mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-29 03:38:51 +00:00
72289e07d6
create builder for cyberchef and elasticvue based on respective masters builders will build webapps and copy output to nginx html folder as tgz some tweaking for elasticvue to properly load original favicon with cyberchef now run as nginx webapp we gain another 40MB of RAM while webapps will be built on AMD64 all final docker images can now be built as multi arch images for AMD64 and ARM64
211 lines
4.6 KiB
YAML
211 lines
4.6 KiB
YAML
# T-Pot (Log4j)
|
|
# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
|
|
version: '2.3'
|
|
|
|
networks:
|
|
log4pot_local:
|
|
ewsposter_local:
|
|
spiderfoot_local:
|
|
|
|
services:
|
|
|
|
##################
|
|
#### Honeypots
|
|
##################
|
|
|
|
# Log4pot service
|
|
log4pot:
|
|
container_name: log4pot
|
|
restart: always
|
|
tmpfs:
|
|
- /tmp:uid=2000,gid=2000
|
|
networks:
|
|
- log4pot_local
|
|
ports:
|
|
- "80:8080"
|
|
- "443:8080"
|
|
- "8080:8080"
|
|
- "9200:8080"
|
|
- "25565:8080"
|
|
image: "dtagdevsec/log4pot:2203"
|
|
read_only: true
|
|
volumes:
|
|
- /data/log4pot/log:/var/log/log4pot/log
|
|
- /data/log4pot/payloads:/var/log/log4pot/payloads
|
|
|
|
# Honeytrap service
|
|
honeytrap:
|
|
container_name: honeytrap
|
|
restart: always
|
|
tmpfs:
|
|
- /tmp/honeytrap:uid=2000,gid=2000
|
|
network_mode: "host"
|
|
cap_add:
|
|
- NET_ADMIN
|
|
image: "dtagdevsec/honeytrap:2203"
|
|
read_only: true
|
|
volumes:
|
|
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks
|
|
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
|
|
- /data/honeytrap/log:/opt/honeytrap/var/log
|
|
|
|
|
|
##################
|
|
#### NSM
|
|
##################
|
|
|
|
# Fatt service
|
|
fatt:
|
|
container_name: fatt
|
|
restart: always
|
|
network_mode: "host"
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_NICE
|
|
- NET_RAW
|
|
image: "dtagdevsec/fatt:2203"
|
|
volumes:
|
|
- /data/fatt/log:/opt/fatt/log
|
|
|
|
# P0f service
|
|
p0f:
|
|
container_name: p0f
|
|
restart: always
|
|
network_mode: "host"
|
|
image: "dtagdevsec/p0f:2203"
|
|
read_only: true
|
|
volumes:
|
|
- /data/p0f/log:/var/log/p0f
|
|
|
|
# Suricata service
|
|
suricata:
|
|
container_name: suricata
|
|
restart: always
|
|
environment:
|
|
# For ET Pro ruleset replace "OPEN" with your OINKCODE
|
|
- OINKCODE=OPEN
|
|
# Loading externel Rules from URL
|
|
# - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
|
|
network_mode: "host"
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_NICE
|
|
- NET_RAW
|
|
image: "dtagdevsec/suricata:2203"
|
|
volumes:
|
|
- /data/suricata/log:/var/log/suricata
|
|
|
|
|
|
##################
|
|
#### Tools
|
|
##################
|
|
|
|
#### ELK
|
|
## Elasticsearch service
|
|
elasticsearch:
|
|
container_name: elasticsearch
|
|
restart: always
|
|
environment:
|
|
- bootstrap.memory_lock=true
|
|
- ES_JAVA_OPTS=-Xms2048m -Xmx2048m
|
|
- ES_TMPDIR=/tmp
|
|
cap_add:
|
|
- IPC_LOCK
|
|
ulimits:
|
|
memlock:
|
|
soft: -1
|
|
hard: -1
|
|
nofile:
|
|
soft: 65536
|
|
hard: 65536
|
|
mem_limit: 4g
|
|
ports:
|
|
- "127.0.0.1:64298:9200"
|
|
image: "dtagdevsec/elasticsearch:2203"
|
|
volumes:
|
|
- /data:/data
|
|
|
|
## Kibana service
|
|
kibana:
|
|
container_name: kibana
|
|
restart: always
|
|
depends_on:
|
|
elasticsearch:
|
|
condition: service_healthy
|
|
mem_limit: 1g
|
|
ports:
|
|
- "127.0.0.1:64296:5601"
|
|
image: "dtagdevsec/kibana:2203"
|
|
|
|
## Logstash service
|
|
logstash:
|
|
container_name: logstash
|
|
restart: always
|
|
# environment:
|
|
# - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
|
|
depends_on:
|
|
elasticsearch:
|
|
condition: service_healthy
|
|
env_file:
|
|
- /opt/tpot/etc/compose/elk_environment
|
|
mem_limit: 2g
|
|
image: "dtagdevsec/logstash:2203"
|
|
volumes:
|
|
- /data:/data
|
|
|
|
# Ewsposter service
|
|
ewsposter:
|
|
container_name: ewsposter
|
|
restart: always
|
|
networks:
|
|
- ewsposter_local
|
|
environment:
|
|
- EWS_HPFEEDS_ENABLE=false
|
|
- EWS_HPFEEDS_HOST=host
|
|
- EWS_HPFEEDS_PORT=port
|
|
- EWS_HPFEEDS_CHANNELS=channels
|
|
- EWS_HPFEEDS_IDENT=user
|
|
- EWS_HPFEEDS_SECRET=secret
|
|
- EWS_HPFEEDS_TLSCERT=false
|
|
- EWS_HPFEEDS_FORMAT=json
|
|
env_file:
|
|
- /opt/tpot/etc/compose/elk_environment
|
|
image: "dtagdevsec/ewsposter:2203"
|
|
volumes:
|
|
- /data:/data
|
|
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
|
|
|
|
# Nginx service
|
|
nginx:
|
|
container_name: nginx
|
|
restart: always
|
|
tmpfs:
|
|
- /var/tmp/nginx/client_body
|
|
- /var/tmp/nginx/proxy
|
|
- /var/tmp/nginx/fastcgi
|
|
- /var/tmp/nginx/uwsgi
|
|
- /var/tmp/nginx/scgi
|
|
- /run
|
|
- /var/lib/nginx/tmp:uid=100,gid=82
|
|
network_mode: "host"
|
|
ports:
|
|
- "64297:64297"
|
|
- "127.0.0.1:64304:64304"
|
|
image: "dtagdevsec/nginx:2203"
|
|
read_only: true
|
|
volumes:
|
|
- /data/nginx/cert/:/etc/nginx/cert/:ro
|
|
- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
|
|
- /data/nginx/log/:/var/log/nginx/
|
|
|
|
# Spiderfoot service
|
|
spiderfoot:
|
|
container_name: spiderfoot
|
|
restart: always
|
|
networks:
|
|
- spiderfoot_local
|
|
ports:
|
|
- "127.0.0.1:64303:8080"
|
|
image: "dtagdevsec/spiderfoot:2203"
|
|
volumes:
|
|
- /data/spiderfoot/spiderfoot.db:/home/spiderfoot/.spiderfoot/spiderfoot.db
|