prepare for new ewsposter

installer/data/ews/conf/ews.cfg

@@ -1,83 +0,0 @@
-[MAIN]
-homedir = /opt/ewsposter/
-spooldir = /opt/ewsposter/spool/
-logdir = /opt/ewsposter/log/
-del_malware_after_send = false
-send_malware = true
-sendlimit = 400
-contact = your_email_address
-proxy =
-ip =
-
-[EWS]
-ews = true
-username = community-01-user
-token = foth{a5maiCee8fineu7
-rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
-rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
-ignorecert = false
-
-[HPFEED]
-hpfeed = false
-host = 0.0.0.0
-port = 0
-channels = 0
-ident = 0
-secret= 0
-
-[EWSJSON]
-json = false
-jsondir = /data/ews/
-
-[GLASTOPFV3]
-glastopfv3 = true
-nodeid = glastopfv3-community-01
-sqlitedb = /data/glastopf/db/glastopf.db
-malwaredir = /data/glastopf/data/files/
-
-[GLASTOPFV2]
-glastopfv2 = false
-nodeid =
-mysqlhost =
-mysqldb =
-mysqluser =
-mysqlpw =
-malwaredir =
-
-[KIPPO]
-kippo = true
-nodeid = kippo-community-01
-mysqlhost = localhost
-mysqldb = cowrie
-mysqluser = cowrie
-mysqlpw = s0m3Secr3T!
-malwaredir = /data/cowrie/downloads/
-
-[DIONAEA]
-dionaea = true
-nodeid = dionaea-community-01
-malwaredir = /data/dionaea/binaries/
-sqlitedb = /data/dionaea/log/dionaea.sqlite
-
-[HONEYTRAP]
-honeytrap = true
-nodeid = honeytrap-community-01
-newversion = true
-payloaddir = /data/honeytrap/attacks/
-attackerfile = /data/honeytrap/log/attacker.log
-
-[RDPDETECT]
-rdpdetect = false
-nodeid =
-iptableslog =
-targetip =
-
-[EMOBILITY]
-eMobility = true
-nodeid = emobility-community-01
-logfile = /data/eMobility/log/centralsystemEWS.log
-
-[CONPOT]
-conpot = true
-nodeid = conpot-community-01
-logfile = /data/conpot/log/conpot.json

installer/data/imgcfg/all_images.conf

@@ -4,6 +4,7 @@ dionaea
 elasticpot
 elk
 emobility
+ewsposter
 glastopf
 honeytrap
 suricata

installer/data/imgcfg/hp_images.conf

@@ -1,5 +1,6 @@
 cowrie
 dionaea
 elasticpot
+ewsposter
 glastopf
 honeytrap

installer/data/imgcfg/industrial_images.conf

@@ -1,6 +1,7 @@
 conpot
 elk
 emobility
+ewsposter
 suricata
 netdata
 ui-for-docker

installer/data/imgcfg/tpot_images.conf

@@ -2,6 +2,7 @@ cowrie
 dionaea
 elasticpot
 elk
+ewsposter
 glastopf
 honeytrap
 suricata

installer/data/systemd/ewsposter.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=ewsposter
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop ewsposter
+ExecStartPre=-/usr/bin/docker rm -v ewsposter
+ExecStart=/usr/bin/docker run --name ewsposter --rm=true -v /data:/data -v /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip dtagdevsec/ewsposter:latest1610
+ExecStop=/usr/bin/docker stop ewsposter
+
+[Install]
+WantedBy=multi-user.target

installer/install.sh

@@ -416,7 +416,7 @@ mkdir -p /data/conpot/log \
          /data/elk/data /data/elk/log /data/elk/logstash/conf \
          /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
          /data/emobility/log \
-         /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/emobility \
+         /data/ews/conf \
          /data/suricata/log /home/tsec/.ssh/
 
 # Let's take care of some files and permissions before copying