some changes for elasticpot

2025-04-28 11:18:51 +00:00 · 2016-01-15 23:11:49 +01:00 · 2016-01-15 23:11:49 +01:00 · d4aa333e6f
commit d4aa333e6f
parent f3b2949eae
5 changed files with 33 additions and 3 deletions
--- a/installer/data/full_images.conf
+++ b/installer/data/full_images.conf
@ -1,5 +1,6 @@
 cowrie
 dionaea
+elasticpot
 elk
 glastopf
 honeytrap
--- a/installer/data/sensor_images.conf
+++ b/installer/data/sensor_images.conf
@ -1,4 +1,5 @@
 cowrie
 dionaea
+elasticpot
 glastopf
 honeytrap
--- a/installer/install.sh
+++ b/installer/install.sh
@ -276,6 +276,7 @@ chmod 644 /root/tpot/upstart/*
 fuECHO "### Creating some files and folders."
 mkdir -p /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/glastopf /data/ews/honeytrap \
         /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \
+         /data/elasticpot \
         /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot \
         /data/elk/data /data/elk/log /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
         /data/suricata/log /home/tsec/.ssh/
--- a/installer/upstart/elasticpot.conf
+++ b/installer/upstart/elasticpot.conf
@ -0,0 +1,27 @@
+########################################################
+# T-Pot                                                #
+# Elasticpot upstart script                            #
+#                                                      #
+# v16.03.2 by ms, DTAG, 2016-01-02                     #
+########################################################
+
+description "Elasticpot"
+author "ms"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+  # Remove any existing elasticpot containers
+  myCID=$(docker ps -a | grep elasticpot | awk '{ print $1 }')
+  if [ "$myCID" != "" ];
+    then docker rm -v $myCID;
+  fi
+  # Remove any data from previous container
+end script
+script
+  /usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -p 9200:8080 dtagdevsec/elasticpot:latest1603
+end script
+post-start script
+  # Delay next start to avoid rapid respawning
+  sleep $(((RANDOM % 5)+5))
+end script
--- a/installer/upstart/honeytrap.conf
+++ b/installer/upstart/honeytrap.conf
@ -2,7 +2,7 @@
 # T-Pot                                                #
 # Honeytrap upstart script                             #
 #                                                      #
-# v16.03.2 by mo, DTAG, 2015-12-15                     #
+# v16.03.3 by mo, DTAG, 2016-01-15                     #
 ########################################################

 description "Honeytrap"
@ -21,7 +21,7 @@ pre-start script
  mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
  chmod 760 /data/honeytrap/ -R
  chown tpot:tpot /data/honeytrap/ -R
-  /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
+  /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,9200,64295,64296 -j NFQUEUE
 end script
 script
  /usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1603
@ -31,5 +31,5 @@ post-start script
  sleep $(((RANDOM % 5)+5))
 end script
 post-stop script
-  /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
+  /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,9200,64295,64296 -j NFQUEUE
 end script