Update and pin Glutton to latest master

2025-08-23 03:16:55 +00:00 · 2025-08-06 15:46:00 +02:00 · 2025-08-06 15:46:00 +02:00 · 443a9d19fc
commit 443a9d19fc
parent ffc464ba39
5 changed files with 13 additions and 76 deletions
--- a/docker/glutton/Dockerfile
+++ b/docker/glutton/Dockerfile
@ -17,12 +17,11 @@ RUN apk --no-cache -U upgrade && \
    cd /opt/ && \
    git clone https://github.com/mushorg/glutton && \
    cd /opt/glutton/ && \
-    git checkout b3b5944b79893ccb1da19e112571674841bbe124 && \
-    cp /root/dist/system.go . && \
+    git checkout 1e534801825dfa517a97a4e1899bf85e9384e463 && \
    make build && \
 	cp /root/dist/*.yaml /opt/glutton/config/
 #
-FROM alpine:3.20
+FROM alpine:3.22
 #
 COPY --from=builder /opt/glutton/bin /opt/glutton/bin
 COPY --from=builder /opt/glutton/config /opt/glutton/config
@ -33,7 +32,7 @@ RUN apk -U --no-cache upgrade && \
 		libcap \
  		libpcap-dev && \
 		setcap cap_net_admin,cap_net_raw=+ep /opt/glutton/bin/server && \
-		setcap cap_net_admin,cap_net_raw=+ep /sbin/xtables-nft-multi && \
+		setcap cap_net_admin,cap_net_raw=+ep /usr/sbin/xtables-nft-multi && \
 		mkdir -p /var/log/glutton \
 		         /opt/glutton/payloads
 #
--- a/docker/glutton/dist/config.yaml
+++ b/docker/glutton/dist/config.yaml
@ -1,7 +1,7 @@
 ports:
  tcp: 5000
  udp: 5001
-  ssh: 2222
+  ssh: 64295

 rules_path: config/rules.yaml

--- a/docker/glutton/dist/rules.yaml
+++ b/docker/glutton/dist/rules.yaml
@ -1,4 +1,6 @@
 rules:
+  - match: udp
+    type: drop
  - match: tcp dst port 23 or port 2323 or port 23231
    type: conn_handler
    target: telnet
@ -29,8 +31,12 @@ rules:
  - match: tcp dst port 11211
    type: conn_handler
    target: memcache
+  - match: tcp dst port 3260
+    type: conn_handler
+    target: iscsi
+  - match: tcp dst port 27017
+    type: conn_handler
+    target: mongodb
  - match: tcp
    type: conn_handler
    target: tcp
-  - match: udp
-    type: drop
--- a/docker/glutton/dist/system.go
+++ b/docker/glutton/dist/system.go
@ -1,68 +0,0 @@
-package glutton
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"os"
-	"runtime"
-	"strings"
-	"time"
-
-	"github.com/glaslos/lsof"
-	"github.com/google/gopacket/pcap"
-)
-
-func countOpenFiles() (int, error) {
-	if runtime.GOOS == "linux" {
-		lines, err := lsof.ReadPID(os.Getpid())
-		return len(lines) - 1, err
-	}
-	return 0, errors.New("operating system type not supported for this command")
-}
-
-func (g *Glutton) startMonitor(quit chan struct{}) {
-	ticker := time.NewTicker(10 * time.Second)
-	go func() {
-		for {
-			select {
-			// case <-ticker.C:
-			// 	openFiles, err := countOpenFiles()
-			// 	if err != nil {
-			// 		fmt.Printf("Failed :%s", err)
-			// 	}
-			// 	runningRoutines := runtime.NumGoroutine()
-			// 	g.Logger.Info(fmt.Sprintf("running Go routines: %d, open files: %d", openFiles, runningRoutines))
-			case <-quit:
-				g.Logger.Info("monitoring stopped...")
-				ticker.Stop()
-				return
-			}
-		}
-	}()
-}
-
-func getNonLoopbackIPs(ifaceName string) ([]net.IP, error) {
-	nonLoopback := []net.IP{}
-
-	ifs, err := pcap.FindAllDevs()
-	if err != nil {
-		return nonLoopback, err
-	}
-
-	for _, iface := range ifs {
-		if strings.EqualFold(iface.Name, ifaceName) {
-			for _, addr := range iface.Addresses {
-				if !addr.IP.IsLoopback() && addr.IP.To4() != nil {
-					nonLoopback = append(nonLoopback, addr.IP)
-				}
-			}
-		}
-	}
-
-	if len(nonLoopback) == 0 {
-		return nonLoopback, fmt.Errorf("unable to find any non-loopback addresses for: %s", ifaceName)
-	}
-
-	return nonLoopback, nil
-}
--- a/docker/glutton/docker-compose.yml
+++ b/docker/glutton/docker-compose.yml
@ -13,7 +13,7 @@ services:
    network_mode: "host"
    cap_add:
     - NET_ADMIN
-    image: "dtagdevsec/glutton:24.04"
+    image: "ghcr.io/telekom-security/glutton:24.04.1"
    read_only: true
    volumes:
     - $HOME/tpotce/data/glutton/log:/var/log/glutton