Initial commit.

Dockerfile-centos

@@ -0,0 +1,23 @@
+FROM centos:centos7
+
+LABEL maintainer Alexander Merck <alexander.t.merck@gmail.com>
+LABEL name "rdphoney"
+LABEL version "0.1"
+LABEL release "1"
+LABEL summary "RDPHoney Honeypot Container"
+LABEL description "RDPHoney is a simple RDP connection honeypot"
+LABEL authoritative-source-url "https://github.com/CommunityHoneyNetwork/communityhoneynetwork"
+LABEL changelog-url "https://github.com/breakfastdub/rdphoney/commits/master"
+
+# Set DOCKER var - used by RDPHoney init to determine logging
+ENV DOCKER "yes"
+ENV playbook "rdphoney.yml"
+
+RUN yum install -y epel-release \
+    && yum install -y ansible
+
+RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts
+ADD . /opt/
+RUN ansible-playbook /opt/${playbook}
+
+ENTRYPOINT ["/sbin/runsvdir", "-P", "/etc/service"]

rdphoney.cfg.dist

@@ -0,0 +1,7 @@
+
+[output_hpfeeds]
+server = localhost
+port = 10000
+identifier = abc123
+secret = secret
+debug=false

rdphoney.run.j2

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+trap "exit 130" SIGINT
+trap "exit 137" SIGKILL
+trap "exit 143" SIGTERM
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+RDPHONEY_JSON='/etc/rdphoney/rdphoney.json'
+
+register() {
+    local deploy_key="${1:-}"
+    local chnserver="${2:-localhost}"
+    local json="${3:-rdphoney}"
+    local hostname="$(hostname -f)"
+    local honeypot="rdphoney"
+
+    if [[ -z ${deploy_key} ]]
+    then
+        return 1
+    fi
+
+    curl -s -X POST -H "Content-Type: application/json" -d "{
+      \"name\": \"${hostname}-${honeypot}\",
+      \"hostname\": \"$hostname\",
+      \"deploy_key\": \"$deploy_key\",
+      \"honeypot\": \"$honeypot\"
+    }" ${chnserver}/api/sensor/ > ${json}
+}
+
+setup_rdphoney_conf () {
+    local server=${1:-}
+    local server_port=${2:-}
+    local uid=${3:-}
+    local secret=${4:-}
+    local debug=${5:-false}
+
+    pushd /opt
+    cp rdphoney.cfg.dist rdphoney.cfg
+
+    sed -i "s/\[output_hpfeeds\]/[output_hpfeeds]/g" rdphoney.cfg
+    sed -i "s/server = localhost/server = ${server}/g" rdphoney.cfg
+    sed -i "s/port = 10000/port = ${server_port}/g" rdphoney.cfg
+    sed -i "s/identifier = abc123/identifier = ${uid}/g" rdphoney.cfg
+    sed -i "s/secret = secret/secret = ${secret}/g" rdphoney.cfg
+    sed -i "s/debug=false/debug=${debug}/" rdphoney.cfg
+
+    popd
+
+}
+
+main () {
+    source {{ sysconfig_dir }}/rdphoney
+
+    if [[ ${DEBUG} == "true" ]]
+    then
+        set -o xtrace
+    fi
+
+    local deploy_key=${DEPLOY_KEY:-}
+    local chn_server=${CHN_SERVER}
+    local feeds_server=${FEEDS_SERVER:-localhost}
+    local feeds_server_port=${FEEDS_SERVER_PORT:-10000}
+    local json=${RDPHONEY_JSON:-rdphoney.json}
+
+    local debug=${DEBUG:-false}
+
+    if [[ -z ${deploy_key} ]]
+    then
+        echo "[CRIT] - No deploy key found"
+        exit 1
+    fi
+
+    if [[ ! -f ${json} ]] || [[ ! -s ${json} ]]
+    then
+        register ${deploy_key} {$chn_server} ${json}
+
+        return=$?
+
+        if [[ $return -ne 0 ]]
+        then
+            echo "Failed to register with ${chn_server} using key: ${deploy_key}"
+            exit 1
+        fi
+    fi
+
+    local uuid=$(python -c "import json;obj=json.load(file('${json}'));print obj['uuid']")
+
+    if [ -z "$uuid" ]
+    then
+        echo "Could not create sensor using name \"$(hostname -f)\"."
+        exit 1
+    else
+        echo "Created sensor: " $uuid
+    fi
+
+    local feeds_server=$(echo $feeds_server | sed 's#^http://##; s#^https://##; s#/.*$##; s/:.*$//')
+    local uid=$(python -c "import json;obj=json.load(file('${json}'));print obj['identifier']")
+    local secret=$(python -c "import json;obj=json.load(file('${json}'));print obj['secret']")
+
+    setup_rdphoney_conf ${feeds_server} \
+                        ${feeds_server_port} \
+                        ${uid} ${secret} \
+                        ${debug}
+
+    exec su - rdphoney -c "python /opt/rdphoney/rdp_honeyscript.py --config /opt/rdphoney.cfg"
+}
+
+main "$@"

rdphoney.sysconfig

@@ -0,0 +1,21 @@
+# This file is read from /etc/sysconfig/rdphoney or /etc/default/rdphoney
+# depending on the base distro
+#
+# This can be modified to change the default setup of the rdphoney unattended installation
+
+DEBUG=false
+
+# CHN Server api to register to
+CHN_SERVER="http://chnserver"
+
+# Server to stream data to
+FEEDS_SERVER="localhost"
+FEEDS_SERVER_PORT=10000
+
+# Deploy key from the FEEDS_SERVER administrator
+# This is a REQUIRED value
+DEPLOY_KEY=
+
+# Registration information file
+# If running in a container, this needs to persist
+# RDPHONEY_JSON="/etc/rdphoney/rdphoney.json

rdphoney.yml

@@ -0,0 +1,71 @@
+---
+  - hosts: all
+
+    tasks:
+      - name: RDPHoney | Gather | print os info
+        debug:
+          msg: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}"
+
+      - name: RDPHoney | Gather | os info
+        include_vars: "{{ item }}"
+        with_first_found:
+          - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+          - "{{ ansible_distribution }}.yml"
+
+      - name: RDPHoney | Gather | default info
+        include_vars:
+          file: default.yml
+        tags: vars
+
+      - name: RDPHoney | install non-specific packages
+        package:
+          name: "{{ item }}"
+        with_items: "{{ pkgs }}"
+
+      - name: RDPHoney | install os-specific packages
+        package:
+          name: "{{ item }}"
+        with_items: "{{ pkgs_osspec }}"
+
+      - name: RDPHoney | add users group
+        group:
+          name: users
+
+      - name: RDPHoney | create rdphoney user
+        user:
+          name: rdphoney
+          shell: /bin/bash
+          group: users
+
+      - name: RDPHoney | copy rdphoney sysconfig file
+        copy:
+          dest: "{{ sysconfig_dir }}/rdphoney"
+          src: rdphoney.sysconfig
+          mode: 0644
+
+      - name: RDPHoney | create log file
+        copy:
+          content: ""
+          dest: /var/log/honeyrdp.log
+          force: no
+          group: users
+          owner: rdphoney
+          mode: 0644
+
+      - name: RDPHoney | install Runit for CentOS hosts
+        yum:
+          name: "{{ runit_rpm_src }}"
+          state: present
+        when: ansible_distribution|lower == 'centos'
+
+      - name: RDPHoney | create runit directories
+        file:
+          state: directory
+          path: "{{ runit_service_dir }}"
+          mode: 0755
+
+      - name: RDPHoney | create rdphoney runit run file
+        template:
+          src: rdphoney.run.j2
+          dest: "{{ runit_service_dir }}/run"
+          mode: 0755