This repo contains all script, dockerfile and docker compose that are required or for QOL
To set up grafana, I used this grafana guide, so you will need to add http://prometheus:9090 as your Data source and import these json
- lodestrone: a minecraft server management software
- pterodactyl: a server manager
- portspoof: Need to be intalled on the host
- suricata: Suricata is a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets.
- hellpot: a webserver honey pot HellPot is an endless honeypot based on Heffalump that sends unruly HTTP bots to hell. HellPot will send an infinite stream of data that is just close enough to being a real website that they might just stick around until their soul is ripped apart and they cease to exist. Under the hood of this eternal suffering is a markov engine that chucks bits and pieces of The Birth of Tragedy (Hellenism and Pessimism) by Friedrich Nietzsche at the client using fasthttp.
- endlessh: a fake ssh server to block client. Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.
- ddospot: A DNS server, NTP server, SSDP server, CHARGEN server, Random/mock UDP server
- honeypots: 30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc) and the docker file from the tpotce by Deutsche Telekom Security GmbH
- Cowrie: Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker behavior to another system.
- dionaea: Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls.
- Log4Pot: A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
- Grafana, prometheus, nodeexporter, cadvisor: A set of tool that give you information on your server on a dashboard.
- Portainer: a docker web management tool
- Watchtower: A container-based solution for automating Docker container base image updates.
git clone https://github.com/drk1wi/portspoof.git && cd portspoof && ./configure --prefix=/usr/local && make && make install
OR IF IN ARCH OR A DISTRO THAT HAVE AUR
yay -Syu portspoof-git
iptables -t nat -A PREROUTING -p tcp --dport 1:65535 -j DNAT --to-destination 127.0.0.1:4444 please adapt the above command to what you need. don't forget 20, 21, 22, 23, 25, 42, 53, 69, 80, 81, 110, 135, 143, 221, 222, 223, 389, 422, 443, 445, 853, 880, 1080, 1123, 1161, 1433, 1521, 1723, 1883, 3000, 3001, 3306, 3307, 4543, 4843, 5060, 5432, 5443, 5445, 5900, 6379, 6667, 8000, 8008, 8080, 9080, 9200, 9443, 9822, 11211, 12433, 16662, 19200, 25565, 27017 to be open
- your other service and an ssh port also have the range 15000 to 15100 open for other stuff like game server (15000 to 15010 for mc instance)