prepare for new ewsposter

bin/updateip.sh

@@ -2,6 +2,7 @@
 # Let's add the first local ip to the /etc/issue and external ip to ews.ip file
 # If the external IP cannot be detected, the internal IP will be inherited.
 source /etc/environment
+myUUID=$(lsblk -o MOUNTPOINT,UUID | grep "/" | awk '{ print $2 }')
 myLOCALIP=$(hostname -I | awk '{ print $1 }')
 myEXTIP=$(/opt/tpot/bin/myip.sh)
 if [ "$myEXTIP" = "" ];
@@ -26,6 +27,7 @@ tee /data/ews/conf/ews.ip << EOF
 ip = $myEXTIP
 EOF
 tee /opt/tpot/etc/compose/elk_environment << EOF
+HONEY_UUID=$myUUID
 MY_EXTIP=$myEXTIP
 MY_INTIP=$myLOCALIP
 MY_HOSTNAME=$HOSTNAME

docker/ews/Dockerfile

@@ -23,9 +23,9 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
     pip3 install --no-cache-dir configparser hpfeeds3 pyOpenSSL xmljson && \
 #
 # Setup ewsposter
-    git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \
+    git clone https://github.com/telekom-security/ewsposter -b develop /opt/ewsposter && \
     cd /opt/ewsposter && \
-    git checkout f9c0623d44a837f666ec39659665020c7460dec8 && \
+#    git checkout f9c0623d44a837f666ec39659665020c7460dec8 && \
     mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \
 #
 # Setup user and groups

docker/ews/dist/ews.cfg

@@ -6,8 +6,9 @@ del_malware_after_send = false
 send_malware = false
 sendlimit = 500
 contact = your_email_address
-proxy =
+proxy = None
-ip =
+ip_int = None
+ip_ext = None
 
 [EWS]
 ews = true
@@ -39,24 +40,6 @@ nodeid = glastopfv3-community-01
 sqlitedb = /data/glastopf/db/glastopf.db
 malwaredir = /data/glastopf/data/files/
 
-[GLASTOPFV2]
-glastopfv2 = false
-nodeid =
-mysqlhost =
-mysqldb =
-mysqluser =
-mysqlpw =
-malwaredir =
-
-[KIPPO]
-kippo = false
-nodeid =
-mysqlhost =
-mysqldb =
-mysqluser =
-mysqlpw =
-malwaredir =
-
 [COWRIE]
 cowrie = true
 nodeid = cowrie-community-01
@@ -75,12 +58,6 @@ newversion = true
 payloaddir = /data/honeytrap/attacks/
 attackerfile = /data/honeytrap/log/attacker.log
 
-[RDPDETECT]
-rdpdetect = false
-nodeid =
-iptableslog =
-targetip =
-
 [EMOBILITY]
 eMobility = false
 nodeid = emobility-community-01
@@ -135,3 +112,18 @@ logfile = /data/tanner/log/tanner_report.json
 glutton = true
 nodeid = glutton-community-01
 logfile = /data/glutton/log/glutton.log
+
+[HONEYSAP]
+honeysap = true
+nodeid = honeysap-community-01
+logfile = /data/honeysap/log/honeysap-external.log
+
+[ADBHONEY]
+adbhoney = true
+nodeid = adbhoney-community-01
+logfile = /data/adbhoney/log/adbhoney.json
+
+[FATT]
+fatt = true
+nodeid = fatt-community-01
+logfile = /data/fatt/log/fatt.log

docker/ews/docker-compose.yml

@@ -26,5 +26,4 @@ services:
     image: "ghcr.io/telekom-security/ewsposter:2006"
     volumes:
      - /data:/data
-     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
+#     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-