tweaking glutton, signals

2025-07-01 12:32:12 +00:00 · 2018-04-17 13:54:57 +00:00 · 2018-04-17 13:54:57 +00:00 · 004af6dec7
commit 004af6dec7
parent d1756fa934
13 changed files with 29 additions and 14 deletions
--- a/docker/glutton/Dockerfile
+++ b/docker/glutton/Dockerfile
@ -12,7 +12,8 @@ RUN apk -U --no-cache add bash \
                          iptables-dev \
                          libnetfilter_queue-dev \
                          libpcap-dev \
-                          procps && \
+                          procps \
                          upx && \
 # Setup go, glutton
    export GOPATH=/opt/go/ && \
@ -27,6 +28,7 @@ RUN apk -U --no-cache add bash \
    mv /opt/go/src/github.com/mushorg/glutton/bin /opt/glutton/ && \
    mv /opt/go/src/github.com/mushorg/glutton/config /opt/glutton/ && \
    mv /opt/go/src/github.com/mushorg/glutton/rules /opt/glutton/ && \
    upx /opt/glutton/bin/server && \
 # Setup user, groups and configs
    addgroup -g 2000 glutton && \
@ -38,7 +40,8 @@ RUN apk -U --no-cache add bash \
    apk del --purge build-base \
                    git \
                    go \
-                    g++ && \
+                    g++ \
                    upx && \
    rm -rf /var/cache/apk/* \
           /opt/go \
           /root/dist
--- a/docker/glutton/dist/rules.yaml
+++ b/docker/glutton/dist/rules.yaml
@ -1,22 +1,27 @@
 # Put passthrough rules on top, drop rules on bottom, rules are applied in order (top down)
 rules:
  - match: udp dst port 53
    type: passthrough
  - match: tcp dst port 21
    type: conn_handler
    target: ftp
  - match: tcp dst port 23 or port 2323 or port 23231
    type: conn_handler
    target: telnet
  - match: tcp dst port 25
    type: conn_handler
    target: smtp
  - match: tcp dst port 3389
    type: conn_handler
    target: rdp
  - match: tcp dst port 445
    type: conn_handler
    target: smb
-  - match: tcp dst port 21
+  - match: tcp dst port 3389
    type: conn_handler
-    target: ftp
+    target: rdp
  - match: tcp dst port 5060
    type: conn_handler
    target: sip
  - match: tcp
    type: conn_handler
    target: default
  - match: 
    type: drop
--- a/docker/glutton/notes
+++ b/docker/glutton/notes
@ -0,0 +1,2 @@
 dtagdevsec/glutton         1804                44eed3090ae5        12 hours ago        35.3 MB
--- a/docker/heralding/Dockerfile
+++ b/docker/heralding/Dockerfile
@ -46,4 +46,4 @@ RUN apk -U upgrade && \
 # Start elasticpot
 WORKDIR /tmp/heralding/
-CMD ["heralding","-c","/etc/heralding/heralding.yml","-l","/var/log/heralding/heralding.log"]
+CMD exec heralding -c /etc/heralding/heralding.yml -l /var/log/heralding/heralding.log
--- a/docker/heralding/docker-compose.yml
+++ b/docker/heralding/docker-compose.yml
@ -10,6 +10,7 @@ services:
    build: .
    container_name: heralding
    restart: always
    stop_signal: SIGINT
    environment:
      - PYTHON_EGG_CACHE=/tmp/heralding
    tmpfs:
--- a/docker/mailoney/docker-compose.yml
+++ b/docker/mailoney/docker-compose.yml
@ -10,6 +10,7 @@ services:
    build: .
    container_name: mailoney
    restart: always
    stop_signal: SIGINT
    networks:
     - mailoney_local
    ports:
--- a/docker/p0f/Dockerfile
+++ b/docker/p0f/Dockerfile
@ -35,4 +35,4 @@ RUN apk -U upgrade && \
 # Start suricata
 WORKDIR /opt/p0f
 USER p0f:p0f
-CMD /bin/bash -c "exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])"
+CMD exec /opt/p0f/p0f -u p0f -j -o /var/log/p0f/p0f.json -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
--- a/docker/rdpy/Dockerfile
+++ b/docker/rdpy/Dockerfile
@ -53,4 +53,4 @@ RUN apk -U upgrade && \
 # Start rdpy
 USER rdpy:rdpy
-CMD /usr/bin/python2 -i /usr/bin/rdpy-rdphoneypot.py /home/rdpy/$(shuf -i 1-3 -n 1) >> /var/log/rdpy/rdpy.log
+CMD exec /usr/bin/python2 -i /usr/bin/rdpy-rdphoneypot.py /home/rdpy/$(shuf -i 1-3 -n 1) >> /var/log/rdpy/rdpy.log
--- a/docker/suricata/Dockerfile
+++ b/docker/suricata/Dockerfile
@ -30,4 +30,4 @@ RUN apk -U upgrade && \
    rm -rf /var/cache/apk/*
 # Start suricata
-CMD update.sh $OINKCODE && suricata -v -F /etc/suricata/capture-filter.bpf -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
+CMD update.sh $OINKCODE && exec suricata -v -F /etc/suricata/capture-filter.bpf -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:])
--- a/docker/suricata/docker-compose.yml
+++ b/docker/suricata/docker-compose.yml
@ -9,6 +9,7 @@ services:
    build: .
    container_name: suricata
    restart: always
    stop_signal: SIGINT
    environment:
    # For ET Pro ruleset replace <OPEN> with your OINKCODE
     - OINKCODE=OPEN
--- a/docker/vnclowpot/Dockerfile
+++ b/docker/vnclowpot/Dockerfile
@ -23,8 +23,9 @@ RUN apk -U add bash \
    apk del build-base \
            git \
            go && \
-    rm -rf /var/cache/apk/*
+    rm -rf /opt/go/src \
           /var/cache/apk/* \
 # Run supervisor upon container start
 USER vnclowpot:vnclowpot
-CMD /opt/go/bin/vnclowpot -j >> /var/log/vnclowpot/vnclowpot.log
+CMD exec /opt/go/bin/vnclowpot -j >> /var/log/vnclowpot/vnclowpot.log
--- a/docker/wetty/Dockerfile
+++ b/docker/wetty/Dockerfile
@ -29,4 +29,4 @@ RUN apk -U upgrade && \
 # Start elasticsearch-head
 WORKDIR /opt
 USER wetty:wetty
-CMD /usr/bin/node /opt/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295 --sshuser $MY_SSHUSER
+CMD exec /usr/bin/node /opt/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295 --sshuser $MY_SSHUSER
--- a/docker/wetty/docker-compose.yml
+++ b/docker/wetty/docker-compose.yml
@ -9,6 +9,7 @@ services:
    build: .
    container_name: wetty
    restart: always
    stop_signal: SIGKILL
    network_mode: "host"
    env_file:
     - /opt/tpot/etc/compose/wetty_environment
		`@ -0,0 +1,2 @@`
							`dtagdevsec/glutton 1804 44eed3090ae5 12 hours ago 35.3 MB`