Files
tpotce/etc/compose/collector.yml

251 lines
5.6 KiB
YAML
Raw Normal View History

2018-03-25 18:35:32 +00:00
# T-Pot (Collector)
2018-06-11 14:34:46 +02:00
# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
version: '2.3'
2018-03-25 18:35:32 +00:00
networks:
cyberchef_local:
2018-03-25 18:35:32 +00:00
heralding_local:
2018-06-11 14:34:46 +02:00
ewsposter_local:
2018-03-25 18:35:32 +00:00
spiderfoot_local:
services:
2018-06-11 14:34:46 +02:00
##################
#### Honeypots
##################
# Heralding service
heralding:
container_name: heralding
restart: always
tmpfs:
- /tmp/heralding:uid=2000,gid=2000
networks:
- heralding_local
ports:
- "21:21"
- "22:22"
- "23:23"
- "25:25"
- "80:80"
- "110:110"
- "143:143"
- "443:443"
- "993:993"
- "995:995"
- "1080:1080"
2019-10-16 14:46:58 +00:00
- "3306:3306"
- "3389:3389"
2018-06-11 14:34:46 +02:00
- "5432:5432"
- "5900:5900"
image: "dtagdevsec/heralding:2006"
2018-06-11 14:34:46 +02:00
read_only: true
volumes:
- /data/heralding/log:/var/log/heralding
# Honeytrap service
honeytrap:
container_name: honeytrap
restart: always
tmpfs:
- /tmp/honeytrap:uid=2000,gid=2000
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:2006"
2018-06-11 14:34:46 +02:00
read_only: true
volumes:
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
##################
#### NSM
##################
2020-06-16 12:55:45 +00:00
# Fatt service
fatt:
container_name: fatt
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
- SYS_NICE
- NET_RAW
image: "dtagdevsec/fatt:2006"
2020-06-16 12:55:45 +00:00
volumes:
- /data/fatt/log:/opt/fatt/log
2018-06-11 14:34:46 +02:00
# P0f service
p0f:
container_name: p0f
restart: always
network_mode: "host"
image: "dtagdevsec/p0f:2006"
2018-06-11 14:34:46 +02:00
read_only: true
volumes:
- /data/p0f/log:/var/log/p0f
# Suricata service
suricata:
container_name: suricata
restart: always
environment:
# For ET Pro ruleset replace "OPEN" with your OINKCODE
- OINKCODE=OPEN
network_mode: "host"
cap_add:
- NET_ADMIN
- SYS_NICE
- NET_RAW
image: "dtagdevsec/suricata:2006"
2018-06-11 14:34:46 +02:00
volumes:
- /data/suricata/log:/var/log/suricata
##################
#### Tools
##################
# Cyberchef service
cyberchef:
container_name: cyberchef
restart: always
networks:
- cyberchef_local
ports:
- "127.0.0.1:64299:8000"
image: "dtagdevsec/cyberchef:2006"
read_only: true
2018-06-11 14:34:46 +02:00
#### ELK
2018-03-25 18:35:32 +00:00
## Elasticsearch service
elasticsearch:
container_name: elasticsearch
restart: always
environment:
- bootstrap.memory_lock=true
2020-06-16 12:55:45 +00:00
- ES_JAVA_OPTS=-Xms2048m -Xmx2048m
2018-06-11 14:34:46 +02:00
- ES_TMPDIR=/tmp
2018-03-25 18:35:32 +00:00
cap_add:
- IPC_LOCK
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
2018-06-11 14:34:46 +02:00
mem_limit: 4g
2018-03-25 18:35:32 +00:00
ports:
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elasticsearch:2006"
2018-03-25 18:35:32 +00:00
volumes:
- /data:/data
## Kibana service
kibana:
container_name: kibana
restart: always
depends_on:
elasticsearch:
condition: service_healthy
ports:
- "127.0.0.1:64296:5601"
image: "dtagdevsec/kibana:2006"
2018-03-25 18:35:32 +00:00
## Logstash service
logstash:
container_name: logstash
restart: always
2020-07-06 23:30:11 +00:00
environment:
- LS_JAVA_OPTS=-Xms2048m -Xmx2048m
2018-03-25 18:35:32 +00:00
depends_on:
elasticsearch:
condition: service_healthy
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/logstash:2006"
2018-03-25 18:35:32 +00:00
volumes:
- /data:/data
## Elasticsearch-head service
head:
container_name: head
restart: always
depends_on:
elasticsearch:
condition: service_healthy
ports:
- "127.0.0.1:64302:9100"
image: "dtagdevsec/head:2006"
2018-03-31 15:18:28 +00:00
read_only: true
2018-03-25 18:35:32 +00:00
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
networks:
- ewsposter_local
2019-03-15 15:59:02 +00:00
environment:
- EWS_HPFEEDS_ENABLE=false
- EWS_HPFEEDS_HOST=host
- EWS_HPFEEDS_PORT=port
- EWS_HPFEEDS_CHANNELS=channels
- EWS_HPFEEDS_IDENT=user
- EWS_HPFEEDS_SECRET=secret
2019-04-01 07:42:24 +00:00
- EWS_HPFEEDS_TLSCERT=false
2019-03-15 15:59:02 +00:00
- EWS_HPFEEDS_FORMAT=json
2018-03-25 18:35:32 +00:00
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/ewsposter:2006"
2018-03-25 18:35:32 +00:00
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
2018-06-11 14:34:46 +02:00
# Nginx service
2018-03-25 18:35:32 +00:00
nginx:
container_name: nginx
restart: always
2020-06-16 12:55:45 +00:00
environment:
### If set to YES all changes within Heimdall will remain for the next start
### Make sure to uncomment the corresponding volume statements below, or the setting will prevent a successful start of T-Pot.
- HEIMDALL_PERSIST=NO
2018-03-29 16:21:00 +00:00
tmpfs:
- /var/tmp/nginx/client_body
- /var/tmp/nginx/proxy
- /var/tmp/nginx/fastcgi
- /var/tmp/nginx/uwsgi
2020-06-16 12:55:45 +00:00
- /var/tmp/nginx/scgi
2018-03-29 16:21:00 +00:00
- /run
2020-06-16 12:55:45 +00:00
- /var/log/php7/
- /var/lib/nginx/tmp:uid=100,gid=82
- /var/lib/nginx/html/storage/logs:uid=100,gid=82
- /var/lib/nginx/html/storage/framework/views:uid=100,gid=82
2018-03-25 18:35:32 +00:00
network_mode: "host"
ports:
- "64297:64297"
2020-06-16 12:55:45 +00:00
- "127.0.0.1:64304:64304"
image: "dtagdevsec/nginx:2006"
2018-03-29 16:21:00 +00:00
read_only: true
2018-03-25 18:35:32 +00:00
volumes:
2018-04-13 18:22:49 +00:00
- /data/nginx/cert/:/etc/nginx/cert/:ro
- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
2018-03-25 18:35:32 +00:00
- /data/nginx/log/:/var/log/nginx/
2020-06-16 12:55:45 +00:00
### Enable the following volumes if you set HEIMDALL_PERSIST=YES
# - /data/nginx/heimdall/database:/var/lib/nginx/html/database
# - /data/nginx/heimdall/storage:/var/lib/nginx/html/storage
2018-03-25 18:35:32 +00:00
2018-06-11 14:34:46 +02:00
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
2018-03-25 18:35:32 +00:00
restart: always
2018-06-11 14:34:46 +02:00
networks:
- spiderfoot_local
ports:
- "127.0.0.1:64303:8080"
image: "dtagdevsec/spiderfoot:2006"
2018-03-25 18:35:32 +00:00
volumes:
2018-06-11 14:34:46 +02:00
- /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db