Add a new elasticsearch honeypot

adjust installer
adjust elasticpot configs to T-Pot's environment
create Dockerfile
adjust logstash config
update Readme
This commit is contained in:
t3chn0m4g3
2020-06-17 18:09:59 +00:00
parent 739c7c1154
commit 2882668826
16 changed files with 425 additions and 28 deletions

View File

@ -4,31 +4,41 @@ FROM alpine:latest
ADD dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
apk -U add \
build-base \
ca-certificates \
git \
libffi-dev \
openssl \
openssl-dev \
py3-mysqlclient \
py3-requests \
py3-pip \
python3 && \
pip3 install --no-cache-dir bottle \
configparser \
datetime \
requests && \
python3 \
python3-dev && \
mkdir -p /opt && \
cd /opt/ && \
git clone --depth=1 https://github.com/schmalle/ElasticpotPY.git && \
git clone --depth=1 https://gitlab.com/bontchev/elasticpot.git/ && \
cd elasticpot && \
pip3 install -r requirements.txt && \
#
# Setup user, groups and configs
addgroup -g 2000 elasticpot && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 elasticpot && \
mv /root/dist/elasticpot.cfg /opt/ElasticpotPY/ && \
mkdir /opt/ElasticpotPY/log && \
mv /root/dist/honeypot.cfg /opt/elasticpot/etc/ && \
#
# Clean up
apk del --purge git && \
apk del --purge build-base \
git \
libffi-dev \
openssl-dev \
python3-dev && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
#
# Start elasticpot
STOPSIGNAL SIGINT
USER elasticpot:elasticpot
WORKDIR /opt/ElasticpotPY/
CMD ["/usr/bin/python3","main.py"]
WORKDIR /opt/elasticpot/
CMD ["/usr/bin/python3","elasticpot.py"]