add honeypy docker

docker/honeypy/Dockerfile

@@ -0,0 +1,47 @@
+FROM alpine
+
+# Include dist
+ADD dist/ /root/dist/
+
+# Install packages
+RUN sed -i 's/dl-cdn/dl-4/g' /etc/apk/repositories && \
+    apk -U --no-cache add \
+            build-base \
+            git \
+            libcap \
+            python2 \
+            python2-dev \
+            py2-pip && \
+
+# Upgrade pip, install virtualenv
+    pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir virtualenv && \
+
+# Clone honeypy from git
+    git clone --depth=1 https://github.com/foospidy/HoneyPy /opt/honeypy && \
+    cd /opt/honeypy && \
+    virtualenv env && \
+    cp /root/dist/services.cfg /opt/honeypy/etc && \
+    cp /root/dist/honeypy.cfg /opt/honeypy/etc && \
+    /opt/honeypy/env/bin/pip install -r /opt/honeypy/requirements.txt && \
+
+# Setup user, groups and configs
+    addgroup -g 2000 honeypy && \
+    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 honeypy && \
+    chown -R honeypy:honeypy /opt/honeypy && \
+    setcap cap_net_bind_service=+ep /opt/honeypy/env/bin/python2 && \
+
+# Clean up
+    apk del --purge build-base \
+                    git \
+                    python2-dev \
+                    py2-pip && \
+    rm -rf /root/* && \
+    rm -rf /var/cache/apk/*
+
+# Set workdir and start mailoney
+#STOPSIGNAL SIGINT
+USER honeypy:honeypy
+WORKDIR /opt/honeypy
+#EXPOSE 7 8 23 24 25 69 80 123 2048 4096 5060 9200
+CMD ["/opt/honeypy/env/bin/python2", "/opt/honeypy/Honey.py", "-d"]

docker/honeypy/dist/honeypy.cfg

@@ -0,0 +1,100 @@
+# HoneyPy/etc/honeypy.cfg
+# https://github.com/foospidy/HoneyPy
+
+[honeypy]
+# select any name for this HoneyPy node, it can be anything you want (default is: honeypy).
+# It will be displayed in tweets, Slack messages, and other integrations.
+nodename  = honeypy
+
+#add a comma seperated list of ip addresses to supress logging of your local scanners
+#whitelist = 192.168.0.5, 192.168.0.21
+
+#include the following service profiles (comma seperated), all services will be combined.
+#enabling this will disable the use of service.cfg, which will not be processed
+#service_profiles = services.databases.profile, services.linux.profile
+
+# Tweet events on Twitter. Having a dedicated Twitter account for this purpose is recommended.
+# You will need to Twitter API credentials for this to work. See https://dev.twitter.com/oauth/application-only
+[twitter]
+enabled        = No
+consumerkey    =
+consumersecret =
+oauthtoken     =
+oauthsecret    =
+
+########################################################################################################
+# Animus is dead! (http://morris.guru/the-life-and-death-of-animus/) This feature should be use no more.
+# enable tweats to include querying Animus Threat Bot (https://github.com/threatbot)
+# ask_animus     = No
+########################################################################################################
+#
+# Animus rises from the ashes! https://animus.io/
+#
+########################################################################################################
+#
+# Animus falls again. https://github.com/hslatman/awesome-threat-intelligence/pull/101
+#
+########################################################################################################
+
+# Post your events to HoneyDB. Your HoneyPy honepots can contribute threat information to HoneyDB.
+# You will need to create API credentails for this to work. See https://riskdiscovery.com/honeydb/#threats
+[honeydb]
+enabled  = No
+api_id   =
+api_key  =
+
+# Post your events to a Slack channel. Having a dedicated Slack channel for this is recommended.
+# For setting up your Slack webhook see https://api.slack.com/incoming-webhooks
+[slack]
+enabled     = No
+webhook_url =
+
+[logstash]
+enabled = No
+host    =
+port    =
+
+[elasticsearch]
+enabled = No
+# Elasticsearch url should include ":port/index/type
+# example: http://localhost:9200/honeypot/honeypy
+es_url  =
+
+[telegram]
+# You need to add your bot to channel or group, and get the bot token see https://core.telegram.org/bots
+enabled = No
+# Telegram bot HTTP API Token
+bot_id =
+
+[sumologic]
+enabled = No
+# create a http collector source and use the url provided
+# https://help.sumologic.com/Send-Data/Sources/02Sources-for-Hosted-Collectors/HTTP-Source/Upload-Data-to-an-HTTP-Source
+url =
+custom_source_host =
+custom_source_name =
+custom_source_category =
+
+[splunk]
+enabled = No
+# /services/receivers/simple api endpoint
+url = https://localhost:8089/services/receivers/simple
+username =
+password =
+
+[rabbitmq]
+enabled = No
+# Here you need create rabbitmq config url to be used with pika python lib
+# For ex. 1) amqp://username:password@rabbitmq_host/%2f
+#          2) amqp://username:password@127.0.0.1/%2f
+url_param =
+# Name of the Rabbitmq Exchange
+# Ex. mycoolexchange
+exchange =
+# Rabbitmq routing Key if not configured in rabbitmq leave it
+# Ex. honeypy
+routing_key =
+
+[file]
+enabled = Yes
+filename = log/json.log

docker/honeypy/dist/services.cfg

@@ -0,0 +1,67 @@
+# HoneyPy Copyright (C) 2013-2017 foospidy
+# services.default.profile
+# Important: service names must not contain spaces.
+# Important: use port redirecting for services that listen on ports below 1024 (see https://github.com/foospidy/ipt-kit).
+
+[Echo]
+plugin      = Echo
+low_port    = tcp:7
+port        = tcp:7
+description = Echo back data received via tcp.
+enabled     = Yes
+
+[Echo.udp]
+plugin      = Echo_udp
+low_port    = udp:7
+port        = udp:7
+description = Echo back data received via udp.
+enabled     = Yes
+
+[MOTD]
+plugin      = MOTD
+low_port    = tcp:8
+port        = tcp:8
+description = Send a message via tcp and close connection.
+enabled     = Yes
+
+[MOTD.udp]
+plugin      = MOTD_udp
+low_port    = udp:8
+port        = udp:8
+description = Send a message via udp.
+enabled     = Yes
+
+[Telnet]
+plugin      = TelnetUnix
+low_port    = tcp:2323
+port        = tcp:2323
+description = Emulate Debian telnet login via tcp.
+enabled     = Yes
+
+[Telnet.Windows]
+plugin      = TelnetWindows
+low_port    = tcp:2324
+port        = tcp:2324
+description = Emulate Windows telnet login via tcp.
+enabled     = Yes
+
+[Random]
+plugin      = Random
+low_port    = tcp:2048
+port        = tcp:2048
+description = Send random data via tcp.
+enabled     = Yes
+
+[HashCountRandom]
+plugin      = HashCountRandom
+low_port    = tcp:4096
+port        = tcp:4096
+description = Send random data prefixed with a hash of a counter via tcp.
+enabled     = Yes
+
+[Elasticsearch]
+plugin      = Elasticsearch
+low_port    = tcp:9200
+port        = tcp:9200
+description = Send basic elasticsearch like replies
+enabled     = Yes

docker/honeypy/docker-compose.yml

@@ -0,0 +1,26 @@
+version: '2.3'
+
+networks:
+  honeypy_local:
+
+services:
+
+# HoneyPy service
+  honeypy:
+    build: .
+    container_name: honeypy
+    restart: always
+    networks:
+     - honeypy_local
+    ports:
+     - "7:7"
+     - "8:8"
+     - "2048:2048"
+     - "2323:2323"
+     - "2324:2324"
+     - "4096:4096"
+     - "9200:9200"
+    image: "dtagdevsec/honeypy:1903"
+    read_only: true
+    volumes:
+     - /data/honeypy/log:/opt/honeypy/log