add new honeypots to nextgen to prep for ELK setup

honeytrap testing
2025-07-02 04:52:11 +00:00 · 2021-10-01 16:18:10 +00:00 · 2021-10-01 16:18:10 +00:00 · dd7fb325b6
commit dd7fb325b6
parent ab092faa2c
3 changed files with 56 additions and 67 deletions
--- a/docker/honeytrap/Dockerfile
+++ b/docker/honeytrap/Dockerfile
@ -1,4 +1,4 @@
-FROM ubuntu:18.04
+FROM debian:bullseye-slim
 ENV DEBIAN_FRONTEND noninteractive
 #
 # Include dist
@ -27,10 +27,10 @@ RUN apt-get update && \
                       wget && \
 #
 # Install honeytrap from source
-    git clone https://github.com/armedpot/honeytrap /root/honeytrap && \
-#    git clone https://github.com/t3chn0m4g3/honeytrap /root/honeytrap && \
+#    git clone https://github.com/armedpot/honeytrap /root/honeytrap && \
+    git clone https://github.com/t3chn0m4g3/honeytrap /root/honeytrap && \
    cd /root/honeytrap/ && \
-    git checkout 9aa4f734f2ea2f0da790b02d79afe18204a23982 && \
+#    git checkout 9aa4f734f2ea2f0da790b02d79afe18204a23982 && \
    autoreconf -vfi && \
    ./configure \
      --with-stream-mon=nfq \
--- a/docker/honeytrap/docker-compose.yml
+++ b/docker/honeytrap/docker-compose.yml
@ -12,7 +12,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "ghcr.io/telekom-security/honeytrap:2006"
+    image: "dtagdevsec/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
--- a/etc/compose/nextgen.yml
+++ b/etc/compose/nextgen.yml
@ -10,11 +10,13 @@ networks:
  conpot_local_guardian_ast:
  conpot_local_ipmi:
  conpot_local_kamstrup_382:
-  cowrie_local:
  cyberchef_local:
  dicompot_local:
  dionaea_local:
+  ddospot_local:
  elasticpot_local:
+  endlessh_local:
+  hellpot_local:
  heralding_local:
  honeypy_local:
  honeysap_local:
@ -22,7 +24,7 @@ networks:
  mailoney_local:
  medpot_local:
  rdpy_local:
-  tanner_local:
+  redishoneypot_local:
  ewsposter_local:
  spiderfoot_local:

@ -161,25 +163,24 @@ services:
    volumes:
     - /data/conpot/log:/var/log/conpot

-# Cowrie service
-  cowrie:
-    container_name: cowrie
+# Ddospot service
+  ddospot:
+    container_name: ddospot
    restart: always
-    tmpfs:
-     - /tmp/cowrie:uid=2000,gid=2000
-     - /tmp/cowrie/data:uid=2000,gid=2000
    networks:
-     - cowrie_local
+     - ddospot_local
    ports:
-     - "22:22"
-     - "23:23"
-    image: "dtagdevsec/cowrie:2006"
+     - "19:19/udp"
+     - "53:53/udp"
+     - "123:123/udp"
+#     - "161:161/udp"
+     - "1900:1900/udp"
+    image: "dtagdevsec/ddospot:2006"
    read_only: true
    volumes:
-     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
-     - /data/cowrie/keys:/home/cowrie/cowrie/etc
-     - /data/cowrie/log:/home/cowrie/cowrie/log
-     - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
+     - /data/ddospot/log:/opt/ddospot/ddospot/logs
+     - /data/ddospot/bl:/opt/ddospot/ddospot/bl
+     - /data/ddospot/db:/opt/ddospot/ddospot/db

 # Dicompot service
 # Get the Horos Client for testing: https://horosproject.org/
@ -248,6 +249,19 @@ services:
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log

+# Endlessh service
+  endlessh:
+    container_name: endlessh
+    restart: always
+    networks:
+     - endlessh_local
+    ports:
+     - "22:2222"
+    image: "dtagdevsec/endlessh:2006"
+    read_only: true
+    volumes:
+     - /data/endlessh/log:/var/log/endlessh
+
 # Glutton service
  glutton:
    container_name: glutton
@ -391,6 +405,19 @@ services:
    volumes:
     - /data/rdpy/log:/var/log/rdpy

+# Redishoneypot service
+  redishoneypot:
+    container_name: redishoneypot
+    restart: always
+    networks:
+     - redishoneypot_local
+    ports:
+     - "6379:6379"
+    image: "dtagdevsec/redishoneypot:2006"
+    read_only: true
+    volumes:
+     - /data/redishoneypot/log:/var/log/redishoneypot
+
 #### Snare / Tanner
 ## Tanner Redis Service
  tanner_redis:
@ -429,56 +456,18 @@ services:
    depends_on:
     - tanner_redis

-## Tanner WEB Service
-#  tanner_web:
-#    container_name: tanner_web
-#    restart: always
-#    tmpfs:
-#     - /tmp/tanner:uid=2000,gid=2000
-#    tty: true
-#    networks:
-#     - tanner_local
-#    image: "dtagdevsec/tanner:2006"
-#    command: tannerweb
-#    read_only: true
-#    volumes:
-#     - /data/tanner/log:/var/log/tanner
-#    depends_on:
-#     - tanner_redis
-
-## Tanner Service
-  tanner:
-    container_name: tanner
+# Hellpot service
+  hellpot:
+    container_name: hellpot
    restart: always
-    tmpfs:
-     - /tmp/tanner:uid=2000,gid=2000
-    tty: true
    networks:
-     - tanner_local
-    image: "dtagdevsec/tanner:2006"
-    command: tanner
+     - hellpot_local
+    ports:
+     - "80:8080"
+    image: "dtagdevsec/hellpot:2006"
    read_only: true
    volumes:
-     - /data/tanner/log:/var/log/tanner
-     - /data/tanner/files:/opt/tanner/files
-    depends_on:
-     - tanner_api
-#     - tanner_web
-     - tanner_phpox
-
-## Snare Service
-  snare:
-    container_name: snare
-    restart: always
-    tty: true
-    networks:
-     - tanner_local
-    ports:
-     - "80:80"
-    image: "dtagdevsec/snare:2006"
-    depends_on:
-     - tanner
-
+     - /data/hellpot/log:/var/log/hellpot

 ##################
 #### NSM