mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-07-02 01:27:27 -04:00 
			
		
		
		
	Begin of restructuring ...
- deprecate old release - set virtual version - we need tpot user / group, adding to installer - tweaking - do not use the dev branch, it will break stuff
This commit is contained in:
		
							
								
								
									
										575
									
								
								docker/tpotinit/dist/etc/compose/nextgen.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										575
									
								
								docker/tpotinit/dist/etc/compose/nextgen.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,575 @@ | ||||
| # T-Pot (NextGen) | ||||
| # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) | ||||
| version: '2.3' | ||||
|  | ||||
| networks: | ||||
|   adbhoney_local: | ||||
|   ciscoasa_local: | ||||
|   citrixhoneypot_local: | ||||
|   conpot_local_IEC104: | ||||
|   conpot_local_guardian_ast: | ||||
|   conpot_local_ipmi: | ||||
|   conpot_local_kamstrup_382: | ||||
|   ddospot_local: | ||||
|   dicompot_local: | ||||
|   dionaea_local: | ||||
|   elasticpot_local: | ||||
|   endlessh_local: | ||||
|   hellpot_local: | ||||
|   heralding_local: | ||||
|   ipphoney_local: | ||||
|   mailoney_local: | ||||
|   medpot_local: | ||||
|   redishoneypot_local: | ||||
|   ewsposter_local: | ||||
|   spiderfoot_local: | ||||
|  | ||||
| services: | ||||
|  | ||||
| ################## | ||||
| #### Honeypots | ||||
| ################## | ||||
|  | ||||
| # Adbhoney service | ||||
|   adbhoney: | ||||
|     container_name: adbhoney | ||||
|     restart: always | ||||
|     networks: | ||||
|      - adbhoney_local | ||||
|     ports: | ||||
|      - "5555:5555" | ||||
|     image: "dtagdevsec/adbhoney:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/adbhoney/log:/opt/adbhoney/log | ||||
|      - /data/adbhoney/downloads:/opt/adbhoney/dl | ||||
|  | ||||
| # Ciscoasa service | ||||
|   ciscoasa: | ||||
|     container_name: ciscoasa | ||||
|     restart: always | ||||
|     tmpfs: | ||||
|      - /tmp/ciscoasa:uid=2000,gid=2000 | ||||
|     networks: | ||||
|      - ciscoasa_local | ||||
|     ports: | ||||
|      - "5000:5000/udp" | ||||
|      - "8443:8443" | ||||
|     image: "dtagdevsec/ciscoasa:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/ciscoasa/log:/var/log/ciscoasa | ||||
|  | ||||
| # CitrixHoneypot service | ||||
|   citrixhoneypot: | ||||
|     container_name: citrixhoneypot | ||||
|     restart: always | ||||
|     networks: | ||||
|      - citrixhoneypot_local | ||||
|     ports: | ||||
|      - "443:443" | ||||
|     image: "dtagdevsec/citrixhoneypot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs        | ||||
|  | ||||
| # Conpot IEC104 service | ||||
|   conpot_IEC104: | ||||
|     container_name: conpot_iec104 | ||||
|     restart: always | ||||
|     environment: | ||||
|      - CONPOT_CONFIG=/etc/conpot/conpot.cfg | ||||
|      - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json | ||||
|      - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log | ||||
|      - CONPOT_TEMPLATE=IEC104 | ||||
|      - CONPOT_TMP=/tmp/conpot | ||||
|     tmpfs: | ||||
|      - /tmp/conpot:uid=2000,gid=2000 | ||||
|     networks: | ||||
|      - conpot_local_IEC104 | ||||
|     ports: | ||||
|      - "161:161/udp" | ||||
|      - "2404:2404" | ||||
|     image: "dtagdevsec/conpot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/conpot/log:/var/log/conpot | ||||
|  | ||||
| # Conpot guardian_ast service | ||||
|   conpot_guardian_ast: | ||||
|     container_name: conpot_guardian_ast | ||||
|     restart: always | ||||
|     environment: | ||||
|      - CONPOT_CONFIG=/etc/conpot/conpot.cfg | ||||
|      - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json | ||||
|      - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log | ||||
|      - CONPOT_TEMPLATE=guardian_ast | ||||
|      - CONPOT_TMP=/tmp/conpot | ||||
|     tmpfs: | ||||
|      - /tmp/conpot:uid=2000,gid=2000 | ||||
|     networks: | ||||
|      - conpot_local_guardian_ast | ||||
|     ports: | ||||
|      - "10001:10001" | ||||
|     image: "dtagdevsec/conpot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/conpot/log:/var/log/conpot | ||||
|  | ||||
| # Conpot ipmi | ||||
|   conpot_ipmi: | ||||
|     container_name: conpot_ipmi | ||||
|     restart: always | ||||
|     environment: | ||||
|      - CONPOT_CONFIG=/etc/conpot/conpot.cfg | ||||
|      - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json | ||||
|      - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log | ||||
|      - CONPOT_TEMPLATE=ipmi | ||||
|      - CONPOT_TMP=/tmp/conpot | ||||
|     tmpfs: | ||||
|      - /tmp/conpot:uid=2000,gid=2000 | ||||
|     networks: | ||||
|      - conpot_local_ipmi | ||||
|     ports: | ||||
|      - "623:623/udp" | ||||
|     image: "dtagdevsec/conpot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/conpot/log:/var/log/conpot | ||||
|  | ||||
| # Conpot kamstrup_382 | ||||
|   conpot_kamstrup_382: | ||||
|     container_name: conpot_kamstrup_382 | ||||
|     restart: always | ||||
|     environment: | ||||
|      - CONPOT_CONFIG=/etc/conpot/conpot.cfg | ||||
|      - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json | ||||
|      - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log | ||||
|      - CONPOT_TEMPLATE=kamstrup_382 | ||||
|      - CONPOT_TMP=/tmp/conpot | ||||
|     tmpfs: | ||||
|      - /tmp/conpot:uid=2000,gid=2000 | ||||
|     networks: | ||||
|      - conpot_local_kamstrup_382 | ||||
|     ports: | ||||
|      - "1025:1025" | ||||
|      - "50100:50100" | ||||
|     image: "dtagdevsec/conpot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/conpot/log:/var/log/conpot | ||||
|  | ||||
| # Ddospot service | ||||
|   ddospot: | ||||
|     container_name: ddospot | ||||
|     restart: always | ||||
|     networks: | ||||
|      - ddospot_local | ||||
|     ports: | ||||
|      - "19:19/udp" | ||||
|      - "53:53/udp" | ||||
|      - "123:123/udp" | ||||
| #     - "161:161/udp" | ||||
|      - "1900:1900/udp" | ||||
|     image: "dtagdevsec/ddospot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/ddospot/log:/opt/ddospot/ddospot/logs | ||||
|      - /data/ddospot/bl:/opt/ddospot/ddospot/bl | ||||
|      - /data/ddospot/db:/opt/ddospot/ddospot/db | ||||
|  | ||||
| # Dicompot service | ||||
| # Get the Horos Client for testing: https://horosproject.org/ | ||||
| # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/  | ||||
| # Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images | ||||
|   dicompot: | ||||
|     container_name: dicompot | ||||
|     restart: always | ||||
|     networks: | ||||
|      - dicompot_local | ||||
|     ports: | ||||
|      - "11112:11112" | ||||
|     image: "dtagdevsec/dicompot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/dicompot/log:/var/log/dicompot | ||||
| #     - /data/dicompot/images:/opt/dicompot/images | ||||
|  | ||||
| # Dionaea service | ||||
|   dionaea: | ||||
|     container_name: dionaea | ||||
|     stdin_open: true | ||||
|     tty: true | ||||
|     restart: always | ||||
|     networks: | ||||
|      - dionaea_local | ||||
|     ports: | ||||
|      - "20:20" | ||||
|      - "21:21" | ||||
|      - "42:42" | ||||
|      - "69:69/udp" | ||||
|      - "81:81" | ||||
|      - "135:135" | ||||
|      # - "443:443" | ||||
|      - "445:445" | ||||
|      - "1433:1433" | ||||
|      - "1723:1723" | ||||
|      - "1883:1883" | ||||
|      - "3306:3306" | ||||
|      # - "5060:5060" | ||||
|      # - "5060:5060/udp" | ||||
|      # - "5061:5061" | ||||
|      - "27017:27017" | ||||
|     image: "dtagdevsec/dionaea:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp | ||||
|      - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp | ||||
|      - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www | ||||
|      - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp | ||||
|      - /data/dionaea:/opt/dionaea/var/dionaea | ||||
|      - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries | ||||
|      - /data/dionaea/log:/opt/dionaea/var/log | ||||
|      - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp | ||||
|  | ||||
| # ElasticPot service | ||||
|   elasticpot: | ||||
|     container_name: elasticpot | ||||
|     restart: always | ||||
|     networks: | ||||
|      - elasticpot_local | ||||
|     ports: | ||||
|      - "9200:9200" | ||||
|     image: "dtagdevsec/elasticpot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/elasticpot/log:/opt/elasticpot/log | ||||
|  | ||||
| # Endlessh service | ||||
|   endlessh: | ||||
|     container_name: endlessh | ||||
|     restart: always | ||||
|     networks: | ||||
|      - endlessh_local | ||||
|     ports: | ||||
|      - "22:2222" | ||||
|     image: "dtagdevsec/endlessh:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/endlessh/log:/var/log/endlessh | ||||
|  | ||||
| # Glutton service | ||||
|   glutton: | ||||
|     container_name: glutton | ||||
|     restart: always | ||||
|     tmpfs: | ||||
|      - /var/lib/glutton:uid=2000,gid=2000 | ||||
|      - /run:uid=2000,gid=2000 | ||||
|     network_mode: "host" | ||||
|     cap_add: | ||||
|      - NET_ADMIN | ||||
|     image: "dtagdevsec/glutton:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/glutton/log:/var/log/glutton | ||||
| #     - /root/tpotce/docker/glutton/dist/rules.yaml:/opt/glutton/rules/rules.yaml | ||||
|  | ||||
| # Heralding service | ||||
|   heralding: | ||||
|     container_name: heralding | ||||
|     restart: always | ||||
|     tmpfs: | ||||
|      - /tmp/heralding:uid=2000,gid=2000 | ||||
|     networks: | ||||
|      - heralding_local | ||||
|     ports: | ||||
|     # - "21:21" | ||||
|     # - "22:22" | ||||
|     # - "23:23" | ||||
|     # - "25:25" | ||||
|     # - "80:80" | ||||
|      - "110:110" | ||||
|      - "143:143" | ||||
|     # - "443:443" | ||||
|      - "465:465" | ||||
|      - "993:993" | ||||
|      - "995:995" | ||||
|     # - "3306:3306" | ||||
|     # - "3389:3389" | ||||
|      - "1080:1080" | ||||
|      - "5432:5432" | ||||
|      - "5900:5900" | ||||
|     image: "dtagdevsec/heralding:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/heralding/log:/var/log/heralding | ||||
|  | ||||
| # Ipphoney service | ||||
|   ipphoney: | ||||
|     container_name: ipphoney | ||||
|     restart: always | ||||
|     networks: | ||||
|      - ipphoney_local | ||||
|     ports: | ||||
|      - "631:631" | ||||
|     image: "dtagdevsec/ipphoney:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/ipphoney/log:/opt/ipphoney/log | ||||
|  | ||||
| # Mailoney service | ||||
|   mailoney: | ||||
|     container_name: mailoney | ||||
|     restart: always | ||||
|     environment: | ||||
|      - HPFEEDS_SERVER= | ||||
|      - HPFEEDS_IDENT=user | ||||
|      - HPFEEDS_SECRET=pass | ||||
|      - HPFEEDS_PORT=20000 | ||||
|      - HPFEEDS_CHANNELPREFIX=prefix | ||||
|     networks: | ||||
|      - mailoney_local | ||||
|     ports: | ||||
|      - "25:25" | ||||
|     image: "dtagdevsec/mailoney:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/mailoney/log:/opt/mailoney/logs | ||||
|  | ||||
| # Medpot service | ||||
|   medpot: | ||||
|     container_name: medpot | ||||
|     restart: always | ||||
|     networks: | ||||
|      - medpot_local | ||||
|     ports: | ||||
|      - "2575:2575" | ||||
|     image: "dtagdevsec/medpot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/medpot/log/:/var/log/medpot | ||||
|  | ||||
| # Redishoneypot service | ||||
|   redishoneypot: | ||||
|     container_name: redishoneypot | ||||
|     restart: always | ||||
|     networks: | ||||
|      - redishoneypot_local | ||||
|     ports: | ||||
|      - "6379:6379" | ||||
|     image: "dtagdevsec/redishoneypot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/redishoneypot/log:/var/log/redishoneypot | ||||
|  | ||||
| # Hellpot service | ||||
|   hellpot: | ||||
|     container_name: hellpot | ||||
|     restart: always | ||||
|     networks: | ||||
|      - hellpot_local | ||||
|     ports: | ||||
|      - "80:8080" | ||||
|     image: "dtagdevsec/hellpot:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/hellpot/log:/var/log/hellpot | ||||
|  | ||||
| ################## | ||||
| #### NSM | ||||
| ################## | ||||
|  | ||||
| # Fatt service | ||||
|   fatt: | ||||
|     container_name: fatt | ||||
|     restart: always | ||||
|     network_mode: "host" | ||||
|     cap_add: | ||||
|      - NET_ADMIN | ||||
|      - SYS_NICE | ||||
|      - NET_RAW | ||||
|     image: "dtagdevsec/fatt:2204" | ||||
|     volumes: | ||||
|      - /data/fatt/log:/opt/fatt/log | ||||
|  | ||||
| # P0f service | ||||
|   p0f: | ||||
|     container_name: p0f | ||||
|     restart: always | ||||
|     network_mode: "host" | ||||
|     image: "dtagdevsec/p0f:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/p0f/log:/var/log/p0f | ||||
|  | ||||
| # Suricata service | ||||
|   suricata: | ||||
|     container_name: suricata | ||||
|     restart: always | ||||
|     environment: | ||||
|     # For ET Pro ruleset replace "OPEN" with your OINKCODE | ||||
|      - OINKCODE=OPEN | ||||
|     # Loading externel Rules from URL  | ||||
|     # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" | ||||
|     network_mode: "host" | ||||
|     cap_add: | ||||
|      - NET_ADMIN | ||||
|      - SYS_NICE | ||||
|      - NET_RAW | ||||
|     image: "dtagdevsec/suricata:2204" | ||||
|     volumes: | ||||
|      - /data/suricata/log:/var/log/suricata | ||||
|  | ||||
|  | ||||
| ################## | ||||
| #### Tools | ||||
| ################## | ||||
|  | ||||
| #### ELK | ||||
| ## Elasticsearch service | ||||
|   elasticsearch: | ||||
|     container_name: elasticsearch | ||||
|     restart: always | ||||
|     environment: | ||||
|      - bootstrap.memory_lock=true | ||||
|      - ES_JAVA_OPTS=-Xms2048m -Xmx2048m | ||||
|      - ES_TMPDIR=/tmp | ||||
|     cap_add: | ||||
|      - IPC_LOCK | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
|         hard: -1 | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     mem_limit: 4g | ||||
|     ports: | ||||
|      - "127.0.0.1:64298:9200" | ||||
|     image: "dtagdevsec/elasticsearch:2204" | ||||
|     volumes: | ||||
|      - /data:/data | ||||
|  | ||||
| ## Kibana service | ||||
|   kibana: | ||||
|     container_name: kibana | ||||
|     restart: always | ||||
|     depends_on: | ||||
|       elasticsearch: | ||||
|         condition: service_healthy | ||||
|     mem_limit: 1g | ||||
|     ports: | ||||
|      - "127.0.0.1:64296:5601" | ||||
|     image: "dtagdevsec/kibana:2204" | ||||
|  | ||||
| ## Logstash service | ||||
|   logstash: | ||||
|     container_name: logstash | ||||
|     restart: always | ||||
|     environment: | ||||
|      - LS_JAVA_OPTS=-Xms1024m -Xmx1024m | ||||
|     depends_on: | ||||
|       elasticsearch: | ||||
|         condition: service_healthy | ||||
|     env_file: | ||||
|      - /opt/tpot/etc/compose/elk_environment | ||||
|     mem_limit: 2g | ||||
|     image: "dtagdevsec/logstash:2204" | ||||
|     volumes: | ||||
|      - /data:/data | ||||
|  | ||||
| ## Map Redis Service | ||||
|   map_redis: | ||||
|     container_name: map_redis | ||||
|     restart: always | ||||
|     stop_signal: SIGKILL | ||||
|     tty: true | ||||
|     image: "dtagdevsec/redis:2204" | ||||
|     read_only: true | ||||
|  | ||||
| ## Map Web Service | ||||
|   map_web: | ||||
|     container_name: map_web | ||||
|     restart: always | ||||
|     environment: | ||||
|      - MAP_COMMAND=AttackMapServer.py | ||||
|     env_file: | ||||
|      - /opt/tpot/etc/compose/elk_environment | ||||
|     stop_signal: SIGKILL | ||||
|     tty: true | ||||
|     ports: | ||||
|      - "127.0.0.1:64299:64299" | ||||
|     image: "dtagdevsec/map:2204" | ||||
|  | ||||
| ## Map Data Service | ||||
|   map_data: | ||||
|     container_name: map_data | ||||
|     restart: always | ||||
|     depends_on: | ||||
|       elasticsearch: | ||||
|         condition: service_healthy | ||||
|     environment: | ||||
|      - MAP_COMMAND=DataServer_v2.py | ||||
|     env_file: | ||||
|      - /opt/tpot/etc/compose/elk_environment | ||||
|     stop_signal: SIGKILL | ||||
|     tty: true | ||||
|     image: "dtagdevsec/map:2204" | ||||
| #### /ELK | ||||
|  | ||||
| # Ewsposter service | ||||
|   ewsposter: | ||||
|     container_name: ewsposter | ||||
|     restart: always | ||||
|     networks: | ||||
|      - ewsposter_local | ||||
|     environment: | ||||
|      - EWS_HPFEEDS_ENABLE=false | ||||
|      - EWS_HPFEEDS_HOST=host | ||||
|      - EWS_HPFEEDS_PORT=port | ||||
|      - EWS_HPFEEDS_CHANNELS=channels | ||||
|      - EWS_HPFEEDS_IDENT=user | ||||
|      - EWS_HPFEEDS_SECRET=secret | ||||
|      - EWS_HPFEEDS_TLSCERT=false | ||||
|      - EWS_HPFEEDS_FORMAT=json | ||||
|     env_file: | ||||
|      - /opt/tpot/etc/compose/elk_environment | ||||
|     image: "dtagdevsec/ewsposter:2204" | ||||
|     volumes: | ||||
|      - /data:/data | ||||
|      - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip | ||||
|  | ||||
| # Nginx service | ||||
|   nginx: | ||||
|     container_name: nginx | ||||
|     restart: always | ||||
|     tmpfs: | ||||
|      - /var/tmp/nginx/client_body | ||||
|      - /var/tmp/nginx/proxy | ||||
|      - /var/tmp/nginx/fastcgi | ||||
|      - /var/tmp/nginx/uwsgi | ||||
|      - /var/tmp/nginx/scgi | ||||
|      - /run | ||||
|      - /var/lib/nginx/tmp:uid=100,gid=82 | ||||
|     network_mode: "host" | ||||
|     ports: | ||||
|      - "64297:64297" | ||||
|      - "127.0.0.1:64304:64304" | ||||
|     image: "dtagdevsec/nginx:2204" | ||||
|     read_only: true | ||||
|     volumes: | ||||
|      - /data/nginx/cert/:/etc/nginx/cert/:ro | ||||
|      - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro | ||||
|      - /data/nginx/log/:/var/log/nginx/ | ||||
|  | ||||
| # Spiderfoot service | ||||
|   spiderfoot: | ||||
|     container_name: spiderfoot | ||||
|     restart: always | ||||
|     networks: | ||||
|      - spiderfoot_local | ||||
|     ports: | ||||
|      - "127.0.0.1:64303:8080" | ||||
|     image: "dtagdevsec/spiderfoot:2204" | ||||
|     volumes: | ||||
|      - /data/spiderfoot:/home/spiderfoot/.spiderfoot | ||||
		Reference in New Issue
	
	Block a user
	 Marco Ochse
					Marco Ochse