Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 20:42:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

prepare for honeypot changes

Browse source
This commit is contained in:
Marco Ochse 2017-06-21 19:26:42 +00:00
parent 77e68f0e64
commit 0e7563da17
7 changed files with 90 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
installer/bin/clean.sh
View file

@ -79,7 +79,7 @@ fuHONEYTRAP () {
}
# Let's create a function to clean up and prepare mailoney data
fuHONEYTRAP () {
fuMAILONEY () {
rm -rf /data/mailoney/*
mkdir -p /data/mailoney/log/
chmod 760 /data/mailoney/ -R
@ -118,6 +118,7 @@ fuELK
fuEMOBILITY
fuGLASTOPF
fuHONEYTRAP
fuMAILONEY
fuSPIDERFOOT
fuSURICATA
fuP0F

37
installer/etc/tpot/compose/all.yml
View file

@ -42,19 +42,24 @@ services:
- "23:2223"
image: "dtagdevsec/cowrie:1706"
volumes:
- /data/cowrie:/data/cowrie
- /data/cowrie/downloads:/home/cowrie/cowrie/dl
- /data/cowrie/keys:/home/cowrie/cowrie/etc
- /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dionaea service
dionaea:
container_name: dionaea
stdin_open: true
restart: always
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
networks:
- dionaea_local
cap_add:
- NET_BIND_SERVICE
ports:
- "21:21"
- "21:21"
- "42:42"
- "69:69/udp"
- "8081:80"
@ -64,15 +69,22 @@ services:
- "1433:1433"
- "1723:1723"
- "1883:1883"
- "1900:1900"
- "3306:3306"
- "1900:1900/udp"
- "3306:3306"
- "5060:5060"
- "5061:5061"
- "5060:5060/udp"
- "11211:11211"
- "5061:5061"
- "27017:27017"
image: "dtagdevsec/dionaea:1706"
volumes:
- /data/dionaea:/data/dionaea
- /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
- /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
- /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
- /data/dionaea:/opt/dionaea/var/dionaea
- /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
- /data/dionaea/log:/opt/dionaea/var/log
- /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
# Elasticpot service
elasticpot:
@ -84,7 +96,7 @@ services:
- "9200:9200"
image: "dtagdevsec/elasticpot:1706"
volumes:
- /data/elasticpot:/data/elasticpot
- /data/elasticpot/log/elasticpot.log:/opt/ElasticpotPY/elasticpot.log
# ELK services
## Elasticsearch service
@ -182,8 +194,8 @@ services:
- "80:80"
image: "dtagdevsec/glastopf:1706"
volumes:
- /data/glastopf:/data/glastopf
- /data/ews:/data/ews
- /data/glastopf/db:/opt/glastopf/db
- /data/glastopf/log:/opt/glastopf/log
# Honeytrap service
honeytrap:
@ -194,8 +206,9 @@ services:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1706"
volumes:
- /data/honeytrap:/data/honeytrap
- /data/ews:/data/ews
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
# Mailoney service
mailoney:

41
installer/etc/tpot/compose/hp.yml
View file

@ -11,7 +11,7 @@ networks:
mailoney_local:
services:
# Cowrie service
cowrie:
container_name: cowrie
@ -25,19 +25,24 @@ services:
- "23:2223"
image: "dtagdevsec/cowrie:1706"
volumes:
- /data/cowrie:/data/cowrie
- /data/cowrie/downloads:/home/cowrie/cowrie/dl
- /data/cowrie/keys:/home/cowrie/cowrie/etc
- /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dionaea service
dionaea:
container_name: dionaea
stdin_open: true
restart: always
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
networks:
- dionaea_local
cap_add:
- NET_BIND_SERVICE
ports:
- "21:21"
- "21:21"
- "42:42"
- "69:69/udp"
- "8081:80"
@ -47,15 +52,22 @@ services:
- "1433:1433"
- "1723:1723"
- "1883:1883"
- "1900:1900"
- "3306:3306"
- "1900:1900/udp"
- "3306:3306"
- "5060:5060"
- "5061:5061"
- "5060:5060/udp"
- "11211:11211"
- "5061:5061"
- "27017:27017"
image: "dtagdevsec/dionaea:1706"
volumes:
- /data/dionaea:/data/dionaea
- /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
- /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
- /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
- /data/dionaea:/opt/dionaea/var/dionaea
- /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
- /data/dionaea/log:/opt/dionaea/var/log
- /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
# Elasticpot service
elasticpot:
@ -67,7 +79,7 @@ services:
- "9200:9200"
image: "dtagdevsec/elasticpot:1706"
volumes:
- /data/elasticpot:/data/elasticpot
- /data/elasticpot/log/elasticpot.log:/opt/ElasticpotPY/elasticpot.log
# Ewsposter service
ewsposter:
@ -90,8 +102,8 @@ services:
- "80:80"
image: "dtagdevsec/glastopf:1706"
volumes:
- /data/glastopf:/data/glastopf
- /data/ews:/data/ews
- /data/glastopf/db:/opt/glastopf/db
- /data/glastopf/log:/opt/glastopf/log
# Honeytrap service
honeytrap:
@ -102,8 +114,9 @@ services:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1706"
volumes:
- /data/honeytrap:/data/honeytrap
- /data/ews:/data/ews
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
# Mailoney service
mailoney:

1
installer/etc/tpot/compose/industrial.yml
View file

@ -97,6 +97,7 @@ services:
image: "dtagdevsec/emobility:1706"
volumes:
- /data/emobility:/data/eMobility
- /data/ews:/data/ews
# Ewsposter service
ewsposter:

37
installer/etc/tpot/compose/tpot.yml
View file

@ -27,19 +27,24 @@ services:
- "23:2223"
image: "dtagdevsec/cowrie:1706"
volumes:
- /data/cowrie:/data/cowrie
- /data/cowrie/downloads:/home/cowrie/cowrie/dl
- /data/cowrie/keys:/home/cowrie/cowrie/etc
- /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dionaea service
dionaea:
container_name: dionaea
stdin_open: true
restart: always
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
networks:
- dionaea_local
cap_add:
- NET_BIND_SERVICE
ports:
- "21:21"
- "21:21"
- "42:42"
- "69:69/udp"
- "8081:80"
@ -49,15 +54,22 @@ services:
- "1433:1433"
- "1723:1723"
- "1883:1883"
- "1900:1900"
- "3306:3306"
- "1900:1900/udp"
- "3306:3306"
- "5060:5060"
- "5061:5061"
- "5060:5060/udp"
- "11211:11211"
- "5061:5061"
- "27017:27017"
image: "dtagdevsec/dionaea:1706"
volumes:
- /data/dionaea:/data/dionaea
- /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
- /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
- /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
- /data/dionaea:/opt/dionaea/var/dionaea
- /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
- /data/dionaea/log:/opt/dionaea/var/log
- /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
# Elasticpot service
elasticpot:
@ -69,7 +81,7 @@ services:
- "9200:9200"
image: "dtagdevsec/elasticpot:1706"
volumes:
- /data/elasticpot:/data/elasticpot
- /data/elasticpot/log/elasticpot.log:/opt/ElasticpotPY/elasticpot.log
# ELK services
## Elasticsearch service
@ -152,8 +164,8 @@ services:
- "80:80"
image: "dtagdevsec/glastopf:1706"
volumes:
- /data/glastopf:/data/glastopf
- /data/ews:/data/ews
- /data/glastopf/db:/opt/glastopf/db
- /data/glastopf/log:/opt/glastopf/log
# Honeytrap service
honeytrap:
@ -164,8 +176,9 @@ services:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1706"
volumes:
- /data/honeytrap:/data/honeytrap
- /data/ews:/data/ews
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
# Mailoney service
mailoney:

8
installer/etc/tpot/systemd/tpot.service
View file

@ -32,9 +32,9 @@ ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
# Forward all other connections to honeytrap / NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634,8125 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 21:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
@ -47,9 +47,9 @@ ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
# Remove only previously set iptables rules
ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634,8125 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 21:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE

6
installer/install.sh
View file

@ -414,6 +414,9 @@ tee -a /etc/sysctl.conf 2>&1>/dev/null <<EOF
kernel.panic = 1
kernel.panic_on_oops = 1
vm.max_map_count = 262144
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF
# Let's add some cronjobs
@ -427,6 +430,9 @@ tee -a /etc/crontab 2>&1>/dev/null <<EOF
# Delete elastic indices older than 90 days (kibana index is omitted by default)
#27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'
# Uploaded binaries are not supposed to be downloaded
*/1 * * * * root mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/
# Daily reboot
27 3 * * * root reboot