Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- #
- # Honeymine v1.3
- #
- # WARNING: Honeymine will install as a service and modify iptables, so
- # an 'armed' honey mine can persist even in the event of a system restart.
- #
- # DISCLAIMERS and LIMITATIONS on LIABILITY:
- #
- # THIS SCRIPT IS PROVIDED ON AN "AS IS" BASIS, AND NO WARRANTY, EITHER EXPRESS OR IMPLIED, IS GIVEN. YOUR USE OF THE SCRIPT
- # IS AT YOUR SOLE RISK. ACTRA nor the developing member organization will warrant that (i) the Software will meet your
- # specific requirements; (ii) the Software is fully compatible with any particular platform; or (iii) any errors in the
- # Software will be corrected. This script has been made available to ACTRA members "as is" for their own evaluation and use
- # as they deem appropriate. Members are free to modify or otherwise improve upon this script, and upon their own discretion
- # share improvements with ACTRA and/or other ACTRA members.
- #
- # KNOWN ISSUES:
- # * When performing OS fingerprinting, the IP stack of the
- # honeymine will show up as Linux regardless of the OS it is
- # emulating. This will be fixed in a future release.
- #
- # FUTURE ENHANCEMENTS:
- # * Additional emulated OS types.
- # * Protocol banner emulation returned on connect.
- # * Functional NETBIOS protocol interaction.
- # * Emulation of TCP/IP stack based on selected mine type.
- # * Ghost routing of inbound connections to back-end high-interactive honeypots.
- #
- # SYSTEM REQUIREMENTS:
- # * Tested with a minimum of 1 CPU/Core, 1GB RAM, 10GB Disk - It can probably use less
- # * Outbound internet access (for apt & github access)
- # * Debian-based Linux OS distrubution (developed and tested on Mint MATE 18 x64)
- # * Use of a dedicated system is recommended
- # * Define custom variables and filters below
- #
- import subprocess
- import os
- import socket
- import fcntl
- import struct
- import fileinput
- import sys
- import datetime
- import netifaces
- try:
- # Custom Variable Functions and Filters (These can be set and/or customized as necessary)
- def customtcpdfilter():
- # Define a custom capture (tcpdump) filter for supressing specific log activity.
- # Example - Supress all DNS: "(not port 53)"
- # Example - Supress all DNS, and OS update related traffic: "(not port 53) and (not src port 80)"
- # Example - Supress all traffic from a specific IP: "(not src host 10.1.1.1)"
- # Example - Supress all traffic from a specific Netblock: "(not src net 10.1.0.0/16)"
- customparams = "(not port 53) and (not src port 80)"
- return customparams
- def syslogipval():
- # Define a syslog server where to send events, otherwise set to "None"
- # Default value is "None"
- # Example: syslogipval = "10.1.1.10"
- syslogipval = "None"
- return syslogipval
- def sshsourceval():
- # Define a source IP to manage this sensor via SSH, otherwise set to None
- # Default value is "None"
- sshsourceval = "None"
- return sshsourceval
- def locallogage():
- # Define a last-modified retention period (in days) to keep local logs files stored under /var/log/honeymine
- # Default value is "30"
- locallogage = "30"
- return locallogage
- def ifaceval():
- # Define the interface to listen on
- # Default setting uses default gateway interface
- ifaceval = netifaces.gateways()['default'][netifaces.AF_INET][1]
- return ifaceval
- # Define Static Functions - Consider any modifications made below this line as untested. Proceed at your own risk
- def ifaceipval():
- # Obtain the first IP on the assigned interface
- iface = ifaceval()
- ifaceipval = netifaces.ifaddresses(iface)[2][0]['addr']
- return ifaceipval
- # Stage Artillery files and add them to path
- if not os.path.isfile("/opt/honeymine/setup/artillery.py"):
- if os.path.isdir("/opt/honeymine"):
- subprocess.Popen("rm -rf /opt/honeymine", shell=True)
- subprocess.Popen("git clone https://github.com/BinaryDefense/artillery/blob/master/artillery.py /opt/honeymine/setup", shell=True).wait()
- sys.path.append('/opt/honeymine/setup')
- from src.core import *
- def defaulttcpdfilter():
- defaultparams = "(tcp or udp or icmp) and (not broadcast and not net 224.0.0.0/24 and not net ff02::fb) and (not port 2222)"
- return defaultparams
- def get_ip_address(ifname):
- s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- return socket.inet_ntoa(fcntl.ioctl(
- s.fileno(),
- 0x8915, # SIOCGIFADDR
- struct.pack('256s', ifname[:15])
- )[20:24])
- def get_mac_address(ifname):
- s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- info = fcntl.ioctl(s.fileno(), 0x8927, struct.pack('256s', ifname[:15]))
- return ':'.join(['%02x' % ord(char) for char in info[18:24]])
- def tcpdfilter():
- # Build final tcpdump filter
- defaultfilter = defaulttcpdfilter()
- customfilter = customtcpdfilter()
- ifaceip = ifaceipval()
- syslogip = syslogipval()
- if syslogip == "None":
- syslogip = None
- if os.path.isfile("/etc/rsyslog.d/local7info.conf"):
- tcpdfilter = "{0} and (dst host {1}) and (not host {2}) and {3}".format(defaultfilter, ifaceip, syslogip, customfilter)
- if not os.path.isfile("/etc/rsyslog.d/local7info.conf"):
- tcpdfilter = "{0} and (dst host {1}) and {2}".format(defaultfilter, ifaceip, customfilter)
- return tcpdfilter
- def terminate():
- # Perform a cleanup of Artillery files and exit
- if is_posix():
- print('''
- Exiting..
- ''')
- os.system('clear')
- sys.exit()
- def disarm():
- # Disarm previously deployed mine (e.g. remove/cleanup)
- if is_posix():
- subprocess.Popen("/etc/init.d/artillery stop >/dev/null 2>&1", shell=True).wait()
- if os.path.isfile("/lib/systemd/system/honeymine.service"):
- subprocess.Popen("systemctl stop honeymine", shell=True).wait()
- os.remove("/lib/systemd/system/honeymine.service")
- subprocess.Popen("systemctl daemon-reload", shell=True).wait()
- subprocess.Popen("pkill tcpdump", shell=True).wait()
- subprocess.Popen("pkill logger", shell=True).wait()
- subprocess.Popen("pkill tail", shell=True).wait()
- if os.path.isdir("/var/artillery"):
- subprocess.Popen("rm -rf /var/artillery", shell=True)
- if os.path.isfile("/var/artillery/honeymine.emul"):
- os.remove("/var/artillery/honeymine.emul")
- if os.path.isfile("/etc/rsyslog.d/local7info.conf"):
- os.remove("/etc/rsyslog.d/local7info.conf")
- subprocess.Popen("service rsyslog restart", shell=True).wait()
- if os.path.isfile("/etc/init.d/artillery"):
- os.remove("/etc/init.d/artillery")
- if os.path.isfile("/var/log/local7.info"):
- os.remove("/var/log/local7.info")
- if os.path.isdir("/etc/init.d/artillery"):
- subprocess.Popen("rm -rf /etc/init.d/artillery", shell=True)
- kill_artillery()
- if os.path.isfile("/var/log/honeymine/alerts"):
- dt = str(datetime.datetime.now())
- newname = '/var/log/honeymine/alerts-disarmed-on-'+dt
- os.rename('/var/log/honeymine/alerts', newname)
- subprocess.Popen("bash -c \"iptables-restore < /etc/iptables/rules.v4\"", shell=True).wait()
- os.system('clear')
- print('''
- Honey mine is disarmed..''')
- print('''
- (Press any key to continue)''')
- raw_input()
- menu()
- def underconstruction():
- os.system('clear')
- print('''
- !!! - UNDER CONSTRUCTION - !!!''')
- def viewlog():
- os.system('clear')
- iface = ifaceval()
- tcpdumpparams = tcpdfilter()
- with open('/var/artillery/honeymine.emul', 'r') as emulfile:
- osemultypeval=emulfile.read().replace('\n', '')
- osemultype = osemultypeval
- print(('''
- Mine ARMED on [ ''' + get_ip_address(iface) + ''' / ''' + get_mac_address(iface) + ''' ]
- Emulation Type: ''' + osemultype + '''
- Log File: "/var/log/honeymine"
- Capture filter:
- ''' + tcpdumpparams + ''' ]
- --------------------------------------------------------------------------
- '''))
- time.sleep(2)
- subprocess.Popen("tail -f /var/log/honeymine/alerts", shell=True).wait()
- def stagemine():
- # Check to see if a mine is already armed
- if os.path.isdir("/var/artillery/database"):
- os.system('clear')
- print('''
- ERROR: A mine is already armed. Disarm it first..''')
- print('''
- (Press any key to continue)''')
- raw_input()
- menu()
- kill_artillery()
- # Disable SAMBA so Artillery can use the ports
- process_name = "smbd"
- tmp = os.popen("ps -Af").read()
- if process_name in tmp[:]:
- os.system('clear')
- print('''
- Due to a need for Artillery to use the same ports,
- SAMBA (SMBD) service will be stopped and disabled.''')
- choice = raw_input('''
- [*] Do you still wish to proceed? [y/n]: ''')
- if choice in ["yes", "y", "YES", "Y", "Yes"]:
- subprocess.Popen("bash -c \"sed -i 's/start on (local-filesystems and net-device-up)/#start on (local-filesystems and net-device-up)/g' /etc/init/smbd.conf\"", shell=True).wait()
- subprocess.Popen("service smbd stop >/dev/null 2>&1", shell=True).wait
- time.sleep(2)
- if choice in ["no", "n", "NO", "N", "No"]:
- menu()
- # If Artillery directories and files don't exist, create them
- if not os.path.isdir("/var/artillery"):
- os.makedirs("/var/artillery")
- if not os.path.isdir("/var/artillery/database"):
- os.makedirs("/var/artillery/database")
- if not os.path.isdir("/var/artillery/src/program_junk/"):
- os.makedirs("/var/artillery/src/program_junk/")
- subprocess.Popen("cp -rf /opt/honeymine/setup/* /var/artillery/", shell=True).wait()
- # install to rc.local
- if os.path.isdir("/etc/init.d"):
- if not os.path.isfile("/etc/init.d/artillery"):
- fileopen = file("/var/artillery/src/startup_artillery", "r")
- config = fileopen.read()
- filewrite = file("/etc/init.d/artillery", "w")
- filewrite.write(config)
- filewrite.close()
- subprocess.Popen(
- "chmod +x /etc/init.d/artillery", shell=True).wait()
- subprocess.Popen(
- "update-rc.d artillery defaults >/dev/null 2>&1", shell=True).wait()
- # remove old method if Artillery installed previously
- if os.path.isfile("/etc/init.d/rc.local"):
- fileopen = file("/etc/init.d/rc.local", "r")
- data = fileopen.read()
- data = data.replace(
- "sudo python /var/artillery/artillery.py &", "")
- filewrite = file("/etc/init.d/rc.local", "w")
- filewrite.write(data)
- filewrite.close()
- # Install iptables-persistent if not installed
- if not os.path.isfile("/etc/iptables/rules.v4"):
- subprocess.Popen("echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections", shell=True).wait()
- subprocess.Popen("echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections", shell=True).wait()
- subprocess.Popen("apt-get -y install iptables-persistent", shell=True).wait()
- # Install tcpdump if not installed
- if not os.path.isfile("/usr/sbin/tcpdump"):
- subprocess.Popen("apt-get -y install tcpdump", shell=True).wait()
- # Install apparmor if not installed
- if not os.path.isfile("/usr/sbin/aa-enforce"):
- subprocess.Popen("apt-get -y install apparmor-utils", shell=True).wait()
- # Protect executables
- if os.path.isfile("/usr/sbin/aa-enforce"):
- subprocess.Popen("aa-enforce /usr/sbin/tcpdump", shell=True).wait()
- # Configure logging
- syslogip = syslogipval()
- if syslogip == "None":
- syslogip = None
- if not os.path.isdir("/var/log/honeymine"):
- subprocess.Popen("mkdir /var/log/honeymine", shell=True).wait()
- if not os.path.isfile("/var/log/honeymine/alerts"):
- subprocess.Popen("touch /var/log/honeymine/alerts", shell=True).wait()
- if not syslogip is None:
- if not os.path.isfile("/etc/rsyslog.d/local7info.conf"):
- subprocess.Popen("touch /etc/rsyslog.d/local7info.conf", shell=True).wait()
- subprocess.Popen("bash -c 'echo local7.info /var/log/local7.info >> /etc/rsyslog.d/local7info.conf'", shell=True).wait()
- setsyslogcmd = "bash -c 'echo local7.info @'{0}':517 >> /etc/rsyslog.d/local7info.conf'".format(syslogip)
- subprocess.Popen((setsyslogcmd) , shell=True).wait()
- subprocess.Popen("service rsyslog restart", shell=True).wait()
- # Build honeymine service
- if not os.path.isfile("/lib/systemd/system/honeymine.service"):
- subprocess.Popen("touch /lib/systemd/system/honeymine.service", shell=True).wait()
- upstartcmdline1 = "[Unit]\n"
- upstartcmdline2 = "Description=Honeymine\n"
- upstartcmdline3 = "After=multi-user.target\n"
- upstartcmdline4 = "\n"
- upstartcmdline5 = "[Service]\n"
- upstartcmdline6 = "Type=idle\n"
- upstartcmdline7 = "ExecStart=/usr/bin/python /var/artillery/tcpdump.py\n"
- upstartcmdline8 = "\n"
- upstartcmdline9 = "[Install]\n"
- upstartcmdline10 = "WantedBy=multi-user.target"
- honeymineus = open("/lib/systemd/system/honeymine.service", "a")
- honeymineus.write(upstartcmdline1)
- honeymineus.write(upstartcmdline2)
- honeymineus.write(upstartcmdline3)
- honeymineus.write(upstartcmdline4)
- honeymineus.write(upstartcmdline5)
- honeymineus.write(upstartcmdline6)
- honeymineus.write(upstartcmdline7)
- honeymineus.write(upstartcmdline8)
- honeymineus.write(upstartcmdline9)
- honeymineus.write(upstartcmdline10)
- honeymineus.close()
- subprocess.Popen("chmod 644 /lib/systemd/system/honeymine.service", shell=True).wait()
- subprocess.Popen("touch /var/artillery/tcpdump.py", shell=True).wait()
- tcpdumpparams = tcpdfilter()
- iface = ifaceval()
- locallogage()
- locallogageval = locallogage()
- tcpdumpcmdline1 = "import subprocess\n"
- tcpdumpcmdline2 = "import threading\n"
- tcpdumpcmdline3 = "import time\n"
- tcpdumpcmdline4 = "from threading import Thread\n"
- tcpdumpcmdline5 = "starttime=time.time()\n"
- tcpdumpcmdline6 = "def loop():\n"
- tcpdumpcmdline7 = " while True:\n"
- tcpdumpcmdline8 = (" subprocess.Popen(\"find '/var/log/honeymine' ! -name alerts -type f -mtime +" + locallogageval + " -exec rm -f '{}' \; &\", shell=True).wait()\n")
- tcpdumpcmdline9 = " time.sleep(3600.0 - ((time.time() - starttime) % 3600.0))\n"
- tcpdumpcmdline10 = "def main():\n"
- tcpdumpcmdline11 = " subprocess.Popen(\"tcpdump -lenqpU -i '{0}' '{1}' -s 65535 -w - | tee /var/log/honeymine/capture.$(date +%Y-%m-%d.%Z.%H.%M.%S).pcap | tcpdump -lenqp '{1}' -r - >> /var/log/honeymine/alerts\", shell=True).wait()\n".format(iface, tcpdumpparams)
- tcpdumpcmdline12 = "Thread(target = loop).start()\n"
- tcpdumpcmdline13 = "Thread(target = main).start()\n"
- honeyminepy = open("/var/artillery/tcpdump.py", "a")
- honeyminepy.write(tcpdumpcmdline1)
- honeyminepy.write(tcpdumpcmdline2)
- honeyminepy.write(tcpdumpcmdline3)
- honeyminepy.write(tcpdumpcmdline4)
- honeyminepy.write(tcpdumpcmdline5)
- honeyminepy.write(tcpdumpcmdline6)
- honeyminepy.write(tcpdumpcmdline7)
- honeyminepy.write(tcpdumpcmdline8)
- honeyminepy.write(tcpdumpcmdline9)
- honeyminepy.write(tcpdumpcmdline10)
- honeyminepy.write(tcpdumpcmdline11)
- honeyminepy.write(tcpdumpcmdline12)
- honeyminepy.write(tcpdumpcmdline13)
- honeyminepy.close()
- subprocess.Popen("systemctl daemon-reload", shell=True).wait()
- subprocess.Popen("systemctl enable honeymine.service", shell=True).wait()
- def emulos_win7():
- # Store Emulation Type
- subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
- subprocess.Popen("bash -c 'echo Microsoft Windows Workstation 7 > /var/artillery/honeymine.emul'", shell=True).wait()
- # Build custom Artillery and Iptables config
- subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo PORTS=\"67,123,135,139,445,3389,5355,49152,49153,49154,49155,49156,49157,49160,64114\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 67 -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 67 -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49156 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49156 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49157 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49157 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49160 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49160 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 64114 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 64114 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
- subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
- def emulos_win2k8r2_fp():
- # Store Emulation Type
- subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
- subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - File/Print > /var/artillery/honeymine.emul'", shell=True).wait()
- # Build custom Artillery and Iptables config
- subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo PORTS=\"135,139,445,500,3389,4500,5355,49152,49153,49154,49155,49296,65135\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
- subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
- def emulos_win2k8r2_iis():
- # Store Emulation Type
- subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
- subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - IIS Web > /var/artillery/honeymine.emul'", shell=True).wait()
- # Build custom Artillery and Iptables config
- subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo PORTS=\"80,135,139,443,500,3389,4500,5355,49152,49153,49154,49155,49296,65135\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 80 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 443 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
- subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
- def emulos_win2k8r2_mssql():
- # Store Emulation Type
- subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
- subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - MSSQL > /var/artillery/honeymine.emul'", shell=True).wait()
- # Build custom Artillery and Iptables config
- subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo PORTS=\"135,139,443,500,1433,1434,3389,4500,5355,49152,49153,49154,49155,49296,65135\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 1433 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 1434 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 443 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
- subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
- def emulos_win2k12r2_fp():
- # Store Emulation Type
- subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
- subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - File/Print > /var/artillery/honeymine.emul'", shell=True).wait()
- # Build custom Artillery and Iptables config
- subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo PORTS=\"135,139,445,500,3389,4500,5355,24120,24121,24122,24123,47001,60371,60376,60382\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
- subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
- def emulos_win2k12r2_iis():
- # Store Emulation Type
- subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
- subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - IIS Web > /var/artillery/honeymine.emul'", shell=True).wait()
- # Build custom Artillery and Iptables config
- subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo PORTS=\"80,135,139,443,500,3389,4500,5355,24120,24121,24122,24123,47001,60371,60376,60382\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 80 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 443 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
- subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
- def emulos_win2k12r2_mssql():
- # Store Emulation Type
- subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
- subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - MSSQL > /var/artillery/honeymine.emul'", shell=True).wait()
- # Build custom Artillery and Iptables config
- subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo PORTS=\"135,139,443,500,1433,1434,3389,4500,5355,24120,24121,24122,24123,47001,60371,60376,60382\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 1433 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 1434 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 443 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p udp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
- subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
- def menu():
- os.system('clear')
- print('''
- Honeymine v1.2
- -------------------------------------
- MAIN MENU - Select a Honey Mine Type:
- -------------------------------------
- A) Workstation - Microsoft Windows 7
- B) Microsoft Windows Server 2008 R2 - File/Print
- C) Microsoft Windows Server 2008 R2 - IIS Web
- D) Microsoft Windows Server 2008 R2 - MSSQL
- E) Microsoft Windows Server 2012 R2 - File/Print
- F) Microsoft Windows Server 2012 R2 - IIS Web
- G) Microsoft Windows Server 2012 R2 - MSSQL
- -------------------------------------
- OPTION MENU
- -------------------------------------
- 1) Disarm previously deployed mine
- 2) View log of deployed mine
- 3) Quit
- ''')
- answer = raw_input('''
- [*] Please select an option: ''')
- if answer != "1" and answer != "2" and answer !="3":
- # Configure syslog forwarding
- os.system('clear')
- syslogip = syslogipval()
- if syslogip == "None":
- syslogip = None
- if syslogip is None:
- syslogipans = raw_input('''
- [*] Enter a syslog destination (ENTER for [None]): ''')
- if syslogipans.lower() in ["", None]:
- syslogip = None
- if not syslogipans.lower() in ["", None]:
- syslogip = syslogipans
- # Configure SSH daemon
- os.system('clear')
- sshsource = sshsourceval()
- if sshsource == "None":
- sshsource = None
- if sshsource is None:
- sshsourceans = raw_input('''
- [*] Enter a source IP to allow SSH admin (ENTER for [None]): ''')
- if sshsourceans.lower() in ["", None]:
- sshsource = None
- if not sshsourceans.lower() in ["", None]:
- sshsource = sshsourceans
- if os.path.isfile("/etc/ssh/sshd_config"):
- for line in fileinput.input('/etc/ssh/sshd_config', inplace=True):
- # CHANGE MADE AFTER THIS
- line = line.rstrip().replace('Port ', '#Port ')
- subprocess.Popen("bash -c 'echo Port 2222 >> /etc/ssh/sshd_config'", shell=True).wait()
- subprocess.Popen("service sshd restart", shell=True).wait()
- if not os.path.isfile("/etc/ssh/sshd_config"):
- subprocess.Popen("apt-get -y install openssh-server", shell=True).wait()
- for line in fileinput.input('/etc/ssh/sshd_config', inplace=True):
- # CHANGE MADE AFTER THIS
- line = line.rstrip().replace('Port ', '#Port ')
- subprocess.Popen("bash -c 'echo Port 2222 >> /etc/ssh/sshd_config'", shell=True).wait()
- subprocess.Popen("service sshd restart", shell=True).wait()
- # Option A - Microsoft Windows Workstation 7
- if answer.lower() in ["A", "a"]:
- # Prompt for confirmation
- os.system('clear')
- print('''
- You have selected "Microsoft Windows Workstation 7"''')
- choice = raw_input('''
- [*] Ready to arm? [y/n]: ''')
- if choice in ["yes", "y", "YES", "Y", "Yes"]:
- if is_posix():
- stagemine()
- # Backup existing iptables config
- subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
- # Reset iptables and allow SSH
- subprocess.Popen("iptables -F", shell=True).wait()
- if not sshsource is None:
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- emulos_win7()
- # Start Artillery
- subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
- subprocess.Popen("systemctl start honeymine", shell=True).wait()
- if not syslogip is None:
- subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
- viewlog()
- if choice in ["no", "n", "NO", "N", "No"]:
- menu()
- # Option B - Microsoft Windows Server 2008 R2 - File/Print
- if answer.lower() in ["B", "b"]:
- # Prompt for confirmation
- os.system('clear')
- print('''
- You have selected "Microsoft Windows Server 2008 R2 - File/Print"''')
- choice = raw_input('''
- [*] Ready to arm? [y/n]: ''')
- if choice in ["yes", "y", "YES", "Y", "Yes"]:
- if is_posix():
- stagemine()
- # Backup existing iptables config
- subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
- # Reset iptables and allow SSH
- subprocess.Popen("iptables -F", shell=True).wait()
- if not sshsource is None:
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- emulos_win2k8r2_fp()
- # Start Artillery
- subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
- subprocess.Popen("systemctl start honeymine", shell=True).wait()
- if not syslogip is None:
- subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
- viewlog()
- if choice in ["no", "n", "NO", "N", "No"]:
- menu()
- # Option C - Microsoft Windows Server 2008 R2 - IIS Web
- if answer.lower() in ["C", "c"]:
- # Prompt for confirmation
- os.system('clear')
- print('''
- You have selected "Microsoft Windows Server 2008 R2 - IIS Web"''')
- choice = raw_input('''
- [*] Ready to arm? [y/n]: ''')
- if choice in ["yes", "y", "YES", "Y", "Yes"]:
- if is_posix():
- stagemine()
- # Backup existing iptables config
- subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
- # Reset iptables and allow SSH
- subprocess.Popen("iptables -F", shell=True).wait()
- if not sshsource is None:
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- emulos_win2k8r2_iis()
- # Start Artillery
- subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
- subprocess.Popen("systemctl start honeymine", shell=True).wait()
- if not syslogip is None:
- subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
- viewlog()
- if choice in ["no", "n", "NO", "N", "No"]:
- menu()
- # Option D - Microsoft Windows Server 2008 R2 - MSSSQL
- if answer.lower() in ["D", "d"]:
- # Prompt for confirmation
- os.system('clear')
- print('''
- You have selected "Microsoft Windows Server 2008 R2 - MSSQL"''')
- choice = raw_input('''
- [*] Ready to arm? [y/n]: ''')
- if choice in ["yes", "y", "YES", "Y", "Yes"]:
- if is_posix():
- stagemine()
- # Backup existing iptables config
- subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
- # Reset iptables and allow SSH
- subprocess.Popen("iptables -F", shell=True).wait()
- if not sshsource is None:
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- emulos_win2k8r2_mssql()
- # Start Artillery
- subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
- subprocess.Popen("systemctl start honeymine", shell=True).wait()
- if not syslogip is None:
- subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
- viewlog()
- if choice in ["no", "n", "NO", "N", "No"]:
- menu()
- # Option E - Microsoft Windows Server 2012 R2 - File/Print
- if answer.lower() in ["E", "e"]:
- # Prompt for confirmation
- os.system('clear')
- print('''
- You have selected "Microsoft Windows Server 2012 R2 - File/Print"''')
- choice = raw_input('''
- [*] Ready to arm? [y/n]: ''')
- if choice in ["yes", "y", "YES", "Y", "Yes"]:
- if is_posix():
- stagemine()
- # Backup existing iptables config
- subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
- # Reset iptables and allow SSH
- subprocess.Popen("iptables -F", shell=True).wait()
- if not sshsource is None:
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- emulos_win2k12r2_fp()
- # Start Artillery
- subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
- subprocess.Popen("systemctl start honeymine", shell=True).wait()
- if not syslogip is None:
- subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
- viewlog()
- if choice in ["no", "n", "NO", "N", "No"]:
- menu()
- # Option F - Microsoft Windows Server 2012 R2 - IIS Web
- if answer.lower() in ["F", "f"]:
- # Prompt for confirmation
- os.system('clear')
- print('''
- You have selected "Microsoft Windows Server 2012 R2 - IIS Web"''')
- choice = raw_input('''
- [*] Ready to arm? [y/n]: ''')
- if choice in ["yes", "y", "YES", "Y", "Yes"]:
- if is_posix():
- stagemine()
- # Backup existing iptables config
- subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
- # Reset iptables and allow SSH
- subprocess.Popen("iptables -F", shell=True).wait()
- if not sshsource is None:
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- emulos_win2k12r2_fp()
- # Start Artillery
- subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
- subprocess.Popen("systemctl start honeymine", shell=True).wait()
- if not syslogip is None:
- subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
- viewlog()
- if choice in ["no", "n", "NO", "N", "No"]:
- menu()
- # Option G - Microsoft Windows Server 2012 R2 - MSSQL
- if answer.lower() in ["G", "g"]:
- # Prompt for confirmation
- os.system('clear')
- print('''
- You have selected "Microsoft Windows Server 2012 R2 - MSSQL"''')
- choice = raw_input('''
- [*] Ready to arm? [y/n]: ''')
- if choice in ["yes", "y", "YES", "Y", "Yes"]:
- if is_posix():
- stagemine()
- # Backup existing iptables config
- subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
- # Reset iptables and allow SSH
- subprocess.Popen("iptables -F", shell=True).wait()
- if not sshsource is None:
- subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
- emulos_win2k12r2_mssql()
- # Start Artillery
- subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
- subprocess.Popen("systemctl start honeymine", shell=True).wait()
- if not syslogip is None:
- subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
- viewlog()
- if choice in ["no", "n", "NO", "N", "No"]:
- menu()
- # Option 1 - Disarm
- if answer.lower() in ["1"]:
- if is_posix():
- disarm()
- print('''
- (Press any key to continue)''')
- raw_input()
- # Option 2 - View Log
- if answer.lower() in ["2"]:
- if os.path.isfile("/etc/init.d/artillery"):
- viewlog()
- if not os.path.isfile("/etc/init.d/artillery"):
- os.system('clear')
- print('''
- Log file not found. Is mine disarmed?
- (Press any key to continue)''')
- raw_input()
- menu()
- # Option 3 - Quit
- if answer.lower() in ["3"]:
- if is_posix():
- terminate()
- menu()
- except KeyboardInterrupt:
- sys.exit(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement