Saturday, 4 November 2017

Docker - Install MHN 


docker run -p 10000:10000 -p 80:80 -p 3000:3000 -p 8089:8089 --name mhn -t -i ubuntu:14.04.2 /bin/bash

Plus more ports later ?

Next, create and run the following script:
#!/bin/bash

set -x

apt-get update 
apt-get upgrade -y 
apt-get install git wget gcc supervisor -y 
cd /opt/ 
git clone https://github.com/threatstream/mhn.git 
cd mhn

cat > /etc/supervisor/conf.d/mhntodocker.conf <<EOF
[program:mongod]
command=/usr/bin/mongod
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
autostart=true

[program:nginx]
command=/usr/sbin/nginx
stdout_events_enabled=true
stderr_events_enabled=true
autostart=true
autorestart=true

EOF

mkdir -p /data/db /var/log/mhn /var/log/supervisor

supervisord &

#Starts the mongod service after installation
echo supervisorctl start mongod >> /opt/mhn/scripts/install_mongo.sh

./install.sh

supervisorctl restart all


Run the container with a range of ports, 


docker stop image 
docker commit image newimage


docker run -p 1-10000:1-100000 - --name mhn -t -i newimage /bin/bash

docker run -p 7000-8000:7000-8000

---
Thanks


https://github.com/threatstream/mhn/wiki/Running-MHN-in-Docker
https://stackoverflow.com/questions/28717464/docker-expose-all-ports-or-range-of-ports-from-7000-to-8000


Posted by at No comments:

Docker - Rename Container

To add port forwardings, I always follow these steps,
  1. stop running container
    docker stop test01
  2. commit the container
    docker commit test01 test02
    NOTE: The above, test02 is a new image that I'm constructing from the test01 container.
  3. re-run from the commited image
    docker run -p 8080:8080 -td test02
Where the first 8080 is the local port and the second 8080 is the container port.



---
Thanks

https://stackoverflow.com/questions/19335444/how-do-i-assign-a-port-mapping-to-an-existing-docker-container


Posted by at No comments:

Saturday, 28 October 2017

Docker Honeypots - Conpot

Via a pre-built image

  1. Install Docker
  2. Run docker pull honeynet/conpot
  3. Run docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge honeynet/conpot:latest /bin/sh
  4. Finally run conpot --template default
Navigate to http://MY_IP_ADDRESS to confirm the setup.





Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems





---
Thanks

https://hub.docker.com/r/honeynet/conpot/


Posted by at No comments:

Tuesday, 16 May 2017

Uninstalling P0F from MHN 


# as root
rm /etc/supervisor/conf.d/p0f.conf
supervisorctl update
rm -rf /var/empty/p0f /opt/p0f /var/log/p0f.*



===
Thanks

https://github.com/threatstream/mhn/wiki/Uninstalling-Honeypots
Posted by at No comments:

Monday, 15 May 2017

Deleting logs from MHN

After installing  Dionaea, Snort, P0f and Khipo ... my my views of the MHN Server Website gave P0f logs ... so to tidy up

Remove the P0f Sensor from view sensors


mongo mnemosyne
> db.session.remove({})
> db.metadata.remove({})
> db.counts.remove({})
> db.file.remove({})
> db.hpfeed.remove({})
> db.dork.remove({})
> db.url.remove({})
> db.daily_stats.remove({})
 






===
Thanks

https://github.com/threatstream/mhn/wiki/Deleting-Data-from-MHN


Posted by at No comments:

Thursday, 23 February 2017

Experiments with T-Pot

http://dtag-dev-sec.github.io/mediator/feature/2015/03/17/concept.html




http://sicherheitstacho.eu/?lang=en








plink -ssh -P 64295 198.51.100.152  -L 8080:127.0.0.1:64296



To turn in SSH

https://help.ubuntu.com/community/SSH/OpenSSH/Configuring


sudo gedit /etc/ssh/sshd_config

PasswordAuthentication yes


sudo restart ssh
Posted by at No comments:
Subscribe to: Posts (Atom)