mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
tweaking, hardening
This commit is contained in:
Marco Ochse
@ -15,6 +15,7 @@ RUN apt-get update -y && \
|
||||
check \
|
||||
cython3 \
|
||||
git \
|
||||
libcap2-bin \
|
||||
libcurl4-openssl-dev \
|
||||
libemu-dev \
|
||||
libev-dev \
|
||||
@ -54,6 +55,7 @@ RUN apt-get update -y && \
|
||||
# Setup user and groups
|
||||
addgroup --gid 2000 dionaea && \
|
||||
adduser --system --no-create-home --shell /bin/bash --uid 2000 --disabled-password --disabled-login --gid 2000 dionaea && \
|
||||
setcap cap_net_bind_service=+ep /opt/dionaea/bin/dionaea && \
|
||||
|
||||
# Supply configs and set permissions
|
||||
chown -R dionaea:dionaea /opt/dionaea/var && \
|
||||
@ -105,4 +107,5 @@ RUN apt-get update -y && \
|
||||
rm -rf /root/* /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
|
||||
# Start dionaea
|
||||
USER dionaea:dionaea
|
||||
CMD ["/opt/dionaea/bin/dionaea", "-u", "dionaea", "-g", "dionaea", "-c", "/opt/dionaea/etc/dionaea/dionaea.cfg"]
|
||||
|
||||
2
docker/dionaea/dist/etc/services/http.yaml
vendored
2
docker/dionaea/dist/etc/services/http.yaml
vendored
@ -2,7 +2,7 @@
|
||||
config:
|
||||
root: "/opt/dionaea/var/dionaea/roots/www"
|
||||
ports:
|
||||
- 80
|
||||
- 8081
|
||||
ssl_ports:
|
||||
- 443
|
||||
max_request_size: 32768 # maximum size in kbytes of the request (32MB)
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
# For docker-compose ...
|
||||
version: '2.2'
|
||||
|
||||
networks:
|
||||
dionaea_local:
|
||||
#networks:
|
||||
# dionaea_local:
|
||||
|
||||
services:
|
||||
|
||||
@ -13,16 +13,15 @@ services:
|
||||
container_name: dionaea
|
||||
stdin_open: true
|
||||
restart: always
|
||||
networks:
|
||||
- dionaea_local
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
network_mode: "host"
|
||||
# networks:
|
||||
# - dionaea_local
|
||||
ports:
|
||||
- "20:20"
|
||||
- "21:21"
|
||||
- "42:42"
|
||||
- "69:69/udp"
|
||||
- "8081:80"
|
||||
- "8081:8081"
|
||||
- "135:135"
|
||||
- "443:443"
|
||||
- "445:445"
|
||||
@ -35,6 +34,7 @@ services:
|
||||
- "5061:5061"
|
||||
- "27017:27017"
|
||||
image: "dtagdevsec/dionaea:1804"
|
||||
read_only: true
|
||||
volumes:
|
||||
- /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
|
||||
- /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
|
||||
|
||||
Reference in New Issue
Block a user