The simple_http server is currently a "low interaction" honeypot. Meaning that an attacker isn't likely to spend time (i.e. interactions) exploring the server, giving away valuable information in the process. (It's really probably most valuable right now for detecting port scans following network intrusion.)

However it (or a new server) could be written to simulate a realistic server, one that engages the attacker for longer.

There are lots of OSS examples of these so it probably makes sense to start by researching those.

Check the version that comes pre-installed on the runner and fail CI otherwise to make sure the update is legitimate

This would improve supply chain security by limiting the number of times it has to be downloaded from the public internet

There seems to be notes on how to go about this at https://edu.chainguard.dev/chainguard/chainguard-images/reference/python/provenance_info/

This would improve supply chain security in the case of Chainguard getting compromised

Hey there Chainguard here.

We noticed that you are using Chainguard Images, thank you! We wanted to make you aware of an upcoming change that will impact your project.

Starting August 16, 2023 public users will no longer be able to pull images from our registry (cgr.dev/chainguard) by tags other than latest or latest-dev. Please see the announcement for more information.

You are currently using the following.

In https://github.com/Grunet/cloud-native-honeypot/blob/39864c27b0e6a1004146865c799e26fd5205aafb/packages/honeypot/src/Dockerfile:

• cgr.dev/chainguard/python:3.11.4

Our goal is to prevent your project from experiencing any disruptions. Please see the migration guide for options.

If there's more we can do to help please reply to this issue or email us at [email protected].

Thank you!

This would improve supply chain security by limiting the number of times it has to be downloaded from the public internet

Just like the Cloudformation that's already there, but with Terraform instead.

This would improve supply chain security by limiting the number of times it has to be downloaded from the public internet

https://github.com/Grunet/cloud-native-honeypot/security/dependabot/1 has more details, copied below:

"Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.

e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here."

Given that this has to do with CAs I'm assuming moto doesn't have any usage of the functionality since it's a mocking library, and certifi is just getting pulled in because moto depends on requests which depends on certifi.

Also moto is only a dev dependency.

The only thing that needs to be changed is the version of certifi being pulled in, so presumably uninstalling moto and resinstalling it would cause the latest version (released on 7/22) to pull in.

Since that's a little recent and it's not urgent, tackling this as part of the next monthly maintenance probably makes sense