testing honeysap

docker/honeysap/Dockerfile

@@ -0,0 +1,39 @@
+FROM alpine:latest
+#
+# Include dist
+ADD dist/ /root/dist/
+#
+# Install packages
+RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
+    apk -U --no-cache add \
+            build-base \
+            git \
+            libcap \
+            python2 \
+            python2-dev \
+            py2-pip \
+            tcpdump && \
+#
+# Clone honeysap from git
+    git clone --depth=1 https://github.com/SecureAuthCorp/HoneySAP /opt/honeysap && \
+    cd /opt/honeysap && \
+    mkdir conf && \
+    cp /root/dist/* conf/ && \
+    python setup.py install && \
+    pip install -r requirements-optional.txt && \
+#
+# Setup user, groups and configs
+    addgroup -g 2000 honeysap && \
+    adduser -S -s /bin/ash -u 2000 -D -g 2000 honeysap && \
+    chown -R honeysap:honeysap /opt/honeysap && \
+#    setcap cap_net_bind_service=+ep /opt/honeypy/env/bin/python && \
+#
+# Clean up
+    apk del --purge git && \
+    rm -rf /root/* \
+           /var/cache/apk/*
+#
+# Set workdir and start honeysap
+USER honeysap:honeysap
+WORKDIR /opt/honeysap
+CMD ["/opt/honeysap/bin/honeysap", "--config-file", "/opt/honeysap/conf/honeysap.yml"]

docker/honeysap/dist/external_route_table.yml

@@ -0,0 +1,6 @@
+# HoneSAP default external profile route table
+# ============================================
+#
+
+# Allow any protocols to 10.0.0.100 port 3200
+- allow,any,10.0.0.100,3200,

docker/honeysap/dist/honeysap.yml

@@ -0,0 +1,103 @@
+# HoneSAP default external profile configuration
+# ==============================================
+
+# Console logging configuration
+# -----------------------------
+
+# Level of console logging
+verbose: 2
+
+# Use colored output
+colored_console: false
+
+
+# Miscellaneous configuration
+# ---------------------------
+
+# Enable reloading after a change in one of the configuration files
+reload: true
+
+# Address to listen for all services
+listener_address: 0.0.0.0
+
+
+# SAP instance configuration
+# --------------------------
+
+# Release version
+release: "720"
+
+
+# Services configuration
+# ----------------------
+
+services:
+    - 
+        # SAP Router configuration
+        # ------------------------
+        service: SAPRouterService
+        alias: ExternalSAPRouter
+        enabled: yes
+        listener_port: 3299
+
+        # Router version number
+        router_version: 40
+
+        # Router patch version
+        router_version_patch: 4
+
+        # Password for information requests. If present it will be required
+        info_password:
+
+        # Wether the external administration would be enabled on this SAP Router
+        external_admin: false
+
+        # Route table file
+        route_table: !include external_route_table.yml
+
+        # Hostname for the SAP Router
+        hostname: saprouter
+
+    -
+        # SAP Dispatcher configuration
+        # ----------------------------
+        service: SAPDispatcherService
+        alias: InternalDispatcherService
+        enabled: yes
+        virtual: yes
+        listener_port: 3200
+        listener_address: 10.0.0.100
+
+        # Name of the instance
+        instance: NSP
+        
+        # Client number
+        client_no: "001"
+        
+        # SID
+        sid: PRD
+        
+        # Hostname
+        hostname: uscasf-sap01
+
+
+# Feeds configuration
+# -------------------
+
+feeds:
+    -
+        feed: LogFeed
+        log_filename: log/honeysap-external.log
+        enabled: yes
+    -
+        feed: ConsoleFeed
+        enabled: yes
+    -
+        feed: HPFeed
+        channels:
+            - honeysap.events
+        feed_host: 10.250.250.20
+        feed_port: 20000
+        feed_ident: honeysap
+        feed_secret: password
+        enabled: no

docker/honeysap/docker-compose.yml

@@ -0,0 +1,20 @@
+version: '2.3'
+
+networks:
+  honeysap_local:
+
+services:
+
+# HoneySAP service
+  honeysap:
+    build: .
+    container_name: honeysap
+    restart: always
+    networks:
+     - honeysap_local
+    ports:
+     - "3299:3299"
+     - "8001:8001"
+    image: "dtagdevsec/honeysap:2006"
+    volumes:
+     - /data/honeysap/log:/opt/honeysap/log

etc/compose/nextgen.yml

@@ -13,6 +13,7 @@ networks:
   cyberchef_local:
   heralding_local:
   honeypy_local:
+  honeysap_local:
   mailoney_local:
   medpot_local:
   rdpy_local:
@@ -274,6 +275,20 @@ services:
     volumes:
      - /data/honeypy/log:/opt/honeypy/log
 
+# HoneySAP service
+  honeysap:
+    build: .
+    container_name: honeysap
+    restart: always
+    networks:
+     - honeysap_local
+    ports:
+     - "3299:3299"
+     - "8001:8001"
+    image: "dtagdevsec/honeysap:2006"
+    volumes:
+     - /data/honeysap/log:/opt/honeysap/log
+
 # Mailoney service
   mailoney:
     container_name: mailoney