tweaking

multi stage build for dicompot
rebuild fatt, glutton, hellpot, honeypots for alpine 3.19
bump glutton, hellpot, honeypots to latest master

docker/glutton/dist/config.yaml

@@ -0,0 +1,23 @@
+ports:
+  tcp: 5000
+#  udp: 5001
+
+rules_path: config/rules.yaml
+
+addresses: ["1.2.3.4", "5.4.3.2"]
+
+producers:
+  enabled: false
+  http:
+    enabled: false
+    remote: https://localhost:9000
+  hpfeeds:
+    enabled: false
+    host: 172.26.0.2
+    port: 20000
+    ident: ident
+    auth: auth
+    channel: test
+
+conn_timeout: 45
+max_tcp_payload: 4096

docker/glutton/dist/rules.yaml

@@ -1,33 +0,0 @@
-# Put passthrough rules on top, drop rules on bottom, rules are applied in order (top down)
-rules:
-  - match: udp dst port 53
-    type: passthrough
-  - match: tcp dst port 21
-    type: conn_handler
-    target: ftp
-  - match: tcp dst port 23 or port 2323 or port 23231
-    type: conn_handler
-    target: telnet
-  - match: tcp dst port 25
-    type: conn_handler
-    target: smtp
-  - match: tcp dst port 445
-    type: conn_handler
-    target: smb
-  - match: tcp dst port 1883
-    type: conn_handler
-    target: mqtt
-  - match: tcp dst port 3389
-    type: conn_handler
-    target: rdp
-  - match: tcp dst port 5060
-    type: conn_handler
-    target: sip
-  - match: tcp dst port 5222 or port 5223
-    type: conn_handler
-    target: jabber
-  - match: tcp
-    type: conn_handler
-    target: default
-  - match: 
-    type: drop

docker/glutton/dist/system.go

@@ -3,31 +3,22 @@ package glutton
 import (
 	"errors"
 	"fmt"
-	"log"
+	"net"
 	"os"
-	"os/exec"
 	"runtime"
 	"strings"
 	"time"
+
+	"github.com/glaslos/lsof"
+	"github.com/google/gopacket/pcap"
 )
 
 func countOpenFiles() (int, error) {
 	if runtime.GOOS == "linux" {
-		if isCommandAvailable("lsof") {
-			out, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("lsof -p %d", os.Getpid())).Output()
-			if err != nil {
-				log.Fatal(err)
-			}
-			lines := strings.Split(string(out), "\n")
-			return len(lines) - 1, nil
-		}
-		return 0, errors.New("lsof command does not exist. Kindly run sudo apt install lsof")
+		lines, err := lsof.ReadPID(os.Getpid())
+		return len(lines) - 1, err
 	}
-	return 0, errors.New("Operating system type not supported for this command")
-}
-
-func countRunningRoutines() int {
-	return runtime.NumGoroutine()
+	return 0, errors.New("operating system type not supported for this command")
 }
 
 func (g *Glutton) startMonitor(quit chan struct{}) {
@@ -35,8 +26,15 @@ func (g *Glutton) startMonitor(quit chan struct{}) {
 	go func() {
 		for {
 			select {
+			// case <-ticker.C:
+				// openFiles, err := countOpenFiles()
+				// if err != nil {
+					// fmt.Printf("Failed :%s", err)
+				// }
+				// runningRoutines := runtime.NumGoroutine()
+				// g.Logger.Info(fmt.Sprintf("running Go routines: %d, open files: %d", openFiles, runningRoutines))
 			case <-quit:
-				g.logger.Info("[system  ] Monitoring stopped..")
+				g.Logger.Info("monitoring stopped...")
 				ticker.Stop()
 				return
 			}
@@ -44,10 +42,27 @@ func (g *Glutton) startMonitor(quit chan struct{}) {
 	}()
 }
 
-func isCommandAvailable(name string) bool {
-	cmd := exec.Command("/bin/sh", "-c", "command -v "+name)
-	if err := cmd.Run(); err != nil {
-		return false
+func getNonLoopbackIPs(ifaceName string) ([]net.IP, error) {
+	nonLoopback := []net.IP{}
+
+	ifs, err := pcap.FindAllDevs()
+	if err != nil {
+		return nonLoopback, err
 	}
-	return true
+
+	for _, iface := range ifs {
+		if strings.EqualFold(iface.Name, ifaceName) {
+			for _, addr := range iface.Addresses {
+				if !addr.IP.IsLoopback() && addr.IP.To4() != nil {
+					nonLoopback = append(nonLoopback, addr.IP)
+				}
+			}
+		}
+	}
+
+	if len(nonLoopback) == 0 {
+		return nonLoopback, fmt.Errorf("unable to find any non-loopback addresses for: %s", ifaceName)
+	}
+
+	return nonLoopback, nil
 }