From 3ccef12df76fcf500bb683d0050ef70940b53cb9 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 15 Feb 2022 13:57:31 -0500 Subject: [PATCH] IDH - Pillarize OpenCanary Config --- salt/idh/config/opencanary.conf | 113 --------------------------- salt/idh/defaults.yml | 90 +++++++++++++++++++++ salt/idh/idh.conf.jinja | 1 + salt/idh/init.sls | 16 ++-- salt/idh/opencanary_config.map.jinja | 2 + 5 files changed, 100 insertions(+), 122 deletions(-) delete mode 100644 salt/idh/config/opencanary.conf create mode 100644 salt/idh/defaults.yml create mode 100644 salt/idh/idh.conf.jinja create mode 100644 salt/idh/opencanary_config.map.jinja diff --git a/salt/idh/config/opencanary.conf b/salt/idh/config/opencanary.conf deleted file mode 100644 index 84c65a3d2..000000000 --- a/salt/idh/config/opencanary.conf +++ /dev/null @@ -1,113 +0,0 @@ -{%- set HOSTNAME = salt['grains.get']('host') -%} - -{ - "device.node_id": "{{HOSTNAME}}", - "git.enabled": false, - "git.port" : 9418, - "ftp.enabled": false, - "ftp.port": 21, - "ftp.banner": "FTP server ready", - "http.banner": "Apache/2.2.22 (Ubuntu)", - "http.enabled": false, - "http.port": 80, - "http.skin": "nasLogin", - "http.skin.list": [ - { - "desc": "Plain HTML Login", - "name": "basicLogin" - }, - { - "desc": "Synology NAS Login", - "name": "nasLogin" - } - ], - "httpproxy.enabled" : false, - "httpproxy.port": 8080, - "httpproxy.skin": "squid", - "httproxy.skin.list": [ - { - "desc": "Squid", - "name": "squid" - }, - { - "desc": "Microsoft ISA Server Web Proxy", - "name": "ms-isa" - } - ], - "logger": { - "class": "PyLogger", - "kwargs": { - "formatters": { - "plain": { - "format": "%(message)s" - } - }, - "handlers": { - "console": { - "class": "logging.StreamHandler", - "stream": "ext://sys.stdout" - }, - "file": { - "class": "logging.FileHandler", - "filename": "/var/tmp/opencanary.log" - } - } - } - }, - "portscan.enabled": false, - "portscan.logfile":"/var/log/kern.log", - "portscan.synrate": 5, - "portscan.nmaposrate": 5, - "portscan.lorate": 3, - "smb.auditfile": "/var/log/samba-audit.log", - "smb.enabled": false, - "mysql.enabled": false, - "mysql.port": 3306, - "mysql.banner": "5.5.43-0ubuntu0.14.04.1", - "ssh.enabled": true, - "ssh.port": 2222, - "ssh.version": "SSH-2.0-OpenSSH_7.6p1 Ubuntu 4ubuntu0.3", - "redis.enabled": false, - "redis.port": 6379, - "rdp.enabled": false, - "rdp.port": 3389, - "sip.enabled": false, - "sip.port": 5060, - "snmp.enabled": false, - "snmp.port": 161, - "ntp.enabled": false, - "ntp.port": "123", - "tftp.enabled": false, - "tftp.port": 69, - "tcpbanner.maxnum":10, - "tcpbanner.enabled": false, - "tcpbanner_1.enabled": false, - "tcpbanner_1.port": 8001, - "tcpbanner_1.datareceivedbanner": "", - "tcpbanner_1.initbanner": "", - "tcpbanner_1.alertstring.enabled": false, - "tcpbanner_1.alertstring": "", - "tcpbanner_1.keep_alive.enabled": false, - "tcpbanner_1.keep_alive_secret": "", - "tcpbanner_1.keep_alive_probes": 11, - "tcpbanner_1.keep_alive_interval":300, - "tcpbanner_1.keep_alive_idle": 300, - "telnet.enabled": false, - "telnet.port": "23", - "telnet.banner": "", - "telnet.honeycreds": [ - { - "username": "admin", - "password": "$pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA" - }, - { - "username": "admin", - "password": "admin1" - } - ], - "mssql.enabled": false, - "mssql.version": "2012", - "mssql.port":1433, - "vnc.enabled": true, - "vnc.port":5900 -} diff --git a/salt/idh/defaults.yml b/salt/idh/defaults.yml new file mode 100644 index 000000000..368326eb9 --- /dev/null +++ b/salt/idh/defaults.yml @@ -0,0 +1,90 @@ +idh: + opencanary: + config: + device.node_id: opencanary-01 + git.enabled: true + git.port: 9418 + ftp.enabled: true + ftp.port: 21 + ftp.banner: FTP server ready + http.banner: Apache/2.2.22 (Ubuntu) + http.enabled: true + http.port: 80 + http.skin: nasLogin + http.skin.list: + - desc: Plain HTML Login + name: basicLogin + - desc: Synology NAS Login + name: nasLogin + httpproxy.enabled: false + httpproxy.port: 8080 + httpproxy.skin: squid + httproxy.skin.list: + - desc: Squid + name: squid + - desc: Microsoft ISA Server Web Proxy + name: ms-isa + logger: + class: PyLogger + kwargs: + formatters: + plain: + format: '%(message)s' + handlers: + console: + class: logging.StreamHandler + stream: ext://sys.stdout + file: + class: logging.FileHandler + filename: /var/tmp/opencanary.log + portscan.enabled: false + portscan.logfile: /var/log/kern.log + portscan.synrate: 5 + portscan.nmaposrate: 5 + portscan.lorate: 3 + smb.auditfile: /var/log/samba-audit.log + smb.enabled: false + mysql.enabled: false + mysql.port: 3306 + mysql.banner: 5.5.43-0ubuntu0.14.04.1 + ssh.enabled: false + ssh.port: 22 + ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4 + redis.enabled: false + redis.port: 6379 + rdp.enabled: false + rdp.port: 3389 + sip.enabled: false + sip.port: 5060 + snmp.enabled: false + snmp.port: 161 + ntp.enabled: false + ntp.port: '123' + tftp.enabled: false + tftp.port: 69 + tcpbanner.maxnum: 10 + tcpbanner.enabled: false + tcpbanner_1.enabled: false + tcpbanner_1.port: 8001 + tcpbanner_1.datareceivedbanner: '' + tcpbanner_1.initbanner: '' + tcpbanner_1.alertstring.enabled: false + tcpbanner_1.alertstring: '' + tcpbanner_1.keep_alive.enabled: false + tcpbanner_1.keep_alive_secret: '' + tcpbanner_1.keep_alive_probes: 11 + tcpbanner_1.keep_alive_interval: 300 + tcpbanner_1.keep_alive_idle: 300 + telnet.enabled: false + telnet.port: '23' + telnet.banner: '' + telnet.honeycreds: + - username: admin + password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA + - username: admin + password: admin1 + mssql.enabled: false + mssql.version: '2012' + mssql.port: 1433 + vnc.enabled: false + vnc.port: 5000 \ No newline at end of file diff --git a/salt/idh/idh.conf.jinja b/salt/idh/idh.conf.jinja new file mode 100644 index 000000000..0dbb5eb5a --- /dev/null +++ b/salt/idh/idh.conf.jinja @@ -0,0 +1 @@ +{{ IDH | tojson(True) }} \ No newline at end of file diff --git a/salt/idh/init.sls b/salt/idh/init.sls index 3d95015d7..03b31b469 100644 --- a/salt/idh/init.sls +++ b/salt/idh/init.sls @@ -20,16 +20,14 @@ configdir: - group: 939 - makedirs: True -# Sync IDH files -idhfiles: - file.recurse: - - name: /opt/so/conf/idh - - user: 0 - - group: 0 - - file_mode: 755 - - source: salt://idh/config - - replace: False +{% from 'idh/opencanary_config.map.jinja' import OPENCANARYCONFIG with context %} +opencanary_config: + file.managed: + - name: /opt/so/conf/idh/opencanary.conf + - source: salt://idh/idh.conf.jinja - template: jinja + - defaults: + OPENCANARYCONFIG: {{ OPENCANARYCONFIG }} so-idh: docker_container.running: diff --git a/salt/idh/opencanary_config.map.jinja b/salt/idh/opencanary_config.map.jinja new file mode 100644 index 000000000..cf65cc7d3 --- /dev/null +++ b/salt/idh/opencanary_config.map.jinja @@ -0,0 +1,2 @@ +{% import_yaml 'idh/defaults.yml' as OPENCANARYCONFIG with context %} +{% set OPENCANARYCONFIG = salt['pillar.get']('idh:opencanary:config', default=OPENCANARYCONFIG.idh.opencanary.config, merge=True) %} \ No newline at end of file