telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

image builder, tweaking

Browse Source
This commit is contained in:
t3chn0m4g3
2022-03-24 18:54:56 +01:00
parent 14a9b09f74
commit 328139d9b9
18 changed files with 105 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
docker/ewsposter/Dockerfile Normal file
View File

@ -0,0 +1,55 @@
FROM alpine:3.15
#
# Include dist
COPY dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
build-base \
git \
libffi-dev \
libssl1.1 \
openssl-dev \
python3 \
python3-dev \
py3-cffi \
py3-cryptography \
py3-ipaddress \
py3-lxml \
py3-mysqlclient \
py3-openssl \
py3-requests \
py3-pip \
py3-setuptools \
py3-wheel && \
pip3 install --upgrade pip && \
pip3 install --no-cache-dir configparser hpfeeds3 influxdb influxdb-client xmljson && \
#
# Setup ewsposter
git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \
cd /opt/ewsposter && \
# git checkout 11ab4c8a0a1b63d4bca8c52c07f2eab520d0b257 && \
git checkout 17c08f3ae500d838c1528c9700e4430d5f6ad214 && \
mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \
#
# Setup user and groups
addgroup -g 2000 ews && \
adduser -S -H -u 2000 -D -g 2000 ews && \
chown -R ews:ews /opt/ewsposter && \
#
# Supply configs
mv /root/dist/ews.cfg /opt/ewsposter/ && \
# mv /root/dist/*.pem /opt/ewsposter/ && \
#
# Clean up
apk del build-base \
git \
openssl-dev \
python3-dev \
py-setuptools && \
rm -rf /root/* /var/cache/apk/* /opt/ewsposter/.git
#
# Run ewsposter
STOPSIGNAL SIGINT
USER ews:ews
CMD sleep 10 && exec /usr/bin/python3 -u /opt/ewsposter/ews.py -l $(shuf -i 10-60 -n 1)

164
docker/ewsposter/dist/ews.cfg vendored Normal file
View File

@ -0,0 +1,164 @@
[MAIN]
homedir = /opt/ewsposter/
spooldir = /opt/ewsposter/spool/
logdir = /opt/ewsposter/log/
del_malware_after_send = false
send_malware = false
sendlimit = 5000
contact = your_email_address
proxy = None
ip_int = None
ip_ext = None
[EWS]
ews = true
username = community-01-user
token = foth{a5maiCee8fineu7
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
ignorecert = false
[HPFEED]
hpfeed = %(EWS_HPFEEDS_ENABLE)s
host = %(EWS_HPFEEDS_HOST)s
port = %(EWS_HPFEEDS_PORT)s
channels = %(EWS_HPFEEDS_CHANNELS)s
ident = %(EWS_HPFEEDS_IDENT)s
secret= %(EWS_HPFEEDS_SECRET)s
# path/to/certificate for tls broker - or "false" for non-tls broker
tlscert = %(EWS_HPFEEDS_TLSCERT)s
# hpfeeds submission format: "ews" (xml) or "json"
hpfformat = %(EWS_HPFEEDS_FORMAT)s
[EWSJSON]
json = false
jsondir = /data/ews/json/
[INFLUXDB]
influxdb = false
host = http://localhost
port = 8086
username = <your username for influx 1.8>
password = <your password for influx 1.8>
token = <your token for influx 2.0>
bucket = <your bucket/database for 2.0/1.8>
org = <your org for influx 2.0>
[GLASTOPFV3]
glastopfv3 = false
nodeid = glastopfv3-community-01
sqlitedb = /data/glastopf/db/glastopf.db
malwaredir = /data/glastopf/data/files/
[COWRIE]
cowrie = true
nodeid = cowrie-community-01
logfile = /data/cowrie/log/cowrie.json
[DIONAEA]
dionaea = true
nodeid = dionaea-community-01
malwaredir = /data/dionaea/binaries/
sqlitedb = /data/dionaea/log/dionaea.sqlite
[HONEYTRAP]
honeytrap = true
nodeid = honeytrap-community-01
newversion = true
payloaddir = /data/honeytrap/attacks/
attackerfile = /data/honeytrap/log/attacker.log
[EMOBILITY]
eMobility = false
nodeid = emobility-community-01
logfile = /data/emobility/log/centralsystemEWS.log
[CONPOT]
conpot = true
nodeid = conpot-community-01
logfile = /data/conpot/log/conpot*.json
[ELASTICPOT]
elasticpot = true
nodeid = elasticpot-community-01
logfile = /data/elasticpot/log/elasticpot.json
[SURICATA]
suricata = false
nodeid = suricata-community-01
logfile = /data/suricata/log/eve.json
[MAILONEY]
mailoney = true
nodeid = mailoney-community-01
logfile = /data/mailoney/log/commands.log
[RDPY]
rdpy = true
nodeid = rdpy-community-01
logfile = /data/rdpy/log/rdpy.log
[VNCLOWPOT]
vnclowpot = false
nodeid = vnclowpot-community-01
logfile = /data/vnclowpot/log/vnclowpot.log
[HERALDING]
heralding = true
nodeid = heralding-community-01
logfile = /data/heralding/log/auth.csv
[CISCOASA]
ciscoasa = true
nodeid = ciscoasa-community-01
logfile = /data/ciscoasa/log/ciscoasa.log
[TANNER]
tanner = true
nodeid = tanner-community-01
logfile = /data/tanner/log/tanner_report.json
[GLUTTON]
glutton = true
nodeid = glutton-community-01
logfile = /data/glutton/log/glutton.log
[HONEYSAP]
honeysap = true
nodeid = honeysap-community-01
logfile = /data/honeysap/log/honeysap-external.log
[ADBHONEY]
adbhoney = true
nodeid = adbhoney-community-01
logfile = /data/adbhoney/log/adbhoney.json
[FATT]
fatt = false
nodeid = fatt-community-01
logfile = /data/fatt/log/fatt.log
[IPPHONEY]
ipphoney = true
nodeid = ipphoney-community-01
logfile = /data/ipphoney/log/ipphoney.json
[DICOMPOT]
dicompot = true
nodeid = dicompot-community-01
logfile = /data/dicompot/log/dicompot.log
[MEDPOT]
medpot = true
nodeid = medpot-community-01
logfile = /data/medpot/log/medpot.log
[HONEYPY]
honeypy = false
nodeid = honeypy-community-01
logfile = /data/honeypy/log/json.log
[CITRIX]
citrix = true
nodeid = citrix-community-01
logfile = /data/citrixhoneypot/logs/server.log

31
docker/ewsposter/docker-compose.yml Normal file
View File

@ -0,0 +1,31 @@
version: '2.3'
networks:
ewsposter_local:
services:
# Ewsposter service
ewsposter:
build: .
container_name: ewsposter
restart: always
# cpu_count: 1
# cpus: 0.75
networks:
- ewsposter_local
environment:
- EWS_HPFEEDS_ENABLE=false
- EWS_HPFEEDS_HOST=host
- EWS_HPFEEDS_PORT=port
- EWS_HPFEEDS_CHANNELS=channels
- EWS_HPFEEDS_IDENT=user
- EWS_HPFEEDS_SECRET=secret
- EWS_HPFEEDS_TLSCERT=/opt/ewsposter/ca.pem
- EWS_HPFEEDS_FORMAT=json
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/ewsposter:2203"
volumes:
- /data:/data
# - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip