From 8d16d7587d84222af65c5ef995a7434b85dd926a Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Tue, 22 Feb 2022 17:57:55 +0000
Subject: [PATCH] add sentrypeer, wordpot tweaking, fix udp src_ip issues

---
 docker/sentrypeer/Dockerfile         | 66 ++++++++++++++++++++++++++++
 docker/sentrypeer/docker-compose.yml | 22 ++++++++++
 docker/wordpot/Dockerfile            |  5 ++-
 docker/wordpot/docker-compose.yml    |  2 +-
 host/etc/systemd/tpot.service        |  3 ++
 iso/installer/install.sh             |  2 +-
 update.sh                            |  2 +-
 7 files changed, 98 insertions(+), 4 deletions(-)
 create mode 100644 docker/sentrypeer/Dockerfile
 create mode 100644 docker/sentrypeer/docker-compose.yml

diff --git a/docker/sentrypeer/Dockerfile b/docker/sentrypeer/Dockerfile
new file mode 100644
index 00000000..86e3663e
--- /dev/null
+++ b/docker/sentrypeer/Dockerfile
@@ -0,0 +1,66 @@
+FROM alpine:3.15 as builder
+#
+RUN apk -U add --no-cache \
+            autoconf \
+	    automake \
+	    autoconf-archive \
+	    build-base \
+	    curl-dev \
+	    cmocka-dev \
+	    git \
+	    jansson-dev \
+	    libmicrohttpd-dev \
+            pcre2-dev \
+	    sqlite-dev \
+	    util-linux-dev
+#
+RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+            libosip2-dev
+#
+# Download SentryPeer sources and build
+RUN git clone https://github.com/SentryPeer/SentryPeer.git -b v1.0.0
+#
+WORKDIR /SentryPeer
+#
+RUN ./bootstrap.sh
+RUN ./configure
+RUN make
+RUN make check
+RUN make install
+RUN tar cvfz sp.tgz /SentryPeer/* && \
+    mv sp.tgz /
+#
+FROM alpine:3.15
+#
+#COPY --from=builder /sp.tgz /root
+COPY --from=builder /SentryPeer/sentrypeer /opt/sentrypeer/
+#
+# Install packages
+RUN apk -U add --no-cache \
+            jansson \
+            libmicrohttpd \
+	    libuuid \
+            pcre2 \
+	    sqlite-libs && \
+    apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+            libosip2 && \
+#
+# Extract from builder
+#    mkdir /opt/sentrypeer && \
+#    tar xvfz /root/sp.tgz --strip-components=1 -C /opt/sentrypeer/ && \
+#
+# Setup user, groups and configs
+    mkdir -p /var/log/sentrypeer && \
+    addgroup -g 2000 sentrypeer && \
+    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 sentrypeer && \
+    chown -R sentrypeer:sentrypeer /opt/sentrypeer && \
+#
+# Clean up
+    rm -rf /root/* && \
+    rm -rf /var/cache/apk/*
+#
+# Set workdir and start sentrypeer
+STOPSIGNAL SIGKILL
+USER sentrypeer:sentrypeer
+WORKDIR /opt/sentrypeer/
+CMD ./sentrypeer -draws
diff --git a/docker/sentrypeer/docker-compose.yml b/docker/sentrypeer/docker-compose.yml
new file mode 100644
index 00000000..eba779f5
--- /dev/null
+++ b/docker/sentrypeer/docker-compose.yml
@@ -0,0 +1,22 @@
+version: '2.3'
+
+networks:
+  sentrypeer_local:
+
+services:
+
+# SentryPeer service
+  sentrypeer:
+    build: .
+    container_name: sentrypeer
+    restart: always
+    networks:
+     - sentrypeer_local
+    ports:
+     - "5060:5060/udp"
+     - "5060:5060/tcp"
+    # - "127.0.0.1:8082:8082"
+    image: "dtagdevsec/sentrypeer:2203"
+    #read_only: true
+    #volumes:
+    # - /data/sentrypeer/log:/opt/sentrypeer/log
diff --git a/docker/wordpot/Dockerfile b/docker/wordpot/Dockerfile
index ece22657..a1f8e0ba 100644
--- a/docker/wordpot/Dockerfile
+++ b/docker/wordpot/Dockerfile
@@ -1,5 +1,7 @@
 FROM alpine:3.15
 #
+# Include dist
+ADD dist/ /root/dist/
 # Install packages
 RUN apk -U add \
              build-base \
@@ -16,6 +18,7 @@ RUN apk -U add \
     cd wordpot2 && \
     git checkout e93a2e00d84d280b0acd58ba6889b4bee8a6e4d2 && \
     sed "s/MarkupSafe==1.0/MarkupSafe==1.1.1/g" -i requirements.txt && \
+    cp /root/dist/views.py /opt/wordpot2/wordpot/views.py && \
     pip3 install -r requirements.txt && \
     setcap cap_net_bind_service=+ep /usr/bin/python3.9 && \
 #
@@ -35,4 +38,4 @@ RUN apk -U add \
 STOPSIGNAL SIGINT
 USER wordpot:wordpot
 WORKDIR /opt/wordpot2
-CMD ["/usr/bin/python3","wordpot2.py", "--host", "0.0.0.0", "--port", "80", "--title", "Crypto Plaza"]
+CMD ["/usr/bin/python3","wordpot2.py", "--host", "0.0.0.0", "--port", "80", "--title", "Wordpress"]
diff --git a/docker/wordpot/docker-compose.yml b/docker/wordpot/docker-compose.yml
index 8f452f36..eb9b50a1 100644
--- a/docker/wordpot/docker-compose.yml
+++ b/docker/wordpot/docker-compose.yml
@@ -17,4 +17,4 @@ services:
     image: "dtagdevsec/wordpot:2203"
     #    read_only: true
     #    volumes:
-    #     - /data/ddospot/db:/opt/ddospot/ddospot/db
+            # - /data/wordpot/log:/opt/ddospot/ddospot/db
diff --git a/host/etc/systemd/tpot.service b/host/etc/systemd/tpot.service
index a0c8350b..aeb08446 100644
--- a/host/etc/systemd/tpot.service
+++ b/host/etc/systemd/tpot.service
@@ -34,6 +34,9 @@ ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set
 # Compose T-Pot up
 ExecStart=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color
 
+# We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
+ExecStartPost=/bin/bash -c '/usr/bin/sleep 30 && /usr/sbin/conntrack -D -p udp'
+
 # Compose T-Pot down, remove containers and volumes
 ExecStop=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v
 
diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index 57a478d7..c4b66e78 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -22,7 +22,7 @@ myLSB_STABLE_SUPPORTED="buster bullseye"
 myLSB_TESTING_SUPPORTED="stable"
 myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org https://listbot.sicherheitstacho.eu"
 myPREINSTALLPACKAGES="aria2 apache2-utils cracklib-runtime curl dialog figlet fuse grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet"
-myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
+myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit conntrack console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
 myINFO="\
 ###########################################
 ### T-Pot Installer for Debian (Stable) ###
diff --git a/update.sh b/update.sh
index 00c0347e..f26240d2 100755
--- a/update.sh
+++ b/update.sh
@@ -184,7 +184,7 @@ function fuUPDATER () {
 export DEBIAN_FRONTEND=noninteractive
 echo "### Installing apt-fast"
 /bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)"
-local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
+local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit conntrack console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
 # Remove purge in the future
 echo "### Removing repository based install of elasticsearch-curator"
 apt-get purge elasticsearch-curator -y