From b659d5a036ff112def9ab210849febb99d5a6984 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Mon, 3 Mar 2025 17:34:29 +0100 Subject: [PATCH] prepare for new ewsposter release --- docker/ewsposter/Dockerfile | 8 +- docker/ewsposter/dist/ews.cfg | 214 +++++++++++++++------------- docker/ewsposter/docker-compose.yml | 2 +- 3 files changed, 123 insertions(+), 101 deletions(-) diff --git a/docker/ewsposter/Dockerfile b/docker/ewsposter/Dockerfile index 2f3627ed..7df83f47 100644 --- a/docker/ewsposter/Dockerfile +++ b/docker/ewsposter/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.21 # # Include dist COPY dist/ /root/dist/ @@ -22,7 +22,8 @@ RUN apk --no-cache -U upgrade && \ py3-requests \ py3-pip \ py3-setuptools \ - py3-wheel && \ + py3-wheel \ + py3-xmltodict && \ pip3 install --break-system-packages --upgrade pip && \ pip3 install --break-system-packages --no-cache-dir \ configparser \ @@ -32,7 +33,8 @@ RUN apk --no-cache -U upgrade && \ xmljson && \ # # Setup ewsposter - git clone https://github.com/telekom-security/ewsposter -b v1.25.0 /opt/ewsposter && \ +# git clone https://github.com/telekom-security/ewsposter -b V1.30.0 /opt/ewsposter && \ + git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \ mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \ # # Setup user and groups diff --git a/docker/ewsposter/dist/ews.cfg b/docker/ewsposter/dist/ews.cfg index 0eee26a4..31173d8f 100644 --- a/docker/ewsposter/dist/ews.cfg +++ b/docker/ewsposter/dist/ews.cfg @@ -44,23 +44,109 @@ token = bucket = org = -[GLASTOPFV3] -glastopfv3 = false -nodeid = glastopfv3-community-01 -sqlitedb = /data/glastopf/db/glastopf.db -malwaredir = /data/glastopf/data/files/ +[ADBHONEY] +adbhoney = true +nodeid = adbhoney-community-01 +logfile = /data/adbhoney/log/adbhoney.json +malwaredir = /data/adbhoney/downloads + +[BEELZEBUB] +beelzebub = false +nodeid = beelzebub-community-01 +logfile = /data/beelzebub/log/beelzebub.json + +[CISCOASA] +ciscoasa = true +nodeid = ciscoasa-community-01 +logfile = /data/ciscoasa/log/ciscoasa.log + +[CITRIX] +citrix = true +nodeid = citrix-community-01 +logfile = /data/citrixhoneypot/logs/server.log + +[CONPOT] +conpot = true +nodeid = conpot-community-01 +logdir = /data/conpot/log [COWRIE] cowrie = true nodeid = cowrie-community-01 logfile = /data/cowrie/log/cowrie.json +[DDOSPOT] +ddospot = true +nodeid = ddospot-community-01 +logdir = /data/ddospot/log + +[DICOMPOT] +dicompot = true +nodeid = dicompot-community-01 +logfile = /data/dicompot/log/dicompot.log + [DIONAEA] dionaea = true nodeid = dionaea-community-01 malwaredir = /data/dionaea/binaries/ sqlitedb = /data/dionaea/log/dionaea.sqlite +[ELASTICPOT] +elasticpot = true +nodeid = elasticpot-community-01 +logfile = /data/elasticpot/log/elasticpot.json + +[ENDLESSH] +endlessh = true +nodeid = endlessh-community-01 +logfile = /data/endlessh/log/endlessh.log + +[FATT] +fatt = false +nodeid = fatt-community-01 +logfile = /data/fatt/log/fatt.log + +[GALAH] +galah = true +nodeid = galah-community-01 +logfile = /data/galah/log/galah.json + +[GLUTTON] +glutton = true +nodeid = glutton-community-01 +logfile = /data/glutton/log/glutton.log + +[GOPOT] +gopot = true +nodeid = gopot-community-01 +logfile = /data/go-pot/log/go-pot.json + +[H0NEYTR4P] +h0neytr4p = false +nodeid = h0neytr4p-community-01 +logfile = /data/h0neytr4p/log/log.json +payloaddir = /data/h04neytr4p/payload + +[HELLPOT] +hellpot = true +nodeid = hellpot-community-01 +logfile = /data/hellpot/log/hellpot.log + +[HERALDING] +heralding = true +nodeid = heralding-community-01 +logfile = /data/heralding/log/auth.csv + +[HONEYAML] +honeyaml = true +nodeid = honeyaml-community-01 +logfile = /data/honeyaml/log/honeyaml.log + +[HONEYPOTS] +honeypots = true +nodeid = honeypots-community-01 +logdir = /data/honeypots/log + [HONEYTRAP] honeytrap = true nodeid = honeytrap-community-01 @@ -68,118 +154,52 @@ newversion = true payloaddir = /data/honeytrap/attacks/ attackerfile = /data/honeytrap/log/attacker.log -[EMOBILITY] -eMobility = false -nodeid = emobility-community-01 -logfile = /data/emobility/log/centralsystemEWS.log +[IPPHONEY] +ipphoney = true +nodeid = ipphoney-community-01 +logfile = /data/ipphoney/log/ipphoney.json -[CONPOT] -conpot = true -nodeid = conpot-community-01 -logfile = /data/conpot/log/conpot*.json - -[ELASTICPOT] -elasticpot = true -nodeid = elasticpot-community-01 -logfile = /data/elasticpot/log/elasticpot.json - -[SURICATA] -suricata = false -nodeid = suricata-community-01 -logfile = /data/suricata/log/eve.json +[LOG4POT] +log4pot = true +nodeid = log4pot-community-01 +logfile = /data/log4pot/log/log4pot.log [MAILONEY] mailoney = true nodeid = mailoney-community-01 logfile = /data/mailoney/log/commands.log -[RDPY] -rdpy = false -nodeid = rdpy-community-01 -logfile = /data/rdpy/log/rdpy.log - -[VNCLOWPOT] -vnclowpot = false -nodeid = vnclowpot-community-01 -logfile = /data/vnclowpot/log/vnclowpot.log - -[HERALDING] -heralding = true -nodeid = heralding-community-01 -logfile = /data/heralding/log/auth.csv - -[CISCOASA] -ciscoasa = true -nodeid = ciscoasa-community-01 -logfile = /data/ciscoasa/log/ciscoasa.log - -[TANNER] -tanner = true -nodeid = tanner-community-01 -logfile = /data/tanner/log/tanner_report.json - -[GLUTTON] -glutton = true -nodeid = glutton-community-01 -logfile = /data/glutton/log/glutton.log - -[HONEYSAP] -honeysap = false -nodeid = honeysap-community-01 -logfile = /data/honeysap/log/honeysap-external.log - -[ADBHONEY] -adbhoney = true -nodeid = adbhoney-community-01 -logfile = /data/adbhoney/log/adbhoney.json -malwaredir = /data/adbhoney/downloads - -[FATT] -fatt = false -nodeid = fatt-community-01 -logfile = /data/fatt/log/fatt.log - -[IPPHONEY] -ipphoney = true -nodeid = ipphoney-community-01 -logfile = /data/ipphoney/log/ipphoney.json - -[DICOMPOT] -dicompot = true -nodeid = dicompot-community-01 -logfile = /data/dicompot/log/dicompot.log - [MEDPOT] medpot = true nodeid = medpot-community-01 logfile = /data/medpot/log/medpot.log -[HONEYPY] -honeypy = false -nodeid = honeypy-community-01 -logfile = /data/honeypy/log/json.log - -[CITRIX] -citrix = true -nodeid = citrix-community-01 -logfile = /data/citrixhoneypot/logs/server.log +[MINIPRINT] +miniprint = true +nodeid = miniprint-community-01 +logfile = /data/miniprint/log/miniprint.json [REDISHONEYPOT] redishoneypot = true nodeid = redishoneypot-community-01 logfile = /data/redishoneypot/log/redishoneypot.log -[ENDLESSH] -endlessh = true -nodeid = endlessh-community-01 -logfile = /data/endlessh/log/endlessh.log - [SENTRYPEER] sentrypeer = true nodeid = sentrypeer-community-01 logfile = /data/sentrypeer/log/sentrypeer.json -[LOG4POT] -log4pot = true -nodeid = log4pot-community-01 -logfile = /data/log4pot/log/log4pot.log +[SURICATA] +suricata = false +nodeid = suricata-community-01 +logfile = /data/suricata/log/eve.json + +[TANNER] +tanner = true +nodeid = tanner-community-01 +logfile = /data/tanner/log/tanner_report.json + +[WORDPOT] +wordpot = true +nodeid = wordpot-community-01 +logfile = /data/wordpot/log/wordpot.log \ No newline at end of file diff --git a/docker/ewsposter/docker-compose.yml b/docker/ewsposter/docker-compose.yml index 228e59a2..07df2799 100644 --- a/docker/ewsposter/docker-compose.yml +++ b/docker/ewsposter/docker-compose.yml @@ -21,7 +21,7 @@ services: - EWS_HPFEEDS_SECRET=secret - EWS_HPFEEDS_TLSCERT=false - EWS_HPFEEDS_FORMAT=json - image: "dtagdevsec/ewsposter:24.04" + image: "ghcr.io/telekom-security/ewsposter:24.04.1" volumes: - $HOME/tpotce/data:/data - $HOME/tpotce/data/ews/conf/ews.ip:/opt/ewsposter/ews.ip