoneypots" \ + "SENSOR" "Just Honeypots & NSM" 3>&1 1>&2 2>&3 3>&-) fi # Let's ask for a secure tsec password if installation type is iso