tpotce/docker/tpotinit/dist/bin/rules.sh

#!/bin/bash

### Vars, Ports for Standard services
myHOSTPORTS="7634 64294 64295 64296 64297 64298 64299 64303 64305"
myDOCKERCOMPOSEYML="$1"
myRULESFUNCTION="$2"

function fuCHECKFORARGS {
### Check if args are present, if not throw error

if [ "$myDOCKERCOMPOSEYML" != "" ] && ([ "$myRULESFUNCTION" == "set" ] || [ "$myRULESFUNCTION" == "unset" ]);
  then
    echo "All arguments met. Continuing."
  else
    echo "Usage: rules.sh <docker-compose.yml> <[set, unset]>"
    exit
fi
}

function fuNFQCHECK {
### Check if honeytrap or glutton is actively enabled in docker-compose.yml

myNFQCHECK=$(grep -e '^\s*honeytrap:\|^\s*glutton:' $myDOCKERCOMPOSEYML | tr -d ': ' | uniq)
if [ "$myNFQCHECK" == "" ];
  then
    echo "No NFQ related honeypot detected, no iptables-legacy rules needed. Exiting."
    exit
  else
    echo "Detected $myNFQCHECK as NFQ based honeypot, iptables-legacy rules needed. Continuing."
fi
}

function fuGETPORTS {
### Get ports from docker-compose.yml

myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ,#,-' | sed -e s/^:// | cut -f1 -d ':' )
myDOCKERCOMPOSEPORTS+=" $myHOSTPORTS"
myRULESPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo $i; done | sort -gu)
echo "Setting up / removing these ports:"
echo "$myRULESPORTS"
}

function fuSETRULES {
### Setting up iptables-legacy rules for honeytrap
if [ "$myNFQCHECK" == "honeytrap" ];
  then
    iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
    iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT

    for myPORT in $myRULESPORTS; do
      iptables -w -A INPUT -p tcp --dport $myPORT -j ACCEPT
    done

    iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
fi

### Setting up iptables-legacy rules for glutton
if [ "$myNFQCHECK" == "glutton" ];
  then
    iptables -w -t mangle -A PREROUTING -s 127.0.0.1 -j ACCEPT
    iptables -w -t mangle -A PREROUTING -d 127.0.0.1 -j ACCEPT

    for myPORT in $myRULESPORTS; do
      iptables -w -t mangle -A PREROUTING -p tcp --dport $myPORT -j ACCEPT
    done
    # No need for NFQ forwarding, such rules are set up by glutton
fi
}

function fuUNSETRULES {
### Removing  iptables-legacy rules for honeytrap
if [ "$myNFQCHECK" == "honeytrap" ];
  then
    iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
    iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT

    for myPORT in $myRULESPORTS; do
      iptables -w -D INPUT -p tcp --dport $myPORT -j ACCEPT
    done

    iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
fi

### Removing iptables-legacy rules for glutton
if [ "$myNFQCHECK" == "glutton" ];
  then
    iptables -w -t mangle -D PREROUTING -s 127.0.0.1 -j ACCEPT
    iptables -w -t mangle -D PREROUTING -d 127.0.0.1 -j ACCEPT

    for myPORT in $myRULESPORTS; do
      iptables -w -t mangle -D PREROUTING -p tcp --dport $myPORT -j ACCEPT
    done
    # No need for removing NFQ forwarding, such rules are removed by glutton
fi
}

# Main
fuCHECKFORARGS
fuNFQCHECK
fuGETPORTS

if [ "$myRULESFUNCTION" == "set" ];
  then
    fuSETRULES
  else
    fuUNSETRULES
fi
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00			`#!/bin/bash`

			`### Vars, Ports for Standard services`
bump glutton to latest master 2024-11-28 11:03:57 +00:00			`myHOSTPORTS="7634 64294 64295 64296 64297 64298 64299 64303 64305"`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00			`myDOCKERCOMPOSEYML="$1"`
			`myRULESFUNCTION="$2"`

			`function fuCHECKFORARGS {`
			`### Check if args are present, if not throw error`

			`if [ "$myDOCKERCOMPOSEYML" != "" ] && ([ "$myRULESFUNCTION" == "set" ] \|\| [ "$myRULESFUNCTION" == "unset" ]);`
			`then`
			`echo "All arguments met. Continuing."`
			`else`
			`echo "Usage: rules.sh <docker-compose.yml> <[set, unset]>"`
			`exit`
			`fi`
			`}`

			`function fuNFQCHECK {`
check for glutton 2018-03-15 11:37:11 +00:00			`### Check if honeytrap or glutton is actively enabled in docker-compose.yml`
tweaking and fixes 2018-06-23 23:55:41 +00:00
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`myNFQCHECK=$(grep -e '^\shoneytrap:\\|^\sglutton:' $myDOCKERCOMPOSEYML \| tr -d ': ' \| uniq)`
			`if [ "$myNFQCHECK" == "" ];`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00			`then`
fix iptables for glutton 2019-02-20 11:00:36 +00:00			`echo "No NFQ related honeypot detected, no iptables-legacy rules needed. Exiting."`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00			`exit`
			`else`
fix iptables for glutton 2019-02-20 11:00:36 +00:00			`echo "Detected $myNFQCHECK as NFQ based honeypot, iptables-legacy rules needed. Continuing."`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00			`fi`
			`}`

			`function fuGETPORTS {`
			`### Get ports from docker-compose.yml`
tweaking and fixes 2018-06-23 23:55:41 +00:00
Begin of restructuring ... - tweaking before re-work tpotinit 2023-06-14 00:17:09 +00:00			`myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML \| yq -r '.services[].ports' \| grep ':' \| sed -e s/127.0.0.1// \| tr -d '", ,#,-' \| sed -e s/^:// \| cut -f1 -d ':' )`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00			`myDOCKERCOMPOSEPORTS+=" $myHOSTPORTS"`
			`myRULESPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo $i; done \| sort -gu)`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`echo "Setting up / removing these ports:"`
			`echo "$myRULESPORTS"`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00			`}`

			`function fuSETRULES {`
fix iptables for glutton 2019-02-20 11:00:36 +00:00			`### Setting up iptables-legacy rules for honeytrap`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`if [ "$myNFQCHECK" == "honeytrap" ];`
			`then`
tweaking where possible kibana visualizations are converted to lens objects (more than 100 objects) all dashboards have been updated fixes #1392 for leaving SentryPeer log tag out add wordpot dashboard after discussion (#1486) and testing iptables-legacy is no longer required include all kibana objects for installation cleaning up some service scripts 2024-03-18 15:19:49 +00:00			`iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT`
			`iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`for myPORT in $myRULESPORTS; do`
tweaking where possible kibana visualizations are converted to lens objects (more than 100 objects) all dashboards have been updated fixes #1392 for leaving SentryPeer log tag out add wordpot dashboard after discussion (#1486) and testing iptables-legacy is no longer required include all kibana objects for installation cleaning up some service scripts 2024-03-18 15:19:49 +00:00			`iptables -w -A INPUT -p tcp --dport $myPORT -j ACCEPT`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`done`
tweaking and fixes 2018-06-23 23:55:41 +00:00
tweaking where possible kibana visualizations are converted to lens objects (more than 100 objects) all dashboards have been updated fixes #1392 for leaving SentryPeer log tag out add wordpot dashboard after discussion (#1486) and testing iptables-legacy is no longer required include all kibana objects for installation cleaning up some service scripts 2024-03-18 15:19:49 +00:00			`iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`fi`

fix iptables for glutton 2019-02-20 11:00:36 +00:00			`### Setting up iptables-legacy rules for glutton`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`if [ "$myNFQCHECK" == "glutton" ];`
			`then`
tweaking 2024-03-15 21:41:12 +00:00			`iptables -w -t mangle -A PREROUTING -s 127.0.0.1 -j ACCEPT`
			`iptables -w -t mangle -A PREROUTING -d 127.0.0.1 -j ACCEPT`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00
			`for myPORT in $myRULESPORTS; do`
tweaking 2024-03-15 21:41:12 +00:00			`iptables -w -t mangle -A PREROUTING -p tcp --dport $myPORT -j ACCEPT`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`done`
			`# No need for NFQ forwarding, such rules are set up by glutton`
			`fi`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00			`}`

			`function fuUNSETRULES {`
fix iptables for glutton 2019-02-20 11:00:36 +00:00			`### Removing iptables-legacy rules for honeytrap`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`if [ "$myNFQCHECK" == "honeytrap" ];`
			`then`
tweaking where possible kibana visualizations are converted to lens objects (more than 100 objects) all dashboards have been updated fixes #1392 for leaving SentryPeer log tag out add wordpot dashboard after discussion (#1486) and testing iptables-legacy is no longer required include all kibana objects for installation cleaning up some service scripts 2024-03-18 15:19:49 +00:00			`iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT`
			`iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00
			`for myPORT in $myRULESPORTS; do`
tweaking where possible kibana visualizations are converted to lens objects (more than 100 objects) all dashboards have been updated fixes #1392 for leaving SentryPeer log tag out add wordpot dashboard after discussion (#1486) and testing iptables-legacy is no longer required include all kibana objects for installation cleaning up some service scripts 2024-03-18 15:19:49 +00:00			`iptables -w -D INPUT -p tcp --dport $myPORT -j ACCEPT`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`done`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00
tweaking where possible kibana visualizations are converted to lens objects (more than 100 objects) all dashboards have been updated fixes #1392 for leaving SentryPeer log tag out add wordpot dashboard after discussion (#1486) and testing iptables-legacy is no longer required include all kibana objects for installation cleaning up some service scripts 2024-03-18 15:19:49 +00:00			`iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`fi`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00
fix iptables for glutton 2019-02-20 11:00:36 +00:00			`### Removing iptables-legacy rules for glutton`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`if [ "$myNFQCHECK" == "glutton" ];`
			`then`
tweaking 2024-03-15 21:41:12 +00:00			`iptables -w -t mangle -D PREROUTING -s 127.0.0.1 -j ACCEPT`
			`iptables -w -t mangle -D PREROUTING -d 127.0.0.1 -j ACCEPT`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`for myPORT in $myRULESPORTS; do`
tweaking 2024-03-15 21:41:12 +00:00			`iptables -w -t mangle -D PREROUTING -p tcp --dport $myPORT -j ACCEPT`
tweaking glutton, automatic iptables rules 2018-04-16 12:39:46 +00:00			`done`
			`# No need for removing NFQ forwarding, such rules are removed by glutton`
			`fi`
generate iptables rules dynamically from docker-compose.yml 2018-03-15 10:59:27 +00:00			`}`

			`# Main`
			`fuCHECKFORARGS`
			`fuNFQCHECK`
			`fuGETPORTS`

			`if [ "$myRULESFUNCTION" == "set" ];`
			`then`
			`fuSETRULES`
			`else`
			`fuUNSETRULES`
			`fi`