Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-20 06:02:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

tweaking

Browse source
This commit is contained in:
Marco Ochse 2018-04-16 22:05:16 +00:00
parent edfd5eaa5b
commit 446880de55
9 changed files with 32 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
bin/clean.sh
View file

@ -132,6 +132,14 @@ fuGLASTOPF () {
chown tpot:tpot /data/glastopf -R chown tpot:tpot /data/glastopf -R
} }
# Let's create a function to clean up and prepare glastopf data
fuGLUTTON () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi
mkdir -p /data/glutton/log
chmod 760 /data/glutton -R
chown tpot:tpot /data/glutton -R
}
# Let's create a function to clean up and prepare heralding data # Let's create a function to clean up and prepare heralding data
fuHERALDING () { fuHERALDING () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/heralding/*; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/heralding/*; fi
@ -234,6 +242,7 @@ if [ "$myPERSISTENCE" = "on" ];
fuELK fuELK
fuEMOBILITY fuEMOBILITY
fuGLASTOPF fuGLASTOPF
fuGLUTTON
fuHERALDING fuHERALDING
fuHONEYTRAP fuHONEYTRAP
fuMAILONEY fuMAILONEY

2
docker/elk/logstash/Dockerfile
View file

@ -49,4 +49,4 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'
# Start logstash # Start logstash
USER logstash:logstash USER logstash:logstash
CMD update.sh && /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf

17
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -55,6 +55,13 @@ input {
type => "Glastopf" type => "Glastopf"
} }
# Glutton
file {
path => ["/data/glutton/log/glutton.log"]
codec => json
type => "Glutton"
}
# Heralding # Heralding
file { file {
path => ["/data/heralding/log/auth.csv"] path => ["/data/heralding/log/auth.csv"]
@ -207,6 +214,14 @@ filter {
} }
} }
# Glutton
if [type] == "Glutton" {
date {
match => [ "ts", "UNIX" ]
remove_field => ["ts"]
}
}
# Heralding # Heralding
if [type] == "Heralding" { if [type] == "Heralding" {
csv { csv {
@ -395,7 +410,7 @@ if "_grokparsefailure" in [tags] { drop {} }
} }
# Add T-Pot hostname and external IP # Add T-Pot hostname and external IP
if [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "eMobility" or [type] == "Glastopf" or [type] == "Honeytrap" or [type] == "Mailoney" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Vnclowpot" { if [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "eMobility" or [type] == "Glastopf" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Mailoney" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Vnclowpot" {
mutate { mutate {
add_field => { add_field => {
"t-pot_ip_ext" => "${MY_EXTIP}" "t-pot_ip_ext" => "${MY_EXTIP}"

2
docker/glutton/Dockerfile
View file

@ -45,4 +45,4 @@ RUN apk -U --no-cache add bash \
# Run supervisor upon container start # Run supervisor upon container start
WORKDIR /opt/glutton WORKDIR /opt/glutton
CMD exec bin/server -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) -l /var/log/glutton/glutton.log -d true CMD exec bin/server -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) -l /var/log/glutton/glutton.log

16
docker/glutton/dist/rules.yaml vendored
View file

@ -1,11 +1,4 @@
rules: rules:
- match: tcp dst port 5001
type: passthrough
name: ssh
- match: tcp dst port 22 or port 2222
type: conn_handler
name: proxy_ssh
target: tcp://172.17.0.2:22
- match: tcp dst port 23 or port 2323 or port 23231 - match: tcp dst port 23 or port 2323 or port 23231
type: conn_handler type: conn_handler
target: telnet target: telnet
@ -24,15 +17,6 @@ rules:
- match: tcp dst port 5060 - match: tcp dst port 5060
type: conn_handler type: conn_handler
target: sip target: sip
- match: tcp dst port 1080
type: passthrough
name: http
- match: tcp dst port 6000 or port 7000
type: conn_handler
name: proxy_tcp
target: tcp://172.17.0.2:22
- match: tcp - match: tcp
type: conn_handler type: conn_handler
target: default target: default
- match: udp
type: drop

6
docker/glutton/docker-compose.yml
View file

@ -5,14 +5,10 @@ services:
# glutton service # glutton service
glutton: glutton:
build: .
container_name: glutton container_name: glutton
restart: always restart: always
network_mode: "host" network_mode: "host"
#networks:
# - glutton_local
#ports:
# - "5000:5000"
# - "22:5000"
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
image: "dtagdevsec/glutton:1804" image: "dtagdevsec/glutton:1804"

2
docker/nginx/Dockerfile
View file

@ -23,4 +23,4 @@ RUN apk -U upgrade && \
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*
# Start nginx # Start nginx
CMD nginx -g 'daemon off;' CMD exec nginx -g 'daemon off;'

2
etc/logrotate/logrotate.conf
View file

@ -17,6 +17,8 @@
/data/emobility/log/centralsystemEWS.log /data/emobility/log/centralsystemEWS.log
/data/glastopf/log/glastopf.log /data/glastopf/log/glastopf.log
/data/glastopf/db/glastopf.db /data/glastopf/db/glastopf.db
/data/glutton/log/*.log
/data/glutton/log/*.err
/data/heralding/log/*.log /data/heralding/log/*.log
/data/heralding/log/*.csv /data/heralding/log/*.csv
/data/honeytrap/log/*.log /data/honeytrap/log/*.log

1
iso/installer/install.sh
View file

@ -446,6 +446,7 @@ mkdir -p /data/ciscoasa/log \
/data/elasticpot/log \ /data/elasticpot/log \
/data/elk/data /data/elk/log \ /data/elk/data /data/elk/log \
/data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \ /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
/data/glutton/log \
/data/heralding/log \ /data/heralding/log \
/data/mailoney/log \ /data/mailoney/log \
/data/nginx/log \ /data/nginx/log \