prepare switch to docker-compose

This commit is contained in:
Marco Ochse
2017-04-30 23:34:30 +00:00
parent 291034d53e
commit 365e1a1e5c
29 changed files with 586 additions and 296 deletions

View File

@ -0,0 +1,174 @@
# T-Pot (Everything)
# For docker-compose version ...
version: '2'
services:
# Conpot service
conpot:
container_name: conpot
restart: always
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1706"
volumes:
- /data/conpot:/data/conpot
- /data/ews:/data/ews
# Cowrie service
cowrie:
container_name: cowrie
restart: always
ports:
- "22:2222"
- "23:2223"
image: "dtagdevsec/cowrie:1706"
volumes:
- /data/cowrie:/data/cowrie
# Dionaea service
dionaea:
container_name: dionaea
restart: always
cap_add:
- NET_BIND_SERVICE
ports:
- "21:21"
- "42:42"
- "69:69/udp"
- "8081:80"
- "135:135"
- "443:443"
- "445:445"
- "1433:1433"
- "1723:1723"
- "1883:1883"
- "1900:1900"
- "3306:3306"
- "5060:5060"
- "5061:5061"
- "5060:5060/udp"
- "11211:11211"
image: "dtagdevsec/dionaea:1706"
volumes:
- /data/dionaea:/data/dionaea
# Elasticpot service
elasticpot:
container_name: elasticpot
restart: always
ports:
- "9200:9200"
image: "dtagdevsec/elasticpot:1706"
volumes:
- /data/elasticpot:/data/elasticpot
# ELK service
elk:
container_name: elk
restart: always
env_file:
- /etc/tpot/elk/environment
cap_add:
- IPC_LOCK
ulimits:
memlock: -1
nofile: 65536
ports:
- "127.0.0.1:64296:5601"
- "127.0.0.1:64302:9100"
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elk:1706"
volumes:
- /data:/data
- /var/log:/data/host/log
# Emobility service
emobility:
container_name: emobility
restart: always
cap_add:
- NET_ADMIN
ports:
- "8080:8080"
image: "dtagdevsec/emobility:1706"
volumes:
- /data/emobility:/data/eMobility
- /data/ews:/data/ews
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
image: "dtagdevsec/ewsposter:1706"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Glastopf service
glastopf:
container_name: glastopf
restart: always
ports:
- "80:80"
image: "dtagdevsec/glastopf:1706"
volumes:
- /data/glastopf:/data/glastopf
- /data/ews:/data/ews
# Honeytrap service
honeytrap:
container_name: honeytrap
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1706"
volumes:
- /data/honeytrap:/data/honeytrap
- /data/ews:/data/ews
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
image: "dtagdevsec/netdata:1706"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
restart: always
ports:
- "127.0.0.1:64303:8080"
image: "dtagdevsec/spiderfoot:1706"
# Ui-for-docker service
ui-for-docker:
container_name: ui-for-docker
command: -H unix:///var/run/docker.sock --no-auth
restart: always
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/ui-for-docker:1706"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Suricata service
suricata:
container_name: suricata
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/suricata:1706"
volumes:
- /data/suricata:/data/suricata

View File

@ -0,0 +1,84 @@
# T-Pot (Standard)
# For docker-compose version ...
version: '2'
services:
# Cowrie service
cowrie:
container_name: cowrie
restart: always
ports:
- "22:2222"
- "23:2223"
image: "dtagdevsec/cowrie:1706"
volumes:
- /data/cowrie:/data/cowrie
# Dionaea service
dionaea:
container_name: dionaea
restart: always
cap_add:
- NET_BIND_SERVICE
ports:
- "21:21"
- "42:42"
- "69:69/udp"
- "8081:80"
- "135:135"
- "443:443"
- "445:445"
- "1433:1433"
- "1723:1723"
- "1883:1883"
- "1900:1900"
- "3306:3306"
- "5060:5060"
- "5061:5061"
- "5060:5060/udp"
- "11211:11211"
image: "dtagdevsec/dionaea:1706"
volumes:
- /data/dionaea:/data/dionaea
# Elasticpot service
elasticpot:
container_name: elasticpot
restart: always
ports:
- "9200:9200"
image: "dtagdevsec/elasticpot:1706"
volumes:
- /data/elasticpot:/data/elasticpot
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
image: "dtagdevsec/ewsposter:1706"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Glastopf service
glastopf:
container_name: glastopf
restart: always
ports:
- "80:80"
image: "dtagdevsec/glastopf:1706"
volumes:
- /data/glastopf:/data/glastopf
- /data/ews:/data/ews
# Honeytrap service
honeytrap:
container_name: honeytrap
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1706"
volumes:
- /data/honeytrap:/data/honeytrap
- /data/ews:/data/ews

View File

@ -0,0 +1,103 @@
# T-Pot (Everything)
# For docker-compose version ...
version: '2'
services:
# Conpot service
conpot:
container_name: conpot
restart: always
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1706"
volumes:
- /data/conpot:/data/conpot
- /data/ews:/data/ews
# ELK service
elk:
container_name: elk
restart: always
env_file:
- /etc/tpot/elk/environment
cap_add:
- IPC_LOCK
ulimits:
memlock: -1
nofile: 65536
ports:
- "127.0.0.1:64296:5601"
- "127.0.0.1:64302:9100"
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elk:1706"
volumes:
- /data:/data
- /var/log:/data/host/log
# Emobility service
emobility:
container_name: emobility
restart: always
cap_add:
- NET_ADMIN
ports:
- "8080:8080"
image: "dtagdevsec/emobility:1706"
volumes:
- /data/emobility:/data/eMobility
- /data/ews:/data/ews
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
image: "dtagdevsec/ewsposter:1706"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
image: "dtagdevsec/netdata:1706"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
restart: always
ports:
- "127.0.0.1:64303:8080"
image: "dtagdevsec/spiderfoot:1706"
# Ui-for-docker service
ui-for-docker:
container_name: ui-for-docker
command: -H unix:///var/run/docker.sock --no-auth
restart: always
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/ui-for-docker:1706"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Suricata service
suricata:
container_name: suricata
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/suricata:1706"
volumes:
- /data/suricata:/data/suricata

View File

@ -0,0 +1,149 @@
# T-Pot (Standard)
# For docker-compose version ...
version: '2'
services:
# Cowrie service
cowrie:
container_name: cowrie
restart: always
ports:
- "22:2222"
- "23:2223"
image: "dtagdevsec/cowrie:1706"
volumes:
- /data/cowrie:/data/cowrie
# Dionaea service
dionaea:
container_name: dionaea
restart: always
cap_add:
- NET_BIND_SERVICE
ports:
- "21:21"
- "42:42"
- "69:69/udp"
- "8081:80"
- "135:135"
- "443:443"
- "445:445"
- "1433:1433"
- "1723:1723"
- "1883:1883"
- "1900:1900"
- "3306:3306"
- "5060:5060"
- "5061:5061"
- "5060:5060/udp"
- "11211:11211"
image: "dtagdevsec/dionaea:1706"
volumes:
- /data/dionaea:/data/dionaea
# Elasticpot service
elasticpot:
container_name: elasticpot
restart: always
ports:
- "9200:9200"
image: "dtagdevsec/elasticpot:1706"
volumes:
- /data/elasticpot:/data/elasticpot
# ELK service
elk:
container_name: elk
restart: always
env_file:
- /etc/tpot/elk/environment
cap_add:
- IPC_LOCK
ulimits:
memlock: -1
nofile: 65536
ports:
- "127.0.0.1:64296:5601"
- "127.0.0.1:64302:9100"
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elk:1706"
volumes:
- /data:/data
- /var/log:/data/host/log
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
image: "dtagdevsec/ewsposter:1706"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Glastopf service
glastopf:
container_name: glastopf
restart: always
ports:
- "80:80"
image: "dtagdevsec/glastopf:1706"
volumes:
- /data/glastopf:/data/glastopf
- /data/ews:/data/ews
# Honeytrap service
honeytrap:
container_name: honeytrap
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1706"
volumes:
- /data/honeytrap:/data/honeytrap
- /data/ews:/data/ews
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
image: "dtagdevsec/netdata:1706"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
restart: always
ports:
- "127.0.0.1:64303:8080"
image: "dtagdevsec/spiderfoot:1706"
# Ui-for-docker service
ui-for-docker:
container_name: ui-for-docker
command: -H unix:///var/run/docker.sock --no-auth
restart: always
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/ui-for-docker:1706"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Suricata service
suricata:
container_name: suricata
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/suricata:1706"
volumes:
- /data/suricata:/data/suricata

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,44 @@
[Unit]
Description=tpot
Requires=docker.service
After=docker.service
[Service]
Restart=always
# Clear state from /data
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh off'
# Remove old containers and volumes
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml rm -v
ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)'
# Get IF, disable offloading, enable promiscious mode for p0f and suricata
ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off'
ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off'
ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on'
# Modify access rights on docker.sock for netdata
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
# Prepare iptables rules for honeytrap
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
# Compose T-Pot up and run as daemon
ExecStart=/usr/bin/docker-compose -f /etc/tpot/tpot.yml up
# Compose T-Pot down and remove containers
ExecStop=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v
# Remove iptables rules for honeytrap
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,13 @@
[Unit]
Description=wetty
Requires=sshd.service
After=sshd.service
[Service]
Restart=always
User=tsec
Group=tsec
ExecStart=/usr/bin/node /usr/local/lib/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295
[Install]
WantedBy=multi-user.target