tweaking

update dps.sh adjust docker-compose related tpot configs for dionaea (stdin_open: true) adjust tpot.service (suritcata / p0f prep) to be aware of a situation without local network route ( Fixes#99 )
2025-07-01 12:32:12 +00:00 · 2017-05-11 17:01:21 +00:00 · 2017-05-11 17:01:21 +00:00 · 931ac2dd85
commit 931ac2dd85
parent ce0e42e555
6 changed files with 20 additions and 17 deletions
--- a/installer/bin/dps.sh
+++ b/installer/bin/dps.sh
@ -21,7 +21,7 @@ while true
    printf "%-15s STATUS"
    printf "%-13s PORTS\n"
    for i in $myIMAGES; do
-      mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_0-9a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1)
+      mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}\t" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_0-9a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1)
      myDOWN=$(echo "$mySTATUS" | grep -c "NAMES")
      if [ "$myDOWN" = "1" ];
        then
@ -31,7 +31,7 @@ while true
      fi
      if [ "$1" = "vv" ]; 
        then
-          /usr/bin/docker exec -t $i /bin/ps -awfuwfxwf | egrep -v -E "awfuwfxwf|/bin/ps" 
+          /usr/bin/docker exec -t $i /bin/ps awfuwfxwf | egrep -v -E "awfuwfxwf|/bin/ps" 
      fi      
    done
    if [[ $1 =~ ^([1-9]|[1-9][0-9]|[1-9][0-9][0-9])$ ]];
--- a/installer/etc/tpot/compose/all.yml
+++ b/installer/etc/tpot/compose/all.yml
@ -45,13 +45,14 @@ services:
 # Dionaea service
  dionaea:
    container_name: dionaea
+    stdin_open: true
    restart: always
    networks:
      - dionaea_local
    cap_add:
     - NET_BIND_SERVICE
    ports:
-     - "21:21" 
+     - "21:21"
     - "42:42"
     - "69:69/udp"
     - "8081:80"
@ -62,11 +63,11 @@ services:
     - "1723:1723"
     - "1883:1883"
     - "1900:1900"
-     - "3306:3306" 
+     - "3306:3306"
     - "5060:5060"
     - "5061:5061"
     - "5060:5060/udp"
-     - "11211:11211" 
+     - "11211:11211"
    image: "dtagdevsec/dionaea:1706"
    volumes:
     - /data/dionaea:/data/dionaea
@ -100,7 +101,7 @@ services:
      nofile:
        soft: 65536
        hard: 65536
-#    mem_limit: 2g
+#    mem_limit: 3g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:1706"
--- a/installer/etc/tpot/compose/hp.yml
+++ b/installer/etc/tpot/compose/hp.yml
@ -27,13 +27,14 @@ services:
 # Dionaea service
  dionaea:
    container_name: dionaea
+    stdin_open: true
    restart: always
    networks:
      - dionaea_local
    cap_add:
     - NET_BIND_SERVICE
    ports:
-     - "21:21" 
+     - "21:21"
     - "42:42"
     - "69:69/udp"
     - "8081:80"
@ -44,11 +45,11 @@ services:
     - "1723:1723"
     - "1883:1883"
     - "1900:1900"
-     - "3306:3306" 
+     - "3306:3306"
     - "5060:5060"
     - "5061:5061"
     - "5060:5060/udp"
-     - "11211:11211" 
+     - "11211:11211"
    image: "dtagdevsec/dionaea:1706"
    volumes:
     - /data/dionaea:/data/dionaea
--- a/installer/etc/tpot/compose/industrial.yml
+++ b/installer/etc/tpot/compose/industrial.yml
@ -32,7 +32,7 @@ services:
    restart: always
    environment:
      - bootstrap.memory_lock=true
-#      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
+#      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    cap_add:
     - IPC_LOCK
    ulimits:
--- a/installer/etc/tpot/compose/tpot.yml
+++ b/installer/etc/tpot/compose/tpot.yml
@ -29,6 +29,7 @@ services:
 # Dionaea service
  dionaea:
    container_name: dionaea
+    stdin_open: true
    restart: always
    networks:
      - dionaea_local
@ -74,7 +75,7 @@ services:
    restart: always
    environment:
      - bootstrap.memory_lock=true
-#      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
+#      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    cap_add:
     - IPC_LOCK
    ulimits:
--- a/installer/etc/tpot/systemd/tpot.service
+++ b/installer/etc/tpot/systemd/tpot.service
@ -17,9 +17,9 @@ ExecStartPre=-/bin/bash -c 'docker rmi $(docker images | grep "<none>" | awk \'{
 ExecStartPre=-/bin/bash -c 'docker rm -v $(docker ps -aq)'

 # Get IF, disable offloading, enable promiscious mode for p0f and suricata
-ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off'
-ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off'
-ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on'
+ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) rx off tx off'
+ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off'
+ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on'

 # Modify access rights on docker.sock for netdata
 ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
@ -27,10 +27,10 @@ ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
 # Prepare iptables rules for honeytrap
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
-ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE

-# Compose T-Pot up and run as daemon
+# Compose T-Pot up
 ExecStart=/usr/bin/docker-compose -f /etc/tpot/tpot.yml up

 # Compose T-Pot down and remove containers
@ -38,7 +38,7 @@ ExecStop=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v

 # Remove iptables rules for honeytrap
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
-ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE