some changes for elasticpot

2025-04-28 19:28:50 +00:00 · 2016-01-15 23:11:49 +01:00 · 2016-01-15 23:11:49 +01:00 · d4aa333e6f
commit d4aa333e6f
parent f3b2949eae
5 changed files with 33 additions and 3 deletions
--- a/installer/data/full_images.conf
+++ b/installer/data/full_images.conf
@ -1,5 +1,6 @@
 cowrie
 dionaea
 elasticpot
 elk
 glastopf
 honeytrap
--- a/installer/data/sensor_images.conf
+++ b/installer/data/sensor_images.conf
@ -1,4 +1,5 @@
 cowrie
 dionaea
 elasticpot
 glastopf
 honeytrap
--- a/installer/install.sh
+++ b/installer/install.sh
@ -276,6 +276,7 @@ chmod 644 /root/tpot/upstart/*
 fuECHO "### Creating some files and folders."
 mkdir -p /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/glastopf /data/ews/honeytrap \
         /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \
         /data/elasticpot \
         /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot \
         /data/elk/data /data/elk/log /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
         /data/suricata/log /home/tsec/.ssh/
--- a/installer/upstart/elasticpot.conf
+++ b/installer/upstart/elasticpot.conf
@ -0,0 +1,27 @@
 ########################################################
 # T-Pot                                                #
 # Elasticpot upstart script                            #
 #                                                      #
 # v16.03.2 by ms, DTAG, 2016-01-02                     #
 ########################################################
 description "Elasticpot"
 author "ms"
 start on started docker and filesystem
 stop on runlevel [!2345]
 respawn
 pre-start script
  # Remove any existing elasticpot containers
  myCID=$(docker ps -a | grep elasticpot | awk '{ print $1 }')
  if [ "$myCID" != "" ];
    then docker rm -v $myCID;
  fi
  # Remove any data from previous container
 end script
 script
  /usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -p 9200:8080 dtagdevsec/elasticpot:latest1603
 end script
 post-start script
  # Delay next start to avoid rapid respawning
  sleep $(((RANDOM % 5)+5))
 end script
--- a/installer/upstart/honeytrap.conf
+++ b/installer/upstart/honeytrap.conf
@ -2,7 +2,7 @@
 # T-Pot                                                #
 # Honeytrap upstart script                             #
 #                                                      #
-# v16.03.2 by mo, DTAG, 2015-12-15                     #
+# v16.03.3 by mo, DTAG, 2016-01-15                     #
 ########################################################
 description "Honeytrap"
@ -21,7 +21,7 @@ pre-start script
  mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
  chmod 760 /data/honeytrap/ -R
  chown tpot:tpot /data/honeytrap/ -R
-  /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
+  /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,9200,64295,64296 -j NFQUEUE
 end script
 script
  /usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1603
@ -31,5 +31,5 @@ post-start script
  sleep $(((RANDOM % 5)+5))
 end script
 post-stop script
-  /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
+  /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,9200,64295,64296 -j NFQUEUE
 end script