From 83fbc3eee08fc5d41edfd7e3d156b33b99f7f020 Mon Sep 17 00:00:00 2001
From: Marco Ochse <t3chn0m4g3@gmail.com>
Date: Fri, 13 Apr 2018 18:22:49 +0000
Subject: [PATCH] start working on glutton

---
 docker/cowrie/Dockerfile          |  1 -
 docker/glutton/Dockerfile         | 48 +++++++++++++++++++++++++++++
 docker/glutton/dist/rules.yaml    | 38 +++++++++++++++++++++++
 docker/glutton/docker-compose.yml | 21 +++++++++++++
 docker/glutton/notes              | 50 +++++++++++++++++++++++++++++++
 etc/compose/collect.yml           |  9 ++++--
 etc/compose/tpot.yml              | 10 +++++--
 7 files changed, 172 insertions(+), 5 deletions(-)
 create mode 100644 docker/glutton/Dockerfile
 create mode 100644 docker/glutton/dist/rules.yaml
 create mode 100644 docker/glutton/docker-compose.yml
 create mode 100644 docker/glutton/notes

diff --git a/docker/cowrie/Dockerfile b/docker/cowrie/Dockerfile
index c8fe11c6..c68ae958 100644
--- a/docker/cowrie/Dockerfile
+++ b/docker/cowrie/Dockerfile
@@ -8,7 +8,6 @@ RUN apk -U upgrade && \
     apk add build-base \
             git \
             gmp-dev \
-#            libcap \
             libffi-dev \
             mpc1-dev \
             mpfr-dev \
diff --git a/docker/glutton/Dockerfile b/docker/glutton/Dockerfile
new file mode 100644
index 00000000..e01809a8
--- /dev/null
+++ b/docker/glutton/Dockerfile
@@ -0,0 +1,48 @@
+FROM alpine
+
+# Include dist
+ADD dist/ /root/dist/
+  
+# Setup apk
+RUN apk -U --no-cache add bash \
+                          build-base \
+                          git \
+                          go \
+                          g++ \
+                          iptables-dev \
+                          libnetfilter_queue-dev \
+                          libpcap-dev \
+                          procps && \
+
+# Setup go, glutton
+    export GOPATH=/opt/go/ && \
+    mkdir -p /opt/go/ && \
+    go get -d github.com/mushorg/glutton && \
+    go get -u github.com/golang/dep/cmd/dep && \
+    cd /opt/go/src/github.com/mushorg/glutton/ && \
+    /opt/go/bin/dep ensure && \
+    make build && \
+    cd / && \
+    mkdir -p /opt/glutton && \
+    mv /opt/go/src/github.com/mushorg/glutton/bin /opt/glutton/ && \
+    mv /opt/go/src/github.com/mushorg/glutton/config /opt/glutton/ && \
+    mv /opt/go/src/github.com/mushorg/glutton/rules /opt/glutton/ && \
+
+# Setup user, groups and configs
+    addgroup -g 2000 glutton && \
+    adduser -S -s /bin/bash -u 2000 -D -g 2000 glutton && \
+    mkdir -p /var/log/glutton && \
+    mv /root/dist/rules.yaml /opt/glutton/rules/ && \
+
+# Clean up
+    apk del --purge build-base \
+                    git \
+                    go \
+                    g++ && \
+    rm -rf /var/cache/apk/* \
+           /opt/go \
+           /root/dist
+
+# Run supervisor upon container start
+WORKDIR /opt/glutton
+CMD bin/server -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) -l /var/log/glutton/glutton.log -d true
diff --git a/docker/glutton/dist/rules.yaml b/docker/glutton/dist/rules.yaml
new file mode 100644
index 00000000..b2cad527
--- /dev/null
+++ b/docker/glutton/dist/rules.yaml
@@ -0,0 +1,38 @@
+rules:
+  - match: tcp dst port 64295
+    type: passthrough
+    name: ssh
+  - match: tcp dst port 22 or port 2222
+    type: conn_handler
+    name: proxy_ssh
+    target: tcp://172.17.0.2:22
+  - match: tcp dst port 23 or port 2323 or port 23231
+    type: conn_handler
+    target: telnet
+  - match: tcp dst port 25
+    type: conn_handler
+    target: smtp
+  - match: tcp dst port 3389
+    type: conn_handler
+    target: rdp
+  - match: tcp dst port 445
+    type: conn_handler
+    target: smb
+  - match: tcp dst port 21
+    type: conn_handler
+    target: ftp
+  - match: tcp dst port 5060
+    type: conn_handler
+    target: sip
+  - match: tcp dst port 1080
+    type: passthrough
+    name: http
+  - match: tcp dst port 6000 or port 7000
+    type: conn_handler
+    name: proxy_tcp
+    target: tcp://172.17.0.2:22
+  - match: tcp
+    type: conn_handler
+    target: default
+  - match: udp
+    type: drop
diff --git a/docker/glutton/docker-compose.yml b/docker/glutton/docker-compose.yml
new file mode 100644
index 00000000..c403eae8
--- /dev/null
+++ b/docker/glutton/docker-compose.yml
@@ -0,0 +1,21 @@
+# For docker-compose ...
+version: '2.2'
+
+networks:
+  glutton_local:
+
+services:
+
+# glutton service
+  glutton:
+    container_name: glutton
+    restart: always
+    network_mode: "host"
+    #networks:
+    # - glutton_local
+    cap_add:
+     - NET_ADMIN
+    image: "dtagdevsec/glutton:1804"
+    volumes:
+     - /data/glutton/log:/var/log/glutton
+
diff --git a/docker/glutton/notes b/docker/glutton/notes
new file mode 100644
index 00000000..110b0786
--- /dev/null
+++ b/docker/glutton/notes
@@ -0,0 +1,50 @@
+1  apk add golang
+    2  apk add go
+    3  apk -U --no-cache add bash                           build-base                           git                           go                           g++                           iptables-dev                           libnetfilter_queue-dev                           libpcap-dev                           procps
+    4  ls
+    5  go get github.com/mushorg/glutton
+    6  go get -d github.com/mushorg/glutton
+    7  ls
+    8  cd $GOPATH
+    9  ls
+   10  cd go/
+   11  ls
+   12  cd src/github.com/mushorg/glutton/
+   13  ls
+   14  go get -u github.com/golang/dep/cmd/dep
+   15  dep
+   16  find / -name dep
+   17  pwd
+   18  cd ..
+   19  ls
+   20  cd ..
+   21  ls
+   22  cd ..
+   23  ls
+   24  cd golang.org/
+   25  ls
+   26  cd x/
+   27  ls
+   28  cd ..
+   29  ls
+   30  cd ..
+   31  ls
+   32  cd ..
+   33  ls
+   34  cd bin
+   35  ls
+   36  dep ensure
+   37  ./dep ensure
+   38  cd ..
+   39  ls
+   40  cd ..
+   41  ls
+   42  cd ..
+   43  ls
+   44  cd root/go/src/github.com/mushorg/glutton/
+   45  which dep
+   46  /root/go/bin/dep ensure
+   47  make build
+   48  bin/server
+   49  history
+
diff --git a/etc/compose/collect.yml b/etc/compose/collect.yml
index 1257e45b..d9a9c795 100644
--- a/etc/compose/collect.yml
+++ b/etc/compose/collect.yml
@@ -88,6 +88,10 @@ services:
   heralding:
     container_name: heralding
     restart: always
+    environment:
+      - PYTHON_EGG_CACHE=/tmp/heralding
+    tmpfs:
+      - /tmp/heralding:exec
     networks:
      - heralding_local
     ports:
@@ -104,6 +108,7 @@ services:
      - "5432:5432"
      - "5900:5900"
     image: "dtagdevsec/heralding:1804"
+    read_only: true
     volumes:
      - /data/heralding/log:/var/log/heralding
 
@@ -157,8 +162,8 @@ services:
     image: "dtagdevsec/nginx:1804"
     read_only: true
     volumes:
-     - /data/nginx/cert/:/etc/nginx/cert/
-     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd
+     - /data/nginx/cert/:/etc/nginx/cert/:ro
+     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
      - /data/nginx/log/:/var/log/nginx/
 
 # Spiderfoot service
diff --git a/etc/compose/tpot.yml b/etc/compose/tpot.yml
index 0ffcd943..46d4766a 100644
--- a/etc/compose/tpot.yml
+++ b/etc/compose/tpot.yml
@@ -173,12 +173,17 @@ services:
 # Glastopf service
   glastopf:
     container_name: glastopf
+    environment:
+      - PYTHON_EGG_CACHE=/tmp/glastopf
+    tmpfs:
+      - /tmp/glastopf:exec
     restart: always
     networks:
      - glastopf_local
     ports:
      - "80:80"
     image: "dtagdevsec/glastopf:1804"
+    read_only: true
     volumes:
      - /data/glastopf/db:/opt/glastopf/db
      - /data/glastopf/log:/opt/glastopf/log
@@ -205,6 +210,7 @@ services:
     ports:
      - "25:2525"
     image: "dtagdevsec/mailoney:1804"
+    read_only: true
     volumes:
      - /data/mailoney/log:/opt/mailoney/logs
 
@@ -245,8 +251,8 @@ services:
     image: "dtagdevsec/nginx:1804"
     read_only: true
     volumes:
-     - /data/nginx/cert/:/etc/nginx/cert/
-     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd
+     - /data/nginx/cert/:/etc/nginx/cert/:ro
+     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
      - /data/nginx/log/:/var/log/nginx/
 
 # Rdpy service