include rdpy honeypot

2025-07-01 12:32:12 +00:00 · 2017-08-27 00:37:57 +00:00 · 2017-08-27 00:37:57 +00:00 · 56ebd9f05c
commit 56ebd9f05c
parent 46eea25f38
9 changed files with 52 additions and 2 deletions
--- a/installer/bin/clean.sh
+++ b/installer/bin/clean.sh
@ -138,6 +138,14 @@ fuMAILONEY () {
  chown tpot:tpot /data/mailoney/ -R
 }

+# Let's create a function to clean up and prepare rdpy data
+fuRDPY () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/rdpy/*; fi
+  mkdir -p /data/rdpy/log/
+  chmod 760 /data/rdpy/ -R
+  chown tpot:tpot /data/rdpy/ -R
+}
+
 # Let's create a function to prepare spiderfoot db
 fuSPIDERFOOT () {
  mkdir -p /data/spiderfoot
@ -202,6 +210,7 @@ if [ "$myPERSISTENCE" = "on" ];
    fuGLASTOPF
    fuHONEYTRAP
    fuMAILONEY
+    fuRDPY
    fuSPIDERFOOT
    fuSURICATA
    fuP0F
--- a/installer/etc/tpot/compose/all.yml
+++ b/installer/etc/tpot/compose/all.yml
@ -11,6 +11,7 @@ networks:
  ewsposter_local:
  glastopf_local:
  mailoney_local:
+  rdpy_local:
  spiderfoot_local:
  ui-for-docker_local:
  vnclowpot_local:
@ -240,6 +241,18 @@ services:
     - /sys:/host/sys:ro
     - /var/run/docker.sock:/var/run/docker.sock

+# Rdpy service
+  rdpy:
+    container_name: rdpy
+    restart: always
+    networks:
+     - rdpy_local
+    ports:
+     - "3389:3389"
+    image: "dtagdevsec/rdpy:1706"
+    volumes:
+     - /data/rdpy/log:/var/log/rdpy
+
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
--- a/installer/etc/tpot/compose/hp.yml
+++ b/installer/etc/tpot/compose/hp.yml
@ -9,6 +9,7 @@ networks:
  ewsposter_local:
  glastopf_local:
  mailoney_local:
+  rdpy_local:
  vnclowpot_local:

 services:
@ -130,6 +131,18 @@ services:
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs

+# Rdpy service
+  rdpy:
+    container_name: rdpy
+    restart: always
+    networks:
+     - rdpy_local
+    ports:
+     - "3389:3389"
+    image: "dtagdevsec/rdpy:1706"
+    volumes:
+     - /data/rdpy/log:/var/log/rdpy
+
 # Vnclowpot service
  vnclowpot:
    container_name: vnclowpot
--- a/installer/etc/tpot/compose/tpot.yml
+++ b/installer/etc/tpot/compose/tpot.yml
@ -9,6 +9,7 @@ networks:
  ewsposter_local:
  glastopf_local:
  mailoney_local:
+  rdpy_local:
  spiderfoot_local:
  ui-for-docker_local:
  vnclowpot_local:
@ -210,6 +211,18 @@ services:
     - /sys:/host/sys:ro
     - /var/run/docker.sock:/var/run/docker.sock

+# Rdpy service
+  rdpy:
+    container_name: rdpy
+    restart: always
+    networks:
+     - rdpy_local
+    ports:
+     - "3389:3389"
+    image: "dtagdevsec/rdpy:1706"
+    volumes:
+     - /data/rdpy/log:/var/log/rdpy
+
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
--- a/installer/etc/tpot/elkbase.tgz
+++ b/installer/etc/tpot/elkbase.tgz
--- a/installer/etc/tpot/kibana-objects.tgz
+++ b/installer/etc/tpot/kibana-objects.tgz
--- a/installer/etc/tpot/logrotate/logrotate.conf
+++ b/installer/etc/tpot/logrotate/logrotate.conf
@ -22,6 +22,7 @@
 /data/honeytrap/downloads.tgz
 /data/mailoney/log/commands.log
 /data/p0f/log/p0f.json
+/data/rdpy/log/rdpy.log
 /data/suricata/log/*.log
 /data/suricata/log/*.json
 /data/vnclowpot/log/vnclowpot.log
--- a/installer/etc/tpot/systemd/tpot.service
+++ b/installer/etc/tpot/systemd/tpot.service
@ -34,7 +34,7 @@ ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
 ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
-ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,5900,27017 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE

@ -49,7 +49,7 @@ ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
 ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
-ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,5900,27017 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE

--- a/installer/install.sh
+++ b/installer/install.sh
@ -448,6 +448,7 @@ mkdir -p /data/conpot/log \
         /data/mailoney/log \
         /data/emobility/log \
         /data/ews/conf \
+         /data/rdpy/log \
         /data/spiderfoot \
         /data/suricata/log /home/tsec/.ssh/ \
         /data/p0f/log \