Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-20 06:02:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

prepare for CitrixHoneypot

Browse source
This commit is contained in:
t3chn0m4g3 2020-01-15 12:14:23 +00:00
parent 0ef2b083fc
commit 8a844e6dd3
9 changed files with 41 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
CHANGELOG.md
View file

@ -1,5 +1,11 @@
# Changelog # Changelog
## 20200115
- **Prepare integration of CitrixHoneypot**
- Prepare integration of [CitrixHoneypot](https://github.com/MalwareTech/CitrixHoneypot) by MalwareTech
- Integration into ELK is still open
- Please run `/opt/tpot/update.sh` for the necessary modifications
## 20191224 ## 20191224
- **Use pigz, optimize logrotate.conf** - **Use pigz, optimize logrotate.conf**
- Use `pigz` for faster archiving, especially with regard to high volumes of logs - Thanks to @workandresearchgithub! - Use `pigz` for faster archiving, especially with regard to high volumes of logs - Thanks to @workandresearchgithub!

7
README.md
View file

@ -8,6 +8,7 @@ and includes dockerized versions of the following honeypots
* [adbhoney](https://github.com/huuck/ADBHoney), * [adbhoney](https://github.com/huuck/ADBHoney),
* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot), * [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot),
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot),
* [conpot](http://conpot.org/), * [conpot](http://conpot.org/),
* [cowrie](https://github.com/cowrie/cowrie), * [cowrie](https://github.com/cowrie/cowrie),
* [dionaea](https://github.com/DinoTools/dionaea), * [dionaea](https://github.com/DinoTools/dionaea),
@ -139,6 +140,7 @@ This allows us to run multiple honeypot daemons on the same network interface wh
In T-Pot we combine the dockerized honeypots ... In T-Pot we combine the dockerized honeypots ...
* [adbhoney](https://github.com/huuck/ADBHoney), * [adbhoney](https://github.com/huuck/ADBHoney),
* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot), * [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot),
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot),
* [conpot](http://conpot.org/), * [conpot](http://conpot.org/),
* [cowrie](http://www.micheloosterhof.com/cowrie/), * [cowrie](http://www.micheloosterhof.com/cowrie/),
* [dionaea](https://github.com/DinoTools/dionaea), * [dionaea](https://github.com/DinoTools/dionaea),
@ -221,7 +223,7 @@ Depending on your installation type, whether you install on [real hardware](#har
- A working, non-proxied, internet connection - A working, non-proxied, internet connection
##### NextGen Installation (Glutton replacing Honeytrap, HoneyPy replacing Elasticpot) ##### NextGen Installation (Glutton replacing Honeytrap, HoneyPy replacing Elasticpot)
- Honeypots: adbhoney, ciscoasa, conpot, cowrie, dionaea, glutton, heralding, honeypy, mailoney, rdpy, snare & tanner - Honeypots: adbhoney, ciscoasa, citrixhoneypot, conpot, cowrie, dionaea, glutton, heralding, honeypy, mailoney, rdpy, snare & tanner
- Tools: cockpit, cyberchef, ELK, elasticsearch head, ewsposter, fatt, NGINX, spiderfoot, p0f and suricata - Tools: cockpit, cyberchef, ELK, elasticsearch head, ewsposter, fatt, NGINX, spiderfoot, p0f and suricata
- 6-8 GB RAM (less RAM is possible but might introduce swapping) - 6-8 GB RAM (less RAM is possible but might introduce swapping)
@ -529,7 +531,7 @@ The software that T-Pot is built on uses the following licenses.
<br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://github.com/schmalle/ElasticpotPY), [ewsposter](https://github.com/dtag-dev-sec/ews/), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE) <br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://github.com/schmalle/ElasticpotPY), [ewsposter](https://github.com/dtag-dev-sec/ews/), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
<br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE) <br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE)
<br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE) <br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE)
<br> Other: [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/) <br> Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/)
<a name="credits"></a> <a name="credits"></a>
# Credits # Credits
@ -540,6 +542,7 @@ Without open source and the fruitful development community (we are proud to be a
* [adbhoney](https://github.com/huuck/ADBHoney/graphs/contributors) * [adbhoney](https://github.com/huuck/ADBHoney/graphs/contributors)
* [apt-fast](https://github.com/ilikenwf/apt-fast/graphs/contributors) * [apt-fast](https://github.com/ilikenwf/apt-fast/graphs/contributors)
* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/graphs/contributors) * [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/graphs/contributors)
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot/graphs/contributors)
* [cockpit](https://github.com/cockpit-project/cockpit/graphs/contributors) * [cockpit](https://github.com/cockpit-project/cockpit/graphs/contributors)
* [conpot](https://github.com/mushorg/conpot/graphs/contributors) * [conpot](https://github.com/mushorg/conpot/graphs/contributors)
* [cowrie](https://github.com/micheloosterhof/cowrie/graphs/contributors) * [cowrie](https://github.com/micheloosterhof/cowrie/graphs/contributors)

9
bin/clean.sh
View file

@ -90,6 +90,14 @@ fuCISCOASA () {
chown tpot:tpot /data/ciscoasa -R chown tpot:tpot /data/ciscoasa -R
} }
# Let's create a function to clean up and prepare citrixhoneypot data
fuCITRIXHONEYPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/citrixhoneypot/*; fi
mkdir -p /data/citrixhoneypot/log/
chmod 770 /data/citrixhoneypot/ -R
chown tpot:tpot /data/citrixhoneypot/ -R
}
# Let's create a function to clean up and prepare conpot data # Let's create a function to clean up and prepare conpot data
fuCONPOT () { fuCONPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi
@ -260,6 +268,7 @@ if [ "$myPERSISTENCE" = "on" ];
echo "Cleaning up and preparing data folders." echo "Cleaning up and preparing data folders."
fuADBHONEY fuADBHONEY
fuCISCOASA fuCISCOASA
fuCITRIXHONEYPOT
fuCONPOT fuCONPOT
fuCOWRIE fuCOWRIE
fuDIONAEA fuDIONAEA

8
docker/citrixhoneypot/Dockerfile
View file

@ -1,8 +1,5 @@
FROM alpine FROM alpine
# #
# Include dist
#ADD dist/ /root/dist/
#
# Install packages # Install packages
RUN apk -U add \ RUN apk -U add \
git \ git \
@ -11,17 +8,14 @@ RUN apk -U add \
python3 \ python3 \
python3-dev && \ python3-dev && \
# #
# Install Citrix Honeypot from GitHub # Install CitrixHoneypot from GitHub
git clone --depth=1 https://github.com/malwaretech/citrixhoneypot /opt/citrixhoneypot && \ git clone --depth=1 https://github.com/malwaretech/citrixhoneypot /opt/citrixhoneypot && \
# sed -i 's/dst_ip/dest_ip/' /opt/adbhoney/adbhoney/core.py && \
# sed -i 's/dst_port/dest_port/' /opt/adbhoney/adbhoney/core.py && \
# #
# Setup user, groups and configs # Setup user, groups and configs
mkdir -p /opt/citrixhoneypot/logs /opt/citrixhoneypot/ssl && \ mkdir -p /opt/citrixhoneypot/logs /opt/citrixhoneypot/ssl && \
openssl req \ openssl req \
-nodes \ -nodes \
-x509 \ -x509 \
-sha512 \
-newkey rsa:2048 \ -newkey rsa:2048 \
-keyout "/opt/citrixhoneypot/ssl/key.pem" \ -keyout "/opt/citrixhoneypot/ssl/key.pem" \
-out "/opt/citrixhoneypot/ssl/cert.pem" \ -out "/opt/citrixhoneypot/ssl/cert.pem" \

7
docker/citrixhoneypot/docker-compose.yml
View file

@ -15,7 +15,6 @@ services:
ports: ports:
- "443:443" - "443:443"
image: "dtagdevsec/citrixhoneypot:1903" image: "dtagdevsec/citrixhoneypot:1903"
# read_only: true read_only: true
# volumes: volumes:
# - /data/adbhoney/log:/opt/adbhoney/log - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
# - /data/adbhoney/downloads:/opt/adbhoney/dl

1
etc/compose/industrial.yml
View file

@ -24,7 +24,6 @@ services:
# Conpot default service # Conpot default service
conpot_default: conpot_default:
build: .
container_name: conpot_default container_name: conpot_default
restart: always restart: always
environment: environment:

19
etc/compose/nextgen.yml
View file

@ -4,6 +4,7 @@ version: '2.3'
networks: networks:
adbhoney_local: adbhoney_local:
citrixhoneypot_local:
conpot_local_IEC104: conpot_local_IEC104:
conpot_local_guardian_ast: conpot_local_guardian_ast:
conpot_local_ipmi: conpot_local_ipmi:
@ -54,6 +55,19 @@ services:
volumes: volumes:
- /data/ciscoasa/log:/var/log/ciscoasa - /data/ciscoasa/log:/var/log/ciscoasa
# CitrixHoneypot service
citrixhoneypot:
container_name: citrixhoneypot
restart: always
networks:
- citrixhoneypot_local
ports:
- "443:443"
image: "dtagdevsec/citrixhoneypot:1903"
read_only: true
volumes:
- /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
# Conpot IEC104 service # Conpot IEC104 service
conpot_IEC104: conpot_IEC104:
container_name: conpot_iec104 container_name: conpot_iec104
@ -174,7 +188,7 @@ services:
- "69:69/udp" - "69:69/udp"
- "81:81" - "81:81"
- "135:135" - "135:135"
- "443:443" # - "443:443"
- "445:445" - "445:445"
- "1433:1433" - "1433:1433"
- "1723:1723" - "1723:1723"
@ -198,7 +212,6 @@ services:
# Glutton service # Glutton service
glutton: glutton:
build: .
container_name: glutton container_name: glutton
restart: always restart: always
tmpfs: tmpfs:
@ -244,7 +257,6 @@ services:
# HoneyPy service # HoneyPy service
honeypy: honeypy:
build: .
container_name: honeypy container_name: honeypy
restart: always restart: always
networks: networks:
@ -410,7 +422,6 @@ services:
# Fatt service # Fatt service
fatt: fatt:
build: .
container_name: fatt container_name: fatt
restart: always restart: always
network_mode: "host" network_mode: "host"

1
etc/logrotate/logrotate.conf
View file

@ -1,6 +1,7 @@
/data/adbhoney/log/*.json /data/adbhoney/log/*.json
/data/adbhoney/log/*.log /data/adbhoney/log/*.log
/data/ciscoasa/log/ciscoasa.log /data/ciscoasa/log/ciscoasa.log
/data/citrixhoneypot/logs/server.log
/data/conpot/log/conpot*.json /data/conpot/log/conpot*.json
/data/conpot/log/conpot*.log /data/conpot/log/conpot*.log
/data/cowrie/log/cowrie.json /data/cowrie/log/cowrie.json

1
iso/installer/install.sh
View file

@ -778,6 +778,7 @@ echo "$myCRONJOBS" | tee -a /etc/crontab
fuBANNER "Files & folders" fuBANNER "Files & folders"
mkdir -p /data/adbhoney/downloads /data/adbhoney/log \ mkdir -p /data/adbhoney/downloads /data/adbhoney/log \
/data/ciscoasa/log \ /data/ciscoasa/log \
/data/citrixhoneypot/logs \
/data/conpot/log \ /data/conpot/log \
/data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \ /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \
/data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \ /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \