From 2201e072f6b97f065cebd00aca9872f7b7739983 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Thu, 12 Mar 2020 16:02:43 +0000 Subject: [PATCH] testing honeysap --- docker/honeysap/Dockerfile | 39 +++++++ docker/honeysap/dist/external_route_table.yml | 6 + docker/honeysap/dist/honeysap.yml | 103 ++++++++++++++++++ docker/honeysap/docker-compose.yml | 20 ++++ etc/compose/nextgen.yml | 15 +++ 5 files changed, 183 insertions(+) create mode 100644 docker/honeysap/Dockerfile create mode 100644 docker/honeysap/dist/external_route_table.yml create mode 100644 docker/honeysap/dist/honeysap.yml create mode 100644 docker/honeysap/docker-compose.yml diff --git a/docker/honeysap/Dockerfile b/docker/honeysap/Dockerfile new file mode 100644 index 00000000..d07e59d0 --- /dev/null +++ b/docker/honeysap/Dockerfile @@ -0,0 +1,39 @@ +FROM alpine:latest +# +# Include dist +ADD dist/ /root/dist/ +# +# Install packages +RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \ + apk -U --no-cache add \ + build-base \ + git \ + libcap \ + python2 \ + python2-dev \ + py2-pip \ + tcpdump && \ +# +# Clone honeysap from git + git clone --depth=1 https://github.com/SecureAuthCorp/HoneySAP /opt/honeysap && \ + cd /opt/honeysap && \ + mkdir conf && \ + cp /root/dist/* conf/ && \ + python setup.py install && \ + pip install -r requirements-optional.txt && \ +# +# Setup user, groups and configs + addgroup -g 2000 honeysap && \ + adduser -S -s /bin/ash -u 2000 -D -g 2000 honeysap && \ + chown -R honeysap:honeysap /opt/honeysap && \ +# setcap cap_net_bind_service=+ep /opt/honeypy/env/bin/python && \ +# +# Clean up + apk del --purge git && \ + rm -rf /root/* \ + /var/cache/apk/* +# +# Set workdir and start honeysap +USER honeysap:honeysap +WORKDIR /opt/honeysap +CMD ["/opt/honeysap/bin/honeysap", "--config-file", "/opt/honeysap/conf/honeysap.yml"] diff --git a/docker/honeysap/dist/external_route_table.yml b/docker/honeysap/dist/external_route_table.yml new file mode 100644 index 00000000..be9e43fa --- /dev/null +++ b/docker/honeysap/dist/external_route_table.yml @@ -0,0 +1,6 @@ +# HoneSAP default external profile route table +# ============================================ +# + +# Allow any protocols to 10.0.0.100 port 3200 +- allow,any,10.0.0.100,3200, diff --git a/docker/honeysap/dist/honeysap.yml b/docker/honeysap/dist/honeysap.yml new file mode 100644 index 00000000..12d03e04 --- /dev/null +++ b/docker/honeysap/dist/honeysap.yml @@ -0,0 +1,103 @@ +# HoneSAP default external profile configuration +# ============================================== + +# Console logging configuration +# ----------------------------- + +# Level of console logging +verbose: 2 + +# Use colored output +colored_console: false + + +# Miscellaneous configuration +# --------------------------- + +# Enable reloading after a change in one of the configuration files +reload: true + +# Address to listen for all services +listener_address: 0.0.0.0 + + +# SAP instance configuration +# -------------------------- + +# Release version +release: "720" + + +# Services configuration +# ---------------------- + +services: + - + # SAP Router configuration + # ------------------------ + service: SAPRouterService + alias: ExternalSAPRouter + enabled: yes + listener_port: 3299 + + # Router version number + router_version: 40 + + # Router patch version + router_version_patch: 4 + + # Password for information requests. If present it will be required + info_password: + + # Wether the external administration would be enabled on this SAP Router + external_admin: false + + # Route table file + route_table: !include external_route_table.yml + + # Hostname for the SAP Router + hostname: saprouter + + - + # SAP Dispatcher configuration + # ---------------------------- + service: SAPDispatcherService + alias: InternalDispatcherService + enabled: yes + virtual: yes + listener_port: 3200 + listener_address: 10.0.0.100 + + # Name of the instance + instance: NSP + + # Client number + client_no: "001" + + # SID + sid: PRD + + # Hostname + hostname: uscasf-sap01 + + +# Feeds configuration +# ------------------- + +feeds: + - + feed: LogFeed + log_filename: log/honeysap-external.log + enabled: yes + - + feed: ConsoleFeed + enabled: yes + - + feed: HPFeed + channels: + - honeysap.events + feed_host: 10.250.250.20 + feed_port: 20000 + feed_ident: honeysap + feed_secret: password + enabled: no diff --git a/docker/honeysap/docker-compose.yml b/docker/honeysap/docker-compose.yml new file mode 100644 index 00000000..34068edf --- /dev/null +++ b/docker/honeysap/docker-compose.yml @@ -0,0 +1,20 @@ +version: '2.3' + +networks: + honeysap_local: + +services: + +# HoneySAP service + honeysap: + build: . + container_name: honeysap + restart: always + networks: + - honeysap_local + ports: + - "3299:3299" + - "8001:8001" + image: "dtagdevsec/honeysap:2006" + volumes: + - /data/honeysap/log:/opt/honeysap/log diff --git a/etc/compose/nextgen.yml b/etc/compose/nextgen.yml index a704247d..66de93dd 100644 --- a/etc/compose/nextgen.yml +++ b/etc/compose/nextgen.yml @@ -13,6 +13,7 @@ networks: cyberchef_local: heralding_local: honeypy_local: + honeysap_local: mailoney_local: medpot_local: rdpy_local: @@ -274,6 +275,20 @@ services: volumes: - /data/honeypy/log:/opt/honeypy/log +# HoneySAP service + honeysap: + build: . + container_name: honeysap + restart: always + networks: + - honeysap_local + ports: + - "3299:3299" + - "8001:8001" + image: "dtagdevsec/honeysap:2006" + volumes: + - /data/honeysap/log:/opt/honeysap/log + # Mailoney service mailoney: container_name: mailoney