Start cleaning up and update documentation

docker/conpot/README.md

@@ -1,28 +1,15 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/conpot:1706.svg)](https://microbadger.com/images/dtagdevsec/conpot:1706 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/conpot:1706.svg)](https://microbadger.com/images/dtagdevsec/conpot:1706 "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
 
 # conpot
 
-[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
-
-This repository contains the necessary files to create a *dockerized* version of conpot.
+[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behavior of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
 
 This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
 
-The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.  
+The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.
 
-The `supervisord.conf` is used to start conpot under supervision of supervisord.
-
-Using systemd, copy the `systemd/conpot.service` to `/etc/systemd/system/conpot.service` and start using
-
-```
-systemctl enable conpot
-systemctl start conpot
-```
-
-This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
-
-By default all data will be stored in `/data/conpot/` until the honeypot service will be restarted which is by default every 24 hours. If you want to keep data persistently simply edit the ``service`` file, find the line that contains ``clean.sh`` and set the option from ``off`` to ``on``. Be advised to establish some sort of log management if you wish to do so.
+The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
 
 # ConPot Dashboard
 
-![ConPot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/conpot/master/doc/dashboard.png)
+![ConPot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/conpot/doc/dashboard.png)

docker/conpot/docker-compose.yml

@@ -4,7 +4,7 @@ networks:
   conpot_local:
 
 services:
- 
+
 # Conpot service
   conpot:
     container_name: conpot
@@ -14,6 +14,6 @@ services:
     ports:
      - "1025:1025"
      - "50100:50100"
-    image: "dtagdevsec/conpot:1706"
+    image: "dtagdevsec/conpot:1710"
     volumes:
      - /data/conpot/log:/var/log/conpot

docker/cowrie/README.md

@@ -1,32 +1,15 @@
-# dockerized cowrie
+[![](https://images.microbadger.com/badges/version/dtagdevsec/cowrie:1710.svg)](https://microbadger.com/images/dtagdevsec/cowrie:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/cowrie:1710.svg)](https://microbadger.com/images/dtagdevsec/cowrie:1710 "Get your own image badge on microbadger.com")
 
+# cowrie
 
 [cowrie](http://www.micheloosterhof.com/cowrie/) is an extended fork of the medium interaction honeypot [kippo](https://github.com/desaster/kippo).
 
-This repository contains the necessary files to create a *dockerized* version of cowrie.
-
 This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
 
 The `Dockerfile` contains the blueprint for the dockerized cowrie and will be used to setup the docker image.  
 
-The `cowrie.cfg` is tailored to fit the T-Pot environment.
-
-The `setup.sql` is also tailored to fit the T-Pot environment.
-
-The `supervisord.conf` is used to start cowrie under supervision of supervisord.
-
-Using systemd, copy the `systemd/cowrie.service` to `/etc/systemd/system/cowrie.service` and start using
-
-```
-systemctl enable cowrie
-systemctl start cowrie
-```
-
-This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
-
-By default all data will be stored in `/data/cowrie/` until the honeypot service will be restarted which is by default every 24 hours. If you want to keep data persistently simply edit the ``service`` file, find the line that contains ``clean.sh`` and set the option from ``off`` to ``on``. Be advised to establish some sort of log management if you wish to do so.
-
+The `docker-compose.yml` contains the necessary settings to test cowrie using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
 
 # Cowrie Dashboard
 
-![Cowrie Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/cowrie/master/doc/dashboard.png)
+![Cowrie Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/cowrie/doc/dashboard.png)

docker/cowrie/docker-compose.yml

@@ -18,7 +18,7 @@ services:
     ports:
      - "22:2222"
      - "23:2223"
-    image: "dtagdevsec/cowrie:1706"
+    image: "dtagdevsec/cowrie:1710"
     volumes:
      - /data/cowrie/downloads:/home/cowrie/cowrie/dl
      - /data/cowrie/keys:/home/cowrie/cowrie/etc

docker/dionaea/README.md

@@ -1,29 +1,15 @@
-# dockerized dionaea
+[![](https://images.microbadger.com/badges/version/dtagdevsec/dionaea:1710.svg)](https://microbadger.com/images/dtagdevsec/dionaea:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/dionaea:1710.svg)](https://microbadger.com/images/dtagdevsec/dionaea:1710 "Get your own image badge on microbadger.com")
 
+# dionaea
 
 [dionaea](https://github.com/DinoTools/dionaea) is a low interaction honeypot with focus on capturing malware.
 
-This repository contains the necessary files to create a *dockerized* version of dionaea.
-
 This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
 
-The `Dockerfile` contains the blueprint for the dockerized dionaea and will be used to setup the docker image.  
+The `Dockerfile` contains the blueprint for the dockerized dionaea and will be used to setup the docker image.
 
-The `dionaea.conf` is tailored to fit the T-Pot environment.
-
-The `supervisord.conf` is used to start dionaea under supervision of supervisord.
-
-Using systemd, copy the `systemd/dionaea.service` to `/etc/systemd/system/dionaea.service` and start using
-
-```
-systemctl enable dionaea
-systemctl start dionaea
-```
-
-This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
-
-By default all data will be stored in `/data/dionaea/` until the honeypot service will be restarted which is by default every 24 hours. If you want to keep data persistently simply edit the ``service`` file, find the line that contains ``clean.sh`` and set the option from ``off`` to ``on``. Be advised to establish some sort of log management if you wish to do so.
+The `docker-compose.yml` contains the necessary settings to test dionaea using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
 
 # Dionaea Dashboard
 
-![Dionaea Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/dionaea/master/doc/dashboard.png)
+![Dionaea Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/dionaea/doc/dashboard.png)

docker/dionaea/docker-compose.yml

@@ -34,7 +34,7 @@ services:
      - "5060:5060/udp"
      - "5061:5061"
      - "27017:27017"
-    image: "dtagdevsec/dionaea:1706"
+    image: "dtagdevsec/dionaea:1710"
     volumes:
      - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
      - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp

docker/elasticpot/README.md

@@ -1,27 +1,15 @@
-# dockerized elasticpot
+[![](https://images.microbadger.com/badges/version/dtagdevsec/elasticpot:1710.svg)](https://microbadger.com/images/dtagdevsec/elasticpot:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/elasticpot:1710.svg)](https://microbadger.com/images/dtagdevsec/elasticpot:1710 "Get your own image badge on microbadger.com")
 
+# elasticpot
 
-[elasticpot](https://github.com/schmalle/ElasticPot) elasticpot is a simple elastic search honeypot.
-
-This repository contains the necessary files to create a *dockerized* version of elasticpot.
+[elasticpot](https://github.com/schmalle/ElasticPot) is a simple elastic search honeypot.
 
 This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
 
-The `Dockerfile` contains the blueprint for the dockerized elasticpot and will be used to setup the docker image.  
+The `Dockerfile` contains the blueprint for the dockerized elasticpot and will be used to setup the docker image.
 
-The `supervisord.conf` is used to start elasticpot under supervision of supervisord.
-
-Using systemd, copy the `systemd/elasticpot.service` to `/etc/systemd/system/elasticpot.service` and start using
-
-```
-systemctl enable elasticpot
-systemctl start elasticpot
-```
-
-This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
-
-By default all data will be stored in `/data/elasticpot/` until the honeypot service will be restarted which is by default every 24 hours. If you want to keep data persistently simply edit the ``service`` file, find the line that contains ``clean.sh`` and set the option from ``off`` to ``on``. Be advised to establish some sort of log management if you wish to do so.
+The `docker-compose.yml` contains the necessary settings to test elasticpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
 
 # ElasticPot Dashboard
 
-![ElasticPot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/elasticpot/master/doc/dashboard.png)
+![ElasticPot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/elasticpot/doc/dashboard.png)

docker/elasticpot/docker-compose.yml

@@ -13,6 +13,6 @@ services:
      - elasticpot_local
     ports:
      - "9200:9200"
-    image: "dtagdevsec/elasticpot:1706"
+    image: "dtagdevsec/elasticpot:1710"
     volumes:
      - /data/elasticpot/log:/opt/ElasticpotPY/log

docker/elk/README.md

@@ -1,33 +1,20 @@
-# dockerized elk stack
+# Elasticsearch
+[![](https://images.microbadger.com/badges/version/dtagdevsec/elasticsearch:1710.svg)](https://microbadger.com/images/dtagdevsec/elasticsearch:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/elasticsearch:1710.svg)](https://microbadger.com/images/dtagdevsec/elasticsearch:1710 "Get your own image badge on microbadger.com")
 
+# Logstash
+[![](https://images.microbadger.com/badges/version/dtagdevsec/logstash:1710.svg)](https://microbadger.com/images/dtagdevsec/logstash:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/logstash:1710.svg)](https://microbadger.com/images/dtagdevsec/logstash:1710 "Get your own image badge on microbadger.com")
 
-[elk](http://www.elasticsearch.org/overview/) is a stack combining elasticsearch, logstash and the kibana dashboard. It is used to structure and vizualize data in realtime.
+# Kibana
+[![](https://images.microbadger.com/badges/version/dtagdevsec/kibana:1710.svg)](https://microbadger.com/images/dtagdevsec/kibana:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/kibana:1710.svg)](https://microbadger.com/images/dtagdevsec/kibana:1710 "Get your own image badge on microbadger.com")
 
-This repository contains the necessary files to create a *dockerized* version of the elk stack.
+# elk stack
+
+[elk](http://www.elasticsearch.org/overview/) is a stack combining elasticsearch, logstash and the kibana dashboard. It is used to structure and visualize data in realtime.
 
 This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
 
-The `Dockerfile` contains the blueprint for the dockerized elk stack and will be used to setup the docker image.  
-
-Further, `elasticsearch.yml`, `logstash.conf`, `elkbase.tar.gz`, `elk.ico` and `kibana.svg`,  are all tailored to fit the T-Pot environment.
-
-The `supervisord.conf` is used to start elk under supervision of supervisord.
-
-Using systemd, copy the `systemd/elk.service` to `/etc/systemd/system/elk.service` and start using
-
-```
-systemctl enable elk
-systemctl start elk
-```
-
-This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
-
-Starting with T-Pot 16.10 you can simply access the kibana dashboard by browsing to ``https://<your.ip>:64297`` and enter your web user credentials.
-
-Note: The kibana dashboard can be customized to fit your needs.
-
-By default all data will be persistently stored in `/data/elk/`. Indexed events older than 90 days will be deleted. You can adjust this behavior in `/etc/crontab` to fit your needs, but be advised to provide enough RAM and free disk-space if you wish to do so.
+The `Dockerfiles` contain the blueprint for the dockerized elk stack and will be used to setup the docker images.  
 
 # T-Pot Dashboard
 
-![T-Pot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/elk/master/doc/dashboard.png)
+![T-Pot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/elk/doc/dashboard.png)

docker/elk/elasticsearch/Dockerfile

@@ -11,8 +11,8 @@ RUN apk -U upgrade && \
 # Get and install packages
     cd /root/dist/ && \
     mkdir -p /usr/share/elasticsearch/ && \
-    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.1.tar.gz && \
-    tar xvfz elasticsearch-5.6.1.tar.gz --strip-components=1 -C /usr/share/elasticsearch/ && \
+    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.3.tar.gz && \
+    tar xvfz elasticsearch-5.6.3.tar.gz --strip-components=1 -C /usr/share/elasticsearch/ && \
 
 # Add and move files
     cd /root/dist/ && \

docker/elk/kibana/Dockerfile

@@ -11,8 +11,8 @@ RUN apk -U upgrade && \
 # Get and install packages
     cd /root/dist/ && \
     mkdir -p /usr/share/kibana/ && \
-    wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.1-linux-x86_64.tar.gz && \
-    tar xvfz kibana-5.6.1-linux-x86_64.tar.gz --strip-components=1 -C /usr/share/kibana/ && \
+    wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.3-linux-x86_64.tar.gz && \
+    tar xvfz kibana-5.6.3-linux-x86_64.tar.gz --strip-components=1 -C /usr/share/kibana/ && \
 
 # Kibana's bundled node does not work in alpine
     rm /usr/share/kibana/node/bin/node && \
@@ -47,6 +47,6 @@ RUN apk -U upgrade && \
 # Healthcheck
 HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:5601'
 
-# Start kibana 
+# Start kibana
 USER kibana
 CMD ["/usr/share/kibana/bin/kibana"]

docker/elk/logstash/Dockerfile

@@ -12,9 +12,9 @@ RUN apk -U upgrade && \
     git clone https://github.com/dtag-dev-sec/listbot /etc/listbot && \
     cd /root/dist/ && \
     mkdir -p /usr/share/logstash/ && \
-    wget https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.tar.gz && \
+    wget https://artifacts.elastic.co/downloads/logstash/logstash-5.6.3.tar.gz && \
     wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN.tar.gz && \
-    tar xvfz logstash-5.6.1.tar.gz --strip-components=1 -C /usr/share/logstash/ && \
+    tar xvfz logstash-5.6.3.tar.gz --strip-components=1 -C /usr/share/logstash/ && \
     /usr/share/logstash/bin/logstash-plugin install logstash-filter-translate && \
     /usr/share/logstash/bin/logstash-plugin install logstash-output-syslog && \
     tar xvfz GeoLite2-ASN.tar.gz --strip-components=1 -C /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-4.3.1-java/vendor/ && \
@@ -34,5 +34,5 @@ RUN apk -U upgrade && \
 # Healthcheck
 HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'
 
-# Start logstash 
+# Start logstash
 CMD update.sh && /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf

docker/ews/README.md

@@ -1,14 +1,9 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/ewsposter:1706.svg)](https://microbadger.com/images/dtagdevsec/ewsposter:1706 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/ewsposter:1706.svg)](https://microbadger.com/images/dtagdevsec/ewsposter:1706 "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/dtagdevsec/ewsposter:1710.svg)](https://microbadger.com/images/dtagdevsec/ewsposter:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/ewsposter:1710.svg)](https://microbadger.com/images/dtagdevsec/ewsposter:1710 "Get your own image badge on microbadger.com")
 
-# dockerized ewsposter
+# ewsposter
 
+[ewsposter](https://github.com/armedpot/ewsposter) is a python application that collects information from multiple honeypot sources and posts it to central collection services like the DTAG early warning system and hpfeeds.
 
-[ewsposter](https://github.com/dtag-dev-sec/ews) is a python application that collects information from multiple honeypot sources and posts it to central collection services like the DTAG early warning system and hpfeeds. 
-
-This dockerized version is part of the **[T-Pot community honeypot](http://github.com/dtag-dev-sec/tpotce)** of Deutsche Telekom AG. 
+This dockerized version is part of the **[T-Pot community honeypot](http://github.com/dtag-dev-sec/tpotce)** of Deutsche Telekom AG.
 
 The `Dockerfile` contains the blueprint for the dockerized ewsposter and will be used to setup the docker image.  
-
-The `ews.cfg` is tailored to fit the T-Pot environment.
-
-The `supervisord.conf` is used to start ewsposter under supervision of supervisord. 

docker/glastopf/README.md

@@ -1,31 +1,15 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/glastopf:1706.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1706 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/glastopf:1706.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1706 "Get your own image badge on microbadger.com")
-
-# dockerized glastopf v3
+[![](https://images.microbadger.com/badges/version/dtagdevsec/glastopf:1710.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/glastopf:1710.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1710 "Get your own image badge on microbadger.com")
 
+# glastopf
 
 [glastopf](https://github.com/glastopf/glastopf) is a python web application honeypot.
 
-This repository contains the necessary files to create a *dockerized* version of glastopf v3.
-
 This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
 
-The `Dockerfile` contains the blueprint for the dockerized glastopf and will be used to setup the docker image.  
+The `Dockerfile` contains the blueprint for the dockerized glastopf and will be used to setup the docker image.
 
-The `glastopf.cfg` is tailored to fit the T-Pot environment.
-
-The `supervisord.conf` is used to start glastopf under supervision of supervisord.
-
-Using systemd, copy the `systemd/glastopf.service` to `/etc/systemd/system/glastopf.service` and start using
-
-```
-systemctl enable glastopf
-systemctl start glastopf
-```
-
-This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
-
-By default all data will be stored in `/data/glastopf/` until the honeypot service will be restarted which is by default every 24 hours. If you want to keep data persistently simply edit the ``service`` file, find the line that contains ``clean.sh`` and set the option from ``off`` to ``on``. Be advised to establish some sort of log management if you wish to do so.
+The `docker-compose.yml` contains the necessary settings to test glastopf using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.  
 
 # Glastopf Dashboard
 
-![Glastopf Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/glastopf/master/doc/dashboard.png)
+![Glastopf Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/glastopf/doc/dashboard.png)

docker/glastopf/docker-compose.yml

@@ -13,7 +13,7 @@ services:
      - glastopf_local
     ports:
      - "80:80"
-    image: "dtagdevsec/glastopf:1706"
+    image: "dtagdevsec/glastopf:1710"
     volumes:
      - /data/glastopf/db:/opt/glastopf/db
      - /data/glastopf/log:/opt/glastopf/log

docker/honeytrap/README.md

@@ -1,35 +1,15 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/honeytrap:1706.svg)](https://microbadger.com/images/dtagdevsec/honeytrap:1706 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/honeytrap:1706.svg)](https://microbadger.com/images/dtagdevsec/honeytrap:1706 "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/dtagdevsec/honeytrap:1710.svg)](https://microbadger.com/images/dtagdevsec/honeytrap:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/honeytrap:1710.svg)](https://microbadger.com/images/dtagdevsec/honeytrap:1710 "Get your own image badge on microbadger.com")
 
-# dockerized honeytrap
+# honeytrap
 
-
-[honeytrap](https://github.com/armedpot/honeytrap) is a low-interaction honeypot daemon for observing attacks against network services. In contrast to other honeypots, which often focus on malware collection, honeytrap aims for catching the initial exploit – It collects and further processes attack traces.
-
-This repository contains the necessary files to create a *dockerized* version of honeytrap.
+[honeytrap](https://github.com/tillmannw/honeytrap) is a low-interaction honeypot daemon for observing attacks against network services. In contrast to other honeypots, which often focus on malware collection, honeytrap aims for catching the initial exploit – It collects and further processes attack traces.
 
 This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
-For this setup, honeytrap is configured to use the logattacker module only.
 
 The `Dockerfile` contains the blueprint for the dockerized honeytrap and will be used to setup the docker image.  
 
-The `honeytrap.conf` is tailored to fit the T-Pot environment.
-
-The `supervisord.conf` is used to start honeytrap under supervision of supervisord.
-
-In case you want to run the dockerized honeytrap independently, you must modify the config files to match your environment and rebuild the docker image.
-
-Using systemd, copy the `systemd/honeytrap.service` to `/etc/systemd/system/honeytrap.service` and start using
-
-```
-systemctl enable honeytrap
-systemctl start honeytrap
-```
-
-This will make sure that the docker container is started with the appropriate rights and iptables forwards are implemented. Further, it autostarts during boot.
-In the T-Pot setup, some ports are excluded as they need to be reserved for other honeypot daemons running in parallel.
-
-By default all data will be stored in `/data/honeytrap/` until the honeypot service will be restarted which is by default every 24 hours. If you want to keep data persistently simply edit the ``service`` file, find the line that contains ``clean.sh`` and set the option from ``off`` to ``on``. Be advised to establish some sort of log management if you wish to do so.
+The `docker-compose.yml` contains the necessary settings to test honeytrap using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
 
 # Honeytrap Dashboard
 
-![Honeytrap Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/honeytrap/master/doc/dashboard.png)
+![Honeytrap Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/honeytrap/doc/dashboard.png)

docker/honeytrap/docker-compose.yml

@@ -12,7 +12,7 @@ services:
     network_mode: "host"
     cap_add:
      - NET_ADMIN
-    image: "dtagdevsec/honeytrap:1706"
+    image: "dtagdevsec/honeytrap:1710"
     volumes:
      - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
      - /data/honeytrap/downloads:/opt/honeytrap/var/downloads

docker/mailoney/README.md

@@ -1,4 +1,15 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/mailoney:1706.svg)](https://microbadger.com/images/dtagdevsec/mailoney:1706 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/mailoney:1706.svg)](https://microbadger.com/images/dtagdevsec/mailoney:1706 "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/dtagdevsec/mailoney:1710.svg)](https://microbadger.com/images/dtagdevsec/mailoney:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/mailoney:1710.svg)](https://microbadger.com/images/dtagdevsec/mailoney:1710 "Get your own image badge on microbadger.com")
 
 # mailoney
-Dockerized mailoney for use in T-Pot
+
+[mailoney](https://github.com/awhitehatter/mailoney) is a SMTP Honeypot.
+
+This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+
+The `Dockerfile` contains the blueprint for the dockerized mailoney and will be used to setup the docker image.
+
+The `docker-compose.yml` contains the necessary settings to test mailoney using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
+
+# Mailoney Dashboard
+
+![Mailoney Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/mailoney/doc/dashboard.png)

docker/mailoney/docker-compose.yml

@@ -4,7 +4,7 @@ networks:
   mailoney_local:
 
 services:
- 
+
 # Mailoney service
   mailoney:
     container_name: mailoney
@@ -13,6 +13,6 @@ services:
      - mailoney_local
     ports:
      - "25:2525"
-    image: "dtagdevsec/mailoney:1706"
-#   volumes:
-#    - /data/mailoney/log:/opt/mailoney/logs
+    image: "dtagdevsec/mailoney:1710"
+   volumes:
+    - /data/mailoney/log:/opt/mailoney/logs

docker/netdata/README.md

@@ -1,25 +1,15 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/netdata:1706.svg)](https://microbadger.com/images/dtagdevsec/netdata:1706 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/netdata:1706.svg)](https://microbadger.com/images/dtagdevsec/netdata:1706 "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/dtagdevsec/netdata:1710.svg)](https://microbadger.com/images/dtagdevsec/netdata:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/netdata:1710.svg)](https://microbadger.com/images/dtagdevsec/netdata:1710 "Get your own image badge on microbadger.com")
 
-# dockerized netdata
+# netdata
 
-
-[netdata](http://my-netdata.io/) netdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including applications such as web, or database servers), using modern interactive web dashboards. netdata is fast and efficient, designed to permanently run on all systems (physical & virtual servers, containers, IoT devices), without disrupting their core function.
-
-This repository contains the necessary files to create a *dockerized* version of netdata.
+[netdata](http://my-netdata.io/) is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including applications such as web, or database servers), using modern interactive web dashboards. netdata is fast and efficient, designed to permanently run on all systems (physical & virtual servers, containers, IoT devices), without disrupting their core function.
 
 This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
 
 The `Dockerfile` contains the blueprint for the dockerized netdata and will be used to setup the docker image.  
 
-Using systemd, copy the `systemd/netdata.service` to `/etc/systemd/system/netdata.service` and start using
-
-```
-systemctl enable netdata
-systemctl start netdata
-```
-
-This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
+The `docker-compose.yml` contains the necessary settings to test netdata using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
 
 # Netdata Dashboard
 
-![Netdata Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/netdata/master/doc/dashboard.png)
+![Netdata Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/netdata/doc/dashboard.png)

docker/netdata/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '2.1'
 
 services:
- 
+
 # Netdata service
   netdata:
     container_name: netdata
@@ -11,7 +11,7 @@ services:
      - SYS_PTRACE
     security_opt:
      - apparmor=unconfined
-    image: "dtagdevsec/netdata:1706"
+    image: "dtagdevsec/netdata:1710"
     volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro

docker/rdpy/README.md

@@ -1,2 +1,15 @@
+[![](https://images.microbadger.com/badges/version/dtagdevsec/rdpy:1710.svg)](https://microbadger.com/images/dtagdevsec/rdpy:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/rdpy:1710.svg)](https://microbadger.com/images/dtagdevsec/rdpy:1710 "Get your own image badge on microbadger.com")
+
 # dockerized rdpy
 
+[rdpy](https://github.com/citronneur/rdpy) RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication (through ntlmv2 authentication protocol).
+
+This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+
+The `Dockerfile` contains the blueprint for the dockerized rdpy and will be used to setup the docker image.  
+
+The `docker-compose.yml` contains the necessary settings to test rdpy using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
+
+# RDPY Dashboard
+
+![RDPY Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/rdpy/doc/dashboard.png)

docker/rdpy/docker-compose.yml

@@ -15,6 +15,6 @@ services:
      - rdpy_local
     ports:
      - "3389:3389"
-    image: "dtagdevsec/rdpy:1706"
+    image: "dtagdevsec/rdpy:1710"
     volumes:
      - /data/rdpy/log:/var/log/rdpy

docker/spiderfoot/README.md

@@ -1,4 +1,13 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/spiderfoot:1706.svg)](https://microbadger.com/images/dtagdevsec/spiderfoot:1706 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/spiderfoot:1706.svg)](https://microbadger.com/images/dtagdevsec/spiderfoot:1706 "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/dtagdevsec/spiderfoot:1710.svg)](https://microbadger.com/images/dtagdevsec/spiderfoot:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/spiderfoot:1710.svg)](https://microbadger.com/images/dtagdevsec/spiderfoot:1710 "Get your own image badge on microbadger.com")
 
-# spiderfoot
-Dockerized Spiderfoot for use in T-Pot
+[spiderfoot](https://github.com/smicallef/spiderfoot) the open source footprinting and intelligence-gathering tool.
+
+This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+
+The `Dockerfile` contains the blueprint for the dockerized spiderfoot and will be used to setup the docker image.
+
+The `docker-compose.yml` contains the necessary settings to test spiderfoot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
+
+# Spiderfoot UI
+
+![Spiderfoot UI](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/spiderfoot/doc/dashboard.png)

docker/spiderfoot/docker-compose.yml

@@ -0,0 +1,20 @@
+# T-Pot (Standard)
+# For docker-compose ...
+version: '2.1'
+
+networks:
+  spiderfoot_local:
+
+services:
+
+# Spiderfoot service
+  spiderfoot:
+    container_name: spiderfoot
+    restart: always
+    networks:
+     - spiderfoot_local
+    ports:
+     - "127.0.0.1:64303:8080"
+    image: "dtagdevsec/spiderfoot:1710"
+    volumes:
+     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db