From e43e8277fcd78a5469101e7d4a0374a0a6c53bea Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Mon, 9 Dec 2024 17:38:25 +0100 Subject: [PATCH] tweaking nginx, ddospot: - Remove ddospot from standard - Add ddospot only to tarpit - Decouple nginx from host mode, only export tcp/64297, tcp/64294 - Adjust editions accordingly - Keep LUA settings in Nginx config for now, just in case we find a different use case --- compose/llm.yml | 20 +++++++++-- compose/mac_win.yml | 24 ------------- compose/mini.yml | 20 +++++++++-- compose/sensor.yml | 24 ------------- compose/standard.yml | 46 ++++++++++-------------- compose/tarpit.yml | 44 +++++++++++++++++++++-- compose/tpot_services.yml | 20 +++++++++-- docker-compose.yml | 54 +++++++++++------------------ docker/nginx/dist/conf/lsweb.conf | 2 +- docker/nginx/dist/conf/tpotweb.conf | 10 +++--- 10 files changed, 136 insertions(+), 128 deletions(-) diff --git a/compose/llm.yml b/compose/llm.yml index 6832e6c3..c2f7ce5e 100644 --- a/compose/llm.yml +++ b/compose/llm.yml @@ -2,7 +2,7 @@ networks: beelzebub_local: galah_local: - spiderfoot_local: + nginx_local: ewsposter_local: services: @@ -165,6 +165,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - bootstrap.memory_lock=true - ES_JAVA_OPTS=-Xms2048m -Xmx2048m @@ -193,6 +195,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local mem_limit: 1g ports: - "127.0.0.1:64296:5601" @@ -206,6 +210,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - TPOT_TYPE=${TPOT_TYPE:-HIVE} @@ -227,6 +233,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local stop_signal: SIGKILL tty: true image: ${TPOT_REPO}/redis:${TPOT_VERSION} @@ -240,6 +248,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=AttackMapServer.py stop_signal: SIGKILL @@ -256,6 +266,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=DataServer_v2.py - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT} @@ -307,9 +319,11 @@ services: - /var/tmp/nginx/scgi - /run - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" + networks: + - nginx_local ports: - "64297:64297" + - "64294:64294" image: ${TPOT_REPO}/nginx:${TPOT_VERSION} pull_policy: ${TPOT_PULL_POLICY} read_only: true @@ -327,7 +341,7 @@ services: tpotinit: condition: service_healthy networks: - - spiderfoot_local + - nginx_local ports: - "127.0.0.1:64303:8080" image: ${TPOT_REPO}/spiderfoot:${TPOT_VERSION} diff --git a/compose/mac_win.yml b/compose/mac_win.yml index dc954039..4d90eafe 100644 --- a/compose/mac_win.yml +++ b/compose/mac_win.yml @@ -4,7 +4,6 @@ networks: adbhoney_local: ciscoasa_local: cowrie_local: - ddospot_local: dicompot_local: dionaea_local: elasticpot_local: @@ -135,29 +134,6 @@ services: - ${TPOT_DATA_PATH}/cowrie/log:/home/cowrie/cowrie/log - ${TPOT_DATA_PATH}/cowrie/log/tty:/home/cowrie/cowrie/log/tty -# Ddospot service - ddospot: - container_name: ddospot - restart: always - depends_on: - tpotinit: - condition: service_healthy - networks: - - ddospot_local - ports: - - "19:19/udp" -# - "53:53/udp" - - "123:123/udp" -# - "161:161/udp" - - "1900:1900/udp" - image: ${TPOT_REPO}/ddospot:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/ddospot/log:/opt/ddospot/ddospot/logs - - ${TPOT_DATA_PATH}/ddospot/bl:/opt/ddospot/ddospot/bl - - ${TPOT_DATA_PATH}/ddospot/db:/opt/ddospot/ddospot/db - # Dicompot service # Get the Horos Client for testing: https://horosproject.org/ # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ diff --git a/compose/mini.yml b/compose/mini.yml index 2fca53e1..67d32f06 100644 --- a/compose/mini.yml +++ b/compose/mini.yml @@ -9,7 +9,7 @@ networks: dicompot_local: honeypots_local: medpot_local: - spiderfoot_local: + nginx_local: ewsposter_local: services: @@ -364,6 +364,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - bootstrap.memory_lock=true - ES_JAVA_OPTS=-Xms2048m -Xmx2048m @@ -392,6 +394,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local mem_limit: 1g ports: - "127.0.0.1:64296:5601" @@ -405,6 +409,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - TPOT_TYPE=${TPOT_TYPE:-HIVE} @@ -426,6 +432,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local stop_signal: SIGKILL tty: true image: ${TPOT_REPO}/redis:${TPOT_VERSION} @@ -439,6 +447,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=AttackMapServer.py stop_signal: SIGKILL @@ -455,6 +465,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=DataServer_v2.py - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT} @@ -506,9 +518,11 @@ services: - /var/tmp/nginx/scgi - /run - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" + networks: + - nginx_local ports: - "64297:64297" + - "64294:64294" image: ${TPOT_REPO}/nginx:${TPOT_VERSION} pull_policy: ${TPOT_PULL_POLICY} read_only: true @@ -526,7 +540,7 @@ services: tpotinit: condition: service_healthy networks: - - spiderfoot_local + - nginx_local ports: - "127.0.0.1:64303:8080" image: ${TPOT_REPO}/spiderfoot:${TPOT_VERSION} diff --git a/compose/sensor.yml b/compose/sensor.yml index 34577a18..200a2bb0 100644 --- a/compose/sensor.yml +++ b/compose/sensor.yml @@ -7,7 +7,6 @@ networks: conpot_local_ipmi: conpot_local_kamstrup_382: cowrie_local: - ddospot_local: dicompot_local: dionaea_local: elasticpot_local: @@ -221,29 +220,6 @@ services: - ${TPOT_DATA_PATH}/cowrie/log:/home/cowrie/cowrie/log - ${TPOT_DATA_PATH}/cowrie/log/tty:/home/cowrie/cowrie/log/tty -# Ddospot service - ddospot: - container_name: ddospot - restart: always - depends_on: - tpotinit: - condition: service_healthy - networks: - - ddospot_local - ports: - - "19:19/udp" - - "53:53/udp" - - "123:123/udp" -# - "161:161/udp" - - "1900:1900/udp" - image: ${TPOT_REPO}/ddospot:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/ddospot/log:/opt/ddospot/ddospot/logs - - ${TPOT_DATA_PATH}/ddospot/bl:/opt/ddospot/ddospot/bl - - ${TPOT_DATA_PATH}/ddospot/db:/opt/ddospot/ddospot/db - # Dicompot service # Get the Horos Client for testing: https://horosproject.org/ # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ diff --git a/compose/standard.yml b/compose/standard.yml index 86192a1a..ed5b378b 100644 --- a/compose/standard.yml +++ b/compose/standard.yml @@ -7,7 +7,6 @@ networks: conpot_local_ipmi: conpot_local_kamstrup_382: cowrie_local: - ddospot_local: dicompot_local: dionaea_local: elasticpot_local: @@ -21,8 +20,8 @@ networks: redishoneypot_local: sentrypeer_local: tanner_local: - spiderfoot_local: wordpot_local: + nginx_local: ewsposter_local: services: @@ -223,29 +222,6 @@ services: - ${TPOT_DATA_PATH}/cowrie/log:/home/cowrie/cowrie/log - ${TPOT_DATA_PATH}/cowrie/log/tty:/home/cowrie/cowrie/log/tty -# Ddospot service - ddospot: - container_name: ddospot - restart: always - depends_on: - tpotinit: - condition: service_healthy - networks: - - ddospot_local - ports: - - "19:19/udp" - - "53:53/udp" - - "123:123/udp" -# - "161:161/udp" - - "1900:1900/udp" - image: ${TPOT_REPO}/ddospot:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/ddospot/log:/opt/ddospot/ddospot/logs - - ${TPOT_DATA_PATH}/ddospot/bl:/opt/ddospot/ddospot/bl - - ${TPOT_DATA_PATH}/ddospot/db:/opt/ddospot/ddospot/db - # Dicompot service # Get the Horos Client for testing: https://horosproject.org/ # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ @@ -335,7 +311,7 @@ services: networks: - h0neytr4p_local ports: - - "443:443" + - "443:443" # - "80:80" image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION} pull_policy: ${TPOT_PULL_POLICY} @@ -694,6 +670,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - bootstrap.memory_lock=true - ES_JAVA_OPTS=-Xms2048m -Xmx2048m @@ -722,6 +700,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local mem_limit: 1g ports: - "127.0.0.1:64296:5601" @@ -735,6 +715,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - TPOT_TYPE=${TPOT_TYPE:-HIVE} @@ -756,6 +738,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local stop_signal: SIGKILL tty: true image: ${TPOT_REPO}/redis:${TPOT_VERSION} @@ -769,6 +753,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=AttackMapServer.py stop_signal: SIGKILL @@ -785,6 +771,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=DataServer_v2.py - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT} @@ -836,9 +824,11 @@ services: - /var/tmp/nginx/scgi - /run - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" + networks: + - nginx_local ports: - "64297:64297" + - "64294:64294" image: ${TPOT_REPO}/nginx:${TPOT_VERSION} pull_policy: ${TPOT_PULL_POLICY} read_only: true @@ -856,7 +846,7 @@ services: tpotinit: condition: service_healthy networks: - - spiderfoot_local + - nginx_local ports: - "127.0.0.1:64303:8080" image: ${TPOT_REPO}/spiderfoot:${TPOT_VERSION} diff --git a/compose/tarpit.yml b/compose/tarpit.yml index d7fdb10b..0d831f91 100644 --- a/compose/tarpit.yml +++ b/compose/tarpit.yml @@ -1,10 +1,11 @@ # T-Pot: TARPIT networks: + ddospot_local: endlessh_local: go-pot_local: hellpot_local: heralding_local: - spiderfoot_local: + nginx_local: ewsposter_local: services: @@ -41,6 +42,29 @@ services: #### Honeypots ################## +# Ddospot service + ddospot: + container_name: ddospot + restart: always + depends_on: + tpotinit: + condition: service_healthy + networks: + - ddospot_local + ports: + - "19:19/udp" + - "53:53/udp" + - "123:123/udp" +# - "161:161/udp" + - "1900:1900/udp" + image: ${TPOT_REPO}/ddospot:${TPOT_VERSION} + pull_policy: ${TPOT_PULL_POLICY} + read_only: true + volumes: + - ${TPOT_DATA_PATH}/ddospot/log:/opt/ddospot/ddospot/logs + - ${TPOT_DATA_PATH}/ddospot/bl:/opt/ddospot/ddospot/bl + - ${TPOT_DATA_PATH}/ddospot/db:/opt/ddospot/ddospot/db + # Endlessh service endlessh: container_name: endlessh @@ -197,6 +221,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - bootstrap.memory_lock=true - ES_JAVA_OPTS=-Xms2048m -Xmx2048m @@ -225,6 +251,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local mem_limit: 1g ports: - "127.0.0.1:64296:5601" @@ -238,6 +266,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - TPOT_TYPE=${TPOT_TYPE:-HIVE} @@ -259,6 +289,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local stop_signal: SIGKILL tty: true image: ${TPOT_REPO}/redis:${TPOT_VERSION} @@ -272,6 +304,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=AttackMapServer.py stop_signal: SIGKILL @@ -288,6 +322,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=DataServer_v2.py - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT} @@ -339,9 +375,11 @@ services: - /var/tmp/nginx/scgi - /run - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" + networks: + - nginx_local ports: - "64297:64297" + - "64294:64294" image: ${TPOT_REPO}/nginx:${TPOT_VERSION} pull_policy: ${TPOT_PULL_POLICY} read_only: true @@ -359,7 +397,7 @@ services: tpotinit: condition: service_healthy networks: - - spiderfoot_local + - nginx_local ports: - "127.0.0.1:64303:8080" image: ${TPOT_REPO}/spiderfoot:${TPOT_VERSION} diff --git a/compose/tpot_services.yml b/compose/tpot_services.yml index f1e725c0..52f68ae6 100644 --- a/compose/tpot_services.yml +++ b/compose/tpot_services.yml @@ -33,7 +33,7 @@ networks: sentrypeer_local: tanner_local: wordpot_local: - spiderfoot_local: + nginx_local: ewsposter_local: services: @@ -925,6 +925,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - bootstrap.memory_lock=true - ES_JAVA_OPTS=-Xms2048m -Xmx2048m @@ -953,6 +955,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local mem_limit: 1g ports: - "127.0.0.1:64296:5601" @@ -966,6 +970,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - TPOT_TYPE=${TPOT_TYPE:-HIVE} @@ -987,6 +993,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local stop_signal: SIGKILL tty: true image: ${TPOT_REPO}/redis:${TPOT_VERSION} @@ -1000,6 +1008,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=AttackMapServer.py stop_signal: SIGKILL @@ -1016,6 +1026,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=DataServer_v2.py - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT} @@ -1067,9 +1079,11 @@ services: - /var/tmp/nginx/scgi - /run - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" + networks: + - nginx_local ports: - "64297:64297" + - "64294:64294" image: ${TPOT_REPO}/nginx:${TPOT_VERSION} pull_policy: ${TPOT_PULL_POLICY} read_only: true @@ -1087,7 +1101,7 @@ services: tpotinit: condition: service_healthy networks: - - spiderfoot_local + - nginx_local ports: - "127.0.0.1:64303:8080" image: ${TPOT_REPO}/spiderfoot:${TPOT_VERSION} diff --git a/docker-compose.yml b/docker-compose.yml index e4c36dc1..ed5b378b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,6 @@ networks: conpot_local_ipmi: conpot_local_kamstrup_382: cowrie_local: - ddospot_local: dicompot_local: dionaea_local: elasticpot_local: @@ -21,8 +20,8 @@ networks: redishoneypot_local: sentrypeer_local: tanner_local: - spiderfoot_local: wordpot_local: + nginx_local: ewsposter_local: services: @@ -223,29 +222,6 @@ services: - ${TPOT_DATA_PATH}/cowrie/log:/home/cowrie/cowrie/log - ${TPOT_DATA_PATH}/cowrie/log/tty:/home/cowrie/cowrie/log/tty -# Ddospot service - ddospot: - container_name: ddospot - restart: always - depends_on: - tpotinit: - condition: service_healthy - networks: - - ddospot_local - ports: - - "19:19/udp" - - "53:53/udp" - - "123:123/udp" -# - "161:161/udp" - - "1900:1900/udp" - image: ${TPOT_REPO}/ddospot:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/ddospot/log:/opt/ddospot/ddospot/logs - - ${TPOT_DATA_PATH}/ddospot/bl:/opt/ddospot/ddospot/bl - - ${TPOT_DATA_PATH}/ddospot/db:/opt/ddospot/ddospot/db - # Dicompot service # Get the Horos Client for testing: https://horosproject.org/ # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ @@ -335,7 +311,7 @@ services: networks: - h0neytr4p_local ports: - - "443:443" + - "443:443" # - "80:80" image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION} pull_policy: ${TPOT_PULL_POLICY} @@ -435,16 +411,12 @@ services: # Mailoney service mailoney: container_name: mailoney + stdin_open: true + tty: true restart: always depends_on: tpotinit: condition: service_healthy - environment: - - HPFEEDS_SERVER= - - HPFEEDS_IDENT=user - - HPFEEDS_SECRET=pass - - HPFEEDS_PORT=20000 - - HPFEEDS_CHANNELPREFIX=prefix networks: - mailoney_local ports: @@ -698,6 +670,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - bootstrap.memory_lock=true - ES_JAVA_OPTS=-Xms2048m -Xmx2048m @@ -726,6 +700,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local mem_limit: 1g ports: - "127.0.0.1:64296:5601" @@ -739,6 +715,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - LS_JAVA_OPTS=-Xms1024m -Xmx1024m - TPOT_TYPE=${TPOT_TYPE:-HIVE} @@ -760,6 +738,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local stop_signal: SIGKILL tty: true image: ${TPOT_REPO}/redis:${TPOT_VERSION} @@ -773,6 +753,8 @@ services: depends_on: tpotinit: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=AttackMapServer.py stop_signal: SIGKILL @@ -789,6 +771,8 @@ services: depends_on: elasticsearch: condition: service_healthy + networks: + - nginx_local environment: - MAP_COMMAND=DataServer_v2.py - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT} @@ -840,9 +824,11 @@ services: - /var/tmp/nginx/scgi - /run - /var/lib/nginx/tmp:uid=100,gid=82 - network_mode: "host" + networks: + - nginx_local ports: - "64297:64297" + - "64294:64294" image: ${TPOT_REPO}/nginx:${TPOT_VERSION} pull_policy: ${TPOT_PULL_POLICY} read_only: true @@ -860,7 +846,7 @@ services: tpotinit: condition: service_healthy networks: - - spiderfoot_local + - nginx_local ports: - "127.0.0.1:64303:8080" image: ${TPOT_REPO}/spiderfoot:${TPOT_VERSION} diff --git a/docker/nginx/dist/conf/lsweb.conf b/docker/nginx/dist/conf/lsweb.conf index f91e0c15..8ae24bed 100644 --- a/docker/nginx/dist/conf/lsweb.conf +++ b/docker/nginx/dist/conf/lsweb.conf @@ -101,7 +101,7 @@ server { if tpot_ostype == "mac" or tpot_ostype == "win" then return "http://logstash:64305"; else - return "http://127.0.0.1:64305"; + return "http://logstash:64305"; end } access_log off; diff --git a/docker/nginx/dist/conf/tpotweb.conf b/docker/nginx/dist/conf/tpotweb.conf index 2553fe2d..a1e85fdc 100644 --- a/docker/nginx/dist/conf/tpotweb.conf +++ b/docker/nginx/dist/conf/tpotweb.conf @@ -128,7 +128,7 @@ server { if tpot_ostype == "mac" or tpot_ostype == "win" then return "http://kibana:5601"; else - return "http://127.0.0.1:64296"; + return "http://kibana:5601"; end } proxy_pass $kibana; @@ -142,7 +142,7 @@ server { if tpot_ostype == "mac" or tpot_ostype == "win" then return "http://elasticsearch:9200"; else - return "http://127.0.0.1:64298"; + return "http://elasticsearch:9200"; end } @@ -157,7 +157,7 @@ server { if tpot_ostype == "mac" or tpot_ostype == "win" then return "http://map_web:64299"; else - return "http://127.0.0.1:64299"; + return "http://map_web:64299"; end } proxy_pass $map_web; @@ -175,7 +175,7 @@ server { if tpot_ostype == "mac" or tpot_ostype == "win" then return "http://map_web:64299"; else - return "http://127.0.0.1:64299"; + return "http://map_web:64299"; end } proxy_pass $map_web; @@ -193,7 +193,7 @@ server { if tpot_ostype == "mac" or tpot_ostype == "win" then return "http://spiderfoot:8080"; else - return "http://127.0.0.1:64303"; + return "http://spiderfoot:8080"; end } location /spiderfoot/ {