mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-20 06:02:24 +00:00
prepare for tanner
This commit is contained in:
Marco Ochse
parent
cabd5a3941
commit
428ee43c18
3 changed files with 33 additions and 9 deletions
26
bin/clean.sh
26
bin/clean.sh
|
|
@ -32,6 +32,8 @@ fuLOGROTATE () {
|
|||
local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
|
||||
local myHONEYTRAPDL="/data/honeytrap/downloads/"
|
||||
local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz"
|
||||
local myTANNERF="/data/tanner/files/"
|
||||
local myTANNERFTGZ="/data/tanner/files.tgz"
|
||||
|
||||
# Ensure correct permissions and ownerships for logrotate to run without issues
|
||||
chmod 760 /data/ -R
|
||||
|
|
@ -49,18 +51,19 @@ if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar cvfz $myDIONAEABITGZ $myDIONAE
|
|||
if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar cvfz $myDIONAEABINTGZ $myDIONAEABIN; fi
|
||||
if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar cvfz $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
|
||||
if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar cvfz $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
|
||||
if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar cvfz $myTANNERFTGZ $myTANNERF; fi
|
||||
|
||||
# Ensure correct permissions and ownership for previously created archives
|
||||
chmod 760 $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ
|
||||
chown tpot:tpot $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ
|
||||
chmod 760 $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
|
||||
chown tpot:tpot $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
|
||||
|
||||
# Need to remove subfolders since too many files cause rm to exit with errors
|
||||
rm -rf $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL
|
||||
rm -rf $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
|
||||
# Recreate subfolders with correct permissions and ownership
|
||||
mkdir -p $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL
|
||||
chmod 760 $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL
|
||||
chown tpot:tpot $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL
|
||||
mkdir -p $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
chmod 760 $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
chown tpot:tpot $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
|
||||
# Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
|
||||
logrotate -s $mySTATUS $myCONF
|
||||
|
|
@ -203,6 +206,14 @@ fuP0F () {
|
|||
chown tpot:tpot -R /data/p0f
|
||||
}
|
||||
|
||||
# Let's create a function to clean up and prepare p0f data
|
||||
fuTANNER () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/tanner/*; fi
|
||||
mkdir -p /data/tanner/log /data/tanner/files
|
||||
chmod 760 -R /data/tanner
|
||||
chown tpot:tpot -R /data/tanner
|
||||
}
|
||||
|
||||
# Let's create a function to clean up and prepare vnclowpot data
|
||||
fuVNCLOWPOT () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/vnclowpot/*; fi
|
||||
|
|
@ -211,7 +222,6 @@ fuVNCLOWPOT () {
|
|||
chown tpot:tpot /data/vnclowpot/ -R
|
||||
}
|
||||
|
||||
|
||||
# Avoid unwanted cleaning
|
||||
if [ "$myPERSISTENCE" = "" ];
|
||||
then
|
||||
|
|
@ -251,6 +261,6 @@ if [ "$myPERSISTENCE" = "on" ];
|
|||
fuSPIDERFOOT
|
||||
fuSURICATA
|
||||
fuP0F
|
||||
fuTANNER
|
||||
fuVNCLOWPOT
|
||||
fi
|
||||
|
||||
|
|
|
|||
14
docker/elk/logstash/dist/logstash.conf
vendored
14
docker/elk/logstash/dist/logstash.conf
vendored
|
|
@ -108,6 +108,13 @@ input {
|
|||
type => "NGINX"
|
||||
}
|
||||
|
||||
# Tanner
|
||||
file {
|
||||
path => ["/data/tanner/log/tanner_report.json"]
|
||||
codec => json
|
||||
type => "Tanner"
|
||||
}
|
||||
|
||||
# Vnclowpot
|
||||
file {
|
||||
path => ["/data/vnclowpot/log/vnclowpot.log"]
|
||||
|
|
@ -383,6 +390,13 @@ filter {
|
|||
}
|
||||
}
|
||||
|
||||
# Tanner
|
||||
if [type] == "Tanner" {
|
||||
date {
|
||||
match => [ "timestamp", "ISO8601" ]
|
||||
}
|
||||
}
|
||||
|
||||
# Vnclowpot
|
||||
if [type] == "Vnclowpot" {
|
||||
grok {
|
||||
|
|
|
|||
|
|
@ -455,7 +455,7 @@ mkdir -p /data/ciscoasa/log \
|
|||
/data/rdpy/log \
|
||||
/data/spiderfoot \
|
||||
/data/suricata/log /home/tsec/.ssh/ \
|
||||
/data/tanner/log \
|
||||
/data/tanner/log /data/tanner/files \
|
||||
/data/p0f/log \
|
||||
/data/vnclowpot/log 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
|
||||
touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
|
||||
|
|
|
|||
Loading…
Reference in a new issue