From d4aa333e6fee72e387d44eee95af3536607f1e14 Mon Sep 17 00:00:00 2001
From: Marco Ochse <marco.ochse@gmail.com>
Date: Fri, 15 Jan 2016 23:11:49 +0100
Subject: [PATCH] some changes for elasticpot

---
 installer/data/full_images.conf   |  1 +
 installer/data/sensor_images.conf |  1 +
 installer/install.sh              |  1 +
 installer/upstart/elasticpot.conf | 27 +++++++++++++++++++++++++++
 installer/upstart/honeytrap.conf  |  6 +++---
 5 files changed, 33 insertions(+), 3 deletions(-)
 create mode 100644 installer/upstart/elasticpot.conf

diff --git a/installer/data/full_images.conf b/installer/data/full_images.conf
index e2d16718..3ef98bff 100644
--- a/installer/data/full_images.conf
+++ b/installer/data/full_images.conf
@@ -1,5 +1,6 @@
 cowrie
 dionaea
+elasticpot
 elk
 glastopf
 honeytrap
diff --git a/installer/data/sensor_images.conf b/installer/data/sensor_images.conf
index 74e94fe4..d027025a 100644
--- a/installer/data/sensor_images.conf
+++ b/installer/data/sensor_images.conf
@@ -1,4 +1,5 @@
 cowrie
 dionaea
+elasticpot
 glastopf
 honeytrap
diff --git a/installer/install.sh b/installer/install.sh
index e8798551..193f069c 100755
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -276,6 +276,7 @@ chmod 644 /root/tpot/upstart/*
 fuECHO "### Creating some files and folders."
 mkdir -p /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/glastopf /data/ews/honeytrap \
          /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \
+         /data/elasticpot \
          /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot \
          /data/elk/data /data/elk/log /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
          /data/suricata/log /home/tsec/.ssh/
diff --git a/installer/upstart/elasticpot.conf b/installer/upstart/elasticpot.conf
new file mode 100644
index 00000000..8cb3a459
--- /dev/null
+++ b/installer/upstart/elasticpot.conf
@@ -0,0 +1,27 @@
+########################################################
+# T-Pot                                                #
+# Elasticpot upstart script                            #
+#                                                      #
+# v16.03.2 by ms, DTAG, 2016-01-02                     #
+########################################################
+
+description "Elasticpot"
+author "ms"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+  # Remove any existing elasticpot containers
+  myCID=$(docker ps -a | grep elasticpot | awk '{ print $1 }')
+  if [ "$myCID" != "" ];
+    then docker rm -v $myCID;
+  fi
+  # Remove any data from previous container
+end script
+script
+  /usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -p 9200:8080 dtagdevsec/elasticpot:latest1603
+end script
+post-start script
+  # Delay next start to avoid rapid respawning
+  sleep $(((RANDOM % 5)+5))
+end script
diff --git a/installer/upstart/honeytrap.conf b/installer/upstart/honeytrap.conf
index 745bdd36..07c4a174 100644
--- a/installer/upstart/honeytrap.conf
+++ b/installer/upstart/honeytrap.conf
@@ -2,7 +2,7 @@
 # T-Pot                                                #
 # Honeytrap upstart script                             #
 #                                                      #
-# v16.03.2 by mo, DTAG, 2015-12-15                     #
+# v16.03.3 by mo, DTAG, 2016-01-15                     #
 ########################################################
 
 description "Honeytrap"
@@ -21,7 +21,7 @@ pre-start script
   mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
   chmod 760 /data/honeytrap/ -R
   chown tpot:tpot /data/honeytrap/ -R
-  /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
+  /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,9200,64295,64296 -j NFQUEUE
 end script
 script
   /usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1603
@@ -31,5 +31,5 @@ post-start script
   sleep $(((RANDOM % 5)+5))
 end script
 post-stop script
-  /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
+  /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,9200,64295,64296 -j NFQUEUE
 end script