Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 12:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tweaking

Browse source
This commit is contained in:
Marco Ochse 2018-05-09 16:43:37 +00:00
parent 731e18d083
commit 3bea740632
5 changed files with 17 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docker/ciscoasa/Dockerfile
View file

@ -7,7 +7,6 @@ ADD dist/ /root/dist/
RUN apk -U upgrade && \ RUN apk -U upgrade && \
apk add build-base \ apk add build-base \
git \ git \
libcap \
libffi \ libffi \
libffi-dev \ libffi-dev \
openssl \ openssl \
@ -28,12 +27,10 @@ RUN apk -U upgrade && \
pip3 install --no-cache-dir -r requirements.txt && \ pip3 install --no-cache-dir -r requirements.txt && \
cp /root/dist/asa_server.py /opt/ciscoasa_honeypot && \ cp /root/dist/asa_server.py /opt/ciscoasa_honeypot && \
chown -R ciscoasa:ciscoasa /opt/ciscoasa_honeypot && \ chown -R ciscoasa:ciscoasa /opt/ciscoasa_honeypot && \
setcap cap_net_bind_service=+ep /usr/bin/python3.6 && \
# Clean up # Clean up
apk del --purge build-base \ apk del --purge build-base \
git \ git \
libcap \
libffi-dev \ libffi-dev \
openssl-dev \ openssl-dev \
python3-dev && \ python3-dev && \
@ -43,4 +40,4 @@ RUN apk -U upgrade && \
# Start ciscoasa # Start ciscoasa
WORKDIR /tmp/ciscoasa/ WORKDIR /tmp/ciscoasa/
USER ciscoasa:ciscoasa USER ciscoasa:ciscoasa
CMD cp -R /opt/ciscoasa_honeypot/* /tmp/ciscoasa && exec python3 asa_server.py --ike-port 500 --enable_ssl --port 443 --verbose >> /var/log/ciscoasa/ciscoasa.log 2>&1 CMD cp -R /opt/ciscoasa_honeypot/* /tmp/ciscoasa && exec python3 asa_server.py --ike-port 5000 --enable_ssl --port 8443 --verbose >> /var/log/ciscoasa/ciscoasa.log 2>&1

10
docker/ciscoasa/docker-compose.yml
View file

@ -1,8 +1,5 @@
version: '2.3' version: '2.3'
networks:
ciscoasa_local:
services: services:
# Ciscoasa service # Ciscoasa service
@ -13,11 +10,10 @@ services:
stop_signal: SIGINT stop_signal: SIGINT
tmpfs: tmpfs:
- /tmp/ciscoasa:uid=2000,gid=2000 - /tmp/ciscoasa:uid=2000,gid=2000
networks: network_mode: "host"
- ciscoasa_local
ports: ports:
- "5000:500" - "5000:5000/udp"
- "8443:443" - "8443:8443"
image: "dtagdevsec/ciscoasa:1804" image: "dtagdevsec/ciscoasa:1804"
read_only: true read_only: true
volumes: volumes:

5
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -158,6 +158,11 @@ filter {
date { date {
match => [ "timestamp", "ISO8601" ] match => [ "timestamp", "ISO8601" ]
} }
mutate {
add_field => {
"dest_ip" => "${MY_EXTIP}"
}
}
} }
# Conpot # Conpot

5
docker/ews/dist/ews.cfg vendored
View file

@ -116,3 +116,8 @@ logfile = /data/vnclowpot/log/vnclowpot.log
heralding = true heralding = true
nodeid = heralding-community-01 nodeid = heralding-community-01
logfile = /data/heralding/log/auth.csv logfile = /data/heralding/log/auth.csv
[CISCOASA]
ciscoasa = true
nodeid = ciscoasa-community-01
logfile = /data/ciscoasa/log/ciscoasa.log

8
etc/compose/tpot.yml
View file

@ -4,7 +4,6 @@
version: '2.2' version: '2.2'
networks: networks:
ciscoasa_local:
cowrie_local: cowrie_local:
elasticpot_local: elasticpot_local:
ewsposter_local: ewsposter_local:
@ -22,8 +21,7 @@ services:
container_name: ciscoasa container_name: ciscoasa
restart: always restart: always
stop_signal: SIGINT stop_signal: SIGINT
networks: network_mode: "host"
- ciscoasa_local
ports: ports:
- "5000:5000/udp" - "5000:5000/udp"
- "8443:8443" - "8443:8443"
@ -38,8 +36,8 @@ services:
networks: networks:
- cowrie_local - cowrie_local
ports: ports:
- "22:2222" - "22:22"
- "23:2223" - "23:23"
image: "dtagdevsec/cowrie:1804" image: "dtagdevsec/cowrie:1804"
volumes: volumes:
- /data/cowrie/downloads:/home/cowrie/cowrie/dl - /data/cowrie/downloads:/home/cowrie/cowrie/dl