hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 12:29:16 +00:00
Code Issues Projects Releases Wiki Activity

add kippo-graph and update cowrie doc

Browse Source
This commit is contained in:
Wonderfall 2017-03-29 14:57:43 +02:00
parent 823c4afa53
commit b3567b03b6
No known key found for this signature in database
GPG Key ID: 3117B26B968A8F33
10 changed files with 206 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cowrie/Dockerfile
View File

@ -16,6 +16,7 @@ RUN BUILD_DEPS=" \
libressl-dev \ libressl-dev \
python-dev \ python-dev \
gmp-dev \ gmp-dev \
mariadb-dev \
py2-pip \ py2-pip \
tar \ tar \
gnupg" \ gnupg" \
@ -27,6 +28,7 @@ RUN BUILD_DEPS=" \
python \ python \
py-setuptools \ py-setuptools \
openssh-client \ openssh-client \
mariadb-client-libs \
tini \ tini \
su-exec \ su-exec \
&& cd /tmp && wget -q http://www.mpfr.org/mpfr-current/mpfr-${MPFR_VERSION}.tar.gz \ && cd /tmp && wget -q http://www.mpfr.org/mpfr-current/mpfr-${MPFR_VERSION}.tar.gz \
@ -57,6 +59,7 @@ RUN BUILD_DEPS=" \
&& mkdir /cowrie && cd /cowrie \ && mkdir /cowrie && cd /cowrie \
&& wget -qO- https://github.com/micheloosterhof/cowrie/archive/master.tar.gz | tar xz --strip 1 \ && wget -qO- https://github.com/micheloosterhof/cowrie/archive/master.tar.gz | tar xz --strip 1 \
&& pip install --no-cache -r requirements.txt \ && pip install --no-cache -r requirements.txt \
&& pip install --no-cache mysql-python \
&& mv cowrie.cfg.dist cowrie.cfg \ && mv cowrie.cfg.dist cowrie.cfg \
&& apk del ${BUILD_DEPS} \ && apk del ${BUILD_DEPS} \
&& rm -rf /var/cache/apk/* /tmp/* /root/.gnupg && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg

20
cowrie/README.md
View File

@ -1,4 +1,4 @@
x## wonderfall/cowrie ### wonderfall/cowrie
#### What is this? #### What is this?
Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo. Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo.
@ -27,6 +27,8 @@ You can mount this single file to your Docker container.
``` ```
cowrie: cowrie:
image: wonderfall/cowrie image: wonderfall/cowrie
links: ### MySQL output
- cowrie-db:cowrie-db ### MySQL output
ports: ports:
- "2222:2222" - "2222:2222"
volumes: volumes:
@ -37,5 +39,21 @@ cowrie:
environment: environment:
- GID=1000 - GID=1000
- UID=1000 - UID=1000
### MySQL output
# First, you'll have to initialise tables with a .sql file
# wget https://github.com/micheloosterhof/cowrie/blob/master/doc/sql/mysql.sql -P /mnt/cowrie/schema.sql
# It needs also to be configured in the cowrie.cfg file
cowrie-db:
image: mariadb:10
volumes:
- /mnt/cowrie/db:/var/lib/mysql
- /mnt/cowrie/schema.sql:/docker-entrypoint-initdb.d
environment:
- MYSQL_ROOT_PASSWORD=supersecretpassword
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=supersecretpassword
``` ```

47
kippo-graph/Dockerfile Normal file
View File

@ -0,0 +1,47 @@
FROM alpine:edge
ENV GID=991 UID=991
RUN echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& BUILD_DEPS="tar libressl ca-certificates" \
&& apk -U upgrade && apk add \
$BUILD_DEPS \
nginx \
s6 \
su-exec \
coreutils \
bind-tools \
php7-fpm@testing \
php7-mysqlnd@testing \
php7-pdo@testing \
php7-pdo_mysql@testing \
php7-openssl@testing \
php7-gd@testing \
php7-curl@testing \
php7-phar@testing \
php7-dom@testing \
&& mkdir kippo-graph && cd kippo-graph \
&& wget -qO- https://github.com/ikoniaris/kippo-graph/archive/master.tar.gz | tar xz --strip 1 \
&& chmod 777 generated-graphs \
&& mv config.php.dist config.php \
&& rm /kippo-graph/include/maxmind/GeoLite2-City.mmdb /kippo-graph/include/maxmind/geoip2.phar \
&& wget -q https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz -P /kippo-graph/include/maxmind \
&& gzip -d /kippo-graph/include/maxmind/GeoLite2-City.mmdb.gz \
&& wget -q https://github.com/maxmind/GeoIP2-php/releases/download/v2.4.5/geoip2.phar -P /kippo-graph/include/maxmind \
&& apk del $BUILD_DEPS \
&& rm -f /var/cache/apk/*
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY run.sh /usr/local/bin/run.sh
COPY s6.d /etc/s6.d
RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /kippo-graph/generated-graphs
EXPOSE 8888
LABEL maintainer="Wonderfall <wonderfall@targaryen.house>"
CMD ["run.sh"]

27
kippo-graph/README.md Normal file
View File

@ -0,0 +1,27 @@
### wonderfall/cowrie
#### What is this?
Kippo-Graph is a full featured script to visualize statistics for a Kippo based SSH honeypot.
#### Environment variables
- **UID** *(default : 991)*
- **GID** *(default : 991)*
#### How to configure
You should provide your own configuration file from this base : https://github.com/ikoniaris/kippo-graph/blob/master/config.php.dist
You can mount this single file to your Docker container.
#### Docker compose (example)
```
kippo-graph:
image: wonderfall/kippo-graph
links:
- cowrie-db:cowrie-db
volumes:
- /mnt/kippo-graph/config.php:/kippo-graph/config.php
- /mnt/cowrie/log:/opt/cowrie/log
environment:
- GID=991
- UID=991
```

89
kippo-graph/nginx.conf Normal file
View File

@ -0,0 +1,89 @@
worker_processes auto;
pid /tmp/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /tmp/ngx_error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
fastcgi_temp_path /tmp/fastcgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
proxy_temp_path /tmp/proxy 1 2;
uwsgi_temp_path /tmp/uwsgi 1 2;
scgi_temp_path /tmp/scgi 1 2;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
server {
listen 8888;
root /kippo-graph;
index index.php index.html;
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}
location ~ ^/(data|cfg|tmp) {
deny all;
}
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
}
location ~ /\. {
deny all;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
}

11
kippo-graph/php-fpm.conf Normal file
View File

@ -0,0 +1,11 @@
[global]
daemonize = no
[www]
listen = /tmp/php-fpm.sock
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

3
kippo-graph/run.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
chown -R $UID:$GID /kippo-graph /etc/nginx /etc/php5 /var/log /var/lib/nginx /tmp /etc/s6.d
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

3
kippo-graph/s6.d/.s6-svscan/finish Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
exit 0

2
kippo-graph/s6.d/nginx/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec nginx

2
kippo-graph/s6.d/php/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec php-fpm7