diff --git a/.github/workflows/modules-images.yml b/.github/workflows/modules-images.yml index a49db9f..e699429 100644 --- a/.github/workflows/modules-images.yml +++ b/.github/workflows/modules-images.yml @@ -21,7 +21,7 @@ jobs: echo -n "$DOCKER_PASSWORD" | docker --config $DOCKER_CONFIG login --username $DOCKER_USER --password-stdin - name: Build the FTP image run: | - cd modules/ftp + cd docker/modules/ftp docker build -t $DOCKER_USER/hb_modules_ftp . - name: Push the FTP image run: | @@ -37,7 +37,7 @@ jobs: echo -n "$DOCKER_PASSWORD" | docker --config $DOCKER_CONFIG login --username $DOCKER_USER --password-stdin - name: Build the Dummy PC image run: | - cd modules/dummy_pc + cd docker/modules/dummy_pc docker build -t $DOCKER_USER/hb_modules_pc . - name: Push the Dummy PC image run: | diff --git a/.github/workflows/update-vps.yml b/.github/workflows/update-vps.yml index 77ba48c..898ca69 100644 --- a/.github/workflows/update-vps.yml +++ b/.github/workflows/update-vps.yml @@ -24,4 +24,4 @@ jobs: port: ${{ secrets.VPS_PORT }} script: | cd /home/honeybrain/Honeybrain/Honeypot - ./auto_update_vps.sh > /home/honeybrain/Honeybrain/update.log + ./scripts/auto_update_vps.sh > /home/honeybrain/Honeybrain/update.log diff --git a/Makefile b/Makefile index 2218eef..34a51da 100644 --- a/Makefile +++ b/Makefile @@ -3,14 +3,15 @@ FRONTEND_DIR = ../Frontend INSTALLER_DIR = ../Installer PROTO_DIR = protos -DOCKER_COMPOSE_FILE = docker-compose-dev.yml -DOCKER_COMPOSE_PROD_FILE = docker-compose-prod.yml +DOCKER_COMPOSE_FILE = ./docker/compose/docker-compose.yml +DOCKER_COMPOSE_IPS_FILE = ./docker/compose/docker-compose-ips.yml +ROOT = . .PHONY: grpc backend-grpc frontend-grpc installer-grpc run check-setup build stop logs check-setup: @echo "🚀 Checking setup..." - @bash scripts/check-setup.sh $(BACKEND_DIR) $(FRONTEND_DIR) $(INSTALLER_DIR) + @bash scripts/check_setup.sh $(BACKEND_DIR) $(FRONTEND_DIR) $(INSTALLER_DIR) @echo "✅ Setup is okay!" grpc: check-setup backend-grpc frontend-grpc installer-grpc @@ -32,38 +33,16 @@ installer-grpc: run: @echo "🚀 Starting Docker services in detached mode..." - docker compose -f $(DOCKER_COMPOSE_FILE) up -d + @bash scripts/start_honeybrain.sh $(DOCKER_COMPOSE_FILE) $(DOCKER_COMPOSE_IPS_FILE) @echo "✅ Docker services started successfully!" build: grpc @echo "🚀 Starting Docker services with build..." - docker compose -f $(DOCKER_COMPOSE_FILE) build + @bash scripts/build_honeybrain.sh $(DOCKER_COMPOSE_FILE) $(DOCKER_COMPOSE_IPS_FILE) @echo "✅ Docker images built successfully!" stop: @echo "🚀 Stopping Docker services..." - docker compose -f $(DOCKER_COMPOSE_FILE) down + @bash scripts/stop_honeybrain.sh $(DOCKER_COMPOSE_FILE) $(DOCKER_COMPOSE_IPS_FILE) @echo "✅ Docker services stopped successfully!" - -logs: - @echo "📜 Following Docker service logs..." - docker compose -f $(DOCKER_COMPOSE_FILE) logs -f - -run-prod: - @echo "🚀 Starting Docker services in detached mode..." - docker compose -f $(DOCKER_COMPOSE_PROD_FILE) up -d - @echo "✅ Docker services started successfully!" - -build-prod: check-setup grpc - @echo "🚀 Starting Docker services with build..." - docker compose -f $(DOCKER_COMPOSE_PROD_FILE) build - @echo "✅ Docker images built successfully!" - -stop-prod: - @echo "🚀 Stopping Docker services..." - docker compose -f $(DOCKER_COMPOSE_PROD_FILE) down - @echo "✅ Docker services stopped successfully!" - -logs-prod: - @echo "📜 Following Docker service logs..." - docker compose -f $(DOCKER_COMPOSE_PROD_FILE) logs -f \ No newline at end of file + \ No newline at end of file diff --git a/fail2ban/config/action.d/iptables-allports.conf b/config/fail2ban/action.d/iptables-allports.conf similarity index 100% rename from fail2ban/config/action.d/iptables-allports.conf rename to config/fail2ban/action.d/iptables-allports.conf diff --git a/fail2ban/config/action.d/nginx-blockip.conf b/config/fail2ban/action.d/nginx-blockip.conf similarity index 100% rename from fail2ban/config/action.d/nginx-blockip.conf rename to config/fail2ban/action.d/nginx-blockip.conf diff --git a/fail2ban/config/fail2ban.env b/config/fail2ban/fail2ban.env similarity index 100% rename from fail2ban/config/fail2ban.env rename to config/fail2ban/fail2ban.env diff --git a/fail2ban/config/filter.d/nginx-honeypot.conf b/config/fail2ban/filter.d/nginx-honeypot.conf similarity index 100% rename from fail2ban/config/filter.d/nginx-honeypot.conf rename to config/fail2ban/filter.d/nginx-honeypot.conf diff --git a/fail2ban/config/jail.d/jail.local b/config/fail2ban/jail.d/jail.local similarity index 100% rename from fail2ban/config/jail.d/jail.local rename to config/fail2ban/jail.d/jail.local diff --git a/nginx/config/nginx.conf b/config/nginx/nginx.conf similarity index 100% rename from nginx/config/nginx.conf rename to config/nginx/nginx.conf diff --git a/suricata/config/suricata.rules b/config/suricata/suricata.rules similarity index 100% rename from suricata/config/suricata.rules rename to config/suricata/suricata.rules diff --git a/suricata/config/suricata.yaml b/config/suricata/suricata.yaml similarity index 100% rename from suricata/config/suricata.yaml rename to config/suricata/suricata.yaml diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml deleted file mode 100644 index 99f5778..0000000 --- a/docker-compose-prod.yml +++ /dev/null @@ -1,144 +0,0 @@ -version: "3" -services: - reverse_proxy: - image: nginx:latest - container_name: reverse_proxy - volumes: - - ./nginx/config/nginx.conf:/etc/nginx/nginx.conf - - "./nginx/config/block.conf:/etc/nginx/block.conf" - - ./logs/nginx:/var/log/nginx - ports: - - "80:80" - networks: - - services_network - depends_on: - - shop - - fail2ban - - shop: - image: shop_image - container_name: shop - build: - context: ./shop/docker - networks: - - services_network - - fail2ban: - build: - context: ./fail2ban/docker - container_name: fail2ban - restart: "unless-stopped" - network_mode: host - cap_add: - - NET_ADMIN - - NET_RAW - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ./logs/suricata/fast.log:/var/log/suricata.log - - "./logs/fail2ban:/var/log/fail2ban" - - "./fail2ban/config:/data" - - "/var/lib/docker/containers/:/container-logs/:ro" - - "./nginx/config/block.conf:/etc/nginx/block.conf" - - "./nginx/config/nginx.conf:/etc/nginx/nginx.conf" - env_file: - - "./fail2ban/config/fail2ban.env" - depends_on: - - suricata - - suricata: - image: jasonish/suricata:latest - container_name: suricata - network_mode: host - cap_add: - - NET_ADMIN - - NET_RAW - - SYS_NICE - volumes: - - ./logs/suricata/fast.log:/var/log/suricata/fast.log - - ./suricata/config/suricata.yaml:/etc/suricata/suricata.yaml - - ./suricata/config/suricata.rules:/var/lib/suricata/rules/suricata.rules - command: -i eth0 - - dummy_pc_0: - image: adrienroco/hb_modules_pc:latest - container_name: honeypot_dummy_pc_0 - networks: - honeypot_network: - ipv4_address: 192.168.1.12 - - dummy_pc_1: - image: adrienroco/hb_modules_pc:latest - container_name: honeypot_dummy_pc_1 - networks: - honeypot_network: - ipv4_address: 192.168.1.13 - - dummy_pc_2: - image: adrienroco/hb_modules_pc:latest - container_name: honeypot_dummy_pc_2 - networks: - honeypot_network: - ipv4_address: 192.168.1.14 - - dummy_pc_3: - image: adrienroco/hb_modules_pc:latest - container_name: honeypot_dummy_pc_3 - networks: - honeypot_network: - ipv4_address: 192.168.1.15 - - ftp: - image: adrienroco/hb_modules_ftp:latest - container_name: honeypot_ftp - ports: - - "21:21" - networks: - honeypot_network: - ipv4_address: 192.168.1.17 - - backend: - image: adrienroco/hb_dashboard_back:latest - container_name: backend - ports: - - "8000:8000" - environment: - - NODE_ENV=production - networks: - - dashboard_network - volumes: - - "./logs/suricata/fast.log:/app/honeypot/fast.log" - - "./nginx/config/block.conf:/app/honeypot/block.conf" - - /var/run/docker.sock:/var/run/docker.sock - healthcheck: - test: ["CMD", "curl", "--fail", "http://localhost:8000/"] - interval: 10s - timeout: 5s - retries: 3 - - frontend: - image: adrienroco/hb_dashboard_front:latest - container_name: frontend - environment: - - NODE_ENV=production - ports: - - "3000:3000" - networks: - - dashboard_network - # volumes: - # - ../Frontend/:/app - healthcheck: - test: ["CMD", "curl", "--fail", "http://localhost:3000/"] - interval: 10s - timeout: 5s - retries: 3 - -networks: - honeypot_network: - name: honeypot_network - ipam: - config: - - subnet: 192.168.1.0/24 - services_network: - name: services_network - dashboard_network: - name: dashboard_network diff --git a/docker/compose/docker-compose-ips.yml b/docker/compose/docker-compose-ips.yml new file mode 100644 index 0000000..5a743f1 --- /dev/null +++ b/docker/compose/docker-compose-ips.yml @@ -0,0 +1,37 @@ +version: "3" +services: + fail2ban: + build: + context: ../dockerfile/fail2ban + container_name: fail2ban + restart: "unless-stopped" + network_mode: host + cap_add: + - NET_ADMIN + - NET_RAW + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - "../../logs/suricata/fast.log:/var/log/suricata.log" + - "../../logs/fail2ban:/var/log/fail2ban" + - "../../config/fail2ban:/data" + - "/var/lib/docker/containers/:/container-logs/:ro" + - "../../config/nginx/block.conf:/etc/nginx/block.conf" + - "../../config/nginx/nginx.conf:/etc/nginx/nginx.conf" + env_file: + - "../../config/fail2ban/fail2ban.env" + depends_on: + - suricata + + suricata: + image: jasonish/suricata:latest + container_name: suricata + network_mode: host + cap_add: + - NET_ADMIN + - NET_RAW + - SYS_NICE + volumes: + - "../../logs/suricata/fast.log:/var/log/suricata/fast.log" + - "../../config/suricata/suricata.yaml:/etc/suricata/suricata.yaml" + - "../../config/suricata/suricata.rules:/var/lib/suricata/rules/suricata.rules" + command: -i ${NETWORK_INTERFACE:-null} \ No newline at end of file diff --git a/docker-compose-dev.yml b/docker/compose/docker-compose.yml similarity index 55% rename from docker-compose-dev.yml rename to docker/compose/docker-compose.yml index 3263805..f2a398d 100644 --- a/docker-compose-dev.yml +++ b/docker/compose/docker-compose.yml @@ -4,65 +4,28 @@ services: image: nginx:latest container_name: reverse_proxy volumes: - - ./nginx/config/nginx.conf:/etc/nginx/nginx.conf - - "./nginx/config/block.conf:/etc/nginx/block.conf" - - ./logs/nginx:/var/log/nginx + - "../../config/nginx/nginx.conf:/etc/nginx/nginx.conf" + - "../../config/nginx/block.conf:/etc/nginx/block.conf" + - "../../logs/nginx:/var/log/nginx" ports: - "80:80" networks: - services_network depends_on: - shop - - fail2ban shop: image: shop_image container_name: shop build: - context: ./shop/docker + context: ../dockerfile/shop networks: - services_network - fail2ban: - build: - context: ./fail2ban/docker - container_name: fail2ban - restart: "unless-stopped" - network_mode: host - cap_add: - - NET_ADMIN - - NET_RAW - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ./logs/suricata/fast.log:/var/log/suricata.log - - "./logs/fail2ban:/var/log/fail2ban" - - "./fail2ban/config:/data" - - "/var/lib/docker/containers/:/container-logs/:ro" - - "./nginx/config/block.conf:/etc/nginx/block.conf" - - "./nginx/config/nginx.conf:/etc/nginx/nginx.conf" - env_file: - - "./fail2ban/config/fail2ban.env" - depends_on: - - suricata - - suricata: - image: jasonish/suricata:latest - container_name: suricata - network_mode: host - cap_add: - - NET_ADMIN - - NET_RAW - - SYS_NICE - volumes: - - ./logs/suricata/fast.log:/var/log/suricata/fast.log - - ./suricata/config/suricata.yaml:/etc/suricata/suricata.yaml - - ./suricata/config/suricata.rules:/var/lib/suricata/rules/suricata.rules - command: -i enp2s0 - dummy_pc_0: container_name: honeypot_dummy_pc_0 build: - context: ./modules/dummy_pc + context: ../modules/dummy_pc dockerfile: Dockerfile networks: honeypot_network: @@ -71,7 +34,7 @@ services: dummy_pc_1: container_name: honeypot_dummy_pc_1 build: - context: ./modules/dummy_pc + context: ../modules/dummy_pc dockerfile: Dockerfile networks: honeypot_network: @@ -80,7 +43,7 @@ services: dummy_pc_2: container_name: honeypot_dummy_pc_2 build: - context: ./modules/dummy_pc + context: ../modules/dummy_pc dockerfile: Dockerfile networks: honeypot_network: @@ -89,7 +52,7 @@ services: dummy_pc_3: container_name: honeypot_dummy_pc_3 build: - context: ./modules/dummy_pc + context: ../modules/dummy_pc dockerfile: Dockerfile networks: honeypot_network: @@ -98,7 +61,7 @@ services: ftp: container_name: honeypot_dummy_ftp build: - context: ./modules/ftp + context: ../modules/ftp dockerfile: Dockerfile ports: - "21:21" @@ -110,16 +73,16 @@ services: image: backend container_name: backend build: - context: ../Backend/ + context: ../../../Backend/ dockerfile: Dockerfile.dev environment: - NODE_ENV=production networks: - dashboard_network volumes: - - "./logs/suricata/fast.log:/app/honeypot/fast.log" - - "./nginx/config/block.conf:/app/honeypot/block.conf" - - /var/run/docker.sock:/var/run/docker.sock + - "../../logs/suricata/fast.log:/app/honeypot/fast.log" + - "../../config/nginx/block.conf:/app/honeypot/block.conf" + - "/var/run/docker.sock:/var/run/docker.sock" healthcheck: test: ["CMD", "curl", "--fail", "http://localhost:50051/"] interval: 10s @@ -130,7 +93,7 @@ services: image: frontend container_name: frontend build: - context: ../Frontend/ + context: ../../../Frontend/ dockerfile: Dockerfile.dev restart: unless-stopped ports: @@ -138,7 +101,7 @@ services: networks: - dashboard_network volumes: - - ../Frontend/src:/app/src + - "../../../Frontend/src:/app/src" healthcheck: test: ["CMD", "curl", "--fail", "http://localhost:3000/"] interval: 10s @@ -148,8 +111,8 @@ services: envoy: container_name: envoy build: - context: ../Backend/ - dockerfile: ../Backend/Dockerfile.envoy + context: ../../../Backend/ + dockerfile: Dockerfile.envoy ports: - "8080:8080" networks: diff --git a/fail2ban/docker/Dockerfile b/docker/dockerfile/fail2ban/Dockerfile similarity index 100% rename from fail2ban/docker/Dockerfile rename to docker/dockerfile/fail2ban/Dockerfile diff --git a/shop/docker/Dockerfile b/docker/dockerfile/shop/Dockerfile similarity index 100% rename from shop/docker/Dockerfile rename to docker/dockerfile/shop/Dockerfile diff --git a/shop/docker/index.html b/docker/dockerfile/shop/index.html similarity index 100% rename from shop/docker/index.html rename to docker/dockerfile/shop/index.html diff --git a/suricata/docker/Dockerfile b/docker/dockerfile/suricata/Dockerfile similarity index 100% rename from suricata/docker/Dockerfile rename to docker/dockerfile/suricata/Dockerfile diff --git a/modules/dummy_pc/Dockerfile b/docker/modules/dummy_pc/Dockerfile similarity index 100% rename from modules/dummy_pc/Dockerfile rename to docker/modules/dummy_pc/Dockerfile diff --git a/modules/ftp/Dockerfile b/docker/modules/ftp/Dockerfile similarity index 100% rename from modules/ftp/Dockerfile rename to docker/modules/ftp/Dockerfile diff --git a/nginx/config/block.conf b/nginx/config/block.conf deleted file mode 100644 index e69de29..0000000 diff --git a/auto_update_vps.sh b/scripts/auto_update_vps.sh similarity index 100% rename from auto_update_vps.sh rename to scripts/auto_update_vps.sh diff --git a/scripts/build_honeybrain.sh b/scripts/build_honeybrain.sh new file mode 100644 index 0000000..624fefe --- /dev/null +++ b/scripts/build_honeybrain.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +DOCKER_COMPOSE_FILE=$1 +DOCKER_COMPOSE_IPS_FILE=$2 + +echo "⌛ Building honeypot images..." + +docker compose -p honeybrain -f $DOCKER_COMPOSE_FILE build + +echo "⌛ Building IDS/IPS images..." + +docker compose -p honeybrain -f $DOCKER_COMPOSE_IPS_FILE build diff --git a/scripts/check-setup.sh b/scripts/check_setup.sh similarity index 100% rename from scripts/check-setup.sh rename to scripts/check_setup.sh diff --git a/scripts/start_honeybrain.sh b/scripts/start_honeybrain.sh new file mode 100644 index 0000000..b8b3f97 --- /dev/null +++ b/scripts/start_honeybrain.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +export COMPOSE_IGNORE_ORPHANS=True + +DOCKER_COMPOSE_FILE=$1 +DOCKER_COMPOSE_IPS_FILE=$2 + +echo "⌛ Starting Honeypot services..." + +docker compose -p honeybrain -f $DOCKER_COMPOSE_FILE up -d + +echo "⌛ Getting network interface..." + +NETWORK_ID=$(docker network ls --filter name=honeypot_network --format '{{.ID}}') +export NETWORK_INTERFACE=br-${NETWORK_ID} + +echo "✅ Now spying network honeypot_network ($NETWORK_INTERFACE)" + +echo "⌛ Starting IDS/IPS services..." + +docker compose -p honeybrain -f $DOCKER_COMPOSE_IPS_FILE up -d + diff --git a/scripts/stop_honeybrain.sh b/scripts/stop_honeybrain.sh new file mode 100644 index 0000000..66589fb --- /dev/null +++ b/scripts/stop_honeybrain.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +DOCKER_COMPOSE_FILE=$1 +DOCKER_COMPOSE_IPS_FILE=$2 + +echo "⌛ Stopping Honeypot services..." + +docker compose -p honeybrain -f $DOCKER_COMPOSE_FILE down + +echo "⌛ Stopping IDS/IPS services..." + +docker compose -p honeybrain -f $DOCKER_COMPOSE_IPS_FILE down