Begin integration of honeyaml

2025-07-02 01:27:27 -04:00 · 2024-10-18 21:59:29 +02:00
parent c7e6f5a66f
commit 05461d6925
18 changed files with 237 additions and 7 deletions
--- a/docker/_builder/docker-compose.yml
+++ b/docker/_builder/docker-compose.yml
@ -162,6 +162,15 @@ services:
      context: ../heralding/
      <<: *common-build

+# Honeyaml
+  honeyaml:
+    image: ${TPOT_DOCKER_REPO}/honeyaml:${TPOT_VERSION}
+    build:
+      tags:
+        - ${TPOT_GHCR_REPO}/honeyaml:${TPOT_VERSION}
+      context: ../honeyaml/
+      <<: *common-build
+
 # Honeypots
  honeypots:
    image: ${TPOT_DOCKER_REPO}/honeypots:${TPOT_VERSION}
--- a/docker/elk/logstash/dist/http_output.conf
+++ b/docker/elk/logstash/dist/http_output.conf
@ -133,6 +133,13 @@ input {
    type => "Heralding"
  }

+# Honeyaml
+  file {
+    path => ["/data/honeyaml/log/honeyaml.log"]
+    codec => json
+    type => "Honeyaml"
+  }
+
 # Honeypots
  file {
    path => ["/data/honeypots/log/*.log"]
@ -540,6 +547,13 @@ filter {
    }
  }

+# Honeyaml
+  if [type] == "Honeyaml" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Honeypots
  if [type] == "Honeypots" {
    date {
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -133,6 +133,13 @@ input {
    type => "Heralding"
  }

+# Honeyaml
+  file {
+    path => ["/data/honeyaml/log/honeyaml.log"]
+    codec => json
+    type => "Honeyaml"
+  }
+
 # Honeypots
  file {
    path => ["/data/honeypots/log/*.log"]
@ -540,6 +547,13 @@ filter {
    }
  }

+# Honeyaml
+  if [type] == "Honeyaml" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Honeypots
  if [type] == "Honeypots" {
    date {
--- a/docker/elk/map/Dockerfile
+++ b/docker/elk/map/Dockerfile
@ -13,7 +13,7 @@ RUN apk --no-cache -U add \
 # Install from GitHub and setup
    mkdir -p /opt && \
    cd /opt/ && \
-    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.4 && \
+    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.5 && \
    cd t-pot-attack-map && \
    pip3 install --break-system-packages --upgrade pip && \
    pip3 install --break-system-packages -r requirements.txt && \
--- a/docker/go-pot/Dockerfile
+++ b/docker/go-pot/Dockerfile
@ -22,6 +22,8 @@ addgroup -g 2000 go-pot
 adduser -S -s /bin/ash -u 2000 -D -g 2000 go-pot
 EOF
 #
+STOPSIGNAL SIGINT
+USER go-pot:go-pot
 WORKDIR /opt/go-pot
 CMD ["start", "--host", "0.0.0.0", "--config-file", "config.yml"]
 ENTRYPOINT ["./go-pot"]
--- a/docker/honeyaml/Dockerfile
+++ b/docker/honeyaml/Dockerfile
@ -0,0 +1,40 @@
+FROM rust:latest AS builder
+#
+# Detect architecture and set target accordingly
+RUN arch=$(arch) && \
+    if [ "$arch" = "x86_64" ]; then \
+        rustup target add x86_64-unknown-linux-musl; \
+        echo "TARGET_ARCH=x86_64-unknown-linux-musl" > /target_arch.env; \
+    elif [ "$arch" = "aarch64" ]; then \
+        rustup target add aarch64-unknown-linux-musl; \
+        echo "TARGET_ARCH=aarch64-unknown-linux-musl" > /target_arch.env; \
+    else \
+        echo "Unsupported architecture: $arch"; \
+        exit 1; \
+    fi
+#
+RUN apt update && apt install -y git musl-tools musl-dev
+RUN update-ca-certificates
+RUN git clone https://github.com/t3chn0m4g3/honeyaml /opt/honeyaml
+#
+WORKDIR /opt/honeyaml
+# Load target architecture from file and build
+RUN . /target_arch.env && \
+    cargo build --target "$TARGET_ARCH" --release && \
+    cp target/"$TARGET_ARCH"/release/honeyaml /opt/honeyaml/
+#
+FROM alpine:3.20
+#
+COPY --from=builder /opt/honeyaml/honeyaml /opt/honeyaml/
+COPY --from=builder /opt/honeyaml/api.yml /opt/honeyaml/
+#
+# Setup user, groups and configs
+RUN <<EOF
+addgroup -g 2000 honeyaml
+adduser -S -s /bin/ash -u 2000 -D -g 2000 honeyaml
+EOF
+#
+STOPSIGNAL SIGINT
+USER honeyaml:honeyaml
+WORKDIR /opt/honeyaml
+CMD ["./honeyaml", "-d", "/opt/honeyaml/log"]
--- a/docker/honeyaml/docker-compose.yml
+++ b/docker/honeyaml/docker-compose.yml
@ -0,0 +1,20 @@
+networks:
+  honeyaml_local:
+
+services:
+
+# Honeyaml service
+  honeyaml:
+    build: .
+    container_name: honeyaml
+    restart: always
+#    cpu_count: 1
+#    cpus: 0.25
+    networks:
+     - honeyaml_local
+    ports:
+      - "8080:8080"
+    image: dtagdevsec/honeyaml:24.04
+    read_only: true
+    volumes:
+     - $HOME/tpotce/data/honeyaml/log/:/opt/honeyaml/log/
--- a/docker/tpotinit/dist/bin/clean.sh
+++ b/docker/tpotinit/dist/bin/clean.sh
@ -241,6 +241,14 @@ fuHERALDING () {
  chown tpot:tpot /data/heralding -R
 }

+# Let's create a function to clean up and prepare honeyaml data
+fuHONEYAML () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeyaml/*; fi
+  mkdir -vp /data/honeyaml/log
+  chmod 770 -R /data/honeyaml
+  chown tpot:tpot -R /data/honeyaml
+}
+
 # Let's create a function to clean up and prepare honeypots data
 fuHONEYPOTS () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeypots/*; fi
@ -414,6 +422,7 @@ fuGLUTTON
 fuGOPOT
 fuHERALDING
 fuHELLPOT
+fuHONEYAML
 fuHONEYSAP
 fuHONEYPOTS
 fuHONEYTRAP
--- a/docker/tpotinit/dist/etc/logrotate/logrotate.conf
+++ b/docker/tpotinit/dist/etc/logrotate/logrotate.conf
@ -26,6 +26,7 @@
 /data/heralding/log/*.log
 /data/heralding/log/*.csv
 /data/heralding/log/*.json
+/data/honeyaml/log/*.log
 /data/honeypots/log/*.log
 /data/honeysap/log/*.log
 /data/honeytrap/log/*.log