telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

squashing some bugs

Browse Source 
do not forward tcp connections to or from 127.0.0.1 to NFQ (fixes strange netdata behaviour)
run netdata on network mode host again (update compose files) including host metrics
This commit is contained in:
Marco Ochse
2017-05-30 19:07:43 +00:00
parent 5d8ad0a623
commit aea18d5f92
4 changed files with 15 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
installer/etc/tpot/compose/all.yml
View File

@ -200,13 +200,11 @@ services:
# Netdata service # Netdata service
netdata: netdata:
container_name: netdata container_name: netdata
hostname: ${HOSTNAME}
restart: always restart: always
network_mode: "host"
depends_on: depends_on:
elasticsearch: elasticsearch:
condition: service_healthy condition: service_healthy
ports:
- "127.0.0.1:64301:19999"
cap_add: cap_add:
- SYS_PTRACE - SYS_PTRACE
security_opt: security_opt:

4
installer/etc/tpot/compose/industrial.yml
View File

@ -114,13 +114,11 @@ services:
# Netdata service # Netdata service
netdata: netdata:
container_name: netdata container_name: netdata
hostname: ${HOSTNAME}
restart: always restart: always
network_mode: "host"
depends_on: depends_on:
elasticsearch: elasticsearch:
condition: service_healthy condition: service_healthy
ports:
- "127.0.0.1:64301:19999"
cap_add: cap_add:
- SYS_PTRACE - SYS_PTRACE
security_opt: security_opt:

4
installer/etc/tpot/compose/tpot.yml
View File

@ -169,13 +169,11 @@ services:
# Netdata service # Netdata service
netdata: netdata:
container_name: netdata container_name: netdata
hostname: ${HOSTNAME}
restart: always restart: always
network_mode: "host"
depends_on: depends_on:
elasticsearch: elasticsearch:
condition: service_healthy condition: service_healthy
ports:
- "127.0.0.1:64301:19999"
cap_add: cap_add:
- SYS_PTRACE - SYS_PTRACE
security_opt: security_opt:

22
installer/etc/tpot/systemd/tpot.service
View File

@ -6,7 +6,6 @@ After=docker.service
[Service] [Service]
Restart=always Restart=always
RestartSec=5 RestartSec=5
Environment=HOSTNAME=%H
# Get and set internal, external IP infos, but ignore errors # Get and set internal, external IP infos, but ignore errors
ExecStartPre=-/usr/share/tpot/bin/updateip.sh ExecStartPre=-/usr/share/tpot/bin/updateip.sh
@ -30,12 +29,13 @@ ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " |
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE # Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 64295:64303,7634 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
# Forward all other connections to honeytrap / NFQUEUE # Forward all other connections to honeytrap / NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634,8125 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
# Compose T-Pot up # Compose T-Pot up
@ -45,10 +45,12 @@ ExecStart=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml up
ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
# Remove only previously set iptables rules # Remove only previously set iptables rules
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 64295:64303,7634 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634,8125 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
[Install] [Install]