mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
Finalize Miniprint integration, tweaking
This commit is contained in:
t3chn0m4g3
@ -216,6 +216,15 @@ services:
|
||||
context: ../medpot/
|
||||
<<: *common-build
|
||||
|
||||
# Miniprint
|
||||
miniprint:
|
||||
image: ${TPOT_DOCKER_REPO}/miniprint:${TPOT_VERSION}
|
||||
build:
|
||||
tags:
|
||||
- ${TPOT_GHCR_REPO}/miniprint:${TPOT_VERSION}
|
||||
context: ../miniprint/
|
||||
<<: *common-build
|
||||
|
||||
# Redishoneypot
|
||||
redishoneypot:
|
||||
image: ${TPOT_DOCKER_REPO}/redishoneypot:${TPOT_VERSION}
|
||||
|
||||
14
docker/elk/logstash/dist/http_output.conf
vendored
14
docker/elk/logstash/dist/http_output.conf
vendored
@ -161,6 +161,13 @@ input {
|
||||
type => "Log4pot"
|
||||
}
|
||||
|
||||
# Miniprint
|
||||
file {
|
||||
path => ["/data/miniprint/log/miniprint.json"]
|
||||
codec => json
|
||||
type => "Miniprint"
|
||||
}
|
||||
|
||||
# Mailoney
|
||||
file {
|
||||
path => ["/data/mailoney/log/commands.log"]
|
||||
@ -612,6 +619,13 @@ filter {
|
||||
}
|
||||
}
|
||||
|
||||
# Miniprint
|
||||
if [type] == "Miniprint" {
|
||||
date {
|
||||
match => [ "timestamp", "ISO8601" ]
|
||||
}
|
||||
}
|
||||
|
||||
# Redishoneypot
|
||||
if [type] == "Redishoneypot" {
|
||||
date {
|
||||
|
||||
14
docker/elk/logstash/dist/logstash.conf
vendored
14
docker/elk/logstash/dist/logstash.conf
vendored
@ -175,6 +175,13 @@ input {
|
||||
type => "Medpot"
|
||||
}
|
||||
|
||||
# Miniprint
|
||||
file {
|
||||
path => ["/data/miniprint/log/miniprint.json"]
|
||||
codec => json
|
||||
type => "Miniprint"
|
||||
}
|
||||
|
||||
# Redishoneypot
|
||||
file {
|
||||
path => ["/data/redishoneypot/log/redishoneypot.log"]
|
||||
@ -612,6 +619,13 @@ filter {
|
||||
}
|
||||
}
|
||||
|
||||
# Miniprint
|
||||
if [type] == "Miniprint" {
|
||||
date {
|
||||
match => [ "timestamp", "ISO8601" ]
|
||||
}
|
||||
}
|
||||
|
||||
# Redishoneypot
|
||||
if [type] == "Redishoneypot" {
|
||||
date {
|
||||
|
||||
@ -13,7 +13,7 @@ RUN apk --no-cache -U add \
|
||||
# Install from GitHub and setup
|
||||
mkdir -p /opt && \
|
||||
cd /opt/ && \
|
||||
git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.3 && \
|
||||
git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.4 && \
|
||||
cd t-pot-attack-map && \
|
||||
pip3 install --break-system-packages --upgrade pip && \
|
||||
pip3 install --break-system-packages -r requirements.txt && \
|
||||
|
||||
@ -14,7 +14,7 @@ services:
|
||||
- miniprint_local
|
||||
ports:
|
||||
- "9100:9100"
|
||||
image: dtagdevsec/miniprint:testing
|
||||
image: dtagdevsec/miniprint:24.04
|
||||
read_only: true
|
||||
volumes:
|
||||
- $HOME/tpotce/data/miniprint/log/:/opt/miniprint/log/
|
||||
|
||||
24
docker/tpotinit/dist/bin/clean.sh
vendored
24
docker/tpotinit/dist/bin/clean.sh
vendored
@ -32,6 +32,8 @@ fuLOGROTATE () {
|
||||
local myDIONAEABITGZ="/data/dionaea/bistreams.tgz"
|
||||
local myDIONAEABIN="/data/dionaea/binaries/"
|
||||
local myDIONAEABINTGZ="/data/dionaea/binaries.tgz"
|
||||
local myMINIPRINTU="/data/miniprint/uploads/"
|
||||
local myMINIPRINTTGZ="/data/miniprint/uploads.tgz"
|
||||
local myHONEYTRAPATTACKS="/data/honeytrap/attacks/"
|
||||
local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
|
||||
local myHONEYTRAPDL="/data/honeytrap/downloads/"
|
||||
@ -54,21 +56,22 @@ if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIET
|
||||
if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIEDLTGZ $myCOWRIEDL; fi
|
||||
if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABITGZ $myDIONAEABI; fi
|
||||
if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABINTGZ $myDIONAEABIN; fi
|
||||
if [ "$(fuEMPTY $myMINIPRINTU)" != "0" ]; then tar -I $myPIGZ -cvf $myMINIPRINTTGZ $myMINIPRINTU; fi
|
||||
if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
|
||||
if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
|
||||
if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar -I $myPIGZ -cvf $myTANNERFTGZ $myTANNERF; fi
|
||||
|
||||
# Ensure correct permissions and ownership for previously created archives
|
||||
chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
|
||||
chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
|
||||
chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
|
||||
chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
|
||||
|
||||
# Need to remove subfolders since too many files cause rm to exit with errors
|
||||
rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
|
||||
|
||||
# Recreate subfolders with correct permissions and ownership
|
||||
mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
|
||||
chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
|
||||
chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
|
||||
|
||||
# Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
|
||||
logrotate -s $mySTATUS $myCONF
|
||||
@ -294,6 +297,14 @@ fuMEDPOT () {
|
||||
chown tpot:tpot /data/medpot/ -R
|
||||
}
|
||||
|
||||
# Let's create a function to clean up and prepare miniprint data
|
||||
fuMINIPRINT () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/miniprint/*; fi
|
||||
mkdir -vp /data/miniprint/{log,uploads}
|
||||
chmod 770 /data/miniprint/ -R
|
||||
chown tpot:tpot /data/miniprint/ -R
|
||||
}
|
||||
|
||||
# Let's create a function to clean up nginx logs
|
||||
fuNGINX () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/nginx/log/*; fi
|
||||
@ -410,6 +421,7 @@ fuIPPHONEY
|
||||
fuLOG4POT
|
||||
fuMAILONEY
|
||||
fuMEDPOT
|
||||
fuMINIPRINT
|
||||
fuNGINX
|
||||
fuREDISHONEYPOT
|
||||
fuSENTRYPEER
|
||||
|
||||
@ -34,6 +34,7 @@
|
||||
/data/log4pot/log/*.log
|
||||
/data/mailoney/log/*.log
|
||||
/data/medpot/log/*.log
|
||||
/data/miniprint/log/*.json
|
||||
/data/nginx/log/*.log
|
||||
/data/p0f/log/p0f.json
|
||||
/data/redishoneypot/log/*.log
|
||||
@ -61,6 +62,8 @@
|
||||
/data/dionaea/binaries.tgz
|
||||
/data/honeytrap/attacks.tgz
|
||||
/data/honeytrap/downloads.tgz
|
||||
/data/miniprint/uploads.tgz
|
||||
/data/tanner/files.tgz
|
||||
{
|
||||
su tpot tpot
|
||||
copytruncate
|
||||
|
||||
BIN
docker/tpotinit/dist/etc/objects/elkbase.tgz
vendored
BIN
docker/tpotinit/dist/etc/objects/elkbase.tgz
vendored
Binary file not shown.
Binary file not shown.
Reference in New Issue
Block a user