From c6f71d960068a5a2615b2c330fd53780412446f0 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Thu, 28 Nov 2024 12:03:57 +0100 Subject: [PATCH] bump glutton to latest master --- docker/glutton/Dockerfile | 27 +++++++++-------------- docker/glutton/dist/config.yaml | 3 ++- docker/glutton/dist/rules.yaml | 36 +++++++++++++++++++++++++++++++ docker/glutton/dist/system.go | 12 +++++------ docker/tpotinit/dist/bin/rules.sh | 2 +- 5 files changed, 55 insertions(+), 25 deletions(-) create mode 100644 docker/glutton/dist/rules.yaml diff --git a/docker/glutton/Dockerfile b/docker/glutton/Dockerfile index aa51c4d0..f8c905ca 100644 --- a/docker/glutton/Dockerfile +++ b/docker/glutton/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21-alpine as builder +FROM golang:1.23-alpine AS builder # # Include dist COPY dist/ /root/dist/ @@ -16,34 +16,27 @@ RUN apk -U --no-cache add \ cd /opt/ && \ git clone https://github.com/mushorg/glutton && \ cd /opt/glutton/ && \ - git checkout c1204c65ce32bfdc0e08fb2a9abe89b3b8eeed62 && \ + git checkout b3b5944b79893ccb1da19e112571674841bbe124 && \ cp /root/dist/system.go . && \ make build && \ - mv /root/dist/config.yaml /opt/glutton/config/ + cp /root/dist/*.yaml /opt/glutton/config/ # -FROM alpine:3.19 +FROM alpine:3.20 # COPY --from=builder /opt/glutton/bin /opt/glutton/bin COPY --from=builder /opt/glutton/config /opt/glutton/config -COPY --from=builder /opt/glutton/rules /opt/glutton/rules # -RUN apk -U --no-cache add \ - iptables-dev \ +RUN apk -U --no-cache upgrade && \ + apk -U --no-cache add \ + iptables \ + libcap \ libpcap-dev && \ setcap cap_net_admin,cap_net_raw=+ep /opt/glutton/bin/server && \ setcap cap_net_admin,cap_net_raw=+ep /sbin/xtables-nft-multi && \ mkdir -p /var/log/glutton \ - /opt/glutton/payloads && \ -# -# Setup user, groups and configs - addgroup -g 2000 glutton && \ - adduser -S -s /bin/ash -u 2000 -D -g 2000 glutton && \ -# -# Clean up - rm -rf /var/cache/apk/* \ - /root/* + /opt/glutton/payloads # # Start glutton WORKDIR /opt/glutton -USER glutton:glutton +USER 2000:2000 CMD exec bin/server -d true -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }') -l /var/log/glutton/glutton.log > /dev/null 2>&1 diff --git a/docker/glutton/dist/config.yaml b/docker/glutton/dist/config.yaml index a3689164..5d5072ef 100644 --- a/docker/glutton/dist/config.yaml +++ b/docker/glutton/dist/config.yaml @@ -1,6 +1,7 @@ ports: tcp: 5000 -# udp: 5001 + udp: 5001 + ssh: 2222 rules_path: config/rules.yaml diff --git a/docker/glutton/dist/rules.yaml b/docker/glutton/dist/rules.yaml new file mode 100644 index 00000000..7a8a568a --- /dev/null +++ b/docker/glutton/dist/rules.yaml @@ -0,0 +1,36 @@ +rules: + - match: tcp dst port 23 or port 2323 or port 23231 + type: conn_handler + target: telnet + - match: tcp dst port 1883 + type: conn_handler + target: mqtt + - match: tcp dst port 6969 + type: conn_handler + target: bittorrent + - match: tcp dst port 25 + type: conn_handler + target: smtp + - match: tcp dst port 3389 + type: conn_handler + target: rdp + - match: tcp dst port 445 + type: conn_handler + target: smb + - match: tcp dst port 21 + type: conn_handler + target: ftp + - match: tcp dst port 5060 + type: conn_handler + target: sip + - match: tcp dst port 5222 or port 5223 + type: conn_handler + target: jabber + - match: tcp dst port 11211 + type: conn_handler + target: memcache + - match: tcp + type: conn_handler + target: tcp + - match: udp + type: drop \ No newline at end of file diff --git a/docker/glutton/dist/system.go b/docker/glutton/dist/system.go index 1ff7eeed..d16e6076 100644 --- a/docker/glutton/dist/system.go +++ b/docker/glutton/dist/system.go @@ -27,12 +27,12 @@ func (g *Glutton) startMonitor(quit chan struct{}) { for { select { // case <-ticker.C: - // openFiles, err := countOpenFiles() - // if err != nil { - // fmt.Printf("Failed :%s", err) - // } - // runningRoutines := runtime.NumGoroutine() - // g.Logger.Info(fmt.Sprintf("running Go routines: %d, open files: %d", openFiles, runningRoutines)) + // openFiles, err := countOpenFiles() + // if err != nil { + // fmt.Printf("Failed :%s", err) + // } + // runningRoutines := runtime.NumGoroutine() + // g.Logger.Info(fmt.Sprintf("running Go routines: %d, open files: %d", openFiles, runningRoutines)) case <-quit: g.Logger.Info("monitoring stopped...") ticker.Stop() diff --git a/docker/tpotinit/dist/bin/rules.sh b/docker/tpotinit/dist/bin/rules.sh index 1ffb2145..367c8b08 100755 --- a/docker/tpotinit/dist/bin/rules.sh +++ b/docker/tpotinit/dist/bin/rules.sh @@ -1,7 +1,7 @@ #!/bin/bash ### Vars, Ports for Standard services -myHOSTPORTS="7634 64294 64295" +myHOSTPORTS="7634 64294 64295 64296 64297 64298 64299 64303 64305" myDOCKERCOMPOSEYML="$1" myRULESFUNCTION="$2"