-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathdionaea.run
114 lines (89 loc) · 3.38 KB
/
dionaea.run
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/bash
trap "exit 130" SIGINT
trap "exit 137" SIGKILL
trap "exit 143" SIGTERM
set -o errexit
set -o nounset
set -o pipefail
setup_default_dionaea_cfg () {
# Set up the default dionaea.cfg
cp dionaea.cfg dionaea.cfg.orig
sed -i "s/# listen.addresses=.*/listen.addresses=${LISTEN_ADDRESSES:-0.0.0.0}/g" dionaea.cfg
sed -i "s/# listen.interfaces=.*/listen.interfaces=${LISTEN_INTERFACES:-eth0}/g" dionaea.cfg
sed -i "s/default.levels=all/default.levels=all,-debug/g" dionaea.cfg
sed -i "s/# ssl.default.c=GB/ssl.default.c=US/g" dionaea.cfg
sed -i "s/# ssl.default.cn=/ssl.default.cn=test.example.org/g" dionaea.cfg
sed -i "s/# ssl.default.o=/ssl.default.o=example.org/g" dionaea.cfg
sed -i "s/# ssl.default.ou=/ssl.default.ou=test/g" dionaea.cfg
}
setup_dionaea_conf () {
local uid=${1:-}
local secret=${2:-}
local debug=${3:-false}
local personality=${PERSONALITY:-default}
local ip=${REPORTED_IP:-}
pushd /opt/dionaea/etc/dionaea
if [[ ${personality} == "default" ]] || [ ! -f /opt/personalities/${personality}/dionaea.cfg ]
then
setup_default_dionaea_cfg
else
cp /opt/personalities/${personality}/dionaea.cfg /opt/dionaea/etc/dionaea
for FILE in /opt/personalities/${personality}/services-available/*.yaml
do
cp ${FILE} /opt/dionaea/etc/dionaea/services-available
done
fi
# Remove other handlers and set up hpfeeds if enabled
if [[ ${HPFEEDS_ENABLED} == "true" ]]
then
ln -s /opt/dionaea/etc/dionaea/ihandlers-available/hpfeeds.yaml ./ihandlers-enabled/hpfeeds.yaml
sed -i "s/server:.*/server: \"${FEEDS_SERVER}\"/g" /opt/dionaea/etc/dionaea/ihandlers-available/hpfeeds.yaml
sed -i "s/ident:.*/ident: \"${uid}\"/g" /opt/dionaea/etc/dionaea/ihandlers-available/hpfeeds.yaml
sed -i "s/secret:.*/secret: \"${secret}\"/g" /opt/dionaea/etc/dionaea/ihandlers-available/hpfeeds.yaml
sed -i "s/port:.*/port: ${FEEDS_SERVER_PORT}/g" /opt/dionaea/etc/dionaea/ihandlers-available/hpfeeds.yaml
sed -i "s|tags:.*|tags: \[\"${TAGS}\"\]|g" /opt/dionaea/etc/dionaea/ihandlers-available/hpfeeds.yaml
sed -i "s/reported_ip:.*/reported_ip: \"${ip}\"/g" /opt/dionaea/etc/dionaea/ihandlers-available/hpfeeds.yaml
fi
for i in {1..1024}
do
touch /etc/authbind/byport/$i
chown dionaea /etc/authbind/byport/$i
chmod 755 /etc/authbind/byport/$i
done
popd
}
main() {
local dionaea_log_level=info
if [[ ${DEBUG} == "true" ]]
then
set -o xtrace
dionaea_log_level=debug
fi
local deploy_key=${DEPLOY_KEY:-}
local chn_server=${CHN_SERVER}
local feeds_server=${FEEDS_SERVER:-localhost}
local feeds_server_port=${FEEDS_SERVER_PORT:-10000}
local json=${DIONAEA_JSON:-dionaea.json}
local ip=${REPORTED_IP:-}
local debug=${DEBUG:-false}
mkdir -p `dirname ${DIONAEA_JSON}`
if [[ -z ${DEPLOY_KEY} ]]
then
echo "[CRIT] - No deploy key found"
sleep 10
exit 1
fi
chn-register.py \
-k \
-p dionaea \
-d "${deploy_key}" \
-u "${chn_server}" \
-o "${json}" \
-i "${ip}"
local uid="$(cat ${json} | jq -r .identifier)"
local secret="$(cat ${json} | jq -r .secret)"
setup_dionaea_conf ${uid} ${secret} ${debug}
exec /usr/bin/authbind /opt/dionaea/bin/dionaea -c "/opt/dionaea/etc/dionaea/dionaea.cfg" -u dionaea -g nogroup -l ${dionaea_log_level}
sleep 10
}
main "$@"