diff --git a/docker/honeypots/Dockerfile b/docker/honeypots/Dockerfile index 52daa871..d2dc3f0a 100644 --- a/docker/honeypots/Dockerfile +++ b/docker/honeypots/Dockerfile @@ -54,7 +54,8 @@ RUN apk -U --no-cache add \ cd /opt/ && \ git clone https://github.com/qeeqbox/honeypots && \ cd honeypots && \ - git checkout bee3147cf81837ba7639f1e27fe34d717ecccf29 && \ +# git checkout bee3147cf81837ba7639f1e27fe34d717ecccf29 && \ + git checkout 473541e1ac45d9a4df98098a5f8fee32a2fddc03 && \ cp /root/dist/setup.py . && \ pip3 install --upgrade pip && \ pip3 install . && \ diff --git a/docker/honeypots/dist/config.json b/docker/honeypots/dist/config.json index 4bc9b287..25991921 100644 --- a/docker/honeypots/dist/config.json +++ b/docker/honeypots/dist/config.json @@ -4,9 +4,7 @@ "syslog_address":"", "syslog_facility":0, "postgres":"", - "db_options":[ - - ], + "db_options":[], "filter":"", "interface":"", "honeypots":{ @@ -26,7 +24,8 @@ "password":"anonymous", "log_file_name":"ftp.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "httpproxy":{ "port":8080, @@ -35,7 +34,8 @@ "password":"admin", "log_file_name":"httpproxy.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "http":{ "port":80, @@ -45,7 +45,7 @@ "log_file_name":"http.log", "max_bytes":0, "backup_count":10, - "options":"fix_get_client_ip" + "options":["capture_commands","fix_get_client_ip"] }, "https":{ "port":443, @@ -54,7 +54,8 @@ "password":"admin", "log_file_name":"https.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands","fix_get_client_ip"] }, "imap":{ "port":143, @@ -63,7 +64,8 @@ "password":"123456", "log_file_name":"imap.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "mysql":{ "port":3306, @@ -72,7 +74,8 @@ "password":"123456", "log_file_name":"mysql.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "pop3":{ "port":110, @@ -81,7 +84,8 @@ "password":"123456", "log_file_name":"pop3.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "postgres":{ "port":5432, @@ -90,7 +94,8 @@ "password":"123456", "log_file_name":"postgres.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "redis":{ "port":6379, @@ -99,7 +104,8 @@ "password":"", "log_file_name":"redis.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "smb":{ "port":445, @@ -108,7 +114,8 @@ "password":"123456", "log_file_name":"smb.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "smtp":{ "port":25, @@ -116,8 +123,9 @@ "username":"root", "password":"123456", "log_file_name":"smtp.log", - "max_bytes":0, - "backup_count":10 + "max_bytes":10000, + "backup_count":10, + "options":["capture_commands"] }, "socks5":{ "port":1080, @@ -126,7 +134,8 @@ "password":"admin", "log_file_name":"socks5.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "ssh":{ "port":22, @@ -135,7 +144,8 @@ "password":"123456", "log_file_name":"ssh.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "telnet":{ "port":23, @@ -144,7 +154,8 @@ "password":"123456", "log_file_name":"telnet.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "vnc":{ "port":5900, @@ -153,7 +164,8 @@ "password":"123456", "log_file_name":"vnc.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "elastic":{ "port":9200, @@ -162,7 +174,8 @@ "password":"123456", "log_file_name":"elastic.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "mssql":{ "port":1433, @@ -171,7 +184,8 @@ "password":"", "log_file_name":"mssql.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "ldap":{ "port":389, @@ -180,7 +194,8 @@ "password":"123456", "log_file_name":"ldap.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "ntp":{ "port":123, @@ -189,7 +204,8 @@ "password":"123456", "log_file_name":"ntp.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "memcache":{ "port":11211, @@ -198,7 +214,8 @@ "password":"123456", "log_file_name":"memcache.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "oracle":{ "port":1521, @@ -207,7 +224,8 @@ "password":"123456", "log_file_name":"oracle.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] }, "snmp":{ "port":161, @@ -216,7 +234,28 @@ "password":"123456", "log_file_name":"snmp.log", "max_bytes":0, - "backup_count":10 + "backup_count":10, + "options":["capture_commands"] + }, + "sip":{ + "port":5060, + "ip":"0.0.0.0", + "username":"", + "password":"", + "log_file_name":"sip.log", + "max_bytes":0, + "backup_count":10, + "options":["capture_commands"] + }, + "irc":{ + "port":6667, + "ip":"0.0.0.0", + "username":"", + "password":"", + "log_file_name":"irc.log", + "max_bytes":10000, + "backup_count":10, + "options":["capture_commands"] } }, "custom_filter":{ diff --git a/docker/honeypots/docker-compose.yml b/docker/honeypots/docker-compose.yml index bf8d61a3..cd2b0604 100644 --- a/docker/honeypots/docker-compose.yml +++ b/docker/honeypots/docker-compose.yml @@ -26,18 +26,24 @@ services: - "53:53/udp" - "80:80" - "110:110" + - "123:123" - "143:143" + - "161:161" - "389:389" - "443:443" - "445:445" - "1080:1080" - "1433:1433" + - "1521:1521" - "3306:3306" + - "5060:5060" - "5432:5432" - "5900:5900" - "6379:6379" + - "6667:6667" - "8080:8080" - "9200:9200" + - "11211:11211" image: "dtagdevsec/honeypots:2204" read_only: true volumes: diff --git a/etc/compose/mini.yml b/etc/compose/mini.yml index 88c2406b..052891d9 100644 --- a/etc/compose/mini.yml +++ b/etc/compose/mini.yml @@ -31,9 +31,9 @@ services: - "53:53/udp" - "80:80" - "110:110" - - "123:123/udp" + - "123:123" - "143:143" - - "161:161/udp" + - "161:161" - "389:389" - "443:443" - "445:445" @@ -41,9 +41,11 @@ services: - "1433:1433" - "1521:1521" - "3306:3306" + - "5060:5060" - "5432:5432" - "5900:5900" - "6379:6379" + - "6667:6667" - "8080:8080" - "9200:9200" - "11211:11211"