add sentrypeer, wordpot tweaking, fix udp src_ip issues

docker/sentrypeer/Dockerfile

@@ -0,0 +1,66 @@
+FROM alpine:3.15 as builder
+#
+RUN apk -U add --no-cache \
+            autoconf \
+	    automake \
+	    autoconf-archive \
+	    build-base \
+	    curl-dev \
+	    cmocka-dev \
+	    git \
+	    jansson-dev \
+	    libmicrohttpd-dev \
+            pcre2-dev \
+	    sqlite-dev \
+	    util-linux-dev
+#
+RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+            libosip2-dev
+#
+# Download SentryPeer sources and build
+RUN git clone https://github.com/SentryPeer/SentryPeer.git -b v1.0.0
+#
+WORKDIR /SentryPeer
+#
+RUN ./bootstrap.sh
+RUN ./configure
+RUN make
+RUN make check
+RUN make install
+RUN tar cvfz sp.tgz /SentryPeer/* && \
+    mv sp.tgz /
+#
+FROM alpine:3.15
+#
+#COPY --from=builder /sp.tgz /root
+COPY --from=builder /SentryPeer/sentrypeer /opt/sentrypeer/
+#
+# Install packages
+RUN apk -U add --no-cache \
+            jansson \
+            libmicrohttpd \
+	    libuuid \
+            pcre2 \
+	    sqlite-libs && \
+    apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+            libosip2 && \
+#
+# Extract from builder
+#    mkdir /opt/sentrypeer && \
+#    tar xvfz /root/sp.tgz --strip-components=1 -C /opt/sentrypeer/ && \
+#
+# Setup user, groups and configs
+    mkdir -p /var/log/sentrypeer && \
+    addgroup -g 2000 sentrypeer && \
+    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 sentrypeer && \
+    chown -R sentrypeer:sentrypeer /opt/sentrypeer && \
+#
+# Clean up
+    rm -rf /root/* && \
+    rm -rf /var/cache/apk/*
+#
+# Set workdir and start sentrypeer
+STOPSIGNAL SIGKILL
+USER sentrypeer:sentrypeer
+WORKDIR /opt/sentrypeer/
+CMD ./sentrypeer -draws

docker/sentrypeer/docker-compose.yml

@@ -0,0 +1,22 @@
+version: '2.3'
+
+networks:
+  sentrypeer_local:
+
+services:
+
+# SentryPeer service
+  sentrypeer:
+    build: .
+    container_name: sentrypeer
+    restart: always
+    networks:
+     - sentrypeer_local
+    ports:
+     - "5060:5060/udp"
+     - "5060:5060/tcp"
+    # - "127.0.0.1:8082:8082"
+    image: "dtagdevsec/sentrypeer:2203"
+    #read_only: true
+    #volumes:
+    # - /data/sentrypeer/log:/opt/sentrypeer/log

docker/wordpot/Dockerfile

@@ -1,5 +1,7 @@
 FROM alpine:3.15
 #
+# Include dist
+ADD dist/ /root/dist/
 # Install packages
 RUN apk -U add \
              build-base \
@@ -16,6 +18,7 @@ RUN apk -U add \
     cd wordpot2 && \
     git checkout e93a2e00d84d280b0acd58ba6889b4bee8a6e4d2 && \
     sed "s/MarkupSafe==1.0/MarkupSafe==1.1.1/g" -i requirements.txt && \
+    cp /root/dist/views.py /opt/wordpot2/wordpot/views.py && \
     pip3 install -r requirements.txt && \
     setcap cap_net_bind_service=+ep /usr/bin/python3.9 && \
 #
@@ -35,4 +38,4 @@ RUN apk -U add \
 STOPSIGNAL SIGINT
 USER wordpot:wordpot
 WORKDIR /opt/wordpot2
-CMD ["/usr/bin/python3","wordpot2.py", "--host", "0.0.0.0", "--port", "80", "--title", "Crypto Plaza"]
+CMD ["/usr/bin/python3","wordpot2.py", "--host", "0.0.0.0", "--port", "80", "--title", "Wordpress"]

docker/wordpot/docker-compose.yml

@@ -17,4 +17,4 @@ services:
     image: "dtagdevsec/wordpot:2203"
     #    read_only: true
     #    volumes:
-    #     - /data/ddospot/db:/opt/ddospot/ddospot/db
+            # - /data/wordpot/log:/opt/ddospot/ddospot/db

host/etc/systemd/tpot.service

@@ -34,6 +34,9 @@ ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set
 # Compose T-Pot up
 ExecStart=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color
 
+# We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
+ExecStartPost=/bin/bash -c '/usr/bin/sleep 30 && /usr/sbin/conntrack -D -p udp'
+
 # Compose T-Pot down, remove containers and volumes
 ExecStop=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v
 

iso/installer/install.sh

@@ -22,7 +22,7 @@ myLSB_STABLE_SUPPORTED="buster bullseye"
 myLSB_TESTING_SUPPORTED="stable"
 myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org https://listbot.sicherheitstacho.eu"
 myPREINSTALLPACKAGES="aria2 apache2-utils cracklib-runtime curl dialog figlet fuse grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet"
-myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
+myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit conntrack console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
 myINFO="\
 ###########################################
 ### T-Pot Installer for Debian (Stable) ###

update.sh

@@ -184,7 +184,7 @@ function fuUPDATER () {
 export DEBIAN_FRONTEND=noninteractive
 echo "### Installing apt-fast"
 /bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)"
-local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
+local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit conntrack console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
 # Remove purge in the future
 echo "### Removing repository based install of elasticsearch-curator"
 apt-get purge elasticsearch-curator -y