Add go-pot honeypot

2025-07-02 01:27:27 -04:00 · 2024-10-11 20:43:08 +02:00
parent 47821941b5
commit 9b46b0120a
11 changed files with 479 additions and 2 deletions
--- a/docker/elk/logstash/dist/http_output.conf
+++ b/docker/elk/logstash/dist/http_output.conf
@ -113,6 +113,13 @@ input {
    type => "Glutton"
  }

+# Go-pot
+  file {
+    path => ["/data/go-pot/log/go-pot.json"]
+    codec => json
+    type => "Go-pot"
+  }
+
 # Hellpot
  file {
    path => ["/data/hellpot/log/hellpot.log"]
@ -482,6 +489,16 @@ filter {
    }
  }

+# Go-pot
+  if [type] == "Go-pot" {
+    if ! [dest_port] {
+      drop {}
+    }
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Hellpot
  if [type] == "Hellpot" {
    date {
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -113,6 +113,13 @@ input {
    type => "Glutton"
  }

+# Go-pot
+  file {
+    path => ["/data/go-pot/log/go-pot.json"]
+    codec => json
+    type => "Go-pot"
+  }
+
 # Hellpot
  file {
    path => ["/data/hellpot/log/hellpot.log"]
@ -474,6 +481,16 @@ filter {
    }
  }

+# Go-pot
+  if [type] == "Go-pot" {
+    if ! [dest_port] {
+      drop {}
+    }
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Glutton
  if [type] == "Glutton" {
    date {
--- a/docker/elk/map/Dockerfile
+++ b/docker/elk/map/Dockerfile
@ -13,7 +13,7 @@ RUN apk --no-cache -U add \
 # Install from GitHub and setup
    mkdir -p /opt && \
    cd /opt/ && \
-    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.2 && \
+    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.3 && \
    cd t-pot-attack-map && \
    pip3 install --break-system-packages --upgrade pip && \
    pip3 install --break-system-packages -r requirements.txt && \