diff --git a/installer/bin/clean.sh b/installer/bin/clean.sh index 2c598a29..62e073a9 100644 --- a/installer/bin/clean.sh +++ b/installer/bin/clean.sh @@ -17,7 +17,23 @@ if [ "$myPERSISTENCE" = "on" ]; exit fi -# Let's create a function to clean up dionaea data +# Let's create a function to clean up and prepare conpot data +fuCONPOT () { + rm -rf /data/conpot/* + mkdir -p /data/conpot/log + chmod 760 /data/conpot -R + chown tpot:tpot /data/conpot -R +} + +# Let's create a function to clean up and prepare cowrie data +fuCOWRIE () { + rm -rf /data/cowrie/* + mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ + chmod 760 /data/cowrie -R + chown tpot:tpot /data/cowrie -R +} + +# Let's create a function to clean up and prepare dionaea data fuDIONAEA () { rm -rf /data/dionaea/* rm /data/ews/dionaea/ews.json @@ -26,8 +42,85 @@ fuDIONAEA () { chown tpot:tpot /data/dionaea -R } +# Let's create a function to clean up and prepare elasticpot data +fuELASTICPOT () { + rm -rf /data/elasticpot/* + mkdir -p /data/elasticpot/log + chmod 760 /data/elasticpot -R + chown tpot:tpot /data/elasticpot -R +} + +# Let's create a function to clean up and prepare elk data +fuELK () { + # ELK data will be kept for <= 90 days, check /etc/crontab for curator modification + # ELK daemon log files will be removed + rm -rf /data/elk/log/* +} + +# Let's create a function to clean up and prepare emobility data +fuEMOBILITY () { + rm -rf /data/emobility/* + rm /data/ews/emobility/ews.json + mkdir -p /data/emobility/log /data/ews/emobility + chmod 760 /data/emobility -R + chown tpot:tpot /data/emobility -R +} + +# Let's create a function to clean up and prepare glastopf data +fuGLASTOPF () { + rm -rf /data/glastopf/* + mkdir -p /data/glastopf + chmod 760 /data/glastopf -R + chown tpot:tpot /data/glastopf -R +} + +# Let's create a function to clean up and prepare honeytrap data +fuHONEYTRAP () { + rm -rf /data/honeytrap/* + mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ + chmod 760 /data/honeytrap/ -R + chown tpot:tpot /data/honeytrap/ -R +} + +# Let's create a function to clean up and prepare suricata data +fuSURICATA () { + rm -rf /data/suricata/* + mkdir -p /data/suricata/log + chmod 760 -R /data/suricata + chown tpot:tpot -R /data/suricata + # Get IF, disable offloading, enable promiscious mode + myIF=$(route | grep default | awk '{ print $8 }') + /sbin/ethtool --offload $myIF rx off tx off + /sbin/ethtool -K $myIF gso off gro off + /sbin/ip link set $myIF promisc on +} + case $1 in + conpot) + fuCONPOT $1 + ;; + cowrie) + fuCOWRIE $1 + ;; dionaea) fuDIONAEA $1 ;; + elasticpot) + fuELASTICPOT $1 + ;; + elk) + fuELK $1 + ;; + emobility) + fuEMOBILITY $1 + ;; + glastopf) + fuGLASTOPF $1 + ;; + honeytrap) + fuHONEYTRAP $1 + ;; + suricata) + fuSURICATA $1 + ;; esac diff --git a/installer/data/systemd/conpot.service b/installer/data/systemd/conpot.service new file mode 100644 index 00000000..d2f7407e --- /dev/null +++ b/installer/data/systemd/conpot.service @@ -0,0 +1,15 @@ +[Unit] +Description=conpot +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker stop conpot +ExecStartPre=-/usr/bin/docker rm -v conpot +ExecStartPre=/bin/bash -c '/usr/bin/clean.sh conpot off' +ExecStart=/usr/bin/docker run --name conpot --rm=true -v /data/conpot:/data/conpot -v /data/ews:/data/ews -p 81:80 -p 102:102 -p 161:161/udp -p 502:502 dtagdevsec/conpot:latest1603 +ExecStop=/usr/bin/docker stop conpot + +[Install] +WantedBy=multi-user.target diff --git a/installer/data/systemd/cowrie.service b/installer/data/systemd/cowrie.service new file mode 100644 index 00000000..aa9b0b76 --- /dev/null +++ b/installer/data/systemd/cowrie.service @@ -0,0 +1,15 @@ +[Unit] +Description=cowrie +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker stop cowrie +ExecStartPre=-/usr/bin/docker rm -v cowrie +ExecStartPre=/bin/bash -c '/usr/bin/clean.sh cowrie off' +ExecStart=/usr/bin/docker run --name cowrie --rm=true -p 22:2222 -v /data/cowrie:/data/cowrie -v /data/ews:/data/ews dtagdevsec/cowrie:latest1603 +ExecStop=/usr/bin/docker stop cowrie + +[Install] +WantedBy=multi-user.target diff --git a/installer/data/systemd/elasticpot.service b/installer/data/systemd/elasticpot.service new file mode 100644 index 00000000..fc0e68b3 --- /dev/null +++ b/installer/data/systemd/elasticpot.service @@ -0,0 +1,15 @@ +[Unit] +Description=elasticpot +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker stop elasticpot +ExecStartPre=-/usr/bin/docker rm -v elasticpot +ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elasticpot off' +ExecStart=/usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -v /data/ews:/data/ews -p 9200:9200 dtagdevsec/elasticpot:latest1603 +ExecStop=/usr/bin/docker stop elasticpot + +[Install] +WantedBy=multi-user.target diff --git a/installer/data/systemd/elk.service b/installer/data/systemd/elk.service new file mode 100644 index 00000000..cef71d1f --- /dev/null +++ b/installer/data/systemd/elk.service @@ -0,0 +1,15 @@ +[Unit] +Description=elk +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker stop elk +ExecStartPre=-/usr/bin/docker rm -v elk +ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk' +ExecStart=/usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:8080 --rm=true dtagdevsec/elk:latest1603 +ExecStop=/usr/bin/docker stop elk + +[Install] +WantedBy=multi-user.target diff --git a/installer/data/systemd/emobility.service b/installer/data/systemd/emobility.service new file mode 100644 index 00000000..f5c48034 --- /dev/null +++ b/installer/data/systemd/emobility.service @@ -0,0 +1,15 @@ +[Unit] +Description=emobility +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker stop emobility +ExecStartPre=-/usr/bin/docker rm -v emobility +ExecStartPre=/bin/bash -c '/usr/bin/clean.sh emobility off' +ExecStart=/usr/bin/docker run --name emobility --cap-add=NET_ADMIN -p 8080:8080 -v /data/emobility:/data/eMobility -v /data/ews:/data/ews --rm=true dtagdevsec/emobility:latest1603 +ExecStop=/usr/bin/docker stop emobility + +[Install] +WantedBy=multi-user.target diff --git a/installer/data/systemd/glastopf.service b/installer/data/systemd/glastopf.service new file mode 100644 index 00000000..ada61c21 --- /dev/null +++ b/installer/data/systemd/glastopf.service @@ -0,0 +1,15 @@ +[Unit] +Description=glastopf +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker stop glastopf +ExecStartPre=-/usr/bin/docker rm -v glastopf +ExecStartPre=/bin/bash -c '/usr/bin/clean.sh glastopf off' +ExecStart=/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:latest1603 +ExecStop=/usr/bin/docker stop glastopf + +[Install] +WantedBy=multi-user.target diff --git a/installer/data/systemd/honeytrap.service b/installer/data/systemd/honeytrap.service new file mode 100644 index 00000000..4d09b4a5 --- /dev/null +++ b/installer/data/systemd/honeytrap.service @@ -0,0 +1,17 @@ +[Unit] +Description=honeytrap +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker stop honeytrap +ExecStartPre=-/usr/bin/docker rm -v honeytrap +ExecStartPre=/bin/bash -c '/usr/bin/clean.sh honeytrap off' +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE +ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1603 +ExecStop=/usr/bin/docker stop honeytrap +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE + +[Install] +WantedBy=multi-user.target diff --git a/installer/data/systemd/suricata.service b/installer/data/systemd/suricata.service new file mode 100644 index 00000000..391f6d42 --- /dev/null +++ b/installer/data/systemd/suricata.service @@ -0,0 +1,15 @@ +[Unit] +Description=suricata +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker stop suricata +ExecStartPre=-/usr/bin/docker rm -v suricata +ExecStartPre=/bin/bash -c '/usr/bin/clean.sh suricata off' +ExecStart=/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:latest1603 +ExecStop=/usr/bin/docker stop suricata + +[Install] +WantedBy=multi-user.target