begin with hardening, tweaking

docker/tanner/tanner/Dockerfile

@@ -13,8 +13,8 @@ RUN apk -U --no-cache add \
                python3 \
                python3-dev && \ 
 
-# Setup ConPot
-    git clone https://github.com/mushorg/tanner /opt/tanner && \
+# Setup Tanner
+    git clone --depth=1 https://github.com/mushorg/tanner /opt/tanner && \
     cp /root/dist/config.py /opt/tanner/tanner/ && \
     cp /root/dist/requirements.txt /opt/tanner/ && \
     cd /opt/tanner/ && \
@@ -23,9 +23,11 @@ RUN apk -U --no-cache add \
     python3 setup.py install && \
     cd / && \
     
-# Get wireshark manuf db for scapy, setup configs, user, groups
+# Setup configs, user, groups
     addgroup -g 2000 tanner && \
     adduser -S -s /bin/ash -u 2000 -D -g 2000 tanner && \
+    mkdir /var/log/tanner && \
+    chown -R tanner:tanner /opt/tanner /var/log/tanner && \
 
 # Clean up
     apk del --purge \
@@ -37,5 +39,6 @@ RUN apk -U --no-cache add \
     rm -rf /var/cache/apk/*
 
 # Start conpot
+USER tanner:tanner
 WORKDIR /opt/tanner
 CMD tanner 

docker/tanner/tanner/dist/config.py

@@ -18,11 +18,11 @@ config_template = {'DATA': {'db_config': '/opt/tanner/db/db_config.json', 'dorks
                    'SQLI': {'type': 'SQLITE', 'db_name': 'tanner_db', 'host': 'localhost', 'user': 'root',
                             'password': 'user_pass'},
                    'DOCKER': {'host_image': 'busybox:latest'},
-                   'LOGGER': {'log_debug': '/opt/tanner/tanner.log', 'log_err': '/opt/tanner/tanner.err'},
+                   'LOGGER': {'log_debug': '/tmp/tanner/tanner.log', 'log_err': '/tmp/tanner/tanner.err'},
                    'MONGO': {'enabled': False, 'URI': 'mongodb://localhost'},
                    'HPFEEDS': {'enabled': False, 'HOST': 'localhost', 'PORT': 10000, 'IDENT': '', 'SECRET': '',
                                'CHANNEL': 'tanner.events'},
-                   'LOCALLOG': {'enabled': True, 'PATH': '/tmp/tanner_report.json'},
+                   'LOCALLOG': {'enabled': True, 'PATH': '/var/log/tanner/tanner_report.json'},
                    'CLEANLOG': {'enabled': False}
                    }
 

docker/tanner/tanner/docker-compose.yml

@@ -1,59 +0,0 @@
-version: '2.3'
-
-networks:
-  tanner_local:
-
-services:
-
-# Tanner Redis Service
-  tanner_redis:
-    container_name: tanner_redis
-    restart: always
-    stop_signal: SIGKILL
-    tty: true
-    networks:
-     - tanner_local
-    image: "dtagdevsec/redis:1804"
-
-# Tanner API Service
-  tanner_api:
-    build: .
-    container_name: tanner_api
-    restart: always
-    stop_signal: SIGKILL
-    tty: true
-    networks:
-     - tanner_local
-    image: "dtagdevsec/tanner:1804"
-    command: tannerapi 
-    depends_on:
-     - redis
-
-# Tanner WEB Service
-  tanner_web:
-    build: .
-    container_name: tanner_web
-    restart: always
-    stop_signal: SIGKILL
-    tty: true
-    networks:
-     - tanner_local
-    image: "dtagdevsec/tanner:1804"
-    command: tannerweb
-    depends_on:
-     - redis
-
-# Tanner Service
-  tanner:
-    build: .
-    container_name: tanner
-    restart: always
-    stop_signal: SIGKILL
-    tty: true
-    networks:
-     - tanner_local
-    image: "dtagdevsec/tanner:1804"
-    command: tanner
-    depends_on:
-     - tanner_api
-     - tanner_web