From 3a418534d863111b6e3564e4a9a1f39e3b8e9cf1 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Sun, 28 Jun 2020 20:03:14 +0000
Subject: [PATCH] tweaking

random reboot times for crontab
remix compose files
some tweaking
---
 bin/clean.sh                       |  3 +-
 docker/dicompot/docker-compose.yml |  1 +
 etc/compose/industrial.yml         | 31 ++++++++++++++++++++
 etc/compose/nextgen.yml            |  9 ++++--
 etc/compose/standard.yml           | 45 ++++++++++++++++++++++++++++++
 etc/curator/actions.yml            |  2 +-
 iso/installer/install.sh           | 22 +++++++++++----
 update.sh                          |  2 +-
 8 files changed, 105 insertions(+), 10 deletions(-)

diff --git a/bin/clean.sh b/bin/clean.sh
index 1690f639..ea939645 100755
--- a/bin/clean.sh
+++ b/bin/clean.sh
@@ -116,8 +116,9 @@ fuCOWRIE () {
 
 # Let's create a function to clean up and prepare dicompot data
 fuDICOMPOT () {
-  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/*; fi
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/log; fi
   mkdir -p /data/dicompot/log
+  mkdir -p /data/dicompot/images
   chmod 770 /data/dicompot -R
   chown tpot:tpot /data/dicompot -R
 }
diff --git a/docker/dicompot/docker-compose.yml b/docker/dicompot/docker-compose.yml
index c9e375ef..e9a90845 100644
--- a/docker/dicompot/docker-compose.yml
+++ b/docker/dicompot/docker-compose.yml
@@ -19,3 +19,4 @@ services:
     volumes:
      - /data/dicompot/log:/var/log/dicompot
 #     - /path/to/dicom/images:/opt/dicompot/images
+
diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml
index 5a6ffd6c..1369472d 100644
--- a/etc/compose/industrial.yml
+++ b/etc/compose/industrial.yml
@@ -10,7 +10,9 @@ networks:
   conpot_local_kamstrup_382:
   cowrie_local:
   cyberchef_local:
+  dicompot_local:
   heralding_local:
+  honeysap_local:
   medpot_local:
   rdpy_local:
   ewsposter_local:
@@ -157,6 +159,23 @@ services:
      - /data/cowrie/log:/home/cowrie/cowrie/log
      - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
 
+# Dicompot service
+# Get the Horos Client for testing: https://horosproject.org/
+# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
+# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
+  dicompot:
+    container_name: dicompot
+    restart: always
+    networks:
+     - dicompot_local
+    ports:
+     - "11112:11112"
+    image: "dtagdevsec/dicompot:2006"
+    read_only: true
+    volumes:
+     - /data/dicompot/log:/var/log/dicompot
+#     - /data/dicompot/images:/opt/dicompot/images
+
 # Heralding service
   heralding:
     container_name: heralding
@@ -185,6 +204,18 @@ services:
     volumes:
      - /data/heralding/log:/var/log/heralding
 
+# HoneySAP service
+  honeysap:
+    container_name: honeysap
+    restart: always
+    networks:
+     - honeysap_local
+    ports:
+     - "3299:3299"
+    image: "dtagdevsec/honeysap:2006"
+    volumes:
+     - /data/honeysap/log:/opt/honeysap/log
+
 # Honeytrap service
   honeytrap:
     container_name: honeytrap
diff --git a/etc/compose/nextgen.yml b/etc/compose/nextgen.yml
index dc3fd920..f587f620 100644
--- a/etc/compose/nextgen.yml
+++ b/etc/compose/nextgen.yml
@@ -4,6 +4,7 @@ version: '2.3'
 
 networks:
   adbhoney_local:
+  ciscoasa_local:
   citrixhoneypot_local:
   conpot_local_IEC104:
   conpot_local_guardian_ast:
@@ -48,9 +49,10 @@ services:
   ciscoasa:
     container_name: ciscoasa
     restart: always
+    networks:
+      - ciscoasa_local
     tmpfs:
      - /tmp/ciscoasa:uid=2000,gid=2000
-    network_mode: "host"
     ports:
      - "5000:5000/udp"
      - "8443:8443"
@@ -179,6 +181,9 @@ services:
      - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
 
 # Dicompot service
+# Get the Horos Client for testing: https://horosproject.org/
+# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ 
+# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
   dicompot:
     container_name: dicompot
     restart: always
@@ -190,7 +195,7 @@ services:
     read_only: true
     volumes:
      - /data/dicompot/log:/var/log/dicompot
-#     - /path/to/dicom/images:/opt/dicompot/images       
+#     - /data/dicompot/images:/opt/dicompot/images
 
 # Dionaea service
   dionaea:
diff --git a/etc/compose/standard.yml b/etc/compose/standard.yml
index ec410446..31397f3a 100644
--- a/etc/compose/standard.yml
+++ b/etc/compose/standard.yml
@@ -4,15 +4,18 @@ version: '2.3'
 
 networks:
   adbhoney_local:
+  citrixhoneypot_local:
   conpot_local_IEC104:
   conpot_local_guardian_ast:
   conpot_local_ipmi:
   conpot_local_kamstrup_382:
   cowrie_local:
   cyberchef_local:
+  dicompot_local:
   dionaea_local:
   elasticpot_local:
   heralding_local:
+  honeysap_local:
   mailoney_local:
   medpot_local:
   rdpy_local:
@@ -55,6 +58,19 @@ services:
     volumes:
      - /data/ciscoasa/log:/var/log/ciscoasa
 
+# CitrixHoneypot service
+  citrixhoneypot:
+    container_name: citrixhoneypot
+    restart: always
+    networks:
+     - citrixhoneypot_local
+    ports:
+     - "443:443"
+    image: "dtagdevsec/citrixhoneypot:2006"
+    read_only: true
+    volumes:
+     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
+
 # Conpot IEC104 service
   conpot_IEC104:
     container_name: conpot_iec104
@@ -161,6 +177,23 @@ services:
      - /data/cowrie/log:/home/cowrie/cowrie/log
      - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
 
+# Dicompot service
+# Get the Horos Client for testing: https://horosproject.org/
+# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
+# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
+  dicompot:
+    container_name: dicompot
+    restart: always
+    networks:
+     - dicompot_local
+    ports:
+     - "11112:11112"
+    image: "dtagdevsec/dicompot:2006"
+    read_only: true
+    volumes:
+     - /data/dicompot/log:/var/log/dicompot
+#     - /data/dicompot/images:/opt/dicompot/images
+
 # Dionaea service
   dionaea:
     container_name: dionaea
@@ -240,6 +273,18 @@ services:
     volumes:
      - /data/heralding/log:/var/log/heralding
 
+# HoneySAP service
+  honeysap:
+    container_name: honeysap
+    restart: always
+    networks:
+     - honeysap_local
+    ports:
+     - "3299:3299"
+    image: "dtagdevsec/honeysap:2006"
+    volumes:
+     - /data/honeysap/log:/opt/honeysap/log
+
 # Honeytrap service
   honeytrap:
     container_name: honeytrap
diff --git a/etc/curator/actions.yml b/etc/curator/actions.yml
index aaece424..5b7645fd 100644
--- a/etc/curator/actions.yml
+++ b/etc/curator/actions.yml
@@ -23,4 +23,4 @@ actions:
       direction: older
       timestring: '%Y.%m.%d'
       unit: days
-      unit_count: 60
+      unit_count: 90
diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index fb872fdd..fbdf522f 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -1,6 +1,14 @@
 #!/bin/bash
 # T-Pot Universal Installer
 
+# Installer can only be executed once.
+myTPOT_INSTALL_LOG="/install.log"
+if [ -s "$myTPOT_INSTALL_LOG" ];
+  then
+    echo "Aborting. Installer can only be executed once."
+    exit
+fi
+
 ##################
 # I. Global vars #
 ##################
@@ -153,21 +161,25 @@ ListenStream=64294
 mySSHPORT="
 Port 64295
 "
+myRANDOM_HOUR=$(shuf -i 2-22 -n 1)
+myRANDOM_MINUTE=$(shuf -i 0-59 -n 1)
+myDEL_HOUR=$(($myRANDOM_HOUR+1))
+myPULL_HOUR=$(($myRANDOM_HOUR-2))
 myCRONJOBS="
 # Check if updated images are available and download them
-27 1 * * *      root    docker-compose -f /opt/tpot/etc/tpot.yml pull
+$myRANDOM_MINUTE $myPULL_HOUR * *      root    docker-compose -f /opt/tpot/etc/tpot.yml pull
 
 # Delete elasticsearch logstash indices older than 90 days
-27 4 * * *      root    curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml
+$myRANDOM_MINUTE $myDEL_HOUR * * *      root    curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml
 
 # Uploaded binaries are not supposed to be downloaded
 */1 * * * *     root    mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/
 
 # Daily reboot
-27 3 * * *      root    systemctl stop tpot && docker stop \$(docker ps -aq) || docker rm \$(docker ps -aq) || reboot
+$myRANDOM_MINUTE $myRANDOM_HOUR * * 1-6      root    systemctl stop tpot && docker stop \$(docker ps -aq) || docker rm \$(docker ps -aq) || reboot
 
 # Check for updated packages every sunday, upgrade and reboot
-27 16 * * 0     root    apt-fast autoclean -y && apt-fast autoremove -y && apt-fast update -y && apt-fast upgrade -y && sleep 10 && reboot
+$myRANDOM_MINUTE $myRANDOM_HOUR * * 0     root    apt-fast autoclean -y && apt-fast autoremove -y && apt-fast update -y && apt-fast upgrade -y && sleep 10 && reboot
 "
 mySHELLCHECK='[[ $- == *i* ]] || return'
 myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
@@ -780,7 +792,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/conpot/log \
          /data/citrixhoneypot/logs \
          /data/cowrie/{downloads,keys,misc,log,log/tty} \
-	 /data/dicompot/log \
+	 /data/dicompot/{images,log} \
          /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
          /data/elasticpot/log \
          /data/elk/{data,log} \
diff --git a/update.sh b/update.sh
index e8855b84..d4285014 100755
--- a/update.sh
+++ b/update.sh
@@ -228,7 +228,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/conpot/log \
 	 /data/citrixhoneypot/logs \
          /data/cowrie/{downloads,keys,misc,log,log/tty} \
-	 /data/dicompot/log \
+	 /data/dicompot/{images,log} \
          /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
          /data/elasticpot/log \
          /data/elk/{data,log} \