telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

prep for 18.04

Browse Source
This commit is contained in:
Marco Ochse
2018-03-25 18:35:32 +00:00
parent 60cb42b34d
commit c9a33870ff
57 changed files with 2268 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
docker/heralding/Dockerfile Normal file
View File

@ -0,0 +1,41 @@
FROM alpine
# Include dist
ADD dist/ /root/dist/
# Install packages
RUN apk -U upgrade && \
apk add bash \
build-base \
git \
libcap \
libffi-dev \
libressl-dev \
postgresql-dev \
python3 \
python3-dev \
py-virtualenv && \
pip3 install --upgrade pip && \
# Setup heralding
mkdir -p /opt && \
cd /opt/ && \
git clone https://github.com/johnnykv/heralding && \
cd heralding && \
mv /root/dist/heralding.yml /opt/heralding/ && \
pip3 install -r requirements.txt && \
pip3 install heralding && \
# Setup user, groups and configs
addgroup -g 2000 heralding && \
adduser -S -H -s /bin/bash -u 2000 -D -g 2000 heralding && \
mkdir -p /var/log/heralding/ && \
# Clean up
apk del git && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
# Start elasticpot
WORKDIR /opt/heralding/
CMD ["heralding","-l","/var/log/heralding/heralding.log"]

12
docker/heralding/README.md Normal file
View File

@ -0,0 +1,12 @@
[![](https://images.microbadger.com/badges/version/dtagdevsec/heralding:1804.svg)](https://microbadger.com/images/dtagdevsec/heralding:1804 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/heralding:1804.svg)](https://microbadger.com/images/dtagdevsec/heralding:1804 "Get your own image badge on microbadger.com")
# heralding
[Heralding](https://github.com/johnnykv/heralding) is a simple honeypot that collects credentials, nothing more. Heralding is that honeypot! Currently the following protocols are supported: ftp, telnet, ssh, http, https, pop3, pop3s, imap, imaps, smtp and postgresql.
This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized heralding and will be used to setup the docker image.
The `docker-compose.yml` contains the necessary settings to test conpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.

152
docker/heralding/dist/heralding.yml vendored Normal file
View File

@ -0,0 +1,152 @@
# will request and log the public ip every hours from ipify
public_ip_as_destination_ip: true
# ip address to listen on
bind_host: 0.0.0.0
# logging of sessions and authentication attempts
activity_logging:
file:
enabled: true
session_log_file: "/var/log/heralding/session.csv"
authentication_log_file: "/var/log/heralding/auth.csv"
syslog:
enabled: false
hpfeeds:
enabled: false
session_channel: "heralding.session"
auth_channel: "heralding.auth"
host:
port: 20000
ident:
secret:
curiosum:
enabled: false
port: 23400
# protocols to enable
capabilities:
ftp:
enabled: true
port: 21
timeout: 30
protocol_specific_data:
max_attempts: 3
banner: "Microsoft FTP Server"
syst_type: "Windows-NT"
telnet:
enabled: true
port: 23
timeout: 30
protocol_specific_data:
max_attempts: 3
pop3:
enabled: true
port: 110
timeout: 30
protocol_specific_data:
max_attempts: 3
pop3s:
enabled: true
port: 995
timeout: 30
protocol_specific_data:
max_attempts: 3
# if a .pem file is not found in work dir, a new pem file will be created
# using these values
cert:
common_name: "*"
country: "US"
state: None
locality: None
organization: None
organizational_unit: None
# how many days should the certificate be valid for
valid_days: 365
serial_number: 0
postgresql:
enabled: true
port: 5432
timeout: 30
imap:
enabled: true
port: 143
timeout: 30
protocol_specific_data:
max_attempts: 3
banner: "* OK IMAP4rev1 Server Ready"
imaps:
enabled: true
port: 993
timeout: 30
protocol_specific_data:
max_attempts: 3
banner: "* OK IMAP4rev1 Server Ready"
# if a .pem file is not found in work dir, a new pem file will be created
# using these values
cert:
common_name: "*"
country: "US"
state: None
locality: None
organization: None
organizational_unit: None
# how many days should the certificate be valid for
valid_days: 365
serial_number: 0
ssh:
enabled: true
port: 22
timeout: 30
protocol_specific_data:
banner: "SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8"
http:
enabled: true
port: 80
timeout: 30
protocol_specific_data:
banner: ""
https:
enabled: true
port: 443
timeout: 30
protocol_specific_data:
banner: ""
# if a .pem file is not found in work dir, a new pem file will be created
# using these values
cert:
common_name: "*"
country: "US"
state: None
locality: None
organization: None
organizational_unit: None
# how many days should the certificate be valid for
valid_days: 365
serial_number: 0
smtp:
enabled: true
port: 25
timeout: 30
protocol_specific_data:
banner: "Microsoft ESMTP MAIL service ready"
# If the fqdn option is commented out or empty, then fqdn of the host will be used
fqdn: ""
vnc:
enabled: true
port: 5900
timeout: 30

30
docker/heralding/docker-compose.yml Normal file
View File

@ -0,0 +1,30 @@
version: '2.2'
networks:
heralding_local:
services:
# Heralding service
heralding:
build: .
container_name: heralding
restart: always
networks:
- heralding_local
ports:
- "21:21"
- "22:22"
- "23:23"
- "25:25"
- "80:80"
- "110:110"
- "143:143"
- "443:443"
- "993:993"
- "995:995"
- "5432:5432"
- "5900:5900"
image: "dtagdevsec/heralding:1804"
volumes:
- /data/heralding/log:/var/log/heralding