Add Beelzebub

2025-07-02 01:27:27 -04:00 · 2024-09-04 21:45:00 +02:00
parent f41c15ec10
commit 429d74472c
16 changed files with 439 additions and 7 deletions
--- a/docker/beelzebub/Dockerfile
+++ b/docker/beelzebub/Dockerfile
@ -0,0 +1,35 @@
+FROM golang:alpine AS builder
+#
+ENV GO111MODULE=on \
+    CGO_ENABLED=0 \
+    GOOS=linux
+#
+RUN apk add git
+#
+WORKDIR /root
+#
+# Build beelzebub
+RUN git clone https://github.com/t3chn0m4g3/beelzebub
+WORKDIR /root/beelzebub
+RUN go mod download
+RUN go build -o main .
+#
+FROM alpine:3.20
+#
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /root/beelzebub/main /opt/beelzebub/
+COPY --from=builder /root/beelzebub/configurations /opt/beelzebub/configurations
+#
+# Setup user, groups and configs
+RUN sed -i "s#logsPath: ./log#logsPath: ./configurations/log/beelzebub.json#g" /opt/beelzebub/configurations/beelzebub.yaml && \
+    addgroup -g 2000 beelzebub && \
+    adduser -S -s /bin/ash -u 2000 -D -g 2000 beelzebub && \
+    mkdir -p /beelzebub/configurations/key \
+             /beelzebub/configurations/log && \
+    chown beelzebub:beelzebub -R /opt/beelzebub/configurations && \
+    chmod 0770 -R /opt/beelzebub/configurations
+#
+# Start beelzebub
+WORKDIR /opt/beelzebub
+USER beelzebub:beelzebub
+CMD ["./main"]
--- a/docker/beelzebub/docker-compose.yml
+++ b/docker/beelzebub/docker-compose.yml
@ -0,0 +1,30 @@
+networks:
+  beelzebub_local:
+
+services:
+
+# Beelzebub service
+  beelzebub:
+    build: .
+    container_name: beelzebub
+    restart: always
+#    cpu_count: 1
+#    cpus: 0.25
+    networks:
+     - beelzebub_local
+    ports:
+      - "22:22"
+      - "2222:2222"
+      - "8080:8080"
+      - "8081:8081"
+      - "80:80"
+      - "3306:3306"
+    environment:
+      LLMMODEL: "ollama"
+      LLMHOST: "http://ollama.local:11434/api/chat"
+      OLLAMAMODEL: "llama3.1"
+    image: "dtagdevsec/beelzebub:24.04"
+    read_only: true
+    volumes:
+     - $HOME/tpotce/data/beelzebub/key:/opt/beelzebub/configurations/key
+     - $HOME/tpotce/data/beelzebub/log:/opt/beelzebub/configurations/log
--- a/docker/elk/logstash/dist/http_output.conf
+++ b/docker/elk/logstash/dist/http_output.conf
@ -29,6 +29,13 @@ input {
    type => "Adbhoney"
  }

+# Beelzebub
+  file {
+    path => ["/data/beelzebub/log/beelzebub.json"]
+    codec => json
+    type => "Beelzebub"
+  }
+
 # Ciscoasa
  file {
    path => ["/data/ciscoasa/log/ciscoasa.log"]
@ -253,6 +260,13 @@ filter {
    }
  }

+# Beelzebub
+  if [type] == "Beelzebub" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Ciscoasa
  if [type] == "Ciscoasa" {
    kv {
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -29,6 +29,13 @@ input {
    type => "Adbhoney"
  }

+# Beelzebub
+  file {
+    path => ["/data/beelzebub/log/beelzebub.json"]
+    codec => json
+    type => "Beelzebub"
+  }
+
 # Ciscoasa
  file {
    path => ["/data/ciscoasa/log/ciscoasa.log"]
@ -253,6 +260,13 @@ filter {
    }
  }

+# Beelzebub
+  if [type] == "Beelzebub" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Ciscoasa
  if [type] == "Ciscoasa" {
    kv {
--- a/docker/elk/map/Dockerfile
+++ b/docker/elk/map/Dockerfile
@ -13,7 +13,7 @@ RUN apk -U --no-cache add \
 # Install from GitHub and setup
    mkdir -p /opt && \
    cd /opt/ && \
-    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.0 && \
+    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.1 && \
    cd t-pot-attack-map && \
    pip3 install --break-system-packages --upgrade pip && \
    pip3 install --break-system-packages -r requirements.txt && \
--- a/docker/tpotinit/dist/bin/clean.sh
+++ b/docker/tpotinit/dist/bin/clean.sh
@ -87,7 +87,7 @@ fuTPOTINIT () {
  chown tpot:tpot /tmp/etc/ -R
 }

-# Let's create a function to clean up and prepare honeytrap data
+# Let's create a function to clean up and prepare adbhoney data
 fuADBHONEY () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/adbhoney/*; fi
  mkdir -vp /data/adbhoney/{downloads,log}
@ -95,6 +95,14 @@ fuADBHONEY () {
  chown tpot:tpot /data/adbhoney/ -R
 }

+# Let's create a function to clean up and prepare beelzebub data
+fuBEELZEBUB () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/beelzebub/*; fi
+  mkdir -vp /data/beelzebub/{key,log}
+  chmod 770 /data/beelzebub/ -R
+  chown tpot:tpot /data/beelzebub/ -R
+}
+
 # Let's create a function to clean up and prepare ciscoasa data
 fuCISCOASA () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ciscoasa/*; fi
@ -362,6 +370,7 @@ echo
 echo "Checking and preparing data folders."
 fuTPOTINIT
 fuADBHONEY
+fuBEELZEBUB
 fuCISCOASA
 fuCITRIXHONEYPOT
 fuCONPOT
--- a/docker/tpotinit/dist/etc/logrotate/logrotate.conf
+++ b/docker/tpotinit/dist/etc/logrotate/logrotate.conf
@ -1,5 +1,6 @@
 /data/adbhoney/log/*.json
 /data/adbhoney/log/*.log
+/data/beelzebub/log/*.json
 /data/ciscoasa/log/ciscoasa.log
 /data/citrixhoneypot/logs/server.log
 /data/conpot/log/conpot*.json
--- a/docker/tpotinit/dist/etc/objects/elkbase.tgz
+++ b/docker/tpotinit/dist/etc/objects/elkbase.tgz
--- a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip
+++ b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip