prep for 18.04

This commit is contained in:
Marco Ochse
2018-03-25 18:35:32 +00:00
parent 60cb42b34d
commit c9a33870ff
57 changed files with 2268 additions and 178 deletions

211
etc/compose/collect.yml Normal file
View File

@ -0,0 +1,211 @@
# T-Pot (Collector)
# For docker-compose ...
version: '2.2'
networks:
ewsposter_local:
heralding_local:
spiderfoot_local:
ui-for-docker_local:
services:
# ELK services
## Elasticsearch service
elasticsearch:
container_name: elasticsearch
restart: always
environment:
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
cap_add:
- IPC_LOCK
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
mem_limit: 2g
ports:
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elasticsearch:1804"
volumes:
- /data:/data
## Kibana service
kibana:
container_name: kibana
restart: always
depends_on:
elasticsearch:
condition: service_healthy
ports:
- "127.0.0.1:64296:5601"
image: "dtagdevsec/kibana:1804"
## Logstash service
logstash:
container_name: logstash
restart: always
depends_on:
elasticsearch:
condition: service_healthy
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/logstash:1804"
volumes:
- /data:/data
- /var/log:/data/host/log
## Elasticsearch-head service
head:
container_name: head
restart: always
depends_on:
elasticsearch:
condition: service_healthy
ports:
- "127.0.0.1:64302:9100"
image: "dtagdevsec/head:1804"
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
networks:
- ewsposter_local
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/ewsposter:1804"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Heralding service
heralding:
container_name: heralding
restart: always
networks:
- heralding_local
ports:
- "21:21"
- "22:22"
- "23:23"
- "25:25"
- "80:80"
- "110:110"
- "143:143"
- "443:443"
- "993:993"
- "995:995"
- "5432:5432"
- "5900:5900"
image: "dtagdevsec/heralding:1804"
volumes:
- /data/heralding/log:/var/log/heralding
# Honeytrap service
honeytrap:
container_name: honeytrap
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1804"
volumes:
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
depends_on:
elasticsearch:
condition: service_healthy
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
ports:
- "64301:64301"
image: "dtagdevsec/netdata:1804"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock
# Nginx service
nginx:
container_name: nginx
restart: always
network_mode: "host"
ports:
- "64297:64297"
image: "dtagdevsec/nginx:1710"
volumes:
- /data/nginx/cert/:/etc/nginx/cert/
- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd
- /data/nginx/log/:/var/log/nginx/
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
restart: always
networks:
- spiderfoot_local
ports:
- "127.0.0.1:64303:8080"
image: "dtagdevsec/spiderfoot:1710"
volumes:
- /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
# Ui-for-docker service
ui-for-docker:
container_name: ui-for-docker
command: -H unix:///var/run/docker.sock --no-auth
restart: always
networks:
- ui-for-docker_local
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/ui-for-docker:1710"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Suricata service
suricata:
container_name: suricata
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
- SYS_NICE
- NET_RAW
image: "dtagdevsec/suricata:1710"
volumes:
- /data/suricata/log:/var/log/suricata
# P0f service
p0f:
container_name: p0f
restart: always
network_mode: "host"
image: "dtagdevsec/p0f:1710"
volumes:
- /data/p0f/log:/var/log/p0f
# Wetty service
wetty:
container_name: wetty
restart: always
network_mode: "host"
env_file:
- /opt/tpot/etc/compose/wetty_environment
ports:
- "64300:64300"
image: "dtagdevsec/wetty:1710"

View File

@ -1,26 +1,139 @@
# T-Pot (Industrial)
# T-Pot (Industrial, based on Conpot=[default, IEC104, guardian_ast, ipmi, kamstrup_382])
# For docker-compose ...
version: '2.2'
networks:
conpot_local:
emobility_local:
conpot_local_default:
conpot_local_IEC104:
conpot_local_guardian_ast:
conpot_local_ipmi:
conpot_local_kamstrup_382:
ewsposter_local:
spiderfoot_local:
ui-for-docker_local:
services:
# Conpot service
conpot:
container_name: conpot
# Conpot default service
conpot_default:
container_name: conpot_default
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_default.json
- CONPOT_LOG=/var/log/conpot/conpot_default.log
- CONPOT_TEMPLATE=default
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
# - /var/run/conpot/
networks:
- conpot_local
- conpot_local_default
ports:
- "80:80"
- "102:102"
- "161:161"
- "502:502"
# - "623:623"
- "44818:44818"
- "47808:47808"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot
# Conpot IEC104 service
conpot_IEC104:
container_name: conpot_IEC104
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
- CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
- CONPOT_TEMPLATE=IEC104
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
- /var/run/conpot/
networks:
- conpot_local_IEC104
ports:
# - "161:161"
- "2404:2404"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot
# Conpot guardian_ast service
conpot_guardian_ast:
container_name: conpot_guardian_ast
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
- CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
- CONPOT_TEMPLATE=guardian_ast
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
- /var/run/conpot/
networks:
- conpot_local_guardian_ast
ports:
- "10001:10001"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot
# Conpot ipmi
conpot_ipmi:
container_name: conpot_ipmi
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
- CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
- CONPOT_TEMPLATE=ipmi
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
- /var/run/conpot/
networks:
- conpot_local_ipmi
ports:
- "623:623"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot
# Conpot kamstrup_382
conpot_kamstrup_382:
container_name: conpot_kamstrup_382
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
- CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
- CONPOT_TEMPLATE=kamstrup_382
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
- /var/run/conpot/
networks:
- conpot_local_kamstrup_382
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1710"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot
@ -84,21 +197,6 @@ services:
- "127.0.0.1:64302:9100"
image: "dtagdevsec/head:1710"
# Emobility service
emobility:
container_name: emobility
restart: always
networks:
- emobility_local
cap_add:
- NET_ADMIN
ports:
- "8080:8080"
image: "dtagdevsec/emobility:1710"
volumes:
- /data/emobility:/data/eMobility
- /data/ews:/data/ews
# Ewsposter service
ewsposter:
container_name: ewsposter

View File

@ -3,6 +3,7 @@
version: '2.2'
networks:
ciscoasa_local:
cowrie_local:
dionaea_local:
elasticpot_local:
@ -16,6 +17,19 @@ networks:
services:
# Ciscoasa service
ciscoasa:
container_name: ciscoasa
restart: always
networks:
- ciscoasa_local
ports:
- "5000:5000/udp"
- "8443:8443"
image: "dtagdevsec/ciscoasa:1804"
volumes:
- /data/ciscoasa/log:/var/log/ciscoasa
# Cowrie service
cowrie:
container_name: cowrie
@ -26,8 +40,8 @@ services:
- NET_BIND_SERVICE
ports:
- "22:2222"
- "23:2223"
image: "dtagdevsec/cowrie:1710"
- "23:2323"
image: "dtagdevsec/cowrie:1804"
volumes:
- /data/cowrie/downloads:/home/cowrie/cowrie/dl
- /data/cowrie/keys:/home/cowrie/cowrie/etc
@ -60,7 +74,7 @@ services:
- "5060:5060/udp"
- "5061:5061"
- "27017:27017"
image: "dtagdevsec/dionaea:1710"
image: "dtagdevsec/dionaea:1804"
volumes:
- /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
@ -79,7 +93,7 @@ services:
- elasticpot_local
ports:
- "9200:9200"
image: "dtagdevsec/elasticpot:1710"
image: "dtagdevsec/elasticpot:1804"
volumes:
- /data/elasticpot/log:/opt/ElasticpotPY/log
@ -90,7 +104,7 @@ services:
restart: always
environment:
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
cap_add:
- IPC_LOCK
ulimits:
@ -100,10 +114,10 @@ services:
nofile:
soft: 65536
hard: 65536
# mem_limit: 2g
mem_limit: 2g
ports:
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elasticsearch:1710"
image: "dtagdevsec/elasticsearch:1804"
volumes:
- /data:/data
@ -116,7 +130,7 @@ services:
condition: service_healthy
ports:
- "127.0.0.1:64296:5601"
image: "dtagdevsec/kibana:1710"
image: "dtagdevsec/kibana:1804"
## Logstash service
logstash:
@ -127,7 +141,7 @@ services:
condition: service_healthy
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/logstash:1710"
image: "dtagdevsec/logstash:1804"
volumes:
- /data:/data
- /var/log:/data/host/log
@ -141,7 +155,7 @@ services:
condition: service_healthy
ports:
- "127.0.0.1:64302:9100"
image: "dtagdevsec/head:1710"
image: "dtagdevsec/head:1804"
# Ewsposter service
ewsposter:
@ -151,7 +165,7 @@ services:
- ewsposter_local
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/ewsposter:1710"
image: "dtagdevsec/ewsposter:1804"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -164,7 +178,7 @@ services:
- glastopf_local
ports:
- "80:80"
image: "dtagdevsec/glastopf:1710"
image: "dtagdevsec/glastopf:1804"
volumes:
- /data/glastopf/db:/opt/glastopf/db
- /data/glastopf/log:/opt/glastopf/log
@ -176,7 +190,7 @@ services:
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1710"
image: "dtagdevsec/honeytrap:1804"
volumes:
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
@ -190,7 +204,7 @@ services:
- mailoney_local
ports:
- "25:2525"
image: "dtagdevsec/mailoney:1710"
image: "dtagdevsec/mailoney:1804"
volumes:
- /data/mailoney/log:/opt/mailoney/logs
@ -208,7 +222,7 @@ services:
- apparmor=unconfined
ports:
- "64301:64301"
image: "dtagdevsec/netdata:1710"
image: "dtagdevsec/netdata:1804"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro