From 0bca794fe758aba3e9e254d1d19d04600d7c53b7 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Mon, 20 Dec 2021 18:40:38 +0000
Subject: [PATCH] bump log4pot to latest master

rebuild on ubuntu for payload download support
---
 docker/log4pot/Dockerfile         | 48 ++++++++++++++++++++-----------
 docker/log4pot/docker-compose.yml |  6 +++-
 etc/compose/log4j.yml             |  6 +++-
 iso/installer/install.sh          |  2 +-
 update.sh                         |  1 +
 5 files changed, 44 insertions(+), 19 deletions(-)

diff --git a/docker/log4pot/Dockerfile b/docker/log4pot/Dockerfile
index 1626f7d8..3d6aab31 100644
--- a/docker/log4pot/Dockerfile
+++ b/docker/log4pot/Dockerfile
@@ -1,42 +1,58 @@
-FROM alpine:3.14
+FROM ubuntu:20.04
+ENV DEBIAN_FRONTEND noninteractive
 #
 # Install packages
-RUN apk -U add \
-             build-base \
+RUN apt-get update && \
+    apt-get update -y && \
+    apt-get dist-upgrade -y && \
+    apt-get install -y \
+             build-essential \
 	     cargo \
+	     cleo \
              git \
-	     libcap \
+	     libcap2 \
+	     libcap2-bin \
+	     libcurl4 \
+	     libcurl4-nss-dev \
+	     libffi7 \
 	     libffi-dev \
-	     openssl-dev \
+	     libssl-dev \
+	     python3-pip \
              python3 \
              python3-dev \
-             rust && \
-    apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing poetry && \
+             rust-all && \
+     pip3 install --upgrade pip && \
+     pip3 install poetry pycurl && \
 #	     
 # Install log4pot from GitHub and setup
     mkdir -p /opt /var/log/log4pot && \
     cd /opt/ && \
     git clone https://github.com/thomaspatzke/Log4Pot && \
     cd Log4Pot && \
-    git checkout 4269bf4a91457328fb64c3e7941cb2f520e5e911 && \
+#    git checkout 4269bf4a91457328fb64c3e7941cb2f520e5e911 && \
+    git checkout 4e9bac32605e4d2dd4bbc6df56365988b4815c4a && \
     sed -i 's#"type": logtype,#"reason": logtype,#g' log4pot.py && \
     poetry install && \
-    setcap cap_net_bind_service=+ep /usr/bin/python3.9 && \
+    setcap cap_net_bind_service=+ep /usr/bin/python3.8 && \
 #
 # Setup user, groups and configs
-    addgroup -g 2000 log4pot && \
-    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 log4pot && \
+    addgroup --gid 2000 log4pot && \
+    adduser --system --no-create-home --shell /bin/bash -uid 2000 --disabled-password --disabled-login -gid 2000 log4pot && \
     chown log4pot:log4pot -R /opt/Log4Pot && \
 #
 # Clean up
-    apk del --purge build-base \
+     apt-get purge -y build-essential \
+                    cargo \
                     git \
-		    python3-dev && \
-    rm -rf /root/* && \
-    rm -rf /var/cache/apk/*
+		    libffi-dev \
+		    libssl-dev \
+		    python3-dev \
+		    rust-all && \
+    apt-get autoremove -y --purge && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 #
 # Start log4pot
 STOPSIGNAL SIGINT
 USER log4pot:log4pot
 WORKDIR /opt/Log4Pot/
-CMD ["/usr/bin/python3","log4pot.py","--port","8080","--log","/var/log/log4pot/log4pot.log"]
+CMD ["/usr/bin/python3","log4pot.py","--port","8080","--log","/var/log/log4pot/log/log4pot.log","--download-dir","/var/log/log4pot/payloads/","--download-class","--download-payloads"]
diff --git a/docker/log4pot/docker-compose.yml b/docker/log4pot/docker-compose.yml
index 5a6505c7..408129e0 100644
--- a/docker/log4pot/docker-compose.yml
+++ b/docker/log4pot/docker-compose.yml
@@ -10,6 +10,8 @@ services:
     build: .
     container_name: log4pot
     restart: always
+    tmpfs:
+     - /tmp:uid=2000,gid=2000
     networks:
      - log4pot_local
     ports:
@@ -17,7 +19,9 @@ services:
      - "443:8080"
      - "8080:8080"
      - "9200:8080"
+     - "25565:8080"
     image: "dtagdevsec/log4pot:2006"
     read_only: true
     volumes:
-     - /data/log4pot/log:/var/log/log4pot
+     - /data/log4pot/log:/var/log/log4pot/log
+     - /data/log4pot/payloads:/var/log/log4pot/payloads
diff --git a/etc/compose/log4j.yml b/etc/compose/log4j.yml
index 79844ae8..30dd9ccd 100644
--- a/etc/compose/log4j.yml
+++ b/etc/compose/log4j.yml
@@ -18,6 +18,8 @@ services:
   log4pot:
     container_name: log4pot
     restart: always
+    tmpfs:
+     - /tmp:uid=2000,gid=2000
     networks:
      - log4pot_local
     ports:
@@ -25,10 +27,12 @@ services:
      - "443:8080"
      - "8080:8080"
      - "9200:8080"
+     - "25565:8080"
     image: "dtagdevsec/log4pot:2006"
     read_only: true
     volumes:
-     - /data/log4pot/log:/var/log/log4pot
+     - /data/log4pot/log:/var/log/log4pot/log
+     - /data/log4pot/payloads:/var/log/log4pot/payloads
 
 # Honeytrap service
   honeytrap:
diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index 44c0bc14..9cab7d1e 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -827,7 +827,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/honeypy/log \
          /data/honeysap/log \
          /data/ipphoney/log \
-         /data/log4pot/log \
+         /data/log4pot/{log,payloads} \
          /data/mailoney/log \
          /data/medpot/log \
          /data/nginx/{log,heimdall} \
diff --git a/update.sh b/update.sh
index abd009f0..118edde1 100755
--- a/update.sh
+++ b/update.sh
@@ -248,6 +248,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
          /data/honeypy/log \
          /data/honeysap/log \
          /data/ipphoney/log \
+         /data/log4pot/{log,payloads} \
          /data/log4pot/log \
          /data/mailoney/log \
          /data/medpot/log \