-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
8e83264
commit 3e5f72d
Showing
10 changed files
with
671 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
FROM centos:centos7 | ||
|
||
LABEL maintainer Alexander Merck <alexander.t.merck@gmail.com> | ||
LABEL name "rdphoney" | ||
LABEL version "0.1" | ||
LABEL release "1" | ||
LABEL summary "RDPHoney Honeypot Container" | ||
LABEL description "RDPHoney is a simple RDP connection honeypot" | ||
LABEL authoritative-source-url "https://github.com/CommunityHoneyNetwork/communityhoneynetwork" | ||
LABEL changelog-url "https://github.com/breakfastdub/rdphoney/commits/master" | ||
|
||
# Set DOCKER var - used by RDPHoney init to determine logging | ||
ENV DOCKER "yes" | ||
ENV playbook "rdphoney.yml" | ||
|
||
RUN yum install -y epel-release \ | ||
&& yum install -y ansible | ||
|
||
RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts | ||
ADD . /opt/ | ||
RUN ansible-playbook /opt/${playbook} | ||
|
||
ENTRYPOINT ["/sbin/runsvdir", "-P", "/etc/service"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
|
||
[output_hpfeeds] | ||
server = localhost | ||
port = 10000 | ||
identifier = abc123 | ||
secret = secret | ||
debug=false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
#!/bin/bash | ||
|
||
trap "exit 130" SIGINT | ||
trap "exit 137" SIGKILL | ||
trap "exit 143" SIGTERM | ||
|
||
set -o errexit | ||
set -o nounset | ||
set -o pipefail | ||
|
||
RDPHONEY_JSON='/etc/rdphoney/rdphoney.json' | ||
|
||
register() { | ||
local deploy_key="${1:-}" | ||
local chnserver="${2:-localhost}" | ||
local json="${3:-rdphoney}" | ||
local hostname="$(hostname -f)" | ||
local honeypot="rdphoney" | ||
|
||
if [[ -z ${deploy_key} ]] | ||
then | ||
return 1 | ||
fi | ||
|
||
curl -s -X POST -H "Content-Type: application/json" -d "{ | ||
\"name\": \"${hostname}-${honeypot}\", | ||
\"hostname\": \"$hostname\", | ||
\"deploy_key\": \"$deploy_key\", | ||
\"honeypot\": \"$honeypot\" | ||
}" ${chnserver}/api/sensor/ > ${json} | ||
} | ||
|
||
setup_rdphoney_conf () { | ||
local server=${1:-} | ||
local server_port=${2:-} | ||
local uid=${3:-} | ||
local secret=${4:-} | ||
local debug=${5:-false} | ||
|
||
pushd /opt | ||
cp rdphoney.cfg.dist rdphoney.cfg | ||
|
||
sed -i "s/\[output_hpfeeds\]/[output_hpfeeds]/g" rdphoney.cfg | ||
sed -i "s/server = localhost/server = ${server}/g" rdphoney.cfg | ||
sed -i "s/port = 10000/port = ${server_port}/g" rdphoney.cfg | ||
sed -i "s/identifier = abc123/identifier = ${uid}/g" rdphoney.cfg | ||
sed -i "s/secret = secret/secret = ${secret}/g" rdphoney.cfg | ||
sed -i "s/debug=false/debug=${debug}/" rdphoney.cfg | ||
|
||
popd | ||
|
||
} | ||
|
||
main () { | ||
source {{ sysconfig_dir }}/rdphoney | ||
|
||
if [[ ${DEBUG} == "true" ]] | ||
then | ||
set -o xtrace | ||
fi | ||
|
||
local deploy_key=${DEPLOY_KEY:-} | ||
local chn_server=${CHN_SERVER} | ||
local feeds_server=${FEEDS_SERVER:-localhost} | ||
local feeds_server_port=${FEEDS_SERVER_PORT:-10000} | ||
local json=${RDPHONEY_JSON:-rdphoney.json} | ||
|
||
local debug=${DEBUG:-false} | ||
|
||
if [[ -z ${deploy_key} ]] | ||
then | ||
echo "[CRIT] - No deploy key found" | ||
exit 1 | ||
fi | ||
|
||
if [[ ! -f ${json} ]] || [[ ! -s ${json} ]] | ||
then | ||
register ${deploy_key} {$chn_server} ${json} | ||
|
||
return=$? | ||
|
||
if [[ $return -ne 0 ]] | ||
then | ||
echo "Failed to register with ${chn_server} using key: ${deploy_key}" | ||
exit 1 | ||
fi | ||
fi | ||
|
||
local uuid=$(python -c "import json;obj=json.load(file('${json}'));print obj['uuid']") | ||
|
||
if [ -z "$uuid" ] | ||
then | ||
echo "Could not create sensor using name \"$(hostname -f)\"." | ||
exit 1 | ||
else | ||
echo "Created sensor: " $uuid | ||
fi | ||
|
||
local feeds_server=$(echo $feeds_server | sed 's#^http://##; s#^https://##; s#/.*$##; s/:.*$//') | ||
local uid=$(python -c "import json;obj=json.load(file('${json}'));print obj['identifier']") | ||
local secret=$(python -c "import json;obj=json.load(file('${json}'));print obj['secret']") | ||
|
||
setup_rdphoney_conf ${feeds_server} \ | ||
${feeds_server_port} \ | ||
${uid} ${secret} \ | ||
${debug} | ||
|
||
exec su - rdphoney -c "python /opt/rdphoney/rdp_honeyscript.py --config /opt/rdphoney.cfg" | ||
} | ||
|
||
main "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# This file is read from /etc/sysconfig/rdphoney or /etc/default/rdphoney | ||
# depending on the base distro | ||
# | ||
# This can be modified to change the default setup of the rdphoney unattended installation | ||
|
||
DEBUG=false | ||
|
||
# CHN Server api to register to | ||
CHN_SERVER="http://chnserver" | ||
|
||
# Server to stream data to | ||
FEEDS_SERVER="localhost" | ||
FEEDS_SERVER_PORT=10000 | ||
|
||
# Deploy key from the FEEDS_SERVER administrator | ||
# This is a REQUIRED value | ||
DEPLOY_KEY= | ||
|
||
# Registration information file | ||
# If running in a container, this needs to persist | ||
# RDPHONEY_JSON="/etc/rdphoney/rdphoney.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
--- | ||
- hosts: all | ||
|
||
tasks: | ||
- name: RDPHoney | Gather | print os info | ||
debug: | ||
msg: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}" | ||
|
||
- name: RDPHoney | Gather | os info | ||
include_vars: "{{ item }}" | ||
with_first_found: | ||
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" | ||
- "{{ ansible_distribution }}.yml" | ||
|
||
- name: RDPHoney | Gather | default info | ||
include_vars: | ||
file: default.yml | ||
tags: vars | ||
|
||
- name: RDPHoney | install non-specific packages | ||
package: | ||
name: "{{ item }}" | ||
with_items: "{{ pkgs }}" | ||
|
||
- name: RDPHoney | install os-specific packages | ||
package: | ||
name: "{{ item }}" | ||
with_items: "{{ pkgs_osspec }}" | ||
|
||
- name: RDPHoney | add users group | ||
group: | ||
name: users | ||
|
||
- name: RDPHoney | create rdphoney user | ||
user: | ||
name: rdphoney | ||
shell: /bin/bash | ||
group: users | ||
|
||
- name: RDPHoney | copy rdphoney sysconfig file | ||
copy: | ||
dest: "{{ sysconfig_dir }}/rdphoney" | ||
src: rdphoney.sysconfig | ||
mode: 0644 | ||
|
||
- name: RDPHoney | create log file | ||
copy: | ||
content: "" | ||
dest: /var/log/honeyrdp.log | ||
force: no | ||
group: users | ||
owner: rdphoney | ||
mode: 0644 | ||
|
||
- name: RDPHoney | install Runit for CentOS hosts | ||
yum: | ||
name: "{{ runit_rpm_src }}" | ||
state: present | ||
when: ansible_distribution|lower == 'centos' | ||
|
||
- name: RDPHoney | create runit directories | ||
file: | ||
state: directory | ||
path: "{{ runit_service_dir }}" | ||
mode: 0755 | ||
|
||
- name: RDPHoney | create rdphoney runit run file | ||
template: | ||
src: rdphoney.run.j2 | ||
dest: "{{ runit_service_dir }}/run" | ||
mode: 0755 |
Empty file.
Oops, something went wrong.