tweaking, hardening

2025-07-02 01:27:27 -04:00 · 2018-03-31 15:18:28 +00:00
parent 4ee334aee8
commit 2f6a8014bc
18 changed files with 214 additions and 24 deletions
--- a/docker/elk/docker-compose.yml
+++ b/docker/elk/docker-compose.yml
@ -0,0 +1,65 @@
+# T-Pot (Standard)
+# For docker-compose ...
+version: '2.2'
+
+services:
+
+# ELK services
+## Elasticsearch service
+  elasticsearch:
+    container_name: elasticsearch
+    restart: always
+    environment:
+     - bootstrap.memory_lock=true
+     - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
+    cap_add:
+     - IPC_LOCK
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    mem_limit: 2g
+    ports:
+     - "127.0.0.1:64298:9200"
+    image: "dtagdevsec/elasticsearch:1804"
+    volumes:
+     - /data:/data
+
+## Kibana service
+  kibana:
+    container_name: kibana
+    restart: always
+    depends_on:
+      elasticsearch:
+        condition: service_healthy
+    ports:
+     - "127.0.0.1:64296:5601"
+    image: "dtagdevsec/kibana:1804"
+
+## Logstash service
+  logstash:
+    container_name: logstash
+    restart: always
+    depends_on:
+      elasticsearch:
+        condition: service_healthy
+    env_file:
+     - /opt/tpot/etc/compose/elk_environment
+    image: "dtagdevsec/logstash:1804"
+    volumes:
+     - /data:/data
+     - /var/log:/data/host/log
+
+## Elasticsearch-head service
+  head:
+    container_name: head
+    restart: always
+    depends_on:
+      elasticsearch:
+        condition: service_healthy
+    ports:
+     - "127.0.0.1:64302:9100"
+    image: "dtagdevsec/head:1804"
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@ -28,12 +28,12 @@ RUN apk -U upgrade && \
    chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/ && \

 # Clean up
-    apk del wget && \
+    apk del --purge wget && \
    rm -rf /root/*

 # Healthcheck
 HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health'

 # Start ELK
-USER elasticsearch
+USER elasticsearch:elasticsearch
 CMD ["/usr/share/elasticsearch/bin/elasticsearch"]
--- a/docker/elk/elasticsearch/docker-compose.yml
+++ b/docker/elk/elasticsearch/docker-compose.yml
@ -0,0 +1,30 @@
+# T-Pot (Standard)
+# For docker-compose ...
+version: '2.2'
+
+services:
+
+# ELK services
+## Elasticsearch service
+  elasticsearch:
+    build: .
+    container_name: elasticsearch
+    restart: always
+    environment:
+     - bootstrap.memory_lock=true
+     - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
+    cap_add:
+     - IPC_LOCK
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    mem_limit: 2g
+    ports:
+     - "127.0.0.1:64298:9200"
+    image: "dtagdevsec/elasticsearch:1804"
+    volumes:
+     - /data:/data
--- a/docker/elk/head/Dockerfile
+++ b/docker/elk/head/Dockerfile
@ -22,12 +22,12 @@ RUN apk -U upgrade && \
    chown -R head:head /usr/src/app/ && \

 # Clean up
-    apk del git
+    apk del --purge git

 # Healthcheck
 HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9100'

 # Start elasticsearch-head
-USER head
+USER head:head
 WORKDIR /usr/src/app
 CMD ["node_modules/http-server/bin/http-server", "_site", "-p", "9100"]
--- a/docker/elk/head/docker-compose.yml
+++ b/docker/elk/head/docker-compose.yml
@ -0,0 +1,18 @@
+# T-Pot (Standard)
+# For docker-compose ...
+version: '2.2'
+
+services:
+
+## Elasticsearch-head service
+  head:
+    build: .
+    container_name: head
+    restart: always
+    #    depends_on:
+    #      elasticsearch:
+    #        condition: service_healthy
+    ports:
+     - "127.0.0.1:64302:9100"
+    image: "dtagdevsec/head:1804"
+    read_only: true
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@ -44,12 +44,12 @@ RUN apk -U upgrade && \
    chown -R kibana:kibana /usr/share/kibana/ && \

 # Clean up
-    apk del wget && \
+    apk del --purge wget && \
    rm -rf /root/*

 # Healthcheck
 HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:5601'

 # Start kibana
-USER kibana
+USER kibana:kibana
 CMD ["/usr/share/kibana/bin/kibana"]
--- a/docker/elk/kibana/docker-compose.yml
+++ b/docker/elk/kibana/docker-compose.yml
@ -0,0 +1,17 @@
+# T-Pot (Standard)
+# For docker-compose ...
+version: '2.2'
+
+services:
+
+## Kibana service
+  kibana:
+    build: .
+    container_name: kibana
+    restart: always
+#    depends_on:
+#      elasticsearch:
+#        condition: service_healthy
+    ports:
+     - "127.0.0.1:64296:5601"
+    image: "dtagdevsec/kibana:1804"
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -33,12 +33,20 @@ RUN apk -U upgrade && \
    cp logstash.conf /etc/logstash/conf.d/ && \
    cp elasticsearch-template-es5x.json /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-7.4.2-java/lib/logstash/outputs/elasticsearch/ && \

+# Setup user, groups and configs
+    addgroup -g 2000 logstash && \
+    adduser -S -H -s /bin/bash -u 2000 -D -g 2000 logstash && \
+    chown -R logstash:logstash /usr/share/logstash && \
+    chown -R logstash:logstash /etc/listbot && \
+    chmod 755 /usr/bin/update.sh && \
+
 # Clean up
-    apk del wget && \
+    apk del --purge wget && \
    rm -rf /root/*

 # Healthcheck
 HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'

 # Start logstash
+USER logstash:logstash
 CMD update.sh && /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf
--- a/docker/elk/logstash/docker-compose.yml
+++ b/docker/elk/logstash/docker-compose.yml
@ -0,0 +1,20 @@
+# T-Pot (Standard)
+# For docker-compose ...
+version: '2.2'
+
+services:
+
+## Logstash service
+  logstash:
+    build: .
+    container_name: logstash
+    restart: always
+#    depends_on:
+#      elasticsearch:
+#        condition: service_healthy
+    env_file:
+     - /opt/tpot/etc/compose/elk_environment
+    image: "dtagdevsec/logstash:1804"
+    volumes:
+     - /data:/data
+     - /var/log:/data/host/log