diff --git a/docker/elk/docker-compose.yml b/docker/elk/docker-compose.yml index 69c3a54d..07d28328 100644 --- a/docker/elk/docker-compose.yml +++ b/docker/elk/docker-compose.yml @@ -21,7 +21,7 @@ services: nofile: soft: 65536 hard: 65536 - mem_limit: 2g + mem_limit: 4g ports: - "127.0.0.1:64298:9200" image: "dtagdevsec/elasticsearch:1804" diff --git a/docker/suricata/docker-compose.yml b/docker/suricata/docker-compose.yml index 239272ee..fc863e29 100644 --- a/docker/suricata/docker-compose.yml +++ b/docker/suricata/docker-compose.yml @@ -9,7 +9,7 @@ services: restart: always stop_signal: SIGINT environment: - # For ET Pro ruleset replace with your OINKCODE + # For ET Pro ruleset replace "OPEN" with your OINKCODE - OINKCODE=OPEN network_mode: "host" cap_add: diff --git a/docker/wetty/docker-compose.yml b/docker/wetty/docker-compose.yml index c33cbba0..4939de8d 100644 --- a/docker/wetty/docker-compose.yml +++ b/docker/wetty/docker-compose.yml @@ -15,4 +15,3 @@ services: - /home/wetty/.ssh/:uid=2000,gid=2000 image: "dtagdevsec/wetty:1804" read_only: true - diff --git a/etc/compose/legacy.yml b/etc/compose/legacy.yml new file mode 100644 index 00000000..4922a878 --- /dev/null +++ b/etc/compose/legacy.yml @@ -0,0 +1,371 @@ +# T-Pot (Legacy) +# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) +version: '2.3' + +networks: + cowrie_local: + elasticpot_local: + glastopf_local: + mailoney_local: + rdpy_local: + vnclowpot_local: + ewsposter_local: + portainer_local: + spiderfoot_local: + +services: + +################## +#### Honeypots +################## + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + tmpfs: + - /tmp/cowrie:uid=2000,gid=2000 + - /tmp/cowrie/data:uid=2000,gid=2000 + networks: + - cowrie_local + ports: + - "22:22" + - "23:23" + image: "dtagdevsec/cowrie:1804" + read_only: true + volumes: + - /data/cowrie/downloads:/home/cowrie/cowrie/dl + - /data/cowrie/keys:/home/cowrie/cowrie/etc + - /data/cowrie/log:/home/cowrie/cowrie/log + - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty + +# Dionaea service + dionaea: + container_name: dionaea + stdin_open: true + tty: true + restart: always + network_mode: "host" + ports: + - "20:20" + - "21:21" + - "42:42" + - "69:69/udp" + - "81:81" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "3306:3306" + - "5060:5060" + - "5060:5060/udp" + - "5061:5061" + - "27017:27017" + image: "dtagdevsec/dionaea:1804" + read_only: true + volumes: + - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp + - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp + - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www + - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp + - /data/dionaea:/opt/dionaea/var/dionaea + - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries + - /data/dionaea/log:/opt/dionaea/var/log + - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + stop_signal: SIGINT + networks: + - elasticpot_local + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1804" + read_only: true + volumes: + - /data/elasticpot/log:/opt/ElasticpotPY/log + +# Glastopf service + glastopf: + container_name: glastopf + tmpfs: + - /tmp/glastopf:uid=2000,gid=2000 + restart: always + stop_signal: SIGINT + networks: + - glastopf_local + ports: + - "80:80" + image: "dtagdevsec/glastopf:1804" + read_only: true + volumes: + - /data/glastopf/db:/tmp/glastopf/db + - /data/glastopf/log:/tmp/glastopf/log + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + tmpfs: + - /tmp/honeytrap:uid=2000,gid=2000 + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1804" + read_only: true + volumes: + - /data/honeytrap/attacks:/opt/honeytrap/var/attacks + - /data/honeytrap/downloads:/opt/honeytrap/var/downloads + - /data/honeytrap/log:/opt/honeytrap/var/log + +# Mailoney service + mailoney: + container_name: mailoney + restart: always + environment: + - HPFEEDS_SERVER= + - HPFEEDS_IDENT=user + - HPFEEDS_SECRET=pass + - HPFEEDS_PORT=20000 + - HPFEEDS_CHANNELPREFIX=prefix + stop_signal: SIGINT + networks: + - mailoney_local + ports: + - "25:25" + image: "dtagdevsec/mailoney:1804" + read_only: true + volumes: + - /data/mailoney/log:/opt/mailoney/logs + +# Rdpy service + rdpy: + container_name: rdpy + extra_hosts: + - hpfeeds.example.com:127.0.0.1 + restart: always + environment: + - HPFEEDS_SERVER=hpfeeds.example.com + - HPFEEDS_IDENT=user + - HPFEEDS_SECRET=pass + - HPFEEDS_PORT=65000 + - SERVERID=id + networks: + - rdpy_local + ports: + - "3389:3389" + image: "dtagdevsec/rdpy:1804" + read_only: true + volumes: + - /data/rdpy/log:/var/log/rdpy + +# vnclowpot service + vnclowpot: + container_name: vnclowpot + restart: always + networks: + - vnclowpot_local + ports: + - "5900:5900" + image: "dtagdevsec/vnclowpot:1804" + read_only: true + volumes: + - /data/vnclowpot/log:/var/log/vnclowpot + + +################## +#### NSM +################## + +# P0f service + p0f: + container_name: p0f + restart: always + network_mode: "host" + image: "dtagdevsec/p0f:1804" + read_only: true + volumes: + - /data/p0f/log:/var/log/p0f + +# Suricata service + suricata: + container_name: suricata + restart: always + stop_signal: SIGINT + environment: + # For ET Pro ruleset replace "OPEN" with your OINKCODE + - OINKCODE=OPEN + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/suricata:1804" + volumes: + - /data/suricata/log:/var/log/suricata + + +################## +#### Tools +################## + +#### ELK +## Elasticsearch service + elasticsearch: + container_name: elasticsearch + restart: always + environment: + - bootstrap.memory_lock=true + - ES_JAVA_OPTS=-Xms1024m -Xmx1024m + - ES_TMPDIR=/tmp + cap_add: + - IPC_LOCK + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + mem_limit: 4g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1804" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + stop_signal: SIGKILL + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64296:5601" + image: "dtagdevsec/kibana:1804" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + elasticsearch: + condition: service_healthy + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/logstash:1804" + volumes: + - /data:/data + - /var/log:/data/host/log + +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1804" + read_only: true + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + stop_signal: SIGINT + networks: + - ewsposter_local + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/ewsposter:1804" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + depends_on: + elasticsearch: + condition: service_healthy + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + ports: + - "64301:64301" + image: "dtagdevsec/netdata:1804" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + +# Nginx service + nginx: + container_name: nginx + restart: always + tmpfs: + - /var/tmp/nginx/client_body + - /var/tmp/nginx/proxy + - /var/tmp/nginx/fastcgi + - /var/tmp/nginx/uwsgi + - /var/tmp/nginx/scgi + - /run + network_mode: "host" + ports: + - "64297:64297" + image: "dtagdevsec/nginx:1804" + read_only: true + volumes: + - /data/nginx/cert/:/etc/nginx/cert/:ro + - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro + - /data/nginx/log/:/var/log/nginx/ + +# Portainer service + portainer: + container_name: portainer + command: -H unix:///var/run/docker.sock --no-auth + restart: always + networks: + - portainer_local + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/portainer:1804" + read_only: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + networks: + - spiderfoot_local + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1804" + volumes: + - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db + +# Wetty service + wetty: + container_name: wetty + restart: always + stop_signal: SIGKILL + network_mode: "host" + env_file: + - /opt/tpot/etc/compose/wetty_environment + tmpfs: + - /home/wetty/.ssh/:uid=2000,gid=2000 + image: "dtagdevsec/wetty:1804" + read_only: true