From c5de828d7e3ed12e2d6b01e96b598e8856ef264e Mon Sep 17 00:00:00 2001
From: Marco Ochse <t3chn0m4g3@gmail.com>
Date: Sun, 12 Mar 2017 23:31:34 +0000
Subject: [PATCH] prepare for new ewsposter

---
 installer/data/ews/conf/ews.cfg              | 83 --------------------
 installer/data/imgcfg/all_images.conf        |  1 +
 installer/data/imgcfg/hp_images.conf         |  1 +
 installer/data/imgcfg/industrial_images.conf |  1 +
 installer/data/imgcfg/tpot_images.conf       |  1 +
 installer/data/systemd/ewsposter.service     | 14 ++++
 installer/install.sh                         |  2 +-
 7 files changed, 19 insertions(+), 84 deletions(-)
 delete mode 100644 installer/data/ews/conf/ews.cfg
 create mode 100644 installer/data/systemd/ewsposter.service

diff --git a/installer/data/ews/conf/ews.cfg b/installer/data/ews/conf/ews.cfg
deleted file mode 100644
index a45b05d7..00000000
--- a/installer/data/ews/conf/ews.cfg
+++ /dev/null
@@ -1,83 +0,0 @@
-[MAIN]
-homedir = /opt/ewsposter/
-spooldir = /opt/ewsposter/spool/
-logdir = /opt/ewsposter/log/
-del_malware_after_send = false
-send_malware = true
-sendlimit = 400
-contact = your_email_address
-proxy =
-ip =
-
-[EWS]
-ews = true
-username = community-01-user
-token = foth{a5maiCee8fineu7
-rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
-rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
-ignorecert = false
-
-[HPFEED]
-hpfeed = false
-host = 0.0.0.0
-port = 0
-channels = 0
-ident = 0
-secret= 0
-
-[EWSJSON]
-json = false
-jsondir = /data/ews/
-
-[GLASTOPFV3]
-glastopfv3 = true
-nodeid = glastopfv3-community-01
-sqlitedb = /data/glastopf/db/glastopf.db
-malwaredir = /data/glastopf/data/files/
-
-[GLASTOPFV2]
-glastopfv2 = false
-nodeid =
-mysqlhost =
-mysqldb =
-mysqluser =
-mysqlpw =
-malwaredir =
-
-[KIPPO]
-kippo = true
-nodeid = kippo-community-01
-mysqlhost = localhost
-mysqldb = cowrie
-mysqluser = cowrie
-mysqlpw = s0m3Secr3T!
-malwaredir = /data/cowrie/downloads/
-
-[DIONAEA]
-dionaea = true
-nodeid = dionaea-community-01
-malwaredir = /data/dionaea/binaries/
-sqlitedb = /data/dionaea/log/dionaea.sqlite
-
-[HONEYTRAP]
-honeytrap = true
-nodeid = honeytrap-community-01
-newversion = true
-payloaddir = /data/honeytrap/attacks/
-attackerfile = /data/honeytrap/log/attacker.log
-
-[RDPDETECT]
-rdpdetect = false
-nodeid =
-iptableslog =
-targetip =
-
-[EMOBILITY]
-eMobility = true
-nodeid = emobility-community-01
-logfile = /data/eMobility/log/centralsystemEWS.log
-
-[CONPOT]
-conpot = true
-nodeid = conpot-community-01
-logfile = /data/conpot/log/conpot.json
diff --git a/installer/data/imgcfg/all_images.conf b/installer/data/imgcfg/all_images.conf
index 1722a2ae..34a4d78d 100644
--- a/installer/data/imgcfg/all_images.conf
+++ b/installer/data/imgcfg/all_images.conf
@@ -4,6 +4,7 @@ dionaea
 elasticpot
 elk
 emobility
+ewsposter
 glastopf
 honeytrap
 suricata
diff --git a/installer/data/imgcfg/hp_images.conf b/installer/data/imgcfg/hp_images.conf
index d027025a..e5aa3e75 100644
--- a/installer/data/imgcfg/hp_images.conf
+++ b/installer/data/imgcfg/hp_images.conf
@@ -1,5 +1,6 @@
 cowrie
 dionaea
 elasticpot
+ewsposter
 glastopf
 honeytrap
diff --git a/installer/data/imgcfg/industrial_images.conf b/installer/data/imgcfg/industrial_images.conf
index ea3eced4..0ca45fbc 100644
--- a/installer/data/imgcfg/industrial_images.conf
+++ b/installer/data/imgcfg/industrial_images.conf
@@ -1,6 +1,7 @@
 conpot
 elk
 emobility
+ewsposter
 suricata
 netdata
 ui-for-docker
diff --git a/installer/data/imgcfg/tpot_images.conf b/installer/data/imgcfg/tpot_images.conf
index 80bb6599..b5cf2271 100644
--- a/installer/data/imgcfg/tpot_images.conf
+++ b/installer/data/imgcfg/tpot_images.conf
@@ -2,6 +2,7 @@ cowrie
 dionaea
 elasticpot
 elk
+ewsposter
 glastopf
 honeytrap
 suricata
diff --git a/installer/data/systemd/ewsposter.service b/installer/data/systemd/ewsposter.service
new file mode 100644
index 00000000..ce18242b
--- /dev/null
+++ b/installer/data/systemd/ewsposter.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=ewsposter
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop ewsposter
+ExecStartPre=-/usr/bin/docker rm -v ewsposter
+ExecStart=/usr/bin/docker run --name ewsposter --rm=true -v /data:/data -v /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip dtagdevsec/ewsposter:latest1610
+ExecStop=/usr/bin/docker stop ewsposter
+
+[Install]
+WantedBy=multi-user.target
diff --git a/installer/install.sh b/installer/install.sh
index 4d327f59..297875e2 100755
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -416,7 +416,7 @@ mkdir -p /data/conpot/log \
          /data/elk/data /data/elk/log /data/elk/logstash/conf \
          /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
          /data/emobility/log \
-         /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/emobility \
+         /data/ews/conf \
          /data/suricata/log /home/tsec/.ssh/
 
 # Let's take care of some files and permissions before copying