incl. XFF for qhoneypots, some tweaking

2025-10-31 12:32:55 +00:00 · 2022-02-11 10:32:31 +00:00 · 2022-02-11 10:32:31 +00:00 · 53afb1ba10
commit 53afb1ba10
parent d2e54d5cf0
6 changed files with 20 additions and 14 deletions
--- a/bin/dps.sh
+++ b/bin/dps.sh
@ -8,8 +8,14 @@ if [ "$myWHOAMI" != "root" ]
    exit
 fi

-# Show current status of T-Pot containers
 myPARAM="$1"
+if [[ $myPARAM =~ ^([1-9]|[1-9][0-9]|[1-9][0-9][0-9])$ ]];
+  then
+    watch --color -n $myPARAM "dps.sh"
+    exit
+fi
+
+# Show current status of T-Pot containers
 myCONTAINERS="$(cat /opt/tpot/etc/tpot.yml | grep -v '#' | grep container_name | cut -d: -f2 | sort | tr -d " ")"
 myRED="[1;31m"
 myGREEN="[1;32m"
@ -50,8 +56,6 @@ printf "${myMAGENTA}%+11s %-20s\n" "BLACKHOLE: " "$myBLACKHOLE_STATUS${myWHITE}"
 echo
 }

-while true
-  do
    myDPS=$(fuGETSTATUS)
    myDPSNAMES=$(echo "$myDPS" | awk '{ print $1 }' | sort)
    fuGETSYS
@ -67,10 +71,3 @@ while true
 	  printf "%-28s %-28s\n" "$myRED$i" "DOWN$myWHITE"
      fi
    done
-    if [[ $myPARAM =~ ^([1-9]|[1-9][0-9]|[1-9][0-9][0-9])$ ]];
-      then 
-        sleep "$myPARAM"
-      else 
-        break
-    fi
-done
--- a/docker/elk/docker-compose.yml
+++ b/docker/elk/docker-compose.yml
@ -85,7 +85,7 @@ services:
    #    networks:
    #     - map_local
    ports:
-     - "9999:13337"
+     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map_web:2203"
    depends_on:
     - map_redis
--- a/docker/elk/map/docker-compose.yml
+++ b/docker/elk/map/docker-compose.yml
@ -32,7 +32,7 @@ services:
    #    networks:
    #     - map_local
    ports:
-     - "9999:13337"
+     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map_web:2203"
    depends_on:
     - map_redis
--- a/docker/honeypots/Dockerfile
+++ b/docker/honeypots/Dockerfile
@ -30,7 +30,7 @@ RUN apk -U add \
    cd /opt/ && \
    git clone https://github.com/qeeqbox/honeypots && \
    cd honeypots && \
-    git checkout b88cbbd5aa1d2724c6f7de5d723f0d0e753912bb && \
+    git checkout bee3147cf81837ba7639f1e27fe34d717ecccf29 && \
    pip3 install --upgrade pip && \
    pip3 install --ignore-installed hiredis packaging && \
    pip3 install . && \
--- a/docker/honeypots/dist/config.json
+++ b/docker/honeypots/dist/config.json
@ -44,7 +44,8 @@
         "password":"admin",
         "log_file_name":"http.log",
         "max_bytes":0,
-         "backup_count":10
+         "backup_count":10,
+	 "options":"fix_get_client_ip"
      },
      "https":{
         "port":443,
--- a/docker/nginx/dist/conf/tpotweb.conf
+++ b/docker/nginx/dist/conf/tpotweb.conf
@ -124,6 +124,14 @@ server {
        rewrite /es/(.*)$ /$1 break;
    }

+    ### Map
+    location /map/ {
+        proxy_pass http://127.0.0.1:64299/;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+    }
+
    ### spiderfoot
    location /spiderfoot {
        proxy_pass http://127.0.0.1:64303;