include docker repos

... skip emobility since it is a dev repo

docker/ews/Dockerfile

@@ -0,0 +1,32 @@
+FROM alpine
+MAINTAINER MO
+
+# Include dist
+ADD dist/ /root/dist/
+
+# Install packages
+RUN apk -U upgrade && \
+    apk add build-base git libssl1.0 openssl-dev python-dev py-cffi py-ipaddress py-lxml py-mysqldb py-pip py-pysqlite py-requests py-setuptools && \
+    pip install pyOpenSSL==16.2.0 && \
+
+# Setup ewsposter
+    git clone https://github.com/rep/hpfeeds /opt/hpfeeds && \
+    cd /opt/hpfeeds && \
+    python setup.py install && \
+    git clone https://github.com/vorband/ewsposter /opt/ewsposter && \
+    mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \
+
+# Setup user and groups
+    addgroup -g 2000 ews && \
+    adduser -S -H -u 2000 -D -g 2000 ews && \
+
+# Supply configs
+    mv /root/dist/ews.cfg /opt/ewsposter/ && \
+
+# Clean up
+    apk del build-base git openssl-dev python-dev py-pip py-setuptools && \
+    rm -rf /root/* && \
+    rm -rf /var/cache/apk/*
+
+# Run ewsposter
+CMD sleep 10 && /usr/bin/python /opt/ewsposter/ews.py -l 60

docker/ews/README.md

@@ -0,0 +1,14 @@
+[![](https://images.microbadger.com/badges/version/dtagdevsec/ewsposter:1706.svg)](https://microbadger.com/images/dtagdevsec/ewsposter:1706 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/ewsposter:1706.svg)](https://microbadger.com/images/dtagdevsec/ewsposter:1706 "Get your own image badge on microbadger.com")
+
+# dockerized ewsposter
+
+
+[ewsposter](https://github.com/dtag-dev-sec/ews) is a python application that collects information from multiple honeypot sources and posts it to central collection services like the DTAG early warning system and hpfeeds. 
+
+This dockerized version is part of the **[T-Pot community honeypot](http://github.com/dtag-dev-sec/tpotce)** of Deutsche Telekom AG. 
+
+The `Dockerfile` contains the blueprint for the dockerized ewsposter and will be used to setup the docker image.  
+
+The `ews.cfg` is tailored to fit the T-Pot environment.
+
+The `supervisord.conf` is used to start ewsposter under supervision of supervisord. 

docker/ews/dist/ews.cfg

@@ -0,0 +1,98 @@
+[MAIN]
+homedir = /opt/ewsposter/
+spooldir = /opt/ewsposter/spool/
+logdir = /opt/ewsposter/log/
+del_malware_after_send = false
+send_malware = false
+sendlimit = 500
+contact = your_email_address
+proxy =
+ip =
+
+[EWS]
+ews = true
+username = community-01-user
+token = foth{a5maiCee8fineu7
+rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
+rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
+ignorecert = false
+
+[HPFEED]
+hpfeed = false
+host = 0.0.0.0
+port = 0
+channels = 0
+ident = 0
+secret= 0
+
+[EWSJSON]
+json = false
+jsondir = /data/ews/json/
+
+[GLASTOPFV3]
+glastopfv3 = true
+nodeid = glastopfv3-community-01
+sqlitedb = /data/glastopf/db/glastopf.db
+malwaredir = /data/glastopf/data/files/
+
+[GLASTOPFV2]
+glastopfv2 = false
+nodeid =
+mysqlhost =
+mysqldb =
+mysqluser =
+mysqlpw =
+malwaredir =
+
+[KIPPO]
+kippo = false
+nodeid = 
+mysqlhost = 
+mysqldb = 
+mysqluser = 
+mysqlpw = 
+malwaredir = 
+
+[COWRIE]
+cowrie = true
+nodeid = cowrie-community-01
+logfile = /data/cowrie/log/cowrie.json
+
+[DIONAEA]
+dionaea = true
+nodeid = dionaea-community-01
+malwaredir = /data/dionaea/binaries/
+sqlitedb = /data/dionaea/log/dionaea.sqlite
+
+[HONEYTRAP]
+honeytrap = true
+nodeid = honeytrap-community-01
+newversion = true
+payloaddir = /data/honeytrap/attacks/
+attackerfile = /data/honeytrap/log/attacker.log
+
+[RDPDETECT]
+rdpdetect = false
+nodeid =
+iptableslog =
+targetip =
+
+[EMOBILITY]
+eMobility = true
+nodeid = emobility-community-01
+logfile = /data/emobility/log/centralsystemEWS.log
+
+[CONPOT]
+conpot = true
+nodeid = conpot-community-01
+logfile = /data/conpot/log/conpot.json
+
+[ELASTICPOT]
+elasticpot = true
+nodeid = elasticpot-community-01
+logfile = /data/elasticpot/log/elasticpot.log
+
+[SURICATA]
+suricata = true
+nodeid = suricata-community-01
+logfile = /data/suricata/log/suricata_ews.log