systemd - follow up services

2025-04-28 11:18:51 +00:00 · 2016-05-29 14:48:17 +02:00 · 2016-05-29 14:48:17 +02:00 · dac91cc208
commit dac91cc208
parent faff7a17bf
9 changed files with 216 additions and 1 deletions
--- a/installer/bin/clean.sh
+++ b/installer/bin/clean.sh
@ -17,7 +17,23 @@ if [ "$myPERSISTENCE" = "on" ];
    exit
 fi

-# Let's create a function to clean up dionaea data
+# Let's create a function to clean up and prepare conpot data
+fuCONPOT () {
+  rm -rf /data/conpot/*
+  mkdir -p /data/conpot/log
+  chmod 760 /data/conpot -R
+  chown tpot:tpot /data/conpot -R
+}
+
+# Let's create a function to clean up and prepare cowrie data
+fuCOWRIE () {
+  rm -rf /data/cowrie/*
+  mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/
+  chmod 760 /data/cowrie -R
+  chown tpot:tpot /data/cowrie -R
+}
+
+# Let's create a function to clean up and prepare dionaea data
 fuDIONAEA () {
  rm -rf /data/dionaea/*
  rm /data/ews/dionaea/ews.json
@ -26,8 +42,85 @@ fuDIONAEA () {
  chown tpot:tpot /data/dionaea -R
 }

+# Let's create a function to clean up and prepare elasticpot data
+fuELASTICPOT () {
+  rm -rf /data/elasticpot/*
+  mkdir -p /data/elasticpot/log
+  chmod 760 /data/elasticpot -R
+  chown tpot:tpot /data/elasticpot -R
+}
+
+# Let's create a function to clean up and prepare elk data
+fuELK () {
+  # ELK data will be kept for <= 90 days, check /etc/crontab for curator modification
+  # ELK daemon log files will be removed
+  rm -rf /data/elk/log/*
+}
+
+# Let's create a function to clean up and prepare emobility data
+fuEMOBILITY () {
+  rm -rf /data/emobility/*
+  rm /data/ews/emobility/ews.json
+  mkdir -p /data/emobility/log /data/ews/emobility
+  chmod 760 /data/emobility -R
+  chown tpot:tpot /data/emobility -R
+}
+
+# Let's create a function to clean up and prepare glastopf data
+fuGLASTOPF () {
+  rm -rf /data/glastopf/*
+  mkdir -p /data/glastopf
+  chmod 760 /data/glastopf -R
+  chown tpot:tpot /data/glastopf -R
+}
+
+# Let's create a function to clean up and prepare honeytrap data
+fuHONEYTRAP () {
+  rm -rf /data/honeytrap/*
+  mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
+  chmod 760 /data/honeytrap/ -R
+  chown tpot:tpot /data/honeytrap/ -R
+}
+
+# Let's create a function to clean up and prepare suricata data
+fuSURICATA () {
+  rm -rf /data/suricata/*
+  mkdir -p /data/suricata/log
+  chmod 760 -R /data/suricata
+  chown tpot:tpot -R /data/suricata
+  # Get IF, disable offloading, enable promiscious mode
+  myIF=$(route | grep default | awk '{ print $8 }')
+  /sbin/ethtool --offload $myIF rx off tx off
+  /sbin/ethtool -K $myIF gso off gro off
+  /sbin/ip link set $myIF promisc on
+}
+
 case $1 in
+  conpot)
+    fuCONPOT $1
+  ;;
+  cowrie)
+    fuCOWRIE $1
+  ;;
  dionaea)
    fuDIONAEA $1
  ;;
+  elasticpot)
+    fuELASTICPOT $1
+  ;;
+  elk)
+    fuELK $1
+  ;;
+  emobility)
+    fuEMOBILITY $1
+  ;;
+  glastopf)
+    fuGLASTOPF $1
+  ;;
+  honeytrap)
+    fuHONEYTRAP $1
+  ;;
+  suricata)
+    fuSURICATA $1
+  ;;
 esac
--- a/installer/data/systemd/conpot.service
+++ b/installer/data/systemd/conpot.service
@ -0,0 +1,15 @@
+[Unit]
+Description=conpot
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop conpot
+ExecStartPre=-/usr/bin/docker rm -v conpot
+ExecStartPre=/bin/bash -c '/usr/bin/clean.sh conpot off'
+ExecStart=/usr/bin/docker run --name conpot --rm=true -v /data/conpot:/data/conpot -v /data/ews:/data/ews -p 81:80 -p 102:102 -p 161:161/udp -p 502:502 dtagdevsec/conpot:latest1603
+ExecStop=/usr/bin/docker stop conpot
+
+[Install]
+WantedBy=multi-user.target
--- a/installer/data/systemd/cowrie.service
+++ b/installer/data/systemd/cowrie.service
@ -0,0 +1,15 @@
+[Unit]
+Description=cowrie
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop cowrie
+ExecStartPre=-/usr/bin/docker rm -v cowrie
+ExecStartPre=/bin/bash -c '/usr/bin/clean.sh cowrie off'
+ExecStart=/usr/bin/docker run --name cowrie --rm=true -p 22:2222 -v /data/cowrie:/data/cowrie -v /data/ews:/data/ews dtagdevsec/cowrie:latest1603
+ExecStop=/usr/bin/docker stop cowrie
+
+[Install]
+WantedBy=multi-user.target
--- a/installer/data/systemd/elasticpot.service
+++ b/installer/data/systemd/elasticpot.service
@ -0,0 +1,15 @@
+[Unit]
+Description=elasticpot
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop elasticpot
+ExecStartPre=-/usr/bin/docker rm -v elasticpot
+ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elasticpot off'
+ExecStart=/usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -v /data/ews:/data/ews -p 9200:9200 dtagdevsec/elasticpot:latest1603
+ExecStop=/usr/bin/docker stop elasticpot
+
+[Install]
+WantedBy=multi-user.target
--- a/installer/data/systemd/elk.service
+++ b/installer/data/systemd/elk.service
@ -0,0 +1,15 @@
+[Unit]
+Description=elk
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop elk
+ExecStartPre=-/usr/bin/docker rm -v elk
+ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk'
+ExecStart=/usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:8080 --rm=true dtagdevsec/elk:latest1603
+ExecStop=/usr/bin/docker stop elk
+
+[Install]
+WantedBy=multi-user.target
--- a/installer/data/systemd/emobility.service
+++ b/installer/data/systemd/emobility.service
@ -0,0 +1,15 @@
+[Unit]
+Description=emobility
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop emobility
+ExecStartPre=-/usr/bin/docker rm -v emobility
+ExecStartPre=/bin/bash -c '/usr/bin/clean.sh emobility off'
+ExecStart=/usr/bin/docker run --name emobility --cap-add=NET_ADMIN -p 8080:8080 -v /data/emobility:/data/eMobility -v /data/ews:/data/ews --rm=true dtagdevsec/emobility:latest1603
+ExecStop=/usr/bin/docker stop emobility
+
+[Install]
+WantedBy=multi-user.target
--- a/installer/data/systemd/glastopf.service
+++ b/installer/data/systemd/glastopf.service
@ -0,0 +1,15 @@
+[Unit]
+Description=glastopf
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop glastopf
+ExecStartPre=-/usr/bin/docker rm -v glastopf
+ExecStartPre=/bin/bash -c '/usr/bin/clean.sh glastopf off'
+ExecStart=/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:latest1603
+ExecStop=/usr/bin/docker stop glastopf
+
+[Install]
+WantedBy=multi-user.target
--- a/installer/data/systemd/honeytrap.service
+++ b/installer/data/systemd/honeytrap.service
@ -0,0 +1,17 @@
+[Unit]
+Description=honeytrap
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop honeytrap
+ExecStartPre=-/usr/bin/docker rm -v honeytrap
+ExecStartPre=/bin/bash -c '/usr/bin/clean.sh honeytrap off'
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1603
+ExecStop=/usr/bin/docker stop honeytrap
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+
+[Install]
+WantedBy=multi-user.target
--- a/installer/data/systemd/suricata.service
+++ b/installer/data/systemd/suricata.service
@ -0,0 +1,15 @@
+[Unit]
+Description=suricata
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/docker stop suricata
+ExecStartPre=-/usr/bin/docker rm -v suricata
+ExecStartPre=/bin/bash -c '/usr/bin/clean.sh suricata off'
+ExecStart=/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:latest1603
+ExecStop=/usr/bin/docker stop suricata
+
+[Install]
+WantedBy=multi-user.target