From 443a9d19fc0b25a88827afb599984dcb6a59d000 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Wed, 6 Aug 2025 15:46:00 +0200 Subject: [PATCH] Update and pin Glutton to latest master --- docker/glutton/Dockerfile | 7 ++-- docker/glutton/dist/config.yaml | 2 +- docker/glutton/dist/rules.yaml | 10 ++++- docker/glutton/dist/system.go | 68 ------------------------------- docker/glutton/docker-compose.yml | 2 +- 5 files changed, 13 insertions(+), 76 deletions(-) delete mode 100644 docker/glutton/dist/system.go diff --git a/docker/glutton/Dockerfile b/docker/glutton/Dockerfile index 3ad73822..31b0d92f 100644 --- a/docker/glutton/Dockerfile +++ b/docker/glutton/Dockerfile @@ -17,12 +17,11 @@ RUN apk --no-cache -U upgrade && \ cd /opt/ && \ git clone https://github.com/mushorg/glutton && \ cd /opt/glutton/ && \ - git checkout b3b5944b79893ccb1da19e112571674841bbe124 && \ - cp /root/dist/system.go . && \ + git checkout 1e534801825dfa517a97a4e1899bf85e9384e463 && \ make build && \ cp /root/dist/*.yaml /opt/glutton/config/ # -FROM alpine:3.20 +FROM alpine:3.22 # COPY --from=builder /opt/glutton/bin /opt/glutton/bin COPY --from=builder /opt/glutton/config /opt/glutton/config @@ -33,7 +32,7 @@ RUN apk -U --no-cache upgrade && \ libcap \ libpcap-dev && \ setcap cap_net_admin,cap_net_raw=+ep /opt/glutton/bin/server && \ - setcap cap_net_admin,cap_net_raw=+ep /sbin/xtables-nft-multi && \ + setcap cap_net_admin,cap_net_raw=+ep /usr/sbin/xtables-nft-multi && \ mkdir -p /var/log/glutton \ /opt/glutton/payloads # diff --git a/docker/glutton/dist/config.yaml b/docker/glutton/dist/config.yaml index 5d5072ef..f5cb29e6 100644 --- a/docker/glutton/dist/config.yaml +++ b/docker/glutton/dist/config.yaml @@ -1,7 +1,7 @@ ports: tcp: 5000 udp: 5001 - ssh: 2222 + ssh: 64295 rules_path: config/rules.yaml diff --git a/docker/glutton/dist/rules.yaml b/docker/glutton/dist/rules.yaml index 7a8a568a..8ff2076d 100644 --- a/docker/glutton/dist/rules.yaml +++ b/docker/glutton/dist/rules.yaml @@ -1,4 +1,6 @@ rules: + - match: udp + type: drop - match: tcp dst port 23 or port 2323 or port 23231 type: conn_handler target: telnet @@ -29,8 +31,12 @@ rules: - match: tcp dst port 11211 type: conn_handler target: memcache + - match: tcp dst port 3260 + type: conn_handler + target: iscsi + - match: tcp dst port 27017 + type: conn_handler + target: mongodb - match: tcp type: conn_handler target: tcp - - match: udp - type: drop \ No newline at end of file diff --git a/docker/glutton/dist/system.go b/docker/glutton/dist/system.go deleted file mode 100644 index d16e6076..00000000 --- a/docker/glutton/dist/system.go +++ /dev/null @@ -1,68 +0,0 @@ -package glutton - -import ( - "errors" - "fmt" - "net" - "os" - "runtime" - "strings" - "time" - - "github.com/glaslos/lsof" - "github.com/google/gopacket/pcap" -) - -func countOpenFiles() (int, error) { - if runtime.GOOS == "linux" { - lines, err := lsof.ReadPID(os.Getpid()) - return len(lines) - 1, err - } - return 0, errors.New("operating system type not supported for this command") -} - -func (g *Glutton) startMonitor(quit chan struct{}) { - ticker := time.NewTicker(10 * time.Second) - go func() { - for { - select { - // case <-ticker.C: - // openFiles, err := countOpenFiles() - // if err != nil { - // fmt.Printf("Failed :%s", err) - // } - // runningRoutines := runtime.NumGoroutine() - // g.Logger.Info(fmt.Sprintf("running Go routines: %d, open files: %d", openFiles, runningRoutines)) - case <-quit: - g.Logger.Info("monitoring stopped...") - ticker.Stop() - return - } - } - }() -} - -func getNonLoopbackIPs(ifaceName string) ([]net.IP, error) { - nonLoopback := []net.IP{} - - ifs, err := pcap.FindAllDevs() - if err != nil { - return nonLoopback, err - } - - for _, iface := range ifs { - if strings.EqualFold(iface.Name, ifaceName) { - for _, addr := range iface.Addresses { - if !addr.IP.IsLoopback() && addr.IP.To4() != nil { - nonLoopback = append(nonLoopback, addr.IP) - } - } - } - } - - if len(nonLoopback) == 0 { - return nonLoopback, fmt.Errorf("unable to find any non-loopback addresses for: %s", ifaceName) - } - - return nonLoopback, nil -} diff --git a/docker/glutton/docker-compose.yml b/docker/glutton/docker-compose.yml index f6ec2880..7655d5af 100644 --- a/docker/glutton/docker-compose.yml +++ b/docker/glutton/docker-compose.yml @@ -13,7 +13,7 @@ services: network_mode: "host" cap_add: - NET_ADMIN - image: "dtagdevsec/glutton:24.04" + image: "ghcr.io/telekom-security/glutton:24.04.1" read_only: true volumes: - $HOME/tpotce/data/glutton/log:/var/log/glutton