CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rework IDH phase 1

Browse Source
This commit is contained in:
Mike Reeves
2023-03-21 09:49:28 -04:00
parent 444988f287
commit a3d38dd2e7
18 changed files with 217 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
salt/idh/defaults.yaml Normal file
View File

@@ -0,0 +1,90 @@
idh:
opencanary:
config:
logger:
class: PyLogger
kwargs:
formatters:
plain:
format: '%(message)s'
handlers:
console:
class: logging.StreamHandler
stream: ext://sys.stdout
file:
class: logging.FileHandler
filename: /var/tmp/opencanary.log
portscan.enabled: false
portscan.logfile: /var/log/kern.log
portscan.synrate: 5
portscan.nmaposrate: 5
portscan.lorate: 3
tcpbanner.maxnum: 10
tcpbanner.enabled: false
tcpbanner_1.enabled: false
tcpbanner_1.port: 8001
tcpbanner_1.datareceivedbanner: ''
tcpbanner_1.initbanner: ''
tcpbanner_1.alertstring.enabled: false
tcpbanner_1.keep_alive.enabled: false
tcpbanner_1.keep_alive_secret: ''
tcpbanner_1.keep_alive_probes: 11
tcpbanner_1.keep_alive_interval: 300
tcpbanner_1.keep_alive_idle: 300
ftp.enabled: true
ftp.port: 21
ftp.banner: FTP server ready
git.enabled: true
git.port: 9418
http.banner: Apache/2.2.34 (Ubuntu)
http.enabled: true
http.port: 80
http.skin: nasLogin
http.skin.list:
- desc: Plain HTML Login
name: basicLogin
- desc: Synology NAS Login
name: nasLogin
httpproxy.enabled: true
httpproxy.port: 8080
httpproxy.skin: squid
httproxy.skin.list:
- desc: Squid
name: squid
- desc: Microsoft ISA Server Web Proxy
name: ms-isa
mssql.enabled: true
mssql.version: '2012'
mssql.port: 1433
mysql.enabled: true
mysql.port: 3306
mysql.banner: 5.5.43-0ubuntu0.14.04.1
ntp.enabled: true
ntp.port: '123'
redis.enabled: true
redis.port: 6379
sip.enabled: true
sip.port: 5060
smb.auditfile: /var/log/samba-audit.log
smb.enabled: true
snmp.enabled: true
snmp.port: 161
ssh.enabled: true
ssh.port: 22
ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4
telnet.enabled: true
telnet.port: '23'
telnet.banner: ''
telnet.honeycreds:
- username: admin
password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA
- username: admin
password: admin1
tftp.enabled: true
tftp.port: 69
vnc.enabled: true
vnc.port: 5900
openssh:
enable: true
config:
port: 2222

37
salt/idh/defaults/defaults.yaml
View File

@@ -1,37 +0,0 @@
idh:
opencanary:
config:
logger:
class: PyLogger
kwargs:
formatters:
plain:
format: '%(message)s'
handlers:
console:
class: logging.StreamHandler
stream: ext://sys.stdout
file:
class: logging.FileHandler
filename: /var/tmp/opencanary.log
portscan.enabled: false
portscan.logfile: /var/log/kern.log
portscan.synrate: 5
portscan.nmaposrate: 5
portscan.lorate: 3
tcpbanner.maxnum: 10
tcpbanner.enabled: false
tcpbanner_1.enabled: false
tcpbanner_1.port: 8001
tcpbanner_1.datareceivedbanner: ''
tcpbanner_1.initbanner: ''
tcpbanner_1.alertstring.enabled: false
tcpbanner_1.keep_alive.enabled: false
tcpbanner_1.keep_alive_secret: ''
tcpbanner_1.keep_alive_probes: 11
tcpbanner_1.keep_alive_interval: 300
tcpbanner_1.keep_alive_idle: 300
openssh:
enable: true
config:
port: 2222

6
salt/idh/defaults/ftp.defaults.yaml
View File

@@ -1,6 +0,0 @@
idh:
opencanary:
config:
ftp.enabled: true
ftp.port: 21
ftp.banner: FTP server ready

5
salt/idh/defaults/git.defaults.yaml
View File

@@ -1,5 +0,0 @@
idh:
opencanary:
config:
git.enabled: true
git.port: 9418

12
salt/idh/defaults/http.defaults.yaml
View File

@@ -1,12 +0,0 @@
idh:
opencanary:
config:
http.banner: Apache/2.2.34 (Ubuntu)
http.enabled: true
http.port: 80
http.skin: nasLogin
http.skin.list:
- desc: Plain HTML Login
name: basicLogin
- desc: Synology NAS Login
name: nasLogin

11
salt/idh/defaults/httpproxy.defaults.yaml
View File

@@ -1,11 +0,0 @@
idh:
opencanary:
config:
httpproxy.enabled: true
httpproxy.port: 8080
httpproxy.skin: squid
httproxy.skin.list:
- desc: Squid
name: squid
- desc: Microsoft ISA Server Web Proxy
name: ms-isa

6
salt/idh/defaults/mssql.defaults.yaml
View File

@@ -1,6 +0,0 @@
idh:
opencanary:
config:
mssql.enabled: true
mssql.version: '2012'
mssql.port: 1433

6
salt/idh/defaults/mysql.defaults.yaml
View File

@@ -1,6 +0,0 @@
idh:
opencanary:
config:
mysql.enabled: true
mysql.port: 3306
mysql.banner: 5.5.43-0ubuntu0.14.04.1

5
salt/idh/defaults/ntp.defaults.yaml
View File

@@ -1,5 +0,0 @@
idh:
opencanary:
config:
ntp.enabled: true
ntp.port: '123'

5
salt/idh/defaults/redis.defaults.yaml
View File

@@ -1,5 +0,0 @@
idh:
opencanary:
config:
redis.enabled: true
redis.port: 6379

5
salt/idh/defaults/sip.defaults.yaml
View File

@@ -1,5 +0,0 @@
idh:
opencanary:
config:
sip.enabled: true
sip.port: 5060

5
salt/idh/defaults/smb.defaults.yaml
View File

@@ -1,5 +0,0 @@
idh:
opencanary:
config:
smb.auditfile: /var/log/samba-audit.log
smb.enabled: true

5
salt/idh/defaults/snmp.defaults.yaml
View File

@@ -1,5 +0,0 @@
idh:
opencanary:
config:
snmp.enabled: true
snmp.port: 161

6
salt/idh/defaults/ssh.defaults.yaml
View File

@@ -1,6 +0,0 @@
idh:
opencanary:
config:
ssh.enabled: true
ssh.port: 22
ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4

11
salt/idh/defaults/telnet.defaults.yaml
View File

@@ -1,11 +0,0 @@
idh:
opencanary:
config:
telnet.enabled: true
telnet.port: '23'
telnet.banner: ''
telnet.honeycreds:
- username: admin
password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA
- username: admin
password: admin1

5
salt/idh/defaults/tftp.defaults.yaml
View File

@@ -1,5 +0,0 @@
idh:
opencanary:
config:
tftp.enabled: true
tftp.port: 69

5
salt/idh/defaults/vnc.defaults.yaml
View File

@@ -1,5 +0,0 @@
idh:
opencanary:
config:
vnc.enabled: true
vnc.port: 5900

127
salt/idh/soc_idh.yaml Normal file
View File

@@ -0,0 +1,127 @@
idh:
opencanary:
config:
logger:
class: &loggingOptions
readonly: True
advanced: True
global: True
helpLink: idh.html
kwargs:
formatters:
plain:
format: *loggingOptions
handlers:
console:
class: *loggingOptions
stream: *loggingOptions
file:
class: *loggingOptions
filename: *loggingOptions
portscan.enabled: &serviceOptions
description: To enable this IDH service set this value to True. To disable set to False.
helpLink: idh.html
portscan.logfile: *loggingOptions
portscan.synrate:
description: Needs update
advanced: True
helpLink: idh.html
portscan.nmaposrate:
description: Needs update
advanced: True
helpLink: idh.html
portscan.lorate:
description: Needs update
advanced: True
helpLink: idh.html
tcpbanner.maxnum:
description: Needs update
advanced: True
helpLink: idh.html
tcpbanner.enabled: *serviceOptions
tcpbanner_1.enabled: *serviceOptions
tcpbanner_1.port: &portOptions
tcpbanner_1.datareceivedbanner: &bannerOptions
description: Needs update
advanced: True
helpLink: idh.html
tcpbanner_1.initbanner: *bannerOptions
tcpbanner_1.alertstring.enabled: *serviceOptions
tcpbanner_1.keep_alive.enabled: *serviceOptions
tcpbanner_1.keep_alive_secret:
description: Needs update
advanced: True
helpLink: idh.html
tcpbanner_1.keep_alive_probes:
description: Needs update
advanced: True
helpLink: idh.html
tcpbanner_1.keep_alive_interval:
description: Needs update
advanced: True
helpLink: idh.html
tcpbanner_1.keep_alive_idle:
description: Needs update
advanced: True
helpLink: idh.html
ftp.enabled: *serviceOptions
ftp.port: *portOptions
ftp.banner: *bannerOptions
git.enabled: *serviceOptions
git.port: *portOptions
http.banner: *bannerOptions
http.enabled: *serviceOptions
http.port: *portOptions
http.skin: &skinOptions
description:
advanced: True
helplink: idh.html
http.skin.list: &skinlistOptions
description: List of skins to use for the service.
advanced: Ture
helpLink: idh.html
httpproxy.enabled: *serviceOptions
httpproxy.port: *portOptions
httpproxy.skin: *skinOptions
httproxy.skin.list: *skinlistOptions
mssql.enabled: *serviceOptions
mssql.version: &versionOptions
description: Specify the version the service should present.
advanced: True
helpLink: idh.html
mssql.port: *portOptions
mysql.enabled: *serviceOptions
mysql.port: *portOptions
mysql.banner: *bannerOptions
ntp.enabled: *serviceOptions
ntp.port: *portOptions
redis.enabled: *serviceOptions
redis.port: *portOptions
sip.enabled: *serviceOptions
sip.port: *portOptions
smb.auditfile: *loggingOptions
smb.enabled: *serviceOptions
snmp.enabled: *serviceOptions
snmp.port: *portOptions
ssh.enabled: *serviceOptions
ssh.port: *portOptions
ssh.version: *versionOptions
telnet.enabled: *serviceOptions
telnet.port: *portOptions
telnet.banner: *bannerOptions
telnet.honeycreds:
description: Credentials list for the telnet service.
advanced: True
helpLink: idh.html
tftp.enabled: *serviceOptions
tftp.port: *portOptions
vnc.enabled: *serviceOptions
vnc.port: *portOptions
openssh:
enable:
description: This is the other SSH for the host machine. Needs better descirption.
helpLink: idh.html
config:
port:
description: Port that ssh will listen on and only accessible from the manager.
helpLink: idh.html