mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
Begin of restructuring ...
- deprecate old release - set virtual version - we need tpot user / group, adding to installer - tweaking - do not use the dev branch, it will break stuff
This commit is contained in:
@ -0,0 +1,13 @@
|
||||
- name: Copy ews configuration file
|
||||
ansible.builtin.template:
|
||||
src: ews.cfg
|
||||
dest: /data/ews/conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Patching tpot.yml with custom ews configuration file
|
||||
ansible.builtin.lineinfile:
|
||||
path: /opt/tpot/etc/tpot.yml
|
||||
insertafter: "/opt/ewsposter/ews.ip"
|
||||
line: " - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg"
|
@ -0,0 +1,137 @@
|
||||
[MAIN]
|
||||
homedir = /opt/ewsposter/
|
||||
spooldir = /opt/ewsposter/spool/
|
||||
logdir = /opt/ewsposter/log/
|
||||
del_malware_after_send = false
|
||||
send_malware = true
|
||||
sendlimit = 500
|
||||
contact = your_email_address
|
||||
proxy =
|
||||
ip =
|
||||
|
||||
[EWS]
|
||||
ews = true
|
||||
username = your_username
|
||||
token = your_token
|
||||
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
|
||||
rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
|
||||
ignorecert = false
|
||||
|
||||
[HPFEED]
|
||||
hpfeed = %(EWS_HPFEEDS_ENABLE)s
|
||||
host = %(EWS_HPFEEDS_HOST)s
|
||||
port = %(EWS_HPFEEDS_PORT)s
|
||||
channels = %(EWS_HPFEEDS_CHANNELS)s
|
||||
ident = %(EWS_HPFEEDS_IDENT)s
|
||||
secret= %(EWS_HPFEEDS_SECRET)s
|
||||
# path/to/certificate for tls broker - or "false" for non-tls broker
|
||||
tlscert = %(EWS_HPFEEDS_TLSCERT)s
|
||||
# hpfeeds submission format: "ews" (xml) or "json"
|
||||
hpfformat = %(EWS_HPFEEDS_FORMAT)s
|
||||
|
||||
[EWSJSON]
|
||||
json = false
|
||||
jsondir = /data/ews/json/
|
||||
|
||||
[GLASTOPFV3]
|
||||
glastopfv3 = true
|
||||
nodeid = glastopfv3-{{ ansible_hostname }}
|
||||
sqlitedb = /data/glastopf/db/glastopf.db
|
||||
malwaredir = /data/glastopf/data/files/
|
||||
|
||||
[GLASTOPFV2]
|
||||
glastopfv2 = false
|
||||
nodeid =
|
||||
mysqlhost =
|
||||
mysqldb =
|
||||
mysqluser =
|
||||
mysqlpw =
|
||||
malwaredir =
|
||||
|
||||
[KIPPO]
|
||||
kippo = false
|
||||
nodeid =
|
||||
mysqlhost =
|
||||
mysqldb =
|
||||
mysqluser =
|
||||
mysqlpw =
|
||||
malwaredir =
|
||||
|
||||
[COWRIE]
|
||||
cowrie = true
|
||||
nodeid = cowrie-{{ ansible_hostname }}
|
||||
logfile = /data/cowrie/log/cowrie.json
|
||||
|
||||
[DIONAEA]
|
||||
dionaea = true
|
||||
nodeid = dionaea-{{ ansible_hostname }}
|
||||
malwaredir = /data/dionaea/binaries/
|
||||
sqlitedb = /data/dionaea/log/dionaea.sqlite
|
||||
|
||||
[HONEYTRAP]
|
||||
honeytrap = true
|
||||
nodeid = honeytrap-{{ ansible_hostname }}
|
||||
newversion = true
|
||||
payloaddir = /data/honeytrap/attacks/
|
||||
attackerfile = /data/honeytrap/log/attacker.log
|
||||
|
||||
[RDPDETECT]
|
||||
rdpdetect = false
|
||||
nodeid =
|
||||
iptableslog =
|
||||
targetip =
|
||||
|
||||
[EMOBILITY]
|
||||
eMobility = false
|
||||
nodeid = emobility-{{ ansible_hostname }}
|
||||
logfile = /data/emobility/log/centralsystemEWS.log
|
||||
|
||||
[CONPOT]
|
||||
conpot = true
|
||||
nodeid = conpot-{{ ansible_hostname }}
|
||||
logfile = /data/conpot/log/conpot*.json
|
||||
|
||||
[ELASTICPOT]
|
||||
elasticpot = true
|
||||
nodeid = elasticpot-{{ ansible_hostname }}
|
||||
logfile = /data/elasticpot/log/elasticpot.log
|
||||
|
||||
[SURICATA]
|
||||
suricata = true
|
||||
nodeid = suricata-{{ ansible_hostname }}
|
||||
logfile = /data/suricata/log/eve.json
|
||||
|
||||
[MAILONEY]
|
||||
mailoney = true
|
||||
nodeid = mailoney-{{ ansible_hostname }}
|
||||
logfile = /data/mailoney/log/commands.log
|
||||
|
||||
[RDPY]
|
||||
rdpy = true
|
||||
nodeid = rdpy-{{ ansible_hostname }}
|
||||
logfile = /data/rdpy/log/rdpy.log
|
||||
|
||||
[VNCLOWPOT]
|
||||
vnclowpot = true
|
||||
nodeid = vnclowpot-{{ ansible_hostname }}
|
||||
logfile = /data/vnclowpot/log/vnclowpot.log
|
||||
|
||||
[HERALDING]
|
||||
heralding = true
|
||||
nodeid = heralding-{{ ansible_hostname }}
|
||||
logfile = /data/heralding/log/auth.csv
|
||||
|
||||
[CISCOASA]
|
||||
ciscoasa = true
|
||||
nodeid = ciscoasa-{{ ansible_hostname }}
|
||||
logfile = /data/ciscoasa/log/ciscoasa.log
|
||||
|
||||
[TANNER]
|
||||
tanner = true
|
||||
nodeid = tanner-{{ ansible_hostname }}
|
||||
logfile = /data/tanner/log/tanner_report.json
|
||||
|
||||
[GLUTTON]
|
||||
glutton = true
|
||||
nodeid = glutton-{{ ansible_hostname }}
|
||||
logfile = /data/glutton/log/glutton.log
|
Reference in New Issue
Block a user