bump base images

- Ciscoasa, update py package
- Cowrie, remove build artifact
- Dicompot, harden image
- Dionaea, hardening, update for py3.12

docker/ciscoasa/Dockerfile

@@ -1,13 +1,13 @@
 FROM alpine:3.20 AS builder
 #
 # Install packages
-RUN apk --no-cache -U add build-base \
+RUN apk --no-cache -U add \
+		build-base \
 		git \
 		libffi \
 		libffi-dev \
 		openssl \
 		openssl-dev \
-		py3-cryptography \
 		py3-pip \
 		python3 \
 		python3-dev && \

docker/cowrie/Dockerfile

@@ -58,6 +58,7 @@ RUN apk --no-cache -U add \
                     cd /home/cowrie/cowrie && \
                     /usr/bin/twistd --uid=2000 --gid=2000 -y cowrie.tac --pidfile cowrie.pid cowrie &" && \
     sleep 10 && \
+    rm -rf /home/cowrie/cowrie/etc && \
 #
 # Clean up
     apk del --purge build-base \

docker/ddospot/Dockerfile

@@ -46,9 +46,9 @@ RUN pyinstaller ddospot.py \
        --hidden-import twisted.internet.reactor \
        --hidden-import twisted.names.client \
        --hidden-import twisted.names.server \
-       --hidden-import=twisted.python \
-       --hidden-import=OpenSSL.crypto \
-       --hidden-import=OpenSSL.SSL
+       --hidden-import twisted.python \
+       --hidden-import OpenSSL.crypto \
+       --hidden-import OpenSSL.SSL
 #
 FROM alpine:3.20
 COPY --from=builder /opt/ddospot/ddospot/dist/ddospot/ /opt/ddospot/ddospot

docker/dicompot/Dockerfile

@@ -1,4 +1,8 @@
-FROM golang:1.21-alpine AS builder
+FROM golang:1.23-alpine AS builder
+#
+ENV GO111MODULE=on \
+    CGO_ENABLED=0 \
+    GOOS=linux
 #
 # Include dist
 COPY dist/ /root/dist/
@@ -7,32 +11,25 @@ COPY dist/ /root/dist/
 RUN apk --no-cache -U add \
 		build-base \
 		git \
-		g++ && \
+		g++
 #
 # Setup go, build dicompot 
-    mkdir -p /opt/go && \
-    export GOPATH=/opt/go/ && \
-    cd /opt/go/ && \
-    git clone https://github.com/nsmfoo/dicompot.git && \
+RUN git clone https://github.com/nsmfoo/dicompot.git && \
     cd dicompot && \
     git checkout 41331194156bbb17078bcc1594f4952ac06a731e && \
-    go mod download && \
-    go install -a -x github.com/nsmfoo/dicompot/server
+    cp /root/dist/go.mod . && \
+    pwd && ls -alR
+WORKDIR /go/dicompot
+RUN ls -alR
+RUN go mod tidy
+RUN go mod download
+RUN go build -o dicompot github.com/nsmfoo/dicompot/server
 #
-FROM alpine:3.19
+FROM scratch
 #
-# Setup dicompot
-#
-COPY --from=builder /opt/go/bin/server /opt/dicompot/server
+COPY --from=builder /go/dicompot/dicompot /opt/dicompot/dicompot
 COPY --from=builder /root/dist/dcm_pts/images /opt/dicompot/images
-#
-# Setup user, groups and configs
-#
-RUN addgroup -g 2000 dicompot && \
-    adduser -S -s /bin/ash -u 2000 -D -g 2000 dicompot && \
-    chown -R dicompot:dicompot /opt/dicompot
-#
-# Start dicompot  
 WORKDIR /opt/dicompot
-USER dicompot:dicompot
-CMD ["./server","-ip","0.0.0.0","-dir","images","-log","/var/log/dicompot/dicompot.log"]
+USER 2000:2000
+CMD ["-ip","0.0.0.0","-dir","images","-log","/var/log/dicompot/dicompot.log"]
+ENTRYPOINT ["./dicompot"]

docker/dicompot/dist/go.mod

@@ -0,0 +1,25 @@
+module github.com/nsmfoo/dicompot
+
+go 1.23
+
+require (
+	github.com/grailbio/go-dicom v0.0.0-20190117035129-c30d9eaca591
+	github.com/mattn/go-colorable v0.1.6
+	github.com/sirupsen/logrus v1.6.0
+	github.com/snowzach/rotatefilehook v0.0.0-20180327172521-2f64f265f58c
+)
+
+require (
+	github.com/BurntSushi/toml v0.3.1 // indirect
+	github.com/gobwas/glob v0.0.0-20170212200151-51eb1ee00b6d // indirect
+	github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect
+	github.com/mattn/go-isatty v0.0.12 // indirect
+	golang.org/x/sys v0.1.0 // indirect
+	golang.org/x/text v0.3.8 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
+	gopkg.in/yaml.v2 v2.3.0 // indirect
+)
+
+replace github.com/nsmfoo/dicompot => ../dicompot
+
+replace github.com/golang/lint => ../../golang/lint

docker/dicompot/docker-compose.yml

@@ -16,6 +16,7 @@ services:
     networks:
      - dicompot_local
     ports:
+     - "104:11112"
      - "11112:11112"
     image: "dtagdevsec/dicompot:24.04"
     read_only: true

docker/dionaea/Dockerfile

@@ -1,20 +1,12 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
 #
 # Include dist
 COPY dist/ /root/dist/
 #
-# Check if APT_PROXY is set and configure apt to use the proxy
-RUN bash -c 'if [ -n "${http_proxy}" ]; then \
-                 echo "Using APT proxy at ${http_proxy}"; \
-                 echo "Acquire::http::Proxy \"${http_proxy}\";" > /etc/apt/apt.conf.d/01proxy; \
-               else \
-                 echo "APT proxy not configured, proceeding without proxy"; \
-             fi' && \
-#    bash -c 'echo "Acquire::http::Proxy::ports.ubuntu.com DIRECT;" > /etc/apt/apt.conf.d/99force-no-proxy' && \
-#
+
 # Determine arch, get and install packages
-    ARCH=$(arch) && \
+RUN ARCH=$(arch) && \
       if [ "$ARCH" = "x86_64" ]; then ARCH="amd64"; fi && \
       if [ "$ARCH" = "aarch64" ]; then ARCH="arm64"; fi && \
     echo "$ARCH" && \
@@ -49,14 +41,13 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \
 		python3-dev \
 		python3-boto3 \
 		python3-bson \
+		python3-setuptools \
 		python3-yaml \
 		fonts-liberation && \
 #
 # Get and install dionaea
-    # git clone --depth=1 https://github.com/dinotools/dionaea -b 0.11.0 /root/dionaea/ && \
-    git clone --depth=1 https://github.com/dinotools/dionaea /root/dionaea/ && \
+    git clone https://github.com/t3chn0m4g3/dionaea -b 0.11.1 /root/dionaea/ && \
     cd /root/dionaea && \
-    git checkout 4e459f1b672a5b4c1e8335c0bff1b93738019215 && \
     mkdir build && \
     cd build && \
     cmake -DCMAKE_INSTALL_PREFIX:PATH=/opt/dionaea .. && \
@@ -66,7 +57,7 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \
 # Setup user and groups
     addgroup --gid 2000 dionaea && \
     adduser --system --no-create-home --shell /bin/bash --uid 2000 --disabled-password --disabled-login --gid 2000 dionaea && \
-    setcap cap_net_bind_service=+ep /opt/dionaea/bin/dionaea && \
+    setcap cap_net_bind_service=+ep /opt/dionaea/sbin/dionaea && \
 #
 # Supply configs and set permissions
     chown -R dionaea:dionaea /opt/dionaea/var && \
@@ -114,7 +105,7 @@ RUN bash -c 'if [ -n "${http_proxy}" ]; then \
       libnetfilter-queue1 \
       libnl-3-200 \
       libpcap0.8 \
-      libpython3.10 \
+      libpython3.12 \
       libudns0 && \
 #
     apt-get autoremove --purge -y && \
@@ -132,4 +123,4 @@ STOPSIGNAL SIGINT
 # Dionaea sometimes hangs at 100% CPU usage, if detected container will become unhealthy and restarted by tpotinit
 HEALTHCHECK --interval=5m --timeout=30s --retries=3 CMD python3 /cpu_check.py $(pgrep -of dionaea) 99
 USER dionaea:dionaea
-CMD ["/opt/dionaea/bin/dionaea", "-u", "dionaea", "-g", "dionaea", "-c", "/opt/dionaea/etc/dionaea/dionaea.cfg"]
+CMD ["/opt/dionaea/sbin/dionaea", "-u", "dionaea", "-g", "dionaea", "-c", "/opt/dionaea/etc/dionaea/dionaea.cfg"]

docker/elasticpot/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20 AS builder
 #
 # Include dist
 COPY dist/ /root/dist/
@@ -33,27 +33,21 @@ RUN apk --no-cache -U add \
     git clone https://gitlab.com/bontchev/elasticpot.git/ && \
 	cd elasticpot && \
 	git checkout d12649730d819bd78ea622361b6c65120173ad45 && \
-    cp /root/dist/requirements.txt . && \
-    pip3 install --break-system-packages -r requirements.txt && \
+    cp /root/dist/requirements.txt .
+WORKDIR /opt/elasticpot
+RUN pip3 install --break-system-packages pyinstaller
+RUN pip3 install --break-system-packages -r requirements.txt
+RUN pyinstaller elasticpot.py \
+		--hidden-import output_plugins \
+		--hidden-import output_plugins.jsonlog
 #
-# Setup user, groups and configs
-    addgroup -g 2000 elasticpot && \
-    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 elasticpot && \
-    mv /root/dist/honeypot.cfg /opt/elasticpot/etc/ && \
-#
-# Clean up
-    apk del --purge build-base \
-		git \
-		libffi-dev \
-		openssl-dev \
-		postgresql-dev \
-		python3-dev && \
-	rm -rf /root/* \
-			/var/cache/apk/* \
-			/opt/elasticpot/.git
+FROM alpine:3.20
+COPY --from=builder /opt/elasticpot/dist/ /opt/
+COPY --from=builder /opt/elasticpot/responses/ /opt/elasticpot/responses/
+COPY --from=builder /root/dist/honeypot.cfg /opt/elasticpot/etc/
 #
 # Start elasticpot
 STOPSIGNAL SIGINT
-USER elasticpot:elasticpot
+USER 2000:2000
 WORKDIR /opt/elasticpot/
-CMD ["/usr/bin/python3","elasticpot.py"]
+CMD ["./elasticpot"]

docker/elk/elasticsearch/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
 ENV ES_VER=8.14.2
 #
@@ -8,6 +8,7 @@ COPY dist/ /root/dist/
 # Install packages
 RUN	apt-get update -y && \
     apt-get install -y \
+			adduser \
             aria2 \
             curl && \
 #

docker/elk/kibana/Dockerfile

@@ -32,8 +32,8 @@ RUN apk --no-cache -U add \
     echo "xpack.reporting.roles.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
     echo "elasticsearch.requestTimeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
     echo "elasticsearch.shardTimeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
-    echo "kibana.autocompleteTimeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
-    echo "kibana.autocompleteTerminateAfter: 1000000" >> /usr/share/kibana/config/kibana.yml && \
+    echo "unifiedSearch.autocomplete.valueSuggestions.timeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
+    echo "unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 1000000" >> /usr/share/kibana/config/kibana.yml && \
     rm -rf /usr/share/kibana/optimize/bundles/* && \
     /usr/share/kibana/bin/kibana --optimize --allow-root && \
     addgroup -g 2000 kibana && \

docker/elk/logstash/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
 ENV LS_VER=8.14.2
 #
@@ -8,6 +8,7 @@ COPY dist/ /root/dist/
 # Install packages
 RUN apt-get update -y && \
     apt-get install -y \
+    		 adduser \
              aria2 \
              bash \
              bzip2 \

docker/elk/map/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 #
 # Install packages
 RUN apk --no-cache -U add \

docker/endlessh/Dockerfile

@@ -16,27 +16,11 @@ RUN apk -U add --no-cache \
     make && \
     mv /opt/endlessh/endlessh /root/dist
 #
-FROM alpine:3.19
+FROM alpine:3.20
 #
 COPY --from=builder /root/dist/* /opt/endlessh/
 #
-# Install packages
-RUN apk -U add --no-cache \
-		libcap && \
-#
-# Setup user, groups and configs
-    mkdir -p /var/log/endlessh && \
-    addgroup -g 2000 endlessh && \
-    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 endlessh && \
-    chown -R endlessh:endlessh /opt/endlessh && \
-    #setcap cap_net_bind_service=+ep /usr/bin/python3.8 && \
-#
-# Clean up
-    rm -rf /root/* \
-           /var/cache/apk/*
-#
-# Set workdir and start endlessh
 STOPSIGNAL SIGINT
-USER endlessh:endlessh
+USER 2000:2000
 WORKDIR /opt/endlessh/
 CMD ./endlessh -f endlessh.conf >/var/log/endlessh/endlessh.log