systemd - follow up services

2025-04-28 19:28:50 +00:00 · 2016-05-29 14:48:17 +02:00 · 2016-05-29 14:48:17 +02:00 · dac91cc208
commit dac91cc208
parent faff7a17bf
9 changed files with 216 additions and 1 deletions
--- a/installer/bin/clean.sh
+++ b/installer/bin/clean.sh
@ -17,7 +17,23 @@ if [ "$myPERSISTENCE" = "on" ];
    exit
 fi
-# Let's create a function to clean up dionaea data
+# Let's create a function to clean up and prepare conpot data
 fuCONPOT () {
  rm -rf /data/conpot/*
  mkdir -p /data/conpot/log
  chmod 760 /data/conpot -R
  chown tpot:tpot /data/conpot -R
 }
 # Let's create a function to clean up and prepare cowrie data
 fuCOWRIE () {
  rm -rf /data/cowrie/*
  mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/
  chmod 760 /data/cowrie -R
  chown tpot:tpot /data/cowrie -R
 }
 # Let's create a function to clean up and prepare dionaea data
 fuDIONAEA () {
  rm -rf /data/dionaea/*
  rm /data/ews/dionaea/ews.json
@ -26,8 +42,85 @@ fuDIONAEA () {
  chown tpot:tpot /data/dionaea -R
 }
 # Let's create a function to clean up and prepare elasticpot data
 fuELASTICPOT () {
  rm -rf /data/elasticpot/*
  mkdir -p /data/elasticpot/log
  chmod 760 /data/elasticpot -R
  chown tpot:tpot /data/elasticpot -R
 }
 # Let's create a function to clean up and prepare elk data
 fuELK () {
  # ELK data will be kept for <= 90 days, check /etc/crontab for curator modification
  # ELK daemon log files will be removed
  rm -rf /data/elk/log/*
 }
 # Let's create a function to clean up and prepare emobility data
 fuEMOBILITY () {
  rm -rf /data/emobility/*
  rm /data/ews/emobility/ews.json
  mkdir -p /data/emobility/log /data/ews/emobility
  chmod 760 /data/emobility -R
  chown tpot:tpot /data/emobility -R
 }
 # Let's create a function to clean up and prepare glastopf data
 fuGLASTOPF () {
  rm -rf /data/glastopf/*
  mkdir -p /data/glastopf
  chmod 760 /data/glastopf -R
  chown tpot:tpot /data/glastopf -R
 }
 # Let's create a function to clean up and prepare honeytrap data
 fuHONEYTRAP () {
  rm -rf /data/honeytrap/*
  mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
  chmod 760 /data/honeytrap/ -R
  chown tpot:tpot /data/honeytrap/ -R
 }
 # Let's create a function to clean up and prepare suricata data
 fuSURICATA () {
  rm -rf /data/suricata/*
  mkdir -p /data/suricata/log
  chmod 760 -R /data/suricata
  chown tpot:tpot -R /data/suricata
  # Get IF, disable offloading, enable promiscious mode
  myIF=$(route | grep default | awk '{ print $8 }')
  /sbin/ethtool --offload $myIF rx off tx off
  /sbin/ethtool -K $myIF gso off gro off
  /sbin/ip link set $myIF promisc on
 }
 case $1 in
  conpot)
    fuCONPOT $1
  ;;
  cowrie)
    fuCOWRIE $1
  ;;
  dionaea)
    fuDIONAEA $1
  ;;
  elasticpot)
    fuELASTICPOT $1
  ;;
  elk)
    fuELK $1
  ;;
  emobility)
    fuEMOBILITY $1
  ;;
  glastopf)
    fuGLASTOPF $1
  ;;
  honeytrap)
    fuHONEYTRAP $1
  ;;
  suricata)
    fuSURICATA $1
  ;;
 esac
--- a/installer/data/systemd/conpot.service
+++ b/installer/data/systemd/conpot.service
@ -0,0 +1,15 @@
 [Unit]
 Description=conpot
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop conpot
 ExecStartPre=-/usr/bin/docker rm -v conpot
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh conpot off'
 ExecStart=/usr/bin/docker run --name conpot --rm=true -v /data/conpot:/data/conpot -v /data/ews:/data/ews -p 81:80 -p 102:102 -p 161:161/udp -p 502:502 dtagdevsec/conpot:latest1603
 ExecStop=/usr/bin/docker stop conpot
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/cowrie.service
+++ b/installer/data/systemd/cowrie.service
@ -0,0 +1,15 @@
 [Unit]
 Description=cowrie
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop cowrie
 ExecStartPre=-/usr/bin/docker rm -v cowrie
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh cowrie off'
 ExecStart=/usr/bin/docker run --name cowrie --rm=true -p 22:2222 -v /data/cowrie:/data/cowrie -v /data/ews:/data/ews dtagdevsec/cowrie:latest1603
 ExecStop=/usr/bin/docker stop cowrie
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/elasticpot.service
+++ b/installer/data/systemd/elasticpot.service
@ -0,0 +1,15 @@
 [Unit]
 Description=elasticpot
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop elasticpot
 ExecStartPre=-/usr/bin/docker rm -v elasticpot
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elasticpot off'
 ExecStart=/usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -v /data/ews:/data/ews -p 9200:9200 dtagdevsec/elasticpot:latest1603
 ExecStop=/usr/bin/docker stop elasticpot
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/elk.service
+++ b/installer/data/systemd/elk.service
@ -0,0 +1,15 @@
 [Unit]
 Description=elk
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop elk
 ExecStartPre=-/usr/bin/docker rm -v elk
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk'
 ExecStart=/usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:8080 --rm=true dtagdevsec/elk:latest1603
 ExecStop=/usr/bin/docker stop elk
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/emobility.service
+++ b/installer/data/systemd/emobility.service
@ -0,0 +1,15 @@
 [Unit]
 Description=emobility
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop emobility
 ExecStartPre=-/usr/bin/docker rm -v emobility
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh emobility off'
 ExecStart=/usr/bin/docker run --name emobility --cap-add=NET_ADMIN -p 8080:8080 -v /data/emobility:/data/eMobility -v /data/ews:/data/ews --rm=true dtagdevsec/emobility:latest1603
 ExecStop=/usr/bin/docker stop emobility
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/glastopf.service
+++ b/installer/data/systemd/glastopf.service
@ -0,0 +1,15 @@
 [Unit]
 Description=glastopf
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop glastopf
 ExecStartPre=-/usr/bin/docker rm -v glastopf
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh glastopf off'
 ExecStart=/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:latest1603
 ExecStop=/usr/bin/docker stop glastopf
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/honeytrap.service
+++ b/installer/data/systemd/honeytrap.service
@ -0,0 +1,17 @@
 [Unit]
 Description=honeytrap
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop honeytrap
 ExecStartPre=-/usr/bin/docker rm -v honeytrap
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh honeytrap off'
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
 ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1603
 ExecStop=/usr/bin/docker stop honeytrap
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/suricata.service
+++ b/installer/data/systemd/suricata.service
@ -0,0 +1,15 @@
 [Unit]
 Description=suricata
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop suricata
 ExecStartPre=-/usr/bin/docker rm -v suricata
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh suricata off'
 ExecStart=/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:latest1603
 ExecStop=/usr/bin/docker stop suricata
 [Install]
 WantedBy=multi-user.target