From a7c653e7fe2ead170c7fc4f1f10527bfc2a12429 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Fri, 19 Jun 2020 11:54:50 +0000
Subject: [PATCH] start integrating honeysap

---
 bin/clean.sh                       |  9 +++++++++
 bin/hptest.sh                      |  1 +
 docker/honeysap/Dockerfile         | 15 +++++++++------
 docker/honeysap/docker-compose.yml |  1 -
 etc/compose/nextgen.yml            | 13 +++++++++++++
 etc/logrotate/logrotate.conf       |  1 +
 iso/installer/install.sh           |  1 +
 update.sh                          |  1 +
 8 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/bin/clean.sh b/bin/clean.sh
index bb161bf0..1690f639 100755
--- a/bin/clean.sh
+++ b/bin/clean.sh
@@ -180,6 +180,14 @@ fuHONEYPY () {
   chown tpot:tpot /data/honeypy -R
 }
 
+# Let's create a function to clean up and prepare honeysap data
+fuHONEYSAP () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeysap/*; fi
+  mkdir -p /data/honeysap/log
+  chmod 770 /data/honeysap -R
+  chown tpot:tpot /data/honeysap -R
+}
+
 # Let's create a function to clean up and prepare honeytrap data
 fuHONEYTRAP () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeytrap/*; fi
@@ -286,6 +294,7 @@ if [ "$myPERSISTENCE" = "on" ];
     fuFATT
     fuGLUTTON
     fuHERALDING
+    fuHONEYSAP
     fuHONEYPY
     fuHONEYTRAP
     fuMAILONEY
diff --git a/bin/hptest.sh b/bin/hptest.sh
index 256db1a0..94806a71 100755
--- a/bin/hptest.sh
+++ b/bin/hptest.sh
@@ -87,6 +87,7 @@ curl -XPOST -H "Content-Type: application/json" -d '{"name":"test","email":"test
 echo "
I20100" | timeout --foreground 3 nc "$myHOST" 10001 &
 findscu -P -k PatientName="*" $myHOST 11112 &
 getscu -P -k PatientName="*" $myHOST 11112 &
+telnet $myHOST 3299 &
 fuSCAN "180" "7,8,102,135,161,1025,1080,5000,9200" "$myHOST" "-sC -sS -sU -sV"
 fuSCAN "180" "2048,4096,5432" "$myHOST" "-sC -sS -sU -sV --version-light"
 fuSCAN "120" "20,21" "$myHOST" "--script=ftp* -sC -sS -sV"
diff --git a/docker/honeysap/Dockerfile b/docker/honeysap/Dockerfile
index f7014163..01c280a6 100644
--- a/docker/honeysap/Dockerfile
+++ b/docker/honeysap/Dockerfile
@@ -8,15 +8,15 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
     apk -U --no-cache add \
             build-base \
             git \
-            libcap \
+	    libstdc++ \
 	    py2-markupsafe \
             python2 \
             python2-dev \
-            py2-pip \
-            tcpdump && \
+            py2-pip && \
 #
 # Clone honeysap from git
-    git clone --depth=1 https://github.com/SecureAuthCorp/HoneySAP /opt/honeysap && \
+#    git clone --depth=1 https://github.com/SecureAuthCorp/HoneySAP /opt/honeysap && \
+    git clone --depth=1 https://github.com/t3chn0m4g3/HoneySAP /opt/honeysap && \
     cd /opt/honeysap && \
     mkdir conf && \
     cp /root/dist/* conf/ && \
@@ -27,14 +27,17 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
     addgroup -g 2000 honeysap && \
     adduser -S -s /bin/ash -u 2000 -D -g 2000 honeysap && \
     chown -R honeysap:honeysap /opt/honeysap && \
-#    setcap cap_net_bind_service=+ep /opt/honeypy/env/bin/python && \
 #
 # Clean up
-    apk del --purge git && \
+    apk del --purge \
+                    build-base \
+                    git \
+                    python2-dev && \
     rm -rf /root/* \
            /var/cache/apk/*
 #
 # Set workdir and start honeysap
+STOPSIGNAL SIGKILL
 USER honeysap:honeysap
 WORKDIR /opt/honeysap
 CMD ["/opt/honeysap/bin/honeysap", "--config-file", "/opt/honeysap/conf/honeysap.yml"]
diff --git a/docker/honeysap/docker-compose.yml b/docker/honeysap/docker-compose.yml
index 34068edf..830a8c0b 100644
--- a/docker/honeysap/docker-compose.yml
+++ b/docker/honeysap/docker-compose.yml
@@ -14,7 +14,6 @@ services:
      - honeysap_local
     ports:
      - "3299:3299"
-     - "8001:8001"
     image: "dtagdevsec/honeysap:2006"
     volumes:
      - /data/honeysap/log:/opt/honeysap/log
diff --git a/etc/compose/nextgen.yml b/etc/compose/nextgen.yml
index 7d5755b5..17d4f410 100644
--- a/etc/compose/nextgen.yml
+++ b/etc/compose/nextgen.yml
@@ -15,6 +15,7 @@ networks:
   elasticpot_local:
   heralding_local:
   honeypy_local:
+  honeysap_local:
   mailoney_local:
   medpot_local:
   rdpy_local:
@@ -302,6 +303,18 @@ services:
     volumes:
      - /data/honeypy/log:/opt/honeypy/log
 
+# HoneySAP service
+  honeysap:
+    container_name: honeysap
+    restart: always
+    networks:
+     - honeysap_local
+    ports:
+     - "3299:3299"
+    image: "dtagdevsec/honeysap:2006"
+    volumes:
+     - /data/honeysap/log:/opt/honeysap/log
+
 # Mailoney service
   mailoney:
     container_name: mailoney
diff --git a/etc/logrotate/logrotate.conf b/etc/logrotate/logrotate.conf
index 6059cc91..403bd18f 100644
--- a/etc/logrotate/logrotate.conf
+++ b/etc/logrotate/logrotate.conf
@@ -20,6 +20,7 @@
 /data/heralding/log/*.csv
 /data/heralding/log/*.json
 /data/honeypy/log/*.log
+/data/honeysap/log/*.log
 /data/honeytrap/log/*.log
 /data/honeytrap/log/*.json
 /data/mailoney/log/*.log
diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index bd41997d..fb872fdd 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -789,6 +789,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/glutton/log \
          /data/heralding/log \
          /data/honeypy/log \
+         /data/honeysap/log \
          /data/mailoney/log \
          /data/medpot/log \
          /data/nginx/{log,heimdall} \
diff --git a/update.sh b/update.sh
index b7d832d2..e8855b84 100755
--- a/update.sh
+++ b/update.sh
@@ -237,6 +237,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/glutton/log \
          /data/heralding/log \
          /data/honeypy/log \
+         /data/honeysap/log \
          /data/mailoney/log \
          /data/medpot/log \
          /data/nginx/{log,heimdall} \