80 lines
1.7 KiB
YAML
80 lines
1.7 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
honeypot:
|
|
build: .
|
|
container_name: honeydany
|
|
restart: unless-stopped
|
|
|
|
# Security configurations
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- NET_BIND_SERVICE # Only for binding to privileged ports
|
|
read_only: true
|
|
|
|
# Resource limits to prevent DoS
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1.0'
|
|
memory: 512M
|
|
reservations:
|
|
cpus: '0.25'
|
|
memory: 128M
|
|
|
|
# Network isolation
|
|
networks:
|
|
- honeypot_net
|
|
|
|
# Port mappings - only expose what's needed
|
|
ports:
|
|
- "2121:2121" # FTP
|
|
- "2222:2222" # SSH
|
|
- "2323:2323" # Telnet
|
|
- "2525:2525" # SMTP
|
|
- "3306:3306" # MySQL
|
|
- "3399:3399" # RDP
|
|
- "4450:4450" # SMB
|
|
- "5060:5060" # SIP
|
|
- "5432:5432" # PostgreSQL
|
|
- "8080:8080" # HTTP
|
|
- "8443:8443" # HTTPS
|
|
- "27017:27017" # MongoDB
|
|
- "1143:1143" # IMAP
|
|
- "6333:6333" # Dashboard (restrict this in production)
|
|
|
|
# Persistent volumes for data
|
|
volumes:
|
|
- honeypot_data:/app/data
|
|
- honeypot_logs:/app/logs
|
|
- /tmp:/tmp:rw,noexec,nosuid,size=100m
|
|
|
|
# Environment variables
|
|
environment:
|
|
- HONEYPOT_ENV=production
|
|
- LOG_LEVEL=info
|
|
- MAX_CONNECTIONS=1000
|
|
|
|
# Logging configuration
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
networks:
|
|
honeypot_net:
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 172.20.0.0/16
|
|
|
|
volumes:
|
|
honeypot_data:
|
|
driver: local
|
|
honeypot_logs:
|
|
driver: local
|