Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 04:52:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Added custom ews.cfg Playbook

Browse source
This commit is contained in:
Sebastian Haderecker 2019-04-10 10:52:57 +00:00
parent 00e4043bca
commit fbf4ca00a3
3 changed files with 165 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cloud/ansible/custom_ews.yaml Normal file
View file

@ -0,0 +1,11 @@
# This playbook sets a custom EWS config on the T-Pot
- hosts: TPOT
remote_user: linux
become: yes
become_user: root
become_method: sudo
gather_facts: no
roles:
- custom_ews

17
cloud/ansible/roles/custom_ews/tasks/main.yaml Normal file
View file

@ -0,0 +1,17 @@
- name: Waiting for SSH connection
wait_for_connection:
timeout: 300
- name: Gathering Facts
setup:
- name: Install ews configuration file
template:
src: ../templates/ews.cfg
dest: /data/ews/conf
owner: root
group: root
mode: 0644
- name: Patching tpot.yml
raw: sed -i '/\/opt\/ewsposter\/ews.ip/a\\ \ \ \ \ - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg' /opt/tpot/etc/tpot.yml

137
cloud/ansible/roles/custom_ews/templates/ews.cfg Normal file
View file

@ -0,0 +1,137 @@
[MAIN]
homedir = /opt/ewsposter/
spooldir = /opt/ewsposter/spool/
logdir = /opt/ewsposter/log/
del_malware_after_send = false
send_malware = true
sendlimit = 500
contact = your_email_address
proxy =
ip =
[EWS]
ews = true
username = your_username
token = your_token
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
ignorecert = false
[HPFEED]
hpfeed = false
host = 0.0.0.0
port = 0
channels = 0
ident = 0
secret= 0
# path/to/certificate for tls broker - or "false" for non-tls broker
tlscert = false
# hpfeeds submission format: "ews" (xml) or "json"
hpfformat = json
[EWSJSON]
json = false
jsondir = /data/ews/json/
[GLASTOPFV3]
glastopfv3 = true
nodeid = glastopfv3-{{ HPNAME }}
sqlitedb = /data/glastopf/db/glastopf.db
malwaredir = /data/glastopf/data/files/
[GLASTOPFV2]
glastopfv2 = false
nodeid =
mysqlhost =
mysqldb =
mysqluser =
mysqlpw =
malwaredir =
[KIPPO]
kippo = false
nodeid =
mysqlhost =
mysqldb =
mysqluser =
mysqlpw =
malwaredir =
[COWRIE]
cowrie = true
nodeid = cowrie-{{ HPNAME }}
logfile = /data/cowrie/log/cowrie.json
[DIONAEA]
dionaea = true
nodeid = dionaea-{{ HPNAME }}
malwaredir = /data/dionaea/binaries/
sqlitedb = /data/dionaea/log/dionaea.sqlite
[HONEYTRAP]
honeytrap = true
nodeid = honeytrap-{{ HPNAME }}
newversion = true
payloaddir = /data/honeytrap/attacks/
attackerfile = /data/honeytrap/log/attacker.log
[RDPDETECT]
rdpdetect = false
nodeid =
iptableslog =
targetip =
[EMOBILITY]
eMobility = false
nodeid = emobility-{{ HPNAME }}
logfile = /data/emobility/log/centralsystemEWS.log
[CONPOT]
conpot = true
nodeid = conpot-{{ HPNAME }}
logfile = /data/conpot/log/conpot*.json
[ELASTICPOT]
elasticpot = true
nodeid = elasticpot-{{ HPNAME }}
logfile = /data/elasticpot/log/elasticpot.log
[SURICATA]
suricata = true
nodeid = suricata-{{ HPNAME }}
logfile = /data/suricata/log/eve.json
[MAILONEY]
mailoney = true
nodeid = mailoney-{{ HPNAME }}
logfile = /data/mailoney/log/commands.log
[RDPY]
rdpy = true
nodeid = rdpy-{{ HPNAME }}
logfile = /data/rdpy/log/rdpy.log
[VNCLOWPOT]
vnclowpot = true
nodeid = vnclowpot-{{ HPNAME }}
logfile = /data/vnclowpot/log/vnclowpot.log
[HERALDING]
heralding = true
nodeid = heralding-{{ HPNAME }}
logfile = /data/heralding/log/auth.csv
[CISCOASA]
ciscoasa = true
nodeid = ciscoasa-{{ HPNAME }}
logfile = /data/ciscoasa/log/ciscoasa.log
[TANNER]
tanner = true
nodeid = tanner-{{ HPNAME }}
logfile = /data/tanner/log/tanner_report.json
[GLUTTON]
glutton = true
nodeid = glutton-{{ HPNAME }}
logfile = /data/glutton/log/glutton.log