From a9449251243754b52d3b7cd8f2c366b379ca7ff4 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 26 Apr 2018 15:18:23 +0000 Subject: [PATCH] tweaking --- docker/conpot/Dockerfile | 21 ++++++++++++--------- docker/conpot/docker-compose.yml | 5 ----- docker/ews/Dockerfile | 2 +- docker/glastopf/Dockerfile | 11 ++++++++--- docker/glastopf/docker-compose.yml | 5 ++--- 5 files changed, 23 insertions(+), 21 deletions(-) diff --git a/docker/conpot/Dockerfile b/docker/conpot/Dockerfile index 263f8673..d7ce7d1c 100644 --- a/docker/conpot/Dockerfile +++ b/docker/conpot/Dockerfile @@ -26,26 +26,27 @@ RUN apk -U --no-cache add bash \ wget && \ # Setup ConPot - git clone https://github.com/mushorg/conpot /opt/conpot/ && \ + git clone https://github.com/mushorg/conpot /opt/conpot && \ cd /opt/conpot/ && \ - git checkout d157229e4587188ad3d3af5dddcd71200713852d && \ + git reset --hard d157229e4587188ad3d3af5dddcd71200713852d && \ + git fetch origin pull/367/head:run-without-root && \ + git checkout run-without-root && \ + git checkout master && \ + git merge run-without-root && \ cp /root/dist/requirements.txt /opt/conpot/ && \ # Patch to accept ENV for MIB path cp /root/dist/snmp_server.py /opt/conpot/conpot/protocols/snmp/ && \ - pip install -U pip setuptools && \ - python setup.py install && \ + pip install --no-cache-dir -U pip setuptools && \ + pip install --no-cache-dir . && \ cd / && \ - # Monkey patch, see https://github.com/mushorg/conpot/issues/361 - cp /root/dist/conpot.bin /usr/bin/conpot && \ - chmod u+x /usr/bin/conpot && \ rm -rf /opt/conpot /tmp/* /var/tmp/* && \ - setcap cap_net_bind_service=+ep /usr/bin/conpot && \ + setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \ # Get wireshark manuf db for scapy, setup configs, user, groups mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \ wget https://github.com/wireshark/wireshark/raw/master/manuf -o /usr/share/wireshark/manuf && \ cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \ - cp -R /root/dist/templates /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/ && \ + cp -R /root/dist/templates /usr/lib/python2.7/site-packages/conpot/ && \ addgroup -g 2000 conpot && \ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot && \ @@ -61,9 +62,11 @@ RUN apk -U --no-cache add bash \ pkgconfig \ python-dev \ py-cffi \ + py-pip \ wget && \ rm -rf /root/* && \ rm -rf /var/cache/apk/* # Start conpot +USER conpot:conpot CMD exec /usr/bin/conpot --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG diff --git a/docker/conpot/docker-compose.yml b/docker/conpot/docker-compose.yml index feb9bb50..3f1b9185 100644 --- a/docker/conpot/docker-compose.yml +++ b/docker/conpot/docker-compose.yml @@ -22,7 +22,6 @@ services: - CONPOT_LOG=/var/log/conpot/conpot_default.log - CONPOT_TEMPLATE=default - CONPOT_TMP=/tmp/conpot - - PYTHON_EGG_CACHE=/tmp/conpot tmpfs: - /tmp/conpot:exec networks: @@ -52,7 +51,6 @@ services: - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log - CONPOT_TEMPLATE=IEC104 - CONPOT_TMP=/tmp/conpot - - PYTHON_EGG_CACHE=/tmp/conpot tmpfs: - /tmp/conpot:exec networks: @@ -77,7 +75,6 @@ services: - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log - CONPOT_TEMPLATE=guardian_ast - CONPOT_TMP=/tmp/conpot - - PYTHON_EGG_CACHE=/tmp/conpot tmpfs: - /tmp/conpot:exec networks: @@ -101,7 +98,6 @@ services: - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log - CONPOT_TEMPLATE=ipmi - CONPOT_TMP=/tmp/conpot - - PYTHON_EGG_CACHE=/tmp/conpot tmpfs: - /tmp/conpot:exec networks: @@ -125,7 +121,6 @@ services: - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log - CONPOT_TEMPLATE=kamstrup_382 - CONPOT_TMP=/tmp/conpot - - PYTHON_EGG_CACHE=/tmp/conpot tmpfs: - /tmp/conpot:exec networks: diff --git a/docker/ews/Dockerfile b/docker/ews/Dockerfile index 32f495b7..68e42d7d 100644 --- a/docker/ews/Dockerfile +++ b/docker/ews/Dockerfile @@ -47,4 +47,4 @@ RUN apk -U upgrade && \ # Run ewsposter USER ews:ews -CMD sleep 10 && exec /usr/bin/python /opt/ewsposter/ews.py -l 60 +CMD sleep 10 && exec /usr/bin/python -u /opt/ewsposter/ews.py -l 60 diff --git a/docker/glastopf/Dockerfile b/docker/glastopf/Dockerfile index 8172a517..21fa4995 100644 --- a/docker/glastopf/Dockerfile +++ b/docker/glastopf/Dockerfile @@ -12,6 +12,7 @@ RUN apk -U --no-cache add autoconf \ git \ libffi \ libffi-dev \ + libcap \ make \ py-asn1 \ py-cffi \ @@ -41,6 +42,7 @@ RUN apk -U --no-cache add autoconf \ py-mongo \ py-sqlalchemy \ py-webob && \ + pip install --no-cache-dir --upgrade pip && \ # Install php sandbox from git git clone https://github.com/mushorg/BFR /opt/BFR && \ @@ -63,9 +65,10 @@ RUN apk -U --no-cache add autoconf \ cp /root/dist/base_logger.py /opt/glastopf/glastopf/modules/reporting/auxiliary/ && \ cp /root/dist/log_s3.py /opt/glastopf/glastopf/modules/reporting/auxiliary/ && \ cp /root/dist/requirements.txt /opt/glastopf/ && \ - python setup.py install && \ + pip install --no-cache-dir . && \ cd / && \ rm -rf /opt/glastopf /tmp/* /var/tmp/* && \ + setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \ # Setup user, groups and configs addgroup -g 2000 glastopf && \ @@ -79,10 +82,12 @@ RUN apk -U --no-cache add autoconf \ git \ libffi-dev \ php7-dev \ - python-dev && \ + python-dev \ + py-pip && \ rm -rf /root/* && \ rm -rf /var/cache/apk/* # Set workdir and start glastopf +USER glastopf:glastopf WORKDIR /tmp/glastopf/ -CMD cp /opt/glastopf/glastopf.cfg /tmp/glastopf && glastopf-runner +CMD cp /opt/glastopf/glastopf.cfg /tmp/glastopf && exec glastopf-runner diff --git a/docker/glastopf/docker-compose.yml b/docker/glastopf/docker-compose.yml index 1859b734..a444ee16 100644 --- a/docker/glastopf/docker-compose.yml +++ b/docker/glastopf/docker-compose.yml @@ -9,11 +9,10 @@ services: glastopf: build: . container_name: glastopf - environment: - - PYTHON_EGG_CACHE=/tmp/glastopf tmpfs: - - /tmp/glastopf:exec + - /tmp/glastopf:uid=2000,gid=2000 restart: always + stop_signal: SIGINT networks: - glastopf_local ports: