From 886a7f159e1921d3f657f35e361358277f7574ca Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Fri, 11 Mar 2022 18:02:20 +0000 Subject: [PATCH] add /modify cpu healtchecks for adbhoney, conpot, dionaea --- docker/adbhoney/Dockerfile | 2 +- docker/conpot/Dockerfile | 3 +++ docker/conpot/docker-compose.yml | 20 ++++++++++---------- docker/dionaea/Dockerfile | 3 +++ docker/dionaea/docker-compose.yml | 10 +++++----- etc/compose/hive_sensor.yml | 6 +++--- etc/compose/nextgen.yml | 6 +++--- etc/compose/sensor.yml | 6 +++--- etc/compose/standard.yml | 2 +- 9 files changed, 32 insertions(+), 26 deletions(-) diff --git a/docker/adbhoney/Dockerfile b/docker/adbhoney/Dockerfile index f588938b..75190b1d 100644 --- a/docker/adbhoney/Dockerfile +++ b/docker/adbhoney/Dockerfile @@ -30,7 +30,7 @@ RUN apk --no-cache -U add \ # Set workdir and start adbhoney STOPSIGNAL SIGINT # Adbhoney sometimes hangs at 100% CPU usage, if detected process will be killed and container restarts per docker-compose settings -HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 99 ]; then kill -2 1; else exit 0; fi +HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 90 ]; then kill -2 1; else exit 0; fi USER adbhoney:adbhoney WORKDIR /opt/adbhoney/ CMD /usr/bin/python3 run.py diff --git a/docker/conpot/Dockerfile b/docker/conpot/Dockerfile index a6f4af0c..c52f8cc7 100644 --- a/docker/conpot/Dockerfile +++ b/docker/conpot/Dockerfile @@ -17,6 +17,7 @@ RUN apk --no-cache -U add \ libxslt-dev \ mariadb-dev \ pkgconfig \ + procps \ python3 \ python3-dev \ py3-pip \ @@ -73,5 +74,7 @@ RUN apk --no-cache -U add \ # # Start conpot STOPSIGNAL SIGINT +# Conpot sometimes hangs at 100% CPU usage, if detected process will be killed and container restarts per docker-compose settings +HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 90 ]; then kill -2 1; else exit 0; fi USER conpot:conpot CMD exec /usr/bin/conpot --mibcache $CONPOT_TMP --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG diff --git a/docker/conpot/docker-compose.yml b/docker/conpot/docker-compose.yml index d4ecb615..0ed45d30 100644 --- a/docker/conpot/docker-compose.yml +++ b/docker/conpot/docker-compose.yml @@ -23,8 +23,8 @@ services: - CONPOT_TMP=/tmp/conpot tmpfs: - /tmp/conpot:uid=2000,gid=2000 - cpu_count: 1 - cpus: 0.25 +# cpu_count: 1 +# cpus: 0.25 networks: - conpot_local_default ports: @@ -54,8 +54,8 @@ services: - CONPOT_TMP=/tmp/conpot tmpfs: - /tmp/conpot:uid=2000,gid=2000 - cpu_count: 1 - cpus: 0.25 +# cpu_count: 1 +# cpus: 0.25 networks: - conpot_local_IEC104 ports: @@ -78,8 +78,8 @@ services: - CONPOT_TMP=/tmp/conpot tmpfs: - /tmp/conpot:uid=2000,gid=2000 - cpu_count: 1 - cpus: 0.25 +# cpu_count: 1 +# cpus: 0.25 networks: - conpot_local_guardian_ast ports: @@ -101,8 +101,8 @@ services: - CONPOT_TMP=/tmp/conpot tmpfs: - /tmp/conpot:uid=2000,gid=2000 - cpu_count: 1 - cpus: 0.25 +# cpu_count: 1 +# cpus: 0.25 networks: - conpot_local_ipmi ports: @@ -124,8 +124,8 @@ services: - CONPOT_TMP=/tmp/conpot tmpfs: - /tmp/conpot:uid=2000,gid=2000 - cpu_count: 1 - cpus: 0.25 +# cpu_count: 1 +# cpus: 0.25 networks: - conpot_local_kamstrup_382 ports: diff --git a/docker/dionaea/Dockerfile b/docker/dionaea/Dockerfile index 3d8a0f3c..f5edbc7f 100644 --- a/docker/dionaea/Dockerfile +++ b/docker/dionaea/Dockerfile @@ -110,5 +110,8 @@ RUN ARCH=$(arch) && \ rm -rf /root/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /opt/dionaea/.git # # Start dionaea +STOPSIGNAL SIGINT +# Dionaea sometimes hangs at 100% CPU usage, if detected process will be killed and container restarts per docker-compose settings +HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 90 ]; then kill -2 1; else exit 0; fi USER dionaea:dionaea CMD ["/opt/dionaea/bin/dionaea", "-u", "dionaea", "-g", "dionaea", "-c", "/opt/dionaea/etc/dionaea/dionaea.cfg"] diff --git a/docker/dionaea/docker-compose.yml b/docker/dionaea/docker-compose.yml index 2f9a3142..0035e2bd 100644 --- a/docker/dionaea/docker-compose.yml +++ b/docker/dionaea/docker-compose.yml @@ -12,8 +12,8 @@ services: stdin_open: true tty: true restart: always - cpu_count: 1 - cpus: 0.25 +# cpu_count: 1 +# cpus: 0.25 networks: - dionaea_local ports: @@ -29,9 +29,9 @@ services: - "1723:1723" - "1883:1883" - "3306:3306" - - "5060:5060" - - "5060:5060/udp" - - "5061:5061" +# - "5060:5060" +# - "5060:5060/udp" +# - "5061:5061" - "27017:27017" image: "dtagdevsec/dionaea:2203" read_only: true diff --git a/etc/compose/hive_sensor.yml b/etc/compose/hive_sensor.yml index 79e5ac20..aed3b9bd 100644 --- a/etc/compose/hive_sensor.yml +++ b/etc/compose/hive_sensor.yml @@ -213,9 +213,9 @@ services: - "1723:1723" - "1883:1883" - "3306:3306" - - "5060:5060" - - "5060:5060/udp" - - "5061:5061" + # - "5060:5060" + # - "5060:5060/udp" + # - "5061:5061" - "27017:27017" image: "dtagdevsec/dionaea:2203" read_only: true diff --git a/etc/compose/nextgen.yml b/etc/compose/nextgen.yml index 908805f1..2e5ab152 100644 --- a/etc/compose/nextgen.yml +++ b/etc/compose/nextgen.yml @@ -216,9 +216,9 @@ services: - "1723:1723" - "1883:1883" - "3306:3306" - - "5060:5060" - - "5060:5060/udp" - - "5061:5061" + # - "5060:5060" + # - "5060:5060/udp" + # - "5061:5061" - "27017:27017" image: "dtagdevsec/dionaea:2203" read_only: true diff --git a/etc/compose/sensor.yml b/etc/compose/sensor.yml index 44a16d60..df773b87 100644 --- a/etc/compose/sensor.yml +++ b/etc/compose/sensor.yml @@ -212,9 +212,9 @@ services: - "1723:1723" - "1883:1883" - "3306:3306" - - "5060:5060" - - "5060:5060/udp" - - "5061:5061" + # - "5060:5060" + # - "5060:5060/udp" + # - "5061:5061" - "27017:27017" image: "dtagdevsec/dionaea:2203" read_only: true diff --git a/etc/compose/standard.yml b/etc/compose/standard.yml index 138e01a4..6466ddc0 100644 --- a/etc/compose/standard.yml +++ b/etc/compose/standard.yml @@ -235,7 +235,7 @@ services: - "3306:3306" # - "5060:5060" # - "5060:5060/udp" - - "5061:5061" + # - "5061:5061" - "27017:27017" image: "dtagdevsec/dionaea:2203" read_only: true