-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
58 lines (45 loc) · 1.63 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
version: "3.8"
name: ssh-tarpit
services:
ssh:
container_name: ssh-tarpit_ssh
build: ./ssh
# Not ideal, but I haven't found a way to log the "clients" IP address instead of the containers one
# with slirp4netns and also connect to the db container.
network_mode: host
environment:
# IP address on which the tarpit should listen, "0.0.0.0" means all
SSH_IP_ADDR: "0.0.0.0"
# Port on which the tarpit should listen
SSH_PORT: 22
# The used tarpit gets randomly choosen. To only use one, e.g. `SSH_TARPIT: "['banner']"`
SSH_TARPIT: "['banner', 'kex']"
# Must be the same port as in container db -> ports "127.0.0.1:<POSTGRES_PORT>:5432
POSTGRES_PORT: 5444
# Number of connections that are allowed to be trapped at the same time
MAX_CONN: 6114
# Number of connections that are allowed to be trapped at the same time from the same IP address
IP_MAX_CONN: 100
POSTGRES_SSH_PASSWORD: "${POSTGRES_SSH_PASSWORD}"
volumes:
- ./bind-mount/log:/ssh/log:Z
depends_on:
- db
restart: always
db:
container_name: ssh-tarpit_db
image: postgres:16.3-bookworm
# Must be the same port as in container ssh -> environment -> POSTGRES_PORT
# "127.0.0.1:<POSTGRES_PORT>:5432"
ports:
- "127.0.0.1:5444:5432"
environment:
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_SSH_PASSWORD: "${POSTGRES_SSH_PASSWORD}"
volumes:
- ./bind-mount/init/postgres:/docker-entrypoint-initdb.d:Z,ro
- postgres_data:/var/lib/postgresql/data:Z
restart: always
volumes:
postgres_data:
driver: local