mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
improvements
use docker-compose from pypi with support for 2.1 compose file version logstash, kibana, head & netdata are now depending on a healthy elasticsearch container before starting remove alerta-cli tweak installer
This commit is contained in:
@ -1,6 +1,6 @@
|
||||
# T-Pot (Everything)
|
||||
# For docker-compose ...
|
||||
version: '2'
|
||||
version: '2.1'
|
||||
|
||||
networks:
|
||||
conpot_local:
|
||||
@ -35,9 +35,11 @@ services:
|
||||
restart: always
|
||||
networks:
|
||||
- cowrie_local
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "22:2222"
|
||||
- "23:2223"
|
||||
- "22:22"
|
||||
- "23:23"
|
||||
image: "dtagdevsec/cowrie:1706"
|
||||
volumes:
|
||||
- /data/cowrie:/data/cowrie
|
||||
@ -101,7 +103,7 @@ services:
|
||||
nofile:
|
||||
soft: 65536
|
||||
hard: 65536
|
||||
# mem_limit: 3g
|
||||
# mem_limit: 2g
|
||||
ports:
|
||||
- "127.0.0.1:64298:9200"
|
||||
image: "dtagdevsec/elasticsearch:1706"
|
||||
@ -113,7 +115,8 @@ services:
|
||||
container_name: kibana
|
||||
restart: always
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:64296:5601"
|
||||
image: "dtagdevsec/kibana:1706"
|
||||
@ -123,7 +126,8 @@ services:
|
||||
container_name: logstash
|
||||
restart: always
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
env_file:
|
||||
- /etc/tpot/elk/environment
|
||||
image: "dtagdevsec/logstash:1706"
|
||||
@ -136,7 +140,8 @@ services:
|
||||
container_name: head
|
||||
restart: always
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:64302:9100"
|
||||
image: "dtagdevsec/head:1706"
|
||||
@ -195,8 +200,13 @@ services:
|
||||
# Netdata service
|
||||
netdata:
|
||||
container_name: netdata
|
||||
hostname: ${HOSTNAME}
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:64301:19999"
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
security_opt:
|
||||
|
@ -1,6 +1,6 @@
|
||||
# T-Pot (Honeypots)
|
||||
# For docker-compose ...
|
||||
version: '2'
|
||||
version: '2.1'
|
||||
|
||||
networks:
|
||||
cowrie_local:
|
||||
@ -17,9 +17,11 @@ services:
|
||||
restart: always
|
||||
networks:
|
||||
- cowrie_local
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "22:2222"
|
||||
- "23:2223"
|
||||
- "22:22"
|
||||
- "23:23"
|
||||
image: "dtagdevsec/cowrie:1706"
|
||||
volumes:
|
||||
- /data/cowrie:/data/cowrie
|
||||
@ -34,7 +36,7 @@ services:
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "21:21"
|
||||
- "21:21"
|
||||
- "42:42"
|
||||
- "69:69/udp"
|
||||
- "8081:80"
|
||||
@ -45,11 +47,11 @@ services:
|
||||
- "1723:1723"
|
||||
- "1883:1883"
|
||||
- "1900:1900"
|
||||
- "3306:3306"
|
||||
- "3306:3306"
|
||||
- "5060:5060"
|
||||
- "5061:5061"
|
||||
- "5060:5060/udp"
|
||||
- "11211:11211"
|
||||
- "11211:11211"
|
||||
image: "dtagdevsec/dionaea:1706"
|
||||
volumes:
|
||||
- /data/dionaea:/data/dionaea
|
||||
|
@ -1,6 +1,6 @@
|
||||
# T-Pot (Industrial)
|
||||
# For docker-compose ...
|
||||
version: '2'
|
||||
version: '2.1'
|
||||
|
||||
networks:
|
||||
conpot_local:
|
||||
@ -32,7 +32,7 @@ services:
|
||||
restart: always
|
||||
environment:
|
||||
- bootstrap.memory_lock=true
|
||||
# - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
||||
# - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
|
||||
cap_add:
|
||||
- IPC_LOCK
|
||||
ulimits:
|
||||
@ -54,7 +54,8 @@ services:
|
||||
container_name: kibana
|
||||
restart: always
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:64296:5601"
|
||||
image: "dtagdevsec/kibana:1706"
|
||||
@ -64,7 +65,8 @@ services:
|
||||
container_name: logstash
|
||||
restart: always
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
env_file:
|
||||
- /etc/tpot/elk/environment
|
||||
image: "dtagdevsec/logstash:1706"
|
||||
@ -77,7 +79,8 @@ services:
|
||||
container_name: head
|
||||
restart: always
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:64302:9100"
|
||||
image: "dtagdevsec/head:1706"
|
||||
@ -111,8 +114,13 @@ services:
|
||||
# Netdata service
|
||||
netdata:
|
||||
container_name: netdata
|
||||
hostname: ${HOSTNAME}
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:64301:19999"
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
security_opt:
|
||||
|
@ -1,6 +1,6 @@
|
||||
# T-Pot (Standard)
|
||||
# For docker-compose ...
|
||||
version: '2'
|
||||
version: '2.1'
|
||||
|
||||
networks:
|
||||
cowrie_local:
|
||||
@ -19,9 +19,11 @@ services:
|
||||
restart: always
|
||||
networks:
|
||||
- cowrie_local
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "22:2222"
|
||||
- "23:2223"
|
||||
- "22:22"
|
||||
- "23:23"
|
||||
image: "dtagdevsec/cowrie:1706"
|
||||
volumes:
|
||||
- /data/cowrie:/data/cowrie
|
||||
@ -75,7 +77,7 @@ services:
|
||||
restart: always
|
||||
environment:
|
||||
- bootstrap.memory_lock=true
|
||||
# - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
||||
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
||||
cap_add:
|
||||
- IPC_LOCK
|
||||
ulimits:
|
||||
@ -97,7 +99,8 @@ services:
|
||||
container_name: kibana
|
||||
restart: always
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:64296:5601"
|
||||
image: "dtagdevsec/kibana:1706"
|
||||
@ -107,7 +110,8 @@ services:
|
||||
container_name: logstash
|
||||
restart: always
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
env_file:
|
||||
- /etc/tpot/elk/environment
|
||||
image: "dtagdevsec/logstash:1706"
|
||||
@ -120,7 +124,8 @@ services:
|
||||
container_name: head
|
||||
restart: always
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:64302:9100"
|
||||
image: "dtagdevsec/head:1706"
|
||||
@ -164,8 +169,13 @@ services:
|
||||
# Netdata service
|
||||
netdata:
|
||||
container_name: netdata
|
||||
hostname: ${HOSTNAME}
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:64301:19999"
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
security_opt:
|
||||
|
@ -5,16 +5,21 @@ After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
Environment=HOSTNAME=%H
|
||||
|
||||
# Get and set internal, external IP infos, but ignore errors
|
||||
ExecStartPre=-/usr/share/tpot/bin/updateip.sh
|
||||
|
||||
# Clear state from /data
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh off'
|
||||
ExecStartPre=-/bin/bash -c '/usr/share/tpot/bin/clean.sh off'
|
||||
|
||||
# Remove old containers, images and volumes
|
||||
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml rm -v
|
||||
ExecStartPre=-/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||
ExecStartPre=-/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml rm -v
|
||||
ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)'
|
||||
ExecStartPre=-/bin/bash -c 'docker rmi $(docker images | grep "<none>" | awk \'{print $3}\')'
|
||||
ExecStartPre=-/bin/bash -c 'docker rm -v $(docker ps -aq)'
|
||||
ExecStartPre=-/bin/bash -c 'docker rmi $(docker images | grep "<none>" | awk \'{print $3}\')'
|
||||
|
||||
# Get IF, disable offloading, enable promiscious mode for p0f and suricata
|
||||
ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) rx off tx off'
|
||||
@ -24,17 +29,17 @@ ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " |
|
||||
# Modify access rights on docker.sock for netdata
|
||||
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
|
||||
|
||||
# Prepare iptables rules for honeytrap
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
|
||||
|
||||
# Compose T-Pot up
|
||||
ExecStart=/usr/bin/docker-compose -f /etc/tpot/tpot.yml up
|
||||
ExecStart=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml up
|
||||
|
||||
# Compose T-Pot down and remove containers
|
||||
ExecStop=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||
# Prepare iptables rules for honeytrap
|
||||
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
|
||||
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
|
||||
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE
|
||||
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
|
||||
|
||||
# Compose T-Pot down, remove containers and volumes
|
||||
ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||
|
||||
# Remove iptables rules for honeytrap
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
|
||||
|
Reference in New Issue
Block a user