Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-10-14 12:29:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update to Conpot x 4 Templates in Parallel

Browse source 
Update to allow 4 x Conpot Templates in Parallel, along with all other changes required to build each in its own container as well as IPTables reconfiguration.
This commit is contained in:
UncleRaymondo 2018-03-09 18:17:00 +11:00
parent d2f1a27908
commit ddb1e61ae5
37 changed files with 1968 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
docker/conpot/docker-compose.yml
View file

@ -1,19 +0,0 @@
version: '2.1'
networks:
conpot_local:
services:
# Conpot service
conpot:
container_name: conpot
restart: always
networks:
- conpot_local
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot/log:/var/log/conpot

54
docker/conpot_IEC104/Dockerfile Normal file
View file

@ -0,0 +1,54 @@
FROM alpine
MAINTAINER MO
# Include dist
ADD dist/ /root/dist/
# Setup apt
RUN apk -U add bash \
build-base \
file \
git \
libev \
libtool \
libxslt \
libxslt-dev \
mariadb-dev \
mariadb-client-libs \
pkgconfig \
python \
python-dev \
py-cffi && \
# Setup ConPot
git clone https://github.com/mushorg/conpot /opt/conpot_IEC104/ && \
cd /opt/conpot_IEC104/ && \
git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
cp /root/dist/requirements.txt /opt/conpot_IEC104/ && \
python setup.py install && \
cd / && \
rm -rf /opt/conpot_IEC104 /tmp/* /var/tmp/* && \
# Setup user, groups and configs
addgroup -g 2000 conpot_IEC104 && \
adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_IEC104 && \
mkdir -p /etc/conpot_IEC104 /var/log/conpot_IEC104 && \
mv /root/dist/conpot.cfg /etc/conpot_IEC104/conpot_IEC104.cfg && \
mv /root/dist/IEC104/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_IEC104/templates/IEC104/ && \
# Clean up
apk del build-base \
file \
git \
libev \
libtool \
libxslt-dev \
mariadb-dev \
pkgconfig \
python-dev \
py-cffi && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
# Run supervisor upon container start
CMD ["/usr/bin/conpot", "--template", "IEC104", "--logfile", "/var/log/conpot_IEC104/conpot_IEC104.log", "--config", "/etc/conpot_IEC104/conpot_IEC104.cfg"]

0
docker/conpot/README.md → docker/conpot_IEC104/README.md
View file

324
docker/conpot_IEC104/dist/IEC104/IEC104/IEC104.xml vendored Normal file
View file

@ -0,0 +1,324 @@
<!-- Copyright (C) 2017 Patrick Reichenberger (University of Passau) <patrick.reichenberger@t-online.de>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<IEC104 enabled="True" host="0.0.0.0" port="2404">
<device_info>
<vendor_name>Siemens</vendor_name>
<product_code>SIMATIC</product_code>
</device_info>
<!-- names are in structured 16_8 Bit format of the Information Object Address -->
<categories>
<category name="SinglePoint" id="1">
<register name="13_20">
<value>13_20</value>
</register>
<register name="13_21">
<value>13_21</value>
</register>
<register name="13_22">
<value>13_22</value>
</register>
<register name="13_24">
<value>13_24</value>
</register>
<register name="13_25">
<value>13_25</value>
</register>
<register name="13_32">
<value>13_32</value>
</register>
<register name="13_33">
<value>13_33</value>
</register>
<register name="13_34">
<value>13_34</value>
</register>
<register name="13_35">
<value>13_35</value>
</register>
<register name="13_36">
<value>13_36</value>
</register>
<register name="13_37">
<value>13_37</value>
</register>
<register name="13_38">
<value>13_38</value>
</register>
<register name="13_39">
<value>13_39</value>
</register>
<register name="13_40">
<value>13_40</value>
</register>
<register name="13_41">
<value>13_41</value>
</register>
<register name="13_42">
<value>13_42</value>
</register>
</category>
<category name="SingleCommand" id="45">
<register name="22_19">
<value>22_19</value>
</register>
<register name="22_20" rel="13_20">
<value>22_20</value>
</register>
<register name="22_21" rel="13_21">
<value>22_21</value>
</register>
<register name="22_22" rel="13_22">
<value>22_22</value>
</register>
<register name="22_24" rel="13_24">
<value>22_24</value>
</register>
<register name="22_25" rel="13_25">
<value>22_25</value>
</register>
<register name="22_42">
<value>22_42</value>
</register>
<register name="22_43">
<value>22_43</value>
</register>
<register name="22_54">
<value>22_54</value>
</register>
</category>
<category name="DoublePoint" id="3">
<register name="33_2">
<value>33_2</value>
</register>
<register name="33_3">
<value>33_3</value>
</register>
<register name="33_4">
<value>33_4</value>
</register>
<register name="33_5">
<value>33_5</value>
</register>
<register name="33_6">
<value>33_6</value>
</register>
<register name="33_7">
<value>33_7</value>
</register>
<register name="33_8">
<value>33_8</value>
</register>
<register name="33_9">
<value>33_9</value>
</register>
<register name="33_10">
<value>33_10</value>
</register>
<register name="33_11">
<value>33_11</value>
</register>
</category>
<category name="DoubleCommand" id="46">
<register name="60_6" rel="33_6">
<value>60_6</value>
</register>
<register name="60_7" rel="33_7">
<value>60_7</value>
</register>
<register name="60_8" rel="33_8">
<value>60_8</value>
</register>
<register name="60_9" rel="33_9">
<value>60_9</value>
</register>
<register name="60_20" rel="33_10">
<value>60_20</value>
</register>
<register name="60_21" rel="33_11">
<value>60_21</value>
</register>
<register name="60_32">
<value>60_32</value>
</register>
<register name="60_34">
<value>60_34</value>
</register>
<register name="60_35">
<value>60_35</value>
</register>
<register name="60_36">
<value>60_36</value>
</register>
</category>
<category name="MeasuredValueScaled" id="11">
<register name="100_12">
<value>100_12</value>
</register>
<register name="100_13">
<value>100_13</value>
</register>
<register name="100_51">
<value>100_51</value>
</register>
<register name="100_108">
<value>100_108</value>
</register>
<register name="100_109">
<value>100_109</value>
</register>
<register name="100_178">
<value>100_178</value>
</register>
<register name="100_179">
<value>100_179</value>
</register>
<register name="100_190">
<value>100_190</value>
</register>
<register name="100_191">
<value>100_191</value>
</register>
<register name="100_192">
<value>100_192</value>
</register>
<register name="100_193">
<value>100_193</value>
</register>
</category>
<category name="SetpointCommandScaled" id="49">
<register name="101_63" rel="100_12">
<value>101_63</value>
</register>
<register name="101_205" rel="100_13">
<value>101_205</value>
</register>
<register name="101_100">
<value>101_100</value>
</register>
<register name="101_101" rel="100_51">
<value>101_101</value>
</register>
<register name="101_102" rel="100_178">
<value>101_102</value>
</register>
<register name="101_105">
<value>101_105</value>
</register>
<register name="101_106">
<value>101_106</value>
</register>
</category>
<category name="MeasuredValueFloatingPoint" id="13">
<register name="107_3">
<value>107_3</value>
</register>
<register name="107_77">
<value>107_77</value>
</register>
<register name="107_78">
<value>107_78</value>
</register>
<register name="107_79">
<value>107_79</value>
</register>
<register name="107_90">
<value>107_90</value>
</register>
<register name="107_130">
<value>107_130</value>
</register>
<register name="107_131">
<value>107_131</value>
</register>
<register name="107_132">
<value>107_132</value>
</register>
<register name="107_141">
<value>107_141</value>
</register>
<register name="107_200">
<value>107_200</value>
</register>
<register name="107_201">
<value>107_201</value>
</register>
<register name="107_202">
<value>107_202</value>
</register>
<register name="107_203">
<value>107_203</value>
</register>
<register name="107_204">
<value>107_204</value>
</register>
<register name="107_205">
<value>107_205</value>
</register>
<register name="107_206">
<value>107_206</value>
</register>
<register name="107_207">
<value>107_207</value>
</register>
<register name="107_208">
<value>107_208</value>
</register>
<register name="107_209">
<value>107_209</value>
</register>
<register name="107_210">
<value>107_210</value>
</register>
<register name="107_211">
<value>107_211</value>
</register>
<register name="107_212">
<value>107_212</value>
</register>
</category>
<category name="SetpointCommandFloatingPoint" id="50">
<register name="109_3" rel="107_3">
<value>109_3</value>
</register>
<register name="109_7" rel="107_77">
<value>109_7</value>
</register>
<register name="109_8">
<value>109_8</value>
</register>
<register name="109_10" rel="107_90">
<value>109_10</value>
</register>
<register name="109_40" rel="107_132">
<value>109_40</value>
</register>
<register name="109_41" rel="107_141">
<value>109_41</value>
</register>
</category>
</categories>
</IEC104>

675
docker/conpot_IEC104/dist/IEC104/template.xml vendored Normal file
View file

@ -0,0 +1,675 @@
<!-- Copyright (C) 2017 Patrick Reichenberger (University of Passau) <patrick.reichenberger@t-online.de>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<core>
<template>
<!-- General information about the template -->
<entity name="unit">S7-300</entity>
<entity name="vendor">Siemens</entity>
<entity name="description">Creates a simple device for IEC 60870-5-104</entity>
<entity name="protocols">IEC104</entity>
<entity name="creator">Patrick Reichenberger</entity>
</template>
<databus>
<!-- Core value that can be retrieved from the databus by key -->
<key_value_mappings>
<!-- SNMPv2-MIB -->
<key name="SystemDescription">
<value type="value">"Siemens, SIMATIC, S7-300"</value>
</key>
<key name="sysObjectID">
<value type="value">"0.0"</value>
</key>
<key name="Uptime">
<value type="function">conpot.emulators.misc.uptime.Uptime</value>
</key>
<key name="sysContact">
<value type="value">""</value>
</key>
<key name="sysName">
<value type="value">""</value>
</key>
<key name="sysLocation">
<value type="value">""</value>
</key>
<key name="sysServices">
<value type="value">"72"</value>
</key>
<!-- IF-MIB -->
<key name="ifNumber">
<value type="value">1</value>
</key>
<key name="ifIndex">
<value type="value">1</value>
</key>
<key name="ifDescr">
<value type="value">"Siemens, SIMATIC NET, CP 343-1 PN, 6GK7 343-1EX21-0XE0, HW: Version 2, FW: Version V1.2.3, Ethernet Port 1, Rack 0, 100Mbit"</value>
</key>
<key name="ifType">
<value type="value">6</value>
</key>
<key name="ifMtu">
<value type="value">1000</value>
</key>
<key name="ifSpeed">
<value type="value">100000000</value>
</key>
<key name="ifPhysAddress">
<value type="value">"\x00\x0e\x8c\x29\xc5\x1a"</value>
</key>
<key name="ifAdminStatus">
<value type="value">1</value>
</key>
<key name="ifOperStatus">
<value type="value">1</value>
</key>
<key name="ifLastChange">
<value type="function">conpot.emulators.misc.uptime.Uptime</value>
</key>
<key name="FacilityName">
<value type="value">"Compagnie Generale des Eaux"</value>
</key>
<key name="0">
<value type="value">0</value>
</key>
<key name="1">
<value type="value">1</value>
</key>
<key name="ifInOctets">
<value type="value">1618895</value>
</key>
<key name="ifInUcastPkts">
<value type="value">7018</value>
</key>
<key name="ifInNUcastPkts">
<value type="value">291</value>
</key>
<key name="ifOutOctets">
<value type="value">455107</value>
</key>
<key name="ifOutUcastPkts">
<value type="value">872264</value>
</key>
<key name="ifOutUNcastPkts">
<value type="value">143</value>
</key>
<!-- IP-MIB -->
<key name="ipForwarding">
<value type="value">2</value>
</key>
<key name="ipDefaultTTL">
<value type="value">60</value>
</key>
<key name="ipInReceives">
<value type="value">31271</value>
</key>
<key name="ipInHdrErrors">
<value type="value">0</value>
</key>
<key name="ipInAddrErrors">
<value type="value">0</value>
</key>
<key name="ipForwDatagrams">
<value type="value">0</value>
</key>
<key name="ipInUnknownProtos">
<value type="value">0</value>
</key>
<key name="ipInDiscards">
<value type="value">0</value>
</key>
<key name="ipInDelivers">
<value type="value">31282</value>
</key>
<key name="ipOutRequests">
<value type="value">69023</value>
</key>
<key name="ipOutDiscards">
<value type="value">0</value>
</key>
<key name="ipOutNoRoutes">
<value type="value">0</value>
</key>
<key name="ipReasmTimeout">
<value type="value">60</value>
</key>
<key name="ipReasmReqds">
<value type="value">7</value>
</key>
<key name="ipReasmOKs">
<value type="value">3</value>
</key>
<key name="ipReasmFails">
<value type="value">0</value>
</key>
<key name="ipFragOKs">
<value type="value">0</value>
</key>
<key name="ipFragFails">
<value type="value">0</value>
</key>
<key name="ipFragCreates">
<value type="value">0</value>
</key>
<key name="ipAdEntAddr">
<value type="value">"163.172.189.137"</value>
</key>
<key name="ipAdEntIfIndex">
<value type="value">1</value>
</key>
<key name="ipAdEntNetMask">
<value type="value">"255.255.255.255"</value>
</key>
<key name="ipAdEntBcastAddr">
<value type="value">1</value>
</key>
<key name="ipAdEntReasmMaxSize">
<value type="value">65528</value>
</key>
<key name="ipRoutingDiscards">
<value type="value">0</value>
</key>
<key name="icmpInMsgs">
<value type="value">4</value>
</key>
<key name="icmpInErrors">
<value type="value">0</value>
</key>
<key name="icmpInDestUnreachs">
<value type="value">1</value>
</key>
<key name="icmpInTimeExcds">
<value type="value">0</value>
</key>
<key name="icmpInParmProbs">
<value type="value">0</value>
</key>
<key name="icmpInSrcQuenchs">
<value type="value">0</value>
</key>
<key name="icmpInRedirects">
<value type="value">0</value>
</key>
<key name="icmpInEchos">
<value type="value">0</value>
</key>
<key name="icmpInEchoReps">
<value type="value">0</value>
</key>
<key name="icmpInTimestamps">
<value type="value">0</value>
</key>
<key name="icmpInTimestampReps">
<value type="value">0</value>
</key>
<key name="icmpInAddrMasks">
<value type="value">0</value>
</key>
<key name="icmpInAddrMaskReps">
<value type="value">0</value>
</key>
<key name="icmpOutMsgs">
<value type="value">0</value>
</key>
<key name="icmpOutErrors">
<value type="value">0</value>
</key>
<key name="icmpOutDestUnreachs">
<value type="value">144</value>
</key>
<key name="icmpOutTimeExcds">
<value type="value">0</value>
</key>
<key name="icmpOutParmProbs">
<value type="value">0</value>
</key>
<key name="icmpOutSrcQuenchs">
<value type="value">0</value>
</key>
<key name="icmpOutRedirects">
<value type="value">0</value>
</key>
<key name="icmpOutEchos">
<value type="value">0</value>
</key>
<key name="icmpOutEchoReps">
<value type="value">0</value>
</key>
<key name="icmpOutTimestamps">
<value type="value">0</value>
</key>
<key name="icmpOutTimestampReps">
<value type="value">0</value>
</key>
<key name="icmpOutAddrMasks">
<value type="value">0</value>
</key>
<key name="icmpOutAddrMaskReps">
<value type="value">0</value>
</key>
<!-- TCP-MIB -->
<key name="tcpRtoAlgorithm">
<value type="value">2</value>
</key>
<key name="tcpRtoMin">
<value type="value">0</value>
</key>
<key name="tcpRtoMax">
<value type="value">100</value>
</key>
<key name="tcpMaxConn">
<value type="value">-1</value>
</key>
<key name="tcpActiveOpens">
<value type="value">0</value>
</key>
<key name="tcpPassiveOpens">
<value type="value">101</value>
</key>
<key name="tcpAttemptFails">
<value type="value">42</value>
</key>
<key name="tcpEstabResets">
<value type="value">45</value>
</key>
<key name="tcpCurrEstab">
<value type="value">0</value>
</key>
<key name="tcpInSegs">
<value type="value">30321</value>
</key>
<key name="tcpOutSegs">
<value type="value">67821</value>
</key>
<key name="tcpRetransSegs">
<value type="value">2511</value>
</key>
<key name="tcpConnState">
<value type="value">2</value>
</key>
<key name="tcpConnLocalAddress">
<value type="value">"163.172.189.137"</value>
</key>
<key name="tcpConnLocalPort">
<value type="value">2404</value>
</key>
<key name="tcpConnRemAddress">
<value type="value">"0.0.0.0"</value>
</key>
<key name="tcpConnRemPort">
<value type="value">0</value>
</key>
<key name="tcpInErrs">
<value type="value">1</value>
</key>
<key name="tcpOutRsts">
<value type="value">728</value>
</key>
<!-- UDP-MIB -->
<key name="udpInDatagrams">
<value type="value">1441</value>
</key>
<key name="udpNoPorts">
<value type="value">1280</value>
</key>
<key name="udpInErrors">
<value type="value">23</value>
</key>
<key name="udpOutDatagrams">
<value type="value">47</value>
</key>
<key name="udpLocalAddress">
<value type="value">"163.172.189.137"</value>
</key>
<key name="udpLocalPort">
<value type="value">161</value>
</key>
<key name="SystemName">
<value type="value">"CP 343-1 IT"</value>
</key>
<!-- IEC104 Protocol parameter -->
<!-- Timeout of connection establishment -->
<key name="T_0">
<value type="value">30</value>
</key>
<!-- Timeout of send or test APDUs (Wartezeit auf Quittung) -->
<key name="T_1">
<value type="value">15</value>
</key>
<!-- Timeout for acknowledges in case of no data messages T_2 < T_1 (Quittieren nach x sek) -->
<key name="T_2">
<value type="value">10</value>
</key>
<!-- Timeout for sending test frames in case of a long idle state -->
<key name="T_3">
<value type="value">20</value>
</key>
<!-- Maximum difference receive sequence number to send state variable (Max. Anzahl unquittierter Telegramme) -->
<!-- not implemented yet -->
<key name="k">
<value type="value">12</value>
</key>
<!-- Latest acknowledge after receiving w I-format APDUs (Quittieren nach w Telegrammen) -->
<key name="w">
<value type="value">8</value>
</key>
<!-- Maximum frame size (in bytes) -->
<key name="MaxFrameSize">
<value type="value">254</value>
</key>
<!-- Devices -->
<!-- 13- -->
<key name="13_20">
<value type="value">1</value>
</key>
<key name="13_21">
<value type="value">0</value>
</key>
<key name="13_22">
<value type="value">0</value>
</key>
<key name="13_24">
<value type="value">1</value>
</key>
<key name="13_25">
<value type="value">1</value>
</key>
<key name="13_32">
<value type="value">1</value>
</key>
<key name="13_33">
<value type="value">1</value>
</key>
<key name="13_34">
<value type="value">1</value>
</key>
<key name="13_35">
<value type="value">1</value>
</key>
<key name="13_36">
<value type="value">1</value>
</key>
<key name="13_37">
<value type="value">1</value>
</key>
<key name="13_38">
<value type="value">1</value>
</key>
<key name="13_39">
<value type="value">1</value>
</key>
<key name="13_40">
<value type="value">0</value>
</key>
<key name="13_41">
<value type="value">1</value>
</key>
<key name="13_42">
<value type="value">0</value>
</key>
<!-- 22- -->
<key name="22_19">
<value type="value">1</value>
</key>
<key name="22_20">
<value type="value">1</value>
</key>
<key name="22_21">
<value type="value">0</value>
</key>
<key name="22_22">
<value type="value">0</value>
</key>
<key name="22_24">
<value type="value">1</value>
</key>
<key name="22_25">
<value type="value">1</value>
</key>
<key name="22_42">
<value type="value">1</value>
</key>
<key name="22_43">
<value type="value">1</value>
</key>
<key name="22_54">
<value type="value">1</value>
</key>
<!-- 33- -->
<key name="33_2">
<value type="value">1</value>
</key>
<key name="33_3">
<value type="value">2</value>
</key>
<key name="33_4">
<value type="value">1</value>
</key>
<key name="33_5">
<value type="value">2</value>
</key>
<key name="33_6">
<value type="value">2</value>
</key>
<key name="33_7">
<value type="value">1</value>
</key>
<key name="33_8">
<value type="value">1</value>
</key>
<key name="33_9">
<value type="value">1</value>
</key>
<key name="33_10">
<value type="value">1</value>
</key>
<key name="33_11">
<value type="value">1</value>
</key>
<!-- 60- -->
<key name="60_6">
<value type="value">2</value>
</key>
<key name="60_7">
<value type="value">1</value>
</key>
<key name="60_8">
<value type="value">1</value>
</key>
<key name="60_9">
<value type="value">1</value>
</key>
<key name="60_20">
<value type="value">1</value>
</key>
<key name="60_21">
<value type="value">1</value>
</key>
<key name="60_32">
<value type="value">1</value>
</key>
<key name="60_34">
<value type="value">1</value>
</key>
<key name="60_35">
<value type="value">1</value>
</key>
<key name="60_36">
<value type="value">1</value>
</key>
<!-- 100- -->
<key name="100_12">
<value type="value">103</value>
</key>
<key name="100_13">
<value type="value">31</value>
</key>
<key name="100_51">
<value type="value">-49</value>
</key>
<key name="100_108">
<value type="value">28871</value>
</key>
<key name="100_109">
<value type="value">13781</value>
</key>
<key name="100_178">
<value type="value">119</value>
</key>
<key name="100_179">
<value type="value">219</value>
</key>
<key name="100_190">
<value type="value">1009</value>
</key>
<key name="100_191">
<value type="value">-2</value>
</key>
<key name="100_192">
<value type="value">701</value>
</key>
<key name="100_193">
<value type="value">441</value>
</key>
<!-- 101- -->
<key name="101_63">
<value type="value">103</value>
</key>
<key name="101_205">
<value type="value">31</value>
</key>
<key name="101_100">
<value type="value">5</value>
</key>
<key name="101_101">
<value type="value">49</value>
</key>
<key name="101_102">
<value type="value">119</value>
</key>
<key name="101_105">
<value type="value">500</value>
</key>
<key name="101_106">
<value type="value">1</value>
</key>
<!-- 107- -->
<key name="107_3">
<value type="value">16.2</value>
</key>
<key name="107_77">
<value type="value">15.9</value>
</key>
<key name="107_78">
<value type="value">512.1</value>
</key>
<key name="107_79">
<value type="value">433.4</value>
</key>
<key name="107_90">
<value type="value">344.4</value>
</key>
<key name="107_130">
<value type="value">-0.44013</value>
</key>
<key name="107_131">
<value type="value">43.0</value>
</key>
<key name="107_132">
<value type="value">41.2</value>
</key>
<key name="107_141">
<value type="value">12.1</value>
</key>
<key name="107_200">
<value type="value">91</value>
</key>
<key name="107_201">
<value type="value">98.8</value>
</key>
<key name="107_202">
<value type="value">110</value>
</key>
<key name="107_203">
<value type="value">85.1</value>
</key>
<key name="107_204">
<value type="value">85.2</value>
</key>
<key name="107_205">
<value type="value">410</value>
</key>
<key name="107_206">
<value type="value">592</value>
</key>
<key name="107_207">
<value type="value">1.5</value>
</key>
<key name="107_208">
<value type="value">44.7</value>
</key>
<key name="107_209">
<value type="value">11.9</value>
</key>
<key name="107_210">
<value type="value">221.45</value>
</key>
<key name="107_211">
<value type="value">13.4</value>
</key>
<key name="107_212">
<value type="value">0.000402</value>
</key>
<!-- 109- -->
<key name="109_3">
<value type="value">16.2</value>
</key>
<key name="109_7">
<value type="value">15.9</value>
</key>
<key name="109_8">
<value type="value">880</value>
</key>
<key name="109_10">
<value type="value">344.4</value>
</key>
<key name="109_40">
<value type="value">41.2</value>
</key>
<key name="109_41">
<value type="value">12.1</value>
</key>
<key name="empty">
<value type="value">""</value>
</key>
</key_value_mappings>
</databus>
</core>

14
docker/conpot/dist/conpot.cfg → docker/conpot_IEC104/dist/conpot_IEC104.cfg vendored
View file

@ -1,16 +1,16 @@
[common]
sensorid = conpot
sensorid = conpot_IEC104
[session]
timeout = 30
[daemon]
user = conpot
group = conpot
user = conpot_IEC104
group = conpot_IEC104
[json]
enabled = True
filename = /var/log/conpot/conpot.json
filename = /var/log/conpot_IEC104/conpot_IEC104.json
[sqlite]
enabled = False
@ -20,9 +20,9 @@ enabled = False
device = /tmp/mysql.sock
host = localhost
port = 3306
db = conpot
username = conpot
passphrase = conpot
db = conpot_IEC104
username = conpot_IEC104
passphrase = conpot_IEC104
socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
[syslog]

0
docker/conpot/dist/requirements.txt → docker/conpot_IEC104/dist/requirements.txt vendored
View file

0
docker/conpot/doc/dashboard.png → docker/conpot_IEC104/doc/dashboard.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 284 KiB

After

Width:  |  Height:  |  Size: 284 KiB

18
docker/conpot_IEC104/docker-compose.yml Normal file
View file

@ -0,0 +1,18 @@
version: '2.1a'
networks:
conpot_IEC104_local:
services:
# Conpot service using IEC104 Template
conpot_IEC104:
container_name: conpot_IEC104
restart: always
networks:
- conpot_IEC104_local
ports:
- "2404:2404"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_IEC104/log:/var/log/conpot_IEC104

54
docker/conpot_default/Dockerfile Normal file
View file

@ -0,0 +1,54 @@
FROM alpine
MAINTAINER MO
# Include dist
ADD dist/ /root/dist/
# Setup apt
RUN apk -U add bash \
build-base \
file \
git \
libev \
libtool \
libxslt \
libxslt-dev \
mariadb-dev \
mariadb-client-libs \
pkgconfig \
python \
python-dev \
py-cffi && \
# Setup ConPot
git clone https://github.com/mushorg/conpot /opt/conpot_default/ && \
cd /opt/conpot_default/ && \
git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
cp /root/dist/requirements.txt /opt/conpot_default/ && \
python setup.py install && \
cd / && \
rm -rf /opt/conpot_default /tmp/* /var/tmp/* && \
# Setup user, groups and configs
addgroup -g 2000 conpot_default && \
adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_default && \
mkdir -p /etc/conpot_default /var/log/conpot_default && \
mv /root/dist/conpot.cfg /etc/conpot_default/conpot_default.cfg && \
mv /root/dist/default/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_default/templates/default/ && \
# Clean up
apk del build-base \
file \
git \
libev \
libtool \
libxslt-dev \
mariadb-dev \
pkgconfig \
python-dev \
py-cffi && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
# Run supervisor upon container start
CMD ["/usr/bin/conpot", "--template", "default", "--logfile", "/var/log/conpot_default/conpot_default.log", "--config", "/etc/conpot_default/conpot_default.cfg"]

15
docker/conpot_default/README.md Normal file
View file

@ -0,0 +1,15 @@
[![](https://images.microbadger.com/badges/version/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
# conpot
[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behavior of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.
The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
# ConPot Dashboard
![ConPot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/conpot/doc/dashboard.png)

58
docker/conpot_default/dist/conpot_default.cfg vendored Normal file
View file

@ -0,0 +1,58 @@
[common]
sensorid = conpot_default
[session]
timeout = 30
[daemon]
user = conpot_default
group = conpot_default
[json]
enabled = True
filename = /var/log/conpot_default/conpot_default.json
[sqlite]
enabled = False
[mysql]
enabled = False
device = /tmp/mysql.sock
host = localhost
port = 3306
db = conpot_default
username = conpot_default
passphrase = conpot_default
socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
[syslog]
enabled = False
device = /dev/log
host = localhost
port = 514
facility = local0
socket = dev ; udp (sends to host:port), dev (sends to device)
[hpfriends]
enabled = False
host = hpfriends.honeycloud.net
port = 20000
ident = 3Ykf9Znv
secret = 4nFRhpm44QkG9cvD
channels = ["conpot.events", ]
[taxii]
enabled = False
host = taxiitest.mitre.org
port = 80
inbox_path = /services/inbox/default/
use_https = False
[fetch_public_ip]
enabled = True
urls = ["http://whatismyip.akamai.com/", "http://wgetip.com/"]
[change_mac_addr]
enabled = False
iface = eth0
addr = 00:de:ad:be:ef:00

91
docker/conpot_default/dist/default/modbus/modbus.xml vendored Normal file
View file

@ -0,0 +1,91 @@
<modbus enabled="True" host="0.0.0.0" port="502">
<device_info>
<VendorName>Siemens</VendorName>
<ProductCode>SIMATIC</ProductCode>
<MajorMinorRevision>S7-200</MajorMinorRevision>
</device_info>
<mode>serial</mode>
<delay>100</delay>
<slaves>
<slave id="0">
<blocks>
<block name="memoryModbusSlave0BlockA">
<!-- COILS/DISCRETE_OUTPUTS aka. binary output, power on/power off
Here we map modbus addresses 1 to 127 to S7-200 PLC Addresses Q0.0 to Q15.7 -->
<type>COILS</type>
<starting_address>1</starting_address>
<size>128</size>
<content>memoryModbusSlave0BlockA</content>
</block>
<block name="memoryModbusSlave0BlockB">
<!-- CONTACTS/DISCRETE_INPUTS aka. binary input.
Map modbus addresses 10001-10032 to S7-200 PLC inputs starting from I0.0 -->
<type>DISCRETE_INPUTS</type>
<starting_address>10001</starting_address>
<size>32</size>
<content>memoryModbusSlave0BlockB</content>
</block>
</blocks>
</slave>
<slave id="255">
<blocks>
<block name="memoryModbusSlave255BlockA">
<!-- COILS/DISCRETE_OUTPUTS aka. binary output, power on/power off
Here we map modbus addresses 1 to 127 to S7-200 PLC Addresses Q0.0 to Q15.7 -->
<type>COILS</type>
<starting_address>1</starting_address>
<size>128</size>
<content>memoryModbusSlave255BlockA</content>
</block>
<block name="memoryModbusSlave255BlockB">
<!-- CONTACTS/DISCRETE_INPUTS aka. binary input.
Map modbus addresses 10001-10032 to S7-200 PLC inputs starting from I0.0 -->
<type>DISCRETE_INPUTS</type>
<starting_address>10001</starting_address>
<size>32</size>
<content>memoryModbusSlave255BlockB</content>
</block>
</blocks>
</slave>
<slave id="1">
<blocks>
<block name="memoryModbusSlave1BlockA">
<!-- COILS/DISCRETE_OUTPUTS aka. binary output, power on/power off
Here we map modbus addresses 1 to 127 to S7-200 PLC Addresses Q0.0 to Q15.7 -->
<type>COILS</type>
<starting_address>1</starting_address>
<size>128</size>
<content>memoryModbusSlave1BlockA</content>
</block>
<block name="memoryModbusSlave1BlockB">
<!-- CONTACTS/DISCRETE_INPUTS aka. binary input.
Map modbus addresses 10001-10032 to S7-200 PLC inputs starting from I0.0 -->
<type>DISCRETE_INPUTS</type>
<starting_address>10001</starting_address>
<size>32</size>
<content>memoryModbusSlave1BlockB</content>
</block>
</blocks>
</slave>
<slave id="2">
<!-- This slave does some measuring. (analog inputs).
Map modbus addresses 30001-30009 to S7 PLC analog input bits AIW0-AIW8 -->
<blocks>
<block name="memoryModbusSlave2BlockC">
<!-- Will be parsed with eval() -->
<type>ANALOG_INPUTS</type>
<starting_address>30001</starting_address>
<size>8</size>
<content>memoryModbusSlave2BlockC</content>
</block>
<block name="memoryModbusSlave2BlockD">
<!-- Maps to S7-200 PLC addresses HoldStart+8 -->
<type>HOLDING_REGISTERS</type>
<starting_address>40001</starting_address>
<size>8</size>
<content>memoryModbusSlave2BlockD</content>
</block>
</blocks>
</slave>
</slaves>
</modbus>

20
docker/conpot_default/dist/default/s7comm/s7comm.xml vendored Normal file
View file

@ -0,0 +1,20 @@
<s7comm enabled="True" host="0.0.0.0" port="102">
<system_status_lists>
<ssl id="W#16#xy1C" name="Component Identification">
<system_name id="W#16#0001">SystemName</system_name>
<module_name id="W#16#0002">SystemDescription</module_name>
<plant_ident id="W#16#0003">FacilityName</plant_ident>
<copyright id="W#16#0004">Copyright</copyright>
<serial id="W#16#0005">s7_id</serial>
<module_type_name id="W#16#0007">s7_module_type</module_type_name>
<oem_id id="W#16#000A">empty</oem_id>
<location id="W#16#000B">empty</location>
</ssl>
<ssl id="W#16#xy11" name="Module Identification">
<!-- Not really sure what these are supposed to contain -->
<module_identification id="W#16#0001">empty</module_identification>
<hardware_identification id="W#16#0006">empty</hardware_identification>
<firmware_identification id="W#16#0006">empty</firmware_identification>
</ssl>
</system_status_lists>
</s7comm>

38
docker/conpot_default/dist/default/snmp/snmp.xml vendored Normal file
View file

@ -0,0 +1,38 @@
<snmp enabled="True" host="0.0.0.0" port="161">
<config>
<!-- Configure individual delays for SNMP commands -->
<entity name="tarpit" command="get">0.1;0.2</entity>
<entity name="tarpit" command="set">0.1;0.2</entity>
<entity name="tarpit" command="next">0.0;0.1</entity>
<entity name="tarpit" command="bulk">0.2;0.4</entity>
<!-- Configure DoS evasion thresholds (req_per_ip/minute;req_overall/minute) -->
<entity name="evasion" command="get">120;240</entity>
<entity name="evasion" command="set">120;240</entity>
<entity name="evasion" command="next">240;600</entity>
<entity name="evasion" command="bulk">120;240</entity>
</config>
<mibs>
<mib name="SNMPv2-MIB">
<symbol name="sysDescr">
<!-- Value is key in databus -->
<value>SystemDescription</value>
</symbol>
<symbol name="sysUpTime">
<value>Uptime</value>
</symbol>
<symbol name="sysContact">
<value>sysContact</value>
</symbol>
<symbol name="sysName">
<value>sysName</value>
</symbol>
<symbol name="sysLocation">
<value>sysLocation</value>
</symbol>
<symbol name="sysServices">
<value>sysServices</value>
</symbol>
</mib>
</mibs>
</snmp>

78
docker/conpot_default/dist/default/template.xml vendored Normal file
View file

@ -0,0 +1,78 @@
<core>
<template>
<!-- General information about the template -->
<entity name="unit">S7-200</entity>
<entity name="vendor">Siemens</entity>
<entity name="description">Rough simulation of a basic Siemens S7-200 CPU with 2 slaves</entity>
<entity name="protocols">HTTP, MODBUS, s7comm, SNMP</entity>
<entity name="creator">the conpot team</entity>
</template>
<databus>
<!-- Core value that can be retrieved from the databus by key -->
<key_value_mappings>
<key name="FacilityName">
<value type="value">"Mouser Factory"</value>
</key>
<key name="SystemName">
<value type="value">"Technodrome"</value>
</key>
<key name="SystemDescription">
<value type="value">"Siemens, SIMATIC, S7-200"</value>
</key>
<key name="Uptime">
<value type="function">conpot.emulators.misc.uptime.Uptime</value>
</key>
<key name="sysObjectID">
<value type="value">"0.0"</value>
</key>
<key name="sysContact">
<value type="value">"Siemens AG"</value>
</key>
<key name="sysName">
<value type="value">"CP 443-1 EX40"</value>
</key>
<key name="sysLocation">
<value type="value">"Venus"</value>
</key>
<key name="sysServices">
<value type="value">"72"</value>
</key>
<key name="memoryModbusSlave0BlockA">
<value type="value">[random.randint(0,1) for b in range(0,128)]</value>
</key>
<key name="memoryModbusSlave0BlockB">
<value type="value">[random.randint(0,1) for b in range(0,32)]</value>
</key>
<key name="memoryModbusSlave255BlockA">
<value type="value">[random.randint(0,1) for b in range(0,128)]</value>
</key>
<key name="memoryModbusSlave255BlockB">
<value type="value">[random.randint(0,1) for b in range(0,32)]</value>
</key>
<key name="memoryModbusSlave1BlockA">
<value type="value">[random.randint(0,1) for b in range(0,128)]</value>
</key>
<key name="memoryModbusSlave1BlockB">
<value type="value">[random.randint(0,1) for b in range(0,32)]</value>
</key>
<key name="memoryModbusSlave2BlockC">
<value type="value">[random.randint(0,1) for b in range(0,8)]</value>
</key>
<key name="memoryModbusSlave2BlockD">
<value type="value">[0 for b in range(0,32)]</value>
</key>
<key name="Copyright">
<value type="value">"Original Siemens Equipment"</value>
</key>
<key name="s7_id">
<value type="value">"88111222"</value>
</key>
<key name="s7_module_type">
<value type="value">"IM151-8 PN/DP CPU"</value>
</key>
<key name="empty">
<value type="value">""</value>
</key>
</key_value_mappings>
</databus>
</core>

23
docker/conpot_default/dist/requirements.txt vendored Normal file
View file

@ -0,0 +1,23 @@
gevent>=1.0
pysnmp==4.3.5
pysmi==0.1.3
lxml
bottle
jinja2
beautifulsoup4
requests
sphinx==1.5.5
libtaxii>=1.1.0
MySQL-python
xlrd
crc16
enum
hpfeeds
modbus-tk
stix-validator
stix
cybox
bacpypes==0.13.8
pyghmi
mixbox
modbus-tk

BIN
docker/conpot_default/doc/dashboard.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 284 KiB

20
docker/conpot_default/docker-compose.yml Normal file
View file

@ -0,0 +1,20 @@
version: '2.1a'
networks:
conpot_default_local:
services:
# Conpot service using Default Siemens S7-200 Template
conpot_default:
container_name: conpot_default
restart: always
networks:
- conpot_default_local
ports:
- "102:102"
- "502:502"
- "161:161/udp"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_default/log:/var/log/conpot_default

54
docker/conpot_guardianast/Dockerfile Normal file
View file

@ -0,0 +1,54 @@
FROM alpine
MAINTAINER MO
# Include dist
ADD dist/ /root/dist/
# Setup apt
RUN apk -U add bash \
build-base \
file \
git \
libev \
libtool \
libxslt \
libxslt-dev \
mariadb-dev \
mariadb-client-libs \
pkgconfig \
python \
python-dev \
py-cffi && \
# Setup ConPot
git clone https://github.com/mushorg/conpot /opt/conpot_guardian_ast/ && \
cd /opt/conpot_guardian_ast/ && \
git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
cp /root/dist/requirements.txt /opt/conpot_guardian_ast/ && \
python setup.py install && \
cd / && \
rm -rf /opt/conpot_guardian_ast /tmp/* /var/tmp/* && \
# Setup user, groups and configs
addgroup -g 2000 conpot_guardian_ast && \
adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_guardian_ast && \
mkdir -p /etc/conpot_guardian_ast /var/log/conpot_guardian_ast && \
mv /root/dist/conpot.cfg /etc/conpot_guardian_ast/conpot_guardian_ast.cfg && \
mv /root/dist/guardian_ast/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_guardian_ast/templates/guardian_ast/ && \
# Clean up
apk del build-base \
file \
git \
libev \
libtool \
libxslt-dev \
mariadb-dev \
pkgconfig \
python-dev \
py-cffi && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
# Run supervisor upon container start
CMD ["/usr/bin/conpot", "--template", "guardian_ast", "--logfile", "/var/log/conpot_guardian_ast/conpot_guardian_ast.log", "--config", "/etc/conpot_guardian_ast/conpot_guardian_ast.cfg"]

15
docker/conpot_guardianast/README.md Normal file
View file

@ -0,0 +1,15 @@
[![](https://images.microbadger.com/badges/version/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
# conpot
[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behavior of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.
The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
# ConPot Dashboard
![ConPot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/conpot/doc/dashboard.png)

58
docker/conpot_guardianast/dist/conpot_guardianast.cfg vendored Normal file
View file

@ -0,0 +1,58 @@
[common]
sensorid = conpot_guardian_ast
[session]
timeout = 30
[daemon]
user = conpot_guardian_ast
group = conpot_guardian_ast
[json]
enabled = True
filename = /var/log/conpot_guardian_ast/conpot_guardian_ast.json
[sqlite]
enabled = False
[mysql]
enabled = False
device = /tmp/mysql.sock
host = localhost
port = 3306
db = conpot_guardian_ast
username = conpot_guardian_ast
passphrase = conpot_guardian_ast
socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
[syslog]
enabled = False
device = /dev/log
host = localhost
port = 514
facility = local0
socket = dev ; udp (sends to host:port), dev (sends to device)
[hpfriends]
enabled = False
host = hpfriends.honeycloud.net
port = 20000
ident = 3Ykf9Znv
secret = 4nFRhpm44QkG9cvD
channels = ["conpot.events", ]
[taxii]
enabled = False
host = taxiitest.mitre.org
port = 80
inbox_path = /services/inbox/default/
use_https = False
[fetch_public_ip]
enabled = True
urls = ["http://whatismyip.akamai.com/", "http://wgetip.com/"]
[change_mac_addr]
enabled = False
iface = eth0
addr = 00:de:ad:be:ef:00

6
docker/conpot_guardianast/dist/guardian_ast/guardian_ast/guardian_ast.xml vendored Normal file
View file

@ -0,0 +1,6 @@
<guardian_ast enabled="True" host="0.0.0.0" port="10001">
<device_info>
<vendor_name>Guardian</vendor_name>
<product_code>Guardian AST</product_code>
</device_info>
</guardian_ast>

93
docker/conpot_guardianast/dist/guardian_ast/template.xml vendored Normal file
View file

@ -0,0 +1,93 @@
<core>
<template>
<!-- General information about the template -->
<entity name="unit">Guardian AST tank-monitoring system</entity>
<entity name="vendor">Guardian</entity>
<entity name="description">Guardian AST tank-monitoring system</entity>
<entity name="protocols">guardian_ast</entity>
<entity name="creator">the conpot team</entity>
</template>
<databus>
<!-- Core value that can be retrieved from the databus by key -->
<key_value_mappings>
<key name="product1">
<value type="value">"SUPER"</value>
</key>
<key name="product2">
<value type="value">"UNLEAD"</value>
</key>
<key name="product3">
<value type="value">"DIESEL"</value>
</key>
<key name="product4">
<value type="value">"PREMIUM"</value>
</key>
<key name="station_name">
<value type="value">"STATOIL STATION"</value>
</key>
<key name="vol1">
<value type="value">random.randint(1000, 9050)</value>
</key>
<key name="vol2">
<value type="value">random.randint(1000, 9050)</value>
</key>
<key name="vol3">
<value type="value">random.randint(1000, 9050)</value>
</key>
<key name="vol4">
<value type="value">random.randint(1000, 9050)</value>
</key>
<key name="ullage1">
<value type="value">random.randint(3000, 9999)</value>
</key>
<key name="ullage2">
<value type="value">random.randint(3000, 9999)</value>
</key>
<key name="ullage3">
<value type="value">random.randint(3000, 9999)</value>
</key>
<key name="ullage4">
<value type="value">random.randint(3000, 9999)</value>
</key>
<key name="height1">
<value type="value">round(random.uniform(25.00, 75.99), 2)</value>
</key>
<key name="height2">
<value type="value">round(random.uniform(25.00, 75.99), 2)</value>
</key>
<key name="height3">
<value type="value">round(random.uniform(25.00, 75.99), 2)</value>
</key>
<key name="height4">
<value type="value">round(random.uniform(25.00, 75.99), 2)</value>
</key>
<key name="h2o1">
<value type="value">round(random.uniform(0.0, 9.99), 2)</value>
</key>
<key name="h2o2">
<value type="value">round(random.uniform(0.0, 9.99), 2)</value>
</key>
<key name="h2o3">
<value type="value">round(random.uniform(0.0, 9.99), 2)</value>
</key>
<key name="h2o4">
<value type="value">round(random.uniform(0.0, 9.99), 2)</value>
</key>
<key name="temp1">
<value type="value">round(random.uniform(50.0, 59.99), 2)</value>
</key>
<key name="temp2">
<value type="value">round(random.uniform(50.0, 59.99), 2)</value>
</key>
<key name="temp3">
<value type="value">round(random.uniform(50.0, 59.99), 2)</value>
</key>
<key name="temp4">
<value type="value">round(random.uniform(50.0, 59.99), 2)</value>
</key>
<key name="empty">
<value type="value">""</value>
</key>
</key_value_mappings>
</databus>
</core>

23
docker/conpot_guardianast/dist/requirements.txt vendored Normal file
View file

@ -0,0 +1,23 @@
gevent>=1.0
pysnmp==4.3.5
pysmi==0.1.3
lxml
bottle
jinja2
beautifulsoup4
requests
sphinx==1.5.5
libtaxii>=1.1.0
MySQL-python
xlrd
crc16
enum
hpfeeds
modbus-tk
stix-validator
stix
cybox
bacpypes==0.13.8
pyghmi
mixbox
modbus-tk

BIN
docker/conpot_guardianast/doc/dashboard.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 284 KiB

18
docker/conpot_guardianast/docker-compose.yml Normal file
View file

@ -0,0 +1,18 @@
version: '2.1a'
networks:
conpot_guardianast_local:
services:
# Conpot service using the Guardian AST Tank Monitoring System Template
conpot_guardianast:
container_name: conpot_guardianast
restart: always
networks:
- conpot_guardianast_local
ports:
- "10001:10001"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_guardianast/log:/var/log/conpot_guardianast

20
docker/conpot/Dockerfile → docker/conpot_kamstrup/Dockerfile
View file

@ -21,20 +21,20 @@ RUN apk -U add bash \
py-cffi && \
# Setup ConPot
git clone https://github.com/mushorg/conpot /opt/conpot/ && \
cd /opt/conpot/ && \
git clone https://github.com/mushorg/conpot /opt/conpot_kamstrup/ && \
cd /opt/conpot_kamstrup/ && \
git checkout d97a68a054e4fe42ff90293188a5702ce8ab09a3 && \
cp /root/dist/requirements.txt /opt/conpot/ && \
cp /root/dist/requirements.txt /opt/conpot_kamstrup/ && \
python setup.py install && \
cd / && \
rm -rf /opt/conpot /tmp/* /var/tmp/* && \
rm -rf /opt/conpot_kamstrup /tmp/* /var/tmp/* && \
# Setup user, groups and configs
addgroup -g 2000 conpot && \
adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot && \
mkdir -p /etc/conpot /var/log/conpot && \
mv /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
mv /root/dist/kamstrup_382/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/templates/kamstrup_382/ && \
addgroup -g 2000 conpot_kamstrup && \
adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_kamstrup && \
mkdir -p /etc/conpot_kamstrup /var/log/conpot_kamstrup && \
mv /root/dist/conpot.cfg /etc/conpot_kamstrup/conpot_kamstrup.cfg && \
mv /root/dist/kamstrup_382/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_kamstrup/templates/kamstrup_382/ && \
# Clean up
apk del build-base \
@ -51,4 +51,4 @@ RUN apk -U add bash \
rm -rf /var/cache/apk/*
# Run supervisor upon container start
CMD ["/usr/bin/conpot", "--template", "kamstrup_382", "--logfile", "/var/log/conpot/conpot.log", "--config", "/etc/conpot/conpot.cfg"]
CMD ["/usr/bin/conpot", "--template", "kamstrup_382", "--logfile", "/var/log/conpot_kamstrup/conpot_kamstrup.log", "--config", "/etc/conpot_kamstrup/conpot_kamstrup.cfg"]

15
docker/conpot_kamstrup/README.md Normal file
View file

@ -0,0 +1,15 @@
[![](https://images.microbadger.com/badges/version/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
# conpot
[ConPot](http://conpot.org/) is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behavior of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the [Honeynet Project](https://www.honeynet.org/) and on the shoulders of a couple of very big giants.
This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized conpot and will be used to setup the docker image.
The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
# ConPot Dashboard
![ConPot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/conpot/doc/dashboard.png)

58
docker/conpot_kamstrup/dist/conpot_kamstrup.cfg vendored Normal file
View file

@ -0,0 +1,58 @@
[common]
sensorid = conpot_kamstrup
[session]
timeout = 30
[daemon]
user = conpot_kamstrup
group = conpot_kamstrup
[json]
enabled = True
filename = /var/log/conpot_kamstrup/conpot_kamstrup.json
[sqlite]
enabled = False
[mysql]
enabled = False
device = /tmp/mysql.sock
host = localhost
port = 3306
db = conpot_kamstrup
username = conpot_kamstrup
passphrase = conpot_kamstrup
socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file)
[syslog]
enabled = False
device = /dev/log
host = localhost
port = 514
facility = local0
socket = dev ; udp (sends to host:port), dev (sends to device)
[hpfriends]
enabled = False
host = hpfriends.honeycloud.net
port = 20000
ident = 3Ykf9Znv
secret = 4nFRhpm44QkG9cvD
channels = ["conpot.events", ]
[taxii]
enabled = False
host = taxiitest.mitre.org
port = 80
inbox_path = /services/inbox/default/
use_https = False
[fetch_public_ip]
enabled = True
urls = ["http://whatismyip.akamai.com/", "http://wgetip.com/"]
[change_mac_addr]
enabled = False
iface = eth0
addr = 00:de:ad:be:ef:00

0
docker/conpot/dist/kamstrup_382/template.xml → docker/conpot_kamstrup/dist/kamstrup_382/template.xml vendored
View file

23
docker/conpot_kamstrup/dist/requirements.txt vendored Normal file
View file

@ -0,0 +1,23 @@
gevent>=1.0
pysnmp==4.3.5
pysmi==0.1.3
lxml
bottle
jinja2
beautifulsoup4
requests
sphinx==1.5.5
libtaxii>=1.1.0
MySQL-python
xlrd
crc16
enum
hpfeeds
modbus-tk
stix-validator
stix
cybox
bacpypes==0.13.8
pyghmi
mixbox
modbus-tk

BIN
docker/conpot_kamstrup/doc/dashboard.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 284 KiB

19
docker/conpot_kamstrup/docker-compose.yml Normal file
View file

@ -0,0 +1,19 @@
version: '2.1a'
networks:
conpot_kamstrup_local:
services:
# Conpot service using Kamstrup Template
conpot_kamstrup:
container_name: conpot_kamstrup
restart: always
networks:
- conpot_kamstrup_local
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_kamstrup/log:/var/log/conpot_kamstrup

55
etc/compose/all.yml
View file

@ -1,9 +1,12 @@
# T-Pot (Everything)
# For docker-compose ...
version: '2.2'
version: '2.2a'
networks:
conpot_local:
conpot_kamstrup_local:
conpot_default_local:
conpot_guardian_ast_local:
conpot_IEC104_local:
cowrie_local:
dionaea_local:
elasticpot_local:
@ -18,18 +21,56 @@ networks:
services:
# Conpot service
conpot:
container_name: conpot
# Conpot service - Kamstrup Template
conpot_kamstrup:
container_name: conpot_kamstrup
restart: always
networks:
- conpot_local
- conpot_kamstrup_local
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot/log:/var/log/conpot
- /data/conpot_kamstrup_local/log:/var/log/conpot_kamstrup_local
# Conpot service - Default Template
conpot_default:
container_name: conpot_default
restart: always
networks:
- conpot_default_local
ports:
- "102:102"
- "502:502"
- "161:161/udp
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_default_local/log:/var/log/conpot_default_local
# Conpot service - Guardian AST Template
conpot_guardian_ast:
container_name: conpot_guardian_ast
restart: always
networks:
- conpot_guardian_ast_local
ports:
- "10001:10001"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_guardian_ast_local/log:/var/log/conpot_guardian_ast_local
# Conpot service - IEC104 Template
conpot_IEC104:
container_name: conpot_IEC104
restart: always
networks:
- conpot_IEC104_local
ports:
- "2404:2404"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_IEC104_local/log:/var/log/conpot_IEC104_local
# Cowrie service
cowrie:

56
etc/compose/industrial.yml
View file

@ -1,9 +1,12 @@
# T-Pot (Industrial)
# For docker-compose ...
version: '2.2'
version: '2.2a'
networks:
conpot_local:
conpot_kamstrup_local:
conpot_default_local:
conpot_guardian_ast_local:
conpot_IEC104_local:
emobility_local:
ewsposter_local:
spiderfoot_local:
@ -11,18 +14,57 @@ networks:
services:
# Conpot service
conpot:
container_name: conpot
# Conpot service - Kamstrup Template
conpot_kamstrup:
container_name: conpot_kamstrup
restart: always
networks:
- conpot_local
- conpot_kamstrup_local
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot/log:/var/log/conpot
- /data/conpot_kamstrup_local/log:/var/log/conpot_kamstrup_local
# Conpot service - Default Template
conpot_default:
container_name: conpot_default
restart: always
networks:
- conpot_default_local
ports:
- "102:102"
- "502:502"
- "161:161/udp
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_default_local/log:/var/log/conpot_default_local
# Conpot service - Guardian AST Template
conpot_guardian_ast:
container_name: conpot_guardian_ast
restart: always
networks:
- conpot_guardian_ast_local
ports:
- "10001:10001"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_guardian_ast_local/log:/var/log/conpot_guardian_ast_local
# Conpot service - IEC104 Template
conpot_IEC104:
container_name: conpot_IEC104
restart: always
networks:
- conpot_IEC104_local
ports:
- "2404:2404"
image: "dtagdevsec/conpot:1710"
volumes:
- /data/conpot_IEC104_local/log:/var/log/conpot_IEC104_local
# ELK services
## Elasticsearch service

4
host/etc/systemd/tpot.service
View file

@ -37,6 +37,8 @@ ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 102,502,2404,10001 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p udp -m multiport --dports 69,161 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
# Compose T-Pot up
@ -52,6 +54,8 @@ ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
ExecStartPre=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 102,502,2404,10001 -j ACCEPT
ExecStartPre=/sbin/iptables -w -D INPUT -p udp -m multiport --dports 69,161 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
[Install]