Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-02 13:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions1

prepare for tanner

Browse source
This commit is contained in:
Marco Ochse 2018-05-28 21:46:51 +00:00
parent cabd5a3941
commit 428ee43c18
3 changed files with 33 additions and 9 deletions
bin
clean.sh
docker/elk/logstash/dist
logstash.conf
iso/installer
install.sh

26
bin/clean.sh
View file

@ -32,6 +32,8 @@ fuLOGROTATE () {
local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz" local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
local myHONEYTRAPDL="/data/honeytrap/downloads/" local myHONEYTRAPDL="/data/honeytrap/downloads/"
local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz" local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz"
local myTANNERF="/data/tanner/files/"
local myTANNERFTGZ="/data/tanner/files.tgz"
# Ensure correct permissions and ownerships for logrotate to run without issues # Ensure correct permissions and ownerships for logrotate to run without issues
chmod 760 /data/ -R chmod 760 /data/ -R
@ -49,18 +51,19 @@ if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar cvfz $myDIONAEABITGZ $myDIONAE
if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar cvfz $myDIONAEABINTGZ $myDIONAEABIN; fi if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar cvfz $myDIONAEABINTGZ $myDIONAEABIN; fi
if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar cvfz $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar cvfz $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar cvfz $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar cvfz $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar cvfz $myTANNERFTGZ $myTANNERF; fi
# Ensure correct permissions and ownership for previously created archives # Ensure correct permissions and ownership for previously created archives
chmod 760 $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ chmod 760 $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
chown tpot:tpot $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ chown tpot:tpot $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
# Need to remove subfolders since too many files cause rm to exit with errors # Need to remove subfolders since too many files cause rm to exit with errors
rm -rf $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL rm -rf $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
# Recreate subfolders with correct permissions and ownership # Recreate subfolders with correct permissions and ownership
mkdir -p $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL mkdir -p $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
chmod 760 $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL chmod 760 $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
chown tpot:tpot $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL chown tpot:tpot $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
# Run logrotate again to account for previously created archives - DO NOT FORCE HERE! # Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
logrotate -s $mySTATUS $myCONF logrotate -s $mySTATUS $myCONF
@ -203,6 +206,14 @@ fuP0F () {
chown tpot:tpot -R /data/p0f chown tpot:tpot -R /data/p0f
} }
# Let's create a function to clean up and prepare p0f data
fuTANNER () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/tanner/*; fi
mkdir -p /data/tanner/log /data/tanner/files
chmod 760 -R /data/tanner
chown tpot:tpot -R /data/tanner
}
# Let's create a function to clean up and prepare vnclowpot data # Let's create a function to clean up and prepare vnclowpot data
fuVNCLOWPOT () { fuVNCLOWPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/vnclowpot/*; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/vnclowpot/*; fi
@ -211,7 +222,6 @@ fuVNCLOWPOT () {
chown tpot:tpot /data/vnclowpot/ -R chown tpot:tpot /data/vnclowpot/ -R
} }
# Avoid unwanted cleaning # Avoid unwanted cleaning
if [ "$myPERSISTENCE" = "" ]; if [ "$myPERSISTENCE" = "" ];
then then
@ -251,6 +261,6 @@ if [ "$myPERSISTENCE" = "on" ];
fuSPIDERFOOT fuSPIDERFOOT
fuSURICATA fuSURICATA
fuP0F fuP0F
fuTANNER
fuVNCLOWPOT fuVNCLOWPOT
fi fi

14
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -108,6 +108,13 @@ input {
type => "NGINX" type => "NGINX"
} }
# Tanner
file {
path => ["/data/tanner/log/tanner_report.json"]
codec => json
type => "Tanner"
}
# Vnclowpot # Vnclowpot
file { file {
path => ["/data/vnclowpot/log/vnclowpot.log"] path => ["/data/vnclowpot/log/vnclowpot.log"]
@ -383,6 +390,13 @@ filter {
} }
} }
# Tanner
if [type] == "Tanner" {
date {
match => [ "timestamp", "ISO8601" ]
}
}
# Vnclowpot # Vnclowpot
if [type] == "Vnclowpot" { if [type] == "Vnclowpot" {
grok { grok {

2
iso/installer/install.sh
View file

@ -455,7 +455,7 @@ mkdir -p /data/ciscoasa/log \
/data/rdpy/log \ /data/rdpy/log \
/data/spiderfoot \ /data/spiderfoot \
/data/suricata/log /home/tsec/.ssh/ \ /data/suricata/log /home/tsec/.ssh/ \
/data/tanner/log \ /data/tanner/log /data/tanner/files \
/data/p0f/log \ /data/p0f/log \
/data/vnclowpot/log 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF /data/vnclowpot/log 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF