fix version string for update check

Merge pull request #690 from telekom-security/ghcr
Move to GitHub Container Registry, Cleanup, Bump ELK stack to 7.9.1
2025-07-02 01:27:27 -04:00 · 2020-09-04 18:59:15 +02:00 · 2020-09-04 18:55:54 +02:00 · 2020-09-04 18:54:40 +02:00 · 2020-09-04 16:40:51 +00:00 · 2020-09-04 16:27:05 +00:00
104 changed files with 898 additions and 508 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,15 @@
 # Changelog
 ## 20200904
 - **Release T-Pot 20.06.1**
  - Github offers a free Docker Container Registry for public packages. For our Open Source projects we want to make sure to have everything in one place and thus moving from Docker Hub to the GitHub Container Registry.
 - **Bump Elastic Stack**
  - Update the Elastic Stack to 7.9.1.
 - **Rebuild Images**
  - All docker images were rebuilt based on the latest (and stable running) versions of the tools and honeypots and have been pinned to specific Alpine / Debian versions and git commits so rebuilds will less likely fail.
 - **Cleaning up**
  - Clean up old references and links.
 ## 20200630
 - **Release T-Pot 20.06**
  - After 4 months of public testing with the NextGen edition T-Pot 20.06 can finally be released.
@ -51,7 +61,7 @@
 - **Update ISO image to fix upstream bug of missing kernel modules**
 - **Include dashboards for CitrixHoneypot**
  - Please run `/opt/tpot/update.sh` for the necessary modifications, omit the reboot and run `/opt/tpot/bin/tped.sh` to (re-)select the NextGen installation type.
-  - This update requires the latest Kibana objects as well. Download the latest from https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/etc/objects/kibana_export.json.zip, unzip and import the objects within Kibana WebUI > Management > Saved Objects > Export / Import". All objects will be overwritten upon import, make sure to run an export first.
+  - This update requires the latest Kibana objects as well. Download the latest from https://raw.githubusercontent.com/telekom-security/tpotce/master/etc/objects/kibana_export.json.zip, unzip and import the objects within Kibana WebUI > Management > Saved Objects > Export / Import". All objects will be overwritten upon import, make sure to run an export first.
 ## 20200115
 - **Prepare integration of CitrixHoneypot**
--- a/README.md
+++ b/README.md
@ -19,6 +19,7 @@ and includes dockerized versions of the following honeypots
 * [honeypy](https://github.com/foospidy/HoneyPy),
 * [honeysap](https://github.com/SecureAuthCorp/HoneySAP),
 * [honeytrap](https://github.com/armedpot/honeytrap/),
 * [ipphoney](https://gitlab.com/bontchev/ipphoney),
 * [mailoney](https://github.com/awhitehatter/mailoney),
 * [medpot](https://github.com/schmalle/medpot),
 * [rdpy](https://github.com/citronneur/rdpy),
@ -39,7 +40,7 @@ Furthermore T-Pot includes the following tools
 # TL;DR
 1. Meet the [system requirements](#requirements). The T-Pot installation needs at least 8 GB RAM and 128 GB free disk space as well as a working (outgoing non-filtered) internet connection.
-2. Download the T-Pot ISO from [GitHub](https://github.com/dtag-dev-sec/tpotce/releases) or [create it yourself](#createiso).
+2. Download the T-Pot ISO from [GitHub](https://github.com/telekom-security/tpotce/releases) or [create it yourself](#createiso).
 3. Install the system in a [VM](#vm) or on [physical hardware](#hw) with [internet access](#placement).
 4. Enjoy your favorite beverage - [watch](https://sicherheitstacho.eu) and [analyze](#kibana).
@ -99,6 +100,7 @@ In T-Pot we combine the dockerized honeypots ...
 * [honeypy](https://github.com/foospidy/HoneyPy),
 * [honeysap](https://github.com/SecureAuthCorp/HoneySAP),
 * [honeytrap](https://github.com/armedpot/honeytrap/),
 * [ipphoney](https://gitlab.com/bontchev/ipphoney),
 * [mailoney](https://github.com/awhitehatter/mailoney),
 * [medpot](https://github.com/schmalle/medpot),
 * [rdpy](https://github.com/citronneur/rdpy),
@ -130,7 +132,7 @@ The T-Pot project provides all the tools and documentation necessary to build yo
 The source code and configuration files are fully stored in the T-Pot GitHub repository. The docker images are preconfigured for the T-Pot environment. If you want to run the docker images separately, make sure you study the docker-compose configuration (`/opt/tpot/etc/tpot.yml`) and the T-Pot systemd script (`/etc/systemd/system/tpot.service`), as they provide a good starting point for implementing changes.
-The individual docker configurations are located in the [docker folder](https://github.com/dtag-dev-sec/tpotce/tree/master/docker).
+The individual docker configurations are located in the [docker folder](https://github.com/telekom-security/tpotce/tree/master/docker).
 <a name="requirements"></a>
 # System Requirements
@ -168,7 +170,7 @@ There are prebuilt installation types available each focussing on different aspe
 ##### NextGen
- Honeypots: adbhoney, ciscoasa, citrixhoneypot, conpot, cowrie, dicompot, dionaea, glutton, heralding, honeypy, honeysap, mailoney, medpot, rdpy, snare & tanner
+- Honeypots: adbhoney, ciscoasa, citrixhoneypot, conpot, cowrie, dicompot, dionaea, glutton, heralding, honeypy, honeysap, ipphoney, mailoney, medpot, rdpy, snare & tanner
 - Tools: cockpit, cyberchef, ELK, fatt, elasticsearch head, ewsposter, nginx / heimdall, spiderfoot, p0f & suricata
@ -181,18 +183,18 @@ There are prebuilt installation types available each focussing on different aspe
 # Installation
 The installation of T-Pot is straight forward and heavily depends on a working, transparent and non-proxied up and running internet connection. Otherwise the installation **will fail!**
-Firstly, decide if you want to download the prebuilt installation ISO image from [GitHub](https://github.com/dtag-dev-sec/tpotce/releases), [create it yourself](#createiso) ***or*** [post-install on an existing Debian 10 (Buster)](#postinstall).
+Firstly, decide if you want to download the prebuilt installation ISO image from [GitHub](https://github.com/telekom-security/tpotce/releases), [create it yourself](#createiso) ***or*** [post-install on an existing Debian 10 (Buster)](#postinstall).
 Secondly, decide where you the system to run: [real hardware](#hardware) or in a [virtual machine](#vm)?
 <a name="prebuilt"></a>
 ## Prebuilt ISO Image
-An installation ISO image is available for download (~50MB), which is created by the [ISO Creator](https://github.com/dtag-dev-sec/tpotce) you can use yourself in order to create your own image. It will basically just save you some time downloading components and creating the ISO image.
+An installation ISO image is available for download (~50MB), which is created by the [ISO Creator](https://github.com/telekom-security/tpotce) you can use yourself in order to create your own image. It will basically just save you some time downloading components and creating the ISO image.
-You can download the prebuilt installation ISO from [GitHub](https://github.com/dtag-dev-sec/tpotce/releases) and jump to the [installation](#vm) section.
+You can download the prebuilt installation ISO from [GitHub](https://github.com/telekom-security/tpotce/releases) and jump to the [installation](#vm) section.
 <a name="createiso"></a>
 ## Create your own ISO Image
-For transparency reasons and to give you the ability to customize your install you use the [ISO Creator](https://github.com/dtag-dev-sec/tpotce) that enables you to create your own ISO installation image.
+For transparency reasons and to give you the ability to customize your install you use the [ISO Creator](https://github.com/telekom-security/tpotce) that enables you to create your own ISO installation image.
 **Requirements to create the ISO image:**
 - Debian 10 as host system (others *may* work, but *remain* untested)
@ -204,7 +206,7 @@ For transparency reasons and to give you the ability to customize your install y
 1. Clone the repository and enter it.
 ```
-git clone https://github.com/dtag-dev-sec/tpotce
+git clone https://github.com/telekom-security/tpotce
 cd tpotce
 ```
 2. Run the `makeiso.sh` script to build the ISO image.
@ -235,7 +237,7 @@ You can now jump [here](#firstrun).
 If you decide to run T-Pot on dedicated hardware, just follow these steps:
 1. Burn a CD from the ISO image or make a bootable USB stick using the image. <br>
-Whereas most CD burning tools allow you to burn from ISO images, the procedure to create a bootable USB stick from an ISO image depends on your system. There are various Windows GUI tools available, e.g. [this tip](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows) might help you.<br> On [Linux](http://askubuntu.com/questions/59551/how-to-burn-a-iso-to-a-usb-device) or [MacOS](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-mac-osx) you can use the tool *dd* or create the USB stick with T-Pot's [ISO Creator](https://github.com/dtag-dev-sec).
+Whereas most CD burning tools allow you to burn from ISO images, the procedure to create a bootable USB stick from an ISO image depends on your system. There are various Windows GUI tools available, e.g. [this tip](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows) might help you.<br> On [Linux](http://askubuntu.com/questions/59551/how-to-burn-a-iso-to-a-usb-device) or [MacOS](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-mac-osx) you can use the tool *dd* or create the USB stick with T-Pot's [ISO Creator](https://github.com/telekom-security).
 2. Boot from the USB stick and install.
 *Please note*: Limited tests are performed for the Intel NUC platform other hardware platforms **remain untested**. There is no hardware support provided of any kind.
@ -253,7 +255,7 @@ The T-Pot Universal Installer will upgrade the system and install all required T
 Just follow these steps:
 ```
-git clone https://github.com/dtag-dev-sec/tpotce
+git clone https://github.com/telekom-security/tpotce
 cd tpotce/iso/installer/
 ./install.sh --type=user
 ```
@ -267,7 +269,7 @@ You can also let the installer run automatically if you provide your own `tpot.c
 Just follow these steps while adjusting `tpot.conf` to your needs:
 ```
-git clone https://github.com/dtag-dev-sec/tpotce
+git clone https://github.com/telekom-security/tpotce
 cd tpotce/iso/installer/
 cp tpot.conf.dist tpot.conf
 ./install.sh --type=auto --conf=tpot.conf
@ -434,7 +436,7 @@ You may opt out of the submission by removing the `# Ewsposter service` from `/o
    restart: always
    networks:
     - ewsposter_local
-    image: "dtagdevsec/ewsposter:2006"
+    image: "ghcr.io/telekom-security/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -464,7 +466,7 @@ As with every development there is always room for improvements ...
 Some features may be provided with updated docker images, others may require some hands on from your side.
-You are always invited to participate in development on our [GitHub](https://github.com/dtag-dev-sec/tpotce) page.
+You are always invited to participate in development on our [GitHub](https://github.com/telekom-security/tpotce) page.
 <a name="disclaimer"></a>
 # Disclaimer
@ -476,18 +478,18 @@ You are always invited to participate in development on our [GitHub](https://git
 <a name="faq"></a>
 # FAQ
-Please report any issues or questions on our [GitHub issue list](https://github.com/dtag-dev-sec/tpotce/issues), so the community can participate.
+Please report any issues or questions on our [GitHub issue list](https://github.com/telekom-security/tpotce/issues), so the community can participate.
 <a name="contact"></a>
 # Contact
 The software is provided **as is** in a Community Edition format. T-Pot is designed to run out of the box and with zero maintenance involved. <br>
-We hope you understand that we cannot provide support on an individual basis. We will try to address questions, bugs and problems on our [GitHub issue list](https://github.com/dtag-dev-sec/tpotce/issues).
+We hope you understand that we cannot provide support on an individual basis. We will try to address questions, bugs and problems on our [GitHub issue list](https://github.com/telekom-security/tpotce/issues).
 <a name="licenses"></a>
 # Licenses
 The software that T-Pot is built on uses the following licenses.
 <br>GPLv2: [conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeysap](https://github.com/SecureAuthCorp/HoneySAP/blob/master/COPYING), [honeypy](https://github.com/foospidy/HoneyPy/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](http://suricata-ids.org/about/open-source/)
-<br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE), [ewsposter](https://github.com/dtag-dev-sec/ews/), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
+<br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE), [ewsposter](https://github.com/telekom-security/ews/), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [ipphoney](https://gitlab.com/bontchev/ipphoney/-/blob/master/LICENSE), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
 <br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE)
 <br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE)
 <br> Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/)
@ -519,6 +521,7 @@ Without open source and the fruitful development community (we are proud to be a
 * [honeypy](https://github.com/foospidy/HoneyPy/graphs/contributors)
 * [honeysap](https://github.com/SecureAuthCorp/HoneySAP/graphs/contributors)
 * [honeytrap](https://github.com/armedpot/honeytrap/graphs/contributors)
 * [ipphoney](https://gitlab.com/bontchev/ipphoney/-/project_members)
 * [kibana](https://github.com/elastic/kibana/graphs/contributors)
 * [logstash](https://github.com/elastic/logstash/graphs/contributors)
 * [mailoney](https://github.com/awhitehatter/mailoney)
@ -544,6 +547,8 @@ Without open source and the fruitful development community (we are proud to be a
 A new version of T-Pot is released about every 6-12 months, development has shifted more and more towards rolling releases and the usage of `/opt/tpot/update.sh`.
 <a name="testimonial"></a>
-# Testimonial
+# Testimonials
 One of the greatest feedback we have gotten so far is by one of the Conpot developers:<br>
-***"[...] I highly recommend T-Pot which is ... it's not exactly a swiss army knife .. it's more like a swiss army soldier, equipped with a swiss army knife. Inside a tank. A swiss tank. [...]"***
+***"[...] I highly recommend T-Pot which is ... it's not exactly a swiss army knife .. it's more like a swiss army soldier, equipped with a swiss army knife. Inside a tank. A swiss tank. [...]"***<br>
 And from @robcowart (creator of [ElastiFlow](https://github.com/robcowart/elastiflow)):<br>
 ***"#TPot is one of the most well put together turnkey honeypot solutions. It is a must-have for anyone wanting to analyze and understand the behavior of malicious actors and the threat they pose to your organization."***
--- a/bin/change_ews_config.sh
+++ b/bin/change_ews_config.sh
@ -60,7 +60,7 @@ fi
 echo ""
 echo "[+] Creating config file with API UserID '$apiUser' and API Token '$apiToken'."
 echo "[+] Fetching config file from github. Outgoing https requests must be enabled!"
-wget -q https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/ews/dist/ews.cfg -O ews.cfg.dist 
+wget -q https://raw.githubusercontent.com/telekom-security/tpotce/master/docker/ews/dist/ews.cfg -O ews.cfg.dist 
 if [[ -f "ews.cfg.dist" ]]; then
 	echo "[+] Successfully downloaded ews.cfg from github."
 else 
--- a/bin/clean.sh
+++ b/bin/clean.sh
@ -197,6 +197,14 @@ fuHONEYTRAP () {
  chown tpot:tpot /data/honeytrap/ -R
 }
 # Let's create a function to clean up and prepare ipphoney data
 fuIPPHONEY () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ipphoney/*; fi
  mkdir -p /data/ipphoney/log
  chmod 770 /data/ipphoney -R
  chown tpot:tpot /data/ipphoney -R
 }
 # Let's create a function to clean up and prepare mailoney data
 fuMAILONEY () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/mailoney/*; fi
@ -298,6 +306,7 @@ if [ "$myPERSISTENCE" = "on" ];
    fuHONEYSAP
    fuHONEYPY
    fuHONEYTRAP
    fuIPPHONEY
    fuMAILONEY
    fuMEDPOT
    fuNGINX
--- a/cloud/ansible/README.md
+++ b/cloud/ansible/README.md
@ -96,7 +96,7 @@ Import your SSH public key.
 <a name="clone-git"></a>
 # Clone Git Repository
 Clone the `tpotce` repository to your Ansible Master:  
-`git clone https://github.com/dtag-dev-sec/tpotce.git`  
+`git clone https://github.com/telekom-security/tpotce.git`  
 All Ansible related files are located in the [`cloud/ansible/openstack`](openstack) folder.
 <a name="settings"></a>
@ -226,7 +226,7 @@ If you are running on a machine which asks for a sudo password, you can use:
 The Playbook will first install required packages on the Ansible Master and then deploy a new server instance.  
 After that, T-Pot gets installed and configured on the newly created host, optionally custom configs are applied and finally it reboots.
-Once this is done, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access).
+Once this is done, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/telekom-security/tpotce#ssh-and-web-access).
 <a name="documentation"></a>
 # Further documentation
--- a/cloud/ansible/openstack/roles/install/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/install/tasks/main.yaml
@ -6,7 +6,7 @@
 - name: Cloning T-Pot install directory
  git:
-    repo: "https://github.com/dtag-dev-sec/tpotce.git"
+    repo: "https://github.com/telekom-security/tpotce.git"
    dest: /root/tpot
 - name: Prepare to set user password
--- a/cloud/terraform/README.md
+++ b/cloud/terraform/README.md
@ -9,7 +9,7 @@ This can easily be extended to support other [Terraform providers](https://www.t
 - [What get's created](#what-created)
  - [Amazon Web Services (AWS)](#what-created-aws)
  - [Open Telekom Cloud (OTC)](#what-created-otc)
- [Pre-Requisites](#pre)
+- [Prerequisites](#pre)
  - [Amazon Web Services (AWS)](#pre-aws)
  - [Open Telekom Cloud (OTC)](#pre-otc)
 - [Terraform Variables](#variables)
@ -45,8 +45,8 @@ This can easily be extended to support other [Terraform providers](https://www.t
 * Network, Subnet, Router (= Virtual Private Cloud [VPC])
 <a name="pre"></a>
-## Pre-Requisites
+## Prerequisites
-* [Terraform](https://www.terraform.io/) 0.12
+* [Terraform](https://www.terraform.io/) 0.13
 <a name="pre-aws"></a>
 ### Amazon Web Services (AWS)
@ -90,7 +90,7 @@ In `aws/variables.tf`, you can change the additional variables:
 <a name="variables-otc"></a>
 ### Open Telekom Cloud (OTC)
 In `otc/variables.tf`, you can change the additional variables:
-* `availabiliy_zone`
+* `availability_zone`
 * `flavor`
 * `key_pair` - Specify an existing SSH key pair
 * `image_id`
@ -124,4 +124,4 @@ If you want the remove the built infrastructure, you can run [`terraform destroy
 <a name="connecting"></a>
 ## Connecting to the Instance
-When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access).
+When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/telekom-security/tpotce#ssh-and-web-access).
--- a/cloud/terraform/aws/versions.tf
+++ b/cloud/terraform/aws/versions.tf
@ -1,3 +1,8 @@
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 0.13"
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
 }
--- a/cloud/terraform/cloud-init.yaml
+++ b/cloud/terraform/cloud-init.yaml
@ -5,7 +5,7 @@ packages:
  - git
 runcmd:
-  - git clone https://github.com/dtag-dev-sec/tpotce /root/tpot
+  - git clone https://github.com/telekom-security/tpotce /root/tpot
  - /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
  - rm /root/tpot.conf
  - /sbin/shutdown -r now
--- a/cloud/terraform/otc/main.tf
+++ b/cloud/terraform/otc/main.tf
@ -36,7 +36,7 @@ resource "random_id" "tpot" {
 }
 resource "opentelekomcloud_compute_instance_v2" "ecs_1" {
-  availability_zone = var.availabiliy_zone
+  availability_zone = var.availability_zone
  name              = random_id.tpot.b64
  flavor_name       = var.flavor
  key_pair          = var.key_pair
--- a/cloud/terraform/otc/variables.tf
+++ b/cloud/terraform/otc/variables.tf
@ -34,7 +34,7 @@ variable "ecs_prefix" {
 }
 # ECS configuration
-variable "availabiliy_zone" {
+variable "availability_zone" {
  default = "eu-de-03"
  description = "Select an availability zone"
 }
@ -50,7 +50,7 @@ variable "key_pair" {
 }
 variable "image_id" {
-  default = "d97dd29c-9318-4e4c-8d3a-7307d1513b77"
+  default = "fb7b0c9c-8b20-4e3f-832c-ea38c981c282"
  description = "Select a Debian 10 base image id"
 }
--- a/cloud/terraform/otc/versions.tf
+++ b/cloud/terraform/otc/versions.tf
@ -1,3 +1,11 @@
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 0.13"
  required_providers {
    opentelekomcloud = {
      source = "terraform-providers/opentelekomcloud"
    }
    random = {
      source = "hashicorp/random"
    }
  }
 }
--- a/doc/architecture.png
+++ b/doc/architecture.png
--- a/docker/adbhoney/Dockerfile
+++ b/docker/adbhoney/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest 
+FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
@ -13,7 +13,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
            python3-dev && \
 #
 # Install adbhoney from git
-    git clone --depth=1 https://github.com/huuck/ADBHoney /opt/adbhoney && \
+    git clone https://github.com/huuck/ADBHoney /opt/adbhoney && \
    cd /opt/adbhoney && \
    git checkout ad7c17e78d01f6860d58ba826a4b6a4e4f83acbd && \
    cp /root/dist/adbhoney.cfg /opt/adbhoney && \
    sed -i 's/dst_ip/dest_ip/' /opt/adbhoney/adbhoney/core.py && \
    sed -i 's/dst_port/dest_port/' /opt/adbhoney/adbhoney/core.py && \
--- a/docker/adbhoney/docker-compose.yml
+++ b/docker/adbhoney/docker-compose.yml
@ -14,7 +14,7 @@ services:
     - adbhoney_local
    ports:
     - "5555:5555"
-    image: "dtagdevsec/adbhoney:2006"
+    image: "ghcr.io/telekom-security/adbhoney:2006"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
--- a/docker/ciscoasa/Dockerfile
+++ b/docker/ciscoasa/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
@ -23,8 +23,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Get and install packages
    mkdir -p /opt/ && \
    cd /opt/ && \
-    git clone --depth=1 https://github.com/cymmetria/ciscoasa_honeypot && \
+    git clone https://github.com/cymmetria/ciscoasa_honeypot && \
    cd ciscoasa_honeypot && \
    git checkout d6e91f1aab7fe6fc01fabf2046e76b68dd6dc9e2 && \
    pip3 install --no-cache-dir -r requirements.txt && \
    cp /root/dist/asa_server.py /opt/ciscoasa_honeypot && \
    chown -R ciscoasa:ciscoasa /opt/ciscoasa_honeypot && \
--- a/docker/ciscoasa/docker-compose.yml
+++ b/docker/ciscoasa/docker-compose.yml
@ -13,7 +13,7 @@ services:
    ports:
     - "5000:5000/udp"
     - "8443:8443"
-    image: "dtagdevsec/ciscoasa:2006"
+    image: "ghcr.io/telekom-security/ciscoasa:2006"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
--- a/docker/citrixhoneypot/Dockerfile
+++ b/docker/citrixhoneypot/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Install packages
 RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
@ -15,7 +15,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Install CitrixHoneypot from GitHub
 #    git clone --depth=1 https://github.com/malwaretech/citrixhoneypot /opt/citrixhoneypot && \
 #    git clone --depth=1 https://github.com/vorband/CitrixHoneypot /opt/citrixhoneypot && \
-    git clone --depth=1 https://github.com/t3chn0m4g3/CitrixHoneypot /opt/citrixhoneypot && \
+    git clone https://github.com/t3chn0m4g3/CitrixHoneypot /opt/citrixhoneypot && \
    cd /opt/citrixhoneypot && \
    git checkout f59ad7320dc5bbb8c23c8baa5f111b52c52fbef3 && \
 #
 # Setup user, groups and configs
    mkdir -p /opt/citrixhoneypot/logs /opt/citrixhoneypot/ssl && \
--- a/docker/citrixhoneypot/docker-compose.yml
+++ b/docker/citrixhoneypot/docker-compose.yml
@ -14,7 +14,7 @@ services:
     - citrixhoneypot_local
    ports:
     - "443:443"
-    image: "dtagdevsec/citrixhoneypot:2006"
+    image: "ghcr.io/telekom-security/citrixhoneypot:2006"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
--- a/docker/conpot/Dockerfile
+++ b/docker/conpot/Dockerfile
@ -1,11 +1,11 @@
-FROM alpine:latest
+FROM alpine:edge
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Setup apt
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
+#RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U add \
+RUN apk -U add \
             build-base \
             file \
             git \
@ -26,10 +26,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
             wget && \
 #
 # Setup ConPot
-    git clone --depth=1 https://github.com/mushorg/conpot /opt/conpot && \
+    git clone https://github.com/mushorg/conpot /opt/conpot && \
    cd /opt/conpot/ && \
-    # Patch to accept ENV for MIB path
+    git checkout 7a77329cd99cee9c37ee20e2f05a48952d8eece9 && \
    sed -i "s/tmp_mib_dir = tempfile.mkdtemp()/tmp_mib_dir = tempfile.mkdtemp(dir=os.environ['CONPOT_TMP'])/" /opt/conpot/conpot/protocols/snmp/snmp_server.py && \
    # Change template default ports if <1024
    sed -i 's/port="2121"/port="21"/' /opt/conpot/conpot/templates/default/ftp/ftp.xml && \ 
    sed -i 's/port="8800"/port="80"/' /opt/conpot/conpot/templates/default/http/http.xml && \ 
@ -75,4 +74,4 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Start conpot
 STOPSIGNAL SIGINT
 USER conpot:conpot
-CMD exec /usr/bin/conpot --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
+CMD exec /usr/bin/conpot --mibcache $CONPOT_TMP --temp_dir $CONPOT_TMP --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG
--- a/docker/conpot/dist/templates/IEC104/template.xml
+++ b/docker/conpot/dist/templates/IEC104/template.xml
@ -70,7 +70,7 @@
                <value type="value">100000000</value>
            </key>
            <key name="ifPhysAddress">
-                <value type="value">"\x00\x0e\x8c\x29\xc5\x1a"</value>
+                <value type="value">"0x000e8c29c51a"</value>
            </key>
            <key name="ifAdminStatus">
                <value type="value">1</value>
--- a/docker/conpot/docker-compose.yml
+++ b/docker/conpot/docker-compose.yml
@ -35,7 +35,7 @@ services:
     - "2121:21"
     - "44818:44818"
     - "47808:47808"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -58,7 +58,7 @@ services:
    ports:
 #     - "161:161"
     - "2404:2404"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -80,7 +80,7 @@ services:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -102,7 +102,7 @@ services:
     - conpot_local_ipmi
    ports:
     - "623:623"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -125,7 +125,7 @@ services:
    ports:
     - "1025:1025"
     - "50100:50100"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
--- a/docker/cowrie/Dockerfile
+++ b/docker/cowrie/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
@ -33,6 +33,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    cd /home/cowrie && \
    git clone --depth=1 https://github.com/micheloosterhof/cowrie -b v2.1.0 && \
    cd cowrie && \
    sed -i s/logfile.DailyLogFile/logfile.LogFile/g src/cowrie/python/logfile.py && \
    mkdir -p log && \
    cp /root/dist/requirements.txt . && \
    pip3 install -r requirements.txt && \
--- a/docker/cowrie/docker-compose.yml
+++ b/docker/cowrie/docker-compose.yml
@ -18,7 +18,7 @@ services:
    ports:
     - "22:22"
     - "23:23"
-    image: "dtagdevsec/cowrie:2006"
+    image: "ghcr.io/telekom-security/cowrie:2006"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
--- a/docker/cyberchef/Dockerfile
+++ b/docker/cyberchef/Dockerfile
@ -13,7 +13,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 #
 # Install CyberChef 
    cd /root && \
-    git clone https://github.com/gchq/cyberchef --depth=1 && \
+    git clone https://github.com/gchq/cyberchef -b v9.21.0 && \
    chown -R nobody:nobody cyberchef && \
    cd cyberchef && \
    npm install && \
--- a/docker/cyberchef/docker-compose.yml
+++ b/docker/cyberchef/docker-compose.yml
@ -14,5 +14,5 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2006"
+    image: "ghcr.io/telekom-security/cyberchef:2006"
    read_only: true
--- a/docker/deprecated/elasticpot.old/README.md
+++ b/docker/deprecated/elasticpot.old/README.md
@ -1,10 +1,10 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/elasticpot:1903.svg)](https://microbadger.com/images/dtagdevsec/elasticpot:1903 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/elasticpot:1903.svg)](https://microbadger.com/images/dtagdevsec/elasticpot:1903 "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/ghcr.io/telekom-security/elasticpot:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/elasticpot:1903 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/ghcr.io/telekom-security/elasticpot:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/elasticpot:1903 "Get your own image badge on microbadger.com")
 # elasticpot
 [elasticpot](https://github.com/schmalle/ElasticPot) is a simple elastic search honeypot.
-This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+This dockerized version is part of the **[T-Pot community honeypot](http://telekom-security.github.io/)** of Deutsche Telekom AG.
 The `Dockerfile` contains the blueprint for the dockerized elasticpot and will be used to setup the docker image.
--- a/docker/deprecated/elasticpot.old/docker-compose.yml
+++ b/docker/deprecated/elasticpot.old/docker-compose.yml
@ -14,7 +14,7 @@ services:
     - elasticpot_local
    ports:
     - "9200:9200"
-    image: "dtagdevsec/elasticpot:2006"
+    image: "ghcr.io/telekom-security/elasticpot:2006"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/ElasticpotPY/log
--- a/docker/deprecated/glastopf/README.md
+++ b/docker/deprecated/glastopf/README.md
@ -1,10 +1,10 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/glastopf:1903.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1903 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/glastopf:1903.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1903 "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/ghcr.io/telekom-security/glastopf:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/glastopf:1903 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/ghcr.io/telekom-security/glastopf:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/glastopf:1903 "Get your own image badge on microbadger.com")
 # glastopf (deprecated)
 [glastopf](https://github.com/mushorg/glastopf) is a python web application honeypot.
-This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+This dockerized version is part of the **[T-Pot community honeypot](http://telekom-security.github.io/)** of Deutsche Telekom AG.
 The `Dockerfile` contains the blueprint for the dockerized glastopf and will be used to setup the docker image.
--- a/docker/deprecated/glastopf/docker-compose.yml
+++ b/docker/deprecated/glastopf/docker-compose.yml
@ -16,7 +16,7 @@ services:
     - glastopf_local
    ports:
     - "8081:80"
-    image: "dtagdevsec/glastopf:1903"
+    image: "ghcr.io/telekom-security/glastopf:1903"
    read_only: true
    volumes:
     - /data/glastopf/db:/tmp/glastopf/db
--- a/docker/deprecated/hpfeeds/docker-compose.yml
+++ b/docker/deprecated/hpfeeds/docker-compose.yml
@ -16,4 +16,4 @@ services:
     - hpfeeds_local
    ports:
     - "20000:20000"
-    image: "dtagdevsec/hpfeeds:latest"
+    image: "ghcr.io/telekom-security/hpfeeds:latest"
--- a/docker/deprecated/nginx/docker-compose.yml
+++ b/docker/deprecated/nginx/docker-compose.yml
@ -17,7 +17,7 @@ services:
    network_mode: "host"
    ports:
     - "64297:64297"
-    image: "dtagdevsec/nginx:1903"
+    image: "ghcr.io/telekom-security/nginx:1903"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
--- a/docker/dicompot/Dockerfile
+++ b/docker/dicompot/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Setup apk
 RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
@ -14,6 +14,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    cd /opt/go/ && \
    git clone https://github.com/nsmfoo/dicompot.git && \
    cd dicompot && \
    git checkout 17cddd73896e94fdfbfeb920023ccaf5aad5abbd && \
    go mod download && \
    go install -a -x github.com/nsmfoo/dicompot/server && \
 #
--- a/docker/dicompot/docker-compose.yml
+++ b/docker/dicompot/docker-compose.yml
@ -17,7 +17,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "dtagdevsec/dicompot:2006"
+    image: "ghcr.io/telekom-security/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
--- a/docker/dionaea/docker-compose.yml
+++ b/docker/dionaea/docker-compose.yml
@ -31,7 +31,7 @@ services:
     - "5060:5060/udp"
     - "5061:5061"
     - "27017:27017"
-    image: "dtagdevsec/dionaea:2006"
+    image: "ghcr.io/telekom-security/dionaea:2006"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -10,98 +10,98 @@ services:
 # Adbhoney service
  adbhoney:
    build: adbhoney/.
-    image: "dtagdevsec/adbhoney:2006"
+    image: "ghcr.io/telekom-security/adbhoney:2006"
 # Ciscoasa service
  ciscoasa:
    build: ciscoasa/.
-    image: "dtagdevsec/ciscoasa:2006"
+    image: "ghcr.io/telekom-security/ciscoasa:2006"
 # CitrixHoneypot service
  citrixhoneypot:
    build: citrixhoneypot/.
-    image: "dtagdevsec/citrixhoneypot:2006"
+    image: "ghcr.io/telekom-security/citrixhoneypot:2006"
 # Conpot IEC104 service
  conpot_IEC104:
    build: conpot/.
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
 # Cowrie service
  cowrie:
    build: cowrie/.
-    image: "dtagdevsec/cowrie:2006"
+    image: "ghcr.io/telekom-security/cowrie:2006"
 # Dicompot service
  dicompot:
    build: dicompot/.
-    image: "dtagdevsec/dicompot:2006"
+    image: "ghcr.io/telekom-security/dicompot:2006"
 # Dionaea service
  dionaea:
    build: dionaea/.
-    image: "dtagdevsec/dionaea:2006"
+    image: "ghcr.io/telekom-security/dionaea:2006"
 # ElasticPot service
  elasticpot:
    build: elasticpot/.
-    image: "dtagdevsec/elasticpot:2006"
+    image: "ghcr.io/telekom-security/elasticpot:2006"
 # Glutton service
  glutton:
    build: glutton/.
-    image: "dtagdevsec/glutton:2006"
+    image: "ghcr.io/telekom-security/glutton:2006"
 # Heralding service
  heralding:
    build: heralding/.
-    image: "dtagdevsec/heralding:2006"
+    image: "ghcr.io/telekom-security/heralding:2006"
 # HoneyPy service
  honeypy:
    build: honeypy/.
-    image: "dtagdevsec/honeypy:2006"
+    image: "ghcr.io/telekom-security/honeypy:2006"
 # Honeytrap service
  honeytrap:
    build: honeytrap/.
-    image: "dtagdevsec/honeytrap:2006"
+    image: "ghcr.io/telekom-security/honeytrap:2006"
 # Mailoney service
  mailoney:
    build: mailoney/.
-    image: "dtagdevsec/mailoney:2006"
+    image: "ghcr.io/telekom-security/mailoney:2006"
 # Medpot service
  medpot:
    build: medpot/.
-    image: "dtagdevsec/medpot:2006"
+    image: "ghcr.io/telekom-security/medpot:2006"
 # Rdpy service
  rdpy:
    build: rdpy/.
-    image: "dtagdevsec/rdpy:2006"
+    image: "ghcr.io/telekom-security/rdpy:2006"
 #### Snare / Tanner
 ## Tanner Redis Service
  tanner_redis:
    build: tanner/redis/.
-    image: "dtagdevsec/redis:2006"
+    image: "ghcr.io/telekom-security/redis:2006"
 ## PHP Sandbox service
  tanner_phpox:
    build: tanner/phpox/.
-    image: "dtagdevsec/phpox:2006"
+    image: "ghcr.io/telekom-security/phpox:2006"
 ## Tanner API Service
  tanner_api:
    build: tanner/tanner/.
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
 ## Snare Service
  snare:
    build: tanner/snare/.
-    image: "dtagdevsec/snare:2006"
+    image: "ghcr.io/telekom-security/snare:2006"
 ##################
@ -111,17 +111,17 @@ services:
 # Fatt service
  fatt:
    build: fatt/.
-    image: "dtagdevsec/fatt:2006"
+    image: "ghcr.io/telekom-security/fatt:2006"
 # P0f service
  p0f:
    build: p0f/.
-    image: "dtagdevsec/p0f:2006"
+    image: "ghcr.io/telekom-security/p0f:2006"
 # Suricata service
  suricata:
    build: suricata/.
-    image: "dtagdevsec/suricata:2006"
+    image: "ghcr.io/telekom-security/suricata:2006"
 ##################
@ -131,40 +131,40 @@ services:
 # Cyberchef service
  cyberchef:
    build: cyberchef/.
-    image: "dtagdevsec/cyberchef:2006"
+    image: "ghcr.io/telekom-security/cyberchef:2006"
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    build: elk/elasticsearch/.
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "ghcr.io/telekom-security/elasticsearch:2006"
 ## Kibana service
  kibana:
    build: elk/kibana/.
-    image: "dtagdevsec/kibana:2006"
+    image: "ghcr.io/telekom-security/kibana:2006"
 ## Logstash service
  logstash:
    build: elk/logstash/.
-    image: "dtagdevsec/logstash:2006"
+    image: "ghcr.io/telekom-security/logstash:2006"
 ## Elasticsearch-head service
  head:
    build: elk/head/.
-    image: "dtagdevsec/head:2006"
+    image: "ghcr.io/telekom-security/head:2006"
 # Ewsposter service
  ewsposter:
    build: ews/.
-    image: "dtagdevsec/ewsposter:2006"
+    image: "ghcr.io/telekom-security/ewsposter:2006"
 # Nginx service
  nginx:
    build: heimdall/.
-    image: "dtagdevsec/nginx:2006"
+    image: "ghcr.io/telekom-security/nginx:2006"
 # Spiderfoot service
  spiderfoot:
    build: spiderfoot/.
-    image: "dtagdevsec/spiderfoot:2006"
+    image: "ghcr.io/telekom-security/spiderfoot:2006"
--- a/docker/elasticpot/Dockerfile
+++ b/docker/elasticpot/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
@ -12,6 +12,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
             libffi-dev \
 	     openssl \
             openssl-dev \
 	     postgresql-dev \
             py3-mysqlclient \
             py3-requests \
 	     py3-pip \
@ -19,8 +20,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
             python3-dev && \
    mkdir -p /opt && \
    cd /opt/ && \
-    git clone --depth=1 https://gitlab.com/bontchev/elasticpot.git/ && \
+    git clone https://gitlab.com/bontchev/elasticpot.git/ && \
    cd elasticpot && \
    git checkout d12649730d819bd78ea622361b6c65120173ad45 && \
    pip3 install -r requirements.txt && \
 #
 # Setup user, groups and configs
@ -33,6 +35,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
                    git \
                    libffi-dev \
 		    openssl-dev \
 		    postgresql-dev \
 		    python3-dev && \
    rm -rf /root/* && \
    rm -rf /var/cache/apk/*
--- a/docker/elasticpot/docker-compose.yml
+++ b/docker/elasticpot/docker-compose.yml
@ -14,7 +14,7 @@ services:
     - elasticpot_local
    ports:
     - "9200:9200"
-    image: "dtagdevsec/elasticpot:2006"
+    image: "ghcr.io/telekom-security/elasticpot:2006"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
--- a/docker/elk/docker-compose.yml
+++ b/docker/elk/docker-compose.yml
@ -24,7 +24,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "ghcr.io/telekom-security/elasticsearch:2006"
    volumes:
     - /data:/data
@ -39,19 +39,21 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:2006"
+    image: "ghcr.io/telekom-security/kibana:2006"
 ## Logstash service
  logstash:
    build: logstash/.
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/logstash:2006"
+    image: "ghcr.io/telekom-security/logstash:2006"
    volumes:
     - /data:/data
 #     - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf
@ -66,5 +68,5 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:2006"
+    image: "ghcr.io/telekom-security/head:2006"
    read_only: true
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@ -1,7 +1,7 @@
-FROM alpine
+FROM alpine:3.12
 #
 # VARS
-ENV ES_VER=7.8.0 \
+ENV ES_VER=7.9.1 \
    JAVA_HOME=/usr/lib/jvm/java-11-openjdk
 # Include dist
 ADD dist/ /root/dist/
--- a/docker/elk/elasticsearch/docker-compose.yml
+++ b/docker/elk/elasticsearch/docker-compose.yml
@ -24,6 +24,6 @@ services:
    mem_limit: 2g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "ghcr.io/telekom-security/elasticsearch:2006"
    volumes:
     - /data:/data
--- a/docker/elk/head/Dockerfile
+++ b/docker/elk/head/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Setup env and apt
 RUN apk -U add \
@ -10,7 +10,8 @@ RUN apk -U add \
 # Get and install packages
    mkdir -p /usr/src/app/ && \
    cd /usr/src/app/ && \
-    git clone --depth=1 https://github.com/mobz/elasticsearch-head . && \
+    git clone https://github.com/mobz/elasticsearch-head . && \
    git checkout d0a25608854479f0b3f2dca24e8039a2fd66b0e2 && \
    npm install http-server && \
    sed -i "s#\"http\:\/\/localhost\:9200\"#window.location.protocol \+ \'\/\/\' \+ window.location.hostname \+ \'\:\' \+ window.location.port \+ \'\/es\/\'#" /usr/src/app/_site/app.js && \
 #
--- a/docker/elk/head/docker-compose.yml
+++ b/docker/elk/head/docker-compose.yml
@ -12,5 +12,5 @@ services:
    #        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:2006"
+    image: "ghcr.io/telekom-security/head:2006"
    read_only: true
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@ -1,7 +1,7 @@
-FROM node:10.21.0-alpine
+FROM node:10.22.0-alpine
 #
 # VARS
-ENV KB_VER=7.8.0
+ENV KB_VER=7.9.1
 # 
 # Include dist
 ADD dist/ /root/dist/
@ -46,10 +46,13 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    echo "xpack.apm.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
    echo "xpack.security.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
    echo "xpack.uptime.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
-    echo "xpack.siem.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
+    echo "xpack.securitySolution.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
    echo "xpack.ml.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
    echo "elasticsearch.requestTimeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
    echo "elasticsearch.shardTimeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
 # There is no switch to disable Enterprise Search, so we need to remove it
 # In order to remove all X-Pack features we need to use OSS versions
    rm -rf /usr/share/kibana/x-pack/plugins/enterprise_search && \
    rm -rf /usr/share/kibana/optimize/bundles/* && \
    /usr/share/kibana/bin/kibana --optimize --allow-root && \
    addgroup -g 2000 kibana && \
--- a/docker/elk/kibana/docker-compose.yml
+++ b/docker/elk/kibana/docker-compose.yml
@ -12,4 +12,4 @@ services:
 #        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:2006"
+    image: "ghcr.io/telekom-security/kibana:2006"
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -1,7 +1,7 @@
-FROM alpine
+FROM alpine:3.12
 #
 # VARS
-ENV LS_VER=7.8.0
+ENV LS_VER=7.9.1
 # Include dist
 ADD dist/ /root/dist/
 #
@ -36,8 +36,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    chmod u+x /usr/bin/update.sh && \
    mkdir -p /etc/logstash/conf.d && \
    cp logstash.conf /etc/logstash/conf.d/ && \
-    cp elasticsearch-template-es7x.json /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.5.1-java/lib/logstash/outputs/elasticsearch/ && \
+    cp tpot_es_template.json /etc/logstash/ && \
    cp common_configs.rb /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.5.1-java/lib/logstash/outputs/elasticsearch/ && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 logstash && \
@ -56,4 +55,5 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'
 #
 # Start logstash
 #USER logstash:logstash
 #CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic --java-execution --log.level debug
 CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic --java-execution
--- a/docker/elk/logstash/dist/common_configs.rb
+++ b/docker/elk/logstash/dist/common_configs.rb
@ -1,167 +0,0 @@
 require 'forwardable' # Needed for logstash core SafeURI. We need to patch this in core: https://github.com/elastic/logstash/pull/5978
 module LogStash; module Outputs; class ElasticSearch
  module CommonConfigs
    DEFAULT_INDEX_NAME = "logstash-%{+yyyy.MM.dd}"
    DEFAULT_POLICY = "logstash-policy"
    DEFAULT_ROLLOVER_ALIAS = 'logstash'
    DEFAULT_HOST = ::LogStash::Util::SafeURI.new("//127.0.0.1")
    def self.included(mod)
      # The index to write events to. This can be dynamic using the `%{foo}` syntax.
      # The default value will partition your indices by day so you can more easily
      # delete old data or only search specific date ranges.
      # Indexes may not contain uppercase characters.
      # For weekly indexes ISO 8601 format is recommended, eg. logstash-%{+xxxx.ww}.
      # LS uses Joda to format the index pattern from event timestamp.
      # Joda formats are defined http://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html[here].
      mod.config :index, :validate => :string, :default => DEFAULT_INDEX_NAME
      mod.config :document_type, 
        :validate => :string, 
        :deprecated => "Document types are being deprecated in Elasticsearch 6.0, and removed entirely in 7.0. You should avoid this feature"
      # From Logstash 1.3 onwards, a template is applied to Elasticsearch during
      # Logstash's startup if one with the name `template_name` does not already exist.
      # By default, the contents of this template is the default template for
      # `logstash-%{+YYYY.MM.dd}` which always matches indices based on the pattern
      # `logstash-*`.  Should you require support for other index names, or would like
      # to change the mappings in the template in general, a custom template can be
      # specified by setting `template` to the path of a template file.
      #
      # Setting `manage_template` to false disables this feature.  If you require more
      # control over template creation, (e.g. creating indices dynamically based on
      # field names) you should set `manage_template` to false and use the REST
      # API to apply your templates manually.
      mod.config :manage_template, :validate => :boolean, :default => true
      # This configuration option defines how the template is named inside Elasticsearch.
      # Note that if you have used the template management features and subsequently
      # change this, you will need to prune the old template manually, e.g.
      #
      # `curl -XDELETE <http://localhost:9200/_template/OldTemplateName?pretty>`
      #
      # where `OldTemplateName` is whatever the former setting was.
      mod.config :template_name, :validate => :string, :default => "logstash"
      # You can set the path to your own template here, if you so desire.
      # If not set, the included template will be used.
      mod.config :template, :validate => :path
      # The template_overwrite option will always overwrite the indicated template
      # in Elasticsearch with either the one indicated by template or the included one.
      # This option is set to false by default. If you always want to stay up to date
      # with the template provided by Logstash, this option could be very useful to you.
      # Likewise, if you have your own template file managed by puppet, for example, and
      # you wanted to be able to update it regularly, this option could help there as well.
      #
      # Please note that if you are using your own customized version of the Logstash
      # template (logstash), setting this to true will make Logstash to overwrite
      # the "logstash" template (i.e. removing all customized settings)
      mod.config :template_overwrite, :validate => :boolean, :default => true
      # The document ID for the index. Useful for overwriting existing entries in
      # Elasticsearch with the same ID.
      mod.config :document_id, :validate => :string
      # The version to use for indexing. Use sprintf syntax like `%{my_version}` to use a field value here.
      # See https://www.elastic.co/blog/elasticsearch-versioning-support.
      mod.config :version, :validate => :string
      # The version_type to use for indexing.
      # See https://www.elastic.co/blog/elasticsearch-versioning-support.
      # See also https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html#_version_types
      mod.config :version_type, :validate => ["internal", 'external', "external_gt", "external_gte", "force"]
      # A routing override to be applied to all processed events.
      # This can be dynamic using the `%{foo}` syntax.
      mod.config :routing, :validate => :string
      # For child documents, ID of the associated parent.
      # This can be dynamic using the `%{foo}` syntax.
      mod.config :parent, :validate => :string, :default => nil
      # For child documents, name of the join field
      mod.config :join_field, :validate => :string, :default => nil
      # Sets the host(s) of the remote instance. If given an array it will load balance requests across the hosts specified in the `hosts` parameter.
      # Remember the `http` protocol uses the http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#modules-http[http] address (eg. 9200, not 9300).
      #     `"127.0.0.1"`
      #     `["127.0.0.1:9200","127.0.0.2:9200"]`
      #     `["http://127.0.0.1"]`
      #     `["https://127.0.0.1:9200"]`
      #     `["https://127.0.0.1:9200/mypath"]` (If using a proxy on a subpath)
      # It is important to exclude http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[dedicated master nodes] from the `hosts` list
      # to prevent LS from sending bulk requests to the master nodes.  So this parameter should only reference either data or client nodes in Elasticsearch.
      #
      # Any special characters present in the URLs here MUST be URL escaped! This means `#` should be put in as `%23` for instance.
      mod.config :hosts, :validate => :uri, :default => [ DEFAULT_HOST ], :list => true
      # Cloud ID, from the Elastic Cloud web console. If set `hosts` should not be used.
      #
      # For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html#_cloud_id[cloud documentation]
      mod.config :cloud_id, :validate => :string
      # Set upsert content for update mode.s
      # Create a new document with this parameter as json string if `document_id` doesn't exists
      mod.config :upsert, :validate => :string, :default => ""
      # Enable `doc_as_upsert` for update mode.
      # Create a new document with source if `document_id` doesn't exist in Elasticsearch
      mod.config :doc_as_upsert, :validate => :boolean, :default => false
      # Set script name for scripted update mode
      mod.config :script, :validate => :string, :default => ""
      # Define the type of script referenced by "script" variable
      #  inline : "script" contains inline script
      #  indexed : "script" contains the name of script directly indexed in elasticsearch
      #  file    : "script" contains the name of script stored in elasticseach's config directory
      mod.config :script_type, :validate => ["inline", 'indexed', "file"], :default => ["inline"]
      # Set the language of the used script. If not set, this defaults to painless in ES 5.0
      mod.config :script_lang, :validate => :string, :default => "painless"
      # Set variable name passed to script (scripted update)
      mod.config :script_var_name, :validate => :string, :default => "event"
      # if enabled, script is in charge of creating non-existent document (scripted update)
      mod.config :scripted_upsert, :validate => :boolean, :default => false
      # Set initial interval in seconds between bulk retries. Doubled on each retry up to `retry_max_interval`
      mod.config :retry_initial_interval, :validate => :number, :default => 2
      # Set max interval in seconds between bulk retries.
      mod.config :retry_max_interval, :validate => :number, :default => 64
      # The number of times Elasticsearch should internally retry an update/upserted document
      # See the https://www.elastic.co/guide/en/elasticsearch/guide/current/partial-updates.html[partial updates]
      # for more info
      mod.config :retry_on_conflict, :validate => :number, :default => 1
      # Set which ingest pipeline you wish to execute for an event. You can also use event dependent configuration
      # here like `pipeline => "%{INGEST_PIPELINE}"`
      mod.config :pipeline, :validate => :string, :default => nil
      # -----
      # ILM configurations (beta)
      # -----
      # Flag for enabling Index Lifecycle Management integration.
      mod.config :ilm_enabled, :validate => [true, false, 'true', 'false', 'auto'], :default => 'auto'
      # Rollover alias used for indexing data. If rollover alias doesn't exist, Logstash will create it and map it to the relevant index
      mod.config :ilm_rollover_alias, :validate => :string, :default => DEFAULT_ROLLOVER_ALIAS
      # appends “{now/d}-000001” by default for new index creation, subsequent rollover indices will increment based on this pattern i.e. “000002”
      # {now/d} is date math, and will insert the appropriate value automatically.
      mod.config :ilm_pattern, :validate => :string, :default => '{now/d}-000001'
      # ILM policy to use, if undefined the default policy will be used.
      mod.config :ilm_policy, :validate => :string, :default => DEFAULT_POLICY
    end
  end
 end end end
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -112,6 +112,13 @@ input {
    type => "Honeytrap"
  }
 # Ipphoney
  file {
    path => ["/data/ipphoney/log/ipphoney.json"]
    codec => json
    type => "Ipphoney"
  }
 # Mailoney
  file {
    path => ["/data/mailoney/log/commands.log"]
@ -415,6 +422,25 @@ filter {
    }
  }
 # Ipphoney
  if [type] == "Ipphoney" {
    date {
      match => [ "timestamp", "ISO8601" ]
    }
    mutate {
      rename => {
 	"query" => "ipp_query"
        "content_type" => "http.http_content_type"
        "dst_port" => "dest_port"
        "dst_ip" => "dest_ip"
        "request" => "request_method"
        "operation" => "data"
        "user_agent" => "http_user_agent"
        "url" => "http.url"
      }
    }
  }
 # Mailoney
  if [type] == "Mailoney" {
    date {
@ -518,7 +544,7 @@ if "_grokparsefailure" in [tags] { drop {} }
  }
 # Add T-Pot hostname and external IP
-  if [type] == "Adbhoney" or [type] == "Ciscoasa" or [type] == "CitrixHoneypot" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dicompot" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Fatt" or [type] == "Glutton" or [type] == "Honeysap" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Honeypy" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" {
+  if [type] == "Adbhoney" or [type] == "Ciscoasa" or [type] == "CitrixHoneypot" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dicompot" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Fatt" or [type] == "Glutton" or [type] == "Honeysap" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Honeypy" or [type] == "Ipphoney" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" {
    mutate {
      add_field => {
        "t-pot_ip_ext" => "${MY_EXTIP}"
@ -534,8 +560,9 @@ if "_grokparsefailure" in [tags] { drop {} }
 output {
  elasticsearch {
    hosts => ["elasticsearch:9200"]
-    # With ILM in place we need to set the daily index manually, if not => FUBAR
+    # With templates now being legacy and ILM in place we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
    index => "logstash-%{+YYYY.MM.dd}"
    template => "/etc/logstash/tpot_es_template.json"
 #    document_type => "doc"
  }
--- a/docker/elk/logstash/dist/elasticsearch-template-es7x.json
+++ b/docker/elk/logstash/dist/elasticsearch-template-es7x.json
--- a/docker/elk/logstash/dist/update.sh
+++ b/docker/elk/logstash/dist/update.sh
@ -35,11 +35,63 @@ if [ "$myCHECK" == "0" ];
    echo "Cannot reach Listbot, starting Logstash without latest translation maps."
 fi
-# Make sure logstash can put latest logstash template by deleting the old one first
+# We do want to enforce our es_template thus we always need to delete the default template, putting our default afterwards
 # This is now done via common_configs.rb => overwrite default logstash template
-#echo "Removing logstash template."
+echo "Removing logstash template."
-#curl -XDELETE http://elasticsearch:9200/_template/logstash
+curl -s -XDELETE http://elasticsearch:9200/_template/logstash
-#echo
+echo
-#echo "Checking if empty."
+echo "Checking if empty."
-#curl -XGET http://elasticsearch:9200/_template/logstash
+curl -s -XGET http://elasticsearch:9200/_template/logstash
-#echo
+echo
 echo "Putting default template."
 curl -s -XPUT "http://elasticsearch:9200/_template/logstash" -H 'Content-Type: application/json' -d'
 {
  "index_patterns" : "logstash-*",
  "version" : 60001,
  "settings" : {
    "index.refresh_interval" : "5s",
    "number_of_shards" : 1,
    "index.number_of_replicas" : "0",
    "index.mapping.total_fields.limit" : "2000",
    "index.query": {
      "default_field": "*"
     }
  },
  "mappings" : {
    "dynamic_templates" : [ {
      "message_field" : {
        "path_match" : "message",
        "match_mapping_type" : "string",
        "mapping" : {
          "type" : "text",
          "norms" : false
        }
      }
    }, {
      "string_fields" : {
        "match" : "*",
        "match_mapping_type" : "string",
        "mapping" : {
          "type" : "text", "norms" : false,
          "fields" : {
            "keyword" : { "type": "keyword", "ignore_above": 256 }
          }
        }
      }
    } ],
    "properties" : {
      "@timestamp": { "type": "date"},
      "@version": { "type": "keyword"},
      "geoip"  : {
        "dynamic": true,
        "properties" : {
          "ip": { "type": "ip" },
          "location" : { "type" : "geo_point" },
          "latitude" : { "type" : "half_float" },
          "longitude" : { "type" : "half_float" }
        }
      }
    }
  }
 }'
 echo
--- a/docker/elk/logstash/docker-compose.yml
+++ b/docker/elk/logstash/docker-compose.yml
@ -7,12 +7,14 @@ services:
    build: .
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
 #    depends_on:
 #      elasticsearch:
 #        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/logstash:2006"
+    image: "ghcr.io/telekom-security/logstash:2006"
    volumes:
     - /data:/data
-     - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf
+#     - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf
--- a/docker/ews/Dockerfile
+++ b/docker/ews/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
@ -23,7 +23,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    pip3 install --no-cache-dir configparser hpfeeds3 pyOpenSSL xmljson && \
 #
 # Setup ewsposter
-    git clone --depth=1 https://github.com/dtag-dev-sec/ewsposter /opt/ewsposter && \
+    git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \
    cd /opt/ewsposter && \
    git checkout f9c0623d44a837f666ec39659665020c7460dec8 && \
    mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \
 #
 # Setup user and groups
--- a/docker/ews/docker-compose.yml
+++ b/docker/ews/docker-compose.yml
@ -23,7 +23,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/ewsposter:2006"
+    image: "ghcr.io/telekom-security/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
--- a/docker/fatt/Dockerfile
+++ b/docker/fatt/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Include dist
 #ADD dist/ /root/dist/
@ -21,8 +21,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Install fatt
    mkdir -p /opt && \
    cd /opt && \
-    git clone --depth=1 https://github.com/0x4D31/fatt && \
+    git clone https://github.com/0x4D31/fatt && \
    cd fatt && \
    git checkout 314cd1ff7873b5a145a51ec4e85f6107828a2c79 && \
    mkdir -p log && \
    pip3 install pyshark==0.4.2.2 && \
 #
--- a/docker/fatt/docker-compose.yml
+++ b/docker/fatt/docker-compose.yml
@ -12,6 +12,6 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/fatt:2006"
+    image: "ghcr.io/telekom-security/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log
--- a/docker/glutton/Dockerfile
+++ b/docker/glutton/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
@ -22,6 +22,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    cd /opt/go/ && \
    git clone https://github.com/mushorg/glutton && \
    cd /opt/go/glutton/ && \
    git checkout 08f364fff489a82667866ecff2bcc4815569a0c8 && \
    mv /root/dist/system.go /opt/go/glutton/ && \
    go mod download && \
    make build && \
--- a/docker/glutton/docker-compose.yml
+++ b/docker/glutton/docker-compose.yml
@ -13,7 +13,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "dtagdevsec/glutton:2006"
+    image: "ghcr.io/telekom-security/glutton:2006"
    read_only: true
    volumes:
     - /data/glutton/log:/var/log/glutton
--- a/docker/heimdall/Dockerfile
+++ b/docker/heimdall/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
@ -28,6 +28,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 #
 # Clone and setup Heimdall, Nginx
    git clone https://github.com/linuxserver/heimdall && \
    cd heimdall && \
    git checkout 3a9bdd2c431d70803b259990fa4d81db4b06dba4 && \
    cd .. && \
    cp -R heimdall/. /var/lib/nginx/html && \
    rm -rf heimdall && \
    cd /var/lib/nginx/html && \
--- a/docker/heimdall/dist/app/app.sqlite
+++ b/docker/heimdall/dist/app/app.sqlite
--- a/docker/heimdall/dist/conf/tpotweb.conf
+++ b/docker/heimdall/dist/conf/tpotweb.conf
@ -149,4 +149,8 @@ server {
            proxy_pass http://127.0.0.1:64303/spiderfoot/scandelete;
        }
        location /scaninfo {
            proxy_pass http://127.0.0.1:64303/spiderfoot/scaninfo;
        }
 }
--- a/docker/heimdall/docker-compose.yml
+++ b/docker/heimdall/docker-compose.yml
@ -26,7 +26,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "dtagdevsec/nginx:2006"
+    image: "ghcr.io/telekom-security/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
--- a/docker/heralding/Dockerfile
+++ b/docker/heralding/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #  
 # Include dist
 ADD dist/ /root/dist/
@ -21,8 +21,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Setup heralding
    mkdir -p /opt && \
    cd /opt/ && \
-    git clone --depth=1 https://github.com/johnnykv/heralding && \
+    git clone https://github.com/johnnykv/heralding && \
    cd heralding && \
    git checkout bc1320e2d056c730c821cd42a19a262bfceebfd7 && \
    pip3 install --no-cache-dir -r requirements.txt && \
    pip3 install --no-cache-dir . && \
 #
--- a/docker/heralding/docker-compose.yml
+++ b/docker/heralding/docker-compose.yml
@ -30,7 +30,7 @@ services:
     - "3389:3389"
     - "5432:5432"
     - "5900:5900"
-    image: "dtagdevsec/heralding:2006"
+    image: "ghcr.io/telekom-security/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
--- a/docker/honeypy/Dockerfile
+++ b/docker/honeypy/Dockerfile
@ -17,8 +17,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    pip install --no-cache-dir virtualenv && \
 #
 # Clone honeypy from git
-    git clone --depth=1 https://github.com/foospidy/HoneyPy /opt/honeypy && \
+    git clone https://github.com/foospidy/HoneyPy /opt/honeypy && \
    cd /opt/honeypy && \
    git checkout feccab56ca922bcab01cac4ffd82f588d61ab1c5 && \
    sed -i 's/local_host/dest_ip/g' /opt/honeypy/loggers/file/honeypy_file.py && \
    sed -i 's/local_port/dest_port/g' /opt/honeypy/loggers/file/honeypy_file.py && \
    sed -i 's/remote_host/src_ip/g' /opt/honeypy/loggers/file/honeypy_file.py && \
--- a/docker/honeypy/docker-compose.yml
+++ b/docker/honeypy/docker-compose.yml
@ -20,7 +20,7 @@ services:
     - "2324:2324"
     - "4096:4096"
     - "9200:9200"
-    image: "dtagdevsec/honeypy:2006"
+    image: "ghcr.io/telekom-security/honeypy:2006"
    read_only: true
    volumes:
     - /data/honeypy/log:/opt/honeypy/log
--- a/docker/honeysap/Dockerfile
+++ b/docker/honeysap/Dockerfile
@ -18,6 +18,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 #    git clone --depth=1 https://github.com/SecureAuthCorp/HoneySAP /opt/honeysap && \
    git clone --depth=1 https://github.com/t3chn0m4g3/HoneySAP /opt/honeysap && \
    cd /opt/honeysap && \
    git checkout a3c355a710d399de9d543659a685effaa70e683d && \
    mkdir conf && \
    cp /root/dist/* conf/ && \
    python setup.py install && \
--- a/docker/honeysap/docker-compose.yml
+++ b/docker/honeysap/docker-compose.yml
@ -14,6 +14,6 @@ services:
     - honeysap_local
    ports:
     - "3299:3299"
-    image: "dtagdevsec/honeysap:2006"
+    image: "ghcr.io/telekom-security/honeysap:2006"
    volumes:
     - /data/honeysap/log:/opt/honeysap/log
--- a/docker/honeytrap/Dockerfile
+++ b/docker/honeytrap/Dockerfile
@ -29,6 +29,7 @@ RUN apt-get update -y && \
    git clone https://github.com/armedpot/honeytrap /root/honeytrap && \
 #    git clone https://github.com/t3chn0m4g3/honeytrap /root/honeytrap && \
    cd /root/honeytrap/ && \
    git checkout 9aa4f734f2ea2f0da790b02d79afe18204a23982 && \
    autoreconf -vfi && \
    ./configure \
      --with-stream-mon=nfq \
--- a/docker/honeytrap/docker-compose.yml
+++ b/docker/honeytrap/docker-compose.yml
@ -12,7 +12,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "dtagdevsec/honeytrap:2006"
+    image: "ghcr.io/telekom-security/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
--- a/docker/ipphoney/Dockerfile
+++ b/docker/ipphoney/Dockerfile
@ -0,0 +1,49 @@
 FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Install packages
 RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    apk -U add \
             build-base \
 	     ca-certificates \
             git \
 	     libcap \
             libffi-dev \
 	     openssl \
             openssl-dev \
 	     postgresql-dev \
             py3-mysqlclient \
             py3-requests \
 	     py3-pip \
             python3 \
             python3-dev && \
    mkdir -p /opt && \
    cd /opt/ && \
    git clone https://gitlab.com/bontchev/ipphoney.git/ && \
    cd ipphoney && \
    git checkout db8c6e91bff27b5c376339c5effbb45355897ab5 && \
    pip3 install -r requirements.txt && \
    setcap cap_net_bind_service=+ep /usr/bin/python3.8 && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 ipphoney && \
    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 ipphoney && \
    mv /root/dist/honeypot.cfg /opt/ipphoney/etc/ && \
 #
 # Clean up
    apk del --purge build-base \
                    git \
                    libffi-dev \
 		    openssl-dev \
 		    postgresql-dev \
 		    python3-dev && \
    rm -rf /root/* && \
    rm -rf /var/cache/apk/*
 #
 # Start ipphoney
 STOPSIGNAL SIGINT
 USER ipphoney:ipphoney
 WORKDIR /opt/ipphoney/
 CMD ["/usr/bin/python3","ipphoney.py"]
--- a/docker/ipphoney/dist/honeypot.cfg
+++ b/docker/ipphoney/dist/honeypot.cfg
@ -0,0 +1,312 @@
 # DO NOT EDIT THIS FILE!
 # Changes to default files will be lost on update and are difficult to
 # manage and support.
 #
 # Please make any changes to system defaults by overriding them in
 # honeypot.cfg
 #
 # To override a specific setting, copy the name of the stanza and
 # setting to the file where you wish to override it.
 # ============================================================================
 # General Honeypot Options
 # ============================================================================
 [honeypot]
 # Sensor name is used to identify this honeypot instance. Used by the database
 # logging modules such as JSON.
 #
 # If not specified, the logging modules will instead use the host name of the
 # server as the sensor name.
 #
 # (default: the name of the local machine)
 #sensor_name = myhostname
 # Name of the web server on the simulated printer.
 #
 # (default: Lexmark_Web_Server)
 server_name = Lexmark_Web_Server
 # Directory where to save log files in.
 # Log files are <log_filename>.YYYY-MM-DD in that directory
 #
 # (default: log)
 log_path = log
 # Log file name
 #
 # (default: stdout)
 #log_filename =
 # Directory containing the response files
 #
 # (default: responses)
 #responses_dir = responses
 # Directory where to save downloaded artifacts in.
 #
 # (default: dl)
 #download_path = dl
 # Whether to save the files sent for printing
 # (default: true)
 #download_files = true
 # Maximum file size (in bytes) for downloaded files to be stored in 'download_path'.
 # A value of 0 means no limit. If the file size is known to be too big from the start,
 # the file will not be stored on disk at all.
 #
 # (default: 0)
 #download_limit_size = 0
 # ============================================================================
 # Network Specific Options
 # ============================================================================
 # Port to listen for incoming connections.
 #
 # (default: 631)
 #listen_port = 631
 # Site to query for one's public IP address
 #
 # (default: https://ident.me)
 #public_ip_url = https://ident.me
 # Enable to log the public IP of the honeypot (useful if listening on 127.0.0.1)
 # IP address is obtained by querying public_ip_url
 #
 # (default: false)
 #report_public_ip = false
 # ============================================================================
 # Output Plugins
 # These provide an extensible mechanism to send audit log entries to third
 # parties. The audit entries contain information on clients connecting to
 # the honeypot.
 #
 # Output entries need to start with 'output_' and have the 'enabled' entry.
 # ============================================================================
 # CouchDB logging module
 #
 #[output_couch]
 #enabled = false
 #host = localhost
 #port = 5984
 #username = ipphoney
 #password = secret
 #database = ipphoney
 #geoip = true
 # Location of the databases used for geolocation
 #geoip_citydb = data/GeoLite2-City.mmdb
 #geoip_asndb = data/GeoLite2-ASN.mmdb
 # Elasticsearch logging module
 #
 #[output_elastic]
 #enabled = false
 #host = localhost
 #port = 9200
 #index = ipphoney
 #
 # type has been deprecated since ES 6.0.0
 # use _doc which is the default type. See
 # https://stackoverflow.com/a/53688626 for
 # more information
 #
 #type = _doc
 #
 # set pipeline = geoip to map src_ip to
 # geo location data. You can use a custom
 # pipeline but you must ensure it exists
 # in elasticsearch.
 #
 #pipeline = geoip
 #
 # Authentication. When x-pack.security is enabled
 # in ES, default users have been created and requests
 # must be authenticated.
 #
 # Credentials
 #
 #username = ipphoney
 #password = secret
 #
 # TLS encryption. Communications between the client (ipphoney) 
 # and the ES server should naturally be protected by encryption
 # if requests are authenticated (to prevent from man-in-the-middle 
 # attacks). The following options are then paramount
 # if username and password are provided.
 #
 # use ssl/tls
 #ssl = true
 # verify SSL certificates
 #verify_certs = true
 # Path to trusted CA certs on disk
 #ca_certs = /path/to/cert/file/elastic_ca.crt
 # HPFeeds
 #
 # Note the lack of "s" at the end:
 [output_hpfeed]
 enabled = false
 #server = hpfeeds.mysite.org
 #tlscert = /path/to/tls/cert/file
 #port = 10000
 #identifier = abc123
 #secret = secret
 #channel = ipphoney
 # InfluxDB 2.0 logging module
 #
 #[output_influx2]
 #enabled = false
 #host = hostname
 #token = token
 #org = organization
 #bucket = ipphoney
 # JSON based logging module
 #
 [output_jsonlog]
 enabled = true
 logfile = log/ipphoney.json
 epoch_timestamp = false
 # MongoDB logging module
 #
 #[output_mongodb]
 #enabled = false
 #host = 127.0.0.1
 #port = 27017
 #username = ipphoney
 #password = secret
 #database = ipphoney
 # Note: .format(username, password, host, port, database) is done
 #  on the following string; make sure that there are 5 placeholders ({}) in it
 #connection_string = mongodb://{}:{}@{}:{}/{}
 # Whether to store geolocation data in the database
 #geoip = true
 # Location of the databases used for geolocation
 #geoip_citydb = data/GeoLite2-City.mmdb
 #geoip_asndb = data/GeoLite2-ASN.mmdb
 # MySQL logging module
 # Database structure for this module is supplied in docs/sql/mysql.sql
 #
 # MySQL logging requires extra software: sudo apt-get install libmysqlclient-dev
 # MySQL logging requires an extra Python module: pip install mysql-python
 #
 #[output_mysql]
 #enabled = false
 #host = localhost
 #database = ipphoney
 #username = ipphoney
 #password = secret
 #port = 3306
 #debug = false
 # Whether to store geolocation data in the database
 #geoip = true
 # Location of the databases used for geolocation
 #geoip_citydb = data/GeoLite2-City.mmdb
 #geoip_asndb = data/GeoLite2-ASN.mmdb
 # PostgreSQL logging module
 #
 #[output_postgres]
 #enabled = false
 #host = hostname
 #username = ipphoney
 #password = secret
 #port = 5432
 #database = ipphoney
 #debug = false
 # Whether to store geolocation data in the database
 #geoip = true
 # Location of the databases used for geolocation
 #geoip_citydb = data/GeoLite2-City.mmdb
 #geoip_asndb = data/GeoLite2-ASN.mmdb
 # RedisDB logging module
 #
 #[output_redisdb]
 #enabled = false
 #host = 127.0.0.1
 #port = 6379
 # DB of the redis server. Defaults to 0
 #db = 0
 # Password of the redis server. Defaults to None
 #password = secret
 # Name of the list to push to or the channel to publish to. Required
 #keyname = ipphoney
 # Method to use when sending data to redis.
 # Can be one of [lpush, rpush, publish]. Defaults to lpush
 #send_method = lpush
 # SQLite3 logging module
 #
 # Logging to SQLite3 database. To init the database, use the script
 # docs/sql/sqlite3.sql:
 #     sqlite3 <db_file> < docs/sql/sqlite3.sql
 #
 #[output_sqlite]
 #enabled = false
 #debug = false
 #db_file = data/ipphoney.db
 # Whether to store geolocation data in the database
 #geoip = true
 # Location of the databases used for geolocation
 #geoip_citydb = data/GeoLite2-City.mmdb
 #geoip_asndb = data/GeoLite2-ASN.mmdb
 # Local Syslog output module
 #
 # This sends log messages to the local syslog daemon.
 #
 #[output_localsyslog]
 #enabled = false
 # Facility can be:
 # KERN, USER, MAIL, DAEMON, AUTH, LPR, NEWS, UUCP, CRON, SYSLOG and LOCAL0 to LOCAL7.
 #
 # default: USER
 #facility = USER
 # Text output
 # This writes audit log entries to a text file
 #
 #[output_textlog]
 #enabled = false
 #logfile = log/ipphoney.txt
 # TODO:
 # Rethinkdb output module
 #
 #[output_rethinkdblog]
 #enabled = false
 #host = 127.0.0.1
 #port = 28015
 #table = events
 #db = ipphoney
 #password =
 # InfluxDB logging module
 #
 #[output_influx]
 #enabled = false
 #host = 127.0.0.1
 #port = 8086
 #database_name = ipphoney
 #retention_policy_duration = 12w
 # Kafka logging module
 #
 #[output_kafka]
 #enabled = false
 #host = 127.0.0.1
 #port = 9092
 #topic = ipphoney
--- a/docker/ipphoney/docker-compose.yml
+++ b/docker/ipphoney/docker-compose.yml
@ -0,0 +1,20 @@
 version: '2.3'
 networks:
  ipphoney_local:
 services:
 # Ipphoney service
  ipphoney:
    build: .
    container_name: ipphoney
    restart: always
    networks:
     - ipphoney_local
    ports:
     - "631:631"
    image: "ghcr.io/telekom-security/ipphoney:2006"
    read_only: true
    volumes:
     - /data/ipphoney/log:/opt/ipphoney/log
--- a/docker/mailoney/Dockerfile
+++ b/docker/mailoney/Dockerfile
@ -13,8 +13,9 @@ RUN apk -U --no-cache add \
            python-dev && \
 #
 # Install libemu    
-    git clone --depth=1 https://github.com/buffer/libemu /root/libemu/ && \
+    git clone https://github.com/buffer/libemu /root/libemu/ && \
    cd /root/libemu/ && \
    git checkout e2624361e13588da74a2ce3e1dea0abb59dcf1d0 && \
    autoreconf -vi && \
    ./configure && \
    make && \
@ -26,7 +27,9 @@ RUN apk -U --no-cache add \
                        pylibemu && \ 
 #
 # Install mailoney from git
-    git clone --depth=1 https://github.com/t3chn0m4g3/mailoney /opt/mailoney && \
+    git clone https://github.com/t3chn0m4g3/mailoney /opt/mailoney && \
    cd /opt/mailoney && \
    git checkout 85c37649a99e1cec3f8d48d509653c9a8127ea4f && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 mailoney && \
--- a/docker/mailoney/docker-compose.yml
+++ b/docker/mailoney/docker-compose.yml
@ -20,7 +20,7 @@ services:
     - mailoney_local
    ports:
     - "25:25"
-    image: "dtagdevsec/mailoney:2006"
+    image: "ghcr.io/telekom-security/mailoney:2006"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
--- a/docker/medpot/Dockerfile
+++ b/docker/medpot/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Setup apk
 RUN apk -U --no-cache add \
@ -12,6 +12,9 @@ RUN apk -U --no-cache add \
    mkdir -p /opt/go/src && \
    cd /opt/go/src && \
    git clone https://github.com/schmalle/medpot && \
    cd medpot && \
    git checkout 75a2e6134cf926c35b6017d62542274434c87388 && \
    cd .. && \
    go get -d -v github.com/davecgh/go-spew/spew && \
    go get -d -v github.com/go-ini/ini && \
    go get -d -v github.com/mozillazg/request && \
--- a/docker/medpot/docker-compose.yml
+++ b/docker/medpot/docker-compose.yml
@ -14,7 +14,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "dtagdevsec/medpot:2006"
+    image: "ghcr.io/telekom-security/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
--- a/docker/p0f/Dockerfile
+++ b/docker/p0f/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Add source
 ADD . /opt/p0f
@ -29,7 +29,7 @@ RUN apk -U --no-cache add \
    rm -rf /root/* && \
    rm -rf /var/cache/apk/*
 #
-# Start suricata
+# Start p0f
 WORKDIR /opt/p0f
 USER p0f:p0f
 CMD exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) > /dev/null
--- a/docker/p0f/README.md
+++ b/docker/p0f/README.md
@ -1,11 +0,0 @@
 [![](https://images.microbadger.com/badges/version/dtagdevsec/p0f:1804.svg)](https://microbadger.com/images/dtagdevsec/p0f:1804 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/p0f:1804.svg)](https://microbadger.com/images/dtagdevsec/p0f:1804 "Get your own image badge on microbadger.com")
 # p0f
 [p0f](http://lcamtuf.coredump.cx/p0f3/) P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way.
 This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
 The `Dockerfile` contains the blueprint for the dockerized p0f and will be used to setup the docker image.
 The `docker-compose.yml` contains the necessary settings to test p0f using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
--- a/docker/p0f/docker-compose.yml
+++ b/docker/p0f/docker-compose.yml
@ -8,7 +8,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "dtagdevsec/p0f:2006"
+    image: "ghcr.io/telekom-security/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
--- a/docker/rdpy/Dockerfile
+++ b/docker/rdpy/Dockerfile
@ -34,8 +34,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Install rdpy from git
    mkdir -p /opt && \
    cd /opt && \
-    git clone --depth=1 https://github.com/t3chn0m4g3/rdpy && \
+    git clone https://github.com/t3chn0m4g3/rdpy && \
    cd rdpy && \
    git checkout 1d2a4132aefe0637d09cac1a6ab83ec5391f40ca && \
    python setup.py install && \
 #
 # Setup user, groups and configs
--- a/docker/rdpy/docker-compose.yml
+++ b/docker/rdpy/docker-compose.yml
@ -22,7 +22,7 @@ services:
     - rdpy_local
    ports:
     - "3389:3389"
-    image: "dtagdevsec/rdpy:2006"
+    image: "ghcr.io/telekom-security/rdpy:2006"
    read_only: true
    volumes:
     - /data/rdpy/log:/var/log/rdpy
--- a/docker/spiderfoot/Dockerfile
+++ b/docker/spiderfoot/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Get and install dependencies & packages
 RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
@ -33,7 +33,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    adduser -S -s /bin/ash -u 2000 -D -g 2000 spiderfoot && \
 #
 # Install spiderfoot 
-    git clone --depth=1 https://github.com/smicallef/spiderfoot /home/spiderfoot && \
+    git clone --depth=1 -b v3.1 https://github.com/smicallef/spiderfoot /home/spiderfoot && \
    cd /home/spiderfoot && \
    pip3 install --no-cache-dir wheel && \ 
    pip3 install --no-cache-dir -r requirements.txt && \ 
--- a/docker/spiderfoot/docker-compose.yml
+++ b/docker/spiderfoot/docker-compose.yml
@ -14,6 +14,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "dtagdevsec/spiderfoot:2006"
+    image: "ghcr.io/telekom-security/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/docker/suricata/Dockerfile
+++ b/docker/suricata/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
@ -9,6 +9,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
                 ca-certificates \
                 curl \
                 file \
 		 hiredis \
                 libcap \
                 wget && \
    apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
--- a/docker/suricata/docker-compose.yml
+++ b/docker/suricata/docker-compose.yml
@ -15,6 +15,6 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/suricata:2006"
+    image: "ghcr.io/telekom-security/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata
--- a/docker/tanner/docker-compose.yml
+++ b/docker/tanner/docker-compose.yml
@ -14,7 +14,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/redis:2006"
+    image: "ghcr.io/telekom-security/redis:2006"
    read_only: true
 # PHP Sandbox service
@ -28,7 +28,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/phpox:2006"
+    image: "ghcr.io/telekom-security/phpox:2006"
    read_only: true
 # Tanner API Service
@ -42,7 +42,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
@ -63,7 +63,7 @@ services:
     - tanner_local
 #    ports:
 #     - "127.0.0.1:8091:8091"
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
    command: tannerweb
    read_only: true
    volumes:
@ -82,7 +82,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
    command: tanner
    read_only: true
    volumes:
@ -104,6 +104,6 @@ services:
     - tanner_local
    ports:
     - "80:80"
-    image: "dtagdevsec/snare:2006"
+    image: "ghcr.io/telekom-security/snare:2006"
    depends_on:
     - tanner
--- a/docker/tanner/phpox/Dockerfile
+++ b/docker/tanner/phpox/Dockerfile
@ -15,8 +15,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
               re2c && \
 #
 # Install bfr sandbox from git
-    git clone --depth=1 https://github.com/mushorg/BFR /opt/BFR && \
+    git clone https://github.com/mushorg/BFR /opt/BFR && \
    cd /opt/BFR && \
    git checkout 508729202428a35bcc6bb27dd97b831f7e5009b5 && \
    phpize7 && \
    ./configure \
      --with-php-config=/usr/bin/php-config7 \
@ -28,8 +29,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    echo "zend_extension = "$(find /usr -name bfr.so) >> /etc/php7/php.ini && \
 #
 # Install PHP Sandbox
-    git clone --depth=1 https://github.com/mushorg/phpox /opt/phpox && \
+    git clone https://github.com/mushorg/phpox /opt/phpox && \
    cd /opt/phpox && \
    git checkout 001437b9ed3e228fac3828e18fe90991a330578d && \
    pip3 install -r requirements.txt && \
    make && \
 #
--- a/docker/tanner/snare/Dockerfile
+++ b/docker/tanner/snare/Dockerfile
@ -13,8 +13,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
               python3-dev && \ 
 #
 # Setup Snare 
-    git clone --depth=1 https://github.com/mushorg/snare /opt/snare && \
+    git clone https://github.com/mushorg/snare /opt/snare && \
    cd /opt/snare/ && \
    git checkout 7762b762b272f0599c16e11ef997c37d2899d33e && \
    pip3 install --no-cache-dir setuptools && \
    pip3 install --no-cache-dir -r requirements.txt && \
    python3 setup.py install && \
--- a/docker/tanner/tanner/Dockerfile
+++ b/docker/tanner/tanner/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:3.12
 #
 # Include dist
 ADD dist/ /root/dist/
@ -18,10 +18,11 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
               python3-dev && \ 
 #
 # Setup Tanner
-    git clone --depth=1 https://github.com/mushorg/tanner /opt/tanner && \
+    git clone https://github.com/mushorg/tanner /opt/tanner && \
    cd /opt/tanner/ && \
 #    git fetch origin pull/364/head:test && \	
 #    git checkout test && \
    git checkout 40e2357119065445cbb06234e953a95e5a73ce93 && \
    cp /root/dist/config.yaml /opt/tanner/tanner/data && \
    pip3 install --no-cache-dir setuptools && \
    pip3 install --no-cache-dir -r requirements.txt && \
--- a/etc/compose/collector.yml
+++ b/etc/compose/collector.yml
@ -38,7 +38,7 @@ services:
     - "3389:3389"
     - "5432:5432"
     - "5900:5900"
-    image: "dtagdevsec/heralding:2006"
+    image: "ghcr.io/telekom-security/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -52,7 +52,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "dtagdevsec/honeytrap:2006"
+    image: "ghcr.io/telekom-security/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
@ -73,7 +73,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/fatt:2006"
+    image: "ghcr.io/telekom-security/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log
@ -82,7 +82,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "dtagdevsec/p0f:2006"
+    image: "ghcr.io/telekom-security/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -99,7 +99,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/suricata:2006"
+    image: "ghcr.io/telekom-security/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata
@ -116,7 +116,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2006"
+    image: "ghcr.io/telekom-security/cyberchef:2006"
    read_only: true
 #### ELK
@ -140,7 +140,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "ghcr.io/telekom-security/elasticsearch:2006"
    volumes:
     - /data:/data
@ -153,18 +153,20 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:2006"
+    image: "ghcr.io/telekom-security/kibana:2006"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/logstash:2006"
+    image: "ghcr.io/telekom-security/logstash:2006"
    volumes:
     - /data:/data
@ -177,7 +179,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:2006"
+    image: "ghcr.io/telekom-security/head:2006"
    read_only: true
 # Ewsposter service
@ -197,7 +199,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/ewsposter:2006"
+    image: "ghcr.io/telekom-security/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -225,7 +227,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "dtagdevsec/nginx:2006"
+    image: "ghcr.io/telekom-security/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -243,6 +245,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "dtagdevsec/spiderfoot:2006"
+    image: "ghcr.io/telekom-security/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/compose/industrial.yml
+++ b/etc/compose/industrial.yml
@ -48,7 +48,7 @@ services:
     - "21:21"
     - "44818:44818"
     - "47808:47808"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -70,7 +70,7 @@ services:
    ports:
 #     - "161:161"
     - "2404:2404"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -91,7 +91,7 @@ services:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -112,7 +112,7 @@ services:
     - conpot_local_ipmi
    ports:
     - "623:623"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -134,7 +134,7 @@ services:
    ports:
     - "1025:1025"
     - "50100:50100"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -151,7 +151,7 @@ services:
    ports:
     - "22:22"
     - "23:23"
-    image: "dtagdevsec/cowrie:2006"
+    image: "ghcr.io/telekom-security/cowrie:2006"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
@ -170,7 +170,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "dtagdevsec/dicompot:2006"
+    image: "ghcr.io/telekom-security/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -199,7 +199,7 @@ services:
    # - "3389:3389"
    # - "5432:5432"
     - "5900:5900"
-    image: "dtagdevsec/heralding:2006"
+    image: "ghcr.io/telekom-security/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -212,7 +212,7 @@ services:
     - honeysap_local
    ports:
     - "3299:3299"
-    image: "dtagdevsec/honeysap:2006"
+    image: "ghcr.io/telekom-security/honeysap:2006"
    volumes:
     - /data/honeysap/log:/opt/honeysap/log
@ -225,7 +225,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "dtagdevsec/honeytrap:2006"
+    image: "ghcr.io/telekom-security/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
@ -240,7 +240,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "dtagdevsec/medpot:2006"
+    image: "ghcr.io/telekom-security/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -261,7 +261,7 @@ services:
     - rdpy_local
    ports:
     - "3389:3389"
-    image: "dtagdevsec/rdpy:2006"
+    image: "ghcr.io/telekom-security/rdpy:2006"
    read_only: true
    volumes:
     - /data/rdpy/log:/var/log/rdpy
@ -280,7 +280,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/fatt:2006"
+    image: "ghcr.io/telekom-security/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log
@ -289,7 +289,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "dtagdevsec/p0f:2006"
+    image: "ghcr.io/telekom-security/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -306,7 +306,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/suricata:2006"
+    image: "ghcr.io/telekom-security/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata
@ -323,7 +323,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2006"
+    image: "ghcr.io/telekom-security/cyberchef:2006"
    read_only: true
 #### ELK
@ -347,7 +347,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "ghcr.io/telekom-security/elasticsearch:2006"
    volumes:
     - /data:/data
@ -360,18 +360,20 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:2006"
+    image: "ghcr.io/telekom-security/kibana:2006"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/logstash:2006"
+    image: "ghcr.io/telekom-security/logstash:2006"
    volumes:
     - /data:/data
@ -384,7 +386,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:2006"
+    image: "ghcr.io/telekom-security/head:2006"
    read_only: true
 # Ewsposter service
@ -404,7 +406,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/ewsposter:2006"
+    image: "ghcr.io/telekom-security/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -432,7 +434,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "dtagdevsec/nginx:2006"
+    image: "ghcr.io/telekom-security/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -450,6 +452,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "dtagdevsec/spiderfoot:2006"
+    image: "ghcr.io/telekom-security/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/compose/medical.yml
+++ b/etc/compose/medical.yml
@ -26,7 +26,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "dtagdevsec/dicompot:2006"
+    image: "ghcr.io/telekom-security/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -40,7 +40,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "dtagdevsec/medpot:2006"
+    image: "ghcr.io/telekom-security/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -58,7 +58,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/fatt:2006"
+    image: "ghcr.io/telekom-security/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log
@ -67,7 +67,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "dtagdevsec/p0f:2006"
+    image: "ghcr.io/telekom-security/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -84,7 +84,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/suricata:2006"
+    image: "ghcr.io/telekom-security/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata
@ -101,7 +101,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2006"
+    image: "ghcr.io/telekom-security/cyberchef:2006"
    read_only: true
 #### ELK
@ -125,7 +125,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "ghcr.io/telekom-security/elasticsearch:2006"
    volumes:
     - /data:/data
@ -138,18 +138,20 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:2006"
+    image: "ghcr.io/telekom-security/kibana:2006"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/logstash:2006"
+    image: "ghcr.io/telekom-security/logstash:2006"
    volumes:
     - /data:/data
@ -162,7 +164,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:2006"
+    image: "ghcr.io/telekom-security/head:2006"
    read_only: true
 # Ewsposter service
@ -182,7 +184,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/ewsposter:2006"
+    image: "ghcr.io/telekom-security/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -210,7 +212,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "dtagdevsec/nginx:2006"
+    image: "ghcr.io/telekom-security/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -228,6 +230,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "dtagdevsec/spiderfoot:2006"
+    image: "ghcr.io/telekom-security/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/compose/nextgen.yml
+++ b/etc/compose/nextgen.yml
@ -18,6 +18,7 @@ networks:
  heralding_local:
  honeypy_local:
  honeysap_local:
  ipphoney_local:
  mailoney_local:
  medpot_local:
  rdpy_local:
@ -39,7 +40,7 @@ services:
     - adbhoney_local
    ports:
     - "5555:5555"
-    image: "dtagdevsec/adbhoney:2006"
+    image: "ghcr.io/telekom-security/adbhoney:2006"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
@ -56,7 +57,7 @@ services:
    ports:
     - "5000:5000/udp"
     - "8443:8443"
-    image: "dtagdevsec/ciscoasa:2006"
+    image: "ghcr.io/telekom-security/ciscoasa:2006"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
@ -69,7 +70,7 @@ services:
     - citrixhoneypot_local
    ports:
     - "443:443"
-    image: "dtagdevsec/citrixhoneypot:2006"
+    image: "ghcr.io/telekom-security/citrixhoneypot:2006"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs       
@ -91,7 +92,7 @@ services:
    ports:
     - "161:161"
     - "2404:2404"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -112,7 +113,7 @@ services:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -133,7 +134,7 @@ services:
     - conpot_local_ipmi
    ports:
     - "623:623"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -155,7 +156,7 @@ services:
    ports:
     - "1025:1025"
     - "50100:50100"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -172,7 +173,7 @@ services:
    ports:
     - "22:22"
     - "23:23"
-    image: "dtagdevsec/cowrie:2006"
+    image: "ghcr.io/telekom-security/cowrie:2006"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
@ -191,7 +192,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "dtagdevsec/dicompot:2006"
+    image: "ghcr.io/telekom-security/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -222,7 +223,7 @@ services:
     - "5060:5060/udp"
     - "5061:5061"
     - "27017:27017"
-    image: "dtagdevsec/dionaea:2006"
+    image: "ghcr.io/telekom-security/dionaea:2006"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
@ -242,7 +243,7 @@ services:
     - elasticpot_local
    ports:
     - "9200:9200"
-    image: "dtagdevsec/elasticpot:2006"
+    image: "ghcr.io/telekom-security/elasticpot:2006"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
@ -257,7 +258,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "dtagdevsec/glutton:2006"
+    image: "ghcr.io/telekom-security/glutton:2006"
    read_only: true
    volumes:
     - /data/glutton/log:/var/log/glutton
@ -287,7 +288,7 @@ services:
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
-    image: "dtagdevsec/heralding:2006"
+    image: "ghcr.io/telekom-security/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -306,7 +307,7 @@ services:
     - "2324:2324"
     - "4096:4096"
    # - "9200:9200"
-    image: "dtagdevsec/honeypy:2006"
+    image: "ghcr.io/telekom-security/honeypy:2006"
    read_only: true
    volumes:
     - /data/honeypy/log:/opt/honeypy/log
@ -319,10 +320,23 @@ services:
     - honeysap_local
    ports:
     - "3299:3299"
-    image: "dtagdevsec/honeysap:2006"
+    image: "ghcr.io/telekom-security/honeysap:2006"
    volumes:
     - /data/honeysap/log:/opt/honeysap/log
 # Ipphoney service
  ipphoney:
    container_name: ipphoney
    restart: always
    networks:
     - ipphoney_local
    ports:
     - "631:631"
    image: "ghcr.io/telekom-security/ipphoney:2006"
    read_only: true
    volumes:
     - /data/ipphoney/log:/opt/ipphoney/log
 # Mailoney service
  mailoney:
    container_name: mailoney
@ -337,7 +351,7 @@ services:
     - mailoney_local
    ports:
     - "25:25"
-    image: "dtagdevsec/mailoney:2006"
+    image: "ghcr.io/telekom-security/mailoney:2006"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
@ -350,7 +364,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "dtagdevsec/medpot:2006"
+    image: "ghcr.io/telekom-security/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -371,7 +385,7 @@ services:
     - rdpy_local
    ports:
     - "3389:3389"
-    image: "dtagdevsec/rdpy:2006"
+    image: "ghcr.io/telekom-security/rdpy:2006"
    read_only: true
    volumes:
     - /data/rdpy/log:/var/log/rdpy
@ -384,7 +398,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/redis:2006"
+    image: "ghcr.io/telekom-security/redis:2006"
    read_only: true
 ## PHP Sandbox service
@ -394,7 +408,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/phpox:2006"
+    image: "ghcr.io/telekom-security/phpox:2006"
    read_only: true
 ## Tanner API Service
@ -406,7 +420,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
@ -423,7 +437,7 @@ services:
 #    tty: true
 #    networks:
 #     - tanner_local
-#    image: "dtagdevsec/tanner:2006"
+#    image: "ghcr.io/telekom-security/tanner:2006"
 #    command: tannerweb
 #    read_only: true
 #    volumes:
@ -440,7 +454,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
    command: tanner
    read_only: true
    volumes:
@ -460,7 +474,7 @@ services:
     - tanner_local
    ports:
     - "80:80"
-    image: "dtagdevsec/snare:2006"
+    image: "ghcr.io/telekom-security/snare:2006"
    depends_on:
     - tanner
@ -478,7 +492,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/fatt:2006"
+    image: "ghcr.io/telekom-security/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log
@ -487,7 +501,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "dtagdevsec/p0f:2006"
+    image: "ghcr.io/telekom-security/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -504,7 +518,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/suricata:2006"
+    image: "ghcr.io/telekom-security/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata
@ -521,7 +535,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2006"
+    image: "ghcr.io/telekom-security/cyberchef:2006"
    read_only: true
 #### ELK
@ -545,7 +559,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "ghcr.io/telekom-security/elasticsearch:2006"
    volumes:
     - /data:/data
@ -558,18 +572,20 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:2006"
+    image: "ghcr.io/telekom-security/kibana:2006"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/logstash:2006"
+    image: "ghcr.io/telekom-security/logstash:2006"
    volumes:
     - /data:/data
@ -582,7 +598,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:2006"
+    image: "ghcr.io/telekom-security/head:2006"
    read_only: true
 # Ewsposter service
@ -602,7 +618,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/ewsposter:2006"
+    image: "ghcr.io/telekom-security/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -630,7 +646,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "dtagdevsec/nginx:2006"
+    image: "ghcr.io/telekom-security/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -648,6 +664,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "dtagdevsec/spiderfoot:2006"
+    image: "ghcr.io/telekom-security/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/compose/sensor.yml
+++ b/etc/compose/sensor.yml
@ -37,7 +37,7 @@ services:
     - adbhoney_local
    ports:
     - "5555:5555"
-    image: "dtagdevsec/adbhoney:2006"
+    image: "ghcr.io/telekom-security/adbhoney:2006"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
@ -54,7 +54,7 @@ services:
    ports:
     - "5000:5000/udp"
     - "8443:8443"
-    image: "dtagdevsec/ciscoasa:2006"
+    image: "ghcr.io/telekom-security/ciscoasa:2006"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
@ -67,7 +67,7 @@ services:
     - citrixhoneypot_local
    ports:
     - "443:443"
-    image: "dtagdevsec/citrixhoneypot:2006"
+    image: "ghcr.io/telekom-security/citrixhoneypot:2006"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
@ -89,7 +89,7 @@ services:
    ports:
     - "161:161"
     - "2404:2404"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -110,7 +110,7 @@ services:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -131,7 +131,7 @@ services:
     - conpot_local_ipmi
    ports:
     - "623:623"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -153,7 +153,7 @@ services:
    ports:
     - "1025:1025"
     - "50100:50100"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -170,7 +170,7 @@ services:
    ports:
     - "22:22"
     - "23:23"
-    image: "dtagdevsec/cowrie:2006"
+    image: "ghcr.io/telekom-security/cowrie:2006"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
@ -189,7 +189,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "dtagdevsec/dicompot:2006"
+    image: "ghcr.io/telekom-security/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -220,7 +220,7 @@ services:
     - "5060:5060/udp"
     - "5061:5061"
     - "27017:27017"
-    image: "dtagdevsec/dionaea:2006"
+    image: "ghcr.io/telekom-security/dionaea:2006"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
@ -240,7 +240,7 @@ services:
     - elasticpot_local
    ports:
     - "9200:9200"
-    image: "dtagdevsec/elasticpot:2006"
+    image: "ghcr.io/telekom-security/elasticpot:2006"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
@ -269,7 +269,7 @@ services:
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
-    image: "dtagdevsec/heralding:2006"
+    image: "ghcr.io/telekom-security/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -288,7 +288,7 @@ services:
     - "2324:2324"
     - "4096:4096"
    # - "9200:9200"
-    image: "dtagdevsec/honeypy:2006"
+    image: "ghcr.io/telekom-security/honeypy:2006"
    read_only: true
    volumes:
     - /data/honeypy/log:/opt/honeypy/log
@ -301,7 +301,7 @@ services:
     - honeysap_local
    ports:
     - "3299:3299"
-    image: "dtagdevsec/honeysap:2006"
+    image: "ghcr.io/telekom-security/honeysap:2006"
    volumes:
     - /data/honeysap/log:/opt/honeysap/log
@ -314,7 +314,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "dtagdevsec/honeytrap:2006"
+    image: "ghcr.io/telekom-security/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
@ -335,7 +335,7 @@ services:
     - mailoney_local
    ports:
     - "25:25"
-    image: "dtagdevsec/mailoney:2006"
+    image: "ghcr.io/telekom-security/mailoney:2006"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
@ -348,7 +348,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "dtagdevsec/medpot:2006"
+    image: "ghcr.io/telekom-security/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -369,7 +369,7 @@ services:
     - rdpy_local
    ports:
     - "3389:3389"
-    image: "dtagdevsec/rdpy:2006"
+    image: "ghcr.io/telekom-security/rdpy:2006"
    read_only: true
    volumes:
     - /data/rdpy/log:/var/log/rdpy
@ -382,7 +382,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/redis:2006"
+    image: "ghcr.io/telekom-security/redis:2006"
    read_only: true
 ## PHP Sandbox service
@ -392,7 +392,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/phpox:2006"
+    image: "ghcr.io/telekom-security/phpox:2006"
    read_only: true
 ## Tanner API Service
@ -404,7 +404,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
@ -421,7 +421,7 @@ services:
 #    tty: true
 #    networks:
 #     - tanner_local
-#    image: "dtagdevsec/tanner:2006"
+#    image: "ghcr.io/telekom-security/tanner:2006"
 #    command: tannerweb
 #    read_only: true
 #    volumes:
@ -438,7 +438,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
    command: tanner
    read_only: true
    volumes:
@ -458,7 +458,7 @@ services:
     - tanner_local
    ports:
     - "80:80"
-    image: "dtagdevsec/snare:2006"
+    image: "ghcr.io/telekom-security/snare:2006"
    depends_on:
     - tanner
@ -476,7 +476,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/fatt:2006"
+    image: "ghcr.io/telekom-security/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log
@ -485,7 +485,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "dtagdevsec/p0f:2006"
+    image: "ghcr.io/telekom-security/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -502,7 +502,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/suricata:2006"
+    image: "ghcr.io/telekom-security/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata
@ -528,7 +528,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/ewsposter:2006"
+    image: "ghcr.io/telekom-security/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
--- a/etc/compose/standard.yml
+++ b/etc/compose/standard.yml
@ -37,7 +37,7 @@ services:
     - adbhoney_local
    ports:
     - "5555:5555"
-    image: "dtagdevsec/adbhoney:2006"
+    image: "ghcr.io/telekom-security/adbhoney:2006"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
@ -53,7 +53,7 @@ services:
    ports:
     - "5000:5000/udp"
     - "8443:8443"
-    image: "dtagdevsec/ciscoasa:2006"
+    image: "ghcr.io/telekom-security/ciscoasa:2006"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
@ -66,7 +66,7 @@ services:
     - citrixhoneypot_local
    ports:
     - "443:443"
-    image: "dtagdevsec/citrixhoneypot:2006"
+    image: "ghcr.io/telekom-security/citrixhoneypot:2006"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
@ -88,7 +88,7 @@ services:
    ports:
     - "161:161"
     - "2404:2404"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -109,7 +109,7 @@ services:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -130,7 +130,7 @@ services:
     - conpot_local_ipmi
    ports:
     - "623:623"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -152,7 +152,7 @@ services:
    ports:
     - "1025:1025"
     - "50100:50100"
-    image: "dtagdevsec/conpot:2006"
+    image: "ghcr.io/telekom-security/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -169,7 +169,7 @@ services:
    ports:
     - "22:22"
     - "23:23"
-    image: "dtagdevsec/cowrie:2006"
+    image: "ghcr.io/telekom-security/cowrie:2006"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
@ -188,7 +188,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "dtagdevsec/dicompot:2006"
+    image: "ghcr.io/telekom-security/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -219,7 +219,7 @@ services:
     - "5060:5060/udp"
     - "5061:5061"
     - "27017:27017"
-    image: "dtagdevsec/dionaea:2006"
+    image: "ghcr.io/telekom-security/dionaea:2006"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
@ -239,7 +239,7 @@ services:
     - elasticpot_local
    ports:
     - "9200:9200"
-    image: "dtagdevsec/elasticpot:2006"
+    image: "ghcr.io/telekom-security/elasticpot:2006"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
@ -268,7 +268,7 @@ services:
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
-    image: "dtagdevsec/heralding:2006"
+    image: "ghcr.io/telekom-security/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -281,7 +281,7 @@ services:
     - honeysap_local
    ports:
     - "3299:3299"
-    image: "dtagdevsec/honeysap:2006"
+    image: "ghcr.io/telekom-security/honeysap:2006"
    volumes:
     - /data/honeysap/log:/opt/honeysap/log
@ -294,7 +294,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "dtagdevsec/honeytrap:2006"
+    image: "ghcr.io/telekom-security/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
@ -315,7 +315,7 @@ services:
     - mailoney_local
    ports:
     - "25:25"
-    image: "dtagdevsec/mailoney:2006"
+    image: "ghcr.io/telekom-security/mailoney:2006"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
@ -328,7 +328,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "dtagdevsec/medpot:2006"
+    image: "ghcr.io/telekom-security/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -349,7 +349,7 @@ services:
     - rdpy_local
    ports:
     - "3389:3389"
-    image: "dtagdevsec/rdpy:2006"
+    image: "ghcr.io/telekom-security/rdpy:2006"
    read_only: true
    volumes:
     - /data/rdpy/log:/var/log/rdpy
@ -362,7 +362,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/redis:2006"
+    image: "ghcr.io/telekom-security/redis:2006"
    read_only: true
 ## PHP Sandbox service
@ -372,7 +372,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/phpox:2006"
+    image: "ghcr.io/telekom-security/phpox:2006"
    read_only: true
 ## Tanner API Service
@ -384,7 +384,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
@ -401,7 +401,7 @@ services:
 #    tty: true
 #    networks:
 #     - tanner_local
-#    image: "dtagdevsec/tanner:2006"
+#    image: "ghcr.io/telekom-security/tanner:2006"
 #    command: tannerweb
 #    read_only: true
 #    volumes:
@ -418,7 +418,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "dtagdevsec/tanner:2006"
+    image: "ghcr.io/telekom-security/tanner:2006"
    command: tanner
    read_only: true
    volumes:
@ -438,7 +438,7 @@ services:
     - tanner_local
    ports:
     - "80:80"
-    image: "dtagdevsec/snare:2006"
+    image: "ghcr.io/telekom-security/snare:2006"
    depends_on:
     - tanner
@ -456,7 +456,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/fatt:2006"
+    image: "ghcr.io/telekom-security/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log
@ -465,7 +465,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "dtagdevsec/p0f:2006"
+    image: "ghcr.io/telekom-security/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -482,7 +482,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "dtagdevsec/suricata:2006"
+    image: "ghcr.io/telekom-security/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata
@ -499,7 +499,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2006"
+    image: "ghcr.io/telekom-security/cyberchef:2006"
    read_only: true
 #### ELK
@ -523,7 +523,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:2006"
+    image: "ghcr.io/telekom-security/elasticsearch:2006"
    volumes:
     - /data:/data
@ -536,18 +536,20 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:2006"
+    image: "ghcr.io/telekom-security/kibana:2006"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/logstash:2006"
+    image: "ghcr.io/telekom-security/logstash:2006"
    volumes:
     - /data:/data
@ -560,7 +562,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:2006"
+    image: "ghcr.io/telekom-security/head:2006"
    read_only: true
 # Ewsposter service
@ -580,7 +582,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/ewsposter:2006"
+    image: "ghcr.io/telekom-security/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -608,7 +610,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "dtagdevsec/nginx:2006"
+    image: "ghcr.io/telekom-security/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -626,6 +628,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "dtagdevsec/spiderfoot:2006"
+    image: "ghcr.io/telekom-security/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/logrotate/logrotate.conf
+++ b/etc/logrotate/logrotate.conf
@ -24,6 +24,7 @@
 /data/honeysap/log/*.log
 /data/honeytrap/log/*.log
 /data/honeytrap/log/*.json
 /data/ipphoney/log/*.json
 /data/mailoney/log/*.log
 /data/medpot/log/*.log
 /data/nginx/log/*.log
--- a/etc/objects/elkbase.tgz
+++ b/etc/objects/elkbase.tgz
--- a/etc/objects/kibana-objects.tgz
+++ b/etc/objects/kibana-objects.tgz
--- a/etc/objects/kibana_export.ndjson.zip
+++ b/etc/objects/kibana_export.ndjson.zip
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@ -16,7 +16,7 @@ fi
 myBACKTITLE="T-Pot-Installer"
 myCONF_FILE="/root/installer/iso.conf"
 myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80"
-mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org"
+mySITES="https://ghcr.io https://github.com https://pypi.python.org https://debian.org"
 myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
 myLSB_STABLE_SUPPORTED="stretch buster"
 myLSB_TESTING_SUPPORTED="stable"
@ -167,7 +167,7 @@ myDEL_HOUR=$(($myRANDOM_HOUR+1))
 myPULL_HOUR=$(($myRANDOM_HOUR-2))
 myCRONJOBS="
 # Check if updated images are available and download them
-$myRANDOM_MINUTE $myPULL_HOUR * *      root    docker-compose -f /opt/tpot/etc/tpot.yml pull
+$myRANDOM_MINUTE $myPULL_HOUR * * *      root    docker-compose -f /opt/tpot/etc/tpot.yml pull
 # Delete elasticsearch logstash indices older than 90 days
 $myRANDOM_MINUTE $myDEL_HOUR * * *      root    curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml
@ -704,7 +704,7 @@ hash -r
 if ! [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
  then
    fuBANNER "Cloning T-Pot"
-    git clone https://github.com/dtag-dev-sec/tpotce /opt/tpot
+    git clone https://github.com/telekom-security/tpotce /opt/tpot
 fi
 # Let's create the T-Pot user
@ -810,6 +810,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
         /data/heralding/log \
         /data/honeypy/log \
         /data/honeysap/log \
 	 /data/ipphoney/log \
         /data/mailoney/log \
         /data/medpot/log \
         /data/nginx/{log,heimdall} \
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Marco Ochse	2bac239763	fix version string for update check	2020-09-04 18:59:15 +02:00
Marco Ochse	a90f135f06	Merge pull request #690 from telekom-security/ghcr Move to GitHub Container Registry, Cleanup, Bump ELK stack to 7.9.1	2020-09-04 18:55:54 +02:00
Marco Ochse	adee659baa	Add files via upload	2020-09-04 18:54:40 +02:00
t3chn0m4g3	1e8f6305c9	adjust changelog	2020-09-04 16:40:51 +00:00
t3chn0m4g3	38b792a06e	prepare ghcr for merge	2020-09-04 16:27:05 +00:00
t3chn0m4g3	1ee9c29805	set new container registry, point installer to branch	2020-09-04 13:29:14 +00:00
t3chn0m4g3	2e5639a50b	fix links	2020-09-04 13:01:21 +00:00
listbot	47dca8b835	continue pin / prep images ghcr	2020-09-04 12:37:28 +00:00
listbot	1ac79d6be7	begin prep for move to GitHub Container Registry Start pinning Dockerfiles to specific releases / commits	2020-09-02 15:18:32 +00:00
Marco Ochse	9a7f55bb52	Merge pull request #687 from shaderecker/terraform-otc Update Terraform config for 0.13	2020-08-26 12:14:17 +02:00
Sebastian Haderecker	42852a85ea	Update README.md	2020-08-26 11:46:16 +02:00
Sebastian Haderecker	c33229b53a	Fix variable typo	2020-08-26 11:45:17 +02:00
Sebastian Haderecker	840662da48	Update OTC Debian 10 base image id	2020-08-26 11:21:55 +02:00
Sebastian Haderecker	d8f14d9c9f	AWS: Update required_providers for Terraform 0.13	2020-08-26 11:04:34 +02:00
Sebastian Haderecker	72e4134c86	OTC: Update required_providers for Terraform 0.13	2020-08-26 10:59:39 +02:00
t3chn0m4g3	5b1e07b9c8	finalize objects for ipphoney	2020-08-25 16:12:29 +00:00
t3chn0m4g3	2be185a371	add kibana objects for ipphoney	2020-08-25 15:08:28 +00:00
t3chn0m4g3	54a6a944aa	prep for ipphoney	2020-08-25 12:25:59 +00:00
t3chn0m4g3	b86d2c715b	prep for ipphoney	2020-08-24 21:36:08 +00:00
t3chn0m4g3	8f06b5b499	start prepping for ipphoney	2020-08-24 15:55:50 +00:00
t3chn0m4g3	6ec5a04802	fix deps issue with conpot	2020-08-24 15:55:10 +00:00
t3chn0m4g3	5080151b7c	prep for elk 7.9	2020-08-24 10:35:46 +00:00
t3chn0m4g3	c1f7146800	prep elk stack for 7.9.0	2020-08-20 15:03:16 +00:00
t3chn0m4g3	743616fa09	update conpot to latest working master	2020-08-13 16:30:37 +00:00
t3chn0m4g3	6e18b6f660	bump elasticpot to latest master	2020-08-13 10:37:03 +00:00
t3chn0m4g3	50d67fc286	bump spiderfoot to 3.1 final Fix Spiderfoot issue not showing current scan	2020-08-13 09:06:49 +00:00
t3chn0m4g3	c28642932a	bump elk stack to 7.8.1	2020-08-13 08:34:44 +00:00
t3chn0m4g3	969e269bd1	improve cowrie dashboard, fixes #664	2020-07-09 15:11:32 +00:00
t3chn0m4g3	8af45c9440	prevent cowrie from unwanted log rotation	2020-07-07 00:00:57 +00:00
t3chn0m4g3	6d29f504df	provide fix for #669	2020-07-06 23:30:11 +00:00
Marco Ochse	9b7f100f74	Add testimonial from @robcowart	2020-07-01 11:53:38 +02:00
Marco Ochse	e1485bfd04	Merge pull request #663 from dtag-dev-sec/dev fix crontab	2020-06-30 18:34:34 +02:00
t3chn0m4g3	31c6bc6f96	fix crontab	2020-06-30 16:31:22 +00:00