From 05a7d33c9f53dda1ff6b26d119405308523e55d7 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Tue, 24 Aug 2021 11:51:01 +0000
Subject: [PATCH] add paths, logrotate settings, cleaner settings for new
 honeypots

---
 bin/clean.sh                 | 36 ++++++++++++++++++++++++++++++++++++
 etc/logrotate/logrotate.conf |  4 ++++
 iso/installer/install.sh     |  6 +++++-
 update.sh                    | 16 ++++++++++------
 4 files changed, 55 insertions(+), 7 deletions(-)

diff --git a/bin/clean.sh b/bin/clean.sh
index 65d28d83..85f79245 100755
--- a/bin/clean.sh
+++ b/bin/clean.sh
@@ -114,6 +114,14 @@ fuCOWRIE () {
   chown tpot:tpot /data/cowrie -R
 }
 
+# Let's create a function to clean up and prepare ddospot data
+fuDDOSPOT () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ddospot/log; fi
+  mkdir -p /data/ddospot/log
+  chmod 770 /data/ddospot -R
+  chown tpot:tpot /data/ddospot -R
+}
+
 # Let's create a function to clean up and prepare dicompot data
 fuDICOMPOT () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/log; fi
@@ -149,6 +157,14 @@ fuELK () {
   chown tpot:tpot /data/elk -R
 }
 
+# Let's create a function to clean up and prepare endlessh data
+fuENDLESSH () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/endlessh/log; fi
+  mkdir -p /data/endlessh/log
+  chmod 770 /data/endlessh -R
+  chown tpot:tpot /data/endlessh -R
+}
+
 # Let's create a function to clean up and prepare fatt data
 fuFATT () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/fatt/*; fi
@@ -165,6 +181,14 @@ fuGLUTTON () {
   chown tpot:tpot /data/glutton -R
 }
 
+# Let's create a function to clean up and prepare hellpot data
+fuHELLPOT () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
+  mkdir -p /data/hellpot/log
+  chmod 770 /data/hellpot -R
+  chown tpot:tpot /data/hellpot -R
+}
+
 # Let's create a function to clean up and prepare heralding data
 fuHERALDING () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/heralding/*; fi
@@ -237,6 +261,14 @@ fuRDPY () {
   chown tpot:tpot /data/rdpy/ -R
 }
 
+# Let's create a function to clean up and prepare redishoneypot data
+fuREDISHONEYPOT () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/redishoneypot/log; fi
+  mkdir -p /data/redishoneypot/log
+  chmod 770 /data/redishoneypot -R
+  chown tpot:tpot /data/redishoneypot -R
+}
+
 # Let's create a function to prepare spiderfoot db
 fuSPIDERFOOT () {
   mkdir -p /data/spiderfoot
@@ -296,13 +328,16 @@ if [ "$myPERSISTENCE" = "on" ];
     fuCITRIXHONEYPOT
     fuCONPOT
     fuCOWRIE
+    fuDDOSPOT
     fuDICOMPOT
     fuDIONAEA
     fuELASTICPOT
     fuELK
+    fuENDLESSH
     fuFATT
     fuGLUTTON
     fuHERALDING
+    fuHELLPOT
     fuHONEYSAP
     fuHONEYPY
     fuHONEYTRAP
@@ -310,6 +345,7 @@ if [ "$myPERSISTENCE" = "on" ];
     fuMAILONEY
     fuMEDPOT
     fuNGINX
+    fuREDISHONEYPOT
     fuRDPY
     fuSPIDERFOOT
     fuSURICATA
diff --git a/etc/logrotate/logrotate.conf b/etc/logrotate/logrotate.conf
index 19a08e6c..773bd997 100644
--- a/etc/logrotate/logrotate.conf
+++ b/etc/logrotate/logrotate.conf
@@ -7,6 +7,7 @@
 /data/cowrie/log/cowrie.json
 /data/cowrie/log/cowrie-textlog.log
 /data/cowrie/log/lastlog.txt
+/data/ddospot/log/*.log
 /data/dicompot/log/dicompot.log
 /data/dionaea/log/dionaea.json
 /data/dionaea/log/dionaea.sqlite
@@ -14,9 +15,11 @@
 /data/elasticpot/log/elasticpot.log
 /data/elasticpot/log/elasticpot.json
 /data/elk/log/*.log
+/data/endlessh/log/*.log
 /data/fatt/log/fatt.log
 /data/glutton/log/*.log
 /data/glutton/log/*.err
+/data/hellpot/log/*.log
 /data/heralding/log/*.log
 /data/heralding/log/*.csv
 /data/heralding/log/*.json
@@ -30,6 +33,7 @@
 /data/nginx/log/*.log
 /data/p0f/log/p0f.json
 /data/rdpy/log/rdpy.log
+/data/redishoneypot/log/*.log
 /data/suricata/log/*.log
 /data/suricata/log/*.json
 /data/tanner/log/*.json
diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index 20bcb782..04f8eb13 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -779,7 +779,7 @@ fuBANNER "Add cronjobs"
 echo "$myCRONJOBS" | tee -a /etc/crontab
 
 ### For some honeypots to work we need to ensure ntp.service is not listening
-echo "### Ensure ntp.service is not listening to avoid port potential port conflict with ddospot."
+echo "### Ensure ntp.service is not listening to avoid potential port conflict with ddospot."
 myNTP_IF_DISABLE="interface ignore wildcard
 interface ignore 127.0.0.1
 interface ignore ::1"
@@ -802,13 +802,16 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/conpot/log \
          /data/citrixhoneypot/logs \
          /data/cowrie/{downloads,keys,misc,log,log/tty} \
+	 /data/ddospot/{bl,db,log} \
 	 /data/dicompot/{images,log} \
          /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
          /data/elasticpot/log \
          /data/elk/{data,log} \
+	 /data/endlessh/log \
          /data/fatt/log \
          /data/honeytrap/{log,attacks,downloads} \
          /data/glutton/log \
+	 /data/hellpot/log \
          /data/heralding/log \
          /data/honeypy/log \
          /data/honeysap/log \
@@ -819,6 +822,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/emobility/log \
          /data/ews/conf \
          /data/rdpy/log \
+	 /data/redishoneypot/log \
          /data/spiderfoot \
          /data/suricata/log \
          /data/tanner/{log,files} \
diff --git a/update.sh b/update.sh
index 0dd38723..e5df7992 100755
--- a/update.sh
+++ b/update.sh
@@ -226,33 +226,37 @@ echo
 mkdir -vp /data/adbhoney/{downloads,log} \
          /data/ciscoasa/log \
          /data/conpot/log \
-	 /data/citrixhoneypot/logs \
+         /data/citrixhoneypot/logs \
          /data/cowrie/{downloads,keys,misc,log,log/tty} \
-	 /data/dicompot/{images,log} \
+         /data/ddospot/{bl,db,log} \
+         /data/dicompot/{images,log} \
          /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
          /data/elasticpot/log \
          /data/elk/{data,log} \
-	 /data/fatt/log \
+         /data/endlessh/log \
+         /data/fatt/log \
          /data/honeytrap/{log,attacks,downloads} \
          /data/glutton/log \
+         /data/hellpot/log \
          /data/heralding/log \
          /data/honeypy/log \
          /data/honeysap/log \
-	 /data/ipphoney/log \
+         /data/ipphoney/log \
          /data/mailoney/log \
          /data/medpot/log \
          /data/nginx/{log,heimdall} \
          /data/emobility/log \
          /data/ews/conf \
          /data/rdpy/log \
+         /data/redishoneypot/log \
          /data/spiderfoot \
          /data/suricata/log \
          /data/tanner/{log,files} \
          /data/p0f/log \
-	 /home/tsec/.ssh/
+         /home/tsec/.ssh/
 
 ### For some honeypots to work we need to ensure ntp.service is not listening
-echo "### Ensure ntp.service is not listening to avoid port potential port conflict with ddospot."
+echo "### Ensure ntp.service is not listening to avoid potential port conflict with ddospot."
 myNTP_IF_DISABLE="interface ignore wildcard
 interface ignore 127.0.0.1
 interface ignore ::1"