disable ntp server on host, start working on ddospot

2025-04-20 06:02:24 +00:00 · 2021-07-09 23:16:19 +00:00 · 2021-07-09 23:16:19 +00:00 · 2aa4c3c2c6
commit 2aa4c3c2c6
parent 0867d8f011
4 changed files with 113 additions and 0 deletions
--- a/docker/ddospot/Dockerfile
+++ b/docker/ddospot/Dockerfile
@ -0,0 +1,52 @@
 FROM alpine:3.14
 #
 # Install packages
 RUN apk -U add \
             build-base \
             git \
 	     libcap \
 	     py3-pip \
             python3 \
             python3-dev && \
 #	     
 # Install ddospot from GitHub and setup
    mkdir -p /opt && \
    cd /opt/ && \
    git clone https://github.com/aelth/ddospot && \
    cd ddospot && \
    git checkout 49f515237bd2d5744290ed21dcca9b53def243ba && \
    # We only want JSON events, setting logger format to ('') ...
    sed -i "/handler.setFormatter(logging.Formatter(/{n;N;d}" /opt/ddospot/ddospot/core/potloader.py && \
    sed -i "s#handler.setFormatter(logging.Formatter(#handler.setFormatter(logging.Formatter(''))#g" /opt/ddospot/ddospot/core/potloader.py && \
    # ... and remove msg from log message for individual honeypots
    sed -i "s#self.logger.info('\%s - \%s' \% (msg, raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/chargen/chargen.py && \
    sed -i "s#self.logger.info('New DNS query - \%s' \% (raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/dns/dns.py && \
    sed -i "s#self.logger.info('\%s - \%s' \% (msg, raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/generic/generic.py && \
    sed -i "s#self.logger.info('\%s - \%s' \% (msg, raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/ntp/ntp.py && \
    sed -i "s#self.logger.info('\%s - \%s' \% (msg, raw_json))#self.logger.info(raw_json)#g" /opt/ddospot/ddospot/pots/ssdp/ssdp.py && \
    # We are using logrotate
    sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/chargen/chargenpot.conf && \
    sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/dns/dnspot.conf && \
    sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/generic/genericpot.conf && \
    sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/ntp/ntpot.conf && \
    sed -i "s#rotate_size = 10#rotate_size = 9999#g" /opt/ddospot/ddospot/pots/ssdp/ssdpot.conf && \
    pip3 install -r ddospot/requirements.txt && \
    setcap cap_net_bind_service=+ep /usr/bin/python3.9 && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 ddospot && \
    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 ddospot && \
    chown ddospot:ddospot -R /opt/ddospot && \
 #
 # Clean up
    apk del --purge build-base \
                    git \
 		    python3-dev && \
    rm -rf /root/* && \
    rm -rf /var/cache/apk/*
 #
 # Start ddospot
 STOPSIGNAL SIGINT
 USER ddospot:ddospot
 WORKDIR /opt/ddospot/ddospot/
 CMD ["/usr/bin/python3","ddospot.py", "-n"]
--- a/docker/ddospot/docker-compose.yml
+++ b/docker/ddospot/docker-compose.yml
@ -0,0 +1,26 @@
 version: '2.3'
 networks:
  ddospot_local:
 services:
 # Ddospot service
  ddospot:
    build: .
    container_name: ddospot
    restart: always
    networks:
     - ddospot_local
    ports:
     - "19:19/udp"
     - "53:53/udp"
     - "123:123/udp"
     - "161:161/udp"
     - "1900:1900/udp"
    image: "dtagdevsec/ddospot:2006"
    read_only: true
    volumes:
     - /data/ddospot/log:/opt/ddospot/ddospot/logs
     - /data/ddospot/bl:/opt/ddospot/ddospot/bl
     - /data/ddospot/db:/opt/ddospot/ddospot/db
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@ -778,6 +778,23 @@ echo "$mySYSTEMDFIX" | tee /etc/systemd/network/99-default.link
 fuBANNER "Add cronjobs"
 echo "$myCRONJOBS" | tee -a /etc/crontab
 ### For some honeypots to work we need to ensure ntp.service is not listening
 echo "### Ensure ntp.service is not listening to avoid port potential port conflict with ddospot."
 myNTP_IF_DISABLE="interface ignore wildcard
 interface ignore 127.0.0.1
 interface ignore ::1"
 if [ "$(cat /etc/ntp.conf | grep "interface ignore wildcard" | wc -l)" != "1" ];
  then
    echo "### Found active ntp listeners and updating config."
    echo "$myNTP_IF_DISABLE" | tee -a /etc/ntp.conf
    echo "### Restarting ntp.service for changes to take effect."
    systemctl stop ntp.service
    systemctl start ntp.service
  else
    echo "### Found no active ntp listeners."
 fi
 # Let's create some files and folders
 fuBANNER "Files & folders"
 mkdir -vp /data/adbhoney/{downloads,log} \
--- a/update.sh
+++ b/update.sh
@ -251,6 +251,24 @@ mkdir -vp /data/adbhoney/{downloads,log} \
         /data/p0f/log \
 	 /home/tsec/.ssh/
 ### For some honeypots to work we need to ensure ntp.service is not listening
 echo "### Ensure ntp.service is not listening to avoid port potential port conflict with ddospot."
 myNTP_IF_DISABLE="interface ignore wildcard
 interface ignore 127.0.0.1
 interface ignore ::1"
 if [ "$(cat /etc/ntp.conf | grep "interface ignore wildcard" | wc -l)" != "1" ];
  then
    echo "### Found active ntp listeners and updating config."
    echo "$myNTP_IF_DISABLE" | tee -a /etc/ntp.conf
    echo "### Restarting ntp.service for changes to take effect."
    systemctl stop ntp.service
    systemctl start ntp.service
  else
    echo "### Found no active ntp listeners."
 fi
 ### Let's take care of some files and permissions
 chmod 770 -R /data
 chown tpot:tpot -R /data