Add a new elasticsearch honeypot

adjust installer adjust elasticpot configs to T-Pot's environment create Dockerfile adjust logstash config update Readme
2025-07-02 01:27:27 -04:00 · 2020-06-17 18:09:59 +00:00
parent 739c7c1154
commit 2882668826
16 changed files with 425 additions and 28 deletions
--- a/docker/elasticpot/Dockerfile
+++ b/docker/elasticpot/Dockerfile
@ -4,31 +4,41 @@ FROM alpine:latest
 ADD dist/ /root/dist/
 #
 # Install packages
-RUN apk -U --no-cache add \
+RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
+    apk -U add \
+             build-base \
+	     ca-certificates \
             git \
+             libffi-dev \
+	     openssl \
+             openssl-dev \
+             py3-mysqlclient \
+             py3-requests \
 	     py3-pip \
-             python3 && \
-    pip3 install --no-cache-dir bottle \
-                                configparser \
-                                datetime \
-                                requests && \
+             python3 \
+             python3-dev && \
    mkdir -p /opt && \
    cd /opt/ && \
-    git clone --depth=1 https://github.com/schmalle/ElasticpotPY.git && \
+    git clone --depth=1 https://gitlab.com/bontchev/elasticpot.git/ && \
+    cd elasticpot && \
+    pip3 install -r requirements.txt && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 elasticpot && \
    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 elasticpot && \
-    mv /root/dist/elasticpot.cfg /opt/ElasticpotPY/ && \
-    mkdir /opt/ElasticpotPY/log && \
+    mv /root/dist/honeypot.cfg /opt/elasticpot/etc/ && \
 #
 # Clean up
-    apk del --purge git && \
+    apk del --purge build-base \
+                    git \
+                    libffi-dev \
+		    openssl-dev \
+		    python3-dev && \
    rm -rf /root/* && \
    rm -rf /var/cache/apk/*
 #
 # Start elasticpot
 STOPSIGNAL SIGINT
 USER elasticpot:elasticpot
-WORKDIR /opt/ElasticpotPY/
-CMD ["/usr/bin/python3","main.py"]
+WORKDIR /opt/elasticpot/
+CMD ["/usr/bin/python3","elasticpot.py"]