aug2uag/basic_boto_script.py

## basic_boto_script.py
import io
import scp
import paramiko
import boto3
import logging

logging.basicConfig(level=logging.DEBUG, format='%(asctime)s :: %(levelname)s :: %(message)s')
boto_logger = logging.getLogger('boto_logger')

###################### Private Stuff
AWS_SECRET = None
KEYFILE = None
AWS_ACCESS = None
KEY_NAME = None
SECURITY_GROUPS = [None]
TAG_SPECIFICATIONS = [{'ResourceType': 'instance',
        'Tags': [{'Key': 'DataClassification', 'Value': 'None'},
    {'Key': 'Email', 'Value': 'None'},
    {'Key': 'Name', 'Value': 'docker-honeypot'},
    {'Key': 'ResourceOwner', 'Value': 'adpridge'},
    {'Key': 'Environment', 'Value': 'NonProd'},
    {'Key': 'ApplicationName', 'Value': 'docker-honeypot'}]
}]
WBX_WEBHOOK = None #'"None"'
SLACK_WEBHOOK = None # '"None"'
# Public Stuff

DCS = [
    'us-east-1',
    'us-east-2',
    'us-west-1',
    # 'us-west-2',
    # 'sa-east-1',
    # 'ap-south-1',
    # 'ap-southeast-1',
    # 'ap-southeast-2',
    # 'ap-northeast-1',
    # 'ap-northeast-2',
]

ARGS = {
    'ports': "2375 2376 2377 4243 4244",
    'terminate_with_error': "",
    'slack': '',
    'slack_channel': '"#tw-threat-intel"',
    'slack_username': '"docker-hp"',
    'slack_webhook': SLACK_WEBHOOK,
    'wbx':'',
    'wbx_webhook': WBX_WEBHOOK,
    'sensor_id': '"{sensor_id}"'
}

if WBX_WEBHOOK is None:
    del ARGS['wbx']
    del ARGS['wbx_webhook']
if SLACK_WEBHOOK is None:
    del ARGS['slack']
    del ARGS['slack_webhook']


THE_ARGS = ' '.join([" -"+k+' '+v for k, v in ARGS.items()])
SERVICE_CONFIG = '''[Unit]
Description=docker-honey pot service
After=syslog.target

[Service]
Type=forking
User=ubuntu
Group=ubuntu
WorkingDirectory=/home/ubuntu/dhp
PIDFile=/var/run/dhp.pid
ExecStart=/usr/bin/python3 /home/ubuntu/dhp/scripts/docker_honeypot.py {}

[Install]
WantedBy=multi-user.target
'''.format(THE_ARGS)


INIT_COMMANDS = '''sudo apt update && \
sudo apt install -y python3-pip git && \
git clone https://github.com/deeso/dhp && \
cd dhp && pip3 install .'''

UBUNTU = 'ubuntu'
IMAGE_ID = 'ami-0bbe28eb2173f6167'
INSTANCE_TYPE = 't2.micro'

DryRun = False

def create_instances(ec2, MaxCount=1,
                     ImageId=IMAGE_ID, KeyName=KEY_NAME, InstanceType=INSTANCE_TYPE,
                     SecurityGroups=SECURITY_GROUPS, TagSpecifications=TAG_SPECIFICATIONS):

    print("Creating {} instances".format(MaxCount))

    reservations = ec2.run_instances(
        DryRun=False,
        MinCount=1,
        MaxCount=MaxCount,
        ImageId=ImageId,
        KeyName=KeyName,
        InstanceType=InstanceType,
        SecurityGroups=SecurityGroups,
        TagSpecifications=TagSpecifications
    )

    instances = [i['InstanceId'] for i in reservations['Instances']]
    print("Created {} instances".format(len(instances)))
    return instances

def wait_for_instances_up(ec2, instances):
    instances_completed_loading = []
    waiting_instances = instances
    while len(waiting_instances) > 0:
        print("Waiting for {} instances".format(len(waiting_instances)))
        waiting_instances = []
        statuses = ec2.describe_instance_status(InstanceIds=instances)
        for status in statuses['InstanceStatuses']:
            instance_id = status['InstanceId']
            if status['InstanceState']['Code'] != 16:
                instances.append(instance_id)
                continue
            if status['InstanceStatus']['Status'] != 'ok':
                instances.append(instance_id)
                continue
            if status['SystemStatus']['Status'] != 'ok':
                instances.append(instance_id)
                continue

            instances_completed_loading.append(instance_id)
    return instances_completed_loading


def get_public_ips(ec2, instances):
    results = ec2.describe_instances(InstanceIds=instances)
    instance_infos = []
    for k in results['Reservations']:
        instance_infos = instance_infos + k['Instances']

    instance_to_ip = {k['InstanceId']: k.get('PublicIpAddress', '') for k in instance_infos}
    print("Got {} instances IP addresses".format(len(instances)))
    return instance_to_ip


def setup_instance(instance, ip, region, username=UBUNTU, key_filename=KEYFILE):
    print("Setting up {} @ IP addresses: {}".format(instance, ip))
    sensor_id = "{}:|:{}:|:{}".format(region, ip, instance)
    client = paramiko.SSHClient()
    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    client.connect(ip, username=UBUNTU, key_filename=KEYFILE)
    stdin, stdout, stderr = client.exec_command(INIT_COMMANDS)
    print("executed set up commands for {} @ IP addresses: {}".format(instance, ip))
    stdout.read()
    scp_client = scp.SCPClient(client.get_transport())
    print("scp'ing the systemctl file for {} @ IP addresses: {}, sensor_id: {}".format(instance, ip, sensor_id))
    new_file = io.BytesIO(SERVICE_CONFIG.format(**{'sensor_id':sensor_id}).encode('ascii'))
    scp_client.putfo(new_file, './docker_honeypot.service')
    client.exec_command('sudo cp docker_honeypot.service /lib/systemd/system/')
    client.exec_command('sudo chmod 644 /lib/systemd/system/docker_honeypot.service')
    client.exec_command('sudo systemctl daemon-reload')
    client.exec_command('sudo systemctl enable docker_honeypot.service')
    client.exec_command('sudo systemctl start docker_honeypot.service')
    stdin, stdout, stderr = client.exec_command('sudo systemctl status docker_honeypot.service')
    stdout.read()

def doit_defaults(MaxCount=3, regions=DCS, aws_access_key_id=AWS_ACCESS, aws_secret_access_key=AWS_SECRET):
    instances = []

    for dc in DCS:
        ec2 = boto3.client('ec2',
                           dc,
                           aws_access_key_id=aws_access_key_id,
                           aws_secret_access_key=aws_secret_access_key)

        instances = create_instances(ec2, MaxCount=MaxCount)
        wait_for_instances_up(ec2, instances)
        instance_to_ip = get_public_ips(ec2, instances)
        for instance, ip in instance_to_ip.items():
            setup_instance(instance, ip, dc)
	import io
	import scp
	import paramiko
	import boto3
	import logging

	logging.basicConfig(level=logging.DEBUG, format='%(asctime)s :: %(levelname)s :: %(message)s')
	boto_logger = logging.getLogger('boto_logger')

	###################### Private Stuff
	AWS_SECRET = None
	KEYFILE = None
	AWS_ACCESS = None
	KEY_NAME = None
	SECURITY_GROUPS = [None]
	TAG_SPECIFICATIONS = [{'ResourceType': 'instance',
	'Tags': [{'Key': 'DataClassification', 'Value': 'None'},
	{'Key': 'Email', 'Value': 'None'},
	{'Key': 'Name', 'Value': 'docker-honeypot'},
	{'Key': 'ResourceOwner', 'Value': 'adpridge'},
	{'Key': 'Environment', 'Value': 'NonProd'},
	{'Key': 'ApplicationName', 'Value': 'docker-honeypot'}]
	}]
	WBX_WEBHOOK = None #'"None"'
	SLACK_WEBHOOK = None # '"None"'
	# Public Stuff

	DCS = [
	'us-east-1',
	'us-east-2',
	'us-west-1',
	# 'us-west-2',
	# 'sa-east-1',
	# 'ap-south-1',
	# 'ap-southeast-1',
	# 'ap-southeast-2',
	# 'ap-northeast-1',
	# 'ap-northeast-2',
	]

	ARGS = {
	'ports': "2375 2376 2377 4243 4244",
	'terminate_with_error': "",
	'slack': '',
	'slack_channel': '"#tw-threat-intel"',
	'slack_username': '"docker-hp"',
	'slack_webhook': SLACK_WEBHOOK,
	'wbx':'',
	'wbx_webhook': WBX_WEBHOOK,
	'sensor_id': '"{sensor_id}"'
	}

	if WBX_WEBHOOK is None:
	del ARGS['wbx']
	del ARGS['wbx_webhook']
	if SLACK_WEBHOOK is None:
	del ARGS['slack']
	del ARGS['slack_webhook']


	THE_ARGS = ' '.join([" -"+k+' '+v for k, v in ARGS.items()])
	SERVICE_CONFIG = '''[Unit]
	Description=docker-honey pot service
	After=syslog.target

	[Service]
	Type=forking
	User=ubuntu
	Group=ubuntu
	WorkingDirectory=/home/ubuntu/dhp
	PIDFile=/var/run/dhp.pid
	ExecStart=/usr/bin/python3 /home/ubuntu/dhp/scripts/docker_honeypot.py {}

	[Install]
	WantedBy=multi-user.target
	'''.format(THE_ARGS)


	INIT_COMMANDS = '''sudo apt update && \
	sudo apt install -y python3-pip git && \
	git clone https://github.com/deeso/dhp && \
	cd dhp && pip3 install .'''

	UBUNTU = 'ubuntu'
	IMAGE_ID = 'ami-0bbe28eb2173f6167'
	INSTANCE_TYPE = 't2.micro'

	DryRun = False

	def create_instances(ec2, MaxCount=1,
	ImageId=IMAGE_ID, KeyName=KEY_NAME, InstanceType=INSTANCE_TYPE,
	SecurityGroups=SECURITY_GROUPS, TagSpecifications=TAG_SPECIFICATIONS):

	print("Creating {} instances".format(MaxCount))

	reservations = ec2.run_instances(
	DryRun=False,
	MinCount=1,
	MaxCount=MaxCount,
	ImageId=ImageId,
	KeyName=KeyName,
	InstanceType=InstanceType,
	SecurityGroups=SecurityGroups,
	TagSpecifications=TagSpecifications
	)

	instances = [i['InstanceId'] for i in reservations['Instances']]
	print("Created {} instances".format(len(instances)))
	return instances

	def wait_for_instances_up(ec2, instances):
	instances_completed_loading = []
	waiting_instances = instances
	while len(waiting_instances) > 0:
	print("Waiting for {} instances".format(len(waiting_instances)))
	waiting_instances = []
	statuses = ec2.describe_instance_status(InstanceIds=instances)
	for status in statuses['InstanceStatuses']:
	instance_id = status['InstanceId']
	if status['InstanceState']['Code'] != 16:
	instances.append(instance_id)
	continue
	if status['InstanceStatus']['Status'] != 'ok':
	instances.append(instance_id)
	continue
	if status['SystemStatus']['Status'] != 'ok':
	instances.append(instance_id)
	continue

	instances_completed_loading.append(instance_id)
	return instances_completed_loading


	def get_public_ips(ec2, instances):
	results = ec2.describe_instances(InstanceIds=instances)
	instance_infos = []
	for k in results['Reservations']:
	instance_infos = instance_infos + k['Instances']

	instance_to_ip = {k['InstanceId']: k.get('PublicIpAddress', '') for k in instance_infos}
	print("Got {} instances IP addresses".format(len(instances)))
	return instance_to_ip


	def setup_instance(instance, ip, region, username=UBUNTU, key_filename=KEYFILE):
	print("Setting up {} @ IP addresses: {}".format(instance, ip))
	sensor_id = "{}:\|:{}:\|:{}".format(region, ip, instance)
	client = paramiko.SSHClient()
	client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
	client.connect(ip, username=UBUNTU, key_filename=KEYFILE)
	stdin, stdout, stderr = client.exec_command(INIT_COMMANDS)
	print("executed set up commands for {} @ IP addresses: {}".format(instance, ip))
	stdout.read()
	scp_client = scp.SCPClient(client.get_transport())
	print("scp'ing the systemctl file for {} @ IP addresses: {}, sensor_id: {}".format(instance, ip, sensor_id))
	new_file = io.BytesIO(SERVICE_CONFIG.format(**{'sensor_id':sensor_id}).encode('ascii'))
	scp_client.putfo(new_file, './docker_honeypot.service')
	client.exec_command('sudo cp docker_honeypot.service /lib/systemd/system/')
	client.exec_command('sudo chmod 644 /lib/systemd/system/docker_honeypot.service')
	client.exec_command('sudo systemctl daemon-reload')
	client.exec_command('sudo systemctl enable docker_honeypot.service')
	client.exec_command('sudo systemctl start docker_honeypot.service')
	stdin, stdout, stderr = client.exec_command('sudo systemctl status docker_honeypot.service')
	stdout.read()

	def doit_defaults(MaxCount=3, regions=DCS, aws_access_key_id=AWS_ACCESS, aws_secret_access_key=AWS_SECRET):
	instances = []

	for dc in DCS:
	ec2 = boto3.client('ec2',
	dc,
	aws_access_key_id=aws_access_key_id,
	aws_secret_access_key=aws_secret_access_key)

	instances = create_instances(ec2, MaxCount=MaxCount)
	wait_for_instances_up(ec2, instances)
	instance_to_ip = get_public_ips(ec2, instances)
	for instance, ip in instance_to_ip.items():
	setup_instance(instance, ip, dc)