Last active
July 21, 2016 08:15
-
-
Save sooshie/3937a75e541e819e386e to your computer and use it in GitHub Desktop.
modified registration.sh and deploy.sh for installing glastopf on a CentOS 7 system so it registers (works) with an MHN server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
set -x | |
if [ $# -ne 2 ] | |
then | |
echo "Wrong number of arguments supplied." | |
echo "Usage: $0 <server_url> <deploy_key>." | |
exit 1 | |
fi | |
server_url=$1 | |
deploy_key=$2 | |
GLASTOPF_HOME=/opt/glastopf | |
# May need this for CentOS 7 | |
# wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm | |
yum update | |
yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel php-devel libxml2-devel libxslt-devel atlas atlas-devel gcc-gfortran g++ git php php-devel wget screen mysql mysql-server mysql-devel libevent-headers | |
yum install supervisor python-pip python-devel libffi-devel | |
# Minor changes, check out the other gist. | |
#wget $server_url/static/registration.txt -O registration.sh | |
chmod 0755 registration.sh | |
# Note: This will export the HPF_* variables | |
. ./registration.sh $server_url $deploy_key "glastopf" | |
# Install and configure the PHP sandbox | |
cd /opt | |
git clone git://github.com/glastopf/BFR.git | |
cd BFR | |
phpize | |
./configure --enable-bfr | |
make && make install | |
# Updated php.ini to add bfr.so | |
BFR_BUILD_OUTPUT=`find /usr/lib/php5/ -type f -name "bfr.so" | awk -F"/" '{print $5}'` | |
echo "zend_extension = /usr/lib/php5/$BFR_BUILD_OUTPUT/bfr.so" >> /etc/php.ini | |
# Stop httpd and disable it from start up, and remove the package | |
service httpd stop | |
yum remove httpd | |
# Upgrade python-greenlet | |
pip install --upgrade greenlet | |
# Install glastopf | |
pip install glastopf | |
mkdir -p $GLASTOPF_HOME | |
# Add the modified glastopf.cfg | |
cat > $GLASTOPF_HOME/glastopf.cfg <<EOF | |
[webserver] | |
host = 0.0.0.0 | |
port = 80 | |
uid = nobody | |
gid = nobody | |
proxy_enabled = False | |
#Generic logging for general monitoring | |
[logging] | |
consolelog_enabled = False | |
filelog_enabled = True | |
logfile = log/glastopf.log | |
[dork-db] | |
enabled = True | |
pattern = rfi | |
#Extracts dorks from a online dorks service operated by The Honeynet Project | |
mnem_service = True | |
[hpfeed] | |
enabled = True | |
host = $HPF_HOST | |
port = $HPF_PORT | |
secret = $HPF_SECRET | |
# channels comma separated | |
chan_events = glastopf.events | |
chan_files = glastopf.files | |
ident = $HPF_IDENT | |
[main-database] | |
#If disabled a sqlite database will be created (db/glastopf.db) | |
#to be used as dork storage. | |
enabled = True | |
#mongodb or sqlalchemy connection string, ex: | |
#mongodb://localhost:27017/glastopf | |
#mongodb://james:bond@localhost:27017/glastopf | |
#mysql://james:bond@somehost.com/glastopf | |
connection_string = sqlite:///db/glastopf.db | |
[surfcertids] | |
enabled = False | |
host = localhost | |
port = 5432 | |
user = | |
password = | |
database = idsserver | |
[syslog] | |
enabled = False | |
socket = /dev/log | |
[mail] | |
enabled = False | |
# an email notification will be sent only if a specified matched pattern is identified. | |
# Use the wildcard char *, to be notified every time | |
patterns = rfi,lfi | |
user = | |
pwd = | |
mail_from = | |
mail_to = | |
smtp_host = smtp.gmail.com | |
smtp_port = 587 | |
[taxii] | |
enabled = False | |
host = taxiitest.mitre.org | |
port = 80 | |
inbox_path = /services/inbox/default/ | |
use_https = False | |
use_auth_basic = False | |
auth_basic_username = your_username | |
auth_basic_password = your_password | |
use_auth_certificate = False | |
auth_certificate_keyfile = full_path_to_keyfile | |
auth_certificate_certfile = full_path_to_certfile | |
include_contact_info = False | |
contact_name = ... | |
contact_email = ... | |
[misc] | |
# set webserver banner | |
banner = Apache/2.0.48 | |
EOF | |
# Set up supervisor | |
cat > /etc/supervisord.d/glastopf.ini <<EOF | |
[program:glastopf] | |
command=/usr/bin/python /usr/bin/glastopf-runner | |
directory=$GLASTOPF_HOME | |
stdout_logfile=/var/log/glastopf.out | |
stderr_logfile=/var/log/glastopf.err | |
autostart=true | |
autorestart=true | |
redirect_stderr=true | |
stopsignal=QUIT | |
EOF | |
chown -R nobody:nobody $GLASTOPF_HOME/* | |
service supervisord start | |
supervisorctl update |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ $# -ne 3 ] | |
then | |
echo "Wrong number of arguments supplied." | |
echo "Usage: sh $0 <server_url> <deploy_key> <honeypot_type>." | |
exit 1 | |
fi | |
server_url=$1 | |
deploy_key=$2 | |
honeypot=$3 | |
hostname=$(hostname) | |
curl -s -X POST -H "Content-Type: application/json" -d "{ | |
\"name\": \"${hostname}-${honeypot}\", | |
\"hostname\": \"$hostname\", | |
\"deploy_key\": \"$deploy_key\", | |
\"honeypot\": \"$honeypot\" | |
}" $server_url/api/sensor/ > /tmp/deploy.json | |
uuid=$(python -c 'import json;obj=json.load(file("/tmp/deploy.json"));print obj["uuid"]') | |
if [ -z "$uuid" ] | |
then | |
echo "Could not create sensor using name \"$hostname\"." | |
exit 1 | |
fi | |
set -e | |
echo "Created sensor: " $uuid | |
###################################################### | |
# hpfeeds info | |
export HPF_HOST=$(echo $server_url | sed 's#^http://##; s#^https://##; s#/.*$##; s/:.*$//') | |
export HPF_PORT="10000" | |
export HPF_IDENT=$(python -c 'import json;obj=json.load(file("/tmp/deploy.json"));print obj["identifier"]') | |
export HPF_SECRET=$(python -c 'import json;obj=json.load(file("/tmp/deploy.json"));print obj["secret"]') | |
###################################################### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment