add /modify cpu healtchecks for adbhoney, conpot, dionaea

2025-07-01 04:22:11 +00:00 · 2022-03-11 18:02:20 +00:00 · 2022-03-11 18:02:20 +00:00 · 886a7f159e
commit 886a7f159e
parent 068f4bb67e
9 changed files with 32 additions and 26 deletions
--- a/docker/adbhoney/Dockerfile
+++ b/docker/adbhoney/Dockerfile
@ -30,7 +30,7 @@ RUN apk --no-cache -U add \
 # Set workdir and start adbhoney
 STOPSIGNAL SIGINT
 # Adbhoney sometimes hangs at 100% CPU usage, if detected process will be killed and container restarts per docker-compose settings
-HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 99 ]; then kill -2 1; else exit 0; fi
+HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 90 ]; then kill -2 1; else exit 0; fi
 USER adbhoney:adbhoney
 WORKDIR /opt/adbhoney/
 CMD /usr/bin/python3 run.py
--- a/docker/conpot/Dockerfile
+++ b/docker/conpot/Dockerfile
@ -17,6 +17,7 @@ RUN apk --no-cache -U add \
             libxslt-dev \
             mariadb-dev \
             pkgconfig \
+	     procps \
             python3 \
             python3-dev \
 	     py3-pip \
@ -73,5 +74,7 @@ RUN apk --no-cache -U add \
 #
 # Start conpot
 STOPSIGNAL SIGINT
+# Conpot sometimes hangs at 100% CPU usage, if detected process will be killed and container restarts per docker-compose settings
+HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 90 ]; then kill -2 1; else exit 0; fi
 USER conpot:conpot
 CMD exec /usr/bin/conpot --mibcache $CONPOT_TMP --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
--- a/docker/conpot/docker-compose.yml
+++ b/docker/conpot/docker-compose.yml
@ -23,8 +23,8 @@ services:
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
-    cpu_count: 1
-    cpus: 0.25    
+#    cpu_count: 1
+#    cpus: 0.25    
    networks:
     - conpot_local_default
    ports:
@ -54,8 +54,8 @@ services:
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
-    cpu_count: 1
-    cpus: 0.25
+#    cpu_count: 1
+#    cpus: 0.25
    networks:
     - conpot_local_IEC104
    ports:
@ -78,8 +78,8 @@ services:
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
-    cpu_count: 1
-    cpus: 0.25
+#    cpu_count: 1
+#    cpus: 0.25
    networks:
     - conpot_local_guardian_ast
    ports:
@ -101,8 +101,8 @@ services:
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
-    cpu_count: 1
-    cpus: 0.25
+#    cpu_count: 1
+#    cpus: 0.25
    networks:
     - conpot_local_ipmi
    ports:
@ -124,8 +124,8 @@ services:
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
-    cpu_count: 1
-    cpus: 0.25
+#    cpu_count: 1
+#    cpus: 0.25
    networks:
     - conpot_local_kamstrup_382
    ports:
--- a/docker/dionaea/Dockerfile
+++ b/docker/dionaea/Dockerfile
@ -110,5 +110,8 @@ RUN ARCH=$(arch) && \
    rm -rf /root/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /opt/dionaea/.git
 #
 # Start dionaea
+STOPSIGNAL SIGINT
+# Dionaea sometimes hangs at 100% CPU usage, if detected process will be killed and container restarts per docker-compose settings
+HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 90 ]; then kill -2 1; else exit 0; fi
 USER dionaea:dionaea
 CMD ["/opt/dionaea/bin/dionaea", "-u", "dionaea", "-g", "dionaea", "-c", "/opt/dionaea/etc/dionaea/dionaea.cfg"]
--- a/docker/dionaea/docker-compose.yml
+++ b/docker/dionaea/docker-compose.yml
@ -12,8 +12,8 @@ services:
    stdin_open: true
    tty: true
    restart: always
-    cpu_count: 1
-    cpus: 0.25
+#    cpu_count: 1
+#    cpus: 0.25
    networks:
     - dionaea_local
    ports:
@ -29,9 +29,9 @@ services:
     - "1723:1723"
     - "1883:1883"
     - "3306:3306"
-     - "5060:5060"
-     - "5060:5060/udp"
-     - "5061:5061"
+#     - "5060:5060"
+#     - "5060:5060/udp"
+#     - "5061:5061"
     - "27017:27017"
    image: "dtagdevsec/dionaea:2203"
    read_only: true
--- a/etc/compose/hive_sensor.yml
+++ b/etc/compose/hive_sensor.yml
@ -213,9 +213,9 @@ services:
     - "1723:1723"
     - "1883:1883"
     - "3306:3306"
-     - "5060:5060"
-     - "5060:5060/udp"
-     - "5061:5061"
+     # - "5060:5060"
+     # - "5060:5060/udp"
+     # - "5061:5061"
     - "27017:27017"
    image: "dtagdevsec/dionaea:2203"
    read_only: true
--- a/etc/compose/nextgen.yml
+++ b/etc/compose/nextgen.yml
@ -216,9 +216,9 @@ services:
     - "1723:1723"
     - "1883:1883"
     - "3306:3306"
-     - "5060:5060"
-     - "5060:5060/udp"
-     - "5061:5061"
+     # - "5060:5060"
+     # - "5060:5060/udp"
+     # - "5061:5061"
     - "27017:27017"
    image: "dtagdevsec/dionaea:2203"
    read_only: true
--- a/etc/compose/sensor.yml
+++ b/etc/compose/sensor.yml
@ -212,9 +212,9 @@ services:
     - "1723:1723"
     - "1883:1883"
     - "3306:3306"
-     - "5060:5060"
-     - "5060:5060/udp"
-     - "5061:5061"
+     # - "5060:5060"
+     # - "5060:5060/udp"
+     # - "5061:5061"
     - "27017:27017"
    image: "dtagdevsec/dionaea:2203"
    read_only: true
--- a/etc/compose/standard.yml
+++ b/etc/compose/standard.yml
@ -235,7 +235,7 @@ services:
     - "3306:3306"
     # - "5060:5060"
     # - "5060:5060/udp"
-     - "5061:5061"
+     # - "5061:5061"
     - "27017:27017"
    image: "dtagdevsec/dionaea:2203"
    read_only: true