Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-20 06:02:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Continue working on Galah

Browse source
This commit is contained in:
t3chn0m4g3 2024-09-24 16:13:16 +02:00
parent e74cc2bae9
commit b66e482837
11 changed files with 69 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
docker/_builder/docker-compose.yml
View file

@ -117,6 +117,15 @@ services:
context: ../endlessh/ context: ../endlessh/
<<: *common-build <<: *common-build
# Galah
galah:
image: ${TPOT_DOCKER_REPO}/galah:${TPOT_VERSION}
build:
tags:
- ${TPOT_GHCR_REPO}/galah:${TPOT_VERSION}
context: ../galah/
<<: *common-build
# Glutton # Glutton
# glutton: # glutton:
# image: ${TPOT_DOCKER_REPO}/glutton:${TPOT_VERSION} # image: ${TPOT_DOCKER_REPO}/glutton:${TPOT_VERSION}

18
docker/beelzebub/Dockerfile
View file

@ -22,14 +22,16 @@ COPY --from=builder /root/beelzebub/main /opt/beelzebub/
COPY --from=builder /root/beelzebub/configurations /opt/beelzebub/configurations COPY --from=builder /root/beelzebub/configurations /opt/beelzebub/configurations
# #
# Setup user, groups and configs # Setup user, groups and configs
RUN sed -i "s#logsPath: ./log#logsPath: ./configurations/log/beelzebub.json#g" /opt/beelzebub/configurations/beelzebub.yaml && \ RUN <<EOF
sed -i 's/passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"/passwordRegex: ".*"/g' /opt/beelzebub/configurations/services/ssh-22.yaml && \ sed -i "s#logsPath: ./log#logsPath: ./configurations/log/beelzebub.json#g" /opt/beelzebub/configurations/beelzebub.yaml
addgroup -g 2000 beelzebub && \ sed -i 's/passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"/passwordRegex: ".*"/g' /opt/beelzebub/configurations/services/ssh-22.yaml
adduser -S -s /bin/ash -u 2000 -D -g 2000 beelzebub && \ addgroup -g 2000 beelzebub
mkdir -p /beelzebub/configurations/key \ adduser -S -s /bin/ash -u 2000 -D -g 2000 beelzebub
/beelzebub/configurations/log && \ mkdir -p /beelzebub/configurations/key \
chown beelzebub:beelzebub -R /opt/beelzebub/configurations && \ /beelzebub/configurations/log
chmod 0770 -R /opt/beelzebub/configurations chown beelzebub:beelzebub -R /opt/beelzebub/configurations
chmod 0770 -R /opt/beelzebub/configurations
EOF
# #
# Start beelzebub # Start beelzebub
WORKDIR /opt/beelzebub WORKDIR /opt/beelzebub

2
docker/beelzebub/docker-compose.yml
View file

@ -22,7 +22,7 @@ services:
environment: environment:
LLMMODEL: "ollama" LLMMODEL: "ollama"
LLMHOST: "http://ollama.local:11434/api/chat" LLMHOST: "http://ollama.local:11434/api/chat"
OLLAMAMODEL: "llama3.1" OLLAMAMODEL: "openchat"
image: "dtagdevsec/beelzebub:24.04" image: "dtagdevsec/beelzebub:24.04"
read_only: true read_only: true
volumes: volumes:

2
docker/elk/logstash/Dockerfile
View file

@ -1,5 +1,5 @@
FROM ubuntu:22.04 FROM ubuntu:22.04
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND=noninteractive
ENV LS_VER=8.14.2 ENV LS_VER=8.14.2
# #
# Include dist # Include dist

20
docker/elk/logstash/dist/http_output.conf vendored
View file

@ -99,6 +99,13 @@ input {
type => "Endlessh" type => "Endlessh"
} }
# Galah
file {
path => ["/data/galah/log/galah.json"]
codec => json
type => "Galah"
}
# Glutton # Glutton
file { file {
path => ["/data/glutton/log/glutton.log"] path => ["/data/glutton/log/glutton.log"]
@ -210,9 +217,9 @@ filter {
mutate { mutate {
rename => { rename => {
"sourceIp" => "src_ip" "sourceIp" => "src_ip"
"destinationIp" => "dest_ip" "destinationIp" => "dest_ip"
"sourcePort" => "src_port" "sourcePort" => "src_port"
"destinationPort" => "dest_port" "destinationPort" => "dest_port"
"gquic" => "fatt_gquic" "gquic" => "fatt_gquic"
"http" => "fatt_http" "http" => "fatt_http"
"rdp" => "fatt_rdp" "rdp" => "fatt_rdp"
@ -460,6 +467,13 @@ filter {
} }
} }
# Galah
if [type] == "Galah" {
date {
match => [ "timestamp", "ISO8601" ]
}
}
# Glutton # Glutton
if [type] == "Glutton" { if [type] == "Glutton" {
date { date {

14
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -99,6 +99,13 @@ input {
type => "Endlessh" type => "Endlessh"
} }
# Galah
file {
path => ["/data/galah/log/galah.json"]
codec => json
type => "Galah"
}
# Glutton # Glutton
file { file {
path => ["/data/glutton/log/glutton.log"] path => ["/data/glutton/log/glutton.log"]
@ -460,6 +467,13 @@ filter {
} }
} }
# Galah
if [type] == "Galah" {
date {
match => [ "timestamp", "ISO8601" ]
}
}
# Glutton # Glutton
if [type] == "Glutton" { if [type] == "Glutton" {
date { date {

4
docker/elk/map/Dockerfile
View file

@ -13,7 +13,7 @@ RUN apk --no-cache -U add \
# Install from GitHub and setup # Install from GitHub and setup
mkdir -p /opt && \ mkdir -p /opt && \
cd /opt/ && \ cd /opt/ && \
git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.1 && \ git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.2 && \
cd t-pot-attack-map && \ cd t-pot-attack-map && \
pip3 install --break-system-packages --upgrade pip && \ pip3 install --break-system-packages --upgrade pip && \
pip3 install --break-system-packages -r requirements.txt && \ pip3 install --break-system-packages -r requirements.txt && \
@ -35,4 +35,4 @@ ENV TZ=UTC
STOPSIGNAL SIGINT STOPSIGNAL SIGINT
USER map:map USER map:map
WORKDIR /opt/t-pot-attack-map WORKDIR /opt/t-pot-attack-map
CMD /usr/bin/python3 $MAP_COMMAND CMD ["/bin/sh", "-c", "/usr/bin/python3 $MAP_COMMAND"]

2
docker/galah/docker-compose.yml
View file

@ -21,7 +21,7 @@ services:
environment: environment:
LLM_PROVIDER: "ollama" LLM_PROVIDER: "ollama"
LLM_SERVER_URL: "http://ollama.local:11434" LLM_SERVER_URL: "http://ollama.local:11434"
LLM_MODEL: "gemma2" LLM_MODEL: "llama3"
# LLM_TEMPERATURE: ${GALAH_LLM_TEMPERATURE} # LLM_TEMPERATURE: ${GALAH_LLM_TEMPERATURE}
# LLM_API_KEY: ${GALAH_LLM_API_KEY} # LLM_API_KEY: ${GALAH_LLM_API_KEY}
# LLM_CLOUD_LOCATION: ${GALAH_LLM_CLOUD_LOCATION} # LLM_CLOUD_LOCATION: ${GALAH_LLM_CLOUD_LOCATION}

9
docker/tpotinit/dist/bin/clean.sh vendored
View file

@ -198,6 +198,14 @@ fuFATT () {
chown tpot:tpot -R /data/fatt chown tpot:tpot -R /data/fatt
} }
# Let's create a function to clean up and prepare galah data
fuGALAH () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/galah/*; fi
mkdir -vp /data/galah/{cache,cert,log}
chmod 770 /data/galah/ -R
chown tpot:tpot /data/galah/ -R
}
# Let's create a function to clean up and prepare glastopf data # Let's create a function to clean up and prepare glastopf data
fuGLUTTON () { fuGLUTTON () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi
@ -382,6 +390,7 @@ fuELASTICPOT
fuELK fuELK
fuENDLESSH fuENDLESSH
fuFATT fuFATT
fuGALAH
fuGLUTTON fuGLUTTON
fuHERALDING fuHERALDING
fuHELLPOT fuHELLPOT

1
docker/tpotinit/dist/etc/logrotate/logrotate.conf vendored
View file

@ -18,6 +18,7 @@
/data/elk/log/*.log /data/elk/log/*.log
/data/endlessh/log/*.log /data/endlessh/log/*.log
/data/fatt/log/fatt.log /data/fatt/log/fatt.log
/data/galah/log/*.json
/data/glutton/log/*.log /data/glutton/log/*.log
/data/glutton/log/*.err /data/glutton/log/*.err
/data/hellpot/log/*.log /data/hellpot/log/*.log

6
env.example
View file

@ -111,7 +111,7 @@ OINKCODE=OPEN
# BEELZEBUB_OPENAISECRETKEY: "sk-proj-123456" # BEELZEBUB_OPENAISECRETKEY: "sk-proj-123456"
BEELZEBUB_LLM_MODEL: "ollama" BEELZEBUB_LLM_MODEL: "ollama"
BEELZEBUB_LLM_HOST: "http://ollama.local:11434/api/chat" BEELZEBUB_LLM_HOST: "http://ollama.local:11434/api/chat"
BEELZEBUB_OLLAMA_MODEL: "llama3.1" BEELZEBUB_OLLAMA_MODEL: "openchat"
# Galah is a LLM-powered web honeypot supporting various LLM backends. # Galah is a LLM-powered web honeypot supporting various LLM backends.
# Galah is not part of the standard edition, please follow the README regarding setup. # Galah is not part of the standard edition, please follow the README regarding setup.
@ -125,8 +125,8 @@ BEELZEBUB_OLLAMA_MODEL: "llama3.1"
# GALAH_LLM_CLOUD_LOCATION: "" # GALAH_LLM_CLOUD_LOCATION: ""
# GALAH_LLM_CLOUD_PROJECT: "" # GALAH_LLM_CLOUD_PROJECT: ""
GALAH_LLM_PROVIDER: "ollama" GALAH_LLM_PROVIDER: "ollama"
GALAH_LLM_SERVER_URL: "http://ollama.local:11434/api/chat" GALAH_LLM_SERVER_URL: "http://ollama.local:11434"
GALAH_LLM_MODEL: "gemma2" GALAH_LLM_MODEL: "llama3"
################################################################################### ###################################################################################