bump conpot to latest master with py 3.12 support, update tags

docker/adbhoney/docker-compose.yml

@@ -14,7 +14,7 @@ services:
      - adbhoney_local
     ports:
      - "5555:5555"
-    image: "dtagdevsec/adbhoney:24.04"
+    image: "dtagdevsec/adbhoney:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/adbhoney/log:/opt/adbhoney/log

docker/ciscoasa/docker-compose.yml

@@ -17,7 +17,7 @@ services:
     ports:
      - "5000:5000/udp"
      - "8443:8443"
-    image: "dtagdevsec/ciscoasa:24.04"
+    image: "dtagdevsec/ciscoasa:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/ciscoasa/log:/var/log/ciscoasa

docker/citrixhoneypot/docker-compose.yml

@@ -14,7 +14,7 @@ services:
      - citrixhoneypot_local
     ports:
      - "443:443"
-    image: "dtagdevsec/citrixhoneypot:24.04"
+    image: "dtagdevsec/citrixhoneypot:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/citrixhoneypot/log:/opt/citrixhoneypot/logs

docker/conpot/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.23
 #
 # Include dist
 COPY dist/ /root/dist/
@@ -44,14 +44,10 @@ RUN apk --no-cache -U upgrade && \
 			wget && \
 #
 # Setup ConPot
-    git clone https://github.com/t3chn0m4g3/cpppo /opt/cpppo && \
+    # git clone https://github.com/mushorg/conpot /opt/conpot && \
-    cd /opt/cpppo && \
+    git clone https://github.com/t3chn0m4g3/conpot /opt/conpot && \
-    git checkout 350d5187a941e7359c53087dcb1f0e41ece5682c && \
-    pip3 install --break-system-packages --no-cache-dir --upgrade pip && \
-    pip3 install --break-system-packages --no-cache-dir . && \
-    git clone https://github.com/mushorg/conpot /opt/conpot && \
     cd /opt/conpot/ && \
-	git checkout 26c67d11b08a855a28e87abd186d959741f46c7f && \
+	# git checkout 79399adaf608c33103d076bc9a3a3c2d2172dd1a && \
     # Change template default ports if <1024
     sed -i 's/port="2121"/port="21"/' /opt/conpot/conpot/templates/default/ftp/ftp.xml && \
     sed -i 's/port="8800"/port="80"/' /opt/conpot/conpot/templates/default/http/http.xml && \
@@ -62,7 +58,6 @@ RUN apk --no-cache -U upgrade && \
     sed -i 's/port="6969"/port="69"/' /opt/conpot/conpot/templates/default/tftp/tftp.xml && \
     sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/IEC104/snmp/snmp.xml && \
     sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/ipmi/ipmi/ipmi.xml && \
-    patch -p1 < /root/dist/patches/ipmi-json-events.patch && \
     cp /root/dist/requirements.txt . && \
     pip3 install --break-system-packages --no-cache-dir . && \
     cd / && \
@@ -71,7 +66,7 @@ RUN apk --no-cache -U upgrade && \
 #
 # Get wireshark manuf db for scapy, setup configs, user, groups
     mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \
-    wget https://www.wireshark.org/download/automated/data/manuf -o /usr/share/wireshark/manuf && \
+    wget https://www.wireshark.org/download/automated/data/manuf -O /usr/share/wireshark/manuf && \
     cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
     cp -R /root/dist/templates /usr/lib/$(readlink -f $(type -P python3) | cut -f4 -d"/")/site-packages/conpot/ && \
     cp /root/dist/cpu_check.py / && \
@@ -102,4 +97,4 @@ STOPSIGNAL SIGINT
 # Conpot sometimes hangs at 100% CPU usage, if detected container will become unhealthy and restarted by tpotinit
 HEALTHCHECK --interval=5m --timeout=30s --retries=3 CMD python3 /cpu_check.py $(pgrep -of conpot) 99
 USER conpot:conpot
-CMD exec /usr/bin/conpot --mibcache $CONPOT_TMP --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
+CMD ["/bin/sh", "-c", "exec /usr/bin/conpot --mibcache \"$CONPOT_TMP\" --temp_dir \"$CONPOT_TMP\" --template \"$CONPOT_TEMPLATE\" --logfile \"$CONPOT_LOG\" --config \"$CONPOT_CONFIG\""]

docker/conpot/dist/conpot.cfg

@@ -3,7 +3,7 @@ sensorid = conpot
 
 [virtual_file_system]
 data_fs_url = %(CONPOT_TMP)s
-fs_url = tar:///usr/lib/python3.11/site-packages/conpot/data.tar
+fs_url = tar:///usr/lib/python3.12/site-packages/conpot/data.tar
 
 [session]
 timeout = 30

docker/conpot/dist/patches/ipmi-json-events.patch

@@ -1,61 +0,0 @@
---- a/conpot/protocols/ipmi/ipmi_server.py
-+++ b/conpot/protocols/ipmi/ipmi_server.py
-@@ -92,11 +92,25 @@
-         csum &= 0xFF
-         return csum
- 
-+    def _add_event(self, address, event_data):
-+        session = conpot_core.get_session(
-+            "ipmi",
-+            address[0],
-+            address[1],
-+            self.sock.getsockname()[0],
-+            self.port,
-+        )
-+        session.add_event(event_data)
-+
-     def handle(self, data, address):
-         # make sure self.session exists
-         if not address[0] in self.sessions.keys() or not hasattr(self, "session"):
-             # new session for new source
-             logger.info("New IPMI traffic from %s", address)
-+            self._add_event(
-+                address,
-+                {"type": "NEW_CONNECTION", "request": data, "response": None},
-+            )
-             self.session = FakeSession(address[0], "", "", address[1])
-             self.session.server = self
-             self.uuid = uuid.uuid4()
-@@ -165,10 +179,10 @@
-                     (clientaddr, clientlun) = struct.unpack("BB", data[17:19])
-                     level &= 0b1111
-                     self.send_auth_cap(
--                        myaddr, mylun, clientaddr, clientlun, session.sockaddr
-+                        myaddr, mylun, clientaddr, clientlun, session.sockaddr, data
-                     )
- 
--    def send_auth_cap(self, myaddr, mylun, clientaddr, clientlun, sockaddr):
-+    def send_auth_cap(self, myaddr, mylun, clientaddr, clientlun, sockaddr, request=None):
-         header = b"\x06\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10"
- 
-         headerdata = (clientaddr, clientlun | (7 << 2))
-@@ -181,11 +195,19 @@
-         header += chr_py3(self._checksum(*bodydata))
-         self.session.stage += 1
-         logger.info("Connection established with %s", sockaddr)
-+        self._add_event(
-+            sockaddr,
-+            {"type": "GET_CHANNEL_AUTH_CAPABILITIES", "request": request, "response": header},
-+        )
-         self.session.send_data(header, sockaddr)
- 
-     def close_server_session(self):
-         logger.info("IPMI Session closed %s", self.session.sockaddr[0])
-         # cleanup session
-+        self._add_event(
-+            self.session.sockaddr,
-+            {"type": "CONNECTION_LOST", "request": None, "response": None},
-+        )
-         del self.sessions[self.session.sockaddr[0]]
-         del self.session
- 

docker/conpot/docker-compose.yml

@@ -35,7 +35,7 @@ services:
      - "2121:21"
      - "44818:44818"
      - "47808:47808/udp"
-    image: "dtagdevsec/conpot:24.04"
+    image: "dtagdevsec/conpot:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot
@@ -59,7 +59,7 @@ services:
     ports:
 #     - "161:161/udp"
      - "2404:2404"
-    image: "dtagdevsec/conpot:24.04"
+    image: "dtagdevsec/conpot:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot
@@ -82,7 +82,7 @@ services:
      - conpot_local_guardian_ast
     ports:
      - "10001:10001"
-    image: "dtagdevsec/conpot:24.04"
+    image: "dtagdevsec/conpot:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot
@@ -105,7 +105,7 @@ services:
      - conpot_local_ipmi
     ports:
      - "623:623/udp"
-    image: "dtagdevsec/conpot:24.04"
+    image: "dtagdevsec/conpot:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot
@@ -129,7 +129,7 @@ services:
     ports:
      - "1025:1025"
      - "50100:50100"
-    image: "dtagdevsec/conpot:24.04"
+    image: "dtagdevsec/conpot:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot