prep for sentrypeer

bin/clean.sh

@@ -277,6 +277,14 @@ fuREDISHONEYPOT () {
   chown tpot:tpot /data/redishoneypot -R
 }
 
+# Let's create a function to clean up and prepare sentrypeer data
+fuSENTRYPEER () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/sentrypeer/log; fi
+  mkdir -p /data/sentrypeer/log
+  chmod 770 /data/sentrypeer -R
+  chown tpot:tpot /data/sentrypeer -R
+}
+
 # Let's create a function to prepare spiderfoot db
 fuSPIDERFOOT () {
   mkdir -p /data/spiderfoot
@@ -356,6 +364,7 @@ if [ "$myPERSISTENCE" = "on" ];
     fuNGINX
     fuREDISHONEYPOT
     fuRDPY
+    fuSENTRYPEER
     fuSPIDERFOOT
     fuSURICATA
     fuP0F

docker/sentrypeer/Dockerfile

@@ -18,17 +18,17 @@ RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
             libosip2-dev
 #
 # Download SentryPeer sources and build
-RUN git clone https://github.com/SentryPeer/SentryPeer.git -b v1.0.0
+RUN git clone https://github.com/SentryPeer/SentryPeer
 #
 WORKDIR /SentryPeer
 #
 RUN ./bootstrap.sh
-RUN ./configure
+RUN ./configure --disable-opendht --disable-zyre
 RUN make
 RUN make check
 RUN make install
-RUN tar cvfz sp.tgz /SentryPeer/* && \
+#RUN tar cvfz sp.tgz /SentryPeer/* && \
-    mv sp.tgz /
+#    mv sp.tgz /
 #
 FROM alpine:3.15
 #
@@ -63,4 +63,4 @@ RUN apk -U add --no-cache \
 STOPSIGNAL SIGKILL
 USER sentrypeer:sentrypeer
 WORKDIR /opt/sentrypeer/
-CMD ./sentrypeer -draws
+CMD ./sentrypeer -jar -f /var/log/sentrypeer/sentrypeer.db -l /var/log/sentrypeer/sentrypeer.json

docker/sentrypeer/Dockerfile.alpine.keep

@@ -0,0 +1,96 @@
+FROM alpine:3.15 as builder
+#
+RUN apk -U add --no-cache \
+            argon2-dev \
+            autoconf \
+	    automake \
+	    autoconf-archive \
+	    build-base \
+	    curl-dev \
+	    cmocka-dev \
+	    czmq-dev \
+	    git \
+	    jansson-dev \
+	    libtool \
+	    libmicrohttpd-dev \
+            pcre2-dev \
+	    readline-dev \
+	    sqlite-dev \
+	    util-linux-dev \
+	    zeromq-dev
+#
+RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+            libosip2-dev
+RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community \
+            asio-dev \
+            msgpack-c-dev \
+	    msgpack-cxx-dev
+#
+# Download and build Zyre
+WORKDIR /tmp
+RUN git clone https://github.com/savoirfairelinux/opendht dht 
+WORKDIR /tmp/dht
+RUN ./autogen.sh
+RUN ./configure
+RUN make
+RUN make install
+RUN ldconfig /etc/ld.so.conf.d
+#
+WORKDIR /tmp
+RUN git clone --quiet https://github.com/zeromq/zyre zyre
+WORKDIR /tmp/zyre
+RUN ./autogen.sh 2> /dev/null
+RUN ./configure --quiet --without-docs
+RUN make
+RUN make install
+RUN ldconfig /etc/ld.so.conf.d
+#
+# Download SentryPeer sources and build
+WORKDIR /
+RUN git clone https://github.com/SentryPeer/SentryPeer.git
+#
+WORKDIR /SentryPeer
+#
+RUN cp -R /tmp/dht/* .
+RUN ./bootstrap.sh
+RUN ./configure
+RUN make CPPFLAGS=-D_POSIX_C_SOURCE=199309L
+RUN make check
+RUN make install
+RUN tar cvfz sp.tgz /SentryPeer/* && \
+    mv sp.tgz /
+#
+FROM alpine:3.15
+#
+#COPY --from=builder /sp.tgz /root
+COPY --from=builder /SentryPeer/sentrypeer /opt/sentrypeer/
+#
+# Install packages
+RUN apk -U add --no-cache \
+            jansson \
+            libmicrohttpd \
+	    libuuid \
+            pcre2 \
+	    sqlite-libs && \
+    apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+            libosip2 && \
+#
+# Extract from builder
+#    mkdir /opt/sentrypeer && \
+#    tar xvfz /root/sp.tgz --strip-components=1 -C /opt/sentrypeer/ && \
+#
+# Setup user, groups and configs
+    mkdir -p /var/log/sentrypeer && \
+    addgroup -g 2000 sentrypeer && \
+    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 sentrypeer && \
+    chown -R sentrypeer:sentrypeer /opt/sentrypeer && \
+#
+# Clean up
+    rm -rf /root/* && \
+    rm -rf /var/cache/apk/*
+#
+# Set workdir and start sentrypeer
+STOPSIGNAL SIGKILL
+USER sentrypeer:sentrypeer
+WORKDIR /opt/sentrypeer/
+CMD ./sentrypeer -draws

docker/sentrypeer/Dockerfile.debian.keep

@@ -0,0 +1,95 @@
+FROM debian:bullseye as builder
+ENV DEBIAN_FRONTEND noninteractive
+#
+RUN apt-get update
+RUN apt-get dist-upgrade -y \
+            autoconf \
+	    automake \
+	    autoconf-archive \
+	    build-essential \
+	    git \
+	    libcmocka-dev \
+	    libcurl4-gnutls-dev \
+	    libczmq-dev \
+	    libjansson-dev \
+	    libmicrohttpd-dev \
+	    libopendht-dev \
+            libosip2-dev \
+	    libpcre2-dev \
+	    libsqlite3-dev \
+	    libtool
+#
+# Download and build OpenDHT
+WORKDIR /tmp
+RUN git clone https://github.com/savoirfairelinux/opendht opendht
+WORKDIR /tmp/opendht
+RUN ./autogen.sh
+RUN ./configure
+RUN make
+RUN make install
+RUN ldconfig
+#
+# Download and build Zyre
+WORKDIR /tmp
+RUN git clone https://github.com/zeromq/zyre -b v2.0.1 zyre
+WORKDIR /tmp/zyre
+RUN ./autogen.sh
+RUN ./configure --without-docs
+RUN make
+RUN make install
+RUN ldconfig
+#
+# Download and build SentryPeer
+WORKDIR /
+RUN git clone https://github.com/SentryPeer/SentryPeer -b v1.0.0
+#
+WORKDIR /SentryPeer
+#
+RUN cp -r /tmp/opendht .
+RUN ./bootstrap.sh
+RUN ./configure
+RUN make
+RUN make check
+RUN make install
+#RUN tar cvfz sp.tgz /SentryPeer/* && \
+#    mv sp.tgz /
+#RUN exit 1
+#
+FROM debian:bullseye
+#
+#COPY --from=builder /sp.tgz /root
+COPY --from=builder /SentryPeer/sentrypeer /opt/sentrypeer/
+#
+# Install packages
+RUN apt-get update && \
+    apt-get dist-upgrade -y && \
+    apt-get install -y \
+            libcmocka0 \
+            libcurl4 \
+            libczmq4 \
+            libjansson4 \
+            libmicrohttpd12 \
+            libosip2-11 \
+            libsqlite3-0 \
+            pcre2-utils && \
+#
+# Extract from builder
+#    mkdir /opt/sentrypeer && \
+#    tar xvfz /root/sp.tgz --strip-components=1 -C /opt/sentrypeer/ && \
+#
+# Setup user, groups and configs
+    mkdir -p /var/log/sentrypeer && \
+    addgroup --gid 2000 sentrypeer && \
+    adduser --system --no-create-home --shell /bin/bash --uid 2000 --disabled-password --disabled-login --gid 2000 sentrypeer && \
+    chown -R sentrypeer:sentrypeer /opt/sentrypeer && \
+#
+# Clean up
+    rm -rf /root/* && \
+    apt-get autoremove -y --purge && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+#
+# Set workdir and start sentrypeer
+STOPSIGNAL SIGKILL
+USER sentrypeer:sentrypeer
+WORKDIR /opt/sentrypeer/
+CMD ./sentrypeer -draws

docker/sentrypeer/docker-compose.yml

@@ -14,9 +14,8 @@ services:
      - sentrypeer_local
     ports:
      - "5060:5060/udp"
-     - "5060:5060/tcp"
     # - "127.0.0.1:8082:8082"
     image: "dtagdevsec/sentrypeer:2203"
-    #read_only: true
+    read_only: true
-    #volumes:
+    volumes:
-    # - /data/sentrypeer/log:/opt/sentrypeer/log
+     - /data/sentrypeer/log:/var/log/sentrypeer

etc/compose/standard.yml

@@ -18,6 +18,7 @@ networks:
   medpot_local:
   tanner_local:
   ewsposter_local:
+  sentrypeer_local:
   spiderfoot_local:
 
 services:
@@ -212,8 +213,8 @@ services:
      - "1723:1723"
      - "1883:1883"
      - "3306:3306"
-     - "5060:5060"
+     # - "5060:5060"
-     - "5060:5060/udp"
+     # - "5060:5060/udp"
      - "5061:5061"
      - "27017:27017"
     image: "dtagdevsec/dionaea:2203"
@@ -319,6 +320,19 @@ services:
     volumes:
      - /data/medpot/log/:/var/log/medpot
 
+# SentryPeer service
+  sentrypeer:
+    container_name: sentrypeer
+    restart: always
+    networks:
+     - sentrypeer_local
+    ports:
+     - "5060:5060/udp"
+    image: "dtagdevsec/sentrypeer:2203"
+    read_only: true
+    volumes:
+     - /data/sentrypeer/log:/var/log/sentrypeer
+
 #### Snare / Tanner
 ## Tanner Redis Service
   tanner_redis:

etc/logrotate/logrotate.conf

@@ -35,6 +35,7 @@
 /data/p0f/log/p0f.json
 /data/rdpy/log/rdpy.log
 /data/redishoneypot/log/*.log
+/data/sentrypeer/log/*.json
 /data/suricata/log/*.log
 /data/suricata/log/*.json
 /data/tanner/log/*.json

iso/installer/install.sh

@@ -842,6 +842,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/ews/conf \
          /data/rdpy/log \
          /data/redishoneypot/log \
+	 /data/sentrypeer/log \
          /data/spiderfoot \
          /data/suricata/log \
          /data/tanner/{log,files} \

update.sh

@@ -255,6 +255,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/ews/conf \
          /data/rdpy/log \
          /data/redishoneypot/log \
+	 /data/sentrypeer/log \
          /data/spiderfoot \
          /data/suricata/log \
          /data/tanner/{log,files} \