diff --git a/docker/adbhoney/docker-compose.yml b/docker/adbhoney/docker-compose.yml index 87cb0228..5dbd6569 100644 --- a/docker/adbhoney/docker-compose.yml +++ b/docker/adbhoney/docker-compose.yml @@ -14,7 +14,7 @@ services: - adbhoney_local ports: - "5555:5555" - image: "dtagdevsec/adbhoney:24.04" + image: "dtagdevsec/adbhoney:24.04.1" read_only: true volumes: - $HOME/tpotce/data/adbhoney/log:/opt/adbhoney/log diff --git a/docker/ciscoasa/docker-compose.yml b/docker/ciscoasa/docker-compose.yml index 37397a76..21a2fcd3 100644 --- a/docker/ciscoasa/docker-compose.yml +++ b/docker/ciscoasa/docker-compose.yml @@ -17,7 +17,7 @@ services: ports: - "5000:5000/udp" - "8443:8443" - image: "dtagdevsec/ciscoasa:24.04" + image: "dtagdevsec/ciscoasa:24.04.1" read_only: true volumes: - $HOME/tpotce/data/ciscoasa/log:/var/log/ciscoasa diff --git a/docker/citrixhoneypot/docker-compose.yml b/docker/citrixhoneypot/docker-compose.yml index 490fbb06..d63510a2 100644 --- a/docker/citrixhoneypot/docker-compose.yml +++ b/docker/citrixhoneypot/docker-compose.yml @@ -14,7 +14,7 @@ services: - citrixhoneypot_local ports: - "443:443" - image: "dtagdevsec/citrixhoneypot:24.04" + image: "dtagdevsec/citrixhoneypot:24.04.1" read_only: true volumes: - $HOME/tpotce/data/citrixhoneypot/log:/opt/citrixhoneypot/logs diff --git a/docker/conpot/Dockerfile b/docker/conpot/Dockerfile index 0369391a..b46dabe8 100644 --- a/docker/conpot/Dockerfile +++ b/docker/conpot/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.23 # # Include dist COPY dist/ /root/dist/ @@ -44,14 +44,10 @@ RUN apk --no-cache -U upgrade && \ wget && \ # # Setup ConPot - git clone https://github.com/t3chn0m4g3/cpppo /opt/cpppo && \ - cd /opt/cpppo && \ - git checkout 350d5187a941e7359c53087dcb1f0e41ece5682c && \ - pip3 install --break-system-packages --no-cache-dir --upgrade pip && \ - pip3 install --break-system-packages --no-cache-dir . && \ - git clone https://github.com/mushorg/conpot /opt/conpot && \ + # git clone https://github.com/mushorg/conpot /opt/conpot && \ + git clone https://github.com/t3chn0m4g3/conpot /opt/conpot && \ cd /opt/conpot/ && \ - git checkout 26c67d11b08a855a28e87abd186d959741f46c7f && \ + # git checkout 79399adaf608c33103d076bc9a3a3c2d2172dd1a && \ # Change template default ports if <1024 sed -i 's/port="2121"/port="21"/' /opt/conpot/conpot/templates/default/ftp/ftp.xml && \ sed -i 's/port="8800"/port="80"/' /opt/conpot/conpot/templates/default/http/http.xml && \ @@ -62,7 +58,6 @@ RUN apk --no-cache -U upgrade && \ sed -i 's/port="6969"/port="69"/' /opt/conpot/conpot/templates/default/tftp/tftp.xml && \ sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/IEC104/snmp/snmp.xml && \ sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/ipmi/ipmi/ipmi.xml && \ - patch -p1 < /root/dist/patches/ipmi-json-events.patch && \ cp /root/dist/requirements.txt . && \ pip3 install --break-system-packages --no-cache-dir . && \ cd / && \ @@ -71,7 +66,7 @@ RUN apk --no-cache -U upgrade && \ # # Get wireshark manuf db for scapy, setup configs, user, groups mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \ - wget https://www.wireshark.org/download/automated/data/manuf -o /usr/share/wireshark/manuf && \ + wget https://www.wireshark.org/download/automated/data/manuf -O /usr/share/wireshark/manuf && \ cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \ cp -R /root/dist/templates /usr/lib/$(readlink -f $(type -P python3) | cut -f4 -d"/")/site-packages/conpot/ && \ cp /root/dist/cpu_check.py / && \ @@ -102,4 +97,4 @@ STOPSIGNAL SIGINT # Conpot sometimes hangs at 100% CPU usage, if detected container will become unhealthy and restarted by tpotinit HEALTHCHECK --interval=5m --timeout=30s --retries=3 CMD python3 /cpu_check.py $(pgrep -of conpot) 99 USER conpot:conpot -CMD exec /usr/bin/conpot --mibcache $CONPOT_TMP --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG +CMD ["/bin/sh", "-c", "exec /usr/bin/conpot --mibcache \"$CONPOT_TMP\" --temp_dir \"$CONPOT_TMP\" --template \"$CONPOT_TEMPLATE\" --logfile \"$CONPOT_LOG\" --config \"$CONPOT_CONFIG\""] diff --git a/docker/conpot/dist/conpot.cfg b/docker/conpot/dist/conpot.cfg index 90633fa6..915ba373 100644 --- a/docker/conpot/dist/conpot.cfg +++ b/docker/conpot/dist/conpot.cfg @@ -3,7 +3,7 @@ sensorid = conpot [virtual_file_system] data_fs_url = %(CONPOT_TMP)s -fs_url = tar:///usr/lib/python3.11/site-packages/conpot/data.tar +fs_url = tar:///usr/lib/python3.12/site-packages/conpot/data.tar [session] timeout = 30 diff --git a/docker/conpot/dist/patches/ipmi-json-events.patch b/docker/conpot/dist/patches/ipmi-json-events.patch deleted file mode 100644 index bf2b1522..00000000 --- a/docker/conpot/dist/patches/ipmi-json-events.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- a/conpot/protocols/ipmi/ipmi_server.py -+++ b/conpot/protocols/ipmi/ipmi_server.py -@@ -92,11 +92,25 @@ - csum &= 0xFF - return csum - -+ def _add_event(self, address, event_data): -+ session = conpot_core.get_session( -+ "ipmi", -+ address[0], -+ address[1], -+ self.sock.getsockname()[0], -+ self.port, -+ ) -+ session.add_event(event_data) -+ - def handle(self, data, address): - # make sure self.session exists - if not address[0] in self.sessions.keys() or not hasattr(self, "session"): - # new session for new source - logger.info("New IPMI traffic from %s", address) -+ self._add_event( -+ address, -+ {"type": "NEW_CONNECTION", "request": data, "response": None}, -+ ) - self.session = FakeSession(address[0], "", "", address[1]) - self.session.server = self - self.uuid = uuid.uuid4() -@@ -165,10 +179,10 @@ - (clientaddr, clientlun) = struct.unpack("BB", data[17:19]) - level &= 0b1111 - self.send_auth_cap( -- myaddr, mylun, clientaddr, clientlun, session.sockaddr -+ myaddr, mylun, clientaddr, clientlun, session.sockaddr, data - ) - -- def send_auth_cap(self, myaddr, mylun, clientaddr, clientlun, sockaddr): -+ def send_auth_cap(self, myaddr, mylun, clientaddr, clientlun, sockaddr, request=None): - header = b"\x06\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10" - - headerdata = (clientaddr, clientlun | (7 << 2)) -@@ -181,11 +195,19 @@ - header += chr_py3(self._checksum(*bodydata)) - self.session.stage += 1 - logger.info("Connection established with %s", sockaddr) -+ self._add_event( -+ sockaddr, -+ {"type": "GET_CHANNEL_AUTH_CAPABILITIES", "request": request, "response": header}, -+ ) - self.session.send_data(header, sockaddr) - - def close_server_session(self): - logger.info("IPMI Session closed %s", self.session.sockaddr[0]) - # cleanup session -+ self._add_event( -+ self.session.sockaddr, -+ {"type": "CONNECTION_LOST", "request": None, "response": None}, -+ ) - del self.sessions[self.session.sockaddr[0]] - del self.session - diff --git a/docker/conpot/docker-compose.yml b/docker/conpot/docker-compose.yml index a97d27e0..9f5633c0 100644 --- a/docker/conpot/docker-compose.yml +++ b/docker/conpot/docker-compose.yml @@ -35,7 +35,7 @@ services: - "2121:21" - "44818:44818" - "47808:47808/udp" - image: "dtagdevsec/conpot:24.04" + image: "dtagdevsec/conpot:24.04.1" read_only: true volumes: - $HOME/tpotce/data/conpot/log:/var/log/conpot @@ -59,7 +59,7 @@ services: ports: # - "161:161/udp" - "2404:2404" - image: "dtagdevsec/conpot:24.04" + image: "dtagdevsec/conpot:24.04.1" read_only: true volumes: - $HOME/tpotce/data/conpot/log:/var/log/conpot @@ -82,7 +82,7 @@ services: - conpot_local_guardian_ast ports: - "10001:10001" - image: "dtagdevsec/conpot:24.04" + image: "dtagdevsec/conpot:24.04.1" read_only: true volumes: - $HOME/tpotce/data/conpot/log:/var/log/conpot @@ -105,7 +105,7 @@ services: - conpot_local_ipmi ports: - "623:623/udp" - image: "dtagdevsec/conpot:24.04" + image: "dtagdevsec/conpot:24.04.1" read_only: true volumes: - $HOME/tpotce/data/conpot/log:/var/log/conpot @@ -129,7 +129,7 @@ services: ports: - "1025:1025" - "50100:50100" - image: "dtagdevsec/conpot:24.04" + image: "dtagdevsec/conpot:24.04.1" read_only: true volumes: - $HOME/tpotce/data/conpot/log:/var/log/conpot