Rework IDH phase 1

2025-12-06 09:12:45 +01:00 · 2023-03-21 09:49:28 -04:00
parent 444988f287
commit a3d38dd2e7
18 changed files with 217 additions and 135 deletions
--- a/salt/idh/defaults.yaml
+++ b/salt/idh/defaults.yaml
@@ -0,0 +1,90 @@
+idh:
+  opencanary:
+    config:
+      logger:
+        class: PyLogger
+        kwargs:
+            formatters:
+              plain:
+                  format: '%(message)s'
+            handlers:
+              console:
+                  class: logging.StreamHandler
+                  stream: ext://sys.stdout
+              file:
+                  class: logging.FileHandler
+                  filename: /var/tmp/opencanary.log
+      portscan.enabled: false
+      portscan.logfile: /var/log/kern.log
+      portscan.synrate: 5
+      portscan.nmaposrate: 5
+      portscan.lorate: 3
+      tcpbanner.maxnum: 10
+      tcpbanner.enabled: false
+      tcpbanner_1.enabled: false
+      tcpbanner_1.port: 8001
+      tcpbanner_1.datareceivedbanner: ''
+      tcpbanner_1.initbanner: ''
+      tcpbanner_1.alertstring.enabled: false
+      tcpbanner_1.keep_alive.enabled: false
+      tcpbanner_1.keep_alive_secret: ''
+      tcpbanner_1.keep_alive_probes: 11
+      tcpbanner_1.keep_alive_interval: 300
+      tcpbanner_1.keep_alive_idle: 300
+      ftp.enabled: true
+      ftp.port: 21
+      ftp.banner: FTP server ready
+      git.enabled: true
+      git.port: 9418
+      http.banner: Apache/2.2.34 (Ubuntu)
+      http.enabled: true
+      http.port: 80
+      http.skin: nasLogin
+      http.skin.list:
+        - desc: Plain HTML Login
+          name: basicLogin
+        - desc: Synology NAS Login
+          name: nasLogin
+      httpproxy.enabled: true
+      httpproxy.port: 8080
+      httpproxy.skin: squid
+      httproxy.skin.list:
+        - desc: Squid
+          name: squid
+        - desc: Microsoft ISA Server Web Proxy
+          name: ms-isa
+      mssql.enabled: true
+      mssql.version: '2012'
+      mssql.port: 1433
+      mysql.enabled: true
+      mysql.port: 3306
+      mysql.banner: 5.5.43-0ubuntu0.14.04.1
+      ntp.enabled: true
+      ntp.port: '123'
+      redis.enabled: true
+      redis.port: 6379
+      sip.enabled: true
+      sip.port: 5060
+      smb.auditfile: /var/log/samba-audit.log
+      smb.enabled: true
+      snmp.enabled: true
+      snmp.port: 161
+      ssh.enabled: true
+      ssh.port: 22
+      ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4
+      telnet.enabled: true
+      telnet.port: '23'
+      telnet.banner: ''
+      telnet.honeycreds:
+        - username: admin
+          password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA
+        - username: admin
+          password: admin1
+      tftp.enabled: true
+      tftp.port: 69
+      vnc.enabled: true
+      vnc.port: 5900
+  openssh:
+    enable: true
+    config:
+      port: 2222
--- a/salt/idh/defaults/defaults.yaml
+++ b/salt/idh/defaults/defaults.yaml
@@ -1,37 +0,0 @@
-idh:
-  opencanary:
-    config:
-      logger:
-        class: PyLogger
-        kwargs:
-            formatters:
-              plain:
-                  format: '%(message)s'
-            handlers:
-              console:
-                  class: logging.StreamHandler
-                  stream: ext://sys.stdout
-              file:
-                  class: logging.FileHandler
-                  filename: /var/tmp/opencanary.log
-      portscan.enabled: false
-      portscan.logfile: /var/log/kern.log
-      portscan.synrate: 5
-      portscan.nmaposrate: 5
-      portscan.lorate: 3
-      tcpbanner.maxnum: 10
-      tcpbanner.enabled: false
-      tcpbanner_1.enabled: false
-      tcpbanner_1.port: 8001
-      tcpbanner_1.datareceivedbanner: ''
-      tcpbanner_1.initbanner: ''
-      tcpbanner_1.alertstring.enabled: false
-      tcpbanner_1.keep_alive.enabled: false
-      tcpbanner_1.keep_alive_secret: ''
-      tcpbanner_1.keep_alive_probes: 11
-      tcpbanner_1.keep_alive_interval: 300
-      tcpbanner_1.keep_alive_idle: 300
-  openssh:
-    enable: true
-    config:
-      port: 2222
--- a/salt/idh/defaults/ftp.defaults.yaml
+++ b/salt/idh/defaults/ftp.defaults.yaml
@@ -1,6 +0,0 @@
-idh:
-  opencanary:
-    config:
-      ftp.enabled: true
-      ftp.port: 21
-      ftp.banner: FTP server ready
--- a/salt/idh/defaults/git.defaults.yaml
+++ b/salt/idh/defaults/git.defaults.yaml
@@ -1,5 +0,0 @@
-idh:
-  opencanary:
-    config:
-      git.enabled: true
-      git.port: 9418
--- a/salt/idh/defaults/http.defaults.yaml
+++ b/salt/idh/defaults/http.defaults.yaml
@@ -1,12 +0,0 @@
-idh:
-  opencanary:
-    config:
-      http.banner: Apache/2.2.34 (Ubuntu)
-      http.enabled: true
-      http.port: 80
-      http.skin: nasLogin
-      http.skin.list:
-      - desc: Plain HTML Login
-        name: basicLogin
-      - desc: Synology NAS Login
-        name: nasLogin
--- a/salt/idh/defaults/httpproxy.defaults.yaml
+++ b/salt/idh/defaults/httpproxy.defaults.yaml
@@ -1,11 +0,0 @@
-idh:
-  opencanary:
-    config:
-      httpproxy.enabled: true
-      httpproxy.port: 8080
-      httpproxy.skin: squid
-      httproxy.skin.list:
-      - desc: Squid
-        name: squid
-      - desc: Microsoft ISA Server Web Proxy
-        name: ms-isa
--- a/salt/idh/defaults/mssql.defaults.yaml
+++ b/salt/idh/defaults/mssql.defaults.yaml
@@ -1,6 +0,0 @@
-idh:
-  opencanary:
-    config:
-      mssql.enabled: true
-      mssql.version: '2012'
-      mssql.port: 1433
--- a/salt/idh/defaults/mysql.defaults.yaml
+++ b/salt/idh/defaults/mysql.defaults.yaml
@@ -1,6 +0,0 @@
-idh:
-  opencanary:
-    config:
-      mysql.enabled: true
-      mysql.port: 3306
-      mysql.banner: 5.5.43-0ubuntu0.14.04.1
--- a/salt/idh/defaults/ntp.defaults.yaml
+++ b/salt/idh/defaults/ntp.defaults.yaml
@@ -1,5 +0,0 @@
-idh:
-  opencanary:
-    config:
-      ntp.enabled: true
-      ntp.port: '123'
--- a/salt/idh/defaults/redis.defaults.yaml
+++ b/salt/idh/defaults/redis.defaults.yaml
@@ -1,5 +0,0 @@
-idh:
-  opencanary:
-    config:
-      redis.enabled: true
-      redis.port: 6379
--- a/salt/idh/defaults/sip.defaults.yaml
+++ b/salt/idh/defaults/sip.defaults.yaml
@@ -1,5 +0,0 @@
-idh:
-  opencanary:
-    config:
-      sip.enabled: true
-      sip.port: 5060
--- a/salt/idh/defaults/smb.defaults.yaml
+++ b/salt/idh/defaults/smb.defaults.yaml
@@ -1,5 +0,0 @@
-idh:
-  opencanary:
-    config:
-      smb.auditfile: /var/log/samba-audit.log
-      smb.enabled: true
--- a/salt/idh/defaults/snmp.defaults.yaml
+++ b/salt/idh/defaults/snmp.defaults.yaml
@@ -1,5 +0,0 @@
-idh:
-  opencanary:
-    config:
-      snmp.enabled: true
-      snmp.port: 161
--- a/salt/idh/defaults/ssh.defaults.yaml
+++ b/salt/idh/defaults/ssh.defaults.yaml
@@ -1,6 +0,0 @@
-idh:
-  opencanary:
-    config:
-      ssh.enabled: true
-      ssh.port: 22
-      ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4
--- a/salt/idh/defaults/telnet.defaults.yaml
+++ b/salt/idh/defaults/telnet.defaults.yaml
@@ -1,11 +0,0 @@
-idh:
-  opencanary:
-    config:
-      telnet.enabled: true
-      telnet.port: '23'
-      telnet.banner: ''
-      telnet.honeycreds:
-      - username: admin
-        password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA
-      - username: admin
-        password: admin1
--- a/salt/idh/defaults/tftp.defaults.yaml
+++ b/salt/idh/defaults/tftp.defaults.yaml
@@ -1,5 +0,0 @@
-idh:
-  opencanary:
-    config:
-      tftp.enabled: true
-      tftp.port: 69
--- a/salt/idh/defaults/vnc.defaults.yaml
+++ b/salt/idh/defaults/vnc.defaults.yaml
@@ -1,5 +0,0 @@
-idh:
-  opencanary:
-    config:
-      vnc.enabled: true
-      vnc.port: 5900
--- a/salt/idh/soc_idh.yaml
+++ b/salt/idh/soc_idh.yaml
@@ -0,0 +1,127 @@
+idh:
+  opencanary:
+    config:
+      logger:
+        class: &loggingOptions
+          readonly: True
+          advanced: True
+          global: True
+          helpLink: idh.html
+        kwargs:
+            formatters:
+              plain:
+                  format: *loggingOptions
+            handlers:
+              console:
+                  class: *loggingOptions
+                  stream: *loggingOptions
+              file:
+                  class: *loggingOptions
+                  filename: *loggingOptions
+      portscan.enabled: &serviceOptions
+        description: To enable this IDH service set this value to True. To disable set to False.
+        helpLink: idh.html
+      portscan.logfile: *loggingOptions
+      portscan.synrate:
+        description: Needs update
+        advanced: True
+        helpLink: idh.html 
+      portscan.nmaposrate:
+        description: Needs update
+        advanced: True
+        helpLink: idh.html  
+      portscan.lorate: 
+        description: Needs update
+        advanced: True
+        helpLink: idh.html 
+      tcpbanner.maxnum:
+        description: Needs update
+        advanced: True
+        helpLink: idh.html 
+      tcpbanner.enabled: *serviceOptions
+      tcpbanner_1.enabled: *serviceOptions
+      tcpbanner_1.port: &portOptions
+      tcpbanner_1.datareceivedbanner: &bannerOptions
+        description: Needs update
+        advanced: True
+        helpLink: idh.html 
+      tcpbanner_1.initbanner: *bannerOptions
+      tcpbanner_1.alertstring.enabled: *serviceOptions
+      tcpbanner_1.keep_alive.enabled: *serviceOptions
+      tcpbanner_1.keep_alive_secret:
+        description: Needs update
+        advanced: True
+        helpLink: idh.html 
+      tcpbanner_1.keep_alive_probes:
+        description: Needs update
+        advanced: True
+        helpLink: idh.html  
+      tcpbanner_1.keep_alive_interval:
+        description: Needs update
+        advanced: True
+        helpLink: idh.html 
+      tcpbanner_1.keep_alive_idle:
+        description: Needs update
+        advanced: True
+        helpLink: idh.html 
+      ftp.enabled: *serviceOptions
+      ftp.port: *portOptions
+      ftp.banner: *bannerOptions
+      git.enabled: *serviceOptions
+      git.port: *portOptions
+      http.banner: *bannerOptions
+      http.enabled: *serviceOptions
+      http.port: *portOptions
+      http.skin: &skinOptions
+        description:
+        advanced: True
+        helplink: idh.html
+      http.skin.list: &skinlistOptions
+        description: List of skins to use for the service.
+        advanced: Ture
+        helpLink: idh.html
+      httpproxy.enabled: *serviceOptions
+      httpproxy.port: *portOptions
+      httpproxy.skin: *skinOptions
+      httproxy.skin.list: *skinlistOptions
+      mssql.enabled: *serviceOptions
+      mssql.version: &versionOptions
+        description: Specify the version the service should present.
+        advanced: True
+        helpLink: idh.html
+      mssql.port: *portOptions
+      mysql.enabled: *serviceOptions
+      mysql.port: *portOptions
+      mysql.banner: *bannerOptions
+      ntp.enabled: *serviceOptions
+      ntp.port: *portOptions
+      redis.enabled: *serviceOptions
+      redis.port: *portOptions
+      sip.enabled: *serviceOptions
+      sip.port: *portOptions
+      smb.auditfile: *loggingOptions
+      smb.enabled: *serviceOptions
+      snmp.enabled: *serviceOptions
+      snmp.port: *portOptions
+      ssh.enabled: *serviceOptions
+      ssh.port: *portOptions
+      ssh.version: *versionOptions
+      telnet.enabled: *serviceOptions
+      telnet.port: *portOptions
+      telnet.banner: *bannerOptions
+      telnet.honeycreds:
+        description: Credentials list for the telnet service.
+        advanced: True
+        helpLink: idh.html
+      tftp.enabled: *serviceOptions
+      tftp.port: *portOptions
+      vnc.enabled: *serviceOptions
+      vnc.port: *portOptions
+  openssh:
+    enable: 
+      description: This is the other SSH for the host machine. Needs better descirption.
+      helpLink: idh.html
+    config:
+      port:
+        description: Port that ssh will listen on and only accessible from the manager.
+        helpLink: idh.html