mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-25 17:54:44 +00:00 
			
		
		
		
	 de6735e309
			
		
	
	
		de6735e309
		
	
	
	
	
		
			
			- Define Settings in .hpfeeds_settings.sh - Settings get exported as env vars - Ansible looks them up and updates the values in the tpot.yml file - ews.cfg: Switched to env vars
		
			
				
	
	
		
			137 lines
		
	
	
	
		
			2.7 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
			
		
		
	
	
			137 lines
		
	
	
	
		
			2.7 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
| [MAIN]
 | |
| homedir = /opt/ewsposter/
 | |
| spooldir = /opt/ewsposter/spool/
 | |
| logdir = /opt/ewsposter/log/
 | |
| del_malware_after_send = false
 | |
| send_malware = true
 | |
| sendlimit = 500
 | |
| contact = your_email_address
 | |
| proxy =
 | |
| ip =
 | |
| 
 | |
| [EWS]
 | |
| ews = true
 | |
| username = your_username
 | |
| token = your_token
 | |
| rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
 | |
| rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
 | |
| ignorecert = false
 | |
| 
 | |
| [HPFEED]
 | |
| hpfeed = %(EWS_HPFEEDS_ENABLE)s
 | |
| host = %(EWS_HPFEEDS_HOST)s
 | |
| port = %(EWS_HPFEEDS_PORT)s
 | |
| channels = %(EWS_HPFEEDS_CHANNELS)s
 | |
| ident = %(EWS_HPFEEDS_IDENT)s
 | |
| secret= %(EWS_HPFEEDS_SECRET)s
 | |
| # path/to/certificate for tls broker - or "false" for non-tls broker
 | |
| tlscert = %(EWS_HPFEEDS_TLSCERT)s
 | |
| # hpfeeds submission format: "ews" (xml) or "json"
 | |
| hpfformat = %(EWS_HPFEEDS_FORMAT)s
 | |
| 
 | |
| [EWSJSON]
 | |
| json = false
 | |
| jsondir = /data/ews/json/
 | |
| 
 | |
| [GLASTOPFV3]
 | |
| glastopfv3 = true
 | |
| nodeid = glastopfv3-{{ HPNAME }}
 | |
| sqlitedb = /data/glastopf/db/glastopf.db
 | |
| malwaredir = /data/glastopf/data/files/
 | |
| 
 | |
| [GLASTOPFV2]
 | |
| glastopfv2 = false
 | |
| nodeid =
 | |
| mysqlhost =
 | |
| mysqldb =
 | |
| mysqluser =
 | |
| mysqlpw =
 | |
| malwaredir =
 | |
| 
 | |
| [KIPPO]
 | |
| kippo = false
 | |
| nodeid =
 | |
| mysqlhost =
 | |
| mysqldb =
 | |
| mysqluser =
 | |
| mysqlpw =
 | |
| malwaredir =
 | |
| 
 | |
| [COWRIE]
 | |
| cowrie = true
 | |
| nodeid = cowrie-{{ HPNAME }}
 | |
| logfile = /data/cowrie/log/cowrie.json
 | |
| 
 | |
| [DIONAEA]
 | |
| dionaea = true
 | |
| nodeid = dionaea-{{ HPNAME }}
 | |
| malwaredir = /data/dionaea/binaries/
 | |
| sqlitedb = /data/dionaea/log/dionaea.sqlite
 | |
| 
 | |
| [HONEYTRAP]
 | |
| honeytrap = true
 | |
| nodeid = honeytrap-{{ HPNAME }}
 | |
| newversion = true
 | |
| payloaddir = /data/honeytrap/attacks/
 | |
| attackerfile = /data/honeytrap/log/attacker.log
 | |
| 
 | |
| [RDPDETECT]
 | |
| rdpdetect = false
 | |
| nodeid =
 | |
| iptableslog =
 | |
| targetip =
 | |
| 
 | |
| [EMOBILITY]
 | |
| eMobility = false
 | |
| nodeid = emobility-{{ HPNAME }}
 | |
| logfile = /data/emobility/log/centralsystemEWS.log
 | |
| 
 | |
| [CONPOT]
 | |
| conpot = true
 | |
| nodeid = conpot-{{ HPNAME }}
 | |
| logfile = /data/conpot/log/conpot*.json
 | |
| 
 | |
| [ELASTICPOT]
 | |
| elasticpot = true
 | |
| nodeid = elasticpot-{{ HPNAME }}
 | |
| logfile = /data/elasticpot/log/elasticpot.log
 | |
| 
 | |
| [SURICATA]
 | |
| suricata = true
 | |
| nodeid = suricata-{{ HPNAME }}
 | |
| logfile = /data/suricata/log/eve.json
 | |
| 
 | |
| [MAILONEY]
 | |
| mailoney = true
 | |
| nodeid = mailoney-{{ HPNAME }}
 | |
| logfile = /data/mailoney/log/commands.log
 | |
| 
 | |
| [RDPY]
 | |
| rdpy = true
 | |
| nodeid = rdpy-{{ HPNAME }}
 | |
| logfile = /data/rdpy/log/rdpy.log
 | |
| 
 | |
| [VNCLOWPOT]
 | |
| vnclowpot = true
 | |
| nodeid = vnclowpot-{{ HPNAME }}
 | |
| logfile = /data/vnclowpot/log/vnclowpot.log
 | |
| 
 | |
| [HERALDING]
 | |
| heralding = true
 | |
| nodeid = heralding-{{ HPNAME }}
 | |
| logfile = /data/heralding/log/auth.csv
 | |
| 
 | |
| [CISCOASA]
 | |
| ciscoasa = true
 | |
| nodeid = ciscoasa-{{ HPNAME }}
 | |
| logfile = /data/ciscoasa/log/ciscoasa.log
 | |
| 
 | |
| [TANNER]
 | |
| tanner = true
 | |
| nodeid = tanner-{{ HPNAME }}
 | |
| logfile = /data/tanner/log/tanner_report.json
 | |
| 
 | |
| [GLUTTON]
 | |
| glutton = true
 | |
| nodeid = glutton-{{ HPNAME }}
 | |
| logfile = /data/glutton/log/glutton.log
 |