medpot tweaking

2025-07-01 20:42:11 +00:00 · 2018-09-11 07:59:14 +00:00 · 2018-09-11 07:59:14 +00:00 · 992d453b9a
commit 992d453b9a
parent f0f6981f34
7 changed files with 9 additions and 15 deletions
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -309,14 +309,9 @@ filter {
        "dest_port" => "2575"
        "dest_ip" => "${MY_EXTIP}"
      }
-      rename => {
-        "port" => "src_port"
-        "ip" => "src_ip"
-      }
    }
    date {
-      match => [ "time", "yyyy.MM.dd HH:mm:ss" ]
-      remove_field => ["time"]
+      match => [ "timestamp", "ISO8601" ]
    }
  }

--- a/docker/medpot/Dockerfile
+++ b/docker/medpot/Dockerfile
@ -11,7 +11,7 @@ RUN apk -U --no-cache add \
    export GOPATH=/opt/go/ && \
    mkdir -p /opt/go/src && \
    cd /opt/go/src && \
-    git clone https://github.com/schmalle/medpot.git && \
+    git clone https://github.com/schmalle/medpot && \
    go get -d -v github.com/davecgh/go-spew/spew && \
    go get -d -v github.com/go-ini/ini && \
    go get -d -v github.com/mozillazg/request && \
@ -21,15 +21,14 @@ RUN apk -U --no-cache add \

 # Setup medpot
    mkdir -p /opt/medpot \
-             /var/log/ && \
-    touch /var/log/medpot.log && \
+             /var/log/medpot && \
    cp medpot /opt/medpot && \
    cp /opt/go/src/medpot/template/*.xml /opt/medpot/ && \

 # Setup user, groups and configs
    addgroup -g 2000 medpot && \
    adduser -S -s /bin/ash -u 2000 -D -g 2000 medpot && \
-    chown -R medpot:medpot /var/log/medpot.log && \ 
+    chown -R medpot:medpot /var/log/medpot && \

 # Clean up
    apk del --purge build-base \
--- a/docker/medpot/docker-compose.yml
+++ b/docker/medpot/docker-compose.yml
@ -17,4 +17,4 @@ services:
    image: "dtagdevsec/medpot:1804"
    read_only: true
    volumes:
-     - /data/medpot/log/:/var/log/
+     - /data/medpot/log/:/var/log/medpot
--- a/etc/compose/experimental.yml
+++ b/etc/compose/experimental.yml
@ -276,7 +276,7 @@ services:
    image: "dtagdevsec/medpot:1804"
    read_only: true
    volumes:
-     - /data/medpot/log/:/var/log/
+     - /data/medpot/log/:/var/log/medpot

 # Rdpy service
  rdpy:
--- a/etc/compose/industrial.yml
+++ b/etc/compose/industrial.yml
@ -190,7 +190,7 @@ services:
    image: "dtagdevsec/medpot:1804"
    read_only: true
    volumes:
-     - /data/medpot/log/:/var/log/
+     - /data/medpot/log/:/var/log/medpot

 # Rdpy service
  rdpy:
--- a/etc/compose/sensor.yml
+++ b/etc/compose/sensor.yml
@ -274,7 +274,7 @@ services:
    image: "dtagdevsec/medpot:1804"
    read_only: true
    volumes:
-     - /data/medpot/log/:/var/log/
+     - /data/medpot/log/:/var/log/medpot

 # Rdpy service
  rdpy:
--- a/etc/compose/standard.yml
+++ b/etc/compose/standard.yml
@ -275,7 +275,7 @@ services:
    image: "dtagdevsec/medpot:1804"
    read_only: true
    volumes:
-     - /data/medpot/log/:/var/log/
+     - /data/medpot/log/:/var/log/medpot

 # Rdpy service
  rdpy: