mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-01 20:42:11 +00:00
tweaking
allow for ftp data forward ftp data into dionaea container disable ipv6 since it messes up dionaea ip logging
This commit is contained in:
Marco Ochse
parent
adc8ddd090
commit
d1c167bd5f
5 changed files with 8 additions and 10 deletions
|
|
@ -52,13 +52,12 @@ services:
|
||||||
container_name: dionaea
|
container_name: dionaea
|
||||||
stdin_open: true
|
stdin_open: true
|
||||||
restart: always
|
restart: always
|
||||||
sysctls:
|
|
||||||
- net.ipv6.conf.all.disable_ipv6=1
|
|
||||||
networks:
|
networks:
|
||||||
- dionaea_local
|
- dionaea_local
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_BIND_SERVICE
|
- NET_BIND_SERVICE
|
||||||
ports:
|
ports:
|
||||||
|
- "20:20"
|
||||||
- "21:21"
|
- "21:21"
|
||||||
- "42:42"
|
- "42:42"
|
||||||
- "69:69/udp"
|
- "69:69/udp"
|
||||||
|
|
|
||||||
|
|
@ -35,13 +35,12 @@ services:
|
||||||
container_name: dionaea
|
container_name: dionaea
|
||||||
stdin_open: true
|
stdin_open: true
|
||||||
restart: always
|
restart: always
|
||||||
sysctls:
|
|
||||||
- net.ipv6.conf.all.disable_ipv6=1
|
|
||||||
networks:
|
networks:
|
||||||
- dionaea_local
|
- dionaea_local
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_BIND_SERVICE
|
- NET_BIND_SERVICE
|
||||||
ports:
|
ports:
|
||||||
|
- "20:20"
|
||||||
- "21:21"
|
- "21:21"
|
||||||
- "42:42"
|
- "42:42"
|
||||||
- "69:69/udp"
|
- "69:69/udp"
|
||||||
|
|
|
||||||
|
|
@ -37,13 +37,12 @@ services:
|
||||||
container_name: dionaea
|
container_name: dionaea
|
||||||
stdin_open: true
|
stdin_open: true
|
||||||
restart: always
|
restart: always
|
||||||
sysctls:
|
|
||||||
- net.ipv6.conf.all.disable_ipv6=1
|
|
||||||
networks:
|
networks:
|
||||||
- dionaea_local
|
- dionaea_local
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_BIND_SERVICE
|
- NET_BIND_SERVICE
|
||||||
ports:
|
ports:
|
||||||
|
- "20:20"
|
||||||
- "21:21"
|
- "21:21"
|
||||||
- "42:42"
|
- "42:42"
|
||||||
- "69:69/udp"
|
- "69:69/udp"
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ RestartSec=5
|
||||||
ExecStartPre=-/usr/share/tpot/bin/updateip.sh
|
ExecStartPre=-/usr/share/tpot/bin/updateip.sh
|
||||||
|
|
||||||
# Clear state or if persistence is enabled rotate and compress logs from /data
|
# Clear state or if persistence is enabled rotate and compress logs from /data
|
||||||
ExecStartPre=-/bin/bash -c '/usr/share/tpot/bin/clean.sh off'
|
ExecStartPre=-/bin/bash -c '/usr/share/tpot/bin/clean.sh on'
|
||||||
|
|
||||||
# Remove old containers, images and volumes
|
# Remove old containers, images and volumes
|
||||||
ExecStartPre=-/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
ExecStartPre=-/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||||
|
|
@ -29,11 +29,12 @@ ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " |
|
||||||
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
|
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
|
||||||
|
|
||||||
# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
|
# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
|
||||||
|
# Disregards UDP1900 traffic from/to localhost, too many false positives
|
||||||
# Forward all other connections to honeytrap / NFQUEUE
|
# Forward all other connections to honeytrap / NFQUEUE
|
||||||
ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
|
ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
|
||||||
ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT
|
ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT
|
||||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
|
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
|
||||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 21:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
||||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
|
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
|
||||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
|
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
|
||||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
|
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
|
||||||
|
|
@ -48,7 +49,7 @@ ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||||
ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
|
ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
|
||||||
ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
|
ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
|
||||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
|
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
|
||||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 21:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
||||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
|
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
|
||||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
|
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
|
||||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
|
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
|
||||||
|
|
|
||||||
|
|
@ -487,7 +487,7 @@ chown tsec:tsec /home/tsec/.ssh /home/tsec/.ssh/authorized_keys 2>&1 | dialog --
|
||||||
|
|
||||||
# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub
|
# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub
|
||||||
sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub 2>&1>/dev/null
|
sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub 2>&1>/dev/null
|
||||||
sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub 2>&1>/dev/null
|
sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1 ipv6.disable=1"#' /etc/default/grub 2>&1>/dev/null
|
||||||
#sed -i 's#\#GRUB_GFXMODE=640x480#GRUB_GFXMODE=800x600x32#' /etc/default/grub
|
#sed -i 's#\#GRUB_GFXMODE=640x480#GRUB_GFXMODE=800x600x32#' /etc/default/grub
|
||||||
#tee -a /etc/default/grub <<EOF
|
#tee -a /etc/default/grub <<EOF
|
||||||
#GRUB_GFXPAYLOAD=800x600x32
|
#GRUB_GFXPAYLOAD=800x600x32
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue