tweaking

Author: t3chn0m4g3

docker/heralding/Dockerfile

@@ -11,6 +11,7 @@ RUN apk -U upgrade && \
             libffi-dev \
             libressl-dev \
             postgresql-dev \
+            procps \
             python3 \
             python3-dev \
             py-virtualenv && \

docker/nginx/Dockerfile

@@ -1,5 +1,4 @@
 FROM alpine
-MAINTAINER MO
 
 # Include dist
 ADD dist/ /root/dist/

docker/nginx/docker-compose.yml

@@ -6,12 +6,21 @@ services:
 
 # nginx service
   nginx:
+    build: .
     container_name: nginx
     restart: always
+    tmpfs:
+     - /var/tmp/nginx/client_body
+     - /var/tmp/nginx/proxy
+     - /var/tmp/nginx/fastcgi
+     - /var/tmp/nginx/uwsgi
+     - /var/tmp/nginx/scgi
+     - /run
     network_mode: "host"
     ports:
      - "64297:64297"
-    image: "dtagdevsec/nginx:1710"
+    image: "dtagdevsec/nginx:1804"
+    read_only: true
     volumes:
      - /data/nginx/cert/:/etc/nginx/cert/
      - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd

docker/p0f/Dockerfile

@@ -1,12 +1,17 @@
 FROM alpine
-MAINTAINER MO
 
 # Add source
 ADD . /opt/p0f
 
 # Install packages
 RUN apk -U upgrade && \
-    apk add bash build-base git jansson-dev libpcap-dev procps && \
+    apk add bash \
+            build-base \
+            git \
+            jansson-dev \
+            libcap \
+            libpcap-dev \
+            procps && \
 
 # Setup user, groups and configs
     addgroup -g 2000 p0f && \
@@ -15,13 +20,19 @@ RUN apk -U upgrade && \
 # Download and compile p0f
     cd /opt/p0f && \
     ./build.sh && \
+    setcap cap_sys_chroot,cap_setgid,cap_net_raw=+ep /opt/p0f/p0f && \
 
 # Clean up
-    apk del build-base git jansson-dev libpcap-dev && \
-    apk add jansson libpcap && \
+    apk del --purge build-base \
+                    git \
+                    jansson-dev \
+                    libpcap-dev && \
+    apk add jansson \
+            libpcap && \
     rm -rf /root/* && \
     rm -rf /var/cache/apk/*
 
 # Start suricata
 WORKDIR /opt/p0f
+USER p0f:p0f
 CMD /bin/bash -c "exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])"

docker/p0f/docker-compose.yml

@@ -1,12 +1,14 @@
-version: '2.1'
+version: '2.2'
 
 services:
 
 # P0f service
   p0f:
+    build: .
     container_name: p0f
     restart: always
     network_mode: "host"
-    image: "dtagdevsec/p0f:1710"
+    image: "dtagdevsec/p0f:1804"
+    read_only: true
     volumes:
      - /data/p0f/log:/var/log/p0f

docker/rdpy/Dockerfile

@@ -1,12 +1,21 @@
 FROM alpine
-MAINTAINER MO
 
 # Include dist
 ADD dist/ /root/dist/
 
 # Get and install dependencies & packages
 RUN apk -U upgrade && \
-    apk add bash build-base git libffi-dev openssl openssl-dev procps python python-dev py-pip py-setuptools && \
+    apk add bash \
+            build-base \
+            git \
+            libffi-dev \
+            openssl \
+            openssl-dev \
+            procps \
+            python \
+            python-dev \
+            py-pip \
+            py-setuptools && \
     apk -U add --repository https://dl-cdn.alpinelinux.org/alpine/edge/testing/ \
             py-qt && \
 
@@ -18,7 +27,11 @@ RUN apk -U upgrade && \
     cd /home/rdpy && \
     git clone https://github.com/t3chn0m4g3/rdpy && \
     pip install --no-cache-dir --upgrade cffi && \
-    pip install twisted pyopenssl qt4reactor service_identity rsa pyasn1==0.3.4 && \
+    pip install twisted \
+                pyopenssl \
+                qt4reactor \
+                service_identity \
+                rsa pyasn1==0.3.4 && \
     cd rdpy && \
     python setup.py install && \
 
@@ -29,7 +42,12 @@ RUN apk -U upgrade && \
 
 # Clean up
     rm -rf /root/* && \
-    apk del build-base libffi-dev openssl-dev python-dev py-pip py-qt && \
+    apk del --purge build-base \
+                    libffi-dev \
+                    openssl-dev \
+                    python-dev \
+                    py-pip \
+                    py-qt && \
     rm -rf /var/cache/apk/*
 
 # Start rdpy

docker/rdpy/docker-compose.yml

@@ -1,6 +1,6 @@
 # T-Pot (Standard)
 # For docker-compose ...
-version: '2.1'
+version: '2.2'
 
 networks:
   rdpy_local:
@@ -9,12 +9,14 @@ services:
 
 # Rdpy service
   rdpy:
+    build: .
     container_name: rdpy
     restart: always
     networks:
      - rdpy_local
     ports:
      - "3389:3389"
-    image: "dtagdevsec/rdpy:1710"
+    image: "dtagdevsec/rdpy:1804"
+    read_only: true
     volumes:
      - /data/rdpy/log:/var/log/rdpy

etc/compose/collect.yml

@@ -139,14 +139,22 @@ services:
      - /sys:/host/sys:ro
      - /var/run/docker.sock:/var/run/docker.sock
 
-# Nginx service
+# nginx service
   nginx:
     container_name: nginx
     restart: always
+    tmpfs:
+     - /var/tmp/nginx/client_body
+     - /var/tmp/nginx/proxy
+     - /var/tmp/nginx/fastcgi
+     - /var/tmp/nginx/uwsgi
+     - /var/tmp/nginx/scgi
+     - /run
     network_mode: "host"
     ports:
      - "64297:64297"
-    image: "dtagdevsec/nginx:1710"
+    image: "dtagdevsec/nginx:1804"
+    read_only: true
     volumes:
      - /data/nginx/cert/:/etc/nginx/cert/
      - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd
@@ -195,7 +203,8 @@ services:
     container_name: p0f
     restart: always
     network_mode: "host"
-    image: "dtagdevsec/p0f:1710"
+    image: "dtagdevsec/p0f:1804"
+    read_only: true
     volumes:
      - /data/p0f/log:/var/log/p0f
 

etc/compose/tpot.yml

@@ -228,14 +228,22 @@ services:
      - /sys:/host/sys:ro
      - /var/run/docker.sock:/var/run/docker.sock
 
-# Nginx service
+# nginx service
   nginx:
     container_name: nginx
     restart: always
+    tmpfs:
+     - /var/tmp/nginx/client_body
+     - /var/tmp/nginx/proxy
+     - /var/tmp/nginx/fastcgi
+     - /var/tmp/nginx/uwsgi
+     - /var/tmp/nginx/scgi
+     - /run
     network_mode: "host"
     ports:
      - "64297:64297"
-    image: "dtagdevsec/nginx:1710"
+    image: "dtagdevsec/nginx:1804"
+    read_only: true
     volumes:
      - /data/nginx/cert/:/etc/nginx/cert/
      - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd
@@ -296,7 +304,8 @@ services:
     container_name: p0f
     restart: always
     network_mode: "host"
-    image: "dtagdevsec/p0f:1710"
+    image: "dtagdevsec/p0f:1804"
+    read_only: true
     volumes:
      - /data/p0f/log:/var/log/p0f