Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 04:22:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tweaking glutton, signals

Browse source
This commit is contained in:
Marco Ochse 2018-04-17 13:54:57 +00:00
parent d1756fa934
commit 004af6dec7
13 changed files with 29 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docker/glutton/Dockerfile
View file

@ -12,7 +12,8 @@ RUN apk -U --no-cache add bash \
iptables-dev \
libnetfilter_queue-dev \
libpcap-dev \
procps && \
procps \
upx && \
# Setup go, glutton
export GOPATH=/opt/go/ && \
@ -27,6 +28,7 @@ RUN apk -U --no-cache add bash \
mv /opt/go/src/github.com/mushorg/glutton/bin /opt/glutton/ && \
mv /opt/go/src/github.com/mushorg/glutton/config /opt/glutton/ && \
mv /opt/go/src/github.com/mushorg/glutton/rules /opt/glutton/ && \
upx /opt/glutton/bin/server && \
# Setup user, groups and configs
addgroup -g 2000 glutton && \
@ -38,7 +40,8 @@ RUN apk -U --no-cache add bash \
apk del --purge build-base \
git \
go \
g++ && \
g++ \
upx && \
rm -rf /var/cache/apk/* \
/opt/go \
/root/dist

15
docker/glutton/dist/rules.yaml vendored
View file

@ -1,22 +1,27 @@
# Put passthrough rules on top, drop rules on bottom, rules are applied in order (top down)
rules:
- match: udp dst port 53
type: passthrough
- match: tcp dst port 21
type: conn_handler
target: ftp
- match: tcp dst port 23 or port 2323 or port 23231
type: conn_handler
target: telnet
- match: tcp dst port 25
type: conn_handler
target: smtp
- match: tcp dst port 3389
type: conn_handler
target: rdp
- match: tcp dst port 445
type: conn_handler
target: smb
- match: tcp dst port 21
- match: tcp dst port 3389
type: conn_handler
target: ftp
target: rdp
- match: tcp dst port 5060
type: conn_handler
target: sip
- match: tcp
type: conn_handler
target: default
- match:
type: drop

2
docker/glutton/notes Normal file
View file

@ -0,0 +1,2 @@
dtagdevsec/glutton 1804 44eed3090ae5 12 hours ago 35.3 MB

2
docker/heralding/Dockerfile
View file

@ -46,4 +46,4 @@ RUN apk -U upgrade && \
# Start elasticpot
WORKDIR /tmp/heralding/
CMD ["heralding","-c","/etc/heralding/heralding.yml","-l","/var/log/heralding/heralding.log"]
CMD exec heralding -c /etc/heralding/heralding.yml -l /var/log/heralding/heralding.log

1
docker/heralding/docker-compose.yml
View file

@ -10,6 +10,7 @@ services:
build: .
container_name: heralding
restart: always
stop_signal: SIGINT
environment:
- PYTHON_EGG_CACHE=/tmp/heralding
tmpfs:

1
docker/mailoney/docker-compose.yml
View file

@ -10,6 +10,7 @@ services:
build: .
container_name: mailoney
restart: always
stop_signal: SIGINT
networks:
- mailoney_local
ports:

2
docker/p0f/Dockerfile
View file

@ -35,4 +35,4 @@ RUN apk -U upgrade && \
# Start suricata
WORKDIR /opt/p0f
USER p0f:p0f
CMD /bin/bash -c "exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])"
CMD exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])

2
docker/rdpy/Dockerfile
View file

@ -53,4 +53,4 @@ RUN apk -U upgrade && \
# Start rdpy
USER rdpy:rdpy
CMD /usr/bin/python2 -i /usr/bin/rdpy-rdphoneypot.py /home/rdpy/$(shuf -i 1-3 -n 1) >> /var/log/rdpy/rdpy.log
CMD exec /usr/bin/python2 -i /usr/bin/rdpy-rdphoneypot.py /home/rdpy/$(shuf -i 1-3 -n 1) >> /var/log/rdpy/rdpy.log

2
docker/suricata/Dockerfile
View file

@ -30,4 +30,4 @@ RUN apk -U upgrade && \
rm -rf /var/cache/apk/*
# Start suricata
CMD update.sh $OINKCODE && suricata -v -F /etc/suricata/capture-filter.bpf -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
CMD update.sh $OINKCODE && exec suricata -v -F /etc/suricata/capture-filter.bpf -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])

1
docker/suricata/docker-compose.yml
View file

@ -9,6 +9,7 @@ services:
build: .
container_name: suricata
restart: always
stop_signal: SIGINT
environment:
# For ET Pro ruleset replace <OPEN> with your OINKCODE
- OINKCODE=OPEN

5
docker/vnclowpot/Dockerfile
View file

@ -23,8 +23,9 @@ RUN apk -U add bash \
apk del build-base \
git \
go && \
rm -rf /var/cache/apk/*
rm -rf /opt/go/src \
/var/cache/apk/* \
# Run supervisor upon container start
USER vnclowpot:vnclowpot
CMD /opt/go/bin/vnclowpot -j >> /var/log/vnclowpot/vnclowpot.log
CMD exec /opt/go/bin/vnclowpot -j >> /var/log/vnclowpot/vnclowpot.log

2
docker/wetty/Dockerfile
View file

@ -29,4 +29,4 @@ RUN apk -U upgrade && \
# Start elasticsearch-head
WORKDIR /opt
USER wetty:wetty
CMD /usr/bin/node /opt/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295 --sshuser $MY_SSHUSER
CMD exec /usr/bin/node /opt/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295 --sshuser $MY_SSHUSER

1
docker/wetty/docker-compose.yml
View file

@ -9,6 +9,7 @@ services:
build: .
container_name: wetty
restart: always
stop_signal: SIGKILL
network_mode: "host"
env_file:
- /opt/tpot/etc/compose/wetty_environment