tweaking:

- bump nginx to alpine 3.20
- bump cyberchef to latest release
- bump elasticvue to latest release
- update nginx config

docker/dicompot/Dockerfile

@@ -17,10 +17,8 @@ RUN apk --no-cache -U add \
 RUN git clone https://github.com/nsmfoo/dicompot.git && \
     cd dicompot && \
     git checkout 41331194156bbb17078bcc1594f4952ac06a731e && \
-    cp /root/dist/go.mod . && \
-    pwd && ls -alR
+    cp /root/dist/go.mod .
 WORKDIR /go/dicompot
-RUN ls -alR
 RUN go mod tidy
 RUN go mod download
 RUN go build -o dicompot github.com/nsmfoo/dicompot/server

docker/medpot/Dockerfile

@@ -1,44 +1,35 @@
-FROM golang:1.21-alpine AS builder
+FROM golang:1.23-alpine AS builder
+#
+ENV GO111MODULE=on \
+    CGO_ENABLED=0 \
+    GOOS=linux
 #
 # Install packages
 RUN apk --no-cache -U add \
         build-base \
         git \
-		go \
-		g++ && \
+        g++
 #
 # Setup go, build medpot
-    export GOPATH=/opt/go/ && \
-    export GO111MODULE=off && \
-    mkdir -p /opt/go/src && \
-    cd /opt/go/src && \
-    git clone https://github.com/schmalle/medpot && \
-    cd medpot && \
+RUN mkdir -p /usr/local/go/src/medpot && \
+    git clone https://github.com/schmalle/medpot /usr/local/go/src/medpot && \
+    cd /usr/local/go/src/medpot && \
     git checkout 75a2e6134cf926c35b6017d62542274434c87388 && \
-    cd .. && \
-    go get -d -v github.com/davecgh/go-spew/spew && \
-    go get -d -v github.com/go-ini/ini && \
-    go get -d -v github.com/mozillazg/request && \
-    go get -d -v go.uber.org/zap && \
-    cd medpot && \
+    go mod init github.com/schmalle/medpot && \
+    go mod tidy && \
+    go mod download && \
     cp dist/etc/ews.cfg /etc/ && \
     go build medpot
 #
-FROM alpine:3.19
+FROM scratch
 #
 # Setup medpot
 #
-COPY --from=builder /opt/go/src/medpot/medpot /opt/medpot/medpot
-COPY --from=builder /opt/go/src/medpot/template/*.xml /opt/medpot/
-COPY --from=builder /opt/go/src/medpot/dist/etc/ews.cfg /etc/ews.cfg
-RUN mkdir -p /var/log/medpot && \
-#
-# Setup user, groups and configs
-    addgroup -g 2000 medpot && \
-    adduser -S -s /bin/ash -u 2000 -D -g 2000 medpot && \
-    chown -R medpot:medpot /var/log/medpot
+COPY --from=builder /usr/local/go/src/medpot/medpot /opt/medpot/medpot
+COPY --from=builder /usr/local/go/src/medpot/template/*.xml /opt/medpot/
+COPY --from=builder /usr/local/go/src/medpot/dist/etc/ews.cfg /etc/ews.cfg
 #
 # Start medpot
 WORKDIR /opt/medpot
-USER medpot:medpot
+USER 2000:2000
 CMD ["./medpot"]

docker/miniprint/Dockerfile

@@ -1,26 +1,29 @@
-FROM alpine:3.19
+FROM alpine:3.20 AS builder
 #
 # Install packages
 RUN apk --no-cache -U add \
+	build-base \
 	git \	
 	python3 \
-    py3-pip && \
-	mkdir -p /opt && \
+    py3-pip
+#
+RUN	mkdir -p /opt && \
 	cd /opt/ && \
-	git clone https://github.com/t3chn0m4g3/miniprint && \
-	cd miniprint && \
-	pip3 install --break-system-packages -r requirements.txt && \
+	git clone https://github.com/t3chn0m4g3/miniprint
+WORKDIR /opt/miniprint
+RUN pip3 install --break-system-packages pyinstaller
+RUN	pip3 install --break-system-packages -r requirements.txt
+RUN pyinstaller server.py \
+		--add-data "./fake-files:./fake-files" \
+		--add-data "./uploads:./uploads"
 #
-# Setup user, groups and configs
-	addgroup -g 2000 miniprint && \
-	adduser -S -H -s /bin/ash -u 2000 -D -g 2000 miniprint && \
-#
-# Clean up
-	apk del --purge git && \
-    rm -rf /root/* /var/cache/apk/* /opt/miniprint/.git
+FROM alpine:3.20
+COPY --from=builder /opt/miniprint/dist/* /opt/miniprint/
+COPY --from=builder /opt/miniprint/fake-files/ /opt/miniprint/fake-files/
+COPY --from=builder /opt/miniprint/uploads/ /opt/miniprint/uploads/
 #
 # Start miniprint
 STOPSIGNAL SIGINT
-USER miniprint:miniprint
+USER 2000:2000
 WORKDIR /opt/miniprint/
-CMD ["/usr/bin/python3", "./server.py", "--bind", "0.0.0.0", "--log-file", "log/miniprint.json"]
+CMD ["./server", "--bind", "0.0.0.0", "--log-file", "/opt/miniprint/log/miniprint.json"]

docker/nginx/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 #
 # Include dist
 COPY dist/ /root/dist/

docker/nginx/builder/cyberchef/Dockerfile

@@ -2,7 +2,7 @@
 FROM node:18-alpine as builder
 #
 # Prep and build Cyberchef
-ENV CY_VER=v10.8.2
+ENV CY_VER=v10.19.4
 RUN apk -U --no-cache add build-base git python3 && \
     chown -R node:node /srv && \
     npm install -g grunt-cli

docker/nginx/builder/esvue/Dockerfile

@@ -4,8 +4,7 @@ FROM node:20-alpine AS builder
 #
 # Prep and build Elasticvue 
 RUN apk -U --no-cache add git && \
-    # git clone https://github.com/cars10/elasticvue -b v1.0.4 /opt/src && \
-    git clone https://github.com/t3chn0m4g3/elasticvue /opt/src && \
+    git clone https://github.com/cars10/elasticvue -b v1.1.0 /opt/src && \
 # We need to adjust consts.ts so the user has connection suggestion for reverse proxied ES
     sed -i "s#export const DEFAULT_CLUSTER_URI = 'http://localhost:9200'#export const DEFAULT_CLUSTER_URI = window.location.origin + '/es'#g" /opt/src/src/consts.ts && \
     sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/index.html && \

docker/nginx/dist/conf/lsweb.conf

@@ -7,7 +7,8 @@ server {
     #########################
     ### Basic server settings
     #########################
-    listen 64294 ssl http2;
+    listen 64294 ssl;
+    http2 on;
     index index.html;
     ssl_protocols TLSv1.3;
     server_name example.com;

docker/nginx/dist/conf/tpotweb.conf

@@ -7,7 +7,8 @@ server {
     #########################
     ### Basic server settings
     #########################
-    listen 64297 ssl http2;
+    listen 64297 ssl;
+    http2 on;
     index index.html;
     ssl_protocols TLSv1.3;
     server_name example.com;

docker/p0f/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 #
 # Add source
 COPY . /opt/p0f

docker/redishoneypot/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.21-alpine as builder
+FROM golang:1.23-alpine as builder
 #
 # Include dist
 COPY dist/ /root/dist/
@@ -20,19 +20,14 @@ RUN apk --no-cache -U add \
     go mod download && \
     go install
 #
-FROM alpine:3.19
+FROM alpine:3.20
 #
 # Setup redishoneypot
 #
 COPY --from=builder /opt/go/bin/RedisHoneyPot /opt/redishoneypot/
 COPY --from=builder /root/dist/redis.conf /opt/redishoneypot/
 #
-# Setup user, groups and configs
-RUN addgroup -g 2000 redishoneypot && \
-    adduser -S -s /bin/ash -u 2000 -D -g 2000 redishoneypot && \
-    mkdir -p /var/log/redishoneypot
-#
 # Start redishoneypot
 WORKDIR /opt/redishoneypot
-USER redishoneypot:redishoneypot
+USER 2000:2000
 CMD ./RedisHoneyPot > /var/log/redishoneypot/redishoneypot.log 2>&1

docker/sentrypeer/Dockerfile

@@ -1,7 +1,8 @@
 FROM alpine:edge
 #
 # Install packages
-RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+RUN apk -U upgrade --no-cache && \
+	apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
 		sentrypeer && \
 #
 # Setup user, groups and configs

docker/spiderfoot/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 #
 # Include dist
 COPY dist/ /root/dist/
@@ -62,9 +62,9 @@ RUN apk --no-cache -U add \
     git clone https://github.com/smicallef/spiderfoot /home/spiderfoot && \
     cd /home/spiderfoot && \
     git checkout 0f815a203afebf05c98b605dba5cf0475a0ee5fd && \
-    pip3 install --break-system-packages --upgrade pip && \
+    pip3 install --no-cache-dir --break-system-packages --upgrade pip && \
     cp /root/dist/requirements.txt . && \
-    pip3 install --break-system-packages --no-cache-dir -r requirements.txt && \ 
+    pip3 install --no-cache-dir --break-system-packages --no-cache-dir -r requirements.txt && \ 
     mkdir -p /home/spiderfoot/.spiderfoot/logs && \
     chown -R spiderfoot:spiderfoot /home/spiderfoot && \
     sed -i "s#'root': '\/'#'root': '\/spiderfoot'#" /home/spiderfoot/sf.py && \

docker/suricata/Dockerfile

@@ -4,7 +4,8 @@ FROM alpine:edge
 COPY dist/ /root/dist/
 #
 # Install packages
-RUN apk --no-cache -U add \
+RUN apk --no-cache -U upgrade && \
+    apk --no-cache -U add \
 		ca-certificates \
 		curl \
 		file \

docker/suricata/dist/capture-filter.bpf

@@ -1,3 +1,5 @@
 not (host sicherheitstacho.eu or community.sicherheitstacho.eu or listbot.sicherheitstacho.eu) and
-not (tcp port 64294) and
-not (tcp port 64305)
+not (tcp port 64294 or tcp port 64305) and
+not (udp port 138 or udp port 5353) and
+not (ip broadcast or ip multicast or ip6 multicast) and
+not ip proto 2

docker/suricata/dist/suricata.yaml

@@ -5,7 +5,7 @@
 # options in this file, full documentation can be found at:
 # https://docs.suricata.io/en/latest/configuration/suricata-yaml.html
 
-# This configuration file generated by Suricata 7.0.2.
+# This configuration file generated by Suricata 7.0.7.
 suricata-version: "7.0"
 
 ##
@@ -176,6 +176,7 @@ outputs:
         - frame:
             # disabled by default as this is very verbose.
             enabled: no
+            # payload-buffer-size: 4kb # max size of frame payload buffer to output in eve-log
         - anomaly:
             # Anomaly log records describe unexpected conditions such
             # as truncated packets, packets with invalid IP/UDP/TCP
@@ -214,7 +215,7 @@ outputs:
             extended: yes     # enable this for extended logging information
             # custom allows additional HTTP fields to be included in eve-log.
             # the example below adds three additional fields when uncommented
-            custom: [Accept-Encoding, Accept-Language, Authorization, Forwarded, From, Referer, Via]
+            #custom: [Accept-Encoding, Accept-Language, Authorization]
             # set this value to one and only one from {both, request, response}
             # to dump all HTTP headers for every HTTP request and/or response
             # dump-all-headers: none
@@ -251,8 +252,11 @@ outputs:
             # output TLS transaction where the session is resumed using a
             # session id
             #session-resumption: no
+            # ja4 hashes in tls records will never be logged unless
+            # the following is set to on. (Default off)
+            ja4: on
             # custom controls which TLS fields that are included in eve-log
-            custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, ja3, ja3s]
+            custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, ja3, ja3s, ja4]
         - files:
             force-magic: yes   # force logging magic on all logged files
             # force logging of checksums, available hash functions are md5,
@@ -291,7 +295,10 @@ outputs:
         - snmp
         - rfb
         - sip
-        - quic
+        - quic:
+            # ja4 hashes in quic records will never be logged unless
+            # the following is set to on. (Default off)
+            ja4: on
         - dhcp:
             enabled: no
             # When extended mode is on, all DHCP messages are logged
@@ -753,6 +760,7 @@ dpdk:
       # - auto takes all cores
       # in IPS mode it is required to specify the number of cores and the numbers on both interfaces must match
       threads: auto
+      # interrupt-mode: false # true to switch to interrupt mode 
       promisc: true # promiscuous mode - capture all packets
       multicast: true # enables also detection on multicast packets
       checksum-checks: true # if Suricata should validate checksums
@@ -892,9 +900,10 @@ app-layer:
       detection-ports:
         dp: 443
 
-      # Generate JA3 fingerprint from client hello. If not specified it
+      # Generate JA3/JA4 fingerprints from client hello. If not specified it
       # will be disabled by default, but enabled if rules require it.
       ja3-fingerprints: yes
+      ja4-fingerprints: yes
 
       # What to do when the encrypted communications start:
       # - default: keep tracking TLS session, check for protocol anomalies,
@@ -934,9 +943,13 @@ app-layer:
       #max-streams: 4096
       # Maximum headers table size
       #max-table-size: 65536
+      # Maximum reassembly size for header + continuation frames
+      #max-reassembly-size: 102400
     smtp:
       enabled: yes
       raw-extraction: no
+      # Maximum number of live SMTP transactions per flow
+      # max-tx: 256
       # Configure SMTP-MIME Decoder
       mime:
         # Decode MIME messages from SMTP transactions
@@ -1084,6 +1097,10 @@ app-layer:
            #compression-bomb-limit: 1mb
            # Maximum time spent decompressing a single transaction in usec
            #decompression-time-limit: 100000
+           # Maximum number of live transactions per flow
+           #max-tx: 512
+           # Maximum used number of HTTP1 headers in one request or response
+           #headers-limit: 1024
 
          server-config:
 
@@ -1290,7 +1307,6 @@ unix-command:
 
 # Magic file. The extension .mgc is added to the value here.
 magic-file: /usr/share/misc/magic.mgc
-#magic-file: 
 
 # GeoIP2 database file. Specify path and filename of GeoIP2 database
 # if using rules with "geoip" rule option.
@@ -1798,6 +1814,10 @@ profiling:
     enabled: no
     filename: rule_perf.log
     append: yes
+    # Set active to yes to enable rules profiling at start
+    # if set to no (default), the rules profiling will have to be started
+    # via unix socket commands.
+    #active:no
 
     # Sort options: ticks, avgticks, checks, matches, maxticks
     # If commented out all the sort options will be used.