Continue working on Galah

docker/_builder/docker-compose.yml

@@ -117,6 +117,15 @@ services:
       context: ../endlessh/
       <<: *common-build
 
+# Galah
+  galah:
+    image: ${TPOT_DOCKER_REPO}/galah:${TPOT_VERSION}
+    build:
+      tags:
+        - ${TPOT_GHCR_REPO}/galah:${TPOT_VERSION}
+      context: ../galah/
+      <<: *common-build
+
 # Glutton
 #  glutton:
 #    image: ${TPOT_DOCKER_REPO}/glutton:${TPOT_VERSION}

docker/beelzebub/Dockerfile

@@ -22,14 +22,16 @@ COPY --from=builder /root/beelzebub/main /opt/beelzebub/
 COPY --from=builder /root/beelzebub/configurations /opt/beelzebub/configurations
 #
 # Setup user, groups and configs
-RUN sed -i "s#logsPath: ./log#logsPath: ./configurations/log/beelzebub.json#g" /opt/beelzebub/configurations/beelzebub.yaml && \
+RUN <<EOF
-    sed -i 's/passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"/passwordRegex: ".*"/g' /opt/beelzebub/configurations/services/ssh-22.yaml && \
+sed -i "s#logsPath: ./log#logsPath: ./configurations/log/beelzebub.json#g" /opt/beelzebub/configurations/beelzebub.yaml
-    addgroup -g 2000 beelzebub && \
+sed -i 's/passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"/passwordRegex: ".*"/g' /opt/beelzebub/configurations/services/ssh-22.yaml
-    adduser -S -s /bin/ash -u 2000 -D -g 2000 beelzebub && \
+addgroup -g 2000 beelzebub
-    mkdir -p /beelzebub/configurations/key \
+adduser -S -s /bin/ash -u 2000 -D -g 2000 beelzebub
-             /beelzebub/configurations/log && \
+mkdir -p /beelzebub/configurations/key \
-    chown beelzebub:beelzebub -R /opt/beelzebub/configurations && \
+         /beelzebub/configurations/log
-    chmod 0770 -R /opt/beelzebub/configurations
+chown beelzebub:beelzebub -R /opt/beelzebub/configurations
+chmod 0770 -R /opt/beelzebub/configurations
+EOF
 #
 # Start beelzebub
 WORKDIR /opt/beelzebub

docker/beelzebub/docker-compose.yml

@@ -22,7 +22,7 @@ services:
     environment:
       LLMMODEL: "ollama"
       LLMHOST: "http://ollama.local:11434/api/chat"
-      OLLAMAMODEL: "llama3.1"
+      OLLAMAMODEL: "openchat"
     image: "dtagdevsec/beelzebub:24.04"
     read_only: true
     volumes:

docker/elk/logstash/Dockerfile

@@ -1,5 +1,5 @@
 FROM ubuntu:22.04
-ENV DEBIAN_FRONTEND noninteractive
+ENV DEBIAN_FRONTEND=noninteractive
 ENV LS_VER=8.14.2
 #
 # Include dist

docker/elk/logstash/dist/http_output.conf

@@ -99,6 +99,13 @@ input {
     type => "Endlessh"
   }
 
+# Galah
+  file {
+    path => ["/data/galah/log/galah.json"]
+    codec => json
+    type => "Galah"
+  }
+
 # Glutton
   file {
     path => ["/data/glutton/log/glutton.log"]
@@ -460,6 +467,13 @@ filter {
     }
   }
 
+# Galah
+  if [type] == "Galah" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Glutton
   if [type] == "Glutton" {
     date {

docker/elk/logstash/dist/logstash.conf

@@ -99,6 +99,13 @@ input {
     type => "Endlessh"
   }
 
+# Galah
+  file {
+    path => ["/data/galah/log/galah.json"]
+    codec => json
+    type => "Galah"
+  }
+
 # Glutton
   file {
     path => ["/data/glutton/log/glutton.log"]
@@ -460,6 +467,13 @@ filter {
     }
   }
 
+# Galah
+  if [type] == "Galah" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Glutton
   if [type] == "Glutton" {
     date {

docker/elk/map/Dockerfile

@@ -13,7 +13,7 @@ RUN apk --no-cache -U add \
 # Install from GitHub and setup
     mkdir -p /opt && \
     cd /opt/ && \
-    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.1 && \
+    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.2 && \
     cd t-pot-attack-map && \
     pip3 install --break-system-packages --upgrade pip && \
     pip3 install --break-system-packages -r requirements.txt && \
@@ -35,4 +35,4 @@ ENV TZ=UTC
 STOPSIGNAL SIGINT
 USER map:map
 WORKDIR /opt/t-pot-attack-map
-CMD /usr/bin/python3 $MAP_COMMAND
+CMD ["/bin/sh", "-c", "/usr/bin/python3 $MAP_COMMAND"]

docker/galah/docker-compose.yml

@@ -21,7 +21,7 @@ services:
     environment:
       LLM_PROVIDER: "ollama"
       LLM_SERVER_URL: "http://ollama.local:11434"
-      LLM_MODEL: "gemma2"
+      LLM_MODEL: "llama3"
       # LLM_TEMPERATURE: ${GALAH_LLM_TEMPERATURE}
       # LLM_API_KEY: ${GALAH_LLM_API_KEY}
       # LLM_CLOUD_LOCATION: ${GALAH_LLM_CLOUD_LOCATION}

docker/tpotinit/dist/bin/clean.sh

@@ -198,6 +198,14 @@ fuFATT () {
   chown tpot:tpot -R /data/fatt
 }
 
+# Let's create a function to clean up and prepare galah data
+fuGALAH () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/galah/*; fi
+  mkdir -vp /data/galah/{cache,cert,log}
+  chmod 770 /data/galah/ -R
+  chown tpot:tpot /data/galah/ -R
+}
+
 # Let's create a function to clean up and prepare glastopf data
 fuGLUTTON () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi
@@ -382,6 +390,7 @@ fuELASTICPOT
 fuELK
 fuENDLESSH
 fuFATT
+fuGALAH
 fuGLUTTON
 fuHERALDING
 fuHELLPOT

docker/tpotinit/dist/etc/logrotate/logrotate.conf

@@ -18,6 +18,7 @@
 /data/elk/log/*.log
 /data/endlessh/log/*.log
 /data/fatt/log/fatt.log
+/data/galah/log/*.json
 /data/glutton/log/*.log
 /data/glutton/log/*.err
 /data/hellpot/log/*.log

env.example

@@ -111,7 +111,7 @@ OINKCODE=OPEN
 # BEELZEBUB_OPENAISECRETKEY: "sk-proj-123456"
 BEELZEBUB_LLM_MODEL: "ollama"
 BEELZEBUB_LLM_HOST: "http://ollama.local:11434/api/chat"
-BEELZEBUB_OLLAMA_MODEL: "llama3.1"
+BEELZEBUB_OLLAMA_MODEL: "openchat"
 
 # Galah is a LLM-powered web honeypot supporting various LLM backends.
 # Galah is not part of the standard edition, please follow the README regarding setup.
@@ -125,8 +125,8 @@ BEELZEBUB_OLLAMA_MODEL: "llama3.1"
 # GALAH_LLM_CLOUD_LOCATION: ""
 # GALAH_LLM_CLOUD_PROJECT: ""
 GALAH_LLM_PROVIDER: "ollama"
-GALAH_LLM_SERVER_URL: "http://ollama.local:11434/api/chat"
+GALAH_LLM_SERVER_URL: "http://ollama.local:11434"
-GALAH_LLM_MODEL: "gemma2"
+GALAH_LLM_MODEL: "llama3"
 
 
 ###################################################################################