telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

prepare for emobility

Browse Source
This commit is contained in:
Marco Ochse
2016-02-08 12:21:03 +01:00
parent 63ba812446
commit ebb58955c4
11 changed files with 59 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
installer/data/upstart/cowrie.conf Normal file
View File

@ -0,0 +1,31 @@
########################################################
# T-Pot #
# Cowrie upstart script #
# #
# v16.03.3 by av / mo, DTAG, 2016-02-08 #
########################################################
description "Cowrie"
author "av"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing cowrie containers
myCID=$(docker ps -a | grep cowrie | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm -v $myCID;
fi
# Remove any data from previous container
rm -rf /data/cowrie/* || true
mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/
chmod 760 /data/cowrie -R
chown tpot:tpot /data/cowrie -R
end script
script
/usr/bin/docker run --name cowrie --rm=true -p 22:2222 -v /data/cowrie:/data/cowrie -v /data/ews:/data/ews dtagdevsec/cowrie:latest1603
end script
post-start script
# Delay next start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
end script

32
installer/data/upstart/dionaea.conf Normal file
View File

@ -0,0 +1,32 @@
########################################################
# T-Pot #
# Dionaea upstart script #
# #
# v16.03.5 by mo, DTAG, 2016-02-08 #
########################################################
description "Dionaea"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing dionaea containers
myCID=$(docker ps -a | grep dionaea | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm -v $myCID;
fi
# Remove any data from previous container
rm -rf /data/dionaea/* || true
rm /data/ews/dionaea/ews.json || true
mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot
chmod 760 /data/dionaea -R
chown tpot:tpot /data/dionaea -R
end script
script
/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5061:5061 -p 5060:5060 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea:/data/dionaea -v /data/ews:/data/ews dtagdevsec/dionaea:latest1603
end script
post-start script
# Delay next start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
end script

31
installer/data/upstart/elasticpot.conf Normal file
View File

@ -0,0 +1,31 @@
########################################################
# T-Pot #
# Elasticpot upstart script #
# #
# v16.03.4 by ms/mo, DTAG, 2016-02-08 #
########################################################
description "ElasticPot"
author "ms"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing elasticpot containers
myCID=$(docker ps -a | grep elasticpot | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm -v $myCID;
fi
# Remove any data from previous container
rm -rf /data/elasticpot/* || true
mkdir -p /data/elasticpot/log
chmod 760 /data/elasticpot -R
chown tpot:tpot /data/elasticpot -R
end script
script
/usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -v /data/ews:/data/ews -p 9200:8080 dtagdevsec/elasticpot:latest1603
end script
post-start script
# Delay next start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
end script

27
installer/data/upstart/elk.conf Normal file
View File

@ -0,0 +1,27 @@
########################################################
# T-Pot #
# ELK upstart script #
# #
# v0.04 by mo, DTAG, 2015-12-08 #
########################################################
description "ELK"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing elk containers
myCID=$(docker ps -a | grep elk | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm -v $myCID;
fi
end script
script
# Delayed start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
/usr/bin/docker run --name=elk -v /data:/data -p 127.0.0.1:64296:8080 --rm=true dtagdevsec/elk:latest1603
end script
post-start script
sleep $(((RANDOM % 5)+5))
end script

28
installer/data/upstart/glastopf.conf Normal file
View File

@ -0,0 +1,28 @@
########################################################
# T-Pot #
# Glastopf upstart script #
# #
# v16.03.3 by mo, DTAG, 2016-02-08 #
########################################################
description "Glastopf"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing glastopf containers
myCID=$(docker ps -a | grep glastopf | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm -v $myCID;
fi
# Remove any data from previous container
rm -rf /data/glastopf/* || true
end script
script
/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:latest1603
end script
post-start script
# Delay next start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
end script

35
installer/data/upstart/honeytrap.conf Normal file
View File

@ -0,0 +1,35 @@
########################################################
# T-Pot #
# Honeytrap upstart script #
# #
# v16.03.5 by mo, DTAG, 2016-02-08 #
########################################################
description "Honeytrap"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing honeytrap containers
myCID=$(docker ps -a | grep honeytrap | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm -v $myCID;
fi
# Remove any data from previous container
rm -rf /data/honeytrap/* || true
mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
chmod 760 /data/honeytrap/ -R
chown tpot:tpot /data/honeytrap/ -R
/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,8081,9200,64295,64296 -j NFQUEUE
end script
script
/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1603
end script
post-start script
# Delay next start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
end script
post-stop script
/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,8081,9200,64295,64296 -j NFQUEUE
end script

36
installer/data/upstart/suricata.conf Normal file
View File

@ -0,0 +1,36 @@
########################################################
# T-Pot #
# Suricata upstart script #
# #
# v16.03.2 by mo, DTAG, 2016-02-08 #
########################################################
description "Suricata"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing suricata containers
myCID=$(docker ps -a | grep suricata | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm -v $myCID;
fi
# Remove any data from previous container
rm -rf /data/suricata/* || true
mkdir -p /data/suricata/log
chmod 760 -R /data/suricata
chown tpot:tpot -R /data/suricata
myIF=$(route | grep default | awk '{ print $8 }')
/sbin/ethtool --offload $myIF rx off tx off
/sbin/ethtool -K $myIF gso off gro off
/sbin/ip link set $myIF promisc on
end script
script
# Delayed start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:latest1603
end script
post-start script
sleep $(((RANDOM % 5)+5))
end script