prepare for honeypot changes

installer/etc/tpot/compose/all.yml

@@ -42,19 +42,24 @@ services:
      - "23:2223"
     image: "dtagdevsec/cowrie:1706"
     volumes:
-     - /data/cowrie:/data/cowrie
+     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
+     - /data/cowrie/keys:/home/cowrie/cowrie/etc
+     - /data/cowrie/log:/home/cowrie/cowrie/log
+     - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
  
 # Dionaea service
   dionaea:
     container_name: dionaea
     stdin_open: true
     restart: always
+    sysctls:
+     - net.ipv6.conf.all.disable_ipv6=1
     networks:
      - dionaea_local
     cap_add:
      - NET_BIND_SERVICE
     ports:
-     - "21:21" 
+     - "21:21"
      - "42:42"
      - "69:69/udp"
      - "8081:80"
@@ -64,15 +69,22 @@ services:
      - "1433:1433"
      - "1723:1723"
      - "1883:1883"
-     - "1900:1900"
-     - "3306:3306" 
+     - "1900:1900/udp"
+     - "3306:3306"
      - "5060:5060"
-     - "5061:5061"
      - "5060:5060/udp"
-     - "11211:11211"
+     - "5061:5061"
+     - "27017:27017"
     image: "dtagdevsec/dionaea:1706"
     volumes:
-     - /data/dionaea:/data/dionaea
+     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
+     - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
+     - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
+     - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
+     - /data/dionaea:/opt/dionaea/var/dionaea
+     - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
+     - /data/dionaea/log:/opt/dionaea/var/log
+     - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
 
 # Elasticpot service
   elasticpot:
@@ -84,7 +96,7 @@ services:
      - "9200:9200"
     image: "dtagdevsec/elasticpot:1706"
     volumes:
-     - /data/elasticpot:/data/elasticpot
+     - /data/elasticpot/log/elasticpot.log:/opt/ElasticpotPY/elasticpot.log
 
 # ELK services
 ## Elasticsearch service
@@ -182,8 +194,8 @@ services:
      - "80:80"
     image: "dtagdevsec/glastopf:1706"
     volumes:
-     - /data/glastopf:/data/glastopf
-     - /data/ews:/data/ews
+     - /data/glastopf/db:/opt/glastopf/db
+     - /data/glastopf/log:/opt/glastopf/log
 
 # Honeytrap service
   honeytrap:
@@ -194,8 +206,9 @@ services:
      - NET_ADMIN
     image: "dtagdevsec/honeytrap:1706"
     volumes:
-     - /data/honeytrap:/data/honeytrap
-     - /data/ews:/data/ews
+     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
+     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
+     - /data/honeytrap/log:/opt/honeytrap/var/log
 
 # Mailoney service
   mailoney:

installer/etc/tpot/compose/hp.yml

@@ -11,7 +11,7 @@ networks:
   mailoney_local:
 
 services:
-
+ 
 # Cowrie service
   cowrie:
     container_name: cowrie
@@ -25,19 +25,24 @@ services:
      - "23:2223"
     image: "dtagdevsec/cowrie:1706"
     volumes:
-     - /data/cowrie:/data/cowrie
-
+     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
+     - /data/cowrie/keys:/home/cowrie/cowrie/etc
+     - /data/cowrie/log:/home/cowrie/cowrie/log
+     - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
+ 
 # Dionaea service
   dionaea:
     container_name: dionaea
     stdin_open: true
     restart: always
+    sysctls:
+     - net.ipv6.conf.all.disable_ipv6=1
     networks:
      - dionaea_local
     cap_add:
      - NET_BIND_SERVICE
     ports:
-     - "21:21" 
+     - "21:21"
      - "42:42"
      - "69:69/udp"
      - "8081:80"
@@ -47,15 +52,22 @@ services:
      - "1433:1433"
      - "1723:1723"
      - "1883:1883"
-     - "1900:1900"
-     - "3306:3306" 
+     - "1900:1900/udp"
+     - "3306:3306"
      - "5060:5060"
-     - "5061:5061"
      - "5060:5060/udp"
-     - "11211:11211" 
+     - "5061:5061"
+     - "27017:27017"
     image: "dtagdevsec/dionaea:1706"
     volumes:
-     - /data/dionaea:/data/dionaea
+     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
+     - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
+     - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
+     - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
+     - /data/dionaea:/opt/dionaea/var/dionaea
+     - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
+     - /data/dionaea/log:/opt/dionaea/var/log
+     - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
 
 # Elasticpot service
   elasticpot:
@@ -67,7 +79,7 @@ services:
      - "9200:9200"
     image: "dtagdevsec/elasticpot:1706"
     volumes:
-     - /data/elasticpot:/data/elasticpot
+     - /data/elasticpot/log/elasticpot.log:/opt/ElasticpotPY/elasticpot.log
 
 # Ewsposter service
   ewsposter:
@@ -90,8 +102,8 @@ services:
      - "80:80"
     image: "dtagdevsec/glastopf:1706"
     volumes:
-     - /data/glastopf:/data/glastopf
-     - /data/ews:/data/ews
+     - /data/glastopf/db:/opt/glastopf/db
+     - /data/glastopf/log:/opt/glastopf/log
 
 # Honeytrap service
   honeytrap:
@@ -102,8 +114,9 @@ services:
      - NET_ADMIN
     image: "dtagdevsec/honeytrap:1706"
     volumes:
-     - /data/honeytrap:/data/honeytrap
-     - /data/ews:/data/ews
+     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
+     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
+     - /data/honeytrap/log:/opt/honeytrap/var/log
 
 # Mailoney service
   mailoney:

installer/etc/tpot/compose/industrial.yml

@@ -97,6 +97,7 @@ services:
     image: "dtagdevsec/emobility:1706"
     volumes:
      - /data/emobility:/data/eMobility
+     - /data/ews:/data/ews
 
 # Ewsposter service
   ewsposter:

installer/etc/tpot/compose/tpot.yml

@@ -27,19 +27,24 @@ services:
      - "23:2223"
     image: "dtagdevsec/cowrie:1706"
     volumes:
-     - /data/cowrie:/data/cowrie
+     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
+     - /data/cowrie/keys:/home/cowrie/cowrie/etc
+     - /data/cowrie/log:/home/cowrie/cowrie/log
+     - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
 
 # Dionaea service
   dionaea:
     container_name: dionaea
     stdin_open: true
     restart: always
+    sysctls:
+     - net.ipv6.conf.all.disable_ipv6=1
     networks:
      - dionaea_local
     cap_add:
      - NET_BIND_SERVICE
     ports:
-     - "21:21" 
+     - "21:21"
      - "42:42"
      - "69:69/udp"
      - "8081:80"
@@ -49,15 +54,22 @@ services:
      - "1433:1433"
      - "1723:1723"
      - "1883:1883"
-     - "1900:1900"
-     - "3306:3306" 
+     - "1900:1900/udp"
+     - "3306:3306"
      - "5060:5060"
-     - "5061:5061"
      - "5060:5060/udp"
-     - "11211:11211" 
+     - "5061:5061"
+     - "27017:27017"
     image: "dtagdevsec/dionaea:1706"
     volumes:
-     - /data/dionaea:/data/dionaea
+     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
+     - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
+     - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
+     - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
+     - /data/dionaea:/opt/dionaea/var/dionaea
+     - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
+     - /data/dionaea/log:/opt/dionaea/var/log
+     - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
 
 # Elasticpot service
   elasticpot:
@@ -69,7 +81,7 @@ services:
      - "9200:9200"
     image: "dtagdevsec/elasticpot:1706"
     volumes:
-     - /data/elasticpot:/data/elasticpot
+     - /data/elasticpot/log/elasticpot.log:/opt/ElasticpotPY/elasticpot.log
 
 # ELK services
 ## Elasticsearch service
@@ -152,8 +164,8 @@ services:
      - "80:80"
     image: "dtagdevsec/glastopf:1706"
     volumes:
-     - /data/glastopf:/data/glastopf
-     - /data/ews:/data/ews
+     - /data/glastopf/db:/opt/glastopf/db
+     - /data/glastopf/log:/opt/glastopf/log
 
 # Honeytrap service
   honeytrap:
@@ -164,8 +176,9 @@ services:
      - NET_ADMIN
     image: "dtagdevsec/honeytrap:1706"
     volumes:
-     - /data/honeytrap:/data/honeytrap
-     - /data/ews:/data/ews
+     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
+     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
+     - /data/honeytrap/log:/opt/honeytrap/var/log
 
 # Mailoney service
   mailoney:

installer/etc/tpot/systemd/tpot.service

@@ -32,9 +32,9 @@ ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
 # Forward all other connections to honeytrap / NFQUEUE
 ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
 ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT
-ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634,8125 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 21:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
-ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
 
@@ -47,9 +47,9 @@ ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
 # Remove only previously set iptables rules
 ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
 ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
-ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634,8125 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 21:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
-ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,27017 -j ACCEPT
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE