Merge branch 'dev'

.gitignore

@@ -25,3 +25,5 @@ env/
 poetry.lock
 .venv/
 srv/isc-agent/requirements.txt
+
+

README_Terraform.md

@@ -0,0 +1,60 @@
+### For instructions on how to install `terraform`, please consult the following: [HashiCorp Terraform Installation](https://learn.hashicorp.com/tutorials/terraform/install-cli)  
+
+### Install `git` if not part of the default OS packages:
+`sudo <OS package manager here> install git`  
+(_could be apt, yum, dpkg, etc._)
+
+### Clone this repository:
+`git clone https://github.com/DShield-ISC/dshield`
+
+### Change into the `cloud provider` automation directory of choice:
+- To deploy honeypots using AWS' infrastructure: 
+  - `cd dshield/terraform/aws/`
+
+- To deploy honeypots using Microsoft Azure's infrastructure: 
+  - `cd dshield/terraform/azure/`
+
+### Adjust the required and optional variables to reflect the environment:
+`<insert your editor of choice here> variables.tf `  
+(_no judgement if the editor isn't `vi`_)
+
+### Define the following **required** variables:
+- **dshield_email**
+- **dshield_apikey**
+- **dshield_userid**
+- **aws_ssh_key_pub**  _OR_ **azure_ssh_key_pub**  _depending on provider_
+- **aws_ssh_key_priv** _OR_ **azure_ssh_key_priv** _depending on provider_
+- **aws_credentials**       _if using **AWS**_
+- **azure_tenant_id**       _if using **Azure Service Principal**_
+- **azure_subscription_id** _if using **Azure Service Principal**_
+- **azure_client_id**       _if using **Azure Service Principal**_
+- **azure_client_secret**   _if using **Azure Service Principal**_
+
+### Optional variables:
+- **honeypot_nodes** (default: `1` *increase to scale horizontally*)
+- **aws_region** (default: `us-east-1`)            _if using **AWS**_
+- **aws_ec2_size** (default: `t2.micro`)           _if using **AWS**_
+- **azure_region** (default: `East US`)            _if using **Azure**_
+- **azure_image_size** (default: `Standard_B1ls`)  _if using **Azure**_
+- **honeypot_network** (default: `10.40.0.0/16` for VPC & `10.40.0.0/24` for SG)
+- **honeypot_ssh_port** (default: `12222`)
+- **dshield_ca_country** (default: `US`)
+- **dshield_ca_state** (default: `Florida`)
+- **dshield_ca_city** (default: `Jacksonville`)
+- **dshield_ca_company** (default: `DShield`)
+- **dshield_ca_depart** (default: `Decoy`)
+
+### General assumptions (**please update to reflect the appropriate locations as denoted above**):
+- AWS credentials are contained in the default location: 
+  - `~/.aws/credentials`
+
+- Azure credentials are successfully validated using `az login` prior to plan/apply
+
+- SSH credentials are contained in the default location: 
+  - `~/.ssh/id_rsa`
+  - `~/.ssh/id_rsa.pub`
+
+### After completing the above items, run the following commands to begin the installation:
+```terraform init; terraform plan -out=honeypot; terraform apply "honeypot"```  
+**OR**  
+```terraform init; terraform apply``` and type `yes` when prompted

bin/install.sh

@@ -1155,15 +1155,13 @@ else
     ssexists=0
 fi
 
-if [ ${ssexists} -eq 0 && $[netstatexists} -eq 0 ]; then
+if [ ${ssexists} -eq 0 ] && [ ${netstatexists} -eq 0 ]; then
     dlog "Neither netstat nor ss exists. Need at least one of them."
     exit 5
 fi
 
-echo $ssexists $netstatexists
+# TODO: using ss instead of netstat if necessary
 
-exit
-
 drun "netstat -an | grep ':${CURSSHDPORT}' | grep ESTABLISHED | awk '{print \$5}' | cut -d ':' -f 1 | sort -u | tr '\n' ' ' | sed 's/ $//'"
 CONIPS=$(netstat -an | grep ":${CURSSHDPORT}" | grep ESTABLISHED | awk '{print $5}' | cut -d ':' -f 1 | sort -u | tr '\n' ' ' | sed 's/ $//')
 
@@ -2058,6 +2056,7 @@ dlog "installing ISC-Agent"
 run "mkdir -p ${ISC_AGENT_DIR}"
 do_copy $progdir/../srv/isc-agent ${ISC_AGENT_DIR}/../
 do_copy $progdir/../lib/systemd/system/isc-agent.service ${systemdpref}/lib/systemd/system/ 644
+do_copy $progdir/requirements.txt ${ISC_AGENT_DIR}
 run "chmod +x /srv/isc-agent/bin/isc-agent"
 run "mkdir -m 0700 /srv/isc-agent/run"
 

bin/status.sh

@@ -34,6 +34,13 @@ find /srv/cowrie/var/lib/cowrie/tty -ctime +30 -type f -delete
 
 myip=$(netstat -nt | grep ESTABLISHED | awk '{print $4}' | cut -f1 -d':' | head -1)
 
+# in case the user is logged in on the console and no established
+# connections can be found
+
+if [ "$myip" == "" ]; then
+   myip=$(ip -4 route | grep '^default' | cut -f9 -d' ')
+fi    
+
 echo "
 
 #########