prepare for mailoney json logging

2025-04-19 21:52:27 +00:00 · 2020-01-22 12:17:30 +00:00 · 2020-01-22 12:17:30 +00:00 · f110eb08b0
commit f110eb08b0
parent a470a7b12f
3 changed files with 56 additions and 7 deletions
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -101,6 +101,7 @@ input {
 # Mailoney
  file {
    path => ["/data/mailoney/log/commands.log"]
+    codec => json
    type => "Mailoney"
  }

@ -344,18 +345,14 @@ filter {

 # Mailoney
  if [type] == "Mailoney" {
-    grok {
-      match => [ "message", "\A%{NAGIOSTIME}\[%{IPV4:src_ip}:%{INT:src_port:integer}] %{GREEDYDATA:smtp_input}" ]
+    date {
+      match => [ "timestamp", "ISO8601" ]
    }
    mutate {
      add_field => {
        "dest_port" => "25"
      }
    }
-    date {
-      match => [ "nagios_epoch", "UNIX" ]
-      remove_field => ["nagios_epoch"]
-    }
  }

 # Medpot
--- a/docker/mailoney/Dockerfile
+++ b/docker/mailoney/Dockerfile
@ -27,7 +27,7 @@ RUN apk -U --no-cache add \
                        pylibemu && \ 
 #
 # Install mailoney from git
-    git clone --depth=1 https://github.com/awhitehatter/mailoney /opt/mailoney && \
+    git clone --depth=1 https://github.com/t3chn0m4g3/mailoney /opt/mailoney && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 mailoney && \
--- a/docker/mailoney/Dockerfile.old
+++ b/docker/mailoney/Dockerfile.old
@ -0,0 +1,52 @@
+FROM alpine 
+#
+# Install packages
+RUN apk -U --no-cache add \
+            autoconf \
+            automake \
+            build-base \
+            git \
+            libcap \
+            libtool \
+            py-pip \
+            python \
+            python-dev && \
+#
+# Install libemu    
+    git clone --depth=1 https://github.com/buffer/libemu /root/libemu/ && \
+    cd /root/libemu/ && \
+    autoreconf -vi && \
+    ./configure && \
+    make && \
+    make install && \
+#
+# Install libemu python wrapper
+    pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir \ 
+                        hpfeeds \
+                        pylibemu && \ 
+#
+# Install mailoney from git
+    git clone --depth=1 https://github.com/awhitehatter/mailoney /opt/mailoney && \
+#
+# Setup user, groups and configs
+    addgroup -g 2000 mailoney && \
+    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 mailoney && \
+    chown -R mailoney:mailoney /opt/mailoney && \
+    setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \
+#
+# Clean up
+    apk del --purge autoconf \
+                    automake \
+                    build-base \
+                    git \
+                    py-pip \
+                    python-dev && \
+    rm -rf /root/* && \
+    rm -rf /var/cache/apk/*
+#
+# Set workdir and start mailoney
+STOPSIGNAL SIGINT
+USER mailoney:mailoney
+WORKDIR /opt/mailoney/
+CMD ["/usr/bin/python","mailoney.py","-i","0.0.0.0","-p","25","-s","mailrelay.local","-t","schizo_open_relay"]