From a3d38dd2e756be66882c949cd6d8d9f9fb3239b2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 21 Mar 2023 09:49:28 -0400 Subject: [PATCH] Rework IDH phase 1 --- salt/idh/defaults.yaml | 90 +++++++++++++++ salt/idh/defaults/defaults.yaml | 37 ------- salt/idh/defaults/ftp.defaults.yaml | 6 - salt/idh/defaults/git.defaults.yaml | 5 - salt/idh/defaults/http.defaults.yaml | 12 -- salt/idh/defaults/httpproxy.defaults.yaml | 11 -- salt/idh/defaults/mssql.defaults.yaml | 6 - salt/idh/defaults/mysql.defaults.yaml | 6 - salt/idh/defaults/ntp.defaults.yaml | 5 - salt/idh/defaults/redis.defaults.yaml | 5 - salt/idh/defaults/sip.defaults.yaml | 5 - salt/idh/defaults/smb.defaults.yaml | 5 - salt/idh/defaults/snmp.defaults.yaml | 5 - salt/idh/defaults/ssh.defaults.yaml | 6 - salt/idh/defaults/telnet.defaults.yaml | 11 -- salt/idh/defaults/tftp.defaults.yaml | 5 - salt/idh/defaults/vnc.defaults.yaml | 5 - salt/idh/soc_idh.yaml | 127 ++++++++++++++++++++++ 18 files changed, 217 insertions(+), 135 deletions(-) create mode 100644 salt/idh/defaults.yaml delete mode 100644 salt/idh/defaults/defaults.yaml delete mode 100644 salt/idh/defaults/ftp.defaults.yaml delete mode 100644 salt/idh/defaults/git.defaults.yaml delete mode 100644 salt/idh/defaults/http.defaults.yaml delete mode 100644 salt/idh/defaults/httpproxy.defaults.yaml delete mode 100644 salt/idh/defaults/mssql.defaults.yaml delete mode 100644 salt/idh/defaults/mysql.defaults.yaml delete mode 100644 salt/idh/defaults/ntp.defaults.yaml delete mode 100644 salt/idh/defaults/redis.defaults.yaml delete mode 100644 salt/idh/defaults/sip.defaults.yaml delete mode 100644 salt/idh/defaults/smb.defaults.yaml delete mode 100644 salt/idh/defaults/snmp.defaults.yaml delete mode 100644 salt/idh/defaults/ssh.defaults.yaml delete mode 100644 salt/idh/defaults/telnet.defaults.yaml delete mode 100644 salt/idh/defaults/tftp.defaults.yaml delete mode 100644 salt/idh/defaults/vnc.defaults.yaml create mode 100644 salt/idh/soc_idh.yaml diff --git a/salt/idh/defaults.yaml b/salt/idh/defaults.yaml new file mode 100644 index 000000000..6ace873b7 --- /dev/null +++ b/salt/idh/defaults.yaml @@ -0,0 +1,90 @@ +idh: + opencanary: + config: + logger: + class: PyLogger + kwargs: + formatters: + plain: + format: '%(message)s' + handlers: + console: + class: logging.StreamHandler + stream: ext://sys.stdout + file: + class: logging.FileHandler + filename: /var/tmp/opencanary.log + portscan.enabled: false + portscan.logfile: /var/log/kern.log + portscan.synrate: 5 + portscan.nmaposrate: 5 + portscan.lorate: 3 + tcpbanner.maxnum: 10 + tcpbanner.enabled: false + tcpbanner_1.enabled: false + tcpbanner_1.port: 8001 + tcpbanner_1.datareceivedbanner: '' + tcpbanner_1.initbanner: '' + tcpbanner_1.alertstring.enabled: false + tcpbanner_1.keep_alive.enabled: false + tcpbanner_1.keep_alive_secret: '' + tcpbanner_1.keep_alive_probes: 11 + tcpbanner_1.keep_alive_interval: 300 + tcpbanner_1.keep_alive_idle: 300 + ftp.enabled: true + ftp.port: 21 + ftp.banner: FTP server ready + git.enabled: true + git.port: 9418 + http.banner: Apache/2.2.34 (Ubuntu) + http.enabled: true + http.port: 80 + http.skin: nasLogin + http.skin.list: + - desc: Plain HTML Login + name: basicLogin + - desc: Synology NAS Login + name: nasLogin + httpproxy.enabled: true + httpproxy.port: 8080 + httpproxy.skin: squid + httproxy.skin.list: + - desc: Squid + name: squid + - desc: Microsoft ISA Server Web Proxy + name: ms-isa + mssql.enabled: true + mssql.version: '2012' + mssql.port: 1433 + mysql.enabled: true + mysql.port: 3306 + mysql.banner: 5.5.43-0ubuntu0.14.04.1 + ntp.enabled: true + ntp.port: '123' + redis.enabled: true + redis.port: 6379 + sip.enabled: true + sip.port: 5060 + smb.auditfile: /var/log/samba-audit.log + smb.enabled: true + snmp.enabled: true + snmp.port: 161 + ssh.enabled: true + ssh.port: 22 + ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4 + telnet.enabled: true + telnet.port: '23' + telnet.banner: '' + telnet.honeycreds: + - username: admin + password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA + - username: admin + password: admin1 + tftp.enabled: true + tftp.port: 69 + vnc.enabled: true + vnc.port: 5900 + openssh: + enable: true + config: + port: 2222 diff --git a/salt/idh/defaults/defaults.yaml b/salt/idh/defaults/defaults.yaml deleted file mode 100644 index 4ed6bc3c5..000000000 --- a/salt/idh/defaults/defaults.yaml +++ /dev/null @@ -1,37 +0,0 @@ -idh: - opencanary: - config: - logger: - class: PyLogger - kwargs: - formatters: - plain: - format: '%(message)s' - handlers: - console: - class: logging.StreamHandler - stream: ext://sys.stdout - file: - class: logging.FileHandler - filename: /var/tmp/opencanary.log - portscan.enabled: false - portscan.logfile: /var/log/kern.log - portscan.synrate: 5 - portscan.nmaposrate: 5 - portscan.lorate: 3 - tcpbanner.maxnum: 10 - tcpbanner.enabled: false - tcpbanner_1.enabled: false - tcpbanner_1.port: 8001 - tcpbanner_1.datareceivedbanner: '' - tcpbanner_1.initbanner: '' - tcpbanner_1.alertstring.enabled: false - tcpbanner_1.keep_alive.enabled: false - tcpbanner_1.keep_alive_secret: '' - tcpbanner_1.keep_alive_probes: 11 - tcpbanner_1.keep_alive_interval: 300 - tcpbanner_1.keep_alive_idle: 300 - openssh: - enable: true - config: - port: 2222 diff --git a/salt/idh/defaults/ftp.defaults.yaml b/salt/idh/defaults/ftp.defaults.yaml deleted file mode 100644 index bed8f90dc..000000000 --- a/salt/idh/defaults/ftp.defaults.yaml +++ /dev/null @@ -1,6 +0,0 @@ -idh: - opencanary: - config: - ftp.enabled: true - ftp.port: 21 - ftp.banner: FTP server ready \ No newline at end of file diff --git a/salt/idh/defaults/git.defaults.yaml b/salt/idh/defaults/git.defaults.yaml deleted file mode 100644 index d77c4aa1d..000000000 --- a/salt/idh/defaults/git.defaults.yaml +++ /dev/null @@ -1,5 +0,0 @@ -idh: - opencanary: - config: - git.enabled: true - git.port: 9418 \ No newline at end of file diff --git a/salt/idh/defaults/http.defaults.yaml b/salt/idh/defaults/http.defaults.yaml deleted file mode 100644 index 2b6a9fe8e..000000000 --- a/salt/idh/defaults/http.defaults.yaml +++ /dev/null @@ -1,12 +0,0 @@ -idh: - opencanary: - config: - http.banner: Apache/2.2.34 (Ubuntu) - http.enabled: true - http.port: 80 - http.skin: nasLogin - http.skin.list: - - desc: Plain HTML Login - name: basicLogin - - desc: Synology NAS Login - name: nasLogin \ No newline at end of file diff --git a/salt/idh/defaults/httpproxy.defaults.yaml b/salt/idh/defaults/httpproxy.defaults.yaml deleted file mode 100644 index 32ef4a961..000000000 --- a/salt/idh/defaults/httpproxy.defaults.yaml +++ /dev/null @@ -1,11 +0,0 @@ -idh: - opencanary: - config: - httpproxy.enabled: true - httpproxy.port: 8080 - httpproxy.skin: squid - httproxy.skin.list: - - desc: Squid - name: squid - - desc: Microsoft ISA Server Web Proxy - name: ms-isa \ No newline at end of file diff --git a/salt/idh/defaults/mssql.defaults.yaml b/salt/idh/defaults/mssql.defaults.yaml deleted file mode 100644 index 199640992..000000000 --- a/salt/idh/defaults/mssql.defaults.yaml +++ /dev/null @@ -1,6 +0,0 @@ -idh: - opencanary: - config: - mssql.enabled: true - mssql.version: '2012' - mssql.port: 1433 \ No newline at end of file diff --git a/salt/idh/defaults/mysql.defaults.yaml b/salt/idh/defaults/mysql.defaults.yaml deleted file mode 100644 index 98c6d2041..000000000 --- a/salt/idh/defaults/mysql.defaults.yaml +++ /dev/null @@ -1,6 +0,0 @@ -idh: - opencanary: - config: - mysql.enabled: true - mysql.port: 3306 - mysql.banner: 5.5.43-0ubuntu0.14.04.1 \ No newline at end of file diff --git a/salt/idh/defaults/ntp.defaults.yaml b/salt/idh/defaults/ntp.defaults.yaml deleted file mode 100644 index a7df2d460..000000000 --- a/salt/idh/defaults/ntp.defaults.yaml +++ /dev/null @@ -1,5 +0,0 @@ -idh: - opencanary: - config: - ntp.enabled: true - ntp.port: '123' \ No newline at end of file diff --git a/salt/idh/defaults/redis.defaults.yaml b/salt/idh/defaults/redis.defaults.yaml deleted file mode 100644 index 90e190f09..000000000 --- a/salt/idh/defaults/redis.defaults.yaml +++ /dev/null @@ -1,5 +0,0 @@ -idh: - opencanary: - config: - redis.enabled: true - redis.port: 6379 \ No newline at end of file diff --git a/salt/idh/defaults/sip.defaults.yaml b/salt/idh/defaults/sip.defaults.yaml deleted file mode 100644 index 740a13234..000000000 --- a/salt/idh/defaults/sip.defaults.yaml +++ /dev/null @@ -1,5 +0,0 @@ -idh: - opencanary: - config: - sip.enabled: true - sip.port: 5060 \ No newline at end of file diff --git a/salt/idh/defaults/smb.defaults.yaml b/salt/idh/defaults/smb.defaults.yaml deleted file mode 100644 index e92e0239a..000000000 --- a/salt/idh/defaults/smb.defaults.yaml +++ /dev/null @@ -1,5 +0,0 @@ -idh: - opencanary: - config: - smb.auditfile: /var/log/samba-audit.log - smb.enabled: true \ No newline at end of file diff --git a/salt/idh/defaults/snmp.defaults.yaml b/salt/idh/defaults/snmp.defaults.yaml deleted file mode 100644 index 990bf919e..000000000 --- a/salt/idh/defaults/snmp.defaults.yaml +++ /dev/null @@ -1,5 +0,0 @@ -idh: - opencanary: - config: - snmp.enabled: true - snmp.port: 161 \ No newline at end of file diff --git a/salt/idh/defaults/ssh.defaults.yaml b/salt/idh/defaults/ssh.defaults.yaml deleted file mode 100644 index 00dcfbcf8..000000000 --- a/salt/idh/defaults/ssh.defaults.yaml +++ /dev/null @@ -1,6 +0,0 @@ -idh: - opencanary: - config: - ssh.enabled: true - ssh.port: 22 - ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4 \ No newline at end of file diff --git a/salt/idh/defaults/telnet.defaults.yaml b/salt/idh/defaults/telnet.defaults.yaml deleted file mode 100644 index 34f1d3190..000000000 --- a/salt/idh/defaults/telnet.defaults.yaml +++ /dev/null @@ -1,11 +0,0 @@ -idh: - opencanary: - config: - telnet.enabled: true - telnet.port: '23' - telnet.banner: '' - telnet.honeycreds: - - username: admin - password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA - - username: admin - password: admin1 \ No newline at end of file diff --git a/salt/idh/defaults/tftp.defaults.yaml b/salt/idh/defaults/tftp.defaults.yaml deleted file mode 100644 index 5f275839f..000000000 --- a/salt/idh/defaults/tftp.defaults.yaml +++ /dev/null @@ -1,5 +0,0 @@ -idh: - opencanary: - config: - tftp.enabled: true - tftp.port: 69 \ No newline at end of file diff --git a/salt/idh/defaults/vnc.defaults.yaml b/salt/idh/defaults/vnc.defaults.yaml deleted file mode 100644 index 1995e5651..000000000 --- a/salt/idh/defaults/vnc.defaults.yaml +++ /dev/null @@ -1,5 +0,0 @@ -idh: - opencanary: - config: - vnc.enabled: true - vnc.port: 5900 \ No newline at end of file diff --git a/salt/idh/soc_idh.yaml b/salt/idh/soc_idh.yaml new file mode 100644 index 000000000..b7bc93e93 --- /dev/null +++ b/salt/idh/soc_idh.yaml @@ -0,0 +1,127 @@ +idh: + opencanary: + config: + logger: + class: &loggingOptions + readonly: True + advanced: True + global: True + helpLink: idh.html + kwargs: + formatters: + plain: + format: *loggingOptions + handlers: + console: + class: *loggingOptions + stream: *loggingOptions + file: + class: *loggingOptions + filename: *loggingOptions + portscan.enabled: &serviceOptions + description: To enable this IDH service set this value to True. To disable set to False. + helpLink: idh.html + portscan.logfile: *loggingOptions + portscan.synrate: + description: Needs update + advanced: True + helpLink: idh.html + portscan.nmaposrate: + description: Needs update + advanced: True + helpLink: idh.html + portscan.lorate: + description: Needs update + advanced: True + helpLink: idh.html + tcpbanner.maxnum: + description: Needs update + advanced: True + helpLink: idh.html + tcpbanner.enabled: *serviceOptions + tcpbanner_1.enabled: *serviceOptions + tcpbanner_1.port: &portOptions + tcpbanner_1.datareceivedbanner: &bannerOptions + description: Needs update + advanced: True + helpLink: idh.html + tcpbanner_1.initbanner: *bannerOptions + tcpbanner_1.alertstring.enabled: *serviceOptions + tcpbanner_1.keep_alive.enabled: *serviceOptions + tcpbanner_1.keep_alive_secret: + description: Needs update + advanced: True + helpLink: idh.html + tcpbanner_1.keep_alive_probes: + description: Needs update + advanced: True + helpLink: idh.html + tcpbanner_1.keep_alive_interval: + description: Needs update + advanced: True + helpLink: idh.html + tcpbanner_1.keep_alive_idle: + description: Needs update + advanced: True + helpLink: idh.html + ftp.enabled: *serviceOptions + ftp.port: *portOptions + ftp.banner: *bannerOptions + git.enabled: *serviceOptions + git.port: *portOptions + http.banner: *bannerOptions + http.enabled: *serviceOptions + http.port: *portOptions + http.skin: &skinOptions + description: + advanced: True + helplink: idh.html + http.skin.list: &skinlistOptions + description: List of skins to use for the service. + advanced: Ture + helpLink: idh.html + httpproxy.enabled: *serviceOptions + httpproxy.port: *portOptions + httpproxy.skin: *skinOptions + httproxy.skin.list: *skinlistOptions + mssql.enabled: *serviceOptions + mssql.version: &versionOptions + description: Specify the version the service should present. + advanced: True + helpLink: idh.html + mssql.port: *portOptions + mysql.enabled: *serviceOptions + mysql.port: *portOptions + mysql.banner: *bannerOptions + ntp.enabled: *serviceOptions + ntp.port: *portOptions + redis.enabled: *serviceOptions + redis.port: *portOptions + sip.enabled: *serviceOptions + sip.port: *portOptions + smb.auditfile: *loggingOptions + smb.enabled: *serviceOptions + snmp.enabled: *serviceOptions + snmp.port: *portOptions + ssh.enabled: *serviceOptions + ssh.port: *portOptions + ssh.version: *versionOptions + telnet.enabled: *serviceOptions + telnet.port: *portOptions + telnet.banner: *bannerOptions + telnet.honeycreds: + description: Credentials list for the telnet service. + advanced: True + helpLink: idh.html + tftp.enabled: *serviceOptions + tftp.port: *portOptions + vnc.enabled: *serviceOptions + vnc.port: *portOptions + openssh: + enable: + description: This is the other SSH for the host machine. Needs better descirption. + helpLink: idh.html + config: + port: + description: Port that ssh will listen on and only accessible from the manager. + helpLink: idh.html