From dd7fb325b6f0d4e08e868858684ad90e487ca41d Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Fri, 1 Oct 2021 16:18:10 +0000
Subject: [PATCH] add new honeypots to nextgen to prep for ELK setup

honeytrap testing
---
 docker/honeytrap/Dockerfile         |   8 +-
 docker/honeytrap/docker-compose.yml |   2 +-
 etc/compose/nextgen.yml             | 113 +++++++++++++---------------
 3 files changed, 56 insertions(+), 67 deletions(-)

diff --git a/docker/honeytrap/Dockerfile b/docker/honeytrap/Dockerfile
index b16673ad..5565bc21 100644
--- a/docker/honeytrap/Dockerfile
+++ b/docker/honeytrap/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:18.04
+FROM debian:bullseye-slim
 ENV DEBIAN_FRONTEND noninteractive
 #
 # Include dist
@@ -27,10 +27,10 @@ RUN apt-get update && \
                        wget && \
 #
 # Install honeytrap from source
-    git clone https://github.com/armedpot/honeytrap /root/honeytrap && \
-#    git clone https://github.com/t3chn0m4g3/honeytrap /root/honeytrap && \
+#    git clone https://github.com/armedpot/honeytrap /root/honeytrap && \
+    git clone https://github.com/t3chn0m4g3/honeytrap /root/honeytrap && \
     cd /root/honeytrap/ && \
-    git checkout 9aa4f734f2ea2f0da790b02d79afe18204a23982 && \
+#    git checkout 9aa4f734f2ea2f0da790b02d79afe18204a23982 && \
     autoreconf -vfi && \
     ./configure \
       --with-stream-mon=nfq \
diff --git a/docker/honeytrap/docker-compose.yml b/docker/honeytrap/docker-compose.yml
index e049e86e..7573b3d5 100644
--- a/docker/honeytrap/docker-compose.yml
+++ b/docker/honeytrap/docker-compose.yml
@@ -12,7 +12,7 @@ services:
     network_mode: "host"
     cap_add:
      - NET_ADMIN
-    image: "ghcr.io/telekom-security/honeytrap:2006"
+    image: "dtagdevsec/honeytrap:2006"
     read_only: true
     volumes:
      - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
diff --git a/etc/compose/nextgen.yml b/etc/compose/nextgen.yml
index 9bbbe69d..afc33e1d 100644
--- a/etc/compose/nextgen.yml
+++ b/etc/compose/nextgen.yml
@@ -10,11 +10,13 @@ networks:
   conpot_local_guardian_ast:
   conpot_local_ipmi:
   conpot_local_kamstrup_382:
-  cowrie_local:
   cyberchef_local:
   dicompot_local:
   dionaea_local:
+  ddospot_local:
   elasticpot_local:
+  endlessh_local:
+  hellpot_local:
   heralding_local:
   honeypy_local:
   honeysap_local:
@@ -22,7 +24,7 @@ networks:
   mailoney_local:
   medpot_local:
   rdpy_local:
-  tanner_local:
+  redishoneypot_local:
   ewsposter_local:
   spiderfoot_local:
 
@@ -161,25 +163,24 @@ services:
     volumes:
      - /data/conpot/log:/var/log/conpot
 
-# Cowrie service
-  cowrie:
-    container_name: cowrie
+# Ddospot service
+  ddospot:
+    container_name: ddospot
     restart: always
-    tmpfs:
-     - /tmp/cowrie:uid=2000,gid=2000
-     - /tmp/cowrie/data:uid=2000,gid=2000
     networks:
-     - cowrie_local
+     - ddospot_local
     ports:
-     - "22:22"
-     - "23:23"
-    image: "dtagdevsec/cowrie:2006"
+     - "19:19/udp"
+     - "53:53/udp"
+     - "123:123/udp"
+#     - "161:161/udp"
+     - "1900:1900/udp"
+    image: "dtagdevsec/ddospot:2006"
     read_only: true
     volumes:
-     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
-     - /data/cowrie/keys:/home/cowrie/cowrie/etc
-     - /data/cowrie/log:/home/cowrie/cowrie/log
-     - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
+     - /data/ddospot/log:/opt/ddospot/ddospot/logs
+     - /data/ddospot/bl:/opt/ddospot/ddospot/bl
+     - /data/ddospot/db:/opt/ddospot/ddospot/db
 
 # Dicompot service
 # Get the Horos Client for testing: https://horosproject.org/
@@ -248,6 +249,19 @@ services:
     volumes:
      - /data/elasticpot/log:/opt/elasticpot/log
 
+# Endlessh service
+  endlessh:
+    container_name: endlessh
+    restart: always
+    networks:
+     - endlessh_local
+    ports:
+     - "22:2222"
+    image: "dtagdevsec/endlessh:2006"
+    read_only: true
+    volumes:
+     - /data/endlessh/log:/var/log/endlessh
+
 # Glutton service
   glutton:
     container_name: glutton
@@ -391,6 +405,19 @@ services:
     volumes:
      - /data/rdpy/log:/var/log/rdpy
 
+# Redishoneypot service
+  redishoneypot:
+    container_name: redishoneypot
+    restart: always
+    networks:
+     - redishoneypot_local
+    ports:
+     - "6379:6379"
+    image: "dtagdevsec/redishoneypot:2006"
+    read_only: true
+    volumes:
+     - /data/redishoneypot/log:/var/log/redishoneypot
+
 #### Snare / Tanner
 ## Tanner Redis Service
   tanner_redis:
@@ -429,56 +456,18 @@ services:
     depends_on:
      - tanner_redis
 
-## Tanner WEB Service
-#  tanner_web:
-#    container_name: tanner_web
-#    restart: always
-#    tmpfs:
-#     - /tmp/tanner:uid=2000,gid=2000
-#    tty: true
-#    networks:
-#     - tanner_local
-#    image: "dtagdevsec/tanner:2006"
-#    command: tannerweb
-#    read_only: true
-#    volumes:
-#     - /data/tanner/log:/var/log/tanner
-#    depends_on:
-#     - tanner_redis
-
-## Tanner Service
-  tanner:
-    container_name: tanner
+# Hellpot service
+  hellpot:
+    container_name: hellpot
     restart: always
-    tmpfs:
-     - /tmp/tanner:uid=2000,gid=2000
-    tty: true
     networks:
-     - tanner_local
-    image: "dtagdevsec/tanner:2006"
-    command: tanner
+     - hellpot_local
+    ports:
+     - "80:8080"
+    image: "dtagdevsec/hellpot:2006"
     read_only: true
     volumes:
-     - /data/tanner/log:/var/log/tanner
-     - /data/tanner/files:/opt/tanner/files
-    depends_on:
-     - tanner_api
-#     - tanner_web
-     - tanner_phpox
-
-## Snare Service
-  snare:
-    container_name: snare
-    restart: always
-    tty: true
-    networks:
-     - tanner_local
-    ports:
-     - "80:80"
-    image: "dtagdevsec/snare:2006"
-    depends_on:
-     - tanner
-
+     - /data/hellpot/log:/var/log/hellpot
 
 ##################
 #### NSM