cleaning up

docker/elk/logstash/dist/logstash.conf

@@ -109,11 +109,6 @@ input {
     type => "Tanner"
   }
 
-# Vnclowpot
-  file {
-    path => ["/data/vnclowpot/log/vnclowpot.log"]
-    type => "Vnclowpot"
-  }
 }
 
 # Filter Section
@@ -336,22 +331,6 @@ filter {
     }
   }
 
-# Vnclowpot
-  if [type] == "Vnclowpot" {
-    grok {
-      match => [ "message", "\A%{NOTSPACE}%{SPACE}%{TIME}%{SPACE}%{IPV4:src_ip}:%{INT:src_port}%{SPACE}%{NOTSPACE:vnc_handshake}" ]
-    }
-    date {
-      match => [ "timestamp", "yyyy/MM/dd HH:mm:ss" ]
-      remove_field => ["timestamp"]
-    }
-    mutate {
-      add_field => {
-        "dest_port" => "5900"
-      }
-    }
-  }
-
 # Drop if parse fails
 if "_grokparsefailure" in [tags] { drop {} }
 
@@ -393,7 +372,7 @@ if "_grokparsefailure" in [tags] { drop {} }
   }
 
 # Add T-Pot hostname and external IP
-  if [type] == "Ciscoasa" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "eMobility" or [type] == "Glastopf" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Mailoney" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" or [type] == "Vnclowpot" {
+  if [type] == "Ciscoasa" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Glastopf" or [type] == "Glutton" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" {
     mutate {
       add_field => {
         "t-pot_ip_ext" => "${MY_EXTIP}"

docker/vnclowpot/Dockerfile

@@ -1,30 +0,0 @@
-FROM alpine
-
-# Setup apk
-RUN apk -U --no-cache add \
-               build-base \
-               git \
-               go && \
-
-# Setup go, vnclowpot
-    export GOPATH=/opt/go/ && \
-    mkdir -p /opt/go/ && \
-    cd /opt && \
-    go get github.com/magisterquis/vnclowpot && \
-    go install github.com/magisterquis/vnclowpot && \
-
-# Setup user, groups and configs
-    addgroup -g 2000 vnclowpot  && \
-    adduser -S -s /bin/bash -u 2000 -D -g 2000 vnclowpot && \
-    mkdir -p /var/log/vnclowpot && \
-
-# Clean up
-    apk del build-base \
-            git \
-            go && \
-    rm -rf /opt/go/src \
-           /var/cache/apk/* \
-
-# Run supervisor upon container start
-USER vnclowpot:vnclowpot
-CMD exec /opt/go/bin/vnclowpot -j >> /var/log/vnclowpot/vnclowpot.log

docker/vnclowpot/README.md

@@ -1,15 +0,0 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/vnclowpot:1804.svg)](https://microbadger.com/images/dtagdevsec/vnclowpot:1804 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/vnclowpot:1804.svg)](https://microbadger.com/images/dtagdevsec/vnclowpot:1804 "Get your own image badge on microbadger.com")
-
-# vnclowpot
-
-[vnclowpot](https://github.com/magisterquis/vnclowpot) is a low-interaction VNC honeypot with a static challenge.
-
-This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
-
-The `Dockerfile` contains the blueprint for the dockerized vnclowpot and will be used to setup the docker image.
-
-The `docker-compose.yml` contains the necessary settings to test vnclowpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
-
-# vnclowpot Dashboard
-
-![vnclowpot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/vnclowpot/doc/dashboard.png)

docker/vnclowpot/docker-compose.yml

@@ -1,20 +0,0 @@
-version: '2.3'
-
-networks:
-  vnclowpot_local:
-
-services:
-
-# vnclowpot service
-  vnclowpot:
-    build: .
-    container_name: vnclowpot
-    restart: always
-    networks:
-     - vnclowpot_local
-    ports:
-     - "5900:5900"
-    image: "dtagdevsec/vnclowpot:1804"
-    read_only: true
-    volumes:
-     - /data/vnclowpot/log:/var/log/vnclowpot