mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-01 12:32:12 +00:00
tweaking
allow for ftp data forward ftp data into dionaea container disable ipv6 since it messes up dionaea ip logging
This commit is contained in:
Marco Ochse
parent
adc8ddd090
commit
d1c167bd5f
5 changed files with 8 additions and 10 deletions
|
|
@ -52,13 +52,12 @@ services:
|
|||
container_name: dionaea
|
||||
stdin_open: true
|
||||
restart: always
|
||||
sysctls:
|
||||
- net.ipv6.conf.all.disable_ipv6=1
|
||||
networks:
|
||||
- dionaea_local
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "20:20"
|
||||
- "21:21"
|
||||
- "42:42"
|
||||
- "69:69/udp"
|
||||
|
|
|
|||
|
|
@ -35,13 +35,12 @@ services:
|
|||
container_name: dionaea
|
||||
stdin_open: true
|
||||
restart: always
|
||||
sysctls:
|
||||
- net.ipv6.conf.all.disable_ipv6=1
|
||||
networks:
|
||||
- dionaea_local
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "20:20"
|
||||
- "21:21"
|
||||
- "42:42"
|
||||
- "69:69/udp"
|
||||
|
|
|
|||
|
|
@ -37,13 +37,12 @@ services:
|
|||
container_name: dionaea
|
||||
stdin_open: true
|
||||
restart: always
|
||||
sysctls:
|
||||
- net.ipv6.conf.all.disable_ipv6=1
|
||||
networks:
|
||||
- dionaea_local
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "20:20"
|
||||
- "21:21"
|
||||
- "42:42"
|
||||
- "69:69/udp"
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ RestartSec=5
|
|||
ExecStartPre=-/usr/share/tpot/bin/updateip.sh
|
||||
|
||||
# Clear state or if persistence is enabled rotate and compress logs from /data
|
||||
ExecStartPre=-/bin/bash -c '/usr/share/tpot/bin/clean.sh off'
|
||||
ExecStartPre=-/bin/bash -c '/usr/share/tpot/bin/clean.sh on'
|
||||
|
||||
# Remove old containers, images and volumes
|
||||
ExecStartPre=-/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||
|
|
@ -29,11 +29,12 @@ ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " |
|
|||
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
|
||||
|
||||
# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
|
||||
# Disregards UDP1900 traffic from/to localhost, too many false positives
|
||||
# Forward all other connections to honeytrap / NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 21:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
|
||||
|
|
@ -48,7 +49,7 @@ ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
|||
ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 21:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
|
||||
|
|
|
|||
|
|
@ -487,7 +487,7 @@ chown tsec:tsec /home/tsec/.ssh /home/tsec/.ssh/authorized_keys 2>&1 | dialog --
|
|||
|
||||
# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub
|
||||
sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub 2>&1>/dev/null
|
||||
sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub 2>&1>/dev/null
|
||||
sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1 ipv6.disable=1"#' /etc/default/grub 2>&1>/dev/null
|
||||
#sed -i 's#\#GRUB_GFXMODE=640x480#GRUB_GFXMODE=800x600x32#' /etc/default/grub
|
||||
#tee -a /etc/default/grub <<EOF
|
||||
#GRUB_GFXPAYLOAD=800x600x32
|
||||
|
|
|
|||
Loading…
Reference in a new issue