tweaking

docker/conpot/Dockerfile

@@ -26,26 +26,27 @@ RUN apk -U --no-cache add bash \
                wget && \
 
 # Setup ConPot
-    git clone https://github.com/mushorg/conpot /opt/conpot/ && \
+    git clone https://github.com/mushorg/conpot /opt/conpot && \
     cd /opt/conpot/ && \
-    git checkout d157229e4587188ad3d3af5dddcd71200713852d && \
+    git reset --hard d157229e4587188ad3d3af5dddcd71200713852d && \
+    git fetch origin pull/367/head:run-without-root && \
+    git checkout run-without-root && \
+    git checkout master && \
+    git merge run-without-root && \
     cp /root/dist/requirements.txt /opt/conpot/ && \
     # Patch to accept ENV for MIB path
     cp /root/dist/snmp_server.py /opt/conpot/conpot/protocols/snmp/ && \
-    pip install -U pip setuptools && \
-    python setup.py install && \
+    pip install --no-cache-dir -U pip setuptools && \
+    pip install --no-cache-dir . && \
     cd / && \
-    # Monkey patch, see https://github.com/mushorg/conpot/issues/361
-    cp /root/dist/conpot.bin /usr/bin/conpot && \
-    chmod u+x /usr/bin/conpot && \
     rm -rf /opt/conpot /tmp/* /var/tmp/* && \
-    setcap cap_net_bind_service=+ep /usr/bin/conpot && \
+    setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \
     
 # Get wireshark manuf db for scapy, setup configs, user, groups
     mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \
     wget https://github.com/wireshark/wireshark/raw/master/manuf -o /usr/share/wireshark/manuf && \
     cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
-    cp -R /root/dist/templates /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/ && \
+    cp -R /root/dist/templates /usr/lib/python2.7/site-packages/conpot/ && \
     addgroup -g 2000 conpot && \
     adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot && \
 
@@ -61,9 +62,11 @@ RUN apk -U --no-cache add bash \
             pkgconfig \
             python-dev \
             py-cffi \
+            py-pip \
             wget && \
     rm -rf /root/* && \
     rm -rf /var/cache/apk/*
 
 # Start conpot
+USER conpot:conpot
 CMD exec /usr/bin/conpot --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG

docker/conpot/docker-compose.yml

@@ -22,7 +22,6 @@ services:
      - CONPOT_LOG=/var/log/conpot/conpot_default.log
      - CONPOT_TEMPLATE=default
      - CONPOT_TMP=/tmp/conpot
-     - PYTHON_EGG_CACHE=/tmp/conpot
     tmpfs:
      - /tmp/conpot:exec
     networks:
@@ -52,7 +51,6 @@ services:
      - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
      - CONPOT_TEMPLATE=IEC104
      - CONPOT_TMP=/tmp/conpot
-     - PYTHON_EGG_CACHE=/tmp/conpot
     tmpfs:
      - /tmp/conpot:exec
     networks:
@@ -77,7 +75,6 @@ services:
      - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
      - CONPOT_TEMPLATE=guardian_ast
      - CONPOT_TMP=/tmp/conpot
-     - PYTHON_EGG_CACHE=/tmp/conpot
     tmpfs:
      - /tmp/conpot:exec
     networks:
@@ -101,7 +98,6 @@ services:
      - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
      - CONPOT_TEMPLATE=ipmi
      - CONPOT_TMP=/tmp/conpot
-     - PYTHON_EGG_CACHE=/tmp/conpot
     tmpfs:
      - /tmp/conpot:exec
     networks:
@@ -125,7 +121,6 @@ services:
      - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
      - CONPOT_TEMPLATE=kamstrup_382
      - CONPOT_TMP=/tmp/conpot
-     - PYTHON_EGG_CACHE=/tmp/conpot
     tmpfs:
      - /tmp/conpot:exec
     networks: