From 3bea74063289fddb484eee22d2da883547647675 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Wed, 9 May 2018 16:43:37 +0000 Subject: [PATCH] tweaking --- docker/ciscoasa/Dockerfile | 5 +---- docker/ciscoasa/docker-compose.yml | 10 +++------- docker/elk/logstash/dist/logstash.conf | 5 +++++ docker/ews/dist/ews.cfg | 5 +++++ etc/compose/tpot.yml | 8 +++----- 5 files changed, 17 insertions(+), 16 deletions(-) diff --git a/docker/ciscoasa/Dockerfile b/docker/ciscoasa/Dockerfile index 933d7fd2..0a952cfb 100644 --- a/docker/ciscoasa/Dockerfile +++ b/docker/ciscoasa/Dockerfile @@ -7,7 +7,6 @@ ADD dist/ /root/dist/ RUN apk -U upgrade && \ apk add build-base \ git \ - libcap \ libffi \ libffi-dev \ openssl \ @@ -28,12 +27,10 @@ RUN apk -U upgrade && \ pip3 install --no-cache-dir -r requirements.txt && \ cp /root/dist/asa_server.py /opt/ciscoasa_honeypot && \ chown -R ciscoasa:ciscoasa /opt/ciscoasa_honeypot && \ - setcap cap_net_bind_service=+ep /usr/bin/python3.6 && \ # Clean up apk del --purge build-base \ git \ - libcap \ libffi-dev \ openssl-dev \ python3-dev && \ @@ -43,4 +40,4 @@ RUN apk -U upgrade && \ # Start ciscoasa WORKDIR /tmp/ciscoasa/ USER ciscoasa:ciscoasa -CMD cp -R /opt/ciscoasa_honeypot/* /tmp/ciscoasa && exec python3 asa_server.py --ike-port 500 --enable_ssl --port 443 --verbose >> /var/log/ciscoasa/ciscoasa.log 2>&1 +CMD cp -R /opt/ciscoasa_honeypot/* /tmp/ciscoasa && exec python3 asa_server.py --ike-port 5000 --enable_ssl --port 8443 --verbose >> /var/log/ciscoasa/ciscoasa.log 2>&1 diff --git a/docker/ciscoasa/docker-compose.yml b/docker/ciscoasa/docker-compose.yml index 3d957358..119dc908 100644 --- a/docker/ciscoasa/docker-compose.yml +++ b/docker/ciscoasa/docker-compose.yml @@ -1,8 +1,5 @@ version: '2.3' -networks: - ciscoasa_local: - services: # Ciscoasa service @@ -13,11 +10,10 @@ services: stop_signal: SIGINT tmpfs: - /tmp/ciscoasa:uid=2000,gid=2000 - networks: - - ciscoasa_local + network_mode: "host" ports: - - "5000:500" - - "8443:443" + - "5000:5000/udp" + - "8443:8443" image: "dtagdevsec/ciscoasa:1804" read_only: true volumes: diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf index e2488c14..edf7365a 100644 --- a/docker/elk/logstash/dist/logstash.conf +++ b/docker/elk/logstash/dist/logstash.conf @@ -158,6 +158,11 @@ filter { date { match => [ "timestamp", "ISO8601" ] } + mutate { + add_field => { + "dest_ip" => "${MY_EXTIP}" + } + } } # Conpot diff --git a/docker/ews/dist/ews.cfg b/docker/ews/dist/ews.cfg index 0b2a5cae..b4f399f9 100644 --- a/docker/ews/dist/ews.cfg +++ b/docker/ews/dist/ews.cfg @@ -116,3 +116,8 @@ logfile = /data/vnclowpot/log/vnclowpot.log heralding = true nodeid = heralding-community-01 logfile = /data/heralding/log/auth.csv + +[CISCOASA] +ciscoasa = true +nodeid = ciscoasa-community-01 +logfile = /data/ciscoasa/log/ciscoasa.log diff --git a/etc/compose/tpot.yml b/etc/compose/tpot.yml index eb96578a..49ecc7dc 100644 --- a/etc/compose/tpot.yml +++ b/etc/compose/tpot.yml @@ -4,7 +4,6 @@ version: '2.2' networks: - ciscoasa_local: cowrie_local: elasticpot_local: ewsposter_local: @@ -22,8 +21,7 @@ services: container_name: ciscoasa restart: always stop_signal: SIGINT - networks: - - ciscoasa_local + network_mode: "host" ports: - "5000:5000/udp" - "8443:8443" @@ -38,8 +36,8 @@ services: networks: - cowrie_local ports: - - "22:2222" - - "23:2223" + - "22:22" + - "23:23" image: "dtagdevsec/cowrie:1804" volumes: - /data/cowrie/downloads:/home/cowrie/cowrie/dl