From 4e902b65608e9f20d4bb6136419c46ad218a2e5b Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Sat, 1 Jun 2019 17:47:14 +0000
Subject: [PATCH] add fatt to nextgen

---
 bin/clean.sh                   |  9 +++++++++
 docker/fatt/Dockerfile         | 13 ++++++-------
 docker/fatt/docker-compose.yml |  4 ++--
 etc/compose/nextgen.yml        | 14 ++++++++++++++
 etc/logrotate/logrotate.conf   |  1 +
 iso/installer/install.sh       |  1 +
 6 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/bin/clean.sh b/bin/clean.sh
index 85f0fe5a..f4f751be 100755
--- a/bin/clean.sh
+++ b/bin/clean.sh
@@ -129,6 +129,14 @@ fuELK () {
   chown tpot:tpot /data/elk -R
 }
 
+# Let's create a function to clean up and prepare fatt data
+fuFATT () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/fatt/*; fi
+  mkdir -p /data/fatt/log
+  chmod 770 -R /data/fatt
+  chown tpot:tpot -R /data/fatt
+}
+
 # Let's create a function to clean up and prepare glastopf data
 fuGLASTOPF () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glastopf/*; fi
@@ -262,6 +270,7 @@ if [ "$myPERSISTENCE" = "on" ];
     fuDIONAEA
     fuELASTICPOT
     fuELK
+    fuFATT
     fuGLASTOPF
     fuGLUTTON
     fuHERALDING
diff --git a/docker/fatt/Dockerfile b/docker/fatt/Dockerfile
index ce61d55b..ac5caeef 100644
--- a/docker/fatt/Dockerfile
+++ b/docker/fatt/Dockerfile
@@ -6,7 +6,6 @@ FROM alpine
 # Get and install dependencies & packages
 RUN apk -U add \
               git \
-              libcap \
               py3-libxml2 \
               py3-lxml \
               python3 \
@@ -18,16 +17,16 @@ RUN apk -U add \
     adduser -S -s /bin/ash -u 2000 -D -g 2000 fatt && \
 
 # Install fatt
-    mkdir -p /home/fatt && \
-    cd /home/fatt && \
-    mkdir -p log && \
+    mkdir -p /opt && \
+    cd /opt && \
     git clone --depth=1 https://github.com/0x4D31/fatt && \
     cd fatt && \
+    mkdir -p log && \
     pip3 install --upgrade pip && \
     pip3 install pyshark==0.4.2.2 && \
 
 # Setup configs
-    chown fatt:fatt -R /home/fatt/* && \
+    chown fatt:fatt -R /opt/fatt/* && \
 
 # Clean up
     apk del --purge git \
@@ -37,6 +36,6 @@ RUN apk -U add \
 
 # Start fatt
 STOPSIGNAL SIGINT
-ENV PYTHONPATH /home/fatt/fatt
-WORKDIR /home/fatt/fatt
+ENV PYTHONPATH /opt/fatt
+WORKDIR /opt/fatt
 CMD python3 fatt.py -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) --print_output --json_logging -o log/fatt.log
diff --git a/docker/fatt/docker-compose.yml b/docker/fatt/docker-compose.yml
index 24aff877..75cbe6a6 100644
--- a/docker/fatt/docker-compose.yml
+++ b/docker/fatt/docker-compose.yml
@@ -3,7 +3,7 @@ version: '2.3'
 services:
 
 # Fatt service
-  suricata:
+  fatt:
     build: .
     container_name: fatt
     restart: always
@@ -14,4 +14,4 @@ services:
      - NET_RAW
     image: "dtagdevsec/fatt:1903"
     volumes:
-     - /data/fatt/log:/home/fatt/fatt/log
+     - /data/fatt/log:/opt/fatt/log
diff --git a/etc/compose/nextgen.yml b/etc/compose/nextgen.yml
index ec037eec..d7c41992 100644
--- a/etc/compose/nextgen.yml
+++ b/etc/compose/nextgen.yml
@@ -406,6 +406,20 @@ services:
 #### NSM
 ##################
 
+# Fatt service
+  fatt:
+    build: .
+    container_name: fatt
+    restart: always
+    network_mode: "host"
+    cap_add:
+     - NET_ADMIN
+     - SYS_NICE
+     - NET_RAW
+    image: "dtagdevsec/fatt:1903"
+    volumes:
+     - /data/fatt/log:/opt/fatt/log
+
 # P0f service
   p0f:
     container_name: p0f
diff --git a/etc/logrotate/logrotate.conf b/etc/logrotate/logrotate.conf
index d57e7a28..765e41de 100644
--- a/etc/logrotate/logrotate.conf
+++ b/etc/logrotate/logrotate.conf
@@ -16,6 +16,7 @@
 /data/dionaea/dionaea-errors.log
 /data/elasticpot/log/elasticpot.log
 /data/elk/log/*.log
+/data/fatt/log/fatt.log
 /data/glastopf/log/glastopf.log
 /data/glastopf/db/glastopf.db
 /data/glutton/log/*.log
diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index 0fdee005..f19ade76 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -771,6 +771,7 @@ mkdir -p /data/adbhoney/downloads /data/adbhoney/log \
          /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \
          /data/elasticpot/log \
          /data/elk/data /data/elk/log \
+	 /data/fatt/log \
          /data/glastopf/log /data/glastopf/db \
          /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
          /data/glutton/log \