tweaking

healthcheck, watch pid not cpu cleanup dockerfiles bump dicompot, heralding, elasticpot, endlessh to alpine 3.19 bump dionaea, heralding to latest master
2025-07-02 01:27:27 -04:00 · 2024-02-28 19:07:22 +01:00
parent 285b37a00d
commit be74fc75ca
69 changed files with 314 additions and 190 deletions
--- a/docker/conpot/Dockerfile
+++ b/docker/conpot/Dockerfile
@ -72,6 +72,7 @@ RUN apk --no-cache -U add \
    wget https://www.wireshark.org/download/automated/data/manuf -o /usr/share/wireshark/manuf && \
    cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
    cp -R /root/dist/templates /usr/lib/$(readlink -f $(type -P python3) | cut -f4 -d"/")/site-packages/conpot/ && \
+    cp /root/dist/cpu_check.py / && \
    addgroup -g 2000 conpot && \
    adduser -S -s /bin/ash -u 2000 -D -g 2000 conpot && \
 #
@ -93,7 +94,7 @@ RUN apk --no-cache -U add \
 #
 # Start conpot
 STOPSIGNAL SIGINT
-# Conpot sometimes hangs at 100% CPU usage, if detected process will be killed and container restarts per docker-compose settings
-HEALTHCHECK CMD if [ $(ps -C mpv -p 1 -o %cpu | tail -n 1 | cut -f 1 -d ".") -gt 75 ]; then kill -2 1; else exit 0; fi
+# Conpot sometimes hangs at 100% CPU usage, if detected container will become unhealthy and restarted by tpotinit
+HEALTHCHECK --interval=5m --timeout=30s --retries=3 CMD python3 /cpu_check.py $(pgrep -of conpot) 99
 USER conpot:conpot
 CMD exec /usr/bin/conpot --mibcache $CONPOT_TMP --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
--- a/docker/conpot/dist/cpu_check.py
+++ b/docker/conpot/dist/cpu_check.py
@ -0,0 +1,42 @@
+import psutil
+import sys
+import time
+
+if len(sys.argv) != 3:
+    print("Usage: script.py <PID> <CPU_USAGE_THRESHOLD>")
+    sys.exit(1)
+
+try:
+    pid = int(sys.argv[1])
+except ValueError:
+    print("Please provide a valid integer value for the PID.")
+    sys.exit(1)
+
+try:
+    cpu_threshold = float(sys.argv[2])
+except ValueError:
+    print("Please provide a valid number for the CPU usage threshold.")
+    sys.exit(1)
+
+try:
+    target_process = psutil.Process(pid)
+except psutil.NoSuchProcess:
+    print(f"No process with the PID {pid} was found.")
+    sys.exit(1)
+
+# Prepare to calculate the average CPU usage over 3 intervals of 1 second each
+cpu_usages = []
+for _ in range(3):
+    cpu_usages.append(target_process.cpu_percent(interval=1))
+
+# Calculate the average CPU usage
+average_cpu_usage = sum(cpu_usages) / len(cpu_usages)
+print(f"Average CPU Usage of PID {pid} over 3 seconds: {average_cpu_usage}%")
+
+# Check average CPU usage against the threshold
+if average_cpu_usage >= cpu_threshold:
+    print(f"Average CPU usage of PID {pid} is above or equal to the threshold of {cpu_threshold}%.")
+    sys.exit(1)
+else:
+    print(f"Average CPU usage of PID {pid} is below the threshold of {cpu_threshold}%. Exiting with code 0.")
+    sys.exit(0)