bump heralding to latest master

docker/heralding/Dockerfile

@@ -1,8 +1,8 @@
 FROM alpine
-  
+#  
 # Include dist
 ADD dist/ /root/dist/
-
+#
 # Install packages
 RUN apk -U --no-cache add \ 
             		build-base \
@@ -16,7 +16,7 @@ RUN apk -U --no-cache add \
             		python3-dev \
             		py-virtualenv && \
     pip3 install --no-cache-dir --upgrade pip && \
-
+#
 # Setup heralding
     mkdir -p /opt && \
     cd /opt/ && \
@@ -24,15 +24,15 @@ RUN apk -U --no-cache add \
     cd heralding && \
     pip3 install --no-cache-dir -r requirements.txt && \
     pip3 install --no-cache-dir . && \
-
+#
 # Setup user, groups and configs
     addgroup -g 2000 heralding && \
     adduser -S -H -s /bin/ash -u 2000 -D -g 2000 heralding && \
     mkdir -p /var/log/heralding/ /etc/heralding && \
     mv /root/dist/heralding.yml /etc/heralding/ && \
-    setcap cap_net_bind_service=+ep /usr/bin/python3.6 && \
+    setcap cap_net_bind_service=+ep /usr/bin/python3.7 && \
     chown -R heralding:heralding /var/log/heralding && \
-
+#
 # Clean up
     apk del --purge \
             build-base \
@@ -46,7 +46,7 @@ RUN apk -U --no-cache add \
     rm -rf /root/* \
            /var/cache/apk/* \
            /opt/heralding
-
+#
 # Start elasticpot
 STOPSIGNAL SIGINT
 WORKDIR /tmp/heralding/

docker/heralding/Dockerfile.old

@@ -0,0 +1,54 @@
+FROM alpine
+  
+# Include dist
+ADD dist/ /root/dist/
+
+# Install packages
+RUN apk -U --no-cache add \ 
+            		build-base \
+            		git \
+            		libcap \
+            		libffi-dev \
+            		openssl-dev \
+                        libzmq \
+            		postgresql-dev \
+            		python3 \
+            		python3-dev \
+            		py-virtualenv && \
+    pip3 install --no-cache-dir --upgrade pip && \
+
+# Setup heralding
+    mkdir -p /opt && \
+    cd /opt/ && \
+    git clone --depth=1 https://github.com/johnnykv/heralding && \
+    cd heralding && \
+    pip3 install --no-cache-dir -r requirements.txt && \
+    pip3 install --no-cache-dir . && \
+
+# Setup user, groups and configs
+    addgroup -g 2000 heralding && \
+    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 heralding && \
+    mkdir -p /var/log/heralding/ /etc/heralding && \
+    mv /root/dist/heralding.yml /etc/heralding/ && \
+    setcap cap_net_bind_service=+ep /usr/bin/python3.6 && \
+    chown -R heralding:heralding /var/log/heralding && \
+
+# Clean up
+    apk del --purge \
+            build-base \
+            git \
+            libcap \
+            libffi-dev \
+            libressl-dev \
+            postgresql-dev \
+            python3-dev \
+            py-virtualenv && \
+    rm -rf /root/* \
+           /var/cache/apk/* \
+           /opt/heralding
+
+# Start elasticpot
+STOPSIGNAL SIGINT
+WORKDIR /tmp/heralding/
+USER heralding:heralding
+CMD exec heralding -c /etc/heralding/heralding.yml -l /var/log/heralding/heralding.log

docker/heralding/dist/heralding.yml

@@ -8,7 +8,14 @@ bind_host: 0.0.0.0
 activity_logging:
   file:
     enabled: true
-    session_log_file: "/var/log/heralding/session.csv"
+    # Session details common for all protocols (capabilities) in CSV format, 
+    # written to file when the session ends. Set to "" to disable.
+    session_csv_log_file: "/var/log/heralding/session.csv"
+    # Complete session details (including protocol specific data) in JSONL format,
+    # written to file when the session ends. Set to "" to disable
+    session_json_log_file: "/var/log/heralding/log_session.json"
+    # Writes each authentication attempt to file, including credentials,
+    # set to "" to disable
     authentication_log_file: "/var/log/heralding/auth.csv"
 
   syslog:
@@ -27,6 +34,10 @@ activity_logging:
     enabled: false
     port: 23400
 
+hash_cracker:
+  enabled: true
+  wordlist_file: 'wordlist.txt'
+
 # protocols to enable
 capabilities:
   ftp:
@@ -155,3 +166,27 @@ capabilities:
     enabled: true
     port: 1080
     timeout: 30
+
+  mysql:
+    enabled: true
+    port: 3306
+    timeout: 30
+
+  rdp:
+    enabled: true
+    port: 3389
+    timeout: 30
+    protocol_specific_data:
+      banner: ""
+      # if a .pem file is not found in work dir, a new pem file will be created
+      # using these values
+      cert:
+        common_name: "*"
+        country: "US"
+        state: None
+        locality: None
+        organization: None
+        organizational_unit: None
+        # how many days should the certificate be valid for
+        valid_days: 365
+        serial_number: 0

docker/heralding/docker-compose.yml

@@ -26,6 +26,8 @@ services:
      - "993:993"
      - "995:995"
      - "1080:1080"
+     - "3306:3306"
+     - "3389:3389"
      - "5432:5432"
      - "5900:5900"
     image: "dtagdevsec/heralding:1903"

etc/compose/collector.yml

@@ -34,6 +34,8 @@ services:
      - "993:993"
      - "995:995"
      - "1080:1080"
+     - "3306:3306"
+     - "3389:3389"
      - "5432:5432"
      - "5900:5900"
     image: "dtagdevsec/heralding:1903"

etc/compose/industrial.yml

@@ -177,6 +177,8 @@ services:
     # - "443:443"
     # - "993:993"
     # - "995:995"
+    # - "3306:3306"
+    # - "3389:3389"
     # - "5432:5432"
      - "5900:5900"
     image: "dtagdevsec/heralding:1903"

etc/compose/nextgen.yml

@@ -232,6 +232,8 @@ services:
     # - "443:443"
      - "993:993"
      - "995:995"
+    # - "3306:3306"
+    # - "3389:3389"
      - "1080:1080"
      - "5432:5432"
      - "5900:5900"

etc/compose/sensor.yml

@@ -227,6 +227,8 @@ services:
     # - "443:443"
      - "993:993"
      - "995:995"
+    # - "3306:3306"
+    # - "3389:3389"
      - "1080:1080"
      - "5432:5432"
      - "5900:5900"

etc/compose/standard.yml

@@ -228,6 +228,8 @@ services:
     # - "443:443"
      - "993:993"
      - "995:995"
+    # - "3306:3306"
+    # - "3389:3389"
      - "1080:1080"
      - "5432:5432"
      - "5900:5900"

etc/logrotate/logrotate.conf

@@ -21,6 +21,7 @@
 /data/glutton/log/*.err
 /data/heralding/log/*.log
 /data/heralding/log/*.csv
+/data/heralding/log/*.json
 /data/honeypy/log/*.log
 /data/honeytrap/log/*.log
 /data/honeytrap/log/*.json