diff --git a/docker/conpot/docker-compose.yml b/docker/conpot/docker-compose.yml
deleted file mode 100644
index e64a510c..00000000
--- a/docker/conpot/docker-compose.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-version: '2.1'
-
-networks:
- conpot_local:
-
-services:
-
-# Conpot service
- conpot:
- container_name: conpot
- restart: always
- networks:
- - conpot_local
- ports:
- - "1025:1025"
- - "50100:50100"
- image: "dtagdevsec/conpot:1710"
- volumes:
- - /data/conpot/log:/var/log/conpot
diff --git a/docker/conpot_IEC104/Dockerfile b/docker/conpot_IEC104/Dockerfile
new file mode 100644
index 00000000..fac843dd
--- /dev/null
+++ b/docker/conpot_IEC104/Dockerfile
@@ -0,0 +1,54 @@
+FROM alpine
+MAINTAINER MO
+
+# Include dist
+ADD dist/ /root/dist/
+
+# Setup apt
+RUN apk -U add bash \
+ build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt \
+ libxslt-dev \
+ mariadb-dev \
+ mariadb-client-libs \
+ pkgconfig \
+ python \
+ python-dev \
+ py-cffi && \
+
+# Setup ConPot
+ git clone https://github.com/mushorg/conpot /opt/conpot_IEC104/ && \
+ cd /opt/conpot_IEC104/ && \
+ git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
+ cp /root/dist/requirements.txt /opt/conpot_IEC104/ && \
+ python setup.py install && \
+ cd / && \
+ rm -rf /opt/conpot_IEC104 /tmp/* /var/tmp/* && \
+
+# Setup user, groups and configs
+ addgroup -g 2000 conpot_IEC104 && \
+ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_IEC104 && \
+ mkdir -p /etc/conpot_IEC104 /var/log/conpot_IEC104 && \
+ mv /root/dist/conpot.cfg /etc/conpot_IEC104/conpot_IEC104.cfg && \
+ mv /root/dist/IEC104/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_IEC104/templates/IEC104/ && \
+
+# Clean up
+ apk del build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt-dev \
+ mariadb-dev \
+ pkgconfig \
+ python-dev \
+ py-cffi && \
+ rm -rf /root/* && \
+ rm -rf /var/cache/apk/*
+
+# Run supervisor upon container start
+CMD ["/usr/bin/conpot", "--template", "IEC104", "--logfile", "/var/log/conpot_IEC104/conpot_IEC104.log", "--config", "/etc/conpot_IEC104/conpot_IEC104.cfg"]
diff --git a/docker/conpot/README.md b/docker/conpot_IEC104/README.md
similarity index 100%
rename from docker/conpot/README.md
rename to docker/conpot_IEC104/README.md
diff --git a/docker/conpot_IEC104/dist/IEC104/IEC104/IEC104.xml b/docker/conpot_IEC104/dist/IEC104/IEC104/IEC104.xml
new file mode 100644
index 00000000..dd11ffea
--- /dev/null
+++ b/docker/conpot_IEC104/dist/IEC104/IEC104/IEC104.xml
@@ -0,0 +1,324 @@
+
+
+
+
+ Siemens
+ SIMATIC
+
+
+
+
+
+ 13_20
+
+
+ 13_21
+
+
+ 13_22
+
+
+ 13_24
+
+
+ 13_25
+
+
+ 13_32
+
+
+ 13_33
+
+
+ 13_34
+
+
+ 13_35
+
+
+ 13_36
+
+
+ 13_37
+
+
+ 13_38
+
+
+ 13_39
+
+
+ 13_40
+
+
+ 13_41
+
+
+ 13_42
+
+
+
+
+
+ 22_19
+
+
+ 22_20
+
+
+ 22_21
+
+
+ 22_22
+
+
+ 22_24
+
+
+ 22_25
+
+
+ 22_42
+
+
+ 22_43
+
+
+ 22_54
+
+
+
+
+
+ 33_2
+
+
+ 33_3
+
+
+ 33_4
+
+
+ 33_5
+
+
+ 33_6
+
+
+ 33_7
+
+
+ 33_8
+
+
+ 33_9
+
+
+ 33_10
+
+
+ 33_11
+
+
+
+
+
+ 60_6
+
+
+ 60_7
+
+
+ 60_8
+
+
+ 60_9
+
+
+ 60_20
+
+
+ 60_21
+
+
+ 60_32
+
+
+ 60_34
+
+
+ 60_35
+
+
+ 60_36
+
+
+
+
+
+ 100_12
+
+
+ 100_13
+
+
+ 100_51
+
+
+ 100_108
+
+
+ 100_109
+
+
+ 100_178
+
+
+ 100_179
+
+
+ 100_190
+
+
+ 100_191
+
+
+ 100_192
+
+
+ 100_193
+
+
+
+
+
+ 101_63
+
+
+ 101_205
+
+
+ 101_100
+
+
+ 101_101
+
+
+ 101_102
+
+
+ 101_105
+
+
+ 101_106
+
+
+
+
+
+ 107_3
+
+
+ 107_77
+
+
+ 107_78
+
+
+ 107_79
+
+
+ 107_90
+
+
+ 107_130
+
+
+ 107_131
+
+
+ 107_132
+
+
+ 107_141
+
+
+ 107_200
+
+
+ 107_201
+
+
+ 107_202
+
+
+ 107_203
+
+
+ 107_204
+
+
+ 107_205
+
+
+ 107_206
+
+
+ 107_207
+
+
+ 107_208
+
+
+ 107_209
+
+
+ 107_210
+
+
+ 107_211
+
+
+ 107_212
+
+
+
+
+
+ 109_3
+
+
+ 109_7
+
+
+ 109_8
+
+
+ 109_10
+
+
+ 109_40
+
+
+ 109_41
+
+
+
+
+
\ No newline at end of file
diff --git a/docker/conpot_IEC104/dist/IEC104/template.xml b/docker/conpot_IEC104/dist/IEC104/template.xml
new file mode 100644
index 00000000..612f3048
--- /dev/null
+++ b/docker/conpot_IEC104/dist/IEC104/template.xml
@@ -0,0 +1,675 @@
+
+
+
+
+
+ S7-300
+ Siemens
+ Creates a simple device for IEC 60870-5-104
+ IEC104
+ Patrick Reichenberger
+
+
+
+
+
+
+ "Siemens, SIMATIC, S7-300"
+
+
+ "0.0"
+
+
+ conpot.emulators.misc.uptime.Uptime
+
+
+ ""
+
+
+ ""
+
+
+ ""
+
+
+ "72"
+
+
+
+ 1
+
+
+ 1
+
+
+ "Siemens, SIMATIC NET, CP 343-1 PN, 6GK7 343-1EX21-0XE0, HW: Version 2, FW: Version V1.2.3, Ethernet Port 1, Rack 0, 100Mbit"
+
+
+ 6
+
+
+ 1000
+
+
+ 100000000
+
+
+ "\x00\x0e\x8c\x29\xc5\x1a"
+
+
+ 1
+
+
+ 1
+
+
+ conpot.emulators.misc.uptime.Uptime
+
+
+ "Compagnie Generale des Eaux"
+
+
+ 0
+
+
+ 1
+
+
+ 1618895
+
+
+ 7018
+
+
+ 291
+
+
+ 455107
+
+
+ 872264
+
+
+ 143
+
+
+
+
+ 2
+
+
+ 60
+
+
+ 31271
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 31282
+
+
+ 69023
+
+
+ 0
+
+
+ 0
+
+
+ 60
+
+
+ 7
+
+
+ 3
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ "163.172.189.137"
+
+
+ 1
+
+
+ "255.255.255.255"
+
+
+ 1
+
+
+ 65528
+
+
+ 0
+
+
+ 4
+
+
+ 0
+
+
+ 1
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 144
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
+
+
+ 2
+
+
+ 0
+
+
+ 100
+
+
+ -1
+
+
+ 0
+
+
+ 101
+
+
+ 42
+
+
+ 45
+
+
+ 0
+
+
+ 30321
+
+
+ 67821
+
+
+ 2511
+
+
+ 2
+
+
+ "163.172.189.137"
+
+
+ 2404
+
+
+ "0.0.0.0"
+
+
+ 0
+
+
+ 1
+
+
+ 728
+
+
+
+ 1441
+
+
+ 1280
+
+
+ 23
+
+
+ 47
+
+
+ "163.172.189.137"
+
+
+ 161
+
+
+ "CP 343-1 IT"
+
+
+
+
+
+
+ 30
+
+
+
+ 15
+
+
+
+ 10
+
+
+
+ 20
+
+
+
+
+ 12
+
+
+
+ 8
+
+
+
+ 254
+
+
+
+
+
+ 1
+
+
+ 0
+
+
+ 0
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 0
+
+
+ 1
+
+
+ 0
+
+
+
+
+ 1
+
+
+ 1
+
+
+ 0
+
+
+ 0
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+
+
+ 1
+
+
+ 2
+
+
+ 1
+
+
+ 2
+
+
+ 2
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+
+
+ 2
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+ 1
+
+
+
+
+ 103
+
+
+ 31
+
+
+ -49
+
+
+ 28871
+
+
+ 13781
+
+
+ 119
+
+
+ 219
+
+
+ 1009
+
+
+ -2
+
+
+ 701
+
+
+ 441
+
+
+
+
+ 103
+
+
+ 31
+
+
+ 5
+
+
+ 49
+
+
+ 119
+
+
+ 500
+
+
+ 1
+
+
+
+
+ 16.2
+
+
+ 15.9
+
+
+ 512.1
+
+
+ 433.4
+
+
+ 344.4
+
+
+ -0.44013
+
+
+ 43.0
+
+
+ 41.2
+
+
+ 12.1
+
+
+ 91
+
+
+ 98.8
+
+
+ 110
+
+
+ 85.1
+
+
+ 85.2
+
+
+ 410
+
+
+ 592
+
+
+ 1.5
+
+
+ 44.7
+
+
+ 11.9
+
+
+ 221.45
+
+
+ 13.4
+
+
+ 0.000402
+
+
+
+
+ 16.2
+
+
+ 15.9
+
+
+ 880
+
+
+ 344.4
+
+
+ 41.2
+
+
+ 12.1
+
+
+
+ ""
+
+
+
+
diff --git a/docker/conpot/dist/conpot.cfg b/docker/conpot_IEC104/dist/conpot_IEC104.cfg
similarity index 81%
rename from docker/conpot/dist/conpot.cfg
rename to docker/conpot_IEC104/dist/conpot_IEC104.cfg
index 72fc3430..df43cd78 100644
--- a/docker/conpot/dist/conpot.cfg
+++ b/docker/conpot_IEC104/dist/conpot_IEC104.cfg
@@ -1,16 +1,16 @@
[common]
-sensorid = conpot
+sensorid = conpot_IEC104
[session]
timeout = 30
[daemon]
-user = conpot
-group = conpot
+user = conpot_IEC104
+group = conpot_IEC104
[json]
enabled = True
-filename = /var/log/conpot/conpot.json
+filename = /var/log/conpot_IEC104/conpot_IEC104.json
[sqlite]
enabled = False
@@ -20,9 +20,9 @@ enabled = False
device = /tmp/mysql.sock
host = localhost
port = 3306
-db = conpot
-username = conpot
-passphrase = conpot
+db = conpot_IEC104
+username = conpot_IEC104
+passphrase = conpot_IEC104
socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
[syslog]
diff --git a/docker/conpot/dist/requirements.txt b/docker/conpot_IEC104/dist/requirements.txt
similarity index 100%
rename from docker/conpot/dist/requirements.txt
rename to docker/conpot_IEC104/dist/requirements.txt
diff --git a/docker/conpot/doc/dashboard.png b/docker/conpot_IEC104/doc/dashboard.png
similarity index 100%
rename from docker/conpot/doc/dashboard.png
rename to docker/conpot_IEC104/doc/dashboard.png
diff --git a/docker/conpot_IEC104/docker-compose.yml b/docker/conpot_IEC104/docker-compose.yml
new file mode 100644
index 00000000..eb529982
--- /dev/null
+++ b/docker/conpot_IEC104/docker-compose.yml
@@ -0,0 +1,18 @@
+version: '2.1a'
+
+networks:
+ conpot_IEC104_local:
+
+services:
+
+# Conpot service using IEC104 Template
+ conpot_IEC104:
+ container_name: conpot_IEC104
+ restart: always
+ networks:
+ - conpot_IEC104_local
+ ports:
+ - "2404:2404"
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_IEC104/log:/var/log/conpot_IEC104
diff --git a/docker/conpot_default/Dockerfile b/docker/conpot_default/Dockerfile
new file mode 100644
index 00000000..d31d7c68
--- /dev/null
+++ b/docker/conpot_default/Dockerfile
@@ -0,0 +1,54 @@
+FROM alpine
+MAINTAINER MO
+
+# Include dist
+ADD dist/ /root/dist/
+
+# Setup apt
+RUN apk -U add bash \
+ build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt \
+ libxslt-dev \
+ mariadb-dev \
+ mariadb-client-libs \
+ pkgconfig \
+ python \
+ python-dev \
+ py-cffi && \
+
+# Setup ConPot
+ git clone https://github.com/mushorg/conpot /opt/conpot_default/ && \
+ cd /opt/conpot_default/ && \
+ git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
+ cp /root/dist/requirements.txt /opt/conpot_default/ && \
+ python setup.py install && \
+ cd / && \
+ rm -rf /opt/conpot_default /tmp/* /var/tmp/* && \
+
+# Setup user, groups and configs
+ addgroup -g 2000 conpot_default && \
+ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_default && \
+ mkdir -p /etc/conpot_default /var/log/conpot_default && \
+ mv /root/dist/conpot.cfg /etc/conpot_default/conpot_default.cfg && \
+ mv /root/dist/default/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_default/templates/default/ && \
+
+# Clean up
+ apk del build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt-dev \
+ mariadb-dev \
+ pkgconfig \
+ python-dev \
+ py-cffi && \
+ rm -rf /root/* && \
+ rm -rf /var/cache/apk/*
+
+# Run supervisor upon container start
+CMD ["/usr/bin/conpot", "--template", "default", "--logfile", "/var/log/conpot_default/conpot_default.log", "--config", "/etc/conpot_default/conpot_default.cfg"]
diff --git a/docker/conpot_default/README.md b/docker/conpot_default/README.md
new file mode 100644
index 00000000..6b8c2078
--- /dev/null
+++ b/docker/conpot_default/README.md
@@ -0,0 +1,15 @@
+[](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
+
+# conpot
+
+[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behavior of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
+
+This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+
+The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.
+
+The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
+
+# ConPot Dashboard
+
+
diff --git a/docker/conpot_default/dist/conpot_default.cfg b/docker/conpot_default/dist/conpot_default.cfg
new file mode 100644
index 00000000..43eaafc7
--- /dev/null
+++ b/docker/conpot_default/dist/conpot_default.cfg
@@ -0,0 +1,58 @@
+[common]
+sensorid = conpot_default
+
+[session]
+timeout = 30
+
+[daemon]
+user = conpot_default
+group = conpot_default
+
+[json]
+enabled = True
+filename = /var/log/conpot_default/conpot_default.json
+
+[sqlite]
+enabled = False
+
+[mysql]
+enabled = False
+device = /tmp/mysql.sock
+host = localhost
+port = 3306
+db = conpot_default
+username = conpot_default
+passphrase = conpot_default
+socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
+
+[syslog]
+enabled = False
+device = /dev/log
+host = localhost
+port = 514
+facility = local0
+socket = dev ; udp (sends to host:port), dev (sends to device)
+
+[hpfriends]
+enabled = False
+host = hpfriends.honeycloud.net
+port = 20000
+ident = 3Ykf9Znv
+secret = 4nFRhpm44QkG9cvD
+channels = ["conpot.events", ]
+
+[taxii]
+enabled = False
+host = taxiitest.mitre.org
+port = 80
+inbox_path = /services/inbox/default/
+use_https = False
+
+[fetch_public_ip]
+enabled = True
+urls = ["http://whatismyip.akamai.com/", "http://wgetip.com/"]
+
+[change_mac_addr]
+enabled = False
+iface = eth0
+addr = 00:de:ad:be:ef:00
diff --git a/docker/conpot_default/dist/default/modbus/modbus.xml b/docker/conpot_default/dist/default/modbus/modbus.xml
new file mode 100644
index 00000000..32e3d671
--- /dev/null
+++ b/docker/conpot_default/dist/default/modbus/modbus.xml
@@ -0,0 +1,91 @@
+
+
+ Siemens
+ SIMATIC
+ S7-200
+
+ serial
+ 100
+
+
+
+
+
+ COILS
+ 1
+ 128
+ memoryModbusSlave0BlockA
+
+
+
+ DISCRETE_INPUTS
+ 10001
+ 32
+ memoryModbusSlave0BlockB
+
+
+
+
+
+
+
+ COILS
+ 1
+ 128
+ memoryModbusSlave255BlockA
+
+
+
+ DISCRETE_INPUTS
+ 10001
+ 32
+ memoryModbusSlave255BlockB
+
+
+
+
+
+
+
+ COILS
+ 1
+ 128
+ memoryModbusSlave1BlockA
+
+
+
+ DISCRETE_INPUTS
+ 10001
+ 32
+ memoryModbusSlave1BlockB
+
+
+
+
+
+
+
+
+ ANALOG_INPUTS
+ 30001
+ 8
+ memoryModbusSlave2BlockC
+
+
+
+ HOLDING_REGISTERS
+ 40001
+ 8
+ memoryModbusSlave2BlockD
+
+
+
+
+
diff --git a/docker/conpot_default/dist/default/s7comm/s7comm.xml b/docker/conpot_default/dist/default/s7comm/s7comm.xml
new file mode 100644
index 00000000..73391b48
--- /dev/null
+++ b/docker/conpot_default/dist/default/s7comm/s7comm.xml
@@ -0,0 +1,20 @@
+
+
+
+ SystemName
+ SystemDescription
+ FacilityName
+ Copyright
+ s7_id
+ s7_module_type
+ empty
+ empty
+
+
+
+ empty
+ empty
+ empty
+
+
+
\ No newline at end of file
diff --git a/docker/conpot_default/dist/default/snmp/snmp.xml b/docker/conpot_default/dist/default/snmp/snmp.xml
new file mode 100644
index 00000000..66a0c563
--- /dev/null
+++ b/docker/conpot_default/dist/default/snmp/snmp.xml
@@ -0,0 +1,38 @@
+
+
+
+ 0.1;0.2
+ 0.1;0.2
+ 0.0;0.1
+ 0.2;0.4
+
+
+ 120;240
+ 120;240
+ 240;600
+ 120;240
+
+
+
+
+
+ SystemDescription
+
+
+ Uptime
+
+
+ sysContact
+
+
+ sysName
+
+
+ sysLocation
+
+
+ sysServices
+
+
+
+
\ No newline at end of file
diff --git a/docker/conpot_default/dist/default/template.xml b/docker/conpot_default/dist/default/template.xml
new file mode 100644
index 00000000..75b6ce55
--- /dev/null
+++ b/docker/conpot_default/dist/default/template.xml
@@ -0,0 +1,78 @@
+
+
+
+ S7-200
+ Siemens
+ Rough simulation of a basic Siemens S7-200 CPU with 2 slaves
+ HTTP, MODBUS, s7comm, SNMP
+ the conpot team
+
+
+
+
+
+ "Mouser Factory"
+
+
+ "Technodrome"
+
+
+ "Siemens, SIMATIC, S7-200"
+
+
+ conpot.emulators.misc.uptime.Uptime
+
+
+ "0.0"
+
+
+ "Siemens AG"
+
+
+ "CP 443-1 EX40"
+
+
+ "Venus"
+
+
+ "72"
+
+
+ [random.randint(0,1) for b in range(0,128)]
+
+
+ [random.randint(0,1) for b in range(0,32)]
+
+
+ [random.randint(0,1) for b in range(0,128)]
+
+
+ [random.randint(0,1) for b in range(0,32)]
+
+
+ [random.randint(0,1) for b in range(0,128)]
+
+
+ [random.randint(0,1) for b in range(0,32)]
+
+
+ [random.randint(0,1) for b in range(0,8)]
+
+
+ [0 for b in range(0,32)]
+
+
+ "Original Siemens Equipment"
+
+
+ "88111222"
+
+
+ "IM151-8 PN/DP CPU"
+
+
+ ""
+
+
+
+
diff --git a/docker/conpot_default/dist/requirements.txt b/docker/conpot_default/dist/requirements.txt
new file mode 100644
index 00000000..ca8e6871
--- /dev/null
+++ b/docker/conpot_default/dist/requirements.txt
@@ -0,0 +1,23 @@
+gevent>=1.0
+pysnmp==4.3.5
+pysmi==0.1.3
+lxml
+bottle
+jinja2
+beautifulsoup4
+requests
+sphinx==1.5.5
+libtaxii>=1.1.0
+MySQL-python
+xlrd
+crc16
+enum
+hpfeeds
+modbus-tk
+stix-validator
+stix
+cybox
+bacpypes==0.13.8
+pyghmi
+mixbox
+modbus-tk
diff --git a/docker/conpot_default/doc/dashboard.png b/docker/conpot_default/doc/dashboard.png
new file mode 100644
index 00000000..b4830b52
Binary files /dev/null and b/docker/conpot_default/doc/dashboard.png differ
diff --git a/docker/conpot_default/docker-compose.yml b/docker/conpot_default/docker-compose.yml
new file mode 100644
index 00000000..2b0759ce
--- /dev/null
+++ b/docker/conpot_default/docker-compose.yml
@@ -0,0 +1,20 @@
+version: '2.1a'
+
+networks:
+ conpot_default_local:
+
+services:
+
+# Conpot service using Default Siemens S7-200 Template
+ conpot_default:
+ container_name: conpot_default
+ restart: always
+ networks:
+ - conpot_default_local
+ ports:
+ - "102:102"
+ - "502:502"
+ - "161:161/udp"
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_default/log:/var/log/conpot_default
diff --git a/docker/conpot_guardianast/Dockerfile b/docker/conpot_guardianast/Dockerfile
new file mode 100644
index 00000000..083a46d3
--- /dev/null
+++ b/docker/conpot_guardianast/Dockerfile
@@ -0,0 +1,54 @@
+FROM alpine
+MAINTAINER MO
+
+# Include dist
+ADD dist/ /root/dist/
+
+# Setup apt
+RUN apk -U add bash \
+ build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt \
+ libxslt-dev \
+ mariadb-dev \
+ mariadb-client-libs \
+ pkgconfig \
+ python \
+ python-dev \
+ py-cffi && \
+
+# Setup ConPot
+ git clone https://github.com/mushorg/conpot /opt/conpot_guardian_ast/ && \
+ cd /opt/conpot_guardian_ast/ && \
+ git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
+ cp /root/dist/requirements.txt /opt/conpot_guardian_ast/ && \
+ python setup.py install && \
+ cd / && \
+ rm -rf /opt/conpot_guardian_ast /tmp/* /var/tmp/* && \
+
+# Setup user, groups and configs
+ addgroup -g 2000 conpot_guardian_ast && \
+ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_guardian_ast && \
+ mkdir -p /etc/conpot_guardian_ast /var/log/conpot_guardian_ast && \
+ mv /root/dist/conpot.cfg /etc/conpot_guardian_ast/conpot_guardian_ast.cfg && \
+ mv /root/dist/guardian_ast/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_guardian_ast/templates/guardian_ast/ && \
+
+# Clean up
+ apk del build-base \
+ file \
+ git \
+ libev \
+ libtool \
+ libxslt-dev \
+ mariadb-dev \
+ pkgconfig \
+ python-dev \
+ py-cffi && \
+ rm -rf /root/* && \
+ rm -rf /var/cache/apk/*
+
+# Run supervisor upon container start
+CMD ["/usr/bin/conpot", "--template", "guardian_ast", "--logfile", "/var/log/conpot_guardian_ast/conpot_guardian_ast.log", "--config", "/etc/conpot_guardian_ast/conpot_guardian_ast.cfg"]
diff --git a/docker/conpot_guardianast/README.md b/docker/conpot_guardianast/README.md
new file mode 100644
index 00000000..6b8c2078
--- /dev/null
+++ b/docker/conpot_guardianast/README.md
@@ -0,0 +1,15 @@
+[](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
+
+# conpot
+
+[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behavior of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
+
+This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+
+The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.
+
+The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
+
+# ConPot Dashboard
+
+
diff --git a/docker/conpot_guardianast/dist/conpot_guardianast.cfg b/docker/conpot_guardianast/dist/conpot_guardianast.cfg
new file mode 100644
index 00000000..37da37db
--- /dev/null
+++ b/docker/conpot_guardianast/dist/conpot_guardianast.cfg
@@ -0,0 +1,58 @@
+[common]
+sensorid = conpot_guardian_ast
+
+[session]
+timeout = 30
+
+[daemon]
+user = conpot_guardian_ast
+group = conpot_guardian_ast
+
+[json]
+enabled = True
+filename = /var/log/conpot_guardian_ast/conpot_guardian_ast.json
+
+[sqlite]
+enabled = False
+
+[mysql]
+enabled = False
+device = /tmp/mysql.sock
+host = localhost
+port = 3306
+db = conpot_guardian_ast
+username = conpot_guardian_ast
+passphrase = conpot_guardian_ast
+socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
+
+[syslog]
+enabled = False
+device = /dev/log
+host = localhost
+port = 514
+facility = local0
+socket = dev ; udp (sends to host:port), dev (sends to device)
+
+[hpfriends]
+enabled = False
+host = hpfriends.honeycloud.net
+port = 20000
+ident = 3Ykf9Znv
+secret = 4nFRhpm44QkG9cvD
+channels = ["conpot.events", ]
+
+[taxii]
+enabled = False
+host = taxiitest.mitre.org
+port = 80
+inbox_path = /services/inbox/default/
+use_https = False
+
+[fetch_public_ip]
+enabled = True
+urls = ["http://whatismyip.akamai.com/", "http://wgetip.com/"]
+
+[change_mac_addr]
+enabled = False
+iface = eth0
+addr = 00:de:ad:be:ef:00
diff --git a/docker/conpot_guardianast/dist/guardian_ast/guardian_ast/guardian_ast.xml b/docker/conpot_guardianast/dist/guardian_ast/guardian_ast/guardian_ast.xml
new file mode 100644
index 00000000..11705f00
--- /dev/null
+++ b/docker/conpot_guardianast/dist/guardian_ast/guardian_ast/guardian_ast.xml
@@ -0,0 +1,6 @@
+
+
+ Guardian
+ Guardian AST
+
+
diff --git a/docker/conpot_guardianast/dist/guardian_ast/template.xml b/docker/conpot_guardianast/dist/guardian_ast/template.xml
new file mode 100644
index 00000000..7f6c7a7c
--- /dev/null
+++ b/docker/conpot_guardianast/dist/guardian_ast/template.xml
@@ -0,0 +1,93 @@
+
+
+
+ Guardian AST tank-monitoring system
+ Guardian
+ Guardian AST tank-monitoring system
+ guardian_ast
+ the conpot team
+
+
+
+
+
+ "SUPER"
+
+
+ "UNLEAD"
+
+
+ "DIESEL"
+
+
+ "PREMIUM"
+
+
+ "STATOIL STATION"
+
+
+ random.randint(1000, 9050)
+
+
+ random.randint(1000, 9050)
+
+
+ random.randint(1000, 9050)
+
+
+ random.randint(1000, 9050)
+
+
+ random.randint(3000, 9999)
+
+
+ random.randint(3000, 9999)
+
+
+ random.randint(3000, 9999)
+
+
+ random.randint(3000, 9999)
+
+
+ round(random.uniform(25.00, 75.99), 2)
+
+
+ round(random.uniform(25.00, 75.99), 2)
+
+
+ round(random.uniform(25.00, 75.99), 2)
+
+
+ round(random.uniform(25.00, 75.99), 2)
+
+
+ round(random.uniform(0.0, 9.99), 2)
+
+
+ round(random.uniform(0.0, 9.99), 2)
+
+
+ round(random.uniform(0.0, 9.99), 2)
+
+
+ round(random.uniform(0.0, 9.99), 2)
+
+
+ round(random.uniform(50.0, 59.99), 2)
+
+
+ round(random.uniform(50.0, 59.99), 2)
+
+
+ round(random.uniform(50.0, 59.99), 2)
+
+
+ round(random.uniform(50.0, 59.99), 2)
+
+
+ ""
+
+
+
+
diff --git a/docker/conpot_guardianast/dist/requirements.txt b/docker/conpot_guardianast/dist/requirements.txt
new file mode 100644
index 00000000..ca8e6871
--- /dev/null
+++ b/docker/conpot_guardianast/dist/requirements.txt
@@ -0,0 +1,23 @@
+gevent>=1.0
+pysnmp==4.3.5
+pysmi==0.1.3
+lxml
+bottle
+jinja2
+beautifulsoup4
+requests
+sphinx==1.5.5
+libtaxii>=1.1.0
+MySQL-python
+xlrd
+crc16
+enum
+hpfeeds
+modbus-tk
+stix-validator
+stix
+cybox
+bacpypes==0.13.8
+pyghmi
+mixbox
+modbus-tk
diff --git a/docker/conpot_guardianast/doc/dashboard.png b/docker/conpot_guardianast/doc/dashboard.png
new file mode 100644
index 00000000..b4830b52
Binary files /dev/null and b/docker/conpot_guardianast/doc/dashboard.png differ
diff --git a/docker/conpot_guardianast/docker-compose.yml b/docker/conpot_guardianast/docker-compose.yml
new file mode 100644
index 00000000..e84c27ce
--- /dev/null
+++ b/docker/conpot_guardianast/docker-compose.yml
@@ -0,0 +1,18 @@
+version: '2.1a'
+
+networks:
+ conpot_guardianast_local:
+
+services:
+
+# Conpot service using the Guardian AST Tank Monitoring System Template
+ conpot_guardianast:
+ container_name: conpot_guardianast
+ restart: always
+ networks:
+ - conpot_guardianast_local
+ ports:
+ - "10001:10001"
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_guardianast/log:/var/log/conpot_guardianast
diff --git a/docker/conpot/Dockerfile b/docker/conpot_kamstrup/Dockerfile
similarity index 61%
rename from docker/conpot/Dockerfile
rename to docker/conpot_kamstrup/Dockerfile
index 97b1fc09..4a21b2af 100644
--- a/docker/conpot/Dockerfile
+++ b/docker/conpot_kamstrup/Dockerfile
@@ -21,20 +21,20 @@ RUN apk -U add bash \
py-cffi && \
# Setup ConPot
- git clone https://github.com/mushorg/conpot /opt/conpot/ && \
- cd /opt/conpot/ && \
+ git clone https://github.com/mushorg/conpot /opt/conpot_kamstrup/ && \
+ cd /opt/conpot_kamstrup/ && \
git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
- cp /root/dist/requirements.txt /opt/conpot/ && \
+ cp /root/dist/requirements.txt /opt/conpot_kamstrup/ && \
python setup.py install && \
cd / && \
- rm -rf /opt/conpot /tmp/* /var/tmp/* && \
+ rm -rf /opt/conpot_kamstrup /tmp/* /var/tmp/* && \
# Setup user, groups and configs
- addgroup -g 2000 conpot && \
- adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot && \
- mkdir -p /etc/conpot /var/log/conpot && \
- mv /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
- mv /root/dist/kamstrup_382/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/templates/kamstrup_382/ && \
+ addgroup -g 2000 conpot_kamstrup && \
+ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_kamstrup && \
+ mkdir -p /etc/conpot_kamstrup /var/log/conpot_kamstrup && \
+ mv /root/dist/conpot.cfg /etc/conpot_kamstrup/conpot_kamstrup.cfg && \
+ mv /root/dist/kamstrup_382/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_kamstrup/templates/kamstrup_382/ && \
# Clean up
apk del build-base \
@@ -51,4 +51,4 @@ RUN apk -U add bash \
rm -rf /var/cache/apk/*
# Run supervisor upon container start
-CMD ["/usr/bin/conpot", "--template", "kamstrup_382", "--logfile", "/var/log/conpot/conpot.log", "--config", "/etc/conpot/conpot.cfg"]
+CMD ["/usr/bin/conpot", "--template", "kamstrup_382", "--logfile", "/var/log/conpot_kamstrup/conpot_kamstrup.log", "--config", "/etc/conpot_kamstrup/conpot_kamstrup.cfg"]
diff --git a/docker/conpot_kamstrup/README.md b/docker/conpot_kamstrup/README.md
new file mode 100644
index 00000000..6b8c2078
--- /dev/null
+++ b/docker/conpot_kamstrup/README.md
@@ -0,0 +1,15 @@
+[](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
+
+# conpot
+
+[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behavior of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
+
+This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+
+The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.
+
+The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
+
+# ConPot Dashboard
+
+
diff --git a/docker/conpot_kamstrup/dist/conpot_kamstrup.cfg b/docker/conpot_kamstrup/dist/conpot_kamstrup.cfg
new file mode 100644
index 00000000..cf01ab95
--- /dev/null
+++ b/docker/conpot_kamstrup/dist/conpot_kamstrup.cfg
@@ -0,0 +1,58 @@
+[common]
+sensorid = conpot_kamstrup
+
+[session]
+timeout = 30
+
+[daemon]
+user = conpot_kamstrup
+group = conpot_kamstrup
+
+[json]
+enabled = True
+filename = /var/log/conpot_kamstrup/conpot_kamstrup.json
+
+[sqlite]
+enabled = False
+
+[mysql]
+enabled = False
+device = /tmp/mysql.sock
+host = localhost
+port = 3306
+db = conpot_kamstrup
+username = conpot_kamstrup
+passphrase = conpot_kamstrup
+socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
+
+[syslog]
+enabled = False
+device = /dev/log
+host = localhost
+port = 514
+facility = local0
+socket = dev ; udp (sends to host:port), dev (sends to device)
+
+[hpfriends]
+enabled = False
+host = hpfriends.honeycloud.net
+port = 20000
+ident = 3Ykf9Znv
+secret = 4nFRhpm44QkG9cvD
+channels = ["conpot.events", ]
+
+[taxii]
+enabled = False
+host = taxiitest.mitre.org
+port = 80
+inbox_path = /services/inbox/default/
+use_https = False
+
+[fetch_public_ip]
+enabled = True
+urls = ["http://whatismyip.akamai.com/", "http://wgetip.com/"]
+
+[change_mac_addr]
+enabled = False
+iface = eth0
+addr = 00:de:ad:be:ef:00
diff --git a/docker/conpot/dist/kamstrup_382/template.xml b/docker/conpot_kamstrup/dist/kamstrup_382/template.xml
similarity index 100%
rename from docker/conpot/dist/kamstrup_382/template.xml
rename to docker/conpot_kamstrup/dist/kamstrup_382/template.xml
diff --git a/docker/conpot_kamstrup/dist/requirements.txt b/docker/conpot_kamstrup/dist/requirements.txt
new file mode 100644
index 00000000..ca8e6871
--- /dev/null
+++ b/docker/conpot_kamstrup/dist/requirements.txt
@@ -0,0 +1,23 @@
+gevent>=1.0
+pysnmp==4.3.5
+pysmi==0.1.3
+lxml
+bottle
+jinja2
+beautifulsoup4
+requests
+sphinx==1.5.5
+libtaxii>=1.1.0
+MySQL-python
+xlrd
+crc16
+enum
+hpfeeds
+modbus-tk
+stix-validator
+stix
+cybox
+bacpypes==0.13.8
+pyghmi
+mixbox
+modbus-tk
diff --git a/docker/conpot_kamstrup/doc/dashboard.png b/docker/conpot_kamstrup/doc/dashboard.png
new file mode 100644
index 00000000..b4830b52
Binary files /dev/null and b/docker/conpot_kamstrup/doc/dashboard.png differ
diff --git a/docker/conpot_kamstrup/docker-compose.yml b/docker/conpot_kamstrup/docker-compose.yml
new file mode 100644
index 00000000..52fb5adb
--- /dev/null
+++ b/docker/conpot_kamstrup/docker-compose.yml
@@ -0,0 +1,19 @@
+version: '2.1a'
+
+networks:
+ conpot_kamstrup_local:
+
+services:
+
+# Conpot service using Kamstrup Template
+ conpot_kamstrup:
+ container_name: conpot_kamstrup
+ restart: always
+ networks:
+ - conpot_kamstrup_local
+ ports:
+ - "1025:1025"
+ - "50100:50100"
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_kamstrup/log:/var/log/conpot_kamstrup
diff --git a/etc/compose/all.yml b/etc/compose/all.yml
index 130af3aa..21c8a676 100644
--- a/etc/compose/all.yml
+++ b/etc/compose/all.yml
@@ -1,9 +1,12 @@
# T-Pot (Everything)
# For docker-compose ...
-version: '2.2'
+version: '2.2a'
networks:
- conpot_local:
+ conpot_kamstrup_local:
+ conpot_default_local:
+ conpot_guardian_ast_local:
+ conpot_IEC104_local:
cowrie_local:
dionaea_local:
elasticpot_local:
@@ -18,19 +21,57 @@ networks:
services:
-# Conpot service
- conpot:
- container_name: conpot
+# Conpot service - Kamstrup Template
+ conpot_kamstrup:
+ container_name: conpot_kamstrup
restart: always
networks:
- - conpot_local
+ - conpot_kamstrup_local
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1710"
volumes:
- - /data/conpot/log:/var/log/conpot
+ - /data/conpot_kamstrup_local/log:/var/log/conpot_kamstrup_local
+# Conpot service - Default Template
+ conpot_default:
+ container_name: conpot_default
+ restart: always
+ networks:
+ - conpot_default_local
+ ports:
+ - "102:102"
+ - "502:502"
+ - "161:161/udp
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_default_local/log:/var/log/conpot_default_local
+
+# Conpot service - Guardian AST Template
+ conpot_guardian_ast:
+ container_name: conpot_guardian_ast
+ restart: always
+ networks:
+ - conpot_guardian_ast_local
+ ports:
+ - "10001:10001"
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_guardian_ast_local/log:/var/log/conpot_guardian_ast_local
+
+# Conpot service - IEC104 Template
+ conpot_IEC104:
+ container_name: conpot_IEC104
+ restart: always
+ networks:
+ - conpot_IEC104_local
+ ports:
+ - "2404:2404"
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_IEC104_local/log:/var/log/conpot_IEC104_local
+
# Cowrie service
cowrie:
container_name: cowrie
diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml
index 29262782..1dded7b2 100644
--- a/etc/compose/industrial.yml
+++ b/etc/compose/industrial.yml
@@ -1,9 +1,12 @@
# T-Pot (Industrial)
# For docker-compose ...
-version: '2.2'
+version: '2.2a'
networks:
- conpot_local:
+ conpot_kamstrup_local:
+ conpot_default_local:
+ conpot_guardian_ast_local:
+ conpot_IEC104_local:
emobility_local:
ewsposter_local:
spiderfoot_local:
@@ -11,18 +14,57 @@ networks:
services:
-# Conpot service
- conpot:
- container_name: conpot
+# Conpot service - Kamstrup Template
+ conpot_kamstrup:
+ container_name: conpot_kamstrup
restart: always
networks:
- - conpot_local
+ - conpot_kamstrup_local
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1710"
volumes:
- - /data/conpot/log:/var/log/conpot
+ - /data/conpot_kamstrup_local/log:/var/log/conpot_kamstrup_local
+
+# Conpot service - Default Template
+ conpot_default:
+ container_name: conpot_default
+ restart: always
+ networks:
+ - conpot_default_local
+ ports:
+ - "102:102"
+ - "502:502"
+ - "161:161/udp
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_default_local/log:/var/log/conpot_default_local
+
+# Conpot service - Guardian AST Template
+ conpot_guardian_ast:
+ container_name: conpot_guardian_ast
+ restart: always
+ networks:
+ - conpot_guardian_ast_local
+ ports:
+ - "10001:10001"
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_guardian_ast_local/log:/var/log/conpot_guardian_ast_local
+
+# Conpot service - IEC104 Template
+ conpot_IEC104:
+ container_name: conpot_IEC104
+ restart: always
+ networks:
+ - conpot_IEC104_local
+ ports:
+ - "2404:2404"
+ image: "dtagdevsec/conpot:1710"
+ volumes:
+ - /data/conpot_IEC104_local/log:/var/log/conpot_IEC104_local
+
# ELK services
## Elasticsearch service
diff --git a/host/etc/systemd/tpot.service b/host/etc/systemd/tpot.service
index 9de26330..61339899 100644
--- a/host/etc/systemd/tpot.service
+++ b/host/etc/systemd/tpot.service
@@ -37,6 +37,8 @@ ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 102,502,2404,10001 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p udp -m multiport --dports 69,161 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
# Compose T-Pot up
@@ -52,6 +54,8 @@ ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 102,502,2404,10001 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -D INPUT -p udp -m multiport --dports 69,161 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
[Install]