From b6be931641671a0b764b2c9c733967a490c95651 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Thu, 24 Jun 2021 16:26:53 +0000
Subject: [PATCH] prep for new ewsposter, rollout to follow next week

---
 docker/ews/Dockerfile   |  4 ++--
 docker/ews/dist/ews.cfg | 43 +++++++++++++++++++++++++++++++++++++----
 2 files changed, 41 insertions(+), 6 deletions(-)

diff --git a/docker/ews/Dockerfile b/docker/ews/Dockerfile
index e1e1e096..ac1fe6ef 100644
--- a/docker/ews/Dockerfile
+++ b/docker/ews/Dockerfile
@@ -20,12 +20,12 @@ RUN apk -U --no-cache add \
             py3-requests \
 	    py3-pip \
             py3-setuptools && \
-    pip3 install --no-cache-dir configparser hpfeeds3 pyOpenSSL xmljson && \
+    pip3 install --no-cache-dir configparser hpfeeds3 influxdb influxdb-client pyOpenSSL xmljson && \
 #
 # Setup ewsposter
     git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \
     cd /opt/ewsposter && \
-    git checkout 46cd801fb444f1fb0a90418ab46e5977ec0a90b6 && \
+    git checkout b0633af849687128171be1c7be7a43f3709a93ed && \
     mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \
 #
 # Setup user and groups
diff --git a/docker/ews/dist/ews.cfg b/docker/ews/dist/ews.cfg
index 96c8732f..79c0dcf9 100644
--- a/docker/ews/dist/ews.cfg
+++ b/docker/ews/dist/ews.cfg
@@ -34,8 +34,18 @@ hpfformat = %(EWS_HPFEEDS_FORMAT)s
 json = false
 jsondir = /data/ews/json/
 
+[INFLUXDB]
+influxdb = false
+host = http://localhost
+port = 8086
+username = <your username for influx 1.8>
+password = <your password for influx 1.8>
+token = <your token for influx 2.0>
+bucket = <your bucket/database for 2.0/1.8>
+org = <your org for influx 2.0>
+
 [GLASTOPFV3]
-glastopfv3 = true
+glastopfv3 = false
 nodeid = glastopfv3-community-01
 sqlitedb = /data/glastopf/db/glastopf.db
 malwaredir = /data/glastopf/data/files/
@@ -69,12 +79,12 @@ nodeid = conpot-community-01
 logfile = /data/conpot/log/conpot*.json
 
 [ELASTICPOT]
-elasticpot = false
+elasticpot = true
 nodeid = elasticpot-community-01
 logfile = /data/elasticpot/log/elasticpot.json
 
 [SURICATA]
-suricata = true
+suricata = false
 nodeid = suricata-community-01
 logfile = /data/suricata/log/eve.json
 
@@ -89,7 +99,7 @@ nodeid = rdpy-community-01
 logfile = /data/rdpy/log/rdpy.log
 
 [VNCLOWPOT]
-vnclowpot = true
+vnclowpot = false
 nodeid = vnclowpot-community-01
 logfile = /data/vnclowpot/log/vnclowpot.log
 
@@ -127,3 +137,28 @@ logfile = /data/adbhoney/log/adbhoney.json
 fatt = true
 nodeid = fatt-community-01
 logfile = /data/fatt/log/fatt.log
+
+[IPPHONEY]
+ipphoney = true
+nodeid = ipphoney-community-01
+logfile = /data/ipphoney/log/ipphoney.json
+
+[DICOMPOT]
+dicompot = true
+nodeid = dicompot-community-01
+logfile = /data/dicompot/log/dicompot.log
+
+[MEDPOT]
+medpot = true
+nodeid = medpot-community-01
+logfile = /data/medpot/log/medpot.log
+
+[HONEYPY]
+honeypy = true
+nodeid = honeypy-community-01
+logfile = /data/honeypy/log/json.log
+
+[CITRIX]
+citrix = true
+nodeid = citrix-community-01
+logfile = /data/citrixhoneypot/logs/server.log