Merge cbcf7871ec into 0be973b4eb

docker/elk/elasticsearch/Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
-ENV ES_VER=8.18.3
+ENV ES_VER=8.18.4
 #
 # Include dist
 COPY dist/ /root/dist/

docker/elk/kibana/Dockerfile

@@ -1,5 +1,5 @@
 FROM node:20.19.2-alpine3.20
-ENV KB_VER=8.18.3
+ENV KB_VER=8.18.4
 #
 # Include dist
 COPY dist/ /root/dist/

docker/elk/logstash/Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
-ENV LS_VER=8.18.3
+ENV LS_VER=8.18.4
 #
 # Include dist
 COPY dist/ /root/dist/

docker/glutton/Dockerfile

@@ -17,12 +17,11 @@ RUN apk --no-cache -U upgrade && \
     cd /opt/ && \
     git clone https://github.com/mushorg/glutton && \
     cd /opt/glutton/ && \
-    git checkout b3b5944b79893ccb1da19e112571674841bbe124 && \
+    git checkout 1e534801825dfa517a97a4e1899bf85e9384e463 && \
-    cp /root/dist/system.go . && \
     make build && \
 	cp /root/dist/*.yaml /opt/glutton/config/
 #
-FROM alpine:3.20
+FROM alpine:3.22
 #
 COPY --from=builder /opt/glutton/bin /opt/glutton/bin
 COPY --from=builder /opt/glutton/config /opt/glutton/config
@@ -33,7 +32,7 @@ RUN apk -U --no-cache upgrade && \
 		libcap \
   		libpcap-dev && \
 		setcap cap_net_admin,cap_net_raw=+ep /opt/glutton/bin/server && \
-		setcap cap_net_admin,cap_net_raw=+ep /sbin/xtables-nft-multi && \
+		setcap cap_net_admin,cap_net_raw=+ep /usr/sbin/xtables-nft-multi && \
 		mkdir -p /var/log/glutton \
 		         /opt/glutton/payloads
 #

docker/glutton/dist/config.yaml

@@ -1,7 +1,7 @@
 ports:
   tcp: 5000
   udp: 5001
-  ssh: 2222
+  ssh: 64295
 
 rules_path: config/rules.yaml
 

docker/glutton/dist/rules.yaml

@@ -1,4 +1,6 @@
 rules:
+  - match: udp
+    type: drop
   - match: tcp dst port 23 or port 2323 or port 23231
     type: conn_handler
     target: telnet
@@ -29,8 +31,12 @@ rules:
   - match: tcp dst port 11211
     type: conn_handler
     target: memcache
+  - match: tcp dst port 3260
+    type: conn_handler
+    target: iscsi
+  - match: tcp dst port 27017
+    type: conn_handler
+    target: mongodb
   - match: tcp
     type: conn_handler
     target: tcp
-  - match: udp
-    type: drop

docker/glutton/dist/system.go

@@ -1,68 +0,0 @@
-package glutton
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"os"
-	"runtime"
-	"strings"
-	"time"
-
-	"github.com/glaslos/lsof"
-	"github.com/google/gopacket/pcap"
-)
-
-func countOpenFiles() (int, error) {
-	if runtime.GOOS == "linux" {
-		lines, err := lsof.ReadPID(os.Getpid())
-		return len(lines) - 1, err
-	}
-	return 0, errors.New("operating system type not supported for this command")
-}
-
-func (g *Glutton) startMonitor(quit chan struct{}) {
-	ticker := time.NewTicker(10 * time.Second)
-	go func() {
-		for {
-			select {
-			// case <-ticker.C:
-			// 	openFiles, err := countOpenFiles()
-			// 	if err != nil {
-			// 		fmt.Printf("Failed :%s", err)
-			// 	}
-			// 	runningRoutines := runtime.NumGoroutine()
-			// 	g.Logger.Info(fmt.Sprintf("running Go routines: %d, open files: %d", openFiles, runningRoutines))
-			case <-quit:
-				g.Logger.Info("monitoring stopped...")
-				ticker.Stop()
-				return
-			}
-		}
-	}()
-}
-
-func getNonLoopbackIPs(ifaceName string) ([]net.IP, error) {
-	nonLoopback := []net.IP{}
-
-	ifs, err := pcap.FindAllDevs()
-	if err != nil {
-		return nonLoopback, err
-	}
-
-	for _, iface := range ifs {
-		if strings.EqualFold(iface.Name, ifaceName) {
-			for _, addr := range iface.Addresses {
-				if !addr.IP.IsLoopback() && addr.IP.To4() != nil {
-					nonLoopback = append(nonLoopback, addr.IP)
-				}
-			}
-		}
-	}
-
-	if len(nonLoopback) == 0 {
-		return nonLoopback, fmt.Errorf("unable to find any non-loopback addresses for: %s", ifaceName)
-	}
-
-	return nonLoopback, nil
-}

docker/glutton/docker-compose.yml

@@ -13,7 +13,7 @@ services:
     network_mode: "host"
     cap_add:
      - NET_ADMIN
-    image: "dtagdevsec/glutton:24.04"
+    image: "ghcr.io/telekom-security/glutton:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/glutton/log:/var/log/glutton