From a8e2372d76a2983266aca9c3561332089ef9dcfa Mon Sep 17 00:00:00 2001 From: valentin Date: Wed, 10 Nov 2021 11:29:01 +0100 Subject: [PATCH] initial commit --- .aws/.credentials.un~ | Bin 0 -> 1114 bytes .aws/config | 4 + .aws/credentials | 3 + .aws/credentials~ | 3 + .ocanary-setup.sh.un~ | Bin 0 -> 6556 bytes README.md | 0 ocanary-setup.sh | 177 +++++++++++++++++++++ ocanary-setup.sh~ | 135 ++++++++++++++++ opencanary.conf | 96 +++++++++++ opencanary.logrotate | 18 +++ opencanary.service | 15 ++ protonLogin_2/.index.html.un~ | Bin 0 -> 2104 bytes protonLogin_2/403.html | 10 ++ protonLogin_2/404.html | 9 ++ protonLogin_2/index.html | 93 +++++++++++ protonLogin_2/index.html~ | 93 +++++++++++ protonLogin_2/static/img/pm-logo-white.svg | 1 + 17 files changed, 657 insertions(+) create mode 100644 .aws/.credentials.un~ create mode 100644 .aws/config create mode 100644 .aws/credentials create mode 100644 .aws/credentials~ create mode 100755 .ocanary-setup.sh.un~ create mode 100644 README.md create mode 100755 ocanary-setup.sh create mode 100755 ocanary-setup.sh~ create mode 100644 opencanary.conf create mode 100644 opencanary.logrotate create mode 100644 opencanary.service create mode 100644 protonLogin_2/.index.html.un~ create mode 100644 protonLogin_2/403.html create mode 100644 protonLogin_2/404.html create mode 100644 protonLogin_2/index.html create mode 100644 protonLogin_2/index.html~ create mode 100644 protonLogin_2/static/img/pm-logo-white.svg diff --git a/.aws/.credentials.un~ b/.aws/.credentials.un~ new file mode 100644 index 0000000000000000000000000000000000000000..17ef80ca98de6142af8e381ad095283e1aa0d731 GIT binary patch literal 1114 zcmWH`%$*;a=aT=Ff$8o`?i#;eGMqDojsLGPEuFvO=dJLkeHYT5OI+Joc1p1@FfcF! zu|r~caeQ%Va#3nYd}4BPYH@LVc50=9t%6U8x3+&}q_KXUQ-pt#c36ZRn zX|_*Rj+e7xXjOTNs~^-H2_Ve~#7sa80w5ZO84@e23Rpn0j12J?K(aspQwUU*Y z|A7E30^*DU8iW8aI#R*W!NBkp7H^=m0K%ZC&;X?gL}G}~OaZ0`M{iHZ5O-5=*9d=8 zZ)0P(P&fZz(?)P~g7hE*P}G9V0+~G;ouELVDF8-iJ~VfMqZ2)6QJlq18=tQN0FAd{ AVgLXD literal 0 HcmV?d00001 diff --git a/.aws/config b/.aws/config new file mode 100644 index 0000000..db04e42 --- /dev/null +++ b/.aws/config @@ -0,0 +1,4 @@ +[default] +region = us-east-2 +output = text + diff --git a/.aws/credentials b/.aws/credentials new file mode 100644 index 0000000..736f64a --- /dev/null +++ b/.aws/credentials @@ -0,0 +1,3 @@ +[default] +aws_access_key_id = AKIATG5KEXO5DJVHHNHI +aws_secret_access_key = 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 diff --git a/.aws/credentials~ b/.aws/credentials~ new file mode 100644 index 0000000..63bef30 --- /dev/null +++ b/.aws/credentials~ @@ -0,0 +1,3 @@ +[default] +aws_access_key_id = AKIATG5KEXO5K33FUFOS +aws_secret_access_key = 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 diff --git a/.ocanary-setup.sh.un~ b/.ocanary-setup.sh.un~ new file mode 100755 index 0000000000000000000000000000000000000000..d69847b19b6824d1edb7c0de3c6ab7cff82ef636 GIT binary patch literal 6556 zcmeI1&ui2`6vxwT*Wc|;Xz|ctS5Sm(V#~I54+|DO2_A%scv;dkxC`0Ll4LCb4;I9| z>p}4%s37Fr~cq*fa7j-@p< z{z)Qsr6#QX&k+cU%O3;|$N9EM`)-r2lRh8?isdlnNgix7H)dVtrJUy;rg|YwM@in^ z6BJ9Jw7nD%y`%<~qKbqmOB6rq6gTKV9a2T{jG{OVkV%3dHmCVFOP`SlLM%ZQ2~(B` ze$ok|1%jd?*o(qGXN?O?y}}Xm?gpus4@Vv!MM)SWL0Yt8eusH|K8(DOs*`8hT94K; zufe(%bqwlt?KdJL;D!*J1u7DzEM>ug$by-&8>0ZxMpYI>hqEBq%~-a|vLXqqvC~!^ z&&yWbQOa|k#KE@fuToW|R7YY07Ex!?5g_yB zXIpzJ5XLNFYU-F!As0y>lHyWVVFH%p7)t>%U^z3e$4gBKv$dVfg3L z!JF)dXpOSiK<$L)Cy0XLJmxG#M8TvGMZbz-L!;=XRUiRQl%8}KP*J)|7+a8tf=MBe z&vcMDx#?YVNrD{m9k%BC(}f6Lr!)`268v!U$nrxFj0*94b(kOe;Di)sy}$AUFVQr~ zLckI`u>24W<3jvi>-^MJi{iJS)!%x%Ezf>{BmhbO01)34XGGgHWmJqAg7#KGtCfHG z(KP>5bOdd>Y3c /root/cron_content +sudo echo "0 * * * * cp /home/centos/opencanary_logs/opencanary.log /home/centos/opencanary_logs/to_sync; sudo chmod 600 /home/centos/opencanary_logs/to_sync/opencanary.log; aws s3 sync /home/centos/opencanary_logs/to_sync s3://s3-protonlab-02" >> /root/cron_content +sudo crontab /root/cron_content + +# - Create LogRotate rule +echo "Creating a LogRotate rule..." +sudo cp /home/centos/ocanary-setup/opencanary.logrotate /etc/logrotate.d/opencanary + +# - Create Virtual Environment +echo "Creating virtual env..." +sudo virtualenv -p python3 /var/lib/canary-env +sudo source /var/lib/canary-env/bin/activate + +# - Python (pip update) +#pip install --upgrade pip setuptools + +# - Clone Opencanary Git repo +echo "Cloning opencanary git repo..." +git clone https://github.com/thinkst/opencanary + +# - Opencanary initial setup +echo "Opencanary general install..." +cd opencanary +##pip install opencanary +#python setup.py install +sudo /var/lib/canary-env/bin/python setup.py install +sudo /var/lib/canary-env/bin/pip install -r requirements.txt +# - Opencanary config +echo "Creating Opencanary config..." +sudo mkdir /etc/opencanaryd -p +sudo cp /home/centos/ocanary-setup/opencanary.conf /etc/opencanaryd/opencanary.conf + +# - Import HTTP Honeypot Proton Skin +echo "Import HTTP Honeypot Proton Skin..." +sudo cp -R /home/centos/ocanary-setup/protonLogin_2/ /home/centos/opencanary/opencanary/modules/data/http/skin/ + +# - Copy Service config +echo "Making Opencanary run as a service..." +sudo cp /home/centos/ocanary-setup/opencanary.service /etc/systemd/system/opencanary.service + +# - Reload services daemon to add opencanary.service +sudo systemctl daemon-reload + +# - Enable opencanary.service at boot +echo "Enable Opencanary service at boot..." +sudo systemctl enable opencanary.service + +# - Update SSH port to 2222 on the system (OpenCanary runs HoneyPot on port 22) +# Backup default config +echo "Updating SSHD config (make sshd run on port 2222, let port 22 for HoneyPot)..." +sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bkp + +# Change port to 2222 +sudo sed -i 's/#Port\ 22/Port 2222/g' /etc/ssh/sshd_config + +echo "Adding rule for SELinux to let SSHD listen on port 2222..." +# Add SELinux policy to let ssh bind on port 2222 +sudo semanage port -a -t ssh_port_t -p tcp 2222 + +# Change opencanaryd file type to a 'bin_t' type. Will ensure that the file type does not trisition to a confined domain +# Without this instruction, SELinux will block many actions +echo "Adding rules for SELinux to let opencanaryd service run..." +sudo chcon -t bin_t /var/lib/canary-env/bin/opencanaryd + +echo "Setting SELinux to permisive - IMPORTANT - This action must be removed for production" +# ----- TODO Change this setting ----- +# - Set SELinux to permisive +#sudo setenforce 0 +# ------------------------------------ + +# Restart ssh-server +read -p "Restart ssh server now ?" -r +echo "" +if [[ $REPLY =~ ^[Yy]$ ]] +then + echo "SSH Server restarting..." + sudo systemctl restart sshd.service + echo "SSH Server restarted" + + # - Enable and start service + echo "Start opencanary service" + sudo systemctl start opencanary.service +else + echo "For OpenCanary to run you must:" + echo "- restart sshd" + echo "- start opencanary" + echo "" + echo "sudo systemctl restart sshd.service" + echo "sudo systemctl start opencanary.service" +fi + +# - Wait for Opencanary to start completely, and create the log file +echo "Waiting for Opencanary to finish starting process..." + +# - To do so, we first try to see if the logfile is now present on the system +# - If the log file is not present, we wait a few more seconds +check_oc_running_tries=0 +while [ ! -f /home/centos/opencanary_logs/opencanary.log ] && [ $check_oc_running_tries -le 6 ] +do + sleep 1 + check_oc_running_tries=$((check_oc_running_tries+1)) + echo "Opencanary not running... [ waiting ]" +done + +# - If Opencanary is running +if $(systemctl is-active --quiet opencanary.service) +then + # - Set rw permission to root only for the log file + # - This is important for the first run, then logrotate will force the permission at the first rotation + echo "Changing permissions on pencanary log file..." + sudo chmod 600 /home/centos/opencanary_logs/opencanary.log + echo -e "\nThe system says that Opencanary is now running" +else + echo "Opencanary could not run :(" +fi + diff --git a/ocanary-setup.sh~ b/ocanary-setup.sh~ new file mode 100755 index 0000000..2098b03 --- /dev/null +++ b/ocanary-setup.sh~ @@ -0,0 +1,135 @@ +#!/bin/bash + +# - TODO IMPORTANT - This file contains a line with 'setenforce 0' +# - TODO change cron job minute from '*' to '0' (set this for tests) +# - TODO change 'centos' with $USER env variable everywhere + + +# - Check sudo + +if [[ "$EUID" != 0 ]]; then + echo "This script must be run with sudo" + exit +fi + +# - Set current working dir +cd /home/centos/ + +# - Update +#sudo apt-get update && sudo apt-get dist-upgrade +echo "Checking for updates..." +yum check-update +sudo yum update -y + +# - Install required packages +#sudo apt-get install python3-dev python3-pip python3-virtualenv python3-venv python3-scapy libssl-dev libpcap-dev +echo "Installing required packages (git, vim, virtualenv)..." +sudo yum install git -y +sudo yum install vim -y +sudo yum install virtualenv -y + + +# - Install EPEL repo (Extra Packages for Enterprise Linux) +# - AWSClient present in it +echo "Adding EPEL repo..." +sudo yum install epel-release.noarch -yi +echo "Checking for updates..." +yum check-update +sudo yum update -y + +# - Install AWS Client (from EPEL) +echo "Installing Amazon AWS Client (awscli.noarch)..." +sudo yum install awscli.noarch -y + +# - Configure AWS Client +echo "Copy of awscli config (credentials and config file)..." +sudo cp -R /home/centos/ocanary-setup/.aws /root/ +sudo chmod -R 755 /root/.aws +sudo chmod 600 /root/.aws/* +sudo chown -R root:root /root/.aws + +# - Create folder to sync with S3 Bucket (where we will store a copy of ocanary logs) +echo "Creating folder that will contain a copy of ocanary logs (under /home/$USER/opencanary_logs/) ..." +sudo mkdir /home/centos/opencanary_logs + +# - Add cron jobs in crontab +echo "Adding cron jobs (copy of logs in /home/$USER/opencanary_logs/ and aws S3 sync) ..." +sudo crontab -l > /root/cron_content +sudo echo "* * * * * cp /var/tmp/opencanary.log /home/centos/opencanary_logs/" >> /root/cron_content +sudo echo "* * * * * aws s3 sync /home/centos/opencanary_logs/ s3://s3-protonlab-02" >> /root/cron_content +sudo crontab /root/cron_content + +# - Create Virtual Environment +echo "Creating virtual env..." +sudo virtualenv -p python3 /var/lib/canary-env +sudo source /var/lib/canary-env/bin/activate + +# - Python (pip update) +#pip install --upgrade pip setuptools + +# - Clone Opencanary Git repo +echo "Cloning opencanary git repo..." +git clone https://github.com/thinkst/opencanary + +# - Opencanary initial setup +echo "Opencanary general install..." +cd opencanary +##pip install opencanary +#python setup.py install +sudo /var/lib/canary-env/bin/python setup.py install +sudo /var/lib/canary-env/bin/pip install -r requirements.txt +# - Opencanary config +echo "Creating Opencanary config..." +sudo mkdir /etc/opencanaryd -p +sudo cp /home/centos/ocanary-setup/opencanary.conf /etc/opencanaryd/opencanary.conf + +# - Copy Service config +echo "Making Opencanary run as a service..." +sudo cp /home/centos/ocanary-setup/opencanary.service /etc/systemd/system/opencanary.service + +# - Reload services daemon to add opencanary.service +sudo systemctl daemon-reload + +# - Enable opencanary.service at boot +echo "Enable Opencanary service at boot..." +sudo systemctl enable opencanary.service + +# - Update SSH port to 2222 on the system (OpenCanary runs HoneyPot on port 22) +# Backup default config +echo "Updating SSHD config (make sshd run on port 2222, let port 22 for HoneyPot)..." +sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bkp + +# Change port to 2222 +sudo sed -i 's/#Port\ 22/Port 2222/g' /etc/ssh/sshd_config + +echo "Adding rule for SELinux to let SSHD listen on port 2222..." +# Add SELinux policy to let ssh bind on port 2222 +sudo semanage port -a -t ssh_port_t -p tcp 2222 + +echo "Setting SELinux to permisive - IMPORTANT - This action must be removed for production" +# ----- TODO Change this setting ----- +# - Set SELinux to permisive +sudo setenforce 0 +# ------------------------------------ + +# Restart ssh-server +read -p "Restart ssh server now ?" -r +echo "" +if [[ $REPLY =~ ^[Yy]$ ]] +then + echo "SSH Server restarting..." + sudo systemctl restart sshd.service + echo "SSH Server restarted" + + # - Enable and start service + echo "Start opencanary service" + sudo systemctl start opencanary.service +else + echo "For OpenCanary to run you must:" + echo "- restart sshd" + echo "- start opencanary" + echo "" + echo "sudo systemctl restart sshd.service" + echo "sudo systemctl start opencanary.service" +fi + diff --git a/opencanary.conf b/opencanary.conf new file mode 100644 index 0000000..e2410a1 --- /dev/null +++ b/opencanary.conf @@ -0,0 +1,96 @@ +{ + "device.node_id": "opencanary-1", + "ip.ignorelist": [ ], + "git.enabled": false, + "git.port" : 9418, + "ftp.enabled": false, + "ftp.port": 21, + "ftp.banner": "FTP server ready", + "http.banner": "Apache/2.2.22 (Ubuntu)", + "http.enabled": true, + "http.port": 80, + "http.skin": "protonLogin_2", + "httpproxy.enabled" : true, + "httpproxy.port": 8080, + "httpproxy.skin": "squid", + "logger": { + "class": "PyLogger", + "kwargs": { + "formatters": { + "plain": { + "format": "%(message)s" + }, + "syslog_rfc": { + "format": "opencanaryd[%(process)-5s:%(thread)d]: %(name)s %(levelname)-5s %(message)s" + } + }, + "handlers": { + "console": { + "class": "logging.StreamHandler", + "stream": "ext://sys.stdout" + }, + "file": { + "class": "logging.FileHandler", + "filename": "//home/centos/opencanary_logs/opencanary.log" + } + } + } + }, + "portscan.enabled": false, + "portscan.logfile":"/var/log/kern.log", + "portscan.synrate": 5, + "portscan.nmaposrate": 5, + "portscan.lorate": 3, + "smb.auditfile": "/var/log/samba-audit.log", + "smb.enabled": false, + "mysql.enabled": true, + "mysql.port": 3306, + "mysql.banner": "5.5.43-0ubuntu0.14.04.1", + "ssh.enabled": true, + "ssh.port": 22, + "ssh.version": "SSH-2.0-OpenSSH_5.1p1 Debian-4", + "redis.enabled": true, + "redis.port": 6379, + "rdp.enabled": false, + "rdp.port": 3389, + "sip.enabled": false, + "sip.port": 5060, + "snmp.enabled": false, + "snmp.port": 161, + "ntp.enabled": false, + "ntp.port": 123, + "tftp.enabled": false, + "tftp.port": 69, + "tcpbanner.maxnum":10, + "tcpbanner.enabled": false, + "tcpbanner_1.enabled": false, + "tcpbanner_1.port": 8001, + "tcpbanner_1.datareceivedbanner": "", + "tcpbanner_1.initbanner": "", + "tcpbanner_1.alertstring.enabled": false, + "tcpbanner_1.alertstring": "", + "tcpbanner_1.keep_alive.enabled": false, + "tcpbanner_1.keep_alive_secret": "", + "tcpbanner_1.keep_alive_probes": 11, + "tcpbanner_1.keep_alive_interval":300, + "tcpbanner_1.keep_alive_idle": 300, + "telnet.enabled": false, + "telnet.port": 23, + "telnet.banner": "", + "telnet.honeycreds": [ + { + "username": "admin", + "password": "$pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA" + }, + { + "username": "admin", + "password": "admin1" + } + ], + "mssql.enabled": false, + "mssql.version": "2012", + "mssql.port":1433, + "vnc.enabled": false, + "vnc.port":5000 +} + diff --git a/opencanary.logrotate b/opencanary.logrotate new file mode 100644 index 0000000..5d5a7a2 --- /dev/null +++ b/opencanary.logrotate @@ -0,0 +1,18 @@ +/home/centos/opencanary_logs/opencanary.log { + prerotate + cp /home/centos/opencanary_logs/opencanary.log /home/centos/opencanary_logs/to_sync + chmod 600 /home/centos/opencanary_logs/to_sync/opencanary.log + aws s3 sync /home/centos/opencanary_logs/to_sync s3://s3-protonlab-02 + endscript + rotate 4 + daily + compress + delaycompress + missingok + notifempty + create 0600 root root + postrotate + systemctl restart opencanary.service + endscript +} + diff --git a/opencanary.service b/opencanary.service new file mode 100644 index 0000000..63f176b --- /dev/null +++ b/opencanary.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenCanary +After=syslog.target +After=network-online.target + +[Service] +User=root +#Type=oneshot +RemainAfterExit=yes +Restart=always +ExecStart=/var/lib/canary-env/bin/opencanaryd --start +ExecStop=/var/lib/canary-env/bin/opencanaryd --stop + +[Install] +WantedBy=multi-user.target diff --git a/protonLogin_2/.index.html.un~ b/protonLogin_2/.index.html.un~ new file mode 100644 index 0000000000000000000000000000000000000000..7d5378925362d38121a26250cdc0f1bd578ecaa9 GIT binary patch literal 2104 zcmWH`%$*;a=aT=Ff$6wbfAuGkO!wsNZe9UAjM0x6)*ld-`YRq^R?d86Q}Ry+28LK5 zPEo)CY%=o-N=p<!AGSX>Mih|d9w=-UD9i2z~~AZ7$&79a)z5Dmi&iIp|%EFf7%hWHC0Ss-A7 zP+$@y zhM^s(s8&cyOwKMXu+azdp*a&dSAyIOidI-jJsOpu5TPjm)_H8uIuBgPh68Pj1Y%fJ M(xq}XZG65806#jMu>b%7 literal 0 HcmV?d00001 diff --git a/protonLogin_2/403.html b/protonLogin_2/403.html new file mode 100644 index 0000000..6bc5d8e --- /dev/null +++ b/protonLogin_2/403.html @@ -0,0 +1,10 @@ + + +403 Forbidden + +

Forbidden

+

You don't have permission to access [[URL]] +on this server.

+
+
[[BANNER]] Server
+ diff --git a/protonLogin_2/404.html b/protonLogin_2/404.html new file mode 100644 index 0000000..631b905 --- /dev/null +++ b/protonLogin_2/404.html @@ -0,0 +1,9 @@ + + +404 Not Found + +

Not Found

+

The requested URL [[URL]] was not found on this server.

+
+
[[BANNER]] Server
+ diff --git a/protonLogin_2/index.html b/protonLogin_2/index.html new file mode 100644 index 0000000..805414f --- /dev/null +++ b/protonLogin_2/index.html @@ -0,0 +1,93 @@ + + + Login + + + +
+
+ +

Management Rules

+ +

Login failed

+ +
+
+ +
+ +
+ +
+ +
+ +
+
+
+ + diff --git a/protonLogin_2/index.html~ b/protonLogin_2/index.html~ new file mode 100644 index 0000000..31f9a85 --- /dev/null +++ b/protonLogin_2/index.html~ @@ -0,0 +1,93 @@ + + + Login + + + +
+
+ +

Logs backup

+ +

Login failed

+ +
+
+ +
+ +
+ +
+ +
+ +
+
+
+ + diff --git a/protonLogin_2/static/img/pm-logo-white.svg b/protonLogin_2/static/img/pm-logo-white.svg new file mode 100644 index 0000000..74080ce --- /dev/null +++ b/protonLogin_2/static/img/pm-logo-white.svg @@ -0,0 +1 @@ + \ No newline at end of file