tweaking

multi stage build for dicompot rebuild fatt, glutton, hellpot, honeypots for alpine 3.19 bump glutton, hellpot, honeypots to latest master
2025-07-02 01:27:27 -04:00 · 2024-03-05 19:50:35 +01:00
parent 519a101fdf
commit c45870594b
66 changed files with 464 additions and 225 deletions
--- a/docker/glutton/Dockerfile
+++ b/docker/glutton/Dockerfile
@ -1,45 +1,43 @@
-FROM alpine:3.15 as builder
+FROM golang:1.21-alpine as builder
 #
 # Include dist
 COPY dist/ /root/dist/
 # 
 # Setup apk
 RUN apk -U --no-cache add \
-                   build-base \
-                   git \
-                   go \
-                   g++ \
-                   iptables-dev \
-                   libnetfilter_queue-dev \
-                   libpcap-dev && \
+		build-base \
+		git \
+        g++ \
+		iptables-dev \
+		libpcap-dev && \
 #
 # Setup go, glutton
-    export GOPATH=/opt/go/ && \
    export GO111MODULE=on && \
-    mkdir -p /opt/go && \
-    cd /opt/go/ && \
+    mkdir -p /opt/ && \
+    cd /opt/ && \
    git clone https://github.com/mushorg/glutton && \
-    cd /opt/go/glutton/ && \
-    git checkout c25045b95b43ed9bfee89b2d14a50f5794a9cf2b && \
-    mv /root/dist/system.go /opt/go/glutton/ && \
+    cd /opt/glutton/ && \
+    git checkout c1204c65ce32bfdc0e08fb2a9abe89b3b8eeed62 && \
+    # git checkout c25045b95b43ed9bfee89b2d14a50f5794a9cf2b && \
+    cp /root/dist/system.go . && \
    go mod download && \
    make build && \
-    mv /root/dist/rules.yaml /opt/go/glutton/rules/
+	mv /root/dist/config.yaml /opt/glutton/config/
 #
-FROM alpine:3.17
+FROM alpine:3.19
 #
-COPY --from=builder /opt/go/glutton/bin /opt/glutton/bin
-COPY --from=builder /opt/go/glutton/config /opt/glutton/config
-COPY --from=builder /opt/go/glutton/rules /opt/glutton/rules
+COPY --from=builder /opt/glutton/bin /opt/glutton/bin
+COPY --from=builder /opt/glutton/config /opt/glutton/config
+COPY --from=builder /opt/glutton/rules /opt/glutton/rules
 #
 RUN apk -U --no-cache add \
-                   iptables-dev \
-                   libnetfilter_queue-dev \
-                   libcap \
-                   libpcap-dev && \
-    ln -s /sbin/xtables-legacy-multi /sbin/xtables-multi && \
+		iptables \
+		iptables-dev \
+		libnetfilter_queue-dev \
+		libcap \
+		libpcap-dev && \
    setcap cap_net_admin,cap_net_raw=+ep /opt/glutton/bin/server && \
-    setcap cap_net_admin,cap_net_raw=+ep /sbin/xtables-legacy-multi && \
+    setcap cap_net_admin,cap_net_raw=+ep /sbin/xtables-nft-multi && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 glutton && \
@ -52,5 +50,5 @@ RUN apk -U --no-cache add \
 #
 # Start glutton 
 WORKDIR /opt/glutton
-USER glutton:glutton
-CMD exec bin/server -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }') -l /var/log/glutton/glutton.log > /dev/null 2>&1
+#USER glutton:glutton
+CMD exec bin/server -d true -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }') -l /var/log/glutton/glutton.log > /dev/null 2>&1
--- a/docker/glutton/dist/config.yaml
+++ b/docker/glutton/dist/config.yaml
@ -0,0 +1,23 @@
+ports:
+  tcp: 5000
+#  udp: 5001
+
+rules_path: config/rules.yaml
+
+addresses: ["1.2.3.4", "5.4.3.2"]
+
+producers:
+  enabled: false
+  http:
+    enabled: false
+    remote: https://localhost:9000
+  hpfeeds:
+    enabled: false
+    host: 172.26.0.2
+    port: 20000
+    ident: ident
+    auth: auth
+    channel: test
+
+conn_timeout: 45
+max_tcp_payload: 4096
--- a/docker/glutton/dist/rules.yaml
+++ b/docker/glutton/dist/rules.yaml
@ -1,33 +0,0 @@
-# Put passthrough rules on top, drop rules on bottom, rules are applied in order (top down)
-rules:
-  - match: udp dst port 53
-    type: passthrough
-  - match: tcp dst port 21
-    type: conn_handler
-    target: ftp
-  - match: tcp dst port 23 or port 2323 or port 23231
-    type: conn_handler
-    target: telnet
-  - match: tcp dst port 25
-    type: conn_handler
-    target: smtp
-  - match: tcp dst port 445
-    type: conn_handler
-    target: smb
-  - match: tcp dst port 1883
-    type: conn_handler
-    target: mqtt
-  - match: tcp dst port 3389
-    type: conn_handler
-    target: rdp
-  - match: tcp dst port 5060
-    type: conn_handler
-    target: sip
-  - match: tcp dst port 5222 or port 5223
-    type: conn_handler
-    target: jabber
-  - match: tcp
-    type: conn_handler
-    target: default
-  - match: 
-    type: drop
--- a/docker/glutton/dist/system.go
+++ b/docker/glutton/dist/system.go
@ -3,31 +3,22 @@ package glutton
 import (
 	"errors"
 	"fmt"
-	"log"
+	"net"
 	"os"
-	"os/exec"
 	"runtime"
 	"strings"
 	"time"
+
+	"github.com/glaslos/lsof"
+	"github.com/google/gopacket/pcap"
 )

 func countOpenFiles() (int, error) {
 	if runtime.GOOS == "linux" {
-		if isCommandAvailable("lsof") {
-			out, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("lsof -p %d", os.Getpid())).Output()
-			if err != nil {
-				log.Fatal(err)
-			}
-			lines := strings.Split(string(out), "\n")
-			return len(lines) - 1, nil
-		}
-		return 0, errors.New("lsof command does not exist. Kindly run sudo apt install lsof")
+		lines, err := lsof.ReadPID(os.Getpid())
+		return len(lines) - 1, err
 	}
-	return 0, errors.New("Operating system type not supported for this command")
-}
-
-func countRunningRoutines() int {
-	return runtime.NumGoroutine()
+	return 0, errors.New("operating system type not supported for this command")
 }

 func (g *Glutton) startMonitor(quit chan struct{}) {
@ -35,8 +26,15 @@ func (g *Glutton) startMonitor(quit chan struct{}) {
 	go func() {
 		for {
 			select {
+			// case <-ticker.C:
+				// openFiles, err := countOpenFiles()
+				// if err != nil {
+					// fmt.Printf("Failed :%s", err)
+				// }
+				// runningRoutines := runtime.NumGoroutine()
+				// g.Logger.Info(fmt.Sprintf("running Go routines: %d, open files: %d", openFiles, runningRoutines))
 			case <-quit:
-				g.logger.Info("[system  ] Monitoring stopped..")
+				g.Logger.Info("monitoring stopped...")
 				ticker.Stop()
 				return
 			}
@ -44,10 +42,27 @@ func (g *Glutton) startMonitor(quit chan struct{}) {
 	}()
 }

-func isCommandAvailable(name string) bool {
-	cmd := exec.Command("/bin/sh", "-c", "command -v "+name)
-	if err := cmd.Run(); err != nil {
-		return false
+func getNonLoopbackIPs(ifaceName string) ([]net.IP, error) {
+	nonLoopback := []net.IP{}
+
+	ifs, err := pcap.FindAllDevs()
+	if err != nil {
+		return nonLoopback, err
 	}
-	return true
+
+	for _, iface := range ifs {
+		if strings.EqualFold(iface.Name, ifaceName) {
+			for _, addr := range iface.Addresses {
+				if !addr.IP.IsLoopback() && addr.IP.To4() != nil {
+					nonLoopback = append(nonLoopback, addr.IP)
+				}
+			}
+		}
+	}
+
+	if len(nonLoopback) == 0 {
+		return nonLoopback, fmt.Errorf("unable to find any non-loopback addresses for: %s", ifaceName)
+	}
+
+	return nonLoopback, nil
 }
--- a/docker/glutton/docker-compose.yml
+++ b/docker/glutton/docker-compose.yml
@ -16,7 +16,8 @@ services:
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/glutton:alpha"
-    read_only: true
+#    read_only: true
    volumes:
-     - /data/glutton/log:/var/log/glutton
-     - /root/tpotce/docker/glutton/dist/rules.yaml:/opt/glutton/rules/rules.yaml
+     - $HOME/tpotce/data/glutton/log:/var/log/glutton
+#     - $HOME/tpotce/data/glutton/payloads:/opt/glutton/payloads
+#     - $HOME/tpotce/docker/glutton/dist/rules.yaml:/opt/glutton/rules/rules.yaml