tpotce/cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/ews.cfg

[MAIN]
homedir = /opt/ewsposter/
spooldir = /opt/ewsposter/spool/
logdir = /opt/ewsposter/log/
del_malware_after_send = false
send_malware = true
sendlimit = 500
contact = your_email_address
proxy =
ip =

[EWS]
ews = true
username = your_username
token = your_token
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
ignorecert = false

[HPFEED]
hpfeed = %(EWS_HPFEEDS_ENABLE)s
host = %(EWS_HPFEEDS_HOST)s
port = %(EWS_HPFEEDS_PORT)s
channels = %(EWS_HPFEEDS_CHANNELS)s
ident = %(EWS_HPFEEDS_IDENT)s
secret= %(EWS_HPFEEDS_SECRET)s
# path/to/certificate for tls broker - or "false" for non-tls broker
tlscert = %(EWS_HPFEEDS_TLSCERT)s
# hpfeeds submission format: "ews" (xml) or "json"
hpfformat = %(EWS_HPFEEDS_FORMAT)s

[EWSJSON]
json = false
jsondir = /data/ews/json/

[GLASTOPFV3]
glastopfv3 = true
nodeid = glastopfv3-{{ ansible_hostname }}
sqlitedb = /data/glastopf/db/glastopf.db
malwaredir = /data/glastopf/data/files/

[GLASTOPFV2]
glastopfv2 = false
nodeid =
mysqlhost =
mysqldb =
mysqluser =
mysqlpw =
malwaredir =

[KIPPO]
kippo = false
nodeid =
mysqlhost =
mysqldb =
mysqluser =
mysqlpw =
malwaredir =

[COWRIE]
cowrie = true
nodeid = cowrie-{{ ansible_hostname }}
logfile = /data/cowrie/log/cowrie.json

[DIONAEA]
dionaea = true
nodeid = dionaea-{{ ansible_hostname }}
malwaredir = /data/dionaea/binaries/
sqlitedb = /data/dionaea/log/dionaea.sqlite

[HONEYTRAP]
honeytrap = true
nodeid = honeytrap-{{ ansible_hostname }}
newversion = true
payloaddir = /data/honeytrap/attacks/
attackerfile = /data/honeytrap/log/attacker.log

[RDPDETECT]
rdpdetect = false
nodeid =
iptableslog =
targetip =

[EMOBILITY]
eMobility = false
nodeid = emobility-{{ ansible_hostname }}
logfile = /data/emobility/log/centralsystemEWS.log

[CONPOT]
conpot = true
nodeid = conpot-{{ ansible_hostname }}
logfile = /data/conpot/log/conpot*.json

[ELASTICPOT]
elasticpot = true
nodeid = elasticpot-{{ ansible_hostname }}
logfile = /data/elasticpot/log/elasticpot.log

[SURICATA]
suricata = true
nodeid = suricata-{{ ansible_hostname }}
logfile = /data/suricata/log/eve.json

[MAILONEY]
mailoney = true
nodeid = mailoney-{{ ansible_hostname }}
logfile = /data/mailoney/log/commands.log

[RDPY]
rdpy = true
nodeid = rdpy-{{ ansible_hostname }}
logfile = /data/rdpy/log/rdpy.log

[VNCLOWPOT]
vnclowpot = true
nodeid = vnclowpot-{{ ansible_hostname }}
logfile = /data/vnclowpot/log/vnclowpot.log

[HERALDING]
heralding = true
nodeid = heralding-{{ ansible_hostname }}
logfile = /data/heralding/log/auth.csv

[CISCOASA]
ciscoasa = true
nodeid = ciscoasa-{{ ansible_hostname }}
logfile = /data/ciscoasa/log/ciscoasa.log

[TANNER]
tanner = true
nodeid = tanner-{{ ansible_hostname }}
logfile = /data/tanner/log/tanner_report.json

[GLUTTON]
glutton = true
nodeid = glutton-{{ ansible_hostname }}
logfile = /data/glutton/log/glutton.log
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`[MAIN]`
			`homedir = /opt/ewsposter/`
			`spooldir = /opt/ewsposter/spool/`
			`logdir = /opt/ewsposter/log/`
			`del_malware_after_send = false`
			`send_malware = true`
			`sendlimit = 500`
			`contact = your_email_address`
			`proxy =`
			`ip =`

			`[EWS]`
			`ews = true`
			`username = your_username`
			`token = your_token`
			`rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage`
			`rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage`
			`ignorecert = false`

			`[HPFEED]`
HPFEEDS: Switched to environment variables - Define Settings in .hpfeeds_settings.sh - Settings get exported as env vars - Ansible looks them up and updates the values in the tpot.yml file - ews.cfg: Switched to env vars 2019-04-12 23:45:25 +00:00			`hpfeed = %(EWS_HPFEEDS_ENABLE)s`
			`host = %(EWS_HPFEEDS_HOST)s`
			`port = %(EWS_HPFEEDS_PORT)s`
			`channels = %(EWS_HPFEEDS_CHANNELS)s`
			`ident = %(EWS_HPFEEDS_IDENT)s`
			`secret= %(EWS_HPFEEDS_SECRET)s`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`# path/to/certificate for tls broker - or "false" for non-tls broker`
HPFEEDS: Switched to environment variables - Define Settings in .hpfeeds_settings.sh - Settings get exported as env vars - Ansible looks them up and updates the values in the tpot.yml file - ews.cfg: Switched to env vars 2019-04-12 23:45:25 +00:00			`tlscert = %(EWS_HPFEEDS_TLSCERT)s`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`# hpfeeds submission format: "ews" (xml) or "json"`
HPFEEDS: Switched to environment variables - Define Settings in .hpfeeds_settings.sh - Settings get exported as env vars - Ansible looks them up and updates the values in the tpot.yml file - ews.cfg: Switched to env vars 2019-04-12 23:45:25 +00:00			`hpfformat = %(EWS_HPFEEDS_FORMAT)s`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00
			`[EWSJSON]`
			`json = false`
			`jsondir = /data/ews/json/`

			`[GLASTOPFV3]`
			`glastopfv3 = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = glastopfv3-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`sqlitedb = /data/glastopf/db/glastopf.db`
			`malwaredir = /data/glastopf/data/files/`

			`[GLASTOPFV2]`
			`glastopfv2 = false`
			`nodeid =`
			`mysqlhost =`
			`mysqldb =`
			`mysqluser =`
			`mysqlpw =`
			`malwaredir =`

			`[KIPPO]`
			`kippo = false`
			`nodeid =`
			`mysqlhost =`
			`mysqldb =`
			`mysqluser =`
			`mysqlpw =`
			`malwaredir =`

			`[COWRIE]`
			`cowrie = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = cowrie-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/cowrie/log/cowrie.json`

			`[DIONAEA]`
			`dionaea = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = dionaea-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`malwaredir = /data/dionaea/binaries/`
			`sqlitedb = /data/dionaea/log/dionaea.sqlite`

			`[HONEYTRAP]`
			`honeytrap = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = honeytrap-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`newversion = true`
			`payloaddir = /data/honeytrap/attacks/`
			`attackerfile = /data/honeytrap/log/attacker.log`

			`[RDPDETECT]`
			`rdpdetect = false`
			`nodeid =`
			`iptableslog =`
			`targetip =`

			`[EMOBILITY]`
			`eMobility = false`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = emobility-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/emobility/log/centralsystemEWS.log`

			`[CONPOT]`
			`conpot = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = conpot-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/conpot/log/conpot*.json`

			`[ELASTICPOT]`
			`elasticpot = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = elasticpot-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/elasticpot/log/elasticpot.log`

			`[SURICATA]`
			`suricata = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = suricata-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/suricata/log/eve.json`

			`[MAILONEY]`
			`mailoney = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = mailoney-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/mailoney/log/commands.log`

			`[RDPY]`
			`rdpy = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = rdpy-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/rdpy/log/rdpy.log`

			`[VNCLOWPOT]`
			`vnclowpot = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = vnclowpot-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/vnclowpot/log/vnclowpot.log`

			`[HERALDING]`
			`heralding = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = heralding-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/heralding/log/auth.csv`

			`[CISCOASA]`
			`ciscoasa = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = ciscoasa-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/ciscoasa/log/ciscoasa.log`

			`[TANNER]`
			`tanner = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = tanner-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/tanner/log/tanner_report.json`

			`[GLUTTON]`
			`glutton = true`
Added new playbook and roles 2019-06-29 16:21:47 +00:00			`nodeid = glutton-{{ ansible_hostname }}`
Added custom ews.cfg Playbook 2019-04-10 10:52:57 +00:00			`logfile = /data/glutton/log/glutton.log`