add fatt to nextgen

bin/clean.sh

@@ -129,6 +129,14 @@ fuELK () {
   chown tpot:tpot /data/elk -R
 }
 
+# Let's create a function to clean up and prepare fatt data
+fuFATT () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/fatt/*; fi
+  mkdir -p /data/fatt/log
+  chmod 770 -R /data/fatt
+  chown tpot:tpot -R /data/fatt
+}
+
 # Let's create a function to clean up and prepare glastopf data
 fuGLASTOPF () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glastopf/*; fi
@@ -262,6 +270,7 @@ if [ "$myPERSISTENCE" = "on" ];
     fuDIONAEA
     fuELASTICPOT
     fuELK
+    fuFATT
     fuGLASTOPF
     fuGLUTTON
     fuHERALDING

docker/fatt/Dockerfile

@@ -6,7 +6,6 @@ FROM alpine
 # Get and install dependencies & packages
 RUN apk -U add \
               git \
-              libcap \
               py3-libxml2 \
               py3-lxml \
               python3 \
@@ -18,16 +17,16 @@ RUN apk -U add \
     adduser -S -s /bin/ash -u 2000 -D -g 2000 fatt && \
 
 # Install fatt
-    mkdir -p /home/fatt && \
-    cd /home/fatt && \
-    mkdir -p log && \
+    mkdir -p /opt && \
+    cd /opt && \
     git clone --depth=1 https://github.com/0x4D31/fatt && \
     cd fatt && \
+    mkdir -p log && \
     pip3 install --upgrade pip && \
     pip3 install pyshark==0.4.2.2 && \
 
 # Setup configs
-    chown fatt:fatt -R /home/fatt/* && \
+    chown fatt:fatt -R /opt/fatt/* && \
 
 # Clean up
     apk del --purge git \
@@ -37,6 +36,6 @@ RUN apk -U add \
 
 # Start fatt
 STOPSIGNAL SIGINT
-ENV PYTHONPATH /home/fatt/fatt
-WORKDIR /home/fatt/fatt
+ENV PYTHONPATH /opt/fatt
+WORKDIR /opt/fatt
 CMD python3 fatt.py -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) --print_output --json_logging -o log/fatt.log

docker/fatt/docker-compose.yml

@@ -3,7 +3,7 @@ version: '2.3'
 services:
 
 # Fatt service
-  suricata:
+  fatt:
     build: .
     container_name: fatt
     restart: always
@@ -14,4 +14,4 @@ services:
      - NET_RAW
     image: "dtagdevsec/fatt:1903"
     volumes:
-     - /data/fatt/log:/home/fatt/fatt/log
+     - /data/fatt/log:/opt/fatt/log

etc/compose/nextgen.yml

@@ -406,6 +406,20 @@ services:
 #### NSM
 ##################
 
+# Fatt service
+  fatt:
+    build: .
+    container_name: fatt
+    restart: always
+    network_mode: "host"
+    cap_add:
+     - NET_ADMIN
+     - SYS_NICE
+     - NET_RAW
+    image: "dtagdevsec/fatt:1903"
+    volumes:
+     - /data/fatt/log:/opt/fatt/log
+
 # P0f service
   p0f:
     container_name: p0f

etc/logrotate/logrotate.conf

@@ -16,6 +16,7 @@
 /data/dionaea/dionaea-errors.log
 /data/elasticpot/log/elasticpot.log
 /data/elk/log/*.log
+/data/fatt/log/fatt.log
 /data/glastopf/log/glastopf.log
 /data/glastopf/db/glastopf.db
 /data/glutton/log/*.log

iso/installer/install.sh

@@ -771,6 +771,7 @@ mkdir -p /data/adbhoney/downloads /data/adbhoney/log \
          /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \
          /data/elasticpot/log \
          /data/elk/data /data/elk/log \
+	 /data/fatt/log \
          /data/glastopf/log /data/glastopf/db \
          /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
          /data/glutton/log \