mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-20 06:02:24 +00:00
prepare for CitrixHoneypot
This commit is contained in:
t3chn0m4g3
parent
0ef2b083fc
commit
8a844e6dd3
9 changed files with 41 additions and 18 deletions
|
|
@ -1,5 +1,11 @@
|
|||
# Changelog
|
||||
|
||||
## 20200115
|
||||
- **Prepare integration of CitrixHoneypot**
|
||||
- Prepare integration of [CitrixHoneypot](https://github.com/MalwareTech/CitrixHoneypot) by MalwareTech
|
||||
- Integration into ELK is still open
|
||||
- Please run `/opt/tpot/update.sh` for the necessary modifications
|
||||
|
||||
## 20191224
|
||||
- **Use pigz, optimize logrotate.conf**
|
||||
- Use `pigz` for faster archiving, especially with regard to high volumes of logs - Thanks to @workandresearchgithub!
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ and includes dockerized versions of the following honeypots
|
|||
|
||||
* [adbhoney](https://github.com/huuck/ADBHoney),
|
||||
* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot),
|
||||
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot),
|
||||
* [conpot](http://conpot.org/),
|
||||
* [cowrie](https://github.com/cowrie/cowrie),
|
||||
* [dionaea](https://github.com/DinoTools/dionaea),
|
||||
|
|
@ -139,6 +140,7 @@ This allows us to run multiple honeypot daemons on the same network interface wh
|
|||
In T-Pot we combine the dockerized honeypots ...
|
||||
* [adbhoney](https://github.com/huuck/ADBHoney),
|
||||
* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot),
|
||||
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot),
|
||||
* [conpot](http://conpot.org/),
|
||||
* [cowrie](http://www.micheloosterhof.com/cowrie/),
|
||||
* [dionaea](https://github.com/DinoTools/dionaea),
|
||||
|
|
@ -221,7 +223,7 @@ Depending on your installation type, whether you install on [real hardware](#har
|
|||
- A working, non-proxied, internet connection
|
||||
|
||||
##### NextGen Installation (Glutton replacing Honeytrap, HoneyPy replacing Elasticpot)
|
||||
- Honeypots: adbhoney, ciscoasa, conpot, cowrie, dionaea, glutton, heralding, honeypy, mailoney, rdpy, snare & tanner
|
||||
- Honeypots: adbhoney, ciscoasa, citrixhoneypot, conpot, cowrie, dionaea, glutton, heralding, honeypy, mailoney, rdpy, snare & tanner
|
||||
- Tools: cockpit, cyberchef, ELK, elasticsearch head, ewsposter, fatt, NGINX, spiderfoot, p0f and suricata
|
||||
|
||||
- 6-8 GB RAM (less RAM is possible but might introduce swapping)
|
||||
|
|
@ -529,7 +531,7 @@ The software that T-Pot is built on uses the following licenses.
|
|||
<br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://github.com/schmalle/ElasticpotPY), [ewsposter](https://github.com/dtag-dev-sec/ews/), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
|
||||
<br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE)
|
||||
<br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE)
|
||||
<br> Other: [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/)
|
||||
<br> Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/)
|
||||
|
||||
<a name="credits"></a>
|
||||
# Credits
|
||||
|
|
@ -540,6 +542,7 @@ Without open source and the fruitful development community (we are proud to be a
|
|||
* [adbhoney](https://github.com/huuck/ADBHoney/graphs/contributors)
|
||||
* [apt-fast](https://github.com/ilikenwf/apt-fast/graphs/contributors)
|
||||
* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/graphs/contributors)
|
||||
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot/graphs/contributors)
|
||||
* [cockpit](https://github.com/cockpit-project/cockpit/graphs/contributors)
|
||||
* [conpot](https://github.com/mushorg/conpot/graphs/contributors)
|
||||
* [cowrie](https://github.com/micheloosterhof/cowrie/graphs/contributors)
|
||||
|
|
|
|||
|
|
@ -90,6 +90,14 @@ fuCISCOASA () {
|
|||
chown tpot:tpot /data/ciscoasa -R
|
||||
}
|
||||
|
||||
# Let's create a function to clean up and prepare citrixhoneypot data
|
||||
fuCITRIXHONEYPOT () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/citrixhoneypot/*; fi
|
||||
mkdir -p /data/citrixhoneypot/log/
|
||||
chmod 770 /data/citrixhoneypot/ -R
|
||||
chown tpot:tpot /data/citrixhoneypot/ -R
|
||||
}
|
||||
|
||||
# Let's create a function to clean up and prepare conpot data
|
||||
fuCONPOT () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi
|
||||
|
|
@ -260,6 +268,7 @@ if [ "$myPERSISTENCE" = "on" ];
|
|||
echo "Cleaning up and preparing data folders."
|
||||
fuADBHONEY
|
||||
fuCISCOASA
|
||||
fuCITRIXHONEYPOT
|
||||
fuCONPOT
|
||||
fuCOWRIE
|
||||
fuDIONAEA
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
FROM alpine
|
||||
#
|
||||
# Include dist
|
||||
#ADD dist/ /root/dist/
|
||||
#
|
||||
# Install packages
|
||||
RUN apk -U add \
|
||||
git \
|
||||
|
|
@ -13,15 +10,12 @@ RUN apk -U add \
|
|||
#
|
||||
# Install CitrixHoneypot from GitHub
|
||||
git clone --depth=1 https://github.com/malwaretech/citrixhoneypot /opt/citrixhoneypot && \
|
||||
# sed -i 's/dst_ip/dest_ip/' /opt/adbhoney/adbhoney/core.py && \
|
||||
# sed -i 's/dst_port/dest_port/' /opt/adbhoney/adbhoney/core.py && \
|
||||
#
|
||||
# Setup user, groups and configs
|
||||
mkdir -p /opt/citrixhoneypot/logs /opt/citrixhoneypot/ssl && \
|
||||
openssl req \
|
||||
-nodes \
|
||||
-x509 \
|
||||
-sha512 \
|
||||
-newkey rsa:2048 \
|
||||
-keyout "/opt/citrixhoneypot/ssl/key.pem" \
|
||||
-out "/opt/citrixhoneypot/ssl/cert.pem" \
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ services:
|
|||
ports:
|
||||
- "443:443"
|
||||
image: "dtagdevsec/citrixhoneypot:1903"
|
||||
# read_only: true
|
||||
# volumes:
|
||||
# - /data/adbhoney/log:/opt/adbhoney/log
|
||||
# - /data/adbhoney/downloads:/opt/adbhoney/dl
|
||||
read_only: true
|
||||
volumes:
|
||||
- /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ services:
|
|||
|
||||
# Conpot default service
|
||||
conpot_default:
|
||||
build: .
|
||||
container_name: conpot_default
|
||||
restart: always
|
||||
environment:
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ version: '2.3'
|
|||
|
||||
networks:
|
||||
adbhoney_local:
|
||||
citrixhoneypot_local:
|
||||
conpot_local_IEC104:
|
||||
conpot_local_guardian_ast:
|
||||
conpot_local_ipmi:
|
||||
|
|
@ -54,6 +55,19 @@ services:
|
|||
volumes:
|
||||
- /data/ciscoasa/log:/var/log/ciscoasa
|
||||
|
||||
# CitrixHoneypot service
|
||||
citrixhoneypot:
|
||||
container_name: citrixhoneypot
|
||||
restart: always
|
||||
networks:
|
||||
- citrixhoneypot_local
|
||||
ports:
|
||||
- "443:443"
|
||||
image: "dtagdevsec/citrixhoneypot:1903"
|
||||
read_only: true
|
||||
volumes:
|
||||
- /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
|
||||
|
||||
# Conpot IEC104 service
|
||||
conpot_IEC104:
|
||||
container_name: conpot_iec104
|
||||
|
|
@ -174,7 +188,7 @@ services:
|
|||
- "69:69/udp"
|
||||
- "81:81"
|
||||
- "135:135"
|
||||
- "443:443"
|
||||
# - "443:443"
|
||||
- "445:445"
|
||||
- "1433:1433"
|
||||
- "1723:1723"
|
||||
|
|
@ -198,7 +212,6 @@ services:
|
|||
|
||||
# Glutton service
|
||||
glutton:
|
||||
build: .
|
||||
container_name: glutton
|
||||
restart: always
|
||||
tmpfs:
|
||||
|
|
@ -244,7 +257,6 @@ services:
|
|||
|
||||
# HoneyPy service
|
||||
honeypy:
|
||||
build: .
|
||||
container_name: honeypy
|
||||
restart: always
|
||||
networks:
|
||||
|
|
@ -410,7 +422,6 @@ services:
|
|||
|
||||
# Fatt service
|
||||
fatt:
|
||||
build: .
|
||||
container_name: fatt
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
/data/adbhoney/log/*.json
|
||||
/data/adbhoney/log/*.log
|
||||
/data/ciscoasa/log/ciscoasa.log
|
||||
/data/citrixhoneypot/logs/server.log
|
||||
/data/conpot/log/conpot*.json
|
||||
/data/conpot/log/conpot*.log
|
||||
/data/cowrie/log/cowrie.json
|
||||
|
|
|
|||
|
|
@ -778,6 +778,7 @@ echo "$myCRONJOBS" | tee -a /etc/crontab
|
|||
fuBANNER "Files & folders"
|
||||
mkdir -p /data/adbhoney/downloads /data/adbhoney/log \
|
||||
/data/ciscoasa/log \
|
||||
/data/citrixhoneypot/logs \
|
||||
/data/conpot/log \
|
||||
/data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \
|
||||
/data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \
|
||||
|
|
|
|||
Loading…
Reference in a new issue