mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-19 13:42:26 +00:00
update for py 3.12, harden image
This commit is contained in:
t3chn0m4g3
parent
09716a30c1
commit
f04455544e
1 changed files with 16 additions and 18 deletions
|
|
@ -1,21 +1,21 @@
|
|||
FROM alpine:3.19
|
||||
FROM alpine:3.20 AS builder
|
||||
#
|
||||
# Install packages
|
||||
RUN apk --no-cache -U add \
|
||||
build-base \
|
||||
git \
|
||||
libcap \
|
||||
openssl \
|
||||
py3-pip \
|
||||
python3 && \
|
||||
#
|
||||
pip3 install --break-system-packages --no-cache-dir python-json-logger && \
|
||||
pip3 install --break-system-packages --no-cache-dir \
|
||||
pyinstaller \
|
||||
python-json-logger
|
||||
#
|
||||
# Install CitrixHoneypot from GitHub
|
||||
git clone https://github.com/t3chn0m4g3/CitrixHoneypot /opt/citrixhoneypot && \
|
||||
RUN git clone https://github.com/t3chn0m4g3/CitrixHoneypot /opt/citrixhoneypot && \
|
||||
cd /opt/citrixhoneypot && \
|
||||
git checkout f59ad7320dc5bbb8c23c8baa5f111b52c52fbef3 && \
|
||||
#
|
||||
# Setup user, groups and configs
|
||||
mkdir -p /opt/citrixhoneypot/logs /opt/citrixhoneypot/ssl && \
|
||||
openssl req \
|
||||
-nodes \
|
||||
|
|
@ -25,20 +25,18 @@ RUN apk --no-cache -U add \
|
|||
-out "/opt/citrixhoneypot/ssl/cert.pem" \
|
||||
-days 365 \
|
||||
-subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' && \
|
||||
addgroup -g 2000 citrixhoneypot && \
|
||||
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 citrixhoneypot && \
|
||||
chown -R citrixhoneypot:citrixhoneypot /opt/citrixhoneypot && \
|
||||
setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
|
||||
chown 2000:2000 -R ssl/
|
||||
#
|
||||
# Clean up
|
||||
apk del --purge git \
|
||||
openssl && \
|
||||
rm -rf /root/* \
|
||||
/opt/citrixhoneypot/.git \
|
||||
/var/cache/apk/*
|
||||
WORKDIR /opt/citrixhoneypot
|
||||
RUN pyinstaller CitrixHoneypot.py
|
||||
#
|
||||
FROM alpine:3.20
|
||||
COPY --from=builder /opt/citrixhoneypot/dist/CitrixHoneypot/ /opt/citrixhoneypot
|
||||
COPY --from=builder /opt/citrixhoneypot/ssl /opt/citrixhoneypot/ssl
|
||||
COPY --from=builder /opt/citrixhoneypot/responses/ /opt/citrixhoneypot/responses
|
||||
#
|
||||
# Set workdir and start citrixhoneypot
|
||||
STOPSIGNAL SIGINT
|
||||
USER citrixhoneypot:citrixhoneypot
|
||||
USER 2000:2000
|
||||
WORKDIR /opt/citrixhoneypot/
|
||||
CMD nohup /usr/bin/python3 CitrixHoneypot.py
|
||||
CMD nohup ./CitrixHoneypot
|
||||
|
|
|
|||
Loading…
Reference in a new issue