Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-10 10:21:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions1

tweaking, remove honeypy => deprecated

Browse source
This commit is contained in:
t3chn0m4g3 2022-01-17 17:45:03 +00:00
parent c611101987
commit d301cf0447
15 changed files with 6 additions and 102 deletions

9
README.md
View file

@ -20,7 +20,6 @@ and includes dockerized versions of the following honeypots
* [heralding](https://github.com/johnnykv/heralding),
* [hellpot](https://github.com/yunginnanet/HellPot),
* [honeypots](https://github.com/qeeqbox/honeypots),
* [honeypy](https://github.com/foospidy/HoneyPy),
* [honeysap](https://github.com/SecureAuthCorp/HoneySAP),
* [honeytrap](https://github.com/armedpot/honeytrap/),
* [ipphoney](https://gitlab.com/bontchev/ipphoney),
@ -107,7 +106,6 @@ In T-Pot we combine the dockerized honeypots ...
* [heralding](https://github.com/johnnykv/heralding),
* [hellpot](https://github.com/yunginnanet/HellPot),
* [honeypots](https://github.com/qeeqbox/honeypots),
* [honeypy](https://github.com/foospidy/HoneyPy),
* [honeysap](https://github.com/SecureAuthCorp/HoneySAP),
* [honeytrap](https://github.com/armedpot/honeytrap/),
* [ipphoney](https://gitlab.com/bontchev/ipphoney),
@ -166,7 +164,7 @@ There are prebuilt installation types available each focussing on different aspe
##### Sensor
- Honeypots: adbhoney, ciscoasa, citrixhoneypot, conpot, cowrie, dicompot, dionaea, elasticpot, heralding, honeypy, honeysap, honeytrap, mailoney, medpot, rdpy, snare & tanner
- Honeypots: adbhoney, ciscoasa, citrixhoneypot, conpot, cowrie, dicompot, dionaea, elasticpot, heralding, honeysap, honeytrap, mailoney, medpot, rdpy, snare & tanner
- Tools: cockpit, ewsposter, fatt, p0f & suricata
- Since there is no ELK stack provided the Sensor Installation only requires 4 GB of RAM.
@ -182,7 +180,7 @@ There are prebuilt installation types available each focussing on different aspe
##### NextGen
- Honeypots: adbhoney, ciscoasa, citrixhoneypot, conpot, cowrie, dicompot, dionaea, glutton, heralding, honeypy, honeysap, ipphoney, mailoney, medpot, rdpy, snare & tanner
- Honeypots: adbhoney, ciscoasa, citrixhoneypot, conpot, cowrie, dicompot, dionaea, glutton, heralding, honeysap, ipphoney, mailoney, medpot, rdpy, snare & tanner
- Tools: cockpit, cyberchef, ELK, fatt, elasticsearch head, ewsposter, nginx / heimdall, spiderfoot, p0f & suricata
@ -500,7 +498,7 @@ We hope you understand that we cannot provide support on an individual basis. We
<a name="licenses"></a>
# Licenses
The software that T-Pot is built on uses the following licenses.
<br>GPLv2: [conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeysap](https://github.com/SecureAuthCorp/HoneySAP/blob/master/COPYING), [honeypy](https://github.com/foospidy/HoneyPy/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](http://suricata-ids.org/about/open-source/)
<br>GPLv2: [conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeysap](https://github.com/SecureAuthCorp/HoneySAP/blob/master/COPYING), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](http://suricata-ids.org/about/open-source/)
<br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE), [ewsposter](https://github.com/telekom-security/ews/), [log4pot](https://github.com/thomaspatzke/Log4Pot/blob/master/LICENSE), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [ipphoney](https://gitlab.com/bontchev/ipphoney/-/blob/master/LICENSE), [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/blob/main/LICENSE), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
<br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE)
<br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [ddospot](https://github.com/aelth/ddospot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE), [hellpot](https://github.com/yunginnanet/HellPot/blob/master/LICENSE)
@ -537,7 +535,6 @@ Without open source and the fruitful development community (we are proud to be a
* [hellpot](https://github.com/yunginnanet/HellPot/graphs/contributors)
* [heralding](https://github.com/johnnykv/heralding/graphs/contributors)
* [honeypots](https://github.com/qeeqbox/honeypots/graphs/contributors)
* [honeypy](https://github.com/foospidy/HoneyPy/graphs/contributors)
* [honeysap](https://github.com/SecureAuthCorp/HoneySAP/graphs/contributors)
* [honeytrap](https://github.com/armedpot/honeytrap/graphs/contributors)
* [ipphoney](https://gitlab.com/bontchev/ipphoney/-/project_members)

9
bin/clean.sh
View file

@ -205,14 +205,6 @@ fuHONEYPOTS () {
chown tpot:tpot /data/honeypots -R
}
# Let's create a function to clean up and prepare honeypy data
fuHONEYPY () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeypy/*; fi
mkdir -p /data/honeypy/log
chmod 770 /data/honeypy -R
chown tpot:tpot /data/honeypy -R
}
# Let's create a function to clean up and prepare honeysap data
fuHONEYSAP () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeysap/*; fi
@ -356,7 +348,6 @@ if [ "$myPERSISTENCE" = "on" ];
fuHELLPOT
fuHONEYSAP
fuHONEYPOTS
fuHONEYPY
fuHONEYTRAP
fuIPPHONEY
fuLOG4POT

0
docker/honeypy/Dockerfile → docker/deprecated/honeypy/Dockerfile
View file

0
docker/honeypy/dist/honeypy.cfg → docker/deprecated/honeypy/dist/honeypy.cfg vendored
View file

0
docker/honeypy/dist/services.cfg → docker/deprecated/honeypy/dist/services.cfg vendored
View file

0
docker/honeypy/docker-compose.yml → docker/deprecated/honeypy/docker-compose.yml
View file

5
docker/docker-compose.yml
View file

@ -57,11 +57,6 @@ services:
build: heralding/.
image: "dtagdevsec/heralding:2203"
# HoneyPy service
honeypy:
build: honeypy/.
image: "dtagdevsec/honeypy:2203"
# Honeytrap service
honeytrap:
build: honeytrap/.

18
docker/elk/logstash/dist/http_output.conf vendored
View file

@ -119,13 +119,6 @@ input {
type => "Honeypots"
}
# Honeypy
file {
path => ["/data/honeypy/log/json.log"]
codec => json
type => "Honeypy"
}
# Honeysap
file {
path => ["/data/honeysap/log/honeysap-external.log"]
@ -494,17 +487,6 @@ filter {
}
}
# Honeypy
if [type] == "Honeypy" {
date {
match => [ "timestamp", "ISO8601" ]
remove_field => ["timestamp"]
remove_field => ["date"]
remove_field => ["time"]
remove_field => ["millisecond"]
}
}
# Honeypots
if [type] == "Honeypots" {
date {

18
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -119,13 +119,6 @@ input {
type => "Honeypots"
}
# Honeypy
file {
path => ["/data/honeypy/log/json.log"]
codec => json
type => "Honeypy"
}
# Honeysap
file {
path => ["/data/honeysap/log/honeysap-external.log"]
@ -494,17 +487,6 @@ filter {
}
}
# Honeypy
if [type] == "Honeypy" {
date {
match => [ "timestamp", "ISO8601" ]
remove_field => ["timestamp"]
remove_field => ["date"]
remove_field => ["time"]
remove_field => ["millisecond"]
}
}
# Honeypots
if [type] == "Honeypots" {
date {

2
docker/ews/dist/ews.cfg vendored
View file

@ -154,7 +154,7 @@ nodeid = medpot-community-01
logfile = /data/medpot/log/medpot.log
[HONEYPY]
honeypy = true
honeypy = false
nodeid = honeypy-community-01
logfile = /data/honeypy/log/json.log

20
etc/compose/nextgen.yml
View file

@ -18,7 +18,6 @@ networks:
endlessh_local:
hellpot_local:
heralding_local:
honeypy_local:
honeysap_local:
ipphoney_local:
mailoney_local:
@ -308,25 +307,6 @@ services:
volumes:
- /data/heralding/log:/var/log/heralding
# HoneyPy service
honeypy:
container_name: honeypy
restart: always
networks:
- honeypy_local
ports:
- "7:7"
- "8:8"
- "2048:2048"
- "2323:2323"
- "2324:2324"
- "4096:4096"
# - "9200:9200"
image: "dtagdevsec/honeypy:2203"
read_only: true
volumes:
- /data/honeypy/log:/opt/honeypy/log
# HoneySAP service
honeysap:
container_name: honeysap

20
etc/compose/sensor.yml
View file

@ -15,7 +15,6 @@ networks:
dionaea_local:
elasticpot_local:
heralding_local:
honeypy_local:
honeysap_local:
mailoney_local:
medpot_local:
@ -275,25 +274,6 @@ services:
volumes:
- /data/heralding/log:/var/log/heralding
# HoneyPy service
honeypy:
container_name: honeypy
restart: always
networks:
- honeypy_local
ports:
- "7:7"
- "8:8"
- "2048:2048"
- "2323:2323"
- "2324:2324"
- "4096:4096"
# - "9200:9200"
image: "dtagdevsec/honeypy:2203"
read_only: true
volumes:
- /data/honeypy/log:/opt/honeypy/log
# HoneySAP service
honeysap:
container_name: honeysap

1
etc/logrotate/logrotate.conf
View file

@ -24,7 +24,6 @@
/data/heralding/log/*.csv
/data/heralding/log/*.json
/data/honeypots/log/*.log
/data/honeypy/log/*.log
/data/honeysap/log/*.log
/data/honeytrap/log/*.log
/data/honeytrap/log/*.json

3
iso/installer/install.sh
View file

@ -22,7 +22,7 @@ myLSB_STABLE_SUPPORTED="buster bullseye"
myLSB_TESTING_SUPPORTED="stable"
myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org https://listbot.sicherheitstacho.eu"
myPREINSTALLPACKAGES="aria2 apache2-utils cracklib-runtime curl dialog figlet fuse grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet"
myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass syslinux psmisc pv python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant"
myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass syslinux psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
myINFO="\
###########################################
### T-Pot Installer for Debian (Stable) ###
@ -822,7 +822,6 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/hellpot/log \
/data/heralding/log \
/data/honeypots/log \
/data/honeypy/log \
/data/honeysap/log \
/data/ipphoney/log \
/data/log4pot/{log,payloads} \

3
update.sh
View file

@ -184,7 +184,7 @@ function fuUPDATER () {
export DEBIAN_FRONTEND=noninteractive
echo "### Installing apt-fast"
/bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)"
local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass syslinux psmisc pv python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant"
local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https bash-completion bat build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail net-tools neovim npm ntp openssh-server openssl pass pigz prips software-properties-common sshpass syslinux psmisc pv python3-pip toilet unattended-upgrades unzip wget wireless-tools wpasupplicant"
# Remove purge in the future
echo "### Removing repository based install of elasticsearch-curator"
apt-get purge elasticsearch-curator -y
@ -244,7 +244,6 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/hellpot/log \
/data/heralding/log \
/data/honeypots/log \
/data/honeypy/log \
/data/honeysap/log \
/data/ipphoney/log \
/data/log4pot/{log,payloads} \