start integrating honeysap

bin/clean.sh

@@ -180,6 +180,14 @@ fuHONEYPY () {
   chown tpot:tpot /data/honeypy -R
 }
 
+# Let's create a function to clean up and prepare honeysap data
+fuHONEYSAP () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeysap/*; fi
+  mkdir -p /data/honeysap/log
+  chmod 770 /data/honeysap -R
+  chown tpot:tpot /data/honeysap -R
+}
+
 # Let's create a function to clean up and prepare honeytrap data
 fuHONEYTRAP () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeytrap/*; fi
@@ -286,6 +294,7 @@ if [ "$myPERSISTENCE" = "on" ];
     fuFATT
     fuGLUTTON
     fuHERALDING
+    fuHONEYSAP
     fuHONEYPY
     fuHONEYTRAP
     fuMAILONEY

bin/hptest.sh

@@ -87,6 +87,7 @@ curl -XPOST -H "Content-Type: application/json" -d '{"name":"test","email":"test
 echo "
I20100" | timeout --foreground 3 nc "$myHOST" 10001 &
 findscu -P -k PatientName="*" $myHOST 11112 &
 getscu -P -k PatientName="*" $myHOST 11112 &
+telnet $myHOST 3299 &
 fuSCAN "180" "7,8,102,135,161,1025,1080,5000,9200" "$myHOST" "-sC -sS -sU -sV"
 fuSCAN "180" "2048,4096,5432" "$myHOST" "-sC -sS -sU -sV --version-light"
 fuSCAN "120" "20,21" "$myHOST" "--script=ftp* -sC -sS -sV"

docker/honeysap/Dockerfile

@@ -8,15 +8,15 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
     apk -U --no-cache add \
             build-base \
             git \
-            libcap \
+	    libstdc++ \
 	    py2-markupsafe \
             python2 \
             python2-dev \
-            py2-pip \
-            tcpdump && \
+            py2-pip && \
 #
 # Clone honeysap from git
-    git clone --depth=1 https://github.com/SecureAuthCorp/HoneySAP /opt/honeysap && \
+#    git clone --depth=1 https://github.com/SecureAuthCorp/HoneySAP /opt/honeysap && \
+    git clone --depth=1 https://github.com/t3chn0m4g3/HoneySAP /opt/honeysap && \
     cd /opt/honeysap && \
     mkdir conf && \
     cp /root/dist/* conf/ && \
@@ -27,14 +27,17 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
     addgroup -g 2000 honeysap && \
     adduser -S -s /bin/ash -u 2000 -D -g 2000 honeysap && \
     chown -R honeysap:honeysap /opt/honeysap && \
-#    setcap cap_net_bind_service=+ep /opt/honeypy/env/bin/python && \
 #
 # Clean up
-    apk del --purge git && \
+    apk del --purge \
+                    build-base \
+                    git \
+                    python2-dev && \
     rm -rf /root/* \
            /var/cache/apk/*
 #
 # Set workdir and start honeysap
+STOPSIGNAL SIGKILL
 USER honeysap:honeysap
 WORKDIR /opt/honeysap
 CMD ["/opt/honeysap/bin/honeysap", "--config-file", "/opt/honeysap/conf/honeysap.yml"]

docker/honeysap/docker-compose.yml

@@ -14,7 +14,6 @@ services:
      - honeysap_local
     ports:
      - "3299:3299"
-     - "8001:8001"
     image: "dtagdevsec/honeysap:2006"
     volumes:
      - /data/honeysap/log:/opt/honeysap/log

etc/compose/nextgen.yml

@@ -15,6 +15,7 @@ networks:
   elasticpot_local:
   heralding_local:
   honeypy_local:
+  honeysap_local:
   mailoney_local:
   medpot_local:
   rdpy_local:
@@ -302,6 +303,18 @@ services:
     volumes:
      - /data/honeypy/log:/opt/honeypy/log
 
+# HoneySAP service
+  honeysap:
+    container_name: honeysap
+    restart: always
+    networks:
+     - honeysap_local
+    ports:
+     - "3299:3299"
+    image: "dtagdevsec/honeysap:2006"
+    volumes:
+     - /data/honeysap/log:/opt/honeysap/log
+
 # Mailoney service
   mailoney:
     container_name: mailoney

etc/logrotate/logrotate.conf

@@ -20,6 +20,7 @@
 /data/heralding/log/*.csv
 /data/heralding/log/*.json
 /data/honeypy/log/*.log
+/data/honeysap/log/*.log
 /data/honeytrap/log/*.log
 /data/honeytrap/log/*.json
 /data/mailoney/log/*.log

iso/installer/install.sh

@@ -789,6 +789,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/glutton/log \
          /data/heralding/log \
          /data/honeypy/log \
+         /data/honeysap/log \
          /data/mailoney/log \
          /data/medpot/log \
          /data/nginx/{log,heimdall} \

update.sh

@@ -237,6 +237,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/glutton/log \
          /data/heralding/log \
          /data/honeypy/log \
+         /data/honeysap/log \
          /data/mailoney/log \
          /data/medpot/log \
          /data/nginx/{log,heimdall} \