tweak deploy, add autoheal, start update Dockerfiles

- tweak deploy a little further - start with rebuilding Dockerfiles - rework healthcheck for adbhoney CPU issues - bump adbhoney, ciscoasa, citrixhoneypot, conpot, cowriepot, ddospot to alpine 3.19 - fix conpot issue with py 3.11 - bump conpot to latest master - bump cowrie to latest master - add autoheal to tpotinit to restart unhealthy container (if healthcheck enabled)
2025-07-02 01:27:27 -04:00 · 2024-02-27 20:11:16 +01:00
parent 22d2bdff7e
commit f9a9c8c4bf
27 changed files with 354 additions and 140 deletions
--- a/docker/conpot/Dockerfile
+++ b/docker/conpot/Dockerfile
@ -1,52 +1,56 @@
-FROM alpine:3.17
+FROM alpine:3.19
 #
 # Include dist
 COPY dist/ /root/dist/
 #
 # Setup apt
 RUN apk --no-cache -U add \
-             build-base \
-	     cython \
-             file \
-             git \
-             libev \
-             libtool \
-             libcap \
-	     libffi-dev \
-             libxslt \
-             libxslt-dev \
-             mariadb-dev \
-             pkgconfig \
-	     procps \
-             python3 \
-             python3-dev \
-	     py3-cffi \
-	     py3-cryptography \
-	     py3-freezegun \
-	     py3-gevent \
-	     py3-lxml \
-	     py3-natsort \
-	     py3-pip \
-	     py3-ply \
-	     py3-psutil \
-	     py3-pycryptodomex \
-	     py3-pytest \
-	     py3-requests \
-             py3-pyserial \
-	     py3-setuptools \
-	     py3-slugify \
-	     py3-snmp \
-	     py3-sphinx \
-	     py3-wheel \
-	     py3-zope-event \
-	     py3-zope-interface \
-             wget && \
+			build-base \
+			cython \
+			file \
+			git \
+			libev \
+			libtool \
+			libcap \
+			libffi-dev \
+			libxslt \
+			libxslt-dev \
+			mariadb-dev \
+			pkgconfig \
+			procps \
+			python3 \
+			python3-dev \
+			py3-cffi \
+			py3-cryptography \
+			py3-freezegun \
+			py3-gevent \
+			py3-lxml \
+			py3-natsort \
+			py3-pip \
+			py3-ply \
+			py3-psutil \
+			py3-pycryptodomex \
+			py3-pytest \
+			py3-requests \
+			py3-pyserial \
+			py3-setuptools \
+			py3-slugify \
+			py3-snmp \
+			py3-sphinx \
+			py3-wheel \
+			py3-zope-event \
+			py3-zope-interface \
+			wget && \
 #
 # Setup ConPot
+    git clone https://github.com/t3chn0m4g3/cpppo /opt/cpppo && \
+    cd /opt/cpppo && \
+    pip3 install --break-system-packages --no-cache-dir --upgrade pip && \
+    pip3 install --break-system-packages --no-cache-dir . && \
    git clone https://github.com/mushorg/conpot /opt/conpot && \
    cd /opt/conpot/ && \
-    git checkout b3740505fd26d82473c0d7be405b372fa0f82575 && \
-    #git checkout 1c2382ea290b611fdc6a0a5f9572c7504bcb616e && \
+	git checkout 26c67d11b08a855a28e87abd186d959741f46c7f && \
+    # git checkout b3740505fd26d82473c0d7be405b372fa0f82575 && \
    # Change template default ports if <1024
    sed -i 's/port="2121"/port="21"/' /opt/conpot/conpot/templates/default/ftp/ftp.xml && \
    sed -i 's/port="8800"/port="80"/' /opt/conpot/conpot/templates/default/http/http.xml && \
@ -58,17 +62,16 @@ RUN apk --no-cache -U add \
    sed -i 's/port="16100"/port="161"/' /opt/conpot/conpot/templates/IEC104/snmp/snmp.xml && \
    sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/ipmi/ipmi/ipmi.xml && \
    cp /root/dist/requirements.txt . && \
-    pip3 install --no-cache-dir --upgrade pip && \
-    pip3 install --no-cache-dir . && \
+    pip3 install --break-system-packages --no-cache-dir . && \
    cd / && \
    rm -rf /opt/conpot /tmp/* /var/tmp/* && \
-    setcap cap_net_bind_service=+ep /usr/bin/python3.10 && \
+    setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
 #
 # Get wireshark manuf db for scapy, setup configs, user, groups
    mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \
    wget https://www.wireshark.org/download/automated/data/manuf -o /usr/share/wireshark/manuf && \
    cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
-    cp -R /root/dist/templates /usr/lib/python3.10/site-packages/conpot/ && \
+    cp -R /root/dist/templates /usr/lib/$(readlink -f $(type -P python3) | cut -f4 -d"/")/site-packages/conpot/ && \
    addgroup -g 2000 conpot && \
    adduser -S -s /bin/ash -u 2000 -D -g 2000 conpot && \
 #
--- a/docker/conpot/dist/conpot.cfg
+++ b/docker/conpot/dist/conpot.cfg
@ -3,7 +3,7 @@ sensorid = conpot

 [virtual_file_system]
 data_fs_url = %(CONPOT_TMP)s
-fs_url = tar:///usr/lib/python3.10/site-packages/conpot/data.tar
+fs_url = tar:///usr/lib/python3.11/site-packages/conpot/data.tar

 [session]
 timeout = 30
--- a/docker/conpot/dist/requirements.txt
+++ b/docker/conpot/dist/requirements.txt
@ -3,6 +3,7 @@ pysmi
 libtaxii>=1.1.0
 crc16
 scapy==2.4.3rc1
+scapy==2.4.3rc1
 hpfeeds3
 modbus-tk
 stix-validator
@ -12,9 +13,8 @@ bacpypes==0.17.0
 pyghmi==1.4.1
 mixbox
 modbus-tk
-cpppo
+#cpppo
 fs==2.3.0
 tftpy
 # some freezegun versions broken
-pycrypto
 sphinx_rtd_theme
--- a/docker/conpot/docker-compose.yml
+++ b/docker/conpot/docker-compose.yml
@ -40,7 +40,7 @@ services:
    image: "dtagdevsec/conpot:alpha"
    read_only: true
    volumes:
-     - /data/conpot/log:/var/log/conpot
+     - $HOME/tpotce/data/conpot/log:/var/log/conpot

 # Conpot IEC104 service
  conpot_IEC104:
@ -64,7 +64,7 @@ services:
    image: "dtagdevsec/conpot:alpha"
    read_only: true
    volumes:
-     - /data/conpot/log:/var/log/conpot
+     - $HOME/tpotce/data/conpot/log:/var/log/conpot

 # Conpot guardian_ast service
  conpot_guardian_ast:
@ -87,7 +87,7 @@ services:
    image: "dtagdevsec/conpot:alpha"
    read_only: true
    volumes:
-     - /data/conpot/log:/var/log/conpot
+     - $HOME/tpotce/data/conpot/log:/var/log/conpot

 # Conpot ipmi
  conpot_ipmi:
@ -110,7 +110,7 @@ services:
    image: "dtagdevsec/conpot:alpha"
    read_only: true
    volumes:
-     - /data/conpot/log:/var/log/conpot
+     - $HOME/tpotce/data/conpot/log:/var/log/conpot

 # Conpot kamstrup_382
  conpot_kamstrup_382:
@ -134,4 +134,4 @@ services:
    image: "dtagdevsec/conpot:alpha"
    read_only: true
    volumes:
-     - /data/conpot/log:/var/log/conpot
+     - $HOME/tpotce/data/conpot/log:/var/log/conpot