Merge cbcf7871ec into 7a4c4bc997

2026-03-10 10:23:27 +00:00 · 2025-12-20 09:30:06 +01:00
15 changed files with 52 additions and 372 deletions
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
-ENV ES_VER=9.2.3
+ENV ES_VER=8.19.2
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@ -1,5 +1,5 @@
-FROM node:22.21.1-alpine3.23
+FROM node:22.17.1-alpine3.22
-ENV KB_VER=9.2.3
+ENV KB_VER=8.19.2
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
-ENV LS_VER=9.2.3
+ENV LS_VER=8.19.2
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.23
+FROM alpine:3.20
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/nginx/builder/cyberchef/Dockerfile
+++ b/docker/nginx/builder/cyberchef/Dockerfile
@ -1,3 +1,4 @@
 #FROM node:17.9.0-alpine3.15 as builder
 FROM node:18-alpine as builder
 #
 # Prep and build Cyberchef
--- a/docker/nginx/builder/esvue/Dockerfile
+++ b/docker/nginx/builder/esvue/Dockerfile
@ -1,22 +1,24 @@
 ### elasticvue build is currently broken, issue has been opened https://github.com/cars10/elasticvue/issues/215
 ### in the meantime we are using the older dist, if not resolved we need to find a different solution
-FROM node:22.21.1-alpine AS builder
+FROM node:22.5.1-alpine AS builder
 #
 # Prep and build Elasticvue 
 RUN apk -U --no-cache add git && \
-    git clone https://github.com/cars10/elasticvue -b v1.11.1 /opt/src && \
+    git clone https://github.com/cars10/elasticvue -b v1.7.0 /opt/src && \
 # We need to adjust consts.ts so the user has connection suggestion for reverse proxied ES
    sed -i "s#export const DEFAULT_CLUSTER_URI = 'http://localhost:9200'#export const DEFAULT_CLUSTER_URI = window.location.origin + '/es'#g" /opt/src/src/consts.ts && \
    sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/index.html && \
    mkdir /opt/app && \
    cd /opt/app && \
    corepack enable && \
    cp /opt/src/package.json . && \
-    cp /opt/src/package-lock.json . && \
+    cp /opt/src/yarn.lock . && \
-    npm install && \
+    cp /opt/src/.yarnrc.yml . && \
    yarn install && \
    cp -R /opt/src/* . && \
    export VITE_APP_BUILD_MODE=docker && \
    export VITE_APP_PUBLIC_PATH="/elasticvue/" && \
-    npm run build && \
+    yarn build && \
    cd dist && \
    tar cvfz esvue.tgz *
 #    
--- a/docker/nginx/dist/html/cyberchef/cyberchef.tgz
+++ b/docker/nginx/dist/html/cyberchef/cyberchef.tgz
--- a/docker/nginx/dist/html/esvue/esvue.tgz
+++ b/docker/nginx/dist/html/esvue/esvue.tgz
--- a/docker/tpotinit/Dockerfile
+++ b/docker/tpotinit/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.23
+FROM alpine:3.20
 #
 # Include dist
 COPY dist/ /opt/tpot/
--- a/docker/tpotinit/dist/bin/backup_es_folders.sh
+++ b/docker/tpotinit/dist/bin/backup_es_folders.sh
@ -1,14 +1,48 @@
 #!/bin/bash
 if [ "$1" == "" ] || [ "$1" != "all" ] && [ "$1" != "base" ];
  then
    echo "Usage: backup_es_folders [all, base]"
    echo "       all  = backup all ES folder"
    echo "       base = backup only Kibana index".
    echo
    exit
 fi
 # Backup all ES relevant folders
 # Make sure ES is available
 myES="http://127.0.0.1:64298/"
 myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
 if ! [ "$myESSTATUS" = "1" ]
  then
    echo "### Elasticsearch is not available."
    exit
  else
    echo "### Elasticsearch is available, now continuing."
    echo
 fi
 # Set vars
 myDATE=$(date +%Y%m%d%H%M)
 myPATH=$PWD
 myELKPATH="data/elk/data"
 myKIBANAINDEXNAMES=$(curl -s -XGET ''$myES'_cat/indices/.kibana_*?v&s=index&h=uuid' | tail -n +2)
 #echo $myKIBANAINDEXNAMES
 for i in $myKIBANAINDEXNAMES;
  do
    myKIBANAINDEXPATHS="$myKIBANAINDEXPATHS $myELKPATH/indices/$i"
 done
-# Backup ES
+# Backup DB in 2 flavors
 cd $HOME/tpotce
 echo "### Now backing up Elasticsearch folders ..."
-tar cvfz $myPATH"/elkall_"$myDATE".tgz" $myELKPATH
+if [ "$1" == "all" ];
  then
    tar cvfz $myPATH"/elkall_"$myDATE".tgz" $myELKPATH
 elif [ "$1" == "base" ];
  then
    tar cvfz $myPATH"/elkbase_"$myDATE".tgz" $myKIBANAINDEXPATHS
 fi
 cd $myPATH
--- a/docker/tpotinit/dist/bin/backup_kibana_config.sh
+++ b/docker/tpotinit/dist/bin/backup_kibana_config.sh
@ -1,34 +0,0 @@
 #!/usr/bin/env bash
 # Backup all Kibana objects
 # Make sure Kibana is available
 myKIBANA="http://127.0.0.1:64296"
 myKIBANASTATUS=$(curl -s -f -o /dev/null "${myKIBANA}/api/status")
 if ! [ "$?" = "0" ]
  then
    echo "### Kibana is not available."
    exit
  else
    echo "### Kibana is available, now continuing."
    echo
 fi
 # Export Kibana config
 myDATE=$(date +%Y%m%d%H%M)
 echo "### Exporting Kibana config."
 curl -X POST "${myKIBANA}/api/saved_objects/_export" \
  -H "kbn-xsrf: true" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "*",
    "excludeExportDetails": true
  }' \
  -o kibana_export.ndjson
 echo
 echo "### Zipping Kibana config."
 zip kibana_export.ndjson.zip kibana_export.ndjson
 echo
 echo "### Moving Kibana config and zip to ../etc/objects/"
 mv kibana_export.* ../etc/objects
--- a/docker/tpotinit/dist/entrypoint.sh
+++ b/docker/tpotinit/dist/entrypoint.sh
@ -264,7 +264,6 @@ if [ -f "/data/uuid" ];
  else
    figlet "Setting up ..."
    figlet "T-Pot: ${TPOT_VERSION}"
    myFIRSTRUN="true"
    echo
    echo "# Setting up data folder structure ..."
    echo
@ -286,8 +285,9 @@ if [ -f "/data/uuid" ];
    echo
    create_web_users
    echo
-    echo "# Final touches and permissions ..."
+    echo "# Extracting objects, final touches and permissions ..."
    echo
    tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C /
    uuidgen > /data/uuid
 fi
@ -370,26 +370,6 @@ figlet "T-Pot: ${TPOT_VERSION}"
 echo
 touch /tmp/success
 # We need to push objects to Kibana if this is a Hive and a fresh install
 if [ "${myFIRSTRUN}" == "true" ] && [ "${TPOT_TYPE}" == "HIVE" ];
  then
    myKIBANA_URL="http://127.0.0.1:64296"
    myKIBANA_CONFIG="/opt/tpot/etc/objects/export.ndjson"
    # Wait for Kibana to be available
    until curl -s -f -o /dev/null "{$myKIBANA_URL}/api/status"; do
      echo "# Waiting for Kibana to upload config..."
      sleep 2
    done
    # Upload Kibana config
    echo "# Now uploading config to Kibana."
    curl -X POST "http://127.0.0.1:64296/api/saved_objects/_import?overwrite=true" \
      -H "kbn-xsrf: true" \
      --form file=@/opt/tpot/etc/objects/kibana_export.ndjson
    echo "# Kibana config has been uploaded."
 fi
 # We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
 # Start autoheal if running on a supported os
 if [ "${TPOT_OSTYPE}" == "linux" ];
--- a/docker/tpotinit/dist/etc/objects/elkbase.tgz
+++ b/docker/tpotinit/dist/etc/objects/elkbase.tgz
--- a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson
+++ b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson
--- a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip
+++ b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip