cleanup

Release 20.06.2
Update CHANGELOG.md
2025-07-02 01:27:27 -04:00 · 2021-02-22 11:21:18 +00:00 · 2021-02-22 10:51:51 +00:00 · 2021-02-19 15:55:22 +01:00 · 2021-02-19 13:02:08 +00:00 · 2021-02-19 10:21:53 +00:00
89 changed files with 1022 additions and 832 deletions
--- a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md
+++ b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md
@ -7,6 +7,8 @@ assignees: ''

 ---

+🗨️ Please post your questions in [Discussions](https://github.com/telekom-security/tpotce/discussions) and keep the issues for **issues**. Thank you 😁.<br>
+
 Before you post your issue make sure it has not been answered yet and provide `basic support information` if you come to the conclusion it is a new issue.

 - 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,82 @@
 # Changelog

+## 20210222
+- **New Release 20.06.2**
+- **Countless Cloud Contributions**
+  - Thanks to @shaderecker
+
+## 20210219
+- **Rebuild Snare, Tanner, Redis, Phpox**
+  - Rebuild images to their latest masters and upgrade Alpine OS to 3.13 where possible.
+- **Bump Elastic Stack to 7.11.1**
+  - Updgrade Elastic Stack Images to 7.11.1 and update License Info to reflect new Elastic License.
+  - Prepare for new release.
+
+## 20210218
+- **Rebuild Conpot, EWSPoster, Cowrie, Glutton, Dionaea**
+  - Rebuild images to their latest masters and upgrade Alpine OS to 3.13 where possible.
+
+## 20210216
+- **Bump Heralding to 1.0.7**
+  - Rebuild and upgrade image to 1.0.7 and upgrade Alpine OS to 3.13.
+  - Enable SMTPS for Heralding.
+- **Rebuild IPPHoney, Fatt, EWSPoster, Spiderfoot**
+  - Rebuild images to their latest masters and upgrade Alpine OS to 3.13 where possible.
+  - Upgrade Spiderfoot to 3.3
+
+## 20210215
+- **Rebuild Dicompot, p0f, Medpot, Honeysap, Heimdall, Elasticpot, Citrixhoneypot, Ciscoasa**
+  - Rebuild images to their latest masters and upgrade Alpine OS to 3.13 where possible.
+
+## 20210212
+- **Rebuild Cyberchef, Adbhoney, Elastic Stack**
+  - Rebuild images to their latest masters and upgrade Alpine OS to 3.13 where possible.
+  - Bump Elastic Stack to 7.11.0
+  - Bump Cyberchef to 9.27.0
+
+## 20210119
+- **Bump Dionaea to 0.11.0**
+  - Upgrade Dionaea to 0.11.0, rebuild image and upgrade Alpine OS to 3.13.
+
+## 20210106
+- **Update Internet IF retrieval**
+  - To be consistent with @adepasquale PR #746 fatt, glutton and p0f Dockerfiles were updated accordingly.
+  - Merge PR #746 from @adepasquale, thank you!
+
+## 20201228
+- **Fix broken SQlite DB**
+  - Fix a broken `app.sqlite` in Heimdall
+- **Avoid ghcr.io because of slow transfers**
+- **Remove netselect-apt**
+  - causes too many unpredictable errors #733 as the latest example
+
+## 20201210
+- **Bump Elastic Stack 7.10.1, EWSPoster to 1.12**
+
+## 20201202
+- **Update Elastic Stack to 7.10.0**
+
+## 20201130
+- **Suricata, use suricata-update for rule management**
+  - As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload.
+  - Thanks to @adepasquale!
+
+## 20201126
+- **Suricata, update suricata.yaml for 6.x**
+  - Merge in the latest updates from suricata-6.0.x while at the same time keeping the custom T-Pot configuration.
+  - Thanks to @adepasquale!
+- **Bump Cowrie to 2.2.0**
+
+## 20201028
+- **Bump Suricata to 5.0.4, Spiderfoot to 3.2.1, Dionaea to 0.9.2, IPPHoney, Heralding, Conpot to latest masters**
+
+## 20201027
+- **Bump Dicompot to latest master, Elastic Stack to 7.9.3**
+
+## 20201005
+- **Bump Elastic Stack to 7.9.2**
+  - @brianlechthaler, thanks for PR #706, which had issues regarding Elastic Stack and resulted in reverting to 7.9.1
+
 ## 20200904
 - **Release T-Pot 20.06.1**
  - Github offers a free Docker Container Registry for public packages. For our Open Source projects we want to make sure to have everything in one place and thus moving from Docker Hub to the GitHub Container Registry.
--- a/README.md
+++ b/README.md
@ -290,9 +290,9 @@ If you would like to contribute, you can add other cloud deployments like Chef o
 You can find an [Ansible](https://www.ansible.com/) based T-Pot deployment in the [`cloud/ansible`](cloud/ansible) folder.  
 The Playbook in the [`cloud/ansible/openstack`](cloud/ansible/openstack) folder is reusable for all **OpenStack** clouds out of the box.

-It first creates all resources (security group, network, subnet, router), deploys a new server and then installs and configures T-Pot.
+It first creates all resources (security group, network, subnet, router), deploys one (or more) new servers and then installs and configures T-Pot on them.

-You can have a look at the Playbook and easily adapt the deploy role for other [cloud providers](https://docs.ansible.com/ansible/latest/modules/list_of_cloud_modules.html).
+You can have a look at the Playbook and easily adapt the deploy role for other [cloud providers](https://docs.ansible.com/ansible/latest/scenario_guides/cloud_guides.html). Check out [Ansible Galaxy](https://galaxy.ansible.com/search?keywords=&order_by=-relevance&page=1&deprecated=false&type=collection&tags=cloud) for more cloud collections.

 *Please note*: Cloud providers usually offer adjusted Debian OS images, which might not be compatible with T-Pot. There is no cloud provider support provided of any kind.

@ -304,7 +304,7 @@ You can find [Terraform](https://www.terraform.io/) configuration in the [`cloud
 This can be used to launch a virtual machine, bootstrap any dependencies and install T-Pot in a single step.

 Configuration for **Amazon Web Services** (AWS) and **Open Telekom Cloud** (OTC) is currently included.  
-This can easily be extended to support other [Terraform providers](https://www.terraform.io/docs/providers/index.html).
+This can easily be extended to support other [Terraform providers](https://registry.terraform.io/browse/providers?category=public-cloud%2Ccloud-automation%2Cinfrastructure).

 *Please note*: Cloud providers usually offer adjusted Debian OS images, which might not be compatible with T-Pot. There is no cloud provider support provided of any kind.

@ -492,7 +492,7 @@ The software that T-Pot is built on uses the following licenses.
 <br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE), [ewsposter](https://github.com/telekom-security/ews/), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [ipphoney](https://gitlab.com/bontchev/ipphoney/-/blob/master/LICENSE), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
 <br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE)
 <br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE)
-<br> Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/)
+<br> Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/), [Elastic License](https://www.elastic.co/licensing/elastic-license)

 <a name="credits"></a>
 # Credits
--- a/bin/updateip.sh
+++ b/bin/updateip.sh
@ -2,6 +2,7 @@
 # Let's add the first local ip to the /etc/issue and external ip to ews.ip file
 # If the external IP cannot be detected, the internal IP will be inherited.
 source /etc/environment
+myUUID=$(lsblk -o MOUNTPOINT,UUID | grep "/" | awk '{ print $2 }')
 myLOCALIP=$(hostname -I | awk '{ print $1 }')
 myEXTIP=$(/opt/tpot/bin/myip.sh)
 if [ "$myEXTIP" = "" ];
@ -26,6 +27,7 @@ tee /data/ews/conf/ews.ip << EOF
 ip = $myEXTIP
 EOF
 tee /opt/tpot/etc/compose/elk_environment << EOF
+HONEY_UUID=$myUUID
 MY_EXTIP=$myEXTIP
 MY_INTIP=$myLOCALIP
 MY_HOSTNAME=$HOSTNAME
--- a/cloud/.gitignore
+++ b/cloud/.gitignore
@ -0,0 +1,10 @@
+# Ansible
+*.retry
+
+# Terraform
+**/.terraform
+**/terraform.*
+
+# OpenStack clouds
+clouds.yaml
+secure.yaml
--- a/cloud/ansible/.gitignore
+++ b/cloud/ansible/.gitignore
@ -1,2 +0,0 @@
-# Ansible
-*.retry
--- a/cloud/ansible/README.md
+++ b/cloud/ansible/README.md
@ -2,15 +2,16 @@

 Here you can find a ready-to-use solution for your automated T-Pot deployment using [Ansible](https://www.ansible.com/).  
 It consists of an Ansible Playbook with multiple roles, which is reusable for all [OpenStack](https://www.openstack.org/) based clouds (e.g. Open Telekom Cloud, Orange Cloud, Telefonica Open Cloud, OVH) out of the box.  
-Apart from that you can easily adapt the deploy role to use other [cloud providers](https://docs.ansible.com/ansible/latest/modules/list_of_cloud_modules.html) (e.g. AWS, Azure, Digital Ocean, Google).
+Apart from that you can easily adapt the deploy role to use other [cloud providers](https://docs.ansible.com/ansible/latest/scenario_guides/cloud_guides.html). Check out [Ansible Galaxy](https://galaxy.ansible.com/search?keywords=&order_by=-relevance&page=1&deprecated=false&type=collection&tags=cloud) for more cloud collections.

-The Playbook first creates all resources (security group, network, subnet, router), deploys a new server and then installs and configures T-Pot.
+The Playbook first creates all resources (security group, network, subnet, router), deploys one (or more) new servers and then installs and configures T-Pot on them.

 This example showcases the deployment on our own OpenStack based Public Cloud Offering [Open Telekom Cloud](https://open-telekom-cloud.com/en).

 # Table of contents
 - [Preparation of Ansible Master](#ansible-master)
  - [Ansible Installation](#ansible)
+  - [OpenStack Collection Installation](#collection)
  - [Agent Forwarding](#agent-forwarding)
 - [Preparations in Open Telekom Cloud Console](#preparation)
  - [Create new project](#project)
@ -18,8 +19,9 @@ This example showcases the deployment on our own OpenStack based Public Cloud Of
  - [Import Key Pair](#key-pair)
 - [Clone Git Repository](#clone-git)
 - [Settings and recommended values](#settings)
-  - [Clouds.yaml](#clouds-yaml)
+  - [clouds.yaml](#clouds-yaml)
  - [Ansible remote user](#remote-user)
+  - [Number of instances to deploy](#number)
  - [Instance settings](#instance-settings)
  - [User password](#user-password)
  - [Configure `tpot.conf.dist`](#tpot-conf)
@ -36,6 +38,8 @@ Ansible works over the SSH Port, so you don't have to add any special rules to y

 <a name="ansible"></a>
 ## Ansible Installation
+:warning: Ansible 2.10 or newer is required!
+
 Example for Ubuntu 18.04:  

 At first we update the system:  
@ -48,6 +52,17 @@ Then we need to add the repository and install Ansible:

 For other OSes and Distros have a look at the official [Ansible Documentation](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html).

+If your OS does not offer a recent version of Ansible (>= 2.10) you should consider [installing Ansible with pip](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-with-pip).  
+In short (if you already have Python3/pip3 installed):
+```
+pip3 install ansible
+```
+
+<a name="collection"></a>
+## OpenStack Collection Installation
+For interacting with OpenStack resources in Ansible, you need to install the collection from Ansible Galaxy:  
+`ansible-galaxy collection install openstack.cloud`
+
 <a name="agent-forwarding"></a>
 ## Agent Forwarding
 If you run the Ansible Playbook remotely on your Ansible Master Server, Agent Forwarding must be enabled in order to let Ansible connect to newly created machines.  
@ -104,7 +119,7 @@ All Ansible related files are located in the [`cloud/ansible/openstack`](opensta
 You can configure all aspects of your Elastic Cloud Server and T-Pot before using the Playbook:

 <a name="clouds-yaml"></a>
-## Clouds.yaml
+## clouds.yaml
 Located at [`openstack/clouds.yaml`](openstack/clouds.yaml).  
 Enter your Open Telekom Cloud API user credentials here (username, password, project name, user domain name):  
 ```
@ -118,22 +133,36 @@ clouds:
      user_domain_name: OTC-EU-DE-000000000010000XXXXX
 ```
 You can also perform different authentication methods like sourcing OpenStack OS_* environment variables or providing an inline dictionary.  
-For more information have a look in the [os_server](https://docs.ansible.com/ansible/latest/modules/os_server_module.html) Ansible module documentation.
+For more information have a look in the [openstack.cloud.server](https://docs.ansible.com/ansible/latest/collections/openstack/cloud/server_module.html) Ansible module documentation.
+
+If you already have your own `clouds.yaml` file or have multiple clouds in there, you can specify which one to use in the `openstack/my_os_cloud.yaml` file:
+```
+# Enter the name of your cloud to use from clouds.yaml
+cloud: open-telekom-cloud
+```

 <a name="remote-user"></a>
 ## Ansible remote user
 You may have to adjust the `remote_user` in the Ansible Playbook under [`openstack/deploy_tpot.yaml`](openstack/deploy_tpot.yaml) depending on your Debian base image (e.g. on Open Telekom Cloud the default Debian user is `linux`).

+<a name="number"></a>
+## Number of instances to deploy
+You can adjust the number of VMs/T-Pots that you want to create in [`openstack/deploy_tpot.yaml`](openstack/deploy_tpot.yaml):
+```
+loop: "{{ range(0, 1) }}"
+```
+One instance is set as the default, increase to your liking.
+
 <a name="instance-settings"></a>
 ## Instance settings
-Located at [`openstack/roles/deploy/vars/main.yaml`](openstack/roles/deploy/vars/main.yaml).  
+Located at [`openstack/roles/create_vm/vars/main.yaml`](openstack/roles/create_vm/vars/main.yaml).  
 Here you can customize your virtual machine specifications:
  - Choose an availability zone. For Open Telekom Cloud reference see [here](https://docs.otc.t-systems.com/en-us/endpoint/index.html).
  - Change the OS image (For T-Pot we need Debian)
  - (Optional) Change the volume size
  - Specify your key pair (:warning: Mandatory)
  - (Optional) Change the instance type (flavor)  
-    `s2.medium.8` corresponds to 1 vCPU and 8GB of RAM and is the minimum required flavor.  
+    `s3.medium.8` corresponds to 1 vCPU and 8GB of RAM and is the minimum required flavor.  
    A full list of Open Telekom Cloud flavors can be found [here](https://docs.otc.t-systems.com/en-us/usermanual/ecs/en-us_topic_0177512565.html).

 ```
@ -141,7 +170,7 @@ availability_zone: eu-de-03
 image: Standard_Debian_10_latest
 volume_size: 128
 key_name: your-KeyPair
-flavor: s2.medium.8
+flavor: s3.medium.8
 ```

 <a name="user-password"></a>
@ -160,14 +189,6 @@ Here you can choose:
  - a username for the web interface
  - a password for the web interface (**you should definitely change that**)

-```
-# tpot configuration file
-# myCONF_TPOT_FLAVOR=[STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN]
-myCONF_TPOT_FLAVOR='STANDARD'
-myCONF_WEB_USER='webuser'
-myCONF_WEB_PW='w3b$ecret'
-```
-
 <a name="ews-cfg"></a>
 ## Optional: Custom `ews.cfg`
 Enable this by uncommenting the role in the [deploy_tpot.yaml](openstack/deploy_tpot.yaml) playbook.
@ -200,7 +221,7 @@ Enable this by uncommenting the role in the [deploy_tpot.yaml](openstack/deploy_
 #    - custom_hpfeeds
 ```

-You can specify custom HPFEEDS in [`openstack/roles/custom_hpfeeds/templates/hpfeeds.cfg`](openstack/roles/custom_hpfeeds/templates/hpfeeds.cfg).  
+You can specify custom HPFEEDS in [`openstack/roles/custom_hpfeeds/files/hpfeeds.cfg`](openstack/roles/custom_hpfeeds/files/hpfeeds.cfg).  
 That file contains the defaults (turned off) and you can adapt it for your needs, e.g. for SISSDEN:
 ```
 myENABLE=true
@ -216,6 +237,7 @@ myFORMAT=json
 <a name="deploy"></a>
 # Deploying a T-Pot :honey_pot::honeybee:
 Now, after configuring everything, we can finally start deploying T-Pots!  
+
 Go to the [`openstack`](openstack) folder and run the Ansible Playbook with:  
 `ansible-playbook deploy_tpot.yaml`  
 (Yes, it is as easy as that :smile:)
@ -223,15 +245,13 @@ Go to the [`openstack`](openstack) folder and run the Ansible Playbook with:
 If you are running on a machine which asks for a sudo password, you can use:  
 `ansible-playbook --ask-become-pass deploy_tpot.yaml`

-The Playbook will first install required packages on the Ansible Master and then deploy a new server instance.  
-After that, T-Pot gets installed and configured on the newly created host, optionally custom configs are applied and finally it reboots.
+The Playbook will first install required packages on the Ansible Master and then deploy one (or more) new server instances.  
+After that, T-Pot gets installed and configured on them, optionally custom configs are applied and finally it reboots.

 Once this is done, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/telekom-security/tpotce#ssh-and-web-access).

 <a name="documentation"></a>
 # Further documentation
 - [Ansible Documentation](https://docs.ansible.com/ansible/latest/)
- [Cloud modules — Ansible Documentation](https://docs.ansible.com/ansible/latest/modules/list_of_cloud_modules.html)
- [os_server – Create/Delete Compute Instances from OpenStack — Ansible Documentation](https://docs.ansible.com/ansible/latest/modules/os_server_module.html)
+- [openstack.cloud.server – Create/Delete Compute Instances from OpenStack](https://docs.ansible.com/ansible/latest/collections/openstack/cloud/server_module.html)
 - [Open Telekom Cloud Help Center](https://docs.otc.t-systems.com/)
- [Open Telekom Cloud API Overview](https://docs.otc.t-systems.com/en-us/api/wp/en-us_topic_0052070394.html)
--- a/cloud/ansible/openstack/clouds.yaml
+++ b/cloud/ansible/openstack/clouds.yaml
@ -1,6 +1,7 @@
 clouds:
  open-telekom-cloud:
    profile: otc
+    region_name: eu-de
    auth:
      project_name: eu-de_your_project
      username: your_api_user
--- a/cloud/ansible/openstack/deploy_tpot.yaml
+++ b/cloud/ansible/openstack/deploy_tpot.yaml
@ -4,13 +4,22 @@
  roles:
    - check

- name: Deploy instance
+- name: Deploy instances
  hosts: localhost
-  roles:
-    - deploy
+  vars_files: my_os_cloud.yaml
+  tasks:
+    - name: Create security group and network
+      ansible.builtin.include_role:
+        name: create_net
+    - name: Create one or more instances
+      ansible.builtin.include_role:
+        name: create_vm
+      loop: "{{ range(0, 1) }}"
+      loop_control:
+        extended: yes

- name: Install T-Pot on new instance
-  hosts: TPOT
+- name: Install T-Pot
+  hosts: tpot
  remote_user: linux
  become: yes
  gather_facts: no
--- a/cloud/ansible/openstack/my_os_cloud.yaml
+++ b/cloud/ansible/openstack/my_os_cloud.yaml
@ -0,0 +1,2 @@
+# Enter the name of your cloud to use from clouds.yaml
+cloud: open-telekom-cloud
--- a/cloud/ansible/openstack/requirements.yaml
+++ b/cloud/ansible/openstack/requirements.yaml
@ -0,0 +1,2 @@
+collections:
+- name: openstack.cloud
--- a/cloud/ansible/openstack/roles/check/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/check/tasks/main.yaml
@ -1,17 +1,19 @@
 - name: Install dependencies
-  package:
+  ansible.builtin.package:
    name:
-      - pwgen
-      - python-setuptools
-      - python-pip
+      - gcc
+      - python3-dev
+      - python3-setuptools
+      - python3-pip
    state: present

 - name: Install openstacksdk
-  pip:
+  ansible.builtin.pip:
    name: openstacksdk
+    executable: pip3

 - name: Check if agent forwarding is enabled
-  fail:
+  ansible.builtin.fail:
    msg: Please enable agent forwarding to allow Ansible to connect to the remote host!
  ignore_errors: yes
  when: lookup('env','SSH_AUTH_SOCK') == ""
--- a/cloud/ansible/openstack/roles/create_net/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/create_net/tasks/main.yaml
@ -0,0 +1,33 @@
+- name: Create security group
+  openstack.cloud.security_group:
+    cloud: "{{ cloud }}"
+    name: sg-tpot-any
+    description: tpot any-any
+
+- name: Add rules to security group
+  openstack.cloud.security_group_rule:
+    cloud: "{{ cloud }}"
+    security_group: sg-tpot-any
+    remote_ip_prefix: 0.0.0.0/0
+
+- name: Create network
+  openstack.cloud.network:
+    cloud: "{{ cloud }}"
+    name: network-tpot
+
+- name: Create subnet
+  openstack.cloud.subnet:
+    cloud: "{{ cloud }}"
+    network_name: network-tpot
+    name: subnet-tpot
+    cidr: 192.168.0.0/24
+    dns_nameservers:
+      - 1.1.1.1
+      - 8.8.8.8
+
+- name: Create router
+  openstack.cloud.router:
+    cloud: "{{ cloud }}"
+    name: router-tpot
+    interfaces:
+      - subnet-tpot
--- a/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
@ -0,0 +1,24 @@
+- name: Generate T-Pot name
+  ansible.builtin.set_fact:
+    tpot_name: "t-pot-ansible-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=6') }}"
+
+- name: Create instance {{ ansible_loop.index }} of {{ ansible_loop.length }}
+  openstack.cloud.server:
+    cloud: "{{ cloud }}"
+    name: "{{ tpot_name }}"
+    availability_zone: "{{ availability_zone }}"
+    image: "{{ image }}"
+    boot_from_volume: yes
+    volume_size: "{{ volume_size }}"
+    key_name: "{{ key_name }}"
+    timeout: 200
+    flavor: "{{ flavor }}"
+    security_groups: sg-tpot-any
+    network: network-tpot
+  register: tpot
+
+- name: Add instance to inventory
+  ansible.builtin.add_host:
+    hostname: "{{ tpot_name }}"
+    ansible_host: "{{ tpot.server.public_v4 }}"
+    groups: tpot
--- a/cloud/ansible/openstack/roles/create_vm/vars/main.yaml
+++ b/cloud/ansible/openstack/roles/create_vm/vars/main.yaml
@ -2,4 +2,4 @@ availability_zone: eu-de-03
 image: Standard_Debian_10_latest
 volume_size: 128
 key_name: your-KeyPair
-flavor: s2.medium.8
+flavor: s3.medium.8
--- a/cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml
@ -1,5 +1,5 @@
 - name: Copy ews configuration file
-  template:
+  ansible.builtin.template:
    src: ews.cfg
    dest: /data/ews/conf
    owner: root
@ -7,7 +7,7 @@
    mode: 0644

 - name: Patching tpot.yml with custom ews configuration file
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /opt/tpot/etc/tpot.yml
    insertafter: "/opt/ewsposter/ews.ip"
    line: "     - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg"
--- a/cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml
@ -1,5 +1,5 @@
 - name: Copy hpfeeds configuration file
-  copy:
+  ansible.builtin.copy:
    src: hpfeeds.cfg
    dest: /data/ews/conf
    owner: tpot
@ -8,5 +8,5 @@
  register: config

 - name: Applying hpfeeds settings
-  command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
+  ansible.builtin.command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
  when: config.changed == true
--- a/cloud/ansible/openstack/roles/deploy/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/deploy/tasks/main.yaml
@ -1,58 +0,0 @@
- name: Create T-Pot name
-  shell: echo t-pot-ansible-$(pwgen -ns 6 -1)
-  register: tpot_name
-
- name: Create security group
-  os_security_group:
-    cloud: open-telekom-cloud
-    name: sg-tpot-any
-    description: tpot any-any
-
- name: Add rules to security group
-  os_security_group_rule:
-    cloud: open-telekom-cloud
-    security_group: sg-tpot-any
-    remote_ip_prefix: 0.0.0.0/0
-
- name: Create network
-  os_network:
-    cloud: open-telekom-cloud
-    name: network-tpot
-
- name: Create subnet
-  os_subnet:
-    cloud: open-telekom-cloud
-    network_name: network-tpot
-    name: subnet-tpot
-    cidr: 192.168.0.0/24
-    dns_nameservers:
-      - 1.1.1.1
-      - 8.8.8.8
-
- name: Create router
-  os_router:
-    cloud: open-telekom-cloud
-    name: router-tpot
-    interfaces:
-      - subnet-tpot
-
- name: Launch an instance
-  os_server:
-    cloud: open-telekom-cloud
-    name: "{{ tpot_name.stdout }}"
-    availability_zone: "{{ availability_zone }}"
-    image: "{{ image }}"
-    boot_from_volume: yes
-    volume_size: "{{ volume_size }}"
-    key_name: "{{ key_name }}"
-    timeout: 200
-    flavor: "{{ flavor }}"
-    security_groups: sg-tpot-any
-    network: network-tpot
-  register: tpot
-
- name: Add instance to inventory
-  add_host:
-    hostname: "{{ tpot_name.stdout }}"
-    ansible_host: "{{ tpot.server.public_v4 }}"
-    groups: TPOT
--- a/cloud/ansible/openstack/roles/install/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/install/tasks/main.yaml
@ -1,29 +1,29 @@
 - name: Waiting for SSH connection
-  wait_for_connection:
+  ansible.builtin.wait_for_connection:

 - name: Gathering facts
-  setup:
+  ansible.builtin.setup:

 - name: Cloning T-Pot install directory
-  git:
+  ansible.builtin.git:
    repo: "https://github.com/telekom-security/tpotce.git"
    dest: /root/tpot

 - name: Prepare to set user password
-  set_fact:
+  ansible.builtin.set_fact:
    user_name: "{{ ansible_user }}"
    user_salt: "s0mew1ck3dTpoT"
  no_log: true

 - name: Changing password for user {{ user_name }}
-  user:
+  ansible.builtin.user:
   name: "{{ ansible_user }}"
   password: "{{ user_password | password_hash('sha512', user_salt) }}"
   state: present
   shell: /bin/bash

 - name: Copy T-Pot configuration file
-  template:
+  ansible.builtin.template:
    src: ../../../../../../iso/installer/tpot.conf.dist
    dest: /root/tpot.conf
    owner: root
@ -31,15 +31,15 @@
    mode: 0644

 - name: Install T-Pot on instance -  be patient, this might take 15 to 30 minutes depending on the connection speed.
-  command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
+  ansible.builtin.command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf

 - name: Delete T-Pot configuration file
-  file:
+  ansible.builtin.file:
    path: /root/tpot.conf
    state: absent

 - name: Change unattended-upgrades to take default action
-  blockinfile:
+  ansible.builtin.blockinfile:
    dest: /etc/apt/apt.conf.d/50unattended-upgrades
    block: |
      Dpkg::Options {
--- a/cloud/ansible/openstack/roles/reboot/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/reboot/tasks/main.yaml
@ -1,10 +1,10 @@
 - name: Finally rebooting T-Pot
-  command: shutdown -r now
+  ansible.builtin.command: shutdown -r now
  async: 1
  poll: 0

 - name: Next login options
-  debug:
+  ansible.builtin.debug:
    msg:
    - "*****    SSH Access:"
    - "*****    ssh {{ ansible_user }}@{{ ansible_host }} -p 64295"
--- a/cloud/terraform/.gitignore
+++ b/cloud/terraform/.gitignore
@ -1,2 +0,0 @@
-**/.terraform
-**/terraform.*
--- a/cloud/terraform/README.md
+++ b/cloud/terraform/README.md
@ -1,7 +1,7 @@
 # T-Pot Terraform
 This [Terraform](https://www.terraform.io/) configuration can be used to launch a virtual machine, bootstrap any dependencies and install T-Pot in a single step.  
 Configuration for Amazon Web Services (AWS) and Open Telekom Cloud (OTC) is currently included.
-This can easily be extended to support other [Terraform providers](https://www.terraform.io/docs/providers/index.html).
+This can easily be extended to support other [Terraform providers](https://registry.terraform.io/browse/providers?category=public-cloud%2Ccloud-automation%2Cinfrastructure).

 [Cloud-init](https://cloudinit.readthedocs.io/en/latest/) is used to bootstrap the instance and install T-Pot on startup.

@ -93,7 +93,6 @@ In `otc/variables.tf`, you can change the additional variables:
 * `availability_zone`
 * `flavor`
 * `key_pair` - Specify an existing SSH key pair
-* `image_id`
 * `volume_size`  
 Furthermore you can configure the naming of the created infrastructure (per default everything gets prefixed with "tpot-", e.g. "tpot-router").

--- a/cloud/terraform/aws/.terraform.lock.hcl
+++ b/cloud/terraform/aws/.terraform.lock.hcl
@ -0,0 +1,20 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "3.26.0"
+  constraints = "3.26.0"
+  hashes = [
+    "h1:0i78FItlPeiomd+4ThZrtm56P5K33k7/6dnEe4ZePI0=",
+    "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb",
+    "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300",
+    "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b",
+    "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535",
+    "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587",
+    "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d",
+    "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea",
+    "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4",
+    "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58",
+    "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01",
+  ]
+}
--- a/cloud/terraform/aws/variables.tf
+++ b/cloud/terraform/aws/variables.tf
@ -32,24 +32,26 @@ variable "ec2_instance_type" {
 variable "ec2_ami" {
  type = map(string)
  default = {
-    "ap-east-1"      = "ami-f9c58188"
-    "ap-northeast-1" = "ami-0fae5501ae428f9d7"
-    "ap-northeast-2" = "ami-0522874b039290246"
-    "ap-south-1"     = "ami-03b4e18f70aca8973"
-    "ap-southeast-1" = "ami-0852293c17f5240b3"
-    "ap-southeast-2" = "ami-03ea2db714f1f6acf"
-    "ca-central-1"   = "ami-094511e5020cdea18"
-    "eu-central-1"   = "ami-0394acab8c5063f6f"
-    "eu-north-1"     = "ami-0c82d9a7f5674320a"
-    "eu-west-1"      = "ami-006d280940ad4a96c"
-    "eu-west-2"      = "ami-08fe9ea08db6f1258"
-    "eu-west-3"      = "ami-04563f5eab11f2b87"
-    "me-south-1"     = "ami-0492a01b319d1f052"
-    "sa-east-1"      = "ami-05e16feea94258a69"
-    "us-east-1"      = "ami-04d70e069399af2e9"
-    "us-east-2"      = "ami-04100f1cdba76b497"
-    "us-west-1"      = "ami-014c78f266c5b7163"
-    "us-west-2"      = "ami-023b7a69b9328e1f9"
+    "af-south-1"     = "ami-04090a79eb0bcb6c1"
+    "ap-east-1"      = "ami-0327f60df432e2479"
+    "ap-northeast-1" = "ami-06bc324209030cbc8"
+    "ap-northeast-2" = "ami-02ee842962ae7df95"
+    "ap-south-1"     = "ami-0d548fffbb2d54e42"
+    "ap-southeast-1" = "ami-0dcf891cda6248f00"
+    "ap-southeast-2" = "ami-022578f782d4e5d30"
+    "ca-central-1"   = "ami-01444dd84a75e9a82"
+    "eu-central-1"   = "ami-097411fa8fbfdffda"
+    "eu-north-1"     = "ami-026984326b6456f6a"
+    "eu-south-1"     = "ami-07ad114e5df69197e"
+    "eu-west-1"      = "ami-0101794b418f8b2a6"
+    "eu-west-2"      = "ami-00eac9341e72e638a"
+    "eu-west-3"      = "ami-01469c569416f3bd3"
+    "me-south-1"     = "ami-0821f357b877b076d"
+    "sa-east-1"      = "ami-0c87b2c6219e3d5fd"
+    "us-east-1"      = "ami-047f0b13f023f6553"
+    "us-east-2"      = "ami-0988470f4e830799f"
+    "us-west-1"      = "ami-0be6bacfeb2913ac2"
+    "us-west-2"      = "ami-0112d55fbe29acc68"
  }
 }

@ -66,7 +68,7 @@ variable "linux_password" {
 # These will go in the generated tpot.conf file
 variable "tpot_flavor" {
  default = "STANDARD"
-  description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN]"
+  description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]"
 }

 variable "web_user" {
--- a/cloud/terraform/aws/versions.tf
+++ b/cloud/terraform/aws/versions.tf
@ -3,6 +3,7 @@ terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
+      version = "3.26.0"
    }
  }
 }
--- a/cloud/terraform/otc/.terraform.lock.hcl
+++ b/cloud/terraform/otc/.terraform.lock.hcl
@ -0,0 +1,39 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/random" {
+  version     = "3.0.1"
+  constraints = "~> 3.0.1"
+  hashes = [
+    "h1:SzM8nt2wzLMI28A3CWAtW25g3ZCm1O4xD0h3Ps/rU1U=",
+    "zh:0d4f683868324af056a9eb2b06306feef7c202c88dbbe6a4ad7517146a22fb50",
+    "zh:4824b3c7914b77d41dfe90f6f333c7ac9860afb83e2a344d91fbe46e5dfbec26",
+    "zh:4b82e43712f3cf0d0cbc95b2cbcd409ba8f0dc7848fdfb7c13633c27468ed04a",
+    "zh:78b3a2b860c3ebc973a794000015f5946eb59b82705d701d487475406b2612f1",
+    "zh:88bc65197bd74ff408d147b32f0045372ae3a3f2a2fdd7f734f315d988c0e4a2",
+    "zh:91bd3c9f625f177f3a5d641a64e54d4b4540cb071070ecda060a8261fb6eb2ef",
+    "zh:a6818842b28d800f784e0c93284ff602b0c4022f407e4750da03f50b853a9a2c",
+    "zh:c4a1a2b52abd05687e6cfded4a789dcd7b43e7a746e4d02dd1055370cf9a994d",
+    "zh:cf65041bf12fc3bde709c1d267dbe94142bc05adcabc4feb17da3b12249132ac",
+    "zh:e385e00e7425dda9d30b74ab4ffa4636f4b8eb23918c0b763f0ffab84ece0c5c",
+  ]
+}
+
+provider "registry.terraform.io/opentelekomcloud/opentelekomcloud" {
+  version     = "1.22.5"
+  constraints = "1.22.5"
+  hashes = [
+    "h1:H20WxSx+j2JyrqHAgqsrV3rMWEOEZVEQuA7upz/1IgY=",
+    "zh:276ab06e7c011351fc5a803fea0321a9d12b1353bd43f5389f3bbf491e31fc41",
+    "zh:3191dc598ea4e4c99d08a2b1a5f65710dbcc1a892b1f9dde7b52515f32028319",
+    "zh:43db37c5fb6a886ce3bbc2aa730854476da7dd0340622ad874998041fa96f7a2",
+    "zh:45f3e2677a4c35bd88d435c906224092e0dde17055a203b474da2eeacffbf9b7",
+    "zh:504568581e561130fc0a9ceb6514e9664c67e3a89cd6c912f64c82f0a0305a30",
+    "zh:5646c76cbe710fd0acde409cdcfb352dd53a282c0207e46e33ac5714d0eaa0b9",
+    "zh:578b0f5d43f156f86ca6a63604da6e968f035d0b4bf6ccfc83db284fd31057f6",
+    "zh:784459b8350dc650f01e6866bcec0632e8b5a8733d81e6ed53bc8cc1254abb92",
+    "zh:970aa873a81994cddf84279b255d3f51a4138b23cb9162707cefb84042451bfc",
+    "zh:e892b8b6225a46067586b8e54a7102ac1b0fc296b4851dab3d4cc185de538d66",
+    "zh:f8c4699eebe99ac93d9cdccfcc809a5bd3d6c238be136d5a26c4e812ef30ec32",
+  ]
+}
--- a/cloud/terraform/otc/clouds.yaml
+++ b/cloud/terraform/otc/clouds.yaml
@ -1,5 +1,6 @@
 clouds:
  open-telekom-cloud:
+    region_name: eu-de
    auth:
      project_name: eu-de_your_project
      username: your_api_user
--- a/cloud/terraform/otc/main.tf
+++ b/cloud/terraform/otc/main.tf
@ -1,3 +1,7 @@
+data "opentelekomcloud_images_image_v2" "debian" {
+  name = "Standard_Debian_10_latest"
+}
+
 resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
  name        = var.secgroup_name
  description = var.secgroup_desc
@ -37,7 +41,7 @@ resource "random_id" "tpot" {

 resource "opentelekomcloud_compute_instance_v2" "ecs_1" {
  availability_zone = var.availability_zone
-  name              = random_id.tpot.b64
+  name              = random_id.tpot.b64_std
  flavor_name       = var.flavor
  key_pair          = var.key_pair
  security_groups   = [opentelekomcloud_networking_secgroup_v2.secgroup_1.name]
@ -48,7 +52,7 @@ resource "opentelekomcloud_compute_instance_v2" "ecs_1" {
  }

  block_device {
-    uuid                  = var.image_id
+    uuid                  = data.opentelekomcloud_images_image_v2.debian.id
    source_type           = "image"
    volume_size           = var.volume_size
    destination_type      = "volume"
--- a/cloud/terraform/otc/variables.tf
+++ b/cloud/terraform/otc/variables.tf
@ -40,7 +40,7 @@ variable "availability_zone" {
 }

 variable "flavor" {
-  default = "s2.medium.8"
+  default = "s3.medium.8"
  description = "Select a compute flavor"
 }

@ -49,11 +49,6 @@ variable "key_pair" {
  description = "Specify your SSH key pair"
 }

-variable "image_id" {
-  default = "fb7b0c9c-8b20-4e3f-832c-ea38c981c282"
-  description = "Select a Debian 10 base image id"
-}
-
 variable "volume_size" {
  default = "128"
  description = "Set the volume size"
@ -62,7 +57,7 @@ variable "volume_size" {
 # These will go in the generated tpot.conf file
 variable "tpot_flavor" {
  default = "STANDARD"
-  description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN]"
+  description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]"
 }

 variable "web_user" {
--- a/cloud/terraform/otc/versions.tf
+++ b/cloud/terraform/otc/versions.tf
@ -2,10 +2,12 @@ terraform {
  required_version = ">= 0.13"
  required_providers {
    opentelekomcloud = {
-      source = "terraform-providers/opentelekomcloud"
+      source = "opentelekomcloud/opentelekomcloud"
+      version = "1.22.5"
    }
    random = {
      source = "hashicorp/random"
+      version = "~> 3.0.1"
    }
  }
 }
--- a/docker/adbhoney/Dockerfile
+++ b/docker/adbhoney/Dockerfile
@ -1,11 +1,10 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U add \
+RUN apk -U add \
            git \
            libcap \
 	    py3-pip \
--- a/docker/ciscoasa/Dockerfile
+++ b/docker/ciscoasa/Dockerfile
@ -1,17 +1,17 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Setup env and apt
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U upgrade && \
+RUN apk -U upgrade && \
    apk add build-base \
            git \
            libffi \
            libffi-dev \
            openssl \
            openssl-dev \
+	    py3-cryptography \
 	    py3-pip \
            python3 \
            python3-dev && \
--- a/docker/citrixhoneypot/Dockerfile
+++ b/docker/citrixhoneypot/Dockerfile
@ -1,20 +1,17 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U add \
+RUN apk -U add \
            git \
            libcap \
 	    openssl \
-	    py3-pip \
+            py3-pip \
            python3 \
            python3-dev && \
 #
    pip3 install --no-cache-dir python-json-logger && \
 #
 # Install CitrixHoneypot from GitHub
-#    git clone --depth=1 https://github.com/malwaretech/citrixhoneypot /opt/citrixhoneypot && \
-#    git clone --depth=1 https://github.com/vorband/CitrixHoneypot /opt/citrixhoneypot && \
    git clone https://github.com/t3chn0m4g3/CitrixHoneypot /opt/citrixhoneypot && \
    cd /opt/citrixhoneypot && \
    git checkout f59ad7320dc5bbb8c23c8baa5f111b52c52fbef3 && \
--- a/docker/conpot/Dockerfile
+++ b/docker/conpot/Dockerfile
@ -4,7 +4,6 @@ FROM alpine:edge
 ADD dist/ /root/dist/
 #
 # Setup apt
-#RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 RUN apk -U add \
             build-base \
             file \
@ -17,18 +16,20 @@ RUN apk -U add \
             libxslt-dev \
             mariadb-dev \
             pkgconfig \
-	     py3-pip \
             python3 \
             python3-dev \
-             py-cffi \
-             py-cryptography \
+             py3-cffi \
+             py3-cryptography \
+	     py3-gevent \
+	     py3-pip \
             tcpdump \
             wget && \
 #
 # Setup ConPot
    git clone https://github.com/mushorg/conpot /opt/conpot && \
    cd /opt/conpot/ && \
-    git checkout 7a77329cd99cee9c37ee20e2f05a48952d8eece9 && \
+#    git checkout ff09e009d10d953aa7dcff2c06b7c890e6ffd4b7 && \
+    git checkout 804fd65aa3b7ffa31c07fd4e863d4a5500414cf3 && \
    # Change template default ports if <1024
    sed -i 's/port="2121"/port="21"/' /opt/conpot/conpot/templates/default/ftp/ftp.xml && \ 
    sed -i 's/port="8800"/port="80"/' /opt/conpot/conpot/templates/default/http/http.xml && \ 
@ -41,6 +42,7 @@ RUN apk -U add \
    sed -i 's/port="6230"/port="623"/' /opt/conpot/conpot/templates/ipmi/ipmi/ipmi.xml && \ 
    pip3 install --no-cache-dir -U setuptools && \
    pip3 install --no-cache-dir . && \
+    pip3 install --no-cache-dir pysnmp-mibs && \
    cd / && \
    rm -rf /opt/conpot /tmp/* /var/tmp/* && \
    setcap cap_net_bind_service=+ep /usr/bin/python3.8 && \
--- a/docker/conpot/dist/templates/IEC104/template.xml
+++ b/docker/conpot/dist/templates/IEC104/template.xml
@ -347,6 +347,10 @@


            <!-- IEC104 Protocol parameter -->
+            <!-- Common (Object) Address, aka COA, Station Address -->
+            <key name="CommonAddress">
+                <value type="value">"0x1e28"</value>
+            </key>
            <!-- Timeout of connection establishment -->
            <key name="T_0">
                <value type="value">30</value>
--- a/docker/cowrie/Dockerfile
+++ b/docker/cowrie/Dockerfile
@ -1,28 +1,28 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Get and install dependencies & packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U add \
-                       bash \
-                       build-base \
-                       git \
-                       gmp-dev \
-                       libcap \
-                       libffi-dev \
-                       mpc1-dev \
-                       mpfr-dev \
-                       openssl \
-                       openssl-dev \
-		       py3-pip \
-                       python3 \
-                       python3-dev \
-                       py3-bcrypt \
-		       py3-mysqlclient \
-                       py3-requests \
-                       py3-setuptools && \
+RUN apk -U add \
+             bash \
+             build-base \
+             git \
+             gmp-dev \
+             libcap \
+             libffi-dev \
+             mpc1-dev \
+             mpfr-dev \
+             openssl \
+             openssl-dev \
+             py3-pip \
+             python3 \
+             python3-dev \
+	     py3-bcrypt \
+	     py3-cryptography \
+             py3-mysqlclient \
+             py3-requests \
+             py3-setuptools && \
 #
 # Setup user
    addgroup -g 2000 cowrie && \
@ -31,9 +31,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Install cowrie
    mkdir -p /home/cowrie && \
    cd /home/cowrie && \
-    git clone --depth=1 https://github.com/micheloosterhof/cowrie -b v2.1.0 && \
+    git clone --depth=1 https://github.com/micheloosterhof/cowrie -b v2.2.0 && \
    cd cowrie && \
-    sed -i s/logfile.DailyLogFile/logfile.LogFile/g src/cowrie/python/logfile.py && \
+#    sed -i s/logfile.DailyLogFile/logfile.LogFile/g src/cowrie/python/logfile.py && \
    mkdir -p log && \
    cp /root/dist/requirements.txt . && \
    pip3 install -r requirements.txt && \
--- a/docker/cowrie/dist/requirements.txt
+++ b/docker/cowrie/dist/requirements.txt
@ -1,13 +1,14 @@
-attrs==19.3.0
-bcrypt==3.1.7
-configparser==4.0.2
-cryptography==2.9.2
-packaging==20.3
+appdirs==1.4.4
+attrs==20.3.0
+bcrypt==3.2.0
+configparser==5.0.1
+#cryptography==3.4.5
+#packaging==20.9
 pyasn1_modules==0.2.8
-pyopenssl==19.1.0
+pyopenssl==20.0.1
 pyparsing==2.4.7
 python-dateutil==2.8.1
 service_identity==18.1.0
 tftpy==0.8.0
-treq==20.4.1
+treq==21.1.0
 twisted==20.3.0
--- a/docker/cyberchef/Dockerfile
+++ b/docker/cyberchef/Dockerfile
@ -1,20 +1,17 @@
 FROM alpine:3.10
 #
 # Get and install dependencies & packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
            curl \
            git \
            npm \
            nodejs && \
-    npm install -g grunt-cli && \
-    npm install -g http-server && \
    npm install npm@latest -g && \
+    npm install -g grunt-cli http-server && \
 #
 # Install CyberChef 
    cd /root && \
-    git clone https://github.com/gchq/cyberchef -b v9.21.0 && \
-    chown -R nobody:nobody cyberchef && \
+    git clone https://github.com/gchq/cyberchef -b v9.27.0 && \
    cd cyberchef && \
    npm install && \
    grunt prod && \
@ -31,7 +28,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Healthcheck
 HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:8000'
 #
-# Set user, workdir and start spiderfoot
+# Set user, workdir and start cyberchef
 USER nobody:nobody
 WORKDIR /opt/cyberchef
 CMD ["http-server", "-p", "8000"]
--- a/docker/dicompot/Dockerfile
+++ b/docker/dicompot/Dockerfile
@ -1,8 +1,7 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Setup apk
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U add \
+RUN apk -U add \
                   build-base \
                   git \
                   g++ && \
@ -14,7 +13,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    cd /opt/go/ && \
    git clone https://github.com/nsmfoo/dicompot.git && \
    cd dicompot && \
-    git checkout 17cddd73896e94fdfbfeb920023ccaf5aad5abbd && \
+    git checkout 41331194156bbb17078bcc1594f4952ac06a731e && \
    go mod download && \
    go install -a -x github.com/nsmfoo/dicompot/server && \
 #
--- a/docker/dionaea/Dockerfile
+++ b/docker/dionaea/Dockerfile
@ -5,7 +5,11 @@ ENV DEBIAN_FRONTEND noninteractive
 ADD dist/ /root/dist/
 #
 # Install dependencies and packages
-RUN apt-get update -y && \
+RUN apt-get update && \
+    apt-get install netselect-apt -y && \
+    netselect-apt && \
+    mv sources.list /etc/apt/ && \
+    apt-get update -y && \
    apt-get dist-upgrade -y && \
    apt-get install -y --no-install-recommends \
 	build-essential \
@ -36,7 +40,7 @@ RUN apt-get update -y && \
 #
 # Get and install dionaea
    # Latest master is unstable, SIP causes crashing
-    git clone --depth=1 https://github.com/dinotools/dionaea -b 0.8.0 /root/dionaea/ && \
+    git clone --depth=1 https://github.com/dinotools/dionaea -b 0.11.0 /root/dionaea/ && \
    cd /root/dionaea && \
    #git checkout 1426750b9fd09c5bfeae74d506237333cd8505e2 && \
    mkdir build && \
--- a/docker/elasticpot/Dockerfile
+++ b/docker/elasticpot/Dockerfile
@ -1,11 +1,10 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U add \
+RUN apk -U add \
             build-base \
 	     ca-certificates \
             git \
@ -13,6 +12,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 	     openssl \
             openssl-dev \
 	     postgresql-dev \
+             py3-cryptography \
             py3-mysqlclient \
             py3-requests \
 	     py3-pip \
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@ -1,14 +1,14 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # VARS
-ENV ES_VER=7.9.1 \
+ENV ES_VER=7.11.1 \
    JAVA_HOME=/usr/lib/jvm/java-11-openjdk
 # Include dist
 ADD dist/ /root/dist/
 #
 # Setup env and apt
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+#RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
+RUN apk -U --no-cache add \
             aria2 \
             bash \
             curl \
--- a/docker/elk/head/Dockerfile
+++ b/docker/elk/head/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Setup env and apt
 RUN apk -U add \
@ -11,7 +11,7 @@ RUN apk -U add \
    mkdir -p /usr/src/app/ && \
    cd /usr/src/app/ && \
    git clone https://github.com/mobz/elasticsearch-head . && \
-    git checkout d0a25608854479f0b3f2dca24e8039a2fd66b0e2 && \
+    git checkout 2d51fecac2980d350fcd3319fd9fe2999f63c9db && \
    npm install http-server && \
    sed -i "s#\"http\:\/\/localhost\:9200\"#window.location.protocol \+ \'\/\/\' \+ window.location.hostname \+ \'\:\' \+ window.location.port \+ \'\/es\/\'#" /usr/src/app/_site/app.js && \
 #
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@ -1,16 +1,17 @@
-FROM node:10.22.0-alpine
+FROM node:14.15.4-alpine
 #
 # VARS
-ENV KB_VER=7.9.1
+ENV KB_VER=7.11.1
 # 
 # Include dist
 ADD dist/ /root/dist/
 #
 # Setup env and apt
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+#RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
+RUN apk -U --no-cache add \
            aria2 \
-            curl && \
+            curl \
+            gcompat && \
 #
 # Get and install packages
    cd /root/dist/ && \
@ -48,6 +49,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    echo "xpack.uptime.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
    echo "xpack.securitySolution.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
    echo "xpack.ml.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
+    echo "xpack.fleet.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
    echo "elasticsearch.requestTimeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
    echo "elasticsearch.shardTimeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
 # There is no switch to disable Enterprise Search, so we need to remove it
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -1,13 +1,13 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # VARS
-ENV LS_VER=7.9.1
+ENV LS_VER=7.11.1
 # Include dist
 ADD dist/ /root/dist/
 #
 # Setup env and apt
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+#RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
+RUN apk -U --no-cache add \
             aria2 \
             bash \
             bzip2 \
@ -25,8 +25,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    bunzip2 *.bz2 && \
    cd /root/dist/ && \
    mkdir -p /usr/share/logstash/ && \
-    aria2c -s 16 -x 16 https://artifacts.elastic.co/downloads/logstash/logstash-$LS_VER.tar.gz && \
-    tar xvfz logstash-$LS_VER.tar.gz --strip-components=1 -C /usr/share/logstash/ && \
+    aria2c -s 16 -x 16 https://artifacts.elastic.co/downloads/logstash/logstash-$LS_VER-linux-x86_64.tar.gz && \
+    tar xvfz logstash-$LS_VER-linux-x86_64.tar.gz --strip-components=1 -C /usr/share/logstash/ && \
+    rm -rf /usr/share/logstash/jdk && \
    /usr/share/logstash/bin/logstash-plugin install logstash-filter-translate && \
    /usr/share/logstash/bin/logstash-plugin install logstash-output-syslog && \
 #
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -321,6 +321,7 @@ filter {
    }
    mutate {
      rename => {
+        "ID" => "id"
        "IP" => "src_ip"
        "Port" => "src_port"
        "AETitle" => "aetitle"
@ -542,6 +543,11 @@ if "_grokparsefailure" in [tags] { drop {} }
        convert => { "status" => "integer" }
    }
  }
+  if [id] {
+    mutate {
+        convert => { "id" => "string" }
+    }
+  }

 # Add T-Pot hostname and external IP
  if [type] == "Adbhoney" or [type] == "Ciscoasa" or [type] == "CitrixHoneypot" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dicompot" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Fatt" or [type] == "Glutton" or [type] == "Honeysap" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Honeypy" or [type] == "Ipphoney" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" {
--- a/docker/ews/Dockerfile
+++ b/docker/ews/Dockerfile
@ -1,11 +1,10 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
            build-base \
            git \
            libffi-dev \
@ -14,6 +13,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 	    python3 \
            python3-dev \
            py3-cffi \
+	    py3-cryptography \
            py3-ipaddress \
 	    py3-lxml \
 	    py3-mysqlclient \
@ -25,7 +25,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Setup ewsposter
    git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \
    cd /opt/ewsposter && \
-    git checkout f9c0623d44a837f666ec39659665020c7460dec8 && \
+    git checkout 46cd801fb444f1fb0a90418ab46e5977ec0a90b6 && \
    mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \
 #
 # Setup user and groups
--- a/docker/ews/dist/ews.cfg
+++ b/docker/ews/dist/ews.cfg
@ -4,10 +4,11 @@ spooldir = /opt/ewsposter/spool/
 logdir = /opt/ewsposter/log/
 del_malware_after_send = false
 send_malware = false
-sendlimit = 500
+sendlimit = 5000
 contact = your_email_address
-proxy =
-ip =
+proxy = None
+ip_int = None
+ip_ext = None

 [EWS]
 ews = true
@ -39,24 +40,6 @@ nodeid = glastopfv3-community-01
 sqlitedb = /data/glastopf/db/glastopf.db
 malwaredir = /data/glastopf/data/files/

-[GLASTOPFV2]
-glastopfv2 = false
-nodeid =
-mysqlhost =
-mysqldb =
-mysqluser =
-mysqlpw =
-malwaredir =
-
-[KIPPO]
-kippo = false
-nodeid =
-mysqlhost =
-mysqldb =
-mysqluser =
-mysqlpw =
-malwaredir =
-
 [COWRIE]
 cowrie = true
 nodeid = cowrie-community-01
@ -75,12 +58,6 @@ newversion = true
 payloaddir = /data/honeytrap/attacks/
 attackerfile = /data/honeytrap/log/attacker.log

-[RDPDETECT]
-rdpdetect = false
-nodeid =
-iptableslog =
-targetip =
-
 [EMOBILITY]
 eMobility = false
 nodeid = emobility-community-01
@ -135,3 +112,18 @@ logfile = /data/tanner/log/tanner_report.json
 glutton = true
 nodeid = glutton-community-01
 logfile = /data/glutton/log/glutton.log
+
+[HONEYSAP]
+honeysap = true
+nodeid = honeysap-community-01
+logfile = /data/honeysap/log/honeysap-external.log
+
+[ADBHONEY]
+adbhoney = true
+nodeid = adbhoney-community-01
+logfile = /data/adbhoney/log/adbhoney.json
+
+[FATT]
+fatt = true
+nodeid = fatt-community-01
+logfile = /data/fatt/log/fatt.log
--- a/docker/ews/docker-compose.yml
+++ b/docker/ews/docker-compose.yml
@ -26,5 +26,4 @@ services:
    image: "ghcr.io/telekom-security/ewsposter:2006"
    volumes:
     - /data:/data
-     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-
+#     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
--- a/docker/fatt/Dockerfile
+++ b/docker/fatt/Dockerfile
@ -1,11 +1,10 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 #ADD dist/ /root/dist/
 #
 # Get and install dependencies & packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U add \
+RUN apk -U add \
              git \
              py3-libxml2 \
              py3-lxml \
@ -40,4 +39,4 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 STOPSIGNAL SIGINT
 ENV PYTHONPATH /opt/fatt
 WORKDIR /opt/fatt
-CMD python3 fatt.py -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) --print_output --json_logging -o log/fatt.log
+CMD python3 fatt.py -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }') --print_output --json_logging -o log/fatt.log
--- a/docker/glutton/Dockerfile
+++ b/docker/glutton/Dockerfile
@ -1,11 +1,10 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 ADD dist/ /root/dist/
 # 
 # Setup apk
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
                   build-base \
                   git \
                   go \
@ -22,7 +21,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    cd /opt/go/ && \
    git clone https://github.com/mushorg/glutton && \
    cd /opt/go/glutton/ && \
-    git checkout 08f364fff489a82667866ecff2bcc4815569a0c8 && \
+    git checkout c25045b95b43ed9bfee89b2d14a50f5794a9cf2b && \
    mv /root/dist/system.go /opt/go/glutton/ && \
    go mod download && \
    make build && \
@ -53,4 +52,4 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Start glutton 
 WORKDIR /opt/glutton
 USER glutton:glutton
-CMD exec bin/server -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) -l /var/log/glutton/glutton.log > /dev/null 2>&1
+CMD exec bin/server -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }') -l /var/log/glutton/glutton.log > /dev/null 2>&1
--- a/docker/heimdall/Dockerfile
+++ b/docker/heimdall/Dockerfile
@ -1,11 +1,10 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Get and install dependencies & packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
      git \
      nginx \
      nginx-mod-http-headers-more \
@ -29,13 +28,15 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Clone and setup Heimdall, Nginx
    git clone https://github.com/linuxserver/heimdall && \
    cd heimdall && \
-    git checkout 3a9bdd2c431d70803b259990fa4d81db4b06dba4 && \
+    git checkout 61a5a1a8b023771e0ff7c056add5537d20737e51 && \
    cd .. && \
    cp -R heimdall/. /var/lib/nginx/html && \
    rm -rf heimdall && \
    cd /var/lib/nginx/html && \
    cp .env.example .env && \
-    php artisan key:generate && \
+    # Fix error for ArrayInput in smyfony with regard to PHP7.4 (https://github.com/symfony/symfony/pull/32806/files)
+    sed -i "135s/.*/} elseif (0 === strpos(\$key, '-')) {/" /var/lib/nginx/html/vendor/symfony/console/Input/ArrayInput.php && \
+    php7 artisan key:generate && \
 #
 ## Add previously configured content
    mkdir -p /var/lib/nginx/html/storage/app/public/backgrounds/ && \
--- a/docker/heimdall/dist/app/app.sqlite
+++ b/docker/heimdall/dist/app/app.sqlite
--- a/docker/heralding/Dockerfile
+++ b/docker/heralding/Dockerfile
@ -1,11 +1,10 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #  
 # Include dist
 ADD dist/ /root/dist/
 #
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \ 
+RUN apk -U --no-cache add \ 
            		build-base \
            		git \
            		libcap \
@ -13,7 +12,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
            		openssl-dev \
                        libzmq \
            		postgresql-dev \
+			py3-cryptography \
 			py3-pip \
+			py3-pyzmq \
            		python3 \
            		python3-dev \
            		py-virtualenv && \
@ -23,7 +24,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    cd /opt/ && \
    git clone https://github.com/johnnykv/heralding && \
    cd heralding && \
-    git checkout bc1320e2d056c730c821cd42a19a262bfceebfd7 && \
+    git checkout 3f38976a2ab4d884d755b6324f2c71923ddadbdb && \
    pip3 install --no-cache-dir -r requirements.txt && \
    pip3 install --no-cache-dir . && \
 #
--- a/docker/heralding/dist/heralding.yml
+++ b/docker/heralding/dist/heralding.yml
@ -62,6 +62,7 @@ capabilities:
    timeout: 30
    protocol_specific_data:
      max_attempts: 3
+      banner: "+OK POP3 server ready"

  pop3s:
    enabled: true
@ -69,6 +70,7 @@ capabilities:
    timeout: 30
    protocol_specific_data:
      max_attempts: 3
+      banner: "+OK POP3 server ready"
      # if a .pem file is not found in work dir, a new pem file will be created
      # using these values
      cert:
@ -157,6 +159,25 @@ capabilities:
      # If the fqdn option is commented out or empty, then fqdn of the host will be used
      fqdn: ""

+  smtps:
+    enabled: true
+    port: 465
+    timeout: 30
+    protocol_specific_data:
+      banner: "Microsoft ESMTP MAIL service ready"
+      # If the fqdn option is commented out or empty, then fqdn of the host will be used
+      fqdn: ""
+      cert:
+        common_name: "*"
+        country: "US"
+        state: None
+        locality: None
+        organization: None
+        organizational_unit: None
+        # how many days should the certificate be valid for
+        valid_days: 365
+        serial_number: 0
+
  vnc:
    enabled: true
    port: 5900
--- a/docker/heralding/docker-compose.yml
+++ b/docker/heralding/docker-compose.yml
@ -23,6 +23,7 @@ services:
     - "110:110"
     - "143:143"
     - "443:443"
+     - "465:465"
     - "993:993"
     - "995:995"
     - "1080:1080"
--- a/docker/honeysap/Dockerfile
+++ b/docker/honeysap/Dockerfile
@ -4,15 +4,15 @@ FROM alpine:3.10
 ADD dist/ /root/dist/
 #
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
            build-base \
            git \
 	    libstdc++ \
 	    py2-markupsafe \
            python2 \
            python2-dev \
-            py2-pip && \
+            py2-pip \
+            tcpdump && \
 #
 # Clone honeysap from git
 #    git clone --depth=1 https://github.com/SecureAuthCorp/HoneySAP /opt/honeysap && \
--- a/docker/ipphoney/Dockerfile
+++ b/docker/ipphoney/Dockerfile
@ -1,11 +1,10 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U add \
+RUN apk -U add \
             build-base \
 	     ca-certificates \
             git \
@ -14,6 +13,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 	     openssl \
             openssl-dev \
 	     postgresql-dev \
+	     py3-cryptography \
             py3-mysqlclient \
             py3-requests \
 	     py3-pip \
@ -23,7 +23,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    cd /opt/ && \
    git clone https://gitlab.com/bontchev/ipphoney.git/ && \
    cd ipphoney && \
-    git checkout db8c6e91bff27b5c376339c5effbb45355897ab5 && \
+    git checkout 7ab1cac437baba17cb2cd25d5bb1400327e1bb79 && \
    pip3 install -r requirements.txt && \
    setcap cap_net_bind_service=+ep /usr/bin/python3.8 && \
 #
--- a/docker/medpot/Dockerfile
+++ b/docker/medpot/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Setup apk
 RUN apk -U --no-cache add \
--- a/docker/p0f/Dockerfile
+++ b/docker/p0f/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Add source
 ADD . /opt/p0f
@ -32,4 +32,4 @@ RUN apk -U --no-cache add \
 # Start p0f
 WORKDIR /opt/p0f
 USER p0f:p0f
-CMD exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) > /dev/null
+CMD exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }') > /dev/null
--- a/docker/spiderfoot/Dockerfile
+++ b/docker/spiderfoot/Dockerfile
@ -1,8 +1,7 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Get and install dependencies & packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
            build-base \
            curl \
            git \
@ -20,6 +19,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
            python3 \
            python3-dev \
 	    py-cffi \
+	    py-cryptography \
 	    py-pillow \
            py-future \
            py3-pip \
@ -33,13 +33,13 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    adduser -S -s /bin/ash -u 2000 -D -g 2000 spiderfoot && \
 #
 # Install spiderfoot 
-    git clone --depth=1 -b v3.1 https://github.com/smicallef/spiderfoot /home/spiderfoot && \
+    git clone --depth=1 -b v3.3 https://github.com/smicallef/spiderfoot /home/spiderfoot && \
    cd /home/spiderfoot && \
    pip3 install --no-cache-dir wheel && \ 
    pip3 install --no-cache-dir -r requirements.txt && \ 
    chown -R spiderfoot:spiderfoot /home/spiderfoot && \
-    sed -i "s#'__docroot': ''#'__docroot': '\/spiderfoot'#" /home/spiderfoot/sf.py && \
-    sed -i 's#raise cherrypy.HTTPRedirect("\/")#raise cherrypy.HTTPRedirect("\/spiderfoot")#' /home/spiderfoot/sfwebui.py && \
+    sed -i "s#'root': '\/'#'root': '\/spiderfoot'#" /home/spiderfoot/sf.py && \
+    sed -i "s#'root', '\/'#'root', '\/spiderfoot'#" /home/spiderfoot/sf.py && \
 #
 # Clean up
    apk del --purge build-base \
--- a/docker/suricata/Dockerfile
+++ b/docker/suricata/Dockerfile
@ -1,31 +1,31 @@
-FROM alpine:3.12
+FROM alpine:edge
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
                 ca-certificates \
                 curl \
                 file \
 		 hiredis \
                 libcap \
-                 wget && \
-    apk -U add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
+                 wget \
                 suricata && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 suri && \
    adduser -S -H -u 2000 -D -g 2000 suri && \
    chmod 644 /etc/suricata/*.config && \
-    cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
+    cp /root/dist/*.yaml /etc/suricata/ && \
+    cp /root/dist/*.conf /etc/suricata/ && \
    cp /root/dist/*.bpf /etc/suricata/ && \
 #
-# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
+# Download the latest EmergingThreats OPEN ruleset
    cp /root/dist/update.sh /usr/bin/ && \
    chmod 755 /usr/bin/update.sh && \
-    update.sh OPEN && \
+    suricata-update update-sources && \
+    suricata-update --no-reload && \
 #
 # Clean up
    rm -rf /root/* && \
@ -34,4 +34,4 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 #
 # Start suricata
 STOPSIGNAL SIGINT
-CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
+CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }')
--- a/docker/suricata/Dockerfile.from.source
+++ b/docker/suricata/Dockerfile.from.source
@ -1,7 +1,7 @@
 FROM alpine
 #
 # VARS
-ENV VER=5.0.2
+ENV VER=6.0.0
 #
 # Include dist
 ADD dist/ /root/dist/
@ -59,8 +59,7 @@ RUN    apk -U add \
               libhtp \
               libhtp-dev && \
 #
-# Upgrade pip, install suricata-update to meet deps, however we will not be using it 
-# to reduce image (no python needed) and use the update script.
+# Upgrade pip, install suricata-update to meet deps
    pip3 install --no-cache-dir --upgrade pip && \
    pip3 install --no-cache-dir suricata-update && \
 #
@ -93,15 +92,17 @@ RUN    apk -U add \
    addgroup -g 2000 suri && \
    adduser -S -H -u 2000 -D -g 2000 suri && \
    chmod 644 /etc/suricata/*.config && \
-    cp /root/dist/suricata.yaml /etc/suricata/suricata.yaml && \
+    cp /root/dist/*.yaml /etc/suricata/ && \
+    cp /root/dist/*.conf /etc/suricata/ && \
    cp /root/dist/*.bpf /etc/suricata/ && \
    mkdir -p /etc/suricata/rules && \
    cp /opt/builder/rules/* /etc/suricata/rules/ && \
 #
-# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
+# Download the latest EmergingThreats OPEN ruleset
    cp /root/dist/update.sh /usr/bin/ && \
    chmod 755 /usr/bin/update.sh && \
-    update.sh OPEN && \
+    suricata-update update-sources && \
+    suricata-update --no-reload && \
 #
 # Clean up
    apk del --purge \
@ -126,8 +127,6 @@ RUN    apk -U add \
                 nss-dev \
                 nspr-dev \
                 pcre-dev \
-		 python3 \
-                 rust \
                 yaml-dev && \
    rm -rf /opt/builder && \
    rm -rf /root/* && \
@ -136,4 +135,4 @@ RUN    apk -U add \
 #
 # Start suricata
 STOPSIGNAL SIGINT
-CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
+CMD SURICATA_CAPTURE_FILTER=$(update.sh $OINKCODE) && exec suricata -v -F $SURICATA_CAPTURE_FILTER -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }')
--- a/docker/suricata/dist/capture-filter.bpf
+++ b/docker/suricata/dist/capture-filter.bpf
@ -1,3 +1,5 @@
 not (host sicherheitstacho.eu or community.sicherheitstacho.eu or listbot.sicherheitstacho.eu) and
+not (host rules.emergingthreats.net or rules.emergingthreatspro.com) and
 not (host deb.debian.org) and
+not (host ghcr.io) and
 not (host index.docker.io or docker.io)
--- a/docker/suricata/dist/disable.conf
+++ b/docker/suricata/dist/disable.conf
--- a/docker/suricata/dist/enable.conf
+++ b/docker/suricata/dist/enable.conf
@ -0,0 +1,3 @@
+# Since honeypot traffic is usually low, we can afford to enable
+# all the rules that are normally disabled for performance reasons.
+re:.
--- a/docker/suricata/dist/modify.conf
+++ b/docker/suricata/dist/modify.conf
--- a/docker/suricata/dist/suricata.yaml
+++ b/docker/suricata/dist/suricata.yaml
--- a/docker/suricata/dist/update.sh
+++ b/docker/suricata/dist/update.sh
@ -9,24 +9,6 @@ trap fuCLEANUP EXIT
 ### Vars
 myOINKCODE="$1"

-function fuDLRULES {
-### Check if args are present then download rules, if not throw error
-if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" == "OPEN" ];
-  then
-    echo "Downloading ET open ruleset."
-    wget -q --tries=2 --timeout=2 https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz -O /tmp/rules.tar.gz
-  else
-    if [ "$myOINKCODE" != "" ];
-      then
-	echo "Downloading ET pro ruleset with Oinkcode $myOINKCODE."
-	wget -q --tries=2 --timeout=2 https://rules.emergingthreatspro.com/$myOINKCODE/suricata-5.0/etpro.rules.tar.gz -O /tmp/rules.tar.gz
-      else	
-        echo "Usage: update.sh <[OPEN, OINKCODE]>"
-	exit
-    fi	
-fi
-}
-
 # Check internet availability 
 function fuCHECKINET () {
 mySITES=$1
@ -46,9 +28,14 @@ for i in $mySITES;
 myCHECK=$(fuCHECKINET "rules.emergingthreatspro.com rules.emergingthreats.net")
 if [ "$myCHECK" == "0" ];
  then
-    fuDLRULES 2>&1 > /dev/null
-    tar xvfz /tmp/rules.tar.gz -C /etc/suricata/ 2>&1 > /dev/null
-    sed -i s/^#alert/alert/ /etc/suricata/rules/*.rules 2>&1 > /dev/null
+    if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" != "OPEN" ];
+      then
+        suricata-update -q enable-source et/pro secret-code=$myOINKCODE > /dev/null
+      else
+        # suricata-update uses et/open ruleset by default if not configured
+        rm -f /var/lib/suricata/update/sources/et-pro.yaml 2>&1 > /dev/null
+    fi
+    suricata-update -q --no-test --no-reload > /dev/null
    echo "/etc/suricata/capture-filter.bpf"
  else
    echo "/etc/suricata/null.bpf"
--- a/docker/suricata/dist/update.yaml
+++ b/docker/suricata/dist/update.yaml
@ -0,0 +1,12 @@
+disable-conf: /etc/suricata/disable.conf
+enable-conf: /etc/suricata/enable.conf
+#drop-conf: /etc/suricata/drop.conf
+modify-conf: /etc/suricata/modify.conf
+
+ignore:
+  - "*deleted.rules"
+  - "dhcp-events.rules"  # DHCP is disabled in suricata.yaml
+  - "files.rules"  # file-store is disabled in suricata.yaml
+
+reload-command: suricatasc -c ruleset-reload-rules
+
--- a/docker/tanner/phpox/Dockerfile
+++ b/docker/tanner/phpox/Dockerfile
@ -1,8 +1,7 @@
 FROM alpine:3.10
 #
 # Install packages
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
               build-base \
               file \
               git \
--- a/docker/tanner/redis/Dockerfile
+++ b/docker/tanner/redis/Dockerfile
@ -4,8 +4,7 @@ FROM redis:alpine
 ADD dist/ /root/dist/
 #
 # Setup apt
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add redis && \ 
+RUN apk -U --no-cache add redis && \ 
    cp /root/dist/redis.conf /etc && \
 #
 # Clean up
--- a/docker/tanner/snare/Dockerfile
+++ b/docker/tanner/snare/Dockerfile
@ -4,8 +4,7 @@ FROM alpine:3.10
 ADD dist/ /root/dist/
 #
 # Setup apt
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
               build-base \
               git \
               linux-headers \
@ -15,7 +14,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
 # Setup Snare 
    git clone https://github.com/mushorg/snare /opt/snare && \
    cd /opt/snare/ && \
-    git checkout 7762b762b272f0599c16e11ef997c37d2899d33e && \
+    git checkout 5af76755f367dae8acb347962be34eb8de14f85a && \
    pip3 install --no-cache-dir setuptools && \
    pip3 install --no-cache-dir -r requirements.txt && \
    python3 setup.py install && \
--- a/docker/tanner/tanner/Dockerfile
+++ b/docker/tanner/tanner/Dockerfile
@ -1,11 +1,10 @@
-FROM alpine:3.12
+FROM alpine:3.13
 #
 # Include dist
 ADD dist/ /root/dist/
 #
 # Setup apt
-RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
-    apk -U --no-cache add \
+RUN apk -U --no-cache add \
               build-base \
               git \
               libcap \
@ -22,7 +21,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    cd /opt/tanner/ && \
 #    git fetch origin pull/364/head:test && \	
 #    git checkout test && \
-    git checkout 40e2357119065445cbb06234e953a95e5a73ce93 && \
+    git checkout 1fd5465ef5658c2211e16e092c36b3bb05600730 && \
    cp /root/dist/config.yaml /opt/tanner/tanner/data && \
    pip3 install --no-cache-dir setuptools && \
    pip3 install --no-cache-dir -r requirements.txt && \
--- a/etc/compose/collector.yml
+++ b/etc/compose/collector.yml
@ -31,6 +31,7 @@ services:
     - "110:110"
     - "143:143"
     - "443:443"
+     - "465:465"
     - "993:993"
     - "995:995"
     - "1080:1080"
@ -38,7 +39,7 @@ services:
     - "3389:3389"
     - "5432:5432"
     - "5900:5900"
-    image: "ghcr.io/telekom-security/heralding:2006"
+    image: "dtagdevsec/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -52,7 +53,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "ghcr.io/telekom-security/honeytrap:2006"
+    image: "dtagdevsec/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
@ -73,7 +74,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/fatt:2006"
+    image: "dtagdevsec/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log

@ -82,7 +83,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "ghcr.io/telekom-security/p0f:2006"
+    image: "dtagdevsec/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -99,7 +100,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/suricata:2006"
+    image: "dtagdevsec/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata

@ -116,7 +117,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "ghcr.io/telekom-security/cyberchef:2006"
+    image: "dtagdevsec/cyberchef:2006"
    read_only: true

 #### ELK
@ -140,7 +141,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "ghcr.io/telekom-security/elasticsearch:2006"
+    image: "dtagdevsec/elasticsearch:2006"
    volumes:
     - /data:/data

@ -153,7 +154,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "ghcr.io/telekom-security/kibana:2006"
+    image: "dtagdevsec/kibana:2006"

 ## Logstash service
  logstash:
@ -166,7 +167,7 @@ services:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/logstash:2006"
+    image: "dtagdevsec/logstash:2006"
    volumes:
     - /data:/data

@ -179,7 +180,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "ghcr.io/telekom-security/head:2006"
+    image: "dtagdevsec/head:2006"
    read_only: true

 # Ewsposter service
@ -199,7 +200,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/ewsposter:2006"
+    image: "dtagdevsec/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -227,7 +228,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "ghcr.io/telekom-security/nginx:2006"
+    image: "dtagdevsec/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -245,6 +246,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "ghcr.io/telekom-security/spiderfoot:2006"
+    image: "dtagdevsec/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/compose/industrial.yml
+++ b/etc/compose/industrial.yml
@ -48,7 +48,7 @@ services:
     - "21:21"
     - "44818:44818"
     - "47808:47808"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -70,7 +70,7 @@ services:
    ports:
 #     - "161:161"
     - "2404:2404"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -91,7 +91,7 @@ services:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -112,7 +112,7 @@ services:
     - conpot_local_ipmi
    ports:
     - "623:623"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -134,7 +134,7 @@ services:
    ports:
     - "1025:1025"
     - "50100:50100"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -151,7 +151,7 @@ services:
    ports:
     - "22:22"
     - "23:23"
-    image: "ghcr.io/telekom-security/cowrie:2006"
+    image: "dtagdevsec/cowrie:2006"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
@ -170,7 +170,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "ghcr.io/telekom-security/dicompot:2006"
+    image: "dtagdevsec/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -193,13 +193,14 @@ services:
    # - "110:110"
    # - "143:143"
    # - "443:443"
+    # - "465:465"
    # - "993:993"
    # - "995:995"
    # - "3306:3306"
    # - "3389:3389"
    # - "5432:5432"
     - "5900:5900"
-    image: "ghcr.io/telekom-security/heralding:2006"
+    image: "dtagdevsec/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -212,7 +213,7 @@ services:
     - honeysap_local
    ports:
     - "3299:3299"
-    image: "ghcr.io/telekom-security/honeysap:2006"
+    image: "dtagdevsec/honeysap:2006"
    volumes:
     - /data/honeysap/log:/opt/honeysap/log

@ -225,7 +226,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "ghcr.io/telekom-security/honeytrap:2006"
+    image: "dtagdevsec/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
@ -240,7 +241,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "ghcr.io/telekom-security/medpot:2006"
+    image: "dtagdevsec/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -261,7 +262,7 @@ services:
     - rdpy_local
    ports:
     - "3389:3389"
-    image: "ghcr.io/telekom-security/rdpy:2006"
+    image: "dtagdevsec/rdpy:2006"
    read_only: true
    volumes:
     - /data/rdpy/log:/var/log/rdpy
@ -280,7 +281,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/fatt:2006"
+    image: "dtagdevsec/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log

@ -289,7 +290,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "ghcr.io/telekom-security/p0f:2006"
+    image: "dtagdevsec/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -306,7 +307,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/suricata:2006"
+    image: "dtagdevsec/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata

@ -323,7 +324,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "ghcr.io/telekom-security/cyberchef:2006"
+    image: "dtagdevsec/cyberchef:2006"
    read_only: true

 #### ELK
@ -347,7 +348,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "ghcr.io/telekom-security/elasticsearch:2006"
+    image: "dtagdevsec/elasticsearch:2006"
    volumes:
     - /data:/data

@ -360,7 +361,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "ghcr.io/telekom-security/kibana:2006"
+    image: "dtagdevsec/kibana:2006"

 ## Logstash service
  logstash:
@ -373,7 +374,7 @@ services:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/logstash:2006"
+    image: "dtagdevsec/logstash:2006"
    volumes:
     - /data:/data

@ -386,7 +387,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "ghcr.io/telekom-security/head:2006"
+    image: "dtagdevsec/head:2006"
    read_only: true

 # Ewsposter service
@ -406,7 +407,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/ewsposter:2006"
+    image: "dtagdevsec/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -434,7 +435,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "ghcr.io/telekom-security/nginx:2006"
+    image: "dtagdevsec/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -452,6 +453,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "ghcr.io/telekom-security/spiderfoot:2006"
+    image: "dtagdevsec/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/compose/medical.yml
+++ b/etc/compose/medical.yml
@ -26,7 +26,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "ghcr.io/telekom-security/dicompot:2006"
+    image: "dtagdevsec/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -40,7 +40,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "ghcr.io/telekom-security/medpot:2006"
+    image: "dtagdevsec/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -58,7 +58,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/fatt:2006"
+    image: "dtagdevsec/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log

@ -67,7 +67,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "ghcr.io/telekom-security/p0f:2006"
+    image: "dtagdevsec/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -84,7 +84,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/suricata:2006"
+    image: "dtagdevsec/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata

@ -101,7 +101,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "ghcr.io/telekom-security/cyberchef:2006"
+    image: "dtagdevsec/cyberchef:2006"
    read_only: true

 #### ELK
@ -125,7 +125,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "ghcr.io/telekom-security/elasticsearch:2006"
+    image: "dtagdevsec/elasticsearch:2006"
    volumes:
     - /data:/data

@ -138,7 +138,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "ghcr.io/telekom-security/kibana:2006"
+    image: "dtagdevsec/kibana:2006"

 ## Logstash service
  logstash:
@ -151,7 +151,7 @@ services:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/logstash:2006"
+    image: "dtagdevsec/logstash:2006"
    volumes:
     - /data:/data

@ -164,7 +164,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "ghcr.io/telekom-security/head:2006"
+    image: "dtagdevsec/head:2006"
    read_only: true

 # Ewsposter service
@ -184,7 +184,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/ewsposter:2006"
+    image: "dtagdevsec/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -212,7 +212,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "ghcr.io/telekom-security/nginx:2006"
+    image: "dtagdevsec/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -230,6 +230,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "ghcr.io/telekom-security/spiderfoot:2006"
+    image: "dtagdevsec/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/compose/nextgen.yml
+++ b/etc/compose/nextgen.yml
@ -40,7 +40,7 @@ services:
     - adbhoney_local
    ports:
     - "5555:5555"
-    image: "ghcr.io/telekom-security/adbhoney:2006"
+    image: "dtagdevsec/adbhoney:2006"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
@ -57,7 +57,7 @@ services:
    ports:
     - "5000:5000/udp"
     - "8443:8443"
-    image: "ghcr.io/telekom-security/ciscoasa:2006"
+    image: "dtagdevsec/ciscoasa:2006"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
@ -70,7 +70,7 @@ services:
     - citrixhoneypot_local
    ports:
     - "443:443"
-    image: "ghcr.io/telekom-security/citrixhoneypot:2006"
+    image: "dtagdevsec/citrixhoneypot:2006"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs       
@ -92,7 +92,7 @@ services:
    ports:
     - "161:161"
     - "2404:2404"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -113,7 +113,7 @@ services:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -134,7 +134,7 @@ services:
     - conpot_local_ipmi
    ports:
     - "623:623"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -156,7 +156,7 @@ services:
    ports:
     - "1025:1025"
     - "50100:50100"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -173,7 +173,7 @@ services:
    ports:
     - "22:22"
     - "23:23"
-    image: "ghcr.io/telekom-security/cowrie:2006"
+    image: "dtagdevsec/cowrie:2006"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
@ -192,7 +192,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "ghcr.io/telekom-security/dicompot:2006"
+    image: "dtagdevsec/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -223,7 +223,7 @@ services:
     - "5060:5060/udp"
     - "5061:5061"
     - "27017:27017"
-    image: "ghcr.io/telekom-security/dionaea:2006"
+    image: "dtagdevsec/dionaea:2006"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
@ -243,7 +243,7 @@ services:
     - elasticpot_local
    ports:
     - "9200:9200"
-    image: "ghcr.io/telekom-security/elasticpot:2006"
+    image: "dtagdevsec/elasticpot:2006"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
@ -258,7 +258,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "ghcr.io/telekom-security/glutton:2006"
+    image: "dtagdevsec/glutton:2006"
    read_only: true
    volumes:
     - /data/glutton/log:/var/log/glutton
@ -281,6 +281,7 @@ services:
     - "110:110"
     - "143:143"
    # - "443:443"
+     - "465:465"
     - "993:993"
     - "995:995"
    # - "3306:3306"
@ -288,7 +289,7 @@ services:
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
-    image: "ghcr.io/telekom-security/heralding:2006"
+    image: "dtagdevsec/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -307,7 +308,7 @@ services:
     - "2324:2324"
     - "4096:4096"
    # - "9200:9200"
-    image: "ghcr.io/telekom-security/honeypy:2006"
+    image: "dtagdevsec/honeypy:2006"
    read_only: true
    volumes:
     - /data/honeypy/log:/opt/honeypy/log
@ -320,7 +321,7 @@ services:
     - honeysap_local
    ports:
     - "3299:3299"
-    image: "ghcr.io/telekom-security/honeysap:2006"
+    image: "dtagdevsec/honeysap:2006"
    volumes:
     - /data/honeysap/log:/opt/honeysap/log

@ -332,7 +333,7 @@ services:
     - ipphoney_local
    ports:
     - "631:631"
-    image: "ghcr.io/telekom-security/ipphoney:2006"
+    image: "dtagdevsec/ipphoney:2006"
    read_only: true
    volumes:
     - /data/ipphoney/log:/opt/ipphoney/log
@ -351,7 +352,7 @@ services:
     - mailoney_local
    ports:
     - "25:25"
-    image: "ghcr.io/telekom-security/mailoney:2006"
+    image: "dtagdevsec/mailoney:2006"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
@ -364,7 +365,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "ghcr.io/telekom-security/medpot:2006"
+    image: "dtagdevsec/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -385,7 +386,7 @@ services:
     - rdpy_local
    ports:
     - "3389:3389"
-    image: "ghcr.io/telekom-security/rdpy:2006"
+    image: "dtagdevsec/rdpy:2006"
    read_only: true
    volumes:
     - /data/rdpy/log:/var/log/rdpy
@ -398,7 +399,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/redis:2006"
+    image: "dtagdevsec/redis:2006"
    read_only: true

 ## PHP Sandbox service
@ -408,7 +409,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/phpox:2006"
+    image: "dtagdevsec/phpox:2006"
    read_only: true

 ## Tanner API Service
@ -420,7 +421,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/tanner:2006"
+    image: "dtagdevsec/tanner:2006"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
@ -437,7 +438,7 @@ services:
 #    tty: true
 #    networks:
 #     - tanner_local
-#    image: "ghcr.io/telekom-security/tanner:2006"
+#    image: "dtagdevsec/tanner:2006"
 #    command: tannerweb
 #    read_only: true
 #    volumes:
@ -454,7 +455,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/tanner:2006"
+    image: "dtagdevsec/tanner:2006"
    command: tanner
    read_only: true
    volumes:
@ -474,7 +475,7 @@ services:
     - tanner_local
    ports:
     - "80:80"
-    image: "ghcr.io/telekom-security/snare:2006"
+    image: "dtagdevsec/snare:2006"
    depends_on:
     - tanner

@ -492,7 +493,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/fatt:2006"
+    image: "dtagdevsec/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log

@ -501,7 +502,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "ghcr.io/telekom-security/p0f:2006"
+    image: "dtagdevsec/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -518,7 +519,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/suricata:2006"
+    image: "dtagdevsec/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata

@ -535,7 +536,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "ghcr.io/telekom-security/cyberchef:2006"
+    image: "dtagdevsec/cyberchef:2006"
    read_only: true

 #### ELK
@ -559,7 +560,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "ghcr.io/telekom-security/elasticsearch:2006"
+    image: "dtagdevsec/elasticsearch:2006"
    volumes:
     - /data:/data

@ -572,7 +573,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "ghcr.io/telekom-security/kibana:2006"
+    image: "dtagdevsec/kibana:2006"

 ## Logstash service
  logstash:
@ -585,7 +586,7 @@ services:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/logstash:2006"
+    image: "dtagdevsec/logstash:2006"
    volumes:
     - /data:/data

@ -598,7 +599,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "ghcr.io/telekom-security/head:2006"
+    image: "dtagdevsec/head:2006"
    read_only: true

 # Ewsposter service
@ -618,7 +619,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/ewsposter:2006"
+    image: "dtagdevsec/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -646,7 +647,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "ghcr.io/telekom-security/nginx:2006"
+    image: "dtagdevsec/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -664,6 +665,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "ghcr.io/telekom-security/spiderfoot:2006"
+    image: "dtagdevsec/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/compose/sensor.yml
+++ b/etc/compose/sensor.yml
@ -37,7 +37,7 @@ services:
     - adbhoney_local
    ports:
     - "5555:5555"
-    image: "ghcr.io/telekom-security/adbhoney:2006"
+    image: "dtagdevsec/adbhoney:2006"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
@ -54,7 +54,7 @@ services:
    ports:
     - "5000:5000/udp"
     - "8443:8443"
-    image: "ghcr.io/telekom-security/ciscoasa:2006"
+    image: "dtagdevsec/ciscoasa:2006"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
@ -67,7 +67,7 @@ services:
     - citrixhoneypot_local
    ports:
     - "443:443"
-    image: "ghcr.io/telekom-security/citrixhoneypot:2006"
+    image: "dtagdevsec/citrixhoneypot:2006"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
@ -89,7 +89,7 @@ services:
    ports:
     - "161:161"
     - "2404:2404"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -110,7 +110,7 @@ services:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -131,7 +131,7 @@ services:
     - conpot_local_ipmi
    ports:
     - "623:623"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -153,7 +153,7 @@ services:
    ports:
     - "1025:1025"
     - "50100:50100"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -170,7 +170,7 @@ services:
    ports:
     - "22:22"
     - "23:23"
-    image: "ghcr.io/telekom-security/cowrie:2006"
+    image: "dtagdevsec/cowrie:2006"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
@ -189,7 +189,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "ghcr.io/telekom-security/dicompot:2006"
+    image: "dtagdevsec/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -220,7 +220,7 @@ services:
     - "5060:5060/udp"
     - "5061:5061"
     - "27017:27017"
-    image: "ghcr.io/telekom-security/dionaea:2006"
+    image: "dtagdevsec/dionaea:2006"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
@ -240,7 +240,7 @@ services:
     - elasticpot_local
    ports:
     - "9200:9200"
-    image: "ghcr.io/telekom-security/elasticpot:2006"
+    image: "dtagdevsec/elasticpot:2006"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
@ -262,6 +262,7 @@ services:
     - "110:110"
     - "143:143"
    # - "443:443"
+     - "465:465"
     - "993:993"
     - "995:995"
    # - "3306:3306"
@ -269,7 +270,7 @@ services:
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
-    image: "ghcr.io/telekom-security/heralding:2006"
+    image: "dtagdevsec/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -288,7 +289,7 @@ services:
     - "2324:2324"
     - "4096:4096"
    # - "9200:9200"
-    image: "ghcr.io/telekom-security/honeypy:2006"
+    image: "dtagdevsec/honeypy:2006"
    read_only: true
    volumes:
     - /data/honeypy/log:/opt/honeypy/log
@ -301,7 +302,7 @@ services:
     - honeysap_local
    ports:
     - "3299:3299"
-    image: "ghcr.io/telekom-security/honeysap:2006"
+    image: "dtagdevsec/honeysap:2006"
    volumes:
     - /data/honeysap/log:/opt/honeysap/log

@ -314,7 +315,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "ghcr.io/telekom-security/honeytrap:2006"
+    image: "dtagdevsec/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
@ -335,7 +336,7 @@ services:
     - mailoney_local
    ports:
     - "25:25"
-    image: "ghcr.io/telekom-security/mailoney:2006"
+    image: "dtagdevsec/mailoney:2006"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
@ -348,7 +349,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "ghcr.io/telekom-security/medpot:2006"
+    image: "dtagdevsec/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -369,7 +370,7 @@ services:
     - rdpy_local
    ports:
     - "3389:3389"
-    image: "ghcr.io/telekom-security/rdpy:2006"
+    image: "dtagdevsec/rdpy:2006"
    read_only: true
    volumes:
     - /data/rdpy/log:/var/log/rdpy
@ -382,7 +383,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/redis:2006"
+    image: "dtagdevsec/redis:2006"
    read_only: true

 ## PHP Sandbox service
@ -392,7 +393,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/phpox:2006"
+    image: "dtagdevsec/phpox:2006"
    read_only: true

 ## Tanner API Service
@ -404,7 +405,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/tanner:2006"
+    image: "dtagdevsec/tanner:2006"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
@ -421,7 +422,7 @@ services:
 #    tty: true
 #    networks:
 #     - tanner_local
-#    image: "ghcr.io/telekom-security/tanner:2006"
+#    image: "dtagdevsec/tanner:2006"
 #    command: tannerweb
 #    read_only: true
 #    volumes:
@ -438,7 +439,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/tanner:2006"
+    image: "dtagdevsec/tanner:2006"
    command: tanner
    read_only: true
    volumes:
@ -458,7 +459,7 @@ services:
     - tanner_local
    ports:
     - "80:80"
-    image: "ghcr.io/telekom-security/snare:2006"
+    image: "dtagdevsec/snare:2006"
    depends_on:
     - tanner

@ -476,7 +477,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/fatt:2006"
+    image: "dtagdevsec/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log

@ -485,7 +486,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "ghcr.io/telekom-security/p0f:2006"
+    image: "dtagdevsec/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -502,7 +503,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/suricata:2006"
+    image: "dtagdevsec/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata

@ -528,7 +529,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/ewsposter:2006"
+    image: "dtagdevsec/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
--- a/etc/compose/standard.yml
+++ b/etc/compose/standard.yml
@ -37,7 +37,7 @@ services:
     - adbhoney_local
    ports:
     - "5555:5555"
-    image: "ghcr.io/telekom-security/adbhoney:2006"
+    image: "dtagdevsec/adbhoney:2006"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
@ -53,7 +53,7 @@ services:
    ports:
     - "5000:5000/udp"
     - "8443:8443"
-    image: "ghcr.io/telekom-security/ciscoasa:2006"
+    image: "dtagdevsec/ciscoasa:2006"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
@ -66,7 +66,7 @@ services:
     - citrixhoneypot_local
    ports:
     - "443:443"
-    image: "ghcr.io/telekom-security/citrixhoneypot:2006"
+    image: "dtagdevsec/citrixhoneypot:2006"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
@ -88,7 +88,7 @@ services:
    ports:
     - "161:161"
     - "2404:2404"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -109,7 +109,7 @@ services:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -130,7 +130,7 @@ services:
     - conpot_local_ipmi
    ports:
     - "623:623"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -152,7 +152,7 @@ services:
    ports:
     - "1025:1025"
     - "50100:50100"
-    image: "ghcr.io/telekom-security/conpot:2006"
+    image: "dtagdevsec/conpot:2006"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
@ -169,7 +169,7 @@ services:
    ports:
     - "22:22"
     - "23:23"
-    image: "ghcr.io/telekom-security/cowrie:2006"
+    image: "dtagdevsec/cowrie:2006"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
@ -188,7 +188,7 @@ services:
     - dicompot_local
    ports:
     - "11112:11112"
-    image: "ghcr.io/telekom-security/dicompot:2006"
+    image: "dtagdevsec/dicompot:2006"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
@ -219,7 +219,7 @@ services:
     - "5060:5060/udp"
     - "5061:5061"
     - "27017:27017"
-    image: "ghcr.io/telekom-security/dionaea:2006"
+    image: "dtagdevsec/dionaea:2006"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
@ -239,7 +239,7 @@ services:
     - elasticpot_local
    ports:
     - "9200:9200"
-    image: "ghcr.io/telekom-security/elasticpot:2006"
+    image: "dtagdevsec/elasticpot:2006"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
@ -261,6 +261,7 @@ services:
     - "110:110"
     - "143:143"
    # - "443:443"
+     - "465:465"
     - "993:993"
     - "995:995"
    # - "3306:3306"
@ -268,7 +269,7 @@ services:
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
-    image: "ghcr.io/telekom-security/heralding:2006"
+    image: "dtagdevsec/heralding:2006"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
@ -281,7 +282,7 @@ services:
     - honeysap_local
    ports:
     - "3299:3299"
-    image: "ghcr.io/telekom-security/honeysap:2006"
+    image: "dtagdevsec/honeysap:2006"
    volumes:
     - /data/honeysap/log:/opt/honeysap/log

@ -294,7 +295,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "ghcr.io/telekom-security/honeytrap:2006"
+    image: "dtagdevsec/honeytrap:2006"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
@ -315,7 +316,7 @@ services:
     - mailoney_local
    ports:
     - "25:25"
-    image: "ghcr.io/telekom-security/mailoney:2006"
+    image: "dtagdevsec/mailoney:2006"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
@ -328,7 +329,7 @@ services:
     - medpot_local
    ports:
     - "2575:2575"
-    image: "ghcr.io/telekom-security/medpot:2006"
+    image: "dtagdevsec/medpot:2006"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
@ -349,7 +350,7 @@ services:
     - rdpy_local
    ports:
     - "3389:3389"
-    image: "ghcr.io/telekom-security/rdpy:2006"
+    image: "dtagdevsec/rdpy:2006"
    read_only: true
    volumes:
     - /data/rdpy/log:/var/log/rdpy
@ -362,7 +363,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/redis:2006"
+    image: "dtagdevsec/redis:2006"
    read_only: true

 ## PHP Sandbox service
@ -372,7 +373,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/phpox:2006"
+    image: "dtagdevsec/phpox:2006"
    read_only: true

 ## Tanner API Service
@ -384,7 +385,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/tanner:2006"
+    image: "dtagdevsec/tanner:2006"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
@ -401,7 +402,7 @@ services:
 #    tty: true
 #    networks:
 #     - tanner_local
-#    image: "ghcr.io/telekom-security/tanner:2006"
+#    image: "dtagdevsec/tanner:2006"
 #    command: tannerweb
 #    read_only: true
 #    volumes:
@ -418,7 +419,7 @@ services:
    tty: true
    networks:
     - tanner_local
-    image: "ghcr.io/telekom-security/tanner:2006"
+    image: "dtagdevsec/tanner:2006"
    command: tanner
    read_only: true
    volumes:
@ -438,7 +439,7 @@ services:
     - tanner_local
    ports:
     - "80:80"
-    image: "ghcr.io/telekom-security/snare:2006"
+    image: "dtagdevsec/snare:2006"
    depends_on:
     - tanner

@ -456,7 +457,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/fatt:2006"
+    image: "dtagdevsec/fatt:2006"
    volumes:
     - /data/fatt/log:/opt/fatt/log

@ -465,7 +466,7 @@ services:
    container_name: p0f
    restart: always
    network_mode: "host"
-    image: "ghcr.io/telekom-security/p0f:2006"
+    image: "dtagdevsec/p0f:2006"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
@ -482,7 +483,7 @@ services:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
-    image: "ghcr.io/telekom-security/suricata:2006"
+    image: "dtagdevsec/suricata:2006"
    volumes:
     - /data/suricata/log:/var/log/suricata

@ -499,7 +500,7 @@ services:
     - cyberchef_local
    ports:
     - "127.0.0.1:64299:8000"
-    image: "ghcr.io/telekom-security/cyberchef:2006"
+    image: "dtagdevsec/cyberchef:2006"
    read_only: true

 #### ELK
@ -523,7 +524,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "ghcr.io/telekom-security/elasticsearch:2006"
+    image: "dtagdevsec/elasticsearch:2006"
    volumes:
     - /data:/data

@ -536,7 +537,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64296:5601"
-    image: "ghcr.io/telekom-security/kibana:2006"
+    image: "dtagdevsec/kibana:2006"

 ## Logstash service
  logstash:
@ -549,7 +550,7 @@ services:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/logstash:2006"
+    image: "dtagdevsec/logstash:2006"
    volumes:
     - /data:/data

@ -562,7 +563,7 @@ services:
        condition: service_healthy
    ports:
     - "127.0.0.1:64302:9100"
-    image: "ghcr.io/telekom-security/head:2006"
+    image: "dtagdevsec/head:2006"
    read_only: true

 # Ewsposter service
@ -582,7 +583,7 @@ services:
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
-    image: "ghcr.io/telekom-security/ewsposter:2006"
+    image: "dtagdevsec/ewsposter:2006"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -610,7 +611,7 @@ services:
    ports:
     - "64297:64297"
     - "127.0.0.1:64304:64304"
-    image: "ghcr.io/telekom-security/nginx:2006"
+    image: "dtagdevsec/nginx:2006"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
@ -628,6 +629,6 @@ services:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
-    image: "ghcr.io/telekom-security/spiderfoot:2006"
+    image: "dtagdevsec/spiderfoot:2006"
    volumes:
     - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
--- a/etc/objects/elkbase.tgz
+++ b/etc/objects/elkbase.tgz
--- a/etc/objects/kibana-objects.tgz
+++ b/etc/objects/kibana-objects.tgz
--- a/etc/objects/kibana_export.ndjson.zip
+++ b/etc/objects/kibana_export.ndjson.zip
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@ -21,8 +21,8 @@ myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
 myLSB_STABLE_SUPPORTED="stretch buster"
 myLSB_TESTING_SUPPORTED="stable"
 myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org https://listbot.sicherheitstacho.eu"
-myPREINSTALLPACKAGES="aria2 apache2-utils cracklib-runtime curl dialog figlet fuse grc libcrack2 libpq-dev lsb-release netselect-apt net-tools software-properties-common toilet"
-myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail netselect-apt net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common syslinux psmisc pv python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant"
+myPREINSTALLPACKAGES="aria2 apache2-utils cracklib-runtime curl dialog figlet fuse grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet"
+myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common syslinux psmisc pv python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant"
 myINFO="\
 ###########################################
 ### T-Pot Installer for Debian (Stable) ###
@ -290,21 +290,6 @@ function fuCHECKNET {
 # Install T-Pot dependencies
 function fuGET_DEPS {
  export DEBIAN_FRONTEND=noninteractive
-  # Determine fastest mirror
-  echo
-  echo "### Determine fastest mirror for your location."
-  echo
-  netselect-apt -n -a amd64 stable && cp sources.list /etc/apt/
-  mySOURCESCHECK=$(cat /etc/apt/sources.list | grep -c stable)
-  if [ "$mySOURCESCHECK" == "0" ]
-    then
-      echo "### Automatic mirror selection failed, using main mirror."
-      # Point to Debian (stable)
-tee /etc/apt/sources.list <<EOF
-deb http://deb.debian.org/debian stable main contrib non-free
-deb-src http://deb.debian.org/debian stable main contrib non-free
-EOF
-  fi
  echo
  echo "### Getting update information."
  echo
--- a/iso/installer/tpot.conf.dist
+++ b/iso/installer/tpot.conf.dist
@ -1,5 +1,5 @@
 # tpot configuration file
-# myCONF_TPOT_FLAVOR=[STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN]
+# myCONF_TPOT_FLAVOR=[STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]
 myCONF_TPOT_FLAVOR='STANDARD'
 myCONF_WEB_USER='webuser'
 myCONF_WEB_PW='w3b$ecret'
--- a/iso/isolinux/txt.cfg
+++ b/iso/isolinux/txt.cfg
@ -1,6 +1,6 @@
 default install
 label install
-  menu label ^T-Pot 20.06.1 (based on Debian Stable)
+  menu label ^T-Pot 20.06.2 (based on Debian Stable)
  menu default
  kernel linux
  append vga=788 initrd=initrd.gz console-setup/ask_detect=true --
--- a/iso/preseed/tpot.seed
+++ b/iso/preseed/tpot.seed
@ -109,7 +109,7 @@ tasksel tasksel/first multiselect ssh-server
 ########################
 ### Package Installation
 ########################
-d-i pkgsel/include string apache2-utils cracklib-runtime curl dialog figlet git grc libcrack2 libpq-dev lsb-release netselect-apt net-tools software-properties-common toilet
+d-i pkgsel/include string apache2-utils cracklib-runtime curl dialog figlet git grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet
 popularity-contest popularity-contest/participate boolean false

 #################
--- a/update.sh
+++ b/update.sh
@ -82,7 +82,7 @@ echo
 # Let's check for version
 function fuCHECK_VERSION () {
 local myMINVERSION="19.03.0"
-local myMASTERVERSION="20.06.1"
+local myMASTERVERSION="20.06.2"
 echo
 echo "### Checking for Release ID"
 myRELEASE=$(lsb_release -i | grep Debian -c)
@ -183,7 +183,7 @@ function fuUPDATER () {
 export DEBIAN_FRONTEND=noninteractive
 echo "### Installing apt-fast"
 /bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)"
-local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail netselect-apt net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common syslinux psmisc pv python3-elasticsearch-curator python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant"
+local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common syslinux psmisc pv python3-elasticsearch-curator python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant"
 # Remove purge in the future
 echo "### Removing repository based install of elasticsearch-curator"
 apt-get purge elasticsearch-curator -y
--- a/2
+++ b/2
@ -1 +1 @@
-20.06.1
+20.06.2
Author	SHA1	Message	Date
t3chn0m4g3	7587efaed8	cleanup	2021-02-22 11:21:18 +00:00
t3chn0m4g3	f7d696007c	Release 20.06.2	2021-02-22 10:51:51 +00:00
Marco Ochse	46e297386b	Update CHANGELOG.md	2021-02-19 15:55:22 +01:00
t3chn0m4g3	7d423f29da	rebuild snare, tanner, redis, phpox	2021-02-19 13:02:08 +00:00
t3chn0m4g3	41c0255ea6	Add Elastic License info	2021-02-19 10:21:53 +00:00
t3chn0m4g3	d5f0ceb15b	push elastic stack to 7.11.1	2021-02-19 10:17:30 +00:00
t3chn0m4g3	5f38e730d4	rebuild conpot for latest alpine edge, bump to latest master	2021-02-18 17:39:52 +00:00
t3chn0m4g3	c48ad0863d	bump ewsposter to latest master	2021-02-18 16:52:43 +00:00
t3chn0m4g3	4bc2b1bf03	rebuild cowrie for alpine 3.13	2021-02-18 16:38:35 +00:00
t3chn0m4g3	3d123f35a4	rebuild glutton for alpine 3.13, update to latest master	2021-02-18 11:12:21 +00:00
t3chn0m4g3	d4519892f6	rebuild dionaea	2021-02-18 10:37:17 +00:00
t3chn0m4g3	0aa1a05c92	enable smtps for heralding	2021-02-16 17:14:56 +00:00
t3chn0m4g3	69c535619d	bump heralding to 1.0.7 and rebuild for alpine 1.13	2021-02-16 16:59:17 +00:00
t3chn0m4g3	5fe59c3bd8	rebuild ipphoney for alpine 3.13	2021-02-16 16:14:37 +00:00
t3chn0m4g3	d8d0a6f190	rebuild fatt for alpine 3.13	2021-02-16 13:27:56 +00:00
t3chn0m4g3	4d407b420d	rebuild ewsposter for alpine 3.13	2021-02-16 13:15:26 +00:00
t3chn0m4g3	181e3585b7	bump spiderfoot to 3.3 and rebuild for alpine 3.13	2021-02-16 11:01:43 +00:00
t3chn0m4g3	2597af73ee	rebuild dicompot for alpine 3.13	2021-02-15 12:34:11 +00:00
t3chn0m4g3	0ab220ebf0	rebuild p0f for alpine 3.13	2021-02-15 12:12:24 +00:00
t3chn0m4g3	2777fc1f41	rebuild medpot for alpine 3.13	2021-02-15 12:09:19 +00:00
t3chn0m4g3	91483a231d	rebuild honeysap	2021-02-15 11:46:55 +00:00
t3chn0m4g3	95ea079f4d	rebuild heimdall, nginx for php7.4, alpine 3.13	2021-02-15 11:00:00 +00:00
t3chn0m4g3	8112f48270	rebuild elasticpot for alpine 3.13	2021-02-15 10:14:52 +00:00
t3chn0m4g3	898f8be4db	rebuild citrixhoneypot for alpine 3.13	2021-02-15 10:05:29 +00:00
t3chn0m4g3	a28ee97f13	rebuild ciscoasa for alpine 3.13	2021-02-15 10:01:03 +00:00
Marco Ochse	b01bf50aaf	Merge pull request #769 from shaderecker/ansible Ansible updates	2021-02-15 10:12:14 +01:00
Sebastian Haderecker	86cc54ee88	Update README.md	2021-02-13 20:39:32 +01:00
Sebastian Haderecker	2fb1967ef1	Update README.md	2021-02-13 20:16:34 +01:00
Sebastian Haderecker	48e02ceb1c	Allow for creation of multiple T-Pots	2021-02-13 20:12:58 +01:00
Sebastian Haderecker	c014e9635d	Update README.md	2021-02-13 19:03:56 +01:00
Sebastian Haderecker	ca4946c87c	Update gitignore	2021-02-13 18:58:42 +01:00
Sebastian Haderecker	9ff9c3c4df	Merge branch 'ansible' of github.com:shaderecker/tpotce into ansible	2021-02-13 18:29:45 +01:00
Sebastian Haderecker	423914f63f	Unify cloud parameter	2021-02-13 18:29:27 +01:00
Sebastian Haderecker	f6db541293	Update README.md	2021-02-13 18:20:01 +01:00
Sebastian Haderecker	efb51f8233	Add collection requirements	2021-02-13 18:04:23 +01:00
Sebastian Haderecker	acc64c2771	Fix name	2021-02-13 17:52:18 +01:00
Sebastian Haderecker	780acd0384	Fix name	2021-02-13 17:47:48 +01:00
Sebastian Haderecker	b014f73045	Use FQCNs	2021-02-13 17:46:28 +01:00
Sebastian Haderecker	bb8d2f27c6	Split network and vm creation into own roles	2021-02-13 17:22:49 +01:00
Sebastian Haderecker	487c091ba7	Use ansible internal tools to generate random name	2021-02-13 15:36:39 +01:00
Sebastian Haderecker	c3ebf8487b	Lowercase group names	2021-02-13 15:27:36 +01:00
Sebastian Haderecker	51b15b6510	Update docu links	2021-02-13 15:04:50 +01:00
t3chn0m4g3	f2c48d7efc	bump cyberchef to latest release	2021-02-12 17:09:44 +00:00
t3chn0m4g3	039f3c115a	update adbhoney image	2021-02-12 14:21:31 +00:00
t3chn0m4g3	80d9efa729	bump elk stack images to alpine 3.13	2021-02-12 13:54:42 +00:00
t3chn0m4g3	e5f29f3c90	bump elk stack to 7.11.0	2021-02-12 13:21:35 +00:00
Marco Ochse	01af362ff6	Merge pull request #764 from shaderecker/terraform-otc OTC: Retrieve Debian Image ID from Terraform Data Source	2021-02-05 16:59:50 +01:00
Sebastian Haderecker	98c7dd17d7	OTC: Retrieve Debian Image ID from Terraform Data Source	2021-02-05 16:07:53 +01:00
Marco Ochse	70c152377d	Merge pull request #763 from shaderecker/terraform-otc Terraform updates	2021-02-05 11:54:31 +01:00
Sebastian Haderecker	b214bed014	Merge branch 'master' into terraform-otc	2021-02-04 22:57:41 +01:00
Sebastian Haderecker	bde60734ea	Update variables.tf - Latest Debian 10.7 AMIs (https://wiki.debian.org/Cloud/AmazonEC2Image/Buster?action=recall&rev=21) - Add MEDICAL	2021-02-04 22:51:01 +01:00
Sebastian Haderecker	362dd75473	Add provider constraints and dependency lock file	2021-02-04 22:29:02 +01:00
Sebastian Haderecker	a7be2ca0a8	Cosmetics	2021-02-04 22:23:09 +01:00
Sebastian Haderecker	da81f12877	Update variables.tf - Update flavor to newest s3 generation - Update to latest OTC Debian 10 image - Add MEDICAL	2021-02-04 22:08:22 +01:00
Sebastian Haderecker	4e8a1e8ea9	TF 0.14: Add dependency lock file	2021-02-04 22:00:40 +01:00
Sebastian Haderecker	1b386ed32f	Update providers and add version constraints	2021-02-04 21:59:49 +01:00
Sebastian Haderecker	5a65ceb5b5	b64 is deprecated, switch to b64_std for newer version	2021-02-04 21:57:50 +01:00
Marco Ochse	c60d53ca3f	Merge pull request #754 from shaderecker/cloud-region Explicitly add region name to clouds.yaml	2021-01-26 16:38:41 +01:00
Sebastian Haderecker	e7a41feef4	Explicitly add region name	2021-01-26 16:24:09 +01:00
t3chn0m4g3	ee3d667615	bump dionaea to 0.11.0	2021-01-19 10:59:32 +00:00
Marco Ochse	df27ba4e5f	Merge pull request #750 from shaderecker/patch-2 Update Ansible Docu	2021-01-14 09:43:29 +01:00
Sebastian Haderecker	459db01e23	Update Ansible Docu Add disclaimer about Ansible 2.10 & how to install with pip	2021-01-13 23:53:39 +01:00
Marco Ochse	f767179cc9	Merge pull request #749 from shaderecker/pip3 Ansible: Set pip executable to pip3	2021-01-12 17:14:46 +01:00
Sebastian Haderecker	749e7ee246	Set to pip3 to avoid Python Autodiscovery	2021-01-12 17:04:03 +01:00
Marco Ochse	3a7eda96fa	Merge pull request #747 from shaderecker/patch-1 Add MEDICAL to tpot.conf.dist	2021-01-08 12:02:23 +01:00
Sebastian Haderecker	43ae92cf44	Remove redundant tpot.conf.dist file content	2021-01-08 11:34:03 +01:00
Sebastian Haderecker	2fb51f3b3a	Add MEDICAL to tpot.conf.dist	2021-01-08 11:31:58 +01:00
t3chn0m4g3	d2dc43e1ef	Update internet IF retrieval To be consistent with @adepasquale PR #746 fatt, glutton and p0f Dockerfiles were updated accordingly.	2021-01-06 17:05:09 +00:00
Marco Ochse	db73a0656e	Merge pull request #746 from adepasquale/master Change method to get default Suricata interface @adepasquale Thanks again!	2021-01-06 17:45:32 +01:00
Andrea De Pasquale	b3b983afe6	Change method to get default Suricata interface On some systems, interface number 2 is not always the correct one. With AWK we now collect the first active interface having both an address and a broadcast.	2021-01-06 11:14:24 +01:00
Marco Ochse	273cab4759	Update general-issue-for-t-pot.md	2021-01-05 16:03:42 +01:00
t3chn0m4g3	e1745bdea1	fix broken sqlite db	2020-12-28 21:49:28 +00:00
t3chn0m4g3	c34570f665	remove docker parallel pulls	2020-12-28 20:54:09 +00:00
t3chn0m4g3	020cbb5355	avoid ghcr.io because of slow transfers	2020-12-28 20:37:47 +00:00
t3chn0m4g3	aea14c9ead	docker pull background	2020-12-28 17:46:05 +00:00
t3chn0m4g3	b57f6ddd1e	remove netselect-apt causes too many unpredictable errors #733 as the latest example	2020-12-28 10:40:19 +00:00
t3chn0m4g3	af6ce8854d	bump elastic stack to 7.10.1	2020-12-10 15:20:18 +00:00
t3chn0m4g3	6069b214a5	bump ewsposter to 1.12	2020-12-10 11:40:53 +00:00
Marco Ochse	252051dfe7	Merge pull request #731 from shaderecker/patch-1 More Python 3 stuff	2020-12-04 15:41:27 +01:00
Sebastian Haderecker	f9fa1bcc74	Fix setup on Debian On Debian there are not the same preinstalled packages as on Ubuntu. Fix the compilation of netifaces, which requires gcc and python3-dev.	2020-12-04 14:42:32 +01:00
t3chn0m4g3	f3f9f6ae72	cleanup	2020-12-03 00:01:38 +00:00
t3chn0m4g3	bdf095367d	prep for ewsposter 1.11	2020-12-02 23:21:23 +00:00
Sebastian Haderecker	4abb0e5ce6	Missed this one Python 3 is our friend :D	2020-12-02 23:56:54 +01:00
t3chn0m4g3	ba87ebfdaa	update objects for Elastic Stack 7.10.0	2020-12-02 22:54:54 +00:00
t3chn0m4g3	8a7e81815e	prep for Elastic Stack 7.10.0	2020-12-02 22:36:17 +00:00
Marco Ochse	17eff81e9c	Merge pull request #728 from shaderecker/patch-1 Update pip dependency to Python3	2020-11-30 20:06:05 +01:00
Marco Ochse	f8f1bc1757	Merge pull request #727 from adepasquale/suricata-update Suricata: use suricata-update for rule management	2020-11-30 20:05:24 +01:00
Andrea De Pasquale	87a27e4f2b	Suricata: use suricata-update for rule management As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload.	2020-11-30 17:56:14 +01:00
Sebastian Haderecker	7f8f3a01c3	Update pip dependency to Python3	2020-11-30 17:27:28 +01:00
Marco Ochse	2ecef8c607	enable MQTT as eagle eyed by @adepasquale	2020-11-27 19:07:12 +01:00
Marco Ochse	d992a25a0a	Merge pull request #726 from adepasquale/suricata-yaml-6.0.x Suricata: update suricata.yaml config to 6.0.x	2020-11-27 18:55:57 +01:00
Andrea De Pasquale	73a5847753	Suricata: update suricata.yaml config to 6.0.x Merge in the latest updates from suricata-6.0.x while at the same time keeping the custom T-Pot configuration. https://github.com/OISF/suricata/blob/suricata-6.0.0/suricata.yaml.in	2020-11-26 19:16:01 +01:00
Marco Ochse	c976aea73e	Merge pull request #725 from adepasquale/suricata-yaml-5.x Suricata: update suricata.yaml config to 5.x	2020-11-26 16:23:50 +01:00
t3chn0m4g3	4ada38988c	bump cowrie to 2.2.0	2020-11-26 08:17:09 +00:00
Andrea De Pasquale	0010f99662	Suricata: disable eve.stats since it's unused Prevent the error below by disabling stats globally and in eve-log: <Error> - [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true.	2020-11-25 17:07:49 +01:00
Andrea De Pasquale	e2f76c44cb	Suricata: update suricata.yaml config to 5.x Merge in the latest updates from suricata-5.x while at the same time keeping the custom T-Pot configuration. https://github.com/OISF/suricata/blob/master-5.0.x/suricata.yaml.in	2020-11-25 15:51:41 +01:00
t3chn0m4g3	e26853c7fa	bump suricata to 5.0.4	2020-10-28 17:53:23 +00:00
t3chn0m4g3	d64cbe6741	bump ipphoney to latest master	2020-10-28 17:34:28 +00:00
t3chn0m4g3	c3809b5a98	bump heralding to latest master	2020-10-28 17:27:09 +00:00
t3chn0m4g3	a3d40cc57c	bump spiderfoot to 3.2.1	2020-10-28 17:08:55 +00:00
t3chn0m4g3	e3fda4d464	bump dionaea to 0.9.2	2020-10-28 16:45:53 +00:00
t3chn0m4g3	4bf245d13b	bump conpot to latest master	2020-10-28 13:56:52 +00:00
t3chn0m4g3	92925cecbd	bump dicompot to latest master	2020-10-27 21:30:33 +00:00
t3chn0m4g3	f204cdf9b8	bump elk to 7.3	2020-10-27 19:43:32 +00:00
t3chn0m4g3	ff4a394e3b	reverting elk to 7.9.1	2020-10-15 12:24:46 +00:00
Marco Ochse	ce7b79b71a	Merge pull request #707 from brianlechthaler/patch-3 Bump Elastic dependencies to 7.9.2	2020-10-15 13:37:11 +02:00
t3chn0m4g3	b28cc2edd0	prepare for new ewsposter	2020-10-15 09:14:30 +00:00
Brian Lechthaler	84a741ec64	IMPORTANT: Fix Node Version Bump node version to `10.22.1-alpine` KIBANA WILL NOT WORK WITHOUT THIS	2020-10-07 13:53:21 -07:00
Marco Ochse	6b37578d8d	Merge pull request #706 from brianlechthaler/patch-2 Debian 10.6 AMI + Add AWS Regions	2020-10-07 14:28:19 +02:00
Brian Lechthaler	d351a89096	Bump Kibana version to 7.9.2	2020-10-04 18:05:16 -07:00
Brian Lechthaler	488da48df7	Bump Logstash version to 7.9.2	2020-10-04 18:04:15 -07:00
Brian Lechthaler	85da099cd0	Bump Elasticsearch to 7.9.2	2020-10-04 18:03:00 -07:00
Brian Lechthaler	bd8a9ca92d	Debian 10.6 AMI + Add AWS Regions # Changes: 1) 🇿🇦 Add AWS Capetown, South Africa Region (`af-south-1`) 2) 🇮🇹 Add AWS Milan, Italy Region (`eu-south-1`) 3) Bump all AMIs to Debian Buster 10.6 # References: 1) Debian 10 (Buster) Wiki Article on Official EC2 Images: https://wiki.debian.org/Cloud/AmazonEC2Image/Buster?action=recall&rev=16 2) For information on Debian 10.6, see: https://www.debian.org/News/2020/20200926 3) Official AWS Documentation on Regions and Zones can be found here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html	2020-10-03 22:22:57 -07:00
Marco Ochse	1afbb89ef4	Merge pull request #691 from brianlechthaler/patch-1 Update Suricata Capture Filter for New Docker Repo	2020-09-08 20:08:28 +02:00
Brian Lechthaler	b1d8e293de	add DockerHub back in cap filter see https://github.com/telekom-security/tpotce/pull/691#issuecomment-688648225	2020-09-08 10:45:58 -07:00
Brian Lechthaler	7fdf9edb60	Update Suricata Capture Filter for New Docker Repo	2020-09-07 19:57:15 -07:00
t3chn0m4g3	0e7abb8d2c	restore mibfix for conpot	2020-09-07 15:46:52 +00:00
 @ -1 +1 @@
 .06.1
 .06.2