telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

adbhoney add healtcheck for CPU usage, tweaking

Browse Source
This commit is contained in:
t3chn0m4g3
2022-03-11 13:29:44 +00:00
parent 0a8ff0297f
commit 068f4bb67e
3 changed files with 9 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docker/adbhoney/Dockerfile
View File

@ -6,10 +6,8 @@ COPY dist/ /root/dist/
# Install packages # Install packages
RUN apk --no-cache -U add \ RUN apk --no-cache -U add \
git \ git \
libcap \ procps \
py3-pip \ python3 && \
python3 \
python3-dev && \
# #
# Install adbhoney from git # Install adbhoney from git
git clone https://github.com/huuck/ADBHoney /opt/adbhoney && \ git clone https://github.com/huuck/ADBHoney /opt/adbhoney && \
@ -24,17 +22,15 @@ RUN apk --no-cache -U add \
addgroup -g 2000 adbhoney && \ addgroup -g 2000 adbhoney && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 adbhoney && \ adduser -S -H -s /bin/ash -u 2000 -D -g 2000 adbhoney && \
chown -R adbhoney:adbhoney /opt/adbhoney && \ chown -R adbhoney:adbhoney /opt/adbhoney && \
setcap cap_net_bind_service=+ep /usr/bin/python3.9 && \
# #
# Clean up # Clean up
apk del --purge git \ apk del --purge git && \
python3-dev && \ rm -rf /root/* /opt/adbhoney/.git /var/cache/apk/*
rm -rf /root/* && \
rm -rf /opt/adbhoney/.git && \
rm -rf /var/cache/apk/*
# #
# Set workdir and start adbhoney # Set workdir and start adbhoney
STOPSIGNAL SIGINT STOPSIGNAL SIGINT
# Adbhoney sometimes hangs at 100% CPU usage, if detected process will be killed and container restarts per docker-compose settings
HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 99 ]; then kill -2 1; else exit 0; fi
USER adbhoney:adbhoney USER adbhoney:adbhoney
WORKDIR /opt/adbhoney/ WORKDIR /opt/adbhoney/
CMD nohup /usr/bin/python3 run.py CMD /usr/bin/python3 run.py

4
docker/adbhoney/docker-compose.yml
View File

@ -10,8 +10,8 @@ services:
build: . build: .
container_name: adbhoney container_name: adbhoney
restart: always restart: always
cpu_count: 1 # cpu_count: 1
cpus: 0.25 # cpus: 0.25
networks: networks:
- adbhoney_local - adbhoney_local
ports: ports:

54
etc/compose/standard.yml
View File

@ -32,8 +32,6 @@ services:
adbhoney: adbhoney:
container_name: adbhoney container_name: adbhoney
restart: always restart: always
cpu_count: 1
cpus: 0.25
networks: networks:
- adbhoney_local - adbhoney_local
ports: ports:
@ -50,8 +48,6 @@ services:
restart: always restart: always
tmpfs: tmpfs:
- /tmp/ciscoasa:uid=2000,gid=2000 - /tmp/ciscoasa:uid=2000,gid=2000
cpu_count: 1
cpus: 0.25
network_mode: "host" network_mode: "host"
ports: ports:
- "5000:5000/udp" - "5000:5000/udp"
@ -65,8 +61,6 @@ services:
citrixhoneypot: citrixhoneypot:
container_name: citrixhoneypot container_name: citrixhoneypot
restart: always restart: always
cpu_count: 1
cpus: 0.25
networks: networks:
- citrixhoneypot_local - citrixhoneypot_local
ports: ports:
@ -88,8 +82,6 @@ services:
- CONPOT_TMP=/tmp/conpot - CONPOT_TMP=/tmp/conpot
tmpfs: tmpfs:
- /tmp/conpot:uid=2000,gid=2000 - /tmp/conpot:uid=2000,gid=2000
cpu_count: 1
cpus: 0.25
networks: networks:
- conpot_local_IEC104 - conpot_local_IEC104
ports: ports:
@ -112,8 +104,6 @@ services:
- CONPOT_TMP=/tmp/conpot - CONPOT_TMP=/tmp/conpot
tmpfs: tmpfs:
- /tmp/conpot:uid=2000,gid=2000 - /tmp/conpot:uid=2000,gid=2000
cpu_count: 1
cpus: 0.25
networks: networks:
- conpot_local_guardian_ast - conpot_local_guardian_ast
ports: ports:
@ -135,8 +125,6 @@ services:
- CONPOT_TMP=/tmp/conpot - CONPOT_TMP=/tmp/conpot
tmpfs: tmpfs:
- /tmp/conpot:uid=2000,gid=2000 - /tmp/conpot:uid=2000,gid=2000
cpu_count: 1
cpus: 0.25
networks: networks:
- conpot_local_ipmi - conpot_local_ipmi
ports: ports:
@ -158,8 +146,6 @@ services:
- CONPOT_TMP=/tmp/conpot - CONPOT_TMP=/tmp/conpot
tmpfs: tmpfs:
- /tmp/conpot:uid=2000,gid=2000 - /tmp/conpot:uid=2000,gid=2000
cpu_count: 1
cpus: 0.25
networks: networks:
- conpot_local_kamstrup_382 - conpot_local_kamstrup_382
ports: ports:
@ -177,8 +163,6 @@ services:
tmpfs: tmpfs:
- /tmp/cowrie:uid=2000,gid=2000 - /tmp/cowrie:uid=2000,gid=2000
- /tmp/cowrie/data:uid=2000,gid=2000 - /tmp/cowrie/data:uid=2000,gid=2000
cpu_count: 1
cpus: 0.25
networks: networks:
- cowrie_local - cowrie_local
ports: ports:
@ -196,8 +180,6 @@ services:
ddospot: ddospot:
container_name: ddospot container_name: ddospot
restart: always restart: always
cpu_count: 1
cpus: 0.25
networks: networks:
- ddospot_local - ddospot_local
ports: ports:
@ -220,8 +202,6 @@ services:
dicompot: dicompot:
container_name: dicompot container_name: dicompot
restart: always restart: always
cpu_count: 1
cpus: 0.25
networks: networks:
- dicompot_local - dicompot_local
ports: ports:
@ -238,8 +218,6 @@ services:
stdin_open: true stdin_open: true
tty: true tty: true
restart: always restart: always
cpu_count: 1
cpus: 0.25
networks: networks:
- dionaea_local - dionaea_local
ports: ports:
@ -275,8 +253,6 @@ services:
elasticpot: elasticpot:
container_name: elasticpot container_name: elasticpot
restart: always restart: always
cpu_count: 1
cpus: 0.25
networks: networks:
- elasticpot_local - elasticpot_local
ports: ports:
@ -292,8 +268,6 @@ services:
restart: always restart: always
tmpfs: tmpfs:
- /tmp/heralding:uid=2000,gid=2000 - /tmp/heralding:uid=2000,gid=2000
cpu_count: 1
cpus: 0.25
networks: networks:
- heralding_local - heralding_local
ports: ports:
@ -324,8 +298,6 @@ services:
restart: always restart: always
tmpfs: tmpfs:
- /tmp/honeytrap:uid=2000,gid=2000 - /tmp/honeytrap:uid=2000,gid=2000
cpu_count: 1
cpus: 0.75
network_mode: "host" network_mode: "host"
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
@ -346,8 +318,6 @@ services:
- HPFEEDS_SECRET=pass - HPFEEDS_SECRET=pass
- HPFEEDS_PORT=20000 - HPFEEDS_PORT=20000
- HPFEEDS_CHANNELPREFIX=prefix - HPFEEDS_CHANNELPREFIX=prefix
cpu_count: 1
cpus: 0.25
networks: networks:
- mailoney_local - mailoney_local
ports: ports:
@ -361,8 +331,6 @@ services:
medpot: medpot:
container_name: medpot container_name: medpot
restart: always restart: always
cpu_count: 1
cpus: 0.25
networks: networks:
- medpot_local - medpot_local
ports: ports:
@ -376,8 +344,6 @@ services:
sentrypeer: sentrypeer:
container_name: sentrypeer container_name: sentrypeer
restart: always restart: always
cpu_count: 1
cpus: 0.25
networks: networks:
- sentrypeer_local - sentrypeer_local
ports: ports:
@ -393,8 +359,6 @@ services:
container_name: tanner_redis container_name: tanner_redis
restart: always restart: always
tty: true tty: true
cpu_count: 1
cpus: 0.25
networks: networks:
- tanner_local - tanner_local
image: "dtagdevsec/redis:2203" image: "dtagdevsec/redis:2203"
@ -405,8 +369,6 @@ services:
container_name: tanner_phpox container_name: tanner_phpox
restart: always restart: always
tty: true tty: true
cpu_count: 1
cpus: 0.25
networks: networks:
- tanner_local - tanner_local
image: "dtagdevsec/phpox:2203" image: "dtagdevsec/phpox:2203"
@ -419,8 +381,6 @@ services:
tmpfs: tmpfs:
- /tmp/tanner:uid=2000,gid=2000 - /tmp/tanner:uid=2000,gid=2000
tty: true tty: true
cpu_count: 1
cpus: 0.25
networks: networks:
- tanner_local - tanner_local
image: "dtagdevsec/tanner:2203" image: "dtagdevsec/tanner:2203"
@ -455,8 +415,6 @@ services:
tmpfs: tmpfs:
- /tmp/tanner:uid=2000,gid=2000 - /tmp/tanner:uid=2000,gid=2000
tty: true tty: true
cpu_count: 1
cpus: 0.25
networks: networks:
- tanner_local - tanner_local
image: "dtagdevsec/tanner:2203" image: "dtagdevsec/tanner:2203"
@ -475,8 +433,6 @@ services:
container_name: snare container_name: snare
restart: always restart: always
tty: true tty: true
cpu_count: 1
cpus: 0.25
networks: networks:
- tanner_local - tanner_local
ports: ports:
@ -494,8 +450,6 @@ services:
fatt: fatt:
container_name: fatt container_name: fatt
restart: always restart: always
cpu_count: 1
cpus: 0.75
network_mode: "host" network_mode: "host"
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
@ -509,8 +463,6 @@ services:
p0f: p0f:
container_name: p0f container_name: p0f
restart: always restart: always
cpu_count: 1
cpus: 0.75
network_mode: "host" network_mode: "host"
image: "dtagdevsec/p0f:2203" image: "dtagdevsec/p0f:2203"
read_only: true read_only: true
@ -636,8 +588,6 @@ services:
ewsposter: ewsposter:
container_name: ewsposter container_name: ewsposter
restart: always restart: always
cpu_count: 1
cpus: 0.75
networks: networks:
- ewsposter_local - ewsposter_local
environment: environment:
@ -668,8 +618,6 @@ services:
- /var/tmp/nginx/scgi - /var/tmp/nginx/scgi
- /run - /run
- /var/lib/nginx/tmp:uid=100,gid=82 - /var/lib/nginx/tmp:uid=100,gid=82
cpu_count: 1
cpus: 0.75
network_mode: "host" network_mode: "host"
ports: ports:
- "64297:64297" - "64297:64297"
@ -685,8 +633,6 @@ services:
spiderfoot: spiderfoot:
container_name: spiderfoot container_name: spiderfoot
restart: always restart: always
cpu_count: 1
cpus: 0.75
networks: networks:
- spiderfoot_local - spiderfoot_local
ports: ports: