newPaste229

1. #!/usr/bin/python
2. #
3. # Honeymine v1.3
4. #
5. # WARNING: Honeymine will install as a service and modify iptables, so
6. # an 'armed' honey mine can persist even in the event of a system restart.
7. #
8. # DISCLAIMERS and LIMITATIONS on LIABILITY:
9. #
10. # THIS SCRIPT IS PROVIDED ON AN "AS IS" BASIS, AND NO WARRANTY, EITHER EXPRESS OR IMPLIED, IS GIVEN. YOUR USE OF THE SCRIPT
11. # IS AT YOUR SOLE RISK. ACTRA nor the developing member organization will warrant that (i) the Software will meet your
12. # specific requirements; (ii) the Software is fully compatible with any particular platform; or (iii) any errors in the
13. # Software will be corrected. This script has been made available to ACTRA members "as is" for their own evaluation and use
14. # as they deem appropriate. Members are free to modify or otherwise improve upon this script, and upon their own discretion
15. # share improvements with ACTRA and/or other ACTRA members.
16. #
17. # KNOWN ISSUES:
18. # * When performing OS fingerprinting, the IP stack of the
19. # honeymine will show up as Linux regardless of the OS it is
20. # emulating. This will be fixed in a future release.
21. #
22. # FUTURE ENHANCEMENTS:
23. # * Additional emulated OS types.
24. # * Protocol banner emulation returned on connect.
25. # * Functional NETBIOS protocol interaction.
26. # * Emulation of TCP/IP stack based on selected mine type.
27. # * Ghost routing of inbound connections to back-end high-interactive honeypots.
28. #
29. # SYSTEM REQUIREMENTS:
30. # * Tested with a minimum of 1 CPU/Core, 1GB RAM, 10GB Disk - It can probably use less
31. # * Outbound internet access (for apt & github access)
32. # * Debian-based Linux OS distrubution (developed and tested on Mint MATE 18 x64)
33. # * Use of a dedicated system is recommended
34. # * Define custom variables and filters below
35. #
36.  
37. import subprocess
38. import os
39. import socket
40. import fcntl
41. import struct
42. import fileinput
43. import sys
44. import datetime
45. import netifaces
46.  
47. try:
48.  
49. # Custom Variable Functions and Filters (These can be set and/or customized as necessary)
50.  
51. def customtcpdfilter():
52. # Define a custom capture (tcpdump) filter for supressing specific log activity.
53. # Example - Supress all DNS: "(not port 53)"
54. # Example - Supress all DNS, and OS update related traffic: "(not port 53) and (not src port 80)"
55. # Example - Supress all traffic from a specific IP: "(not src host 10.1.1.1)"
56. # Example - Supress all traffic from a specific Netblock: "(not src net 10.1.0.0/16)"
57. customparams = "(not port 53) and (not src port 80)"
58. return customparams
59.  
60. def syslogipval():
61. # Define a syslog server where to send events, otherwise set to "None"
62. # Default value is "None"
63. # Example: syslogipval = "10.1.1.10"
64. syslogipval = "None"
65. return syslogipval
66.  
67. def sshsourceval():
68. # Define a source IP to manage this sensor via SSH, otherwise set to None
69. # Default value is "None"
70. sshsourceval = "None"
71. return sshsourceval
72.  
73. def locallogage():
74. # Define a last-modified retention period (in days) to keep local logs files stored under /var/log/honeymine
75. # Default value is "30"
76. locallogage = "30"
77. return locallogage
78.  
79. def ifaceval():
80. # Define the interface to listen on
81. # Default setting uses default gateway interface
82. ifaceval = netifaces.gateways()['default'][netifaces.AF_INET][1]
83. return ifaceval
84.  
85. # Define Static Functions - Consider any modifications made below this line as untested. Proceed at your own risk
86.  
87. def ifaceipval():
88. # Obtain the first IP on the assigned interface
89. iface = ifaceval()
90. ifaceipval = netifaces.ifaddresses(iface)[2][0]['addr']
91. return ifaceipval
92.  
93. # Stage Artillery files and add them to path
94. if not os.path.isfile("/opt/honeymine/setup/artillery.py"):
95. if os.path.isdir("/opt/honeymine"):
96. subprocess.Popen("rm -rf /opt/honeymine", shell=True)
97. subprocess.Popen("git clone https://github.com/BinaryDefense/artillery/blob/master/artillery.py /opt/honeymine/setup", shell=True).wait()
98. sys.path.append('/opt/honeymine/setup')
99. from src.core import *
100.  
101. def defaulttcpdfilter():
102. defaultparams = "(tcp or udp or icmp) and (not broadcast and not net 224.0.0.0/24 and not net ff02::fb) and (not port 2222)"
103. return defaultparams
104.  
105. def get_ip_address(ifname):
106. s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
107. return socket.inet_ntoa(fcntl.ioctl(
108. s.fileno(),
109. 0x8915, # SIOCGIFADDR
110. struct.pack('256s', ifname[:15])
111. )[20:24])
112.  
113. def get_mac_address(ifname):
114. s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
115. info = fcntl.ioctl(s.fileno(), 0x8927, struct.pack('256s', ifname[:15]))
116. return ':'.join(['%02x' % ord(char) for char in info[18:24]])
117.  
118. def tcpdfilter():
119. # Build final tcpdump filter
120. defaultfilter = defaulttcpdfilter()
121. customfilter = customtcpdfilter()
122. ifaceip = ifaceipval()
123. syslogip = syslogipval()
124. if syslogip == "None":
125. syslogip = None
126. if os.path.isfile("/etc/rsyslog.d/local7info.conf"):
127. tcpdfilter = "{0} and (dst host {1}) and (not host {2}) and {3}".format(defaultfilter, ifaceip, syslogip, customfilter)
128. if not os.path.isfile("/etc/rsyslog.d/local7info.conf"):
129. tcpdfilter = "{0} and (dst host {1}) and {2}".format(defaultfilter, ifaceip, customfilter)
130. return tcpdfilter
131.  
132. def terminate():
133. # Perform a cleanup of Artillery files and exit
134. if is_posix():
135. print('''
136. Exiting..
137. ''')
138. os.system('clear')
139. sys.exit()
140.  
141. def disarm():
142. # Disarm previously deployed mine (e.g. remove/cleanup)
143. if is_posix():
144. subprocess.Popen("/etc/init.d/artillery stop >/dev/null 2>&1", shell=True).wait()
145. if os.path.isfile("/lib/systemd/system/honeymine.service"):
146. subprocess.Popen("systemctl stop honeymine", shell=True).wait()
147. os.remove("/lib/systemd/system/honeymine.service")
148. subprocess.Popen("systemctl daemon-reload", shell=True).wait()
149. subprocess.Popen("pkill tcpdump", shell=True).wait()
150. subprocess.Popen("pkill logger", shell=True).wait()
151. subprocess.Popen("pkill tail", shell=True).wait()
152. if os.path.isdir("/var/artillery"):
153. subprocess.Popen("rm -rf /var/artillery", shell=True)
154. if os.path.isfile("/var/artillery/honeymine.emul"):
155. os.remove("/var/artillery/honeymine.emul")
156. if os.path.isfile("/etc/rsyslog.d/local7info.conf"):
157. os.remove("/etc/rsyslog.d/local7info.conf")
158. subprocess.Popen("service rsyslog restart", shell=True).wait()
159. if os.path.isfile("/etc/init.d/artillery"):
160. os.remove("/etc/init.d/artillery")
161. if os.path.isfile("/var/log/local7.info"):
162. os.remove("/var/log/local7.info")
163. if os.path.isdir("/etc/init.d/artillery"):
164. subprocess.Popen("rm -rf /etc/init.d/artillery", shell=True)
165. kill_artillery()
166. if os.path.isfile("/var/log/honeymine/alerts"):
167. dt = str(datetime.datetime.now())
168. newname = '/var/log/honeymine/alerts-disarmed-on-'+dt
169. os.rename('/var/log/honeymine/alerts', newname)
170. subprocess.Popen("bash -c \"iptables-restore < /etc/iptables/rules.v4\"", shell=True).wait()
171. os.system('clear')
172. print('''
173. Honey mine is disarmed..''')
174. print('''
175. (Press any key to continue)''')
176. raw_input()
177. menu()
178.  
179. def underconstruction():
180. os.system('clear')
181. print('''
182. !!! - UNDER CONSTRUCTION - !!!''')
183.  
184. def viewlog():
185. os.system('clear')
186. iface = ifaceval()
187. tcpdumpparams = tcpdfilter()
188. with open('/var/artillery/honeymine.emul', 'r') as emulfile:
189. osemultypeval=emulfile.read().replace('\n', '')
190. osemultype = osemultypeval
191. print(('''
192. Mine ARMED on [ ''' + get_ip_address(iface) + ''' / ''' + get_mac_address(iface) + ''' ]
193.  
194. Emulation Type: ''' + osemultype + '''
195.  
196. Log File: "/var/log/honeymine"
197.  
198. Capture filter:
199.  
200. ''' + tcpdumpparams + ''' ]
201. --------------------------------------------------------------------------
202. '''))
203. time.sleep(2)
204. subprocess.Popen("tail -f /var/log/honeymine/alerts", shell=True).wait()
205.  
206. def stagemine():
207. # Check to see if a mine is already armed
208. if os.path.isdir("/var/artillery/database"):
209. os.system('clear')
210. print('''
211. ERROR: A mine is already armed. Disarm it first..''')
212. print('''
213. (Press any key to continue)''')
214. raw_input()
215. menu()
216.  
217. kill_artillery()
218.  
219. # Disable SAMBA so Artillery can use the ports
220. process_name = "smbd"
221. tmp = os.popen("ps -Af").read()
222. if process_name in tmp[:]:
223. os.system('clear')
224. print('''
225. Due to a need for Artillery to use the same ports,
226. SAMBA (SMBD) service will be stopped and disabled.''')
227. choice = raw_input('''
228. [*] Do you still wish to proceed? [y/n]: ''')
229. if choice in ["yes", "y", "YES", "Y", "Yes"]:
230. subprocess.Popen("bash -c \"sed -i 's/start on (local-filesystems and net-device-up)/#start on (local-filesystems and net-device-up)/g' /etc/init/smbd.conf\"", shell=True).wait()
231. subprocess.Popen("service smbd stop >/dev/null 2>&1", shell=True).wait
232. time.sleep(2)
233. if choice in ["no", "n", "NO", "N", "No"]:
234. menu()
235.  
236. # If Artillery directories and files don't exist, create them
237. if not os.path.isdir("/var/artillery"):
238. os.makedirs("/var/artillery")
239. if not os.path.isdir("/var/artillery/database"):
240. os.makedirs("/var/artillery/database")
241. if not os.path.isdir("/var/artillery/src/program_junk/"):
242. os.makedirs("/var/artillery/src/program_junk/")
243. subprocess.Popen("cp -rf /opt/honeymine/setup/* /var/artillery/", shell=True).wait()
244.  
245. # install to rc.local
246. if os.path.isdir("/etc/init.d"):
247. if not os.path.isfile("/etc/init.d/artillery"):
248. fileopen = file("/var/artillery/src/startup_artillery", "r")
249. config = fileopen.read()
250. filewrite = file("/etc/init.d/artillery", "w")
251. filewrite.write(config)
252. filewrite.close()
253. subprocess.Popen(
254. "chmod +x /etc/init.d/artillery", shell=True).wait()
255. subprocess.Popen(
256. "update-rc.d artillery defaults >/dev/null 2>&1", shell=True).wait()
257.  
258. # remove old method if Artillery installed previously
259. if os.path.isfile("/etc/init.d/rc.local"):
260. fileopen = file("/etc/init.d/rc.local", "r")
261. data = fileopen.read()
262. data = data.replace(
263. "sudo python /var/artillery/artillery.py &", "")
264. filewrite = file("/etc/init.d/rc.local", "w")
265. filewrite.write(data)
266. filewrite.close()
267.  
268. # Install iptables-persistent if not installed
269. if not os.path.isfile("/etc/iptables/rules.v4"):
270. subprocess.Popen("echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections", shell=True).wait()
271. subprocess.Popen("echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections", shell=True).wait()
272. subprocess.Popen("apt-get -y install iptables-persistent", shell=True).wait()
273.  
274. # Install tcpdump if not installed
275. if not os.path.isfile("/usr/sbin/tcpdump"):
276. subprocess.Popen("apt-get -y install tcpdump", shell=True).wait()
277.  
278. # Install apparmor if not installed
279. if not os.path.isfile("/usr/sbin/aa-enforce"):
280. subprocess.Popen("apt-get -y install apparmor-utils", shell=True).wait()
281.  
282. # Protect executables
283. if os.path.isfile("/usr/sbin/aa-enforce"):
284. subprocess.Popen("aa-enforce /usr/sbin/tcpdump", shell=True).wait()
285.  
286. # Configure logging
287. syslogip = syslogipval()
288. if syslogip == "None":
289. syslogip = None
290. if not os.path.isdir("/var/log/honeymine"):
291. subprocess.Popen("mkdir /var/log/honeymine", shell=True).wait()
292. if not os.path.isfile("/var/log/honeymine/alerts"):
293. subprocess.Popen("touch /var/log/honeymine/alerts", shell=True).wait()
294. if not syslogip is None:
295. if not os.path.isfile("/etc/rsyslog.d/local7info.conf"):
296. subprocess.Popen("touch /etc/rsyslog.d/local7info.conf", shell=True).wait()
297. subprocess.Popen("bash -c 'echo local7.info /var/log/local7.info >> /etc/rsyslog.d/local7info.conf'", shell=True).wait()
298. setsyslogcmd = "bash -c 'echo local7.info @'{0}':517 >> /etc/rsyslog.d/local7info.conf'".format(syslogip)
299. subprocess.Popen((setsyslogcmd) , shell=True).wait()
300. subprocess.Popen("service rsyslog restart", shell=True).wait()
301.  
302. # Build honeymine service
303. if not os.path.isfile("/lib/systemd/system/honeymine.service"):
304. subprocess.Popen("touch /lib/systemd/system/honeymine.service", shell=True).wait()
305. upstartcmdline1 = "[Unit]\n"
306. upstartcmdline2 = "Description=Honeymine\n"
307. upstartcmdline3 = "After=multi-user.target\n"
308. upstartcmdline4 = "\n"
309. upstartcmdline5 = "[Service]\n"
310. upstartcmdline6 = "Type=idle\n"
311. upstartcmdline7 = "ExecStart=/usr/bin/python /var/artillery/tcpdump.py\n"
312. upstartcmdline8 = "\n"
313. upstartcmdline9 = "[Install]\n"
314. upstartcmdline10 = "WantedBy=multi-user.target"
315. honeymineus = open("/lib/systemd/system/honeymine.service", "a")
316. honeymineus.write(upstartcmdline1)
317. honeymineus.write(upstartcmdline2)
318. honeymineus.write(upstartcmdline3)
319. honeymineus.write(upstartcmdline4)
320. honeymineus.write(upstartcmdline5)
321. honeymineus.write(upstartcmdline6)
322. honeymineus.write(upstartcmdline7)
323. honeymineus.write(upstartcmdline8)
324. honeymineus.write(upstartcmdline9)
325. honeymineus.write(upstartcmdline10)
326. honeymineus.close()
327. subprocess.Popen("chmod 644 /lib/systemd/system/honeymine.service", shell=True).wait()
328. subprocess.Popen("touch /var/artillery/tcpdump.py", shell=True).wait()
329. tcpdumpparams = tcpdfilter()
330. iface = ifaceval()
331. locallogage()
332. locallogageval = locallogage()
333. tcpdumpcmdline1 = "import subprocess\n"
334. tcpdumpcmdline2 = "import threading\n"
335. tcpdumpcmdline3 = "import time\n"
336. tcpdumpcmdline4 = "from threading import Thread\n"
337. tcpdumpcmdline5 = "starttime=time.time()\n"
338. tcpdumpcmdline6 = "def loop():\n"
339. tcpdumpcmdline7 = " while True:\n"
340. tcpdumpcmdline8 = (" subprocess.Popen(\"find '/var/log/honeymine' ! -name alerts -type f -mtime +" + locallogageval + " -exec rm -f '{}' \; &\", shell=True).wait()\n")
341. tcpdumpcmdline9 = " time.sleep(3600.0 - ((time.time() - starttime) % 3600.0))\n"
342. tcpdumpcmdline10 = "def main():\n"
343. tcpdumpcmdline11 = " subprocess.Popen(\"tcpdump -lenqpU -i '{0}' '{1}' -s 65535 -w - | tee /var/log/honeymine/capture.$(date +%Y-%m-%d.%Z.%H.%M.%S).pcap | tcpdump -lenqp '{1}' -r - >> /var/log/honeymine/alerts\", shell=True).wait()\n".format(iface, tcpdumpparams)
344. tcpdumpcmdline12 = "Thread(target = loop).start()\n"
345. tcpdumpcmdline13 = "Thread(target = main).start()\n"
346. honeyminepy = open("/var/artillery/tcpdump.py", "a")
347. honeyminepy.write(tcpdumpcmdline1)
348. honeyminepy.write(tcpdumpcmdline2)
349. honeyminepy.write(tcpdumpcmdline3)
350. honeyminepy.write(tcpdumpcmdline4)
351. honeyminepy.write(tcpdumpcmdline5)
352. honeyminepy.write(tcpdumpcmdline6)
353. honeyminepy.write(tcpdumpcmdline7)
354. honeyminepy.write(tcpdumpcmdline8)
355. honeyminepy.write(tcpdumpcmdline9)
356. honeyminepy.write(tcpdumpcmdline10)
357. honeyminepy.write(tcpdumpcmdline11)
358. honeyminepy.write(tcpdumpcmdline12)
359. honeyminepy.write(tcpdumpcmdline13)
360. honeyminepy.close()
361. subprocess.Popen("systemctl daemon-reload", shell=True).wait()
362. subprocess.Popen("systemctl enable honeymine.service", shell=True).wait()
363.  
364. def emulos_win7():
365. # Store Emulation Type
366. subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
367. subprocess.Popen("bash -c 'echo Microsoft Windows Workstation 7 > /var/artillery/honeymine.emul'", shell=True).wait()
368.  
369. # Build custom Artillery and Iptables config
370. subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
371. subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
372. subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
373. subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
374. subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
375. subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
376. subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
377. subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
378. subprocess.Popen("bash -c 'echo PORTS=\"67,123,135,139,445,3389,5355,49152,49153,49154,49155,49156,49157,49160,64114\" >> /var/artillery/config'", shell=True).wait()
379. subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
380. subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
381. subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
382. subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
383. subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
384. subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
385. subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
386. subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
387. subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
388. subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
389. subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
390. subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
391. subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
392. subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
393. subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
394. subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
395. subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
396. subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
397. subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
398. subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
399. subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
400. subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
401. subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
402. subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
403. subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
404. subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
405. subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
406. subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
407. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
408. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
409. subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
410. subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
411. subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
412. subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
413. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 67 -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP", shell=True).wait()
414. subprocess.Popen("iptables -A INPUT -p udp --destination-port 67 -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP", shell=True).wait()
415. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP", shell=True).wait()
416. subprocess.Popen("iptables -A INPUT -p udp --destination-port 123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP", shell=True).wait()
417. subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
418. subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
419. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
420. subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
421. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
422. subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
423. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
424. subprocess.Popen("iptables -A INPUT -p udp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
425. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
426. subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
427. subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
428. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
429. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
430. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
431. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
432. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
433. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
434. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
435. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
436. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49156 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
437. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49156 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
438. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49157 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
439. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49157 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
440. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49160 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
441. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49160 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
442. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 64114 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
443. subprocess.Popen("iptables -A INPUT -p udp --destination-port 64114 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
444. subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
445. subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
446. subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
447. subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
448. subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
449. subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
450. subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
451.  
452. def emulos_win2k8r2_fp():
453. # Store Emulation Type
454. subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
455. subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - File/Print > /var/artillery/honeymine.emul'", shell=True).wait()
456.  
457. # Build custom Artillery and Iptables config
458. subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
459. subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
460. subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
461. subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
462. subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
463. subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
464. subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
465. subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
466. subprocess.Popen("bash -c 'echo PORTS=\"135,139,445,500,3389,4500,5355,49152,49153,49154,49155,49296,65135\" >> /var/artillery/config'", shell=True).wait()
467. subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
468. subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
469. subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
470. subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
471. subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
472. subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
473. subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
474. subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
475. subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
476. subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
477. subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
478. subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
479. subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
480. subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
481. subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
482. subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
483. subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
484. subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
485. subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
486. subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
487. subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
488. subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
489. subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
490. subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
491. subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
492. subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
493. subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
494. subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
495. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
496. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
497. subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
498. subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
499. subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
500. subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
501. subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
502. subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
503. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
504. subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
505. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
506. subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
507. subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
508. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
509. subprocess.Popen("iptables -A INPUT -p udp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
510. subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
511. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
512. subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
513. subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
514. subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
515. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
516. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
517. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
518. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
519. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
520. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
521. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
522. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
523. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
524. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
525. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
526. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
527. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
528. subprocess.Popen("iptables -A INPUT -p udp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
529. subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
530. subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
531. subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
532. subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
533. subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
534. subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
535. subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
536.  
537. def emulos_win2k8r2_iis():
538. # Store Emulation Type
539. subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
540. subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - IIS Web > /var/artillery/honeymine.emul'", shell=True).wait()
541.  
542. # Build custom Artillery and Iptables config
543. subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
544. subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
545. subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
546. subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
547. subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
548. subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
549. subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
550. subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
551. subprocess.Popen("bash -c 'echo PORTS=\"80,135,139,443,500,3389,4500,5355,49152,49153,49154,49155,49296,65135\" >> /var/artillery/config'", shell=True).wait()
552. subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
553. subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
554. subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
555. subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
556. subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
557. subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
558. subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
559. subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
560. subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
561. subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
562. subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
563. subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
564. subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
565. subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
566. subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
567. subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
568. subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
569. subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
570. subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
571. subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
572. subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
573. subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
574. subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
575. subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
576. subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
577. subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
578. subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
579. subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
580. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
581. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
582. subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
583. subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
584. subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
585. subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
586. subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
587. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 80 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
588. subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
589. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
590. subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
591. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
592. subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
593. subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
594. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 443 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
595. subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
596. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
597. subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
598. subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
599. subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
600. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
601. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
602. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
603. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
604. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
605. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
606. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
607. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
608. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
609. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
610. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
611. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
612. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
613. subprocess.Popen("iptables -A INPUT -p udp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
614. subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
615. subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
616. subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
617. subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
618. subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
619. subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
620. subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
621.  
622. def emulos_win2k8r2_mssql():
623. # Store Emulation Type
624. subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
625. subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - MSSQL > /var/artillery/honeymine.emul'", shell=True).wait()
626.  
627. # Build custom Artillery and Iptables config
628. subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
629. subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
630. subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
631. subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
632. subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
633. subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
634. subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
635. subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
636. subprocess.Popen("bash -c 'echo PORTS=\"135,139,443,500,1433,1434,3389,4500,5355,49152,49153,49154,49155,49296,65135\" >> /var/artillery/config'", shell=True).wait()
637. subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
638. subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
639. subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
640. subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
641. subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
642. subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
643. subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
644. subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
645. subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
646. subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
647. subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
648. subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
649. subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
650. subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
651. subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
652. subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
653. subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
654. subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
655. subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
656. subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
657. subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
658. subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
659. subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
660. subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
661. subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
662. subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
663. subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
664. subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
665. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
666. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
667. subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
668. subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
669. subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
670. subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
671. subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
672. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 1433 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
673. subprocess.Popen("iptables -A INPUT -p udp --destination-port 1434 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
674. subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
675. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
676. subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
677. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
678. subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
679. subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
680. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 443 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
681. subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
682. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
683. subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
684. subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
685. subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
686. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
687. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49152 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
688. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
689. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49153 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
690. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
691. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49154 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
692. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
693. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49155 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
694. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
695. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49296 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
696. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
697. subprocess.Popen("iptables -A INPUT -p udp --destination-port 49311 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
698. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
699. subprocess.Popen("iptables -A INPUT -p udp --destination-port 65135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
700. subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
701. subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
702. subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
703. subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
704. subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
705. subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
706. subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
707.  
708. def emulos_win2k12r2_fp():
709. # Store Emulation Type
710. subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
711. subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - File/Print > /var/artillery/honeymine.emul'", shell=True).wait()
712.  
713. # Build custom Artillery and Iptables config
714. subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
715. subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
716. subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
717. subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
718. subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
719. subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
720. subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
721. subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
722. subprocess.Popen("bash -c 'echo PORTS=\"135,139,445,500,3389,4500,5355,24120,24121,24122,24123,47001,60371,60376,60382\" >> /var/artillery/config'", shell=True).wait()
723. subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
724. subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
725. subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
726. subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
727. subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
728. subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
729. subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
730. subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
731. subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
732. subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
733. subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
734. subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
735. subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
736. subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
737. subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
738. subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
739. subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
740. subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
741. subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
742. subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
743. subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
744. subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
745. subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
746. subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
747. subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
748. subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
749. subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
750. subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
751. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
752. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
753. subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
754. subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
755. subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
756. subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
757. subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
758. subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
759. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
760. subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
761. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
762. subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
763. subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
764. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
765. subprocess.Popen("iptables -A INPUT -p udp --destination-port 445 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
766. subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
767. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
768. subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
769. subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
770. subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
771. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
772. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
773. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
774. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
775. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
776. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
777. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
778. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
779. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
780. subprocess.Popen("iptables -A INPUT -p udp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
781. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
782. subprocess.Popen("iptables -A INPUT -p udp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
783. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
784. subprocess.Popen("iptables -A INPUT -p udp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
785. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
786. subprocess.Popen("iptables -A INPUT -p udp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
787. subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
788. subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
789. subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
790. subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
791. subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
792. subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
793. subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
794.  
795. def emulos_win2k12r2_iis():
796. # Store Emulation Type
797. subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
798. subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - IIS Web > /var/artillery/honeymine.emul'", shell=True).wait()
799.  
800. # Build custom Artillery and Iptables config
801. subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
802. subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
803. subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
804. subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
805. subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
806. subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
807. subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
808. subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
809. subprocess.Popen("bash -c 'echo PORTS=\"80,135,139,443,500,3389,4500,5355,24120,24121,24122,24123,47001,60371,60376,60382\" >> /var/artillery/config'", shell=True).wait()
810. subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
811. subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
812. subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
813. subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
814. subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
815. subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
816. subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
817. subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
818. subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
819. subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
820. subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
821. subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
822. subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
823. subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
824. subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
825. subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
826. subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
827. subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
828. subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
829. subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
830. subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
831. subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
832. subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
833. subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
834. subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
835. subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
836. subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
837. subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
838. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
839. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
840. subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
841. subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
842. subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
843. subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
844. subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
845. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 80 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
846. subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
847. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
848. subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
849. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
850. subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
851. subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
852. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 443 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
853. subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
854. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
855. subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
856. subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
857. subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
858. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
859. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
860. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
861. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
862. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
863. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
864. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
865. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
866. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
867. subprocess.Popen("iptables -A INPUT -p udp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
868. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
869. subprocess.Popen("iptables -A INPUT -p udp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
870. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
871. subprocess.Popen("iptables -A INPUT -p udp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
872. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
873. subprocess.Popen("iptables -A INPUT -p udp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
874. subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
875. subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
876. subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
877. subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
878. subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
879. subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
880. subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
881.  
882. def emulos_win2k12r2_mssql():
883. # Store Emulation Type
884. subprocess.Popen("touch /var/artillery/honeymine.emul", shell=True).wait()
885. subprocess.Popen("bash -c 'echo Microsoft Windows Server 2008 R2 - MSSQL > /var/artillery/honeymine.emul'", shell=True).wait()
886.  
887. # Build custom Artillery and Iptables config
888. subprocess.Popen("mv -f /var/artillery/config /var/artillery/config.bak", shell=True).wait()
889. subprocess.Popen("bash -c 'echo MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
890. subprocess.Popen("bash -c 'echo MONITOR_FOLDERS=\"/var/www\",\"/etc/\" >> /var/artillery/config'", shell=True).wait()
891. subprocess.Popen("bash -c 'echo MONITOR_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
892. subprocess.Popen("bash -c 'echo SSH_DEFAULT_PORT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
893. subprocess.Popen("bash -c 'echo EXCLUDE=\"\" >> /var/artillery/config'", shell=True).wait()
894. subprocess.Popen("bash -c 'echo HONEYPOT_BAN=\"OFF\" >> /var/artillery/config'", shell=True).wait()
895. subprocess.Popen("bash -c 'echo WHITELIST_IP=\"127.0.0.1,localhost\" >> /var/artillery/config'", shell=True).wait()
896. subprocess.Popen("bash -c 'echo PORTS=\"135,139,443,500,1433,1434,3389,4500,5355,24120,24121,24122,24123,47001,60371,60376,60382\" >> /var/artillery/config'", shell=True).wait()
897. subprocess.Popen("bash -c 'echo HONEYPOT_AUTOACCEPT=\"OFF\" >> /var/artillery/config'", shell=True).wait()
898. subprocess.Popen("bash -c 'echo EMAIL_ALERTS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
899. subprocess.Popen("bash -c 'echo SMTP_USERNAME=\"\" >> /var/artillery/config'", shell=True).wait()
900. subprocess.Popen("bash -c 'echo SMTP_PASSWORD=\"\" >> /var/artillery/config'", shell=True).wait()
901. subprocess.Popen("bash -c 'echo ALERT_USER_EMAIL=\"user@whatever.com\" >> /var/artillery/config'", shell=True).wait()
902. subprocess.Popen("bash -c 'echo SMTP_FROM=\"Artillery Incident\" >> /var/artillery/config'", shell=True).wait()
903. subprocess.Popen("bash -c 'echo SMTP_ADDRESS=\"smtp.gmail.com\" >> /var/artillery/config'", shell=True).wait()
904. subprocess.Popen("bash -c 'echo SMTP_PORT=\"587\" >> /var/artillery/config'", shell=True).wait()
905. subprocess.Popen("bash -c 'echo EMAIL_TIMER=\"ON\" >> /var/artillery/config'", shell=True).wait()
906. subprocess.Popen("bash -c 'echo EMAIL_FREQUENCY=\"60\" >> /var/artillery/config'", shell=True).wait()
907. subprocess.Popen("bash -c 'echo SSH_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
908. subprocess.Popen("bash -c 'echo SSH_BRUTE_ATTEMPTS=\"3\" >> /var/artillery/config'", shell=True).wait()
909. subprocess.Popen("bash -c 'echo FTP_BRUTE_MONITOR=\"ON\" >> /var/artillery/config'", shell=True).wait()
910. subprocess.Popen("bash -c 'echo FTP_BRUTE_ATTEMPTS=\"10\" >> /var/artillery/config'", shell=True).wait()
911. subprocess.Popen("bash -c 'echo AUTO_UPDATE=\"OFF\" >> /var/artillery/config'", shell=True).wait()
912. subprocess.Popen("bash -c 'echo ANTI_DOS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
913. subprocess.Popen("bash -c 'echo ANTI_DOS_PORTS=\"80,443\" >> /var/artillery/config'", shell=True).wait()
914. subprocess.Popen("bash -c 'echo ANTI_DOS_THROTTLE_CONNECTIONS=\"1000\" >> /var/artillery/config'", shell=True).wait()
915. subprocess.Popen("bash -c 'echo ANTI_DOS_LIMIT_BURST=\"500\" >> /var/artillery/config'", shell=True).wait()
916. subprocess.Popen("bash -c 'echo ACCESS_LOG=\"/var/artillery/logs/apache-access.log\" >> /var/artillery/config'", shell=True).wait()
917. subprocess.Popen("bash -c 'echo ERROR_LOG=\"/var/artillery/logs/apache-error.log\" >> /var/artillery/config'", shell=True).wait()
918. subprocess.Popen("bash -c 'echo BIND_INTERFACE=\"\" >> /var/artillery/config'", shell=True).wait()
919. subprocess.Popen("bash -c 'echo THREAT_INTELLIGENCE_FEED=\"OFF\" >> /var/artillery/config'", shell=True).wait()
920. subprocess.Popen("bash -c 'echo THREAT_FEED=\"https://www.binarydefense.com/banlist.txt\" >> /var/artillery/config'", shell=True).wait()
921. subprocess.Popen("bash -c 'echo THREAT_SERVER=\"OFF\" >> /var/artillery/config'", shell=True).wait()
922. subprocess.Popen("bash -c 'echo THREAT_LOCATION=\"/var/www/\" >> /var/artillery/config'", shell=True).wait()
923. subprocess.Popen("bash -c 'echo ROOT_CHECK=\"ON\" >> /var/artillery/config'", shell=True).wait()
924. subprocess.Popen("bash -c 'echo SYSLOG_TYPE=\"FILE\" >> /var/artillery/config'", shell=True).wait()
925. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_HOST=\"192.168.0.1\" >> /var/artillery/config'", shell=True).wait()
926. subprocess.Popen("bash -c 'echo SYSLOG_REMOTE_PORT=\"514\" >> /var/artillery/config'", shell=True).wait()
927. subprocess.Popen("bash -c 'echo CONSOLE_LOGGING=\"OFF\" >> /var/artillery/config'", shell=True).wait()
928. subprocess.Popen("bash -c 'echo RECYCLE_IPS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
929. subprocess.Popen("bash -c 'echo ARTILLERY_REFRESH=\"604800\" >> /var/artillery/config'", shell=True).wait()
930. subprocess.Popen("bash -c 'echo SOURCE_FEEDS=\"OFF\" >> /var/artillery/config'", shell=True).wait()
931. subprocess.Popen("iptables -A INPUT -i lo -j ACCEPT", shell=True).wait()
932. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 1433 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
933. subprocess.Popen("iptables -A INPUT -p udp --destination-port 1434 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
934. subprocess.Popen("iptables -A INPUT -p udp --source-port 53 -s 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT", shell=True).wait()
935. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
936. subprocess.Popen("iptables -A INPUT -p udp --destination-port 135 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
937. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
938. subprocess.Popen("iptables -A INPUT -p udp --destination-port 139 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
939. subprocess.Popen("iptables -A INPUT -p udp --destination-port 161 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
940. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 443 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
941. subprocess.Popen("iptables -A INPUT -p udp --destination-port 500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
942. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
943. subprocess.Popen("iptables -A INPUT -p udp --destination-port 3389 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
944. subprocess.Popen("iptables -A INPUT -p udp --destination-port 4500 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
945. subprocess.Popen("iptables -A INPUT -p udp --destination-port 5355 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
946. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
947. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24120 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
948. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
949. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24121 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
950. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
951. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24122 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
952. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
953. subprocess.Popen("iptables -A INPUT -p udp --destination-port 24123 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
954. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
955. subprocess.Popen("iptables -A INPUT -p udp --destination-port 47001 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
956. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
957. subprocess.Popen("iptables -A INPUT -p udp --destination-port 60371 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
958. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
959. subprocess.Popen("iptables -A INPUT -p udp --destination-port 60376 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
960. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
961. subprocess.Popen("iptables -A INPUT -p udp --destination-port 60382 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
962. subprocess.Popen("iptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
963. subprocess.Popen("iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
964. subprocess.Popen("iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT --reject-with tcp-reset", shell=True).wait()
965. subprocess.Popen("iptables -A OUTPUT -o lo -j ACCEPT", shell=True).wait()
966. subprocess.Popen("iptables -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
967. subprocess.Popen("iptables -P INPUT DROP", shell=True).wait()
968. subprocess.Popen("iptables -P OUTPUT DROP", shell=True).wait()
969.  
970. def menu():
971.  
972. os.system('clear')
973. print('''
974.  
975. Honeymine v1.2
976. -------------------------------------
977. MAIN MENU - Select a Honey Mine Type:
978. -------------------------------------
979. A) Workstation - Microsoft Windows 7
980. B) Microsoft Windows Server 2008 R2 - File/Print
981. C) Microsoft Windows Server 2008 R2 - IIS Web
982. D) Microsoft Windows Server 2008 R2 - MSSQL
983. E) Microsoft Windows Server 2012 R2 - File/Print
984. F) Microsoft Windows Server 2012 R2 - IIS Web
985. G) Microsoft Windows Server 2012 R2 - MSSQL
986.  
987. -------------------------------------
988. OPTION MENU
989. -------------------------------------
990. 1) Disarm previously deployed mine
991. 2) View log of deployed mine
992. 3) Quit
993.  
994. ''')
995.  
996. answer = raw_input('''
997. [*] Please select an option: ''')
998.  
999. if answer != "1" and answer != "2" and answer !="3":
1000. # Configure syslog forwarding
1001. os.system('clear')
1002. syslogip = syslogipval()
1003. if syslogip == "None":
1004. syslogip = None
1005. if syslogip is None:
1006. syslogipans = raw_input('''
1007. [*] Enter a syslog destination (ENTER for [None]): ''')
1008. if syslogipans.lower() in ["", None]:
1009. syslogip = None
1010. if not syslogipans.lower() in ["", None]:
1011. syslogip = syslogipans
1012.  
1013. # Configure SSH daemon
1014. os.system('clear')
1015. sshsource = sshsourceval()
1016. if sshsource == "None":
1017. sshsource = None
1018. if sshsource is None:
1019. sshsourceans = raw_input('''
1020. [*] Enter a source IP to allow SSH admin (ENTER for [None]): ''')
1021. if sshsourceans.lower() in ["", None]:
1022. sshsource = None
1023. if not sshsourceans.lower() in ["", None]:
1024. sshsource = sshsourceans
1025. if os.path.isfile("/etc/ssh/sshd_config"):
1026. for line in fileinput.input('/etc/ssh/sshd_config', inplace=True):
1027. # CHANGE MADE AFTER THIS
1028. line = line.rstrip().replace('Port ', '#Port ')
1029. subprocess.Popen("bash -c 'echo Port 2222 >> /etc/ssh/sshd_config'", shell=True).wait()
1030. subprocess.Popen("service sshd restart", shell=True).wait()
1031. if not os.path.isfile("/etc/ssh/sshd_config"):
1032. subprocess.Popen("apt-get -y install openssh-server", shell=True).wait()
1033. for line in fileinput.input('/etc/ssh/sshd_config', inplace=True):
1034. # CHANGE MADE AFTER THIS
1035. line = line.rstrip().replace('Port ', '#Port ')
1036. subprocess.Popen("bash -c 'echo Port 2222 >> /etc/ssh/sshd_config'", shell=True).wait()
1037. subprocess.Popen("service sshd restart", shell=True).wait()
1038.  
1039. # Option A - Microsoft Windows Workstation 7
1040. if answer.lower() in ["A", "a"]:
1041.  
1042. # Prompt for confirmation
1043. os.system('clear')
1044. print('''
1045. You have selected "Microsoft Windows Workstation 7"''')
1046.  
1047. choice = raw_input('''
1048. [*] Ready to arm? [y/n]: ''')
1049.  
1050. if choice in ["yes", "y", "YES", "Y", "Yes"]:
1051. if is_posix():
1052.  
1053. stagemine()
1054.  
1055. # Backup existing iptables config
1056. subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
1057.  
1058. # Reset iptables and allow SSH
1059. subprocess.Popen("iptables -F", shell=True).wait()
1060. if not sshsource is None:
1061. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
1062.  
1063. emulos_win7()
1064.  
1065. # Start Artillery
1066. subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
1067. subprocess.Popen("systemctl start honeymine", shell=True).wait()
1068.  
1069. if not syslogip is None:
1070. subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
1071. viewlog()
1072. if choice in ["no", "n", "NO", "N", "No"]:
1073. menu()
1074.  
1075. # Option B - Microsoft Windows Server 2008 R2 - File/Print
1076. if answer.lower() in ["B", "b"]:
1077.  
1078. # Prompt for confirmation
1079. os.system('clear')
1080. print('''
1081. You have selected "Microsoft Windows Server 2008 R2 - File/Print"''')
1082.  
1083. choice = raw_input('''
1084. [*] Ready to arm? [y/n]: ''')
1085.  
1086. if choice in ["yes", "y", "YES", "Y", "Yes"]:
1087. if is_posix():
1088.  
1089. stagemine()
1090.  
1091. # Backup existing iptables config
1092. subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
1093.  
1094. # Reset iptables and allow SSH
1095. subprocess.Popen("iptables -F", shell=True).wait()
1096. if not sshsource is None:
1097. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
1098.  
1099. emulos_win2k8r2_fp()
1100.  
1101. # Start Artillery
1102. subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
1103. subprocess.Popen("systemctl start honeymine", shell=True).wait()
1104.  
1105. if not syslogip is None:
1106. subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
1107. viewlog()
1108. if choice in ["no", "n", "NO", "N", "No"]:
1109. menu()
1110.  
1111. # Option C - Microsoft Windows Server 2008 R2 - IIS Web
1112. if answer.lower() in ["C", "c"]:
1113.  
1114. # Prompt for confirmation
1115. os.system('clear')
1116. print('''
1117. You have selected "Microsoft Windows Server 2008 R2 - IIS Web"''')
1118.  
1119. choice = raw_input('''
1120. [*] Ready to arm? [y/n]: ''')
1121.  
1122. if choice in ["yes", "y", "YES", "Y", "Yes"]:
1123. if is_posix():
1124.  
1125. stagemine()
1126.  
1127. # Backup existing iptables config
1128. subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
1129.  
1130. # Reset iptables and allow SSH
1131. subprocess.Popen("iptables -F", shell=True).wait()
1132. if not sshsource is None:
1133. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
1134.  
1135. emulos_win2k8r2_iis()
1136.  
1137. # Start Artillery
1138. subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
1139. subprocess.Popen("systemctl start honeymine", shell=True).wait()
1140.  
1141. if not syslogip is None:
1142. subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
1143. viewlog()
1144. if choice in ["no", "n", "NO", "N", "No"]:
1145. menu()
1146.  
1147. # Option D - Microsoft Windows Server 2008 R2 - MSSSQL
1148. if answer.lower() in ["D", "d"]:
1149.  
1150. # Prompt for confirmation
1151. os.system('clear')
1152. print('''
1153. You have selected "Microsoft Windows Server 2008 R2 - MSSQL"''')
1154.  
1155. choice = raw_input('''
1156. [*] Ready to arm? [y/n]: ''')
1157.  
1158. if choice in ["yes", "y", "YES", "Y", "Yes"]:
1159. if is_posix():
1160.  
1161. stagemine()
1162.  
1163. # Backup existing iptables config
1164. subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
1165.  
1166. # Reset iptables and allow SSH
1167. subprocess.Popen("iptables -F", shell=True).wait()
1168. if not sshsource is None:
1169. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
1170.  
1171. emulos_win2k8r2_mssql()
1172.  
1173. # Start Artillery
1174. subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
1175. subprocess.Popen("systemctl start honeymine", shell=True).wait()
1176.  
1177. if not syslogip is None:
1178. subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
1179. viewlog()
1180. if choice in ["no", "n", "NO", "N", "No"]:
1181. menu()
1182.  
1183. # Option E - Microsoft Windows Server 2012 R2 - File/Print
1184. if answer.lower() in ["E", "e"]:
1185.  
1186. # Prompt for confirmation
1187. os.system('clear')
1188. print('''
1189. You have selected "Microsoft Windows Server 2012 R2 - File/Print"''')
1190.  
1191. choice = raw_input('''
1192. [*] Ready to arm? [y/n]: ''')
1193.  
1194. if choice in ["yes", "y", "YES", "Y", "Yes"]:
1195. if is_posix():
1196.  
1197. stagemine()
1198.  
1199. # Backup existing iptables config
1200. subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
1201.  
1202. # Reset iptables and allow SSH
1203. subprocess.Popen("iptables -F", shell=True).wait()
1204. if not sshsource is None:
1205. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
1206.  
1207. emulos_win2k12r2_fp()
1208.  
1209. # Start Artillery
1210. subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
1211. subprocess.Popen("systemctl start honeymine", shell=True).wait()
1212.  
1213. if not syslogip is None:
1214. subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
1215. viewlog()
1216. if choice in ["no", "n", "NO", "N", "No"]:
1217. menu()
1218.  
1219. # Option F - Microsoft Windows Server 2012 R2 - IIS Web
1220. if answer.lower() in ["F", "f"]:
1221.  
1222. # Prompt for confirmation
1223. os.system('clear')
1224. print('''
1225. You have selected "Microsoft Windows Server 2012 R2 - IIS Web"''')
1226.  
1227. choice = raw_input('''
1228. [*] Ready to arm? [y/n]: ''')
1229.  
1230. if choice in ["yes", "y", "YES", "Y", "Yes"]:
1231. if is_posix():
1232.  
1233. stagemine()
1234.  
1235. # Backup existing iptables config
1236. subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
1237.  
1238. # Reset iptables and allow SSH
1239. subprocess.Popen("iptables -F", shell=True).wait()
1240. if not sshsource is None:
1241. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
1242.  
1243. emulos_win2k12r2_fp()
1244.  
1245. # Start Artillery
1246. subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
1247. subprocess.Popen("systemctl start honeymine", shell=True).wait()
1248.  
1249. if not syslogip is None:
1250. subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
1251. viewlog()
1252. if choice in ["no", "n", "NO", "N", "No"]:
1253. menu()
1254.  
1255. # Option G - Microsoft Windows Server 2012 R2 - MSSQL
1256. if answer.lower() in ["G", "g"]:
1257.  
1258. # Prompt for confirmation
1259. os.system('clear')
1260. print('''
1261. You have selected "Microsoft Windows Server 2012 R2 - MSSQL"''')
1262.  
1263. choice = raw_input('''
1264. [*] Ready to arm? [y/n]: ''')
1265.  
1266. if choice in ["yes", "y", "YES", "Y", "Yes"]:
1267. if is_posix():
1268.  
1269. stagemine()
1270.  
1271. # Backup existing iptables config
1272. subprocess.Popen("bash -c \"iptables-save > /etc/iptables/rules.v4\"", shell=True).wait()
1273.  
1274. # Reset iptables and allow SSH
1275. subprocess.Popen("iptables -F", shell=True).wait()
1276. if not sshsource is None:
1277. subprocess.Popen("iptables -A INPUT -p tcp --destination-port 2222 -s " + sshsource + " -d 0.0.0.0/0 -j ACCEPT", shell=True).wait()
1278.  
1279. emulos_win2k12r2_mssql()
1280.  
1281. # Start Artillery
1282. subprocess.Popen("/etc/init.d/artillery start >/dev/null 2>&1", shell=True).wait()
1283. subprocess.Popen("systemctl start honeymine", shell=True).wait()
1284.  
1285. if not syslogip is None:
1286. subprocess.Popen("tail -f /var/log/honeymine/alerts | logger -p local7.info -t honeymine &", shell=True).wait()
1287. viewlog()
1288. if choice in ["no", "n", "NO", "N", "No"]:
1289. menu()
1290.  
1291. # Option 1 - Disarm
1292. if answer.lower() in ["1"]:
1293. if is_posix():
1294. disarm()
1295. print('''
1296. (Press any key to continue)''')
1297. raw_input()
1298.  
1299. # Option 2 - View Log
1300. if answer.lower() in ["2"]:
1301. if os.path.isfile("/etc/init.d/artillery"):
1302. viewlog()
1303. if not os.path.isfile("/etc/init.d/artillery"):
1304. os.system('clear')
1305. print('''
1306. Log file not found. Is mine disarmed?
1307.  
1308. (Press any key to continue)''')
1309. raw_input()
1310. menu()
1311.  
1312. # Option 3 - Quit
1313. if answer.lower() in ["3"]:
1314. if is_posix():
1315.  
1316. terminate()
1317.  
1318. menu()
1319.  
1320. except KeyboardInterrupt:
1321. sys.exit(0)