Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-20 06:02:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add paths, logrotate settings, cleaner settings for new honeypots

Browse source
This commit is contained in:
t3chn0m4g3 2021-08-24 11:51:01 +00:00
parent baaba5311a
commit 05a7d33c9f
4 changed files with 55 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
bin/clean.sh
View file

@ -114,6 +114,14 @@ fuCOWRIE () {
chown tpot:tpot /data/cowrie -R chown tpot:tpot /data/cowrie -R
} }
# Let's create a function to clean up and prepare ddospot data
fuDDOSPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ddospot/log; fi
mkdir -p /data/ddospot/log
chmod 770 /data/ddospot -R
chown tpot:tpot /data/ddospot -R
}
# Let's create a function to clean up and prepare dicompot data # Let's create a function to clean up and prepare dicompot data
fuDICOMPOT () { fuDICOMPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/log; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/log; fi
@ -149,6 +157,14 @@ fuELK () {
chown tpot:tpot /data/elk -R chown tpot:tpot /data/elk -R
} }
# Let's create a function to clean up and prepare endlessh data
fuENDLESSH () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/endlessh/log; fi
mkdir -p /data/endlessh/log
chmod 770 /data/endlessh -R
chown tpot:tpot /data/endlessh -R
}
# Let's create a function to clean up and prepare fatt data # Let's create a function to clean up and prepare fatt data
fuFATT () { fuFATT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/fatt/*; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/fatt/*; fi
@ -165,6 +181,14 @@ fuGLUTTON () {
chown tpot:tpot /data/glutton -R chown tpot:tpot /data/glutton -R
} }
# Let's create a function to clean up and prepare hellpot data
fuHELLPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
mkdir -p /data/hellpot/log
chmod 770 /data/hellpot -R
chown tpot:tpot /data/hellpot -R
}
# Let's create a function to clean up and prepare heralding data # Let's create a function to clean up and prepare heralding data
fuHERALDING () { fuHERALDING () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/heralding/*; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/heralding/*; fi
@ -237,6 +261,14 @@ fuRDPY () {
chown tpot:tpot /data/rdpy/ -R chown tpot:tpot /data/rdpy/ -R
} }
# Let's create a function to clean up and prepare redishoneypot data
fuREDISHONEYPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/redishoneypot/log; fi
mkdir -p /data/redishoneypot/log
chmod 770 /data/redishoneypot -R
chown tpot:tpot /data/redishoneypot -R
}
# Let's create a function to prepare spiderfoot db # Let's create a function to prepare spiderfoot db
fuSPIDERFOOT () { fuSPIDERFOOT () {
mkdir -p /data/spiderfoot mkdir -p /data/spiderfoot
@ -296,13 +328,16 @@ if [ "$myPERSISTENCE" = "on" ];
fuCITRIXHONEYPOT fuCITRIXHONEYPOT
fuCONPOT fuCONPOT
fuCOWRIE fuCOWRIE
fuDDOSPOT
fuDICOMPOT fuDICOMPOT
fuDIONAEA fuDIONAEA
fuELASTICPOT fuELASTICPOT
fuELK fuELK
fuENDLESSH
fuFATT fuFATT
fuGLUTTON fuGLUTTON
fuHERALDING fuHERALDING
fuHELLPOT
fuHONEYSAP fuHONEYSAP
fuHONEYPY fuHONEYPY
fuHONEYTRAP fuHONEYTRAP
@ -310,6 +345,7 @@ if [ "$myPERSISTENCE" = "on" ];
fuMAILONEY fuMAILONEY
fuMEDPOT fuMEDPOT
fuNGINX fuNGINX
fuREDISHONEYPOT
fuRDPY fuRDPY
fuSPIDERFOOT fuSPIDERFOOT
fuSURICATA fuSURICATA

4
etc/logrotate/logrotate.conf
View file

@ -7,6 +7,7 @@
/data/cowrie/log/cowrie.json /data/cowrie/log/cowrie.json
/data/cowrie/log/cowrie-textlog.log /data/cowrie/log/cowrie-textlog.log
/data/cowrie/log/lastlog.txt /data/cowrie/log/lastlog.txt
/data/ddospot/log/*.log
/data/dicompot/log/dicompot.log /data/dicompot/log/dicompot.log
/data/dionaea/log/dionaea.json /data/dionaea/log/dionaea.json
/data/dionaea/log/dionaea.sqlite /data/dionaea/log/dionaea.sqlite
@ -14,9 +15,11 @@
/data/elasticpot/log/elasticpot.log /data/elasticpot/log/elasticpot.log
/data/elasticpot/log/elasticpot.json /data/elasticpot/log/elasticpot.json
/data/elk/log/*.log /data/elk/log/*.log
/data/endlessh/log/*.log
/data/fatt/log/fatt.log /data/fatt/log/fatt.log
/data/glutton/log/*.log /data/glutton/log/*.log
/data/glutton/log/*.err /data/glutton/log/*.err
/data/hellpot/log/*.log
/data/heralding/log/*.log /data/heralding/log/*.log
/data/heralding/log/*.csv /data/heralding/log/*.csv
/data/heralding/log/*.json /data/heralding/log/*.json
@ -30,6 +33,7 @@
/data/nginx/log/*.log /data/nginx/log/*.log
/data/p0f/log/p0f.json /data/p0f/log/p0f.json
/data/rdpy/log/rdpy.log /data/rdpy/log/rdpy.log
/data/redishoneypot/log/*.log
/data/suricata/log/*.log /data/suricata/log/*.log
/data/suricata/log/*.json /data/suricata/log/*.json
/data/tanner/log/*.json /data/tanner/log/*.json

6
iso/installer/install.sh
View file

@ -779,7 +779,7 @@ fuBANNER "Add cronjobs"
echo "$myCRONJOBS" | tee -a /etc/crontab echo "$myCRONJOBS" | tee -a /etc/crontab
### For some honeypots to work we need to ensure ntp.service is not listening ### For some honeypots to work we need to ensure ntp.service is not listening
echo "### Ensure ntp.service is not listening to avoid port potential port conflict with ddospot." echo "### Ensure ntp.service is not listening to avoid potential port conflict with ddospot."
myNTP_IF_DISABLE="interface ignore wildcard myNTP_IF_DISABLE="interface ignore wildcard
interface ignore 127.0.0.1 interface ignore 127.0.0.1
interface ignore ::1" interface ignore ::1"
@ -802,13 +802,16 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/conpot/log \ /data/conpot/log \
/data/citrixhoneypot/logs \ /data/citrixhoneypot/logs \
/data/cowrie/{downloads,keys,misc,log,log/tty} \ /data/cowrie/{downloads,keys,misc,log,log/tty} \
/data/ddospot/{bl,db,log} \
/data/dicompot/{images,log} \ /data/dicompot/{images,log} \
/data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
/data/elasticpot/log \ /data/elasticpot/log \
/data/elk/{data,log} \ /data/elk/{data,log} \
/data/endlessh/log \
/data/fatt/log \ /data/fatt/log \
/data/honeytrap/{log,attacks,downloads} \ /data/honeytrap/{log,attacks,downloads} \
/data/glutton/log \ /data/glutton/log \
/data/hellpot/log \
/data/heralding/log \ /data/heralding/log \
/data/honeypy/log \ /data/honeypy/log \
/data/honeysap/log \ /data/honeysap/log \
@ -819,6 +822,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/emobility/log \ /data/emobility/log \
/data/ews/conf \ /data/ews/conf \
/data/rdpy/log \ /data/rdpy/log \
/data/redishoneypot/log \
/data/spiderfoot \ /data/spiderfoot \
/data/suricata/log \ /data/suricata/log \
/data/tanner/{log,files} \ /data/tanner/{log,files} \

16
update.sh
View file

@ -226,33 +226,37 @@ echo
mkdir -vp /data/adbhoney/{downloads,log} \ mkdir -vp /data/adbhoney/{downloads,log} \
/data/ciscoasa/log \ /data/ciscoasa/log \
/data/conpot/log \ /data/conpot/log \
/data/citrixhoneypot/logs \ /data/citrixhoneypot/logs \
/data/cowrie/{downloads,keys,misc,log,log/tty} \ /data/cowrie/{downloads,keys,misc,log,log/tty} \
/data/dicompot/{images,log} \ /data/ddospot/{bl,db,log} \
/data/dicompot/{images,log} \
/data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
/data/elasticpot/log \ /data/elasticpot/log \
/data/elk/{data,log} \ /data/elk/{data,log} \
/data/fatt/log \ /data/endlessh/log \
/data/fatt/log \
/data/honeytrap/{log,attacks,downloads} \ /data/honeytrap/{log,attacks,downloads} \
/data/glutton/log \ /data/glutton/log \
/data/hellpot/log \
/data/heralding/log \ /data/heralding/log \
/data/honeypy/log \ /data/honeypy/log \
/data/honeysap/log \ /data/honeysap/log \
/data/ipphoney/log \ /data/ipphoney/log \
/data/mailoney/log \ /data/mailoney/log \
/data/medpot/log \ /data/medpot/log \
/data/nginx/{log,heimdall} \ /data/nginx/{log,heimdall} \
/data/emobility/log \ /data/emobility/log \
/data/ews/conf \ /data/ews/conf \
/data/rdpy/log \ /data/rdpy/log \
/data/redishoneypot/log \
/data/spiderfoot \ /data/spiderfoot \
/data/suricata/log \ /data/suricata/log \
/data/tanner/{log,files} \ /data/tanner/{log,files} \
/data/p0f/log \ /data/p0f/log \
/home/tsec/.ssh/ /home/tsec/.ssh/
### For some honeypots to work we need to ensure ntp.service is not listening ### For some honeypots to work we need to ensure ntp.service is not listening
echo "### Ensure ntp.service is not listening to avoid port potential port conflict with ddospot." echo "### Ensure ntp.service is not listening to avoid potential port conflict with ddospot."
myNTP_IF_DISABLE="interface ignore wildcard myNTP_IF_DISABLE="interface ignore wildcard
interface ignore 127.0.0.1 interface ignore 127.0.0.1
interface ignore ::1" interface ignore ::1"