diff --git a/docker/ddospot/Dockerfile b/docker/ddospot/Dockerfile new file mode 100644 index 00000000..f9437697 --- /dev/null +++ b/docker/ddospot/Dockerfile @@ -0,0 +1,52 @@ +FROM alpine:3.14 +# +# Install packages +RUN apk -U add \ + build-base \ + git \ + libcap \ + py3-pip \ + python3 \ + python3-dev && \ +# +# Install ddospot from GitHub and setup + mkdir -p /opt && \ + cd /opt/ && \ + git clone https://github.com/aelth/ddospot && \ + cd ddospot && \ + git checkout 49f515237bd2d5744290ed21dcca9b53def243ba && \ + # We only want JSON events, setting logger format to ('') ... + sed -i "/handler.setFormatter(logging.Formatter(/{n;N;d}" /opt/ddospot/ddospot/core/potloader.py && \ + sed -i "s#handler.setFormatter(logging.Formatter(#handler.setFormatter(logging.Formatter(''))#g" /opt/ddospot/ddospot/core/potloader.py && \ + # ... and remove msg from log message for individual honeypots + sed -i "s#self.logger.info('\%s - \%s' \% (msg, raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/chargen/chargen.py && \ + sed -i "s#self.logger.info('New DNS query - \%s' \% (raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/dns/dns.py && \ + sed -i "s#self.logger.info('\%s - \%s' \% (msg, raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/generic/generic.py && \ + sed -i "s#self.logger.info('\%s - \%s' \% (msg, raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/ntp/ntp.py && \ + sed -i "s#self.logger.info('\%s - \%s' \% (msg, raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/ssdp/ssdp.py && \ + # We are using logrotate + sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/chargen/chargenpot.conf && \ + sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/dns/dnspot.conf && \ + sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/generic/genericpot.conf && \ + sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/ntp/ntpot.conf && \ + sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/ssdp/ssdpot.conf && \ + pip3 install -r ddospot/requirements.txt && \ + setcap cap_net_bind_service=+ep /usr/bin/python3.9 && \ +# +# Setup user, groups and configs + addgroup -g 2000 ddospot && \ + adduser -S -H -s /bin/ash -u 2000 -D -g 2000 ddospot && \ + chown ddospot:ddospot -R /opt/ddospot && \ +# +# Clean up + apk del --purge build-base \ + git \ + python3-dev && \ + rm -rf /root/* && \ + rm -rf /var/cache/apk/* +# +# Start ddospot +STOPSIGNAL SIGINT +USER ddospot:ddospot +WORKDIR /opt/ddospot/ddospot/ +CMD ["/usr/bin/python3","ddospot.py", "-n"] diff --git a/docker/ddospot/docker-compose.yml b/docker/ddospot/docker-compose.yml new file mode 100644 index 00000000..e95e03a7 --- /dev/null +++ b/docker/ddospot/docker-compose.yml @@ -0,0 +1,26 @@ +version: '2.3' + +networks: + ddospot_local: + +services: + +# Ddospot service + ddospot: + build: . + container_name: ddospot + restart: always + networks: + - ddospot_local + ports: + - "19:19/udp" + - "53:53/udp" + - "123:123/udp" + - "161:161/udp" + - "1900:1900/udp" + image: "dtagdevsec/ddospot:2006" + read_only: true + volumes: + - /data/ddospot/log:/opt/ddospot/ddospot/logs + - /data/ddospot/bl:/opt/ddospot/ddospot/bl + - /data/ddospot/db:/opt/ddospot/ddospot/db diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 62777ea2..20bcb782 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -778,6 +778,23 @@ echo "$mySYSTEMDFIX" | tee /etc/systemd/network/99-default.link fuBANNER "Add cronjobs" echo "$myCRONJOBS" | tee -a /etc/crontab +### For some honeypots to work we need to ensure ntp.service is not listening +echo "### Ensure ntp.service is not listening to avoid port potential port conflict with ddospot." +myNTP_IF_DISABLE="interface ignore wildcard +interface ignore 127.0.0.1 +interface ignore ::1" + +if [ "$(cat /etc/ntp.conf | grep "interface ignore wildcard" | wc -l)" != "1" ]; + then + echo "### Found active ntp listeners and updating config." + echo "$myNTP_IF_DISABLE" | tee -a /etc/ntp.conf + echo "### Restarting ntp.service for changes to take effect." + systemctl stop ntp.service + systemctl start ntp.service + else + echo "### Found no active ntp listeners." +fi + # Let's create some files and folders fuBANNER "Files & folders" mkdir -vp /data/adbhoney/{downloads,log} \ diff --git a/update.sh b/update.sh index fa29706d..0dd38723 100755 --- a/update.sh +++ b/update.sh @@ -251,6 +251,24 @@ mkdir -vp /data/adbhoney/{downloads,log} \ /data/p0f/log \ /home/tsec/.ssh/ +### For some honeypots to work we need to ensure ntp.service is not listening +echo "### Ensure ntp.service is not listening to avoid port potential port conflict with ddospot." +myNTP_IF_DISABLE="interface ignore wildcard +interface ignore 127.0.0.1 +interface ignore ::1" + +if [ "$(cat /etc/ntp.conf | grep "interface ignore wildcard" | wc -l)" != "1" ]; + then + echo "### Found active ntp listeners and updating config." + echo "$myNTP_IF_DISABLE" | tee -a /etc/ntp.conf + echo "### Restarting ntp.service for changes to take effect." + systemctl stop ntp.service + systemctl start ntp.service + else + echo "### Found no active ntp listeners." +fi + + ### Let's take care of some files and permissions chmod 770 -R /data chown tpot:tpot -R /data