├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── config └── sysconfig │ └── .keep ├── docker-compose.yml ├── guided_docker_compose.py ├── requirements.txt └── templates ├── chn-intel-feeds.env.template ├── chn_server.env.template ├── docker-compose-chn-intel-feeds.yml.template ├── docker-compose-cif.yml.template ├── docker-compose-log.yml.template ├── docker-compose.yml.template ├── hpfeeds-cif.env.template ├── hpfeeds-logger.env.template └── mnemosyne.env.template /.gitignore: -------------------------------------------------------------------------------- 1 | # Files specific to this project 2 | config/sysconfig/chnserver.sysconfig 3 | certs/* 4 | storage/chnserver/ 5 | storage/mongodb/ 6 | storage/redis/ 7 | 8 | # Byte-compiled / optimized / DLL files 9 | __pycache__/ 10 | *.py[cod] 11 | *$py.class 12 | 13 | # C extensions 14 | *.so 15 | 16 | # Distribution / packaging 17 | .Python 18 | build/ 19 | develop-eggs/ 20 | dist/ 21 | downloads/ 22 | eggs/ 23 | .eggs/ 24 | lib/ 25 | lib64/ 26 | parts/ 27 | sdist/ 28 | var/ 29 | wheels/ 30 | *.egg-info/ 31 | .installed.cfg 32 | *.egg 33 | MANIFEST 34 | 35 | # PyInstaller 36 | # Usually these files are written by a python script from a template 37 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 38 | *.manifest 39 | *.spec 40 | 41 | # Installer logs 42 | pip-log.txt 43 | pip-delete-this-directory.txt 44 | 45 | # Unit test / coverage reports 46 | htmlcov/ 47 | .tox/ 48 | .coverage 49 | .coverage.* 50 | .cache 51 | nosetests.xml 52 | coverage.xml 53 | *.cover 54 | .hypothesis/ 55 | .pytest_cache/ 56 | 57 | # Translations 58 | *.mo 59 | *.pot 60 | 61 | # Django stuff: 62 | *.log 63 | local_settings.py 64 | db.sqlite3 65 | 66 | # Flask stuff: 67 | instance/ 68 | .webassets-cache 69 | 70 | # Scrapy stuff: 71 | .scrapy 72 | 73 | # Sphinx documentation 74 | docs/_build/ 75 | 76 | # PyBuilder 77 | target/ 78 | 79 | # Jupyter Notebook 80 | .ipynb_checkpoints 81 | 82 | # pyenv 83 | .python-version 84 | 85 | # celery beat schedule file 86 | celerybeat-schedule 87 | 88 | # SageMath parsed files 89 | *.sage.py 90 | 91 | # Environments 92 | .env 93 | .venv 94 | env/ 95 | venv/ 96 | ENV/ 97 | env.bak/ 98 | venv.bak/ 99 | 100 | # Spyder project settings 101 | .spyderproject 102 | .spyproject 103 | 104 | # Rope project settings 105 | .ropeproject 106 | 107 | # mkdocs documentation 108 | /site 109 | 110 | # mypy 111 | .mypy_cache/ 112 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | LABEL maintainer="Team Stingar " 4 | LABEL name="chn-config" 5 | LABEL version="1.9.1" 6 | LABEL release="1" 7 | # hadolint ignore=DL3008,DL3005 8 | ENV DEBIAN_FRONTEND "noninteractive" 9 | 10 | VOLUME /config 11 | 12 | # hadolint ignore=DL3008,DL3005 13 | RUN apt-get update \ 14 | && apt-get install --no-install-recommends -y ansible python3-pip \ 15 | && apt-get clean \ 16 | && rm -rf /var/lib/apt/lists/* 17 | 18 | RUN mkdir /code 19 | COPY . /code 20 | 21 | RUN python3 -m pip install --upgrade pip setuptools wheel \ 22 | && python3 -m pip install -r /code/requirements.txt 23 | 24 | ENTRYPOINT [ "/code/scripts/generate_chn_sysconfig.py", "-o", "/config/chnserver.sysconfig", "-s", "https://myhome.com" ] 25 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 2.1, February 1999 3 | 4 | Copyright (C) 1991, 1999 Free Software Foundation, Inc. 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | [This is the first released version of the Lesser GPL. It also counts 10 | as the successor of the GNU Library Public License, version 2, hence 11 | the version number 2.1.] 12 | 13 | Preamble 14 | 15 | The licenses for most software are designed to take away your 16 | freedom to share and change it. By contrast, the GNU General Public 17 | Licenses are intended to guarantee your freedom to share and change 18 | free software--to make sure the software is free for all its users. 19 | 20 | This license, the Lesser General Public License, applies to some 21 | specially designated software packages--typically libraries--of the 22 | Free Software Foundation and other authors who decide to use it. You 23 | can use it too, but we suggest you first think carefully about whether 24 | this license or the ordinary General Public License is the better 25 | strategy to use in any particular case, based on the explanations below. 26 | 27 | When we speak of free software, we are referring to freedom of use, 28 | not price. Our General Public Licenses are designed to make sure that 29 | you have the freedom to distribute copies of free software (and charge 30 | for this service if you wish); that you receive source code or can get 31 | it if you want it; that you can change the software and use pieces of 32 | it in new free programs; and that you are informed that you can do 33 | these things. 34 | 35 | To protect your rights, we need to make restrictions that forbid 36 | distributors to deny you these rights or to ask you to surrender these 37 | rights. These restrictions translate to certain responsibilities for 38 | you if you distribute copies of the library or if you modify it. 39 | 40 | For example, if you distribute copies of the library, whether gratis 41 | or for a fee, you must give the recipients all the rights that we gave 42 | you. You must make sure that they, too, receive or can get the source 43 | code. If you link other code with the library, you must provide 44 | complete object files to the recipients, so that they can relink them 45 | with the library after making changes to the library and recompiling 46 | it. And you must show them these terms so they know their rights. 47 | 48 | We protect your rights with a two-step method: (1) we copyright the 49 | library, and (2) we offer you this license, which gives you legal 50 | permission to copy, distribute and/or modify the library. 51 | 52 | To protect each distributor, we want to make it very clear that 53 | there is no warranty for the free library. Also, if the library is 54 | modified by someone else and passed on, the recipients should know 55 | that what they have is not the original version, so that the original 56 | author's reputation will not be affected by problems that might be 57 | introduced by others. 58 | 59 | Finally, software patents pose a constant threat to the existence of 60 | any free program. We wish to make sure that a company cannot 61 | effectively restrict the users of a free program by obtaining a 62 | restrictive license from a patent holder. Therefore, we insist that 63 | any patent license obtained for a version of the library must be 64 | consistent with the full freedom of use specified in this license. 65 | 66 | Most GNU software, including some libraries, is covered by the 67 | ordinary GNU General Public License. This license, the GNU Lesser 68 | General Public License, applies to certain designated libraries, and 69 | is quite different from the ordinary General Public License. We use 70 | this license for certain libraries in order to permit linking those 71 | libraries into non-free programs. 72 | 73 | When a program is linked with a library, whether statically or using 74 | a shared library, the combination of the two is legally speaking a 75 | combined work, a derivative of the original library. The ordinary 76 | General Public License therefore permits such linking only if the 77 | entire combination fits its criteria of freedom. The Lesser General 78 | Public License permits more lax criteria for linking other code with 79 | the library. 80 | 81 | We call this license the "Lesser" General Public License because it 82 | does Less to protect the user's freedom than the ordinary General 83 | Public License. It also provides other free software developers Less 84 | of an advantage over competing non-free programs. These disadvantages 85 | are the reason we use the ordinary General Public License for many 86 | libraries. However, the Lesser license provides advantages in certain 87 | special circumstances. 88 | 89 | For example, on rare occasions, there may be a special need to 90 | encourage the widest possible use of a certain library, so that it becomes 91 | a de-facto standard. To achieve this, non-free programs must be 92 | allowed to use the library. A more frequent case is that a free 93 | library does the same job as widely used non-free libraries. In this 94 | case, there is little to gain by limiting the free library to free 95 | software only, so we use the Lesser General Public License. 96 | 97 | In other cases, permission to use a particular library in non-free 98 | programs enables a greater number of people to use a large body of 99 | free software. For example, permission to use the GNU C Library in 100 | non-free programs enables many more people to use the whole GNU 101 | operating system, as well as its variant, the GNU/Linux operating 102 | system. 103 | 104 | Although the Lesser General Public License is Less protective of the 105 | users' freedom, it does ensure that the user of a program that is 106 | linked with the Library has the freedom and the wherewithal to run 107 | that program using a modified version of the Library. 108 | 109 | The precise terms and conditions for copying, distribution and 110 | modification follow. Pay close attention to the difference between a 111 | "work based on the library" and a "work that uses the library". The 112 | former contains code derived from the library, whereas the latter must 113 | be combined with the library in order to run. 114 | 115 | GNU LESSER GENERAL PUBLIC LICENSE 116 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 117 | 118 | 0. This License Agreement applies to any software library or other 119 | program which contains a notice placed by the copyright holder or 120 | other authorized party saying it may be distributed under the terms of 121 | this Lesser General Public License (also called "this License"). 122 | Each licensee is addressed as "you". 123 | 124 | A "library" means a collection of software functions and/or data 125 | prepared so as to be conveniently linked with application programs 126 | (which use some of those functions and data) to form executables. 127 | 128 | The "Library", below, refers to any such software library or work 129 | which has been distributed under these terms. A "work based on the 130 | Library" means either the Library or any derivative work under 131 | copyright law: that is to say, a work containing the Library or a 132 | portion of it, either verbatim or with modifications and/or translated 133 | straightforwardly into another language. (Hereinafter, translation is 134 | included without limitation in the term "modification".) 135 | 136 | "Source code" for a work means the preferred form of the work for 137 | making modifications to it. For a library, complete source code means 138 | all the source code for all modules it contains, plus any associated 139 | interface definition files, plus the scripts used to control compilation 140 | and installation of the library. 141 | 142 | Activities other than copying, distribution and modification are not 143 | covered by this License; they are outside its scope. The act of 144 | running a program using the Library is not restricted, and output from 145 | such a program is covered only if its contents constitute a work based 146 | on the Library (independent of the use of the Library in a tool for 147 | writing it). Whether that is true depends on what the Library does 148 | and what the program that uses the Library does. 149 | 150 | 1. You may copy and distribute verbatim copies of the Library's 151 | complete source code as you receive it, in any medium, provided that 152 | you conspicuously and appropriately publish on each copy an 153 | appropriate copyright notice and disclaimer of warranty; keep intact 154 | all the notices that refer to this License and to the absence of any 155 | warranty; and distribute a copy of this License along with the 156 | Library. 157 | 158 | You may charge a fee for the physical act of transferring a copy, 159 | and you may at your option offer warranty protection in exchange for a 160 | fee. 161 | 162 | 2. You may modify your copy or copies of the Library or any portion 163 | of it, thus forming a work based on the Library, and copy and 164 | distribute such modifications or work under the terms of Section 1 165 | above, provided that you also meet all of these conditions: 166 | 167 | a) The modified work must itself be a software library. 168 | 169 | b) You must cause the files modified to carry prominent notices 170 | stating that you changed the files and the date of any change. 171 | 172 | c) You must cause the whole of the work to be licensed at no 173 | charge to all third parties under the terms of this License. 174 | 175 | d) If a facility in the modified Library refers to a function or a 176 | table of data to be supplied by an application program that uses 177 | the facility, other than as an argument passed when the facility 178 | is invoked, then you must make a good faith effort to ensure that, 179 | in the event an application does not supply such function or 180 | table, the facility still operates, and performs whatever part of 181 | its purpose remains meaningful. 182 | 183 | (For example, a function in a library to compute square roots has 184 | a purpose that is entirely well-defined independent of the 185 | application. Therefore, Subsection 2d requires that any 186 | application-supplied function or table used by this function must 187 | be optional: if the application does not supply it, the square 188 | root function must still compute square roots.) 189 | 190 | These requirements apply to the modified work as a whole. If 191 | identifiable sections of that work are not derived from the Library, 192 | and can be reasonably considered independent and separate works in 193 | themselves, then this License, and its terms, do not apply to those 194 | sections when you distribute them as separate works. But when you 195 | distribute the same sections as part of a whole which is a work based 196 | on the Library, the distribution of the whole must be on the terms of 197 | this License, whose permissions for other licensees extend to the 198 | entire whole, and thus to each and every part regardless of who wrote 199 | it. 200 | 201 | Thus, it is not the intent of this section to claim rights or contest 202 | your rights to work written entirely by you; rather, the intent is to 203 | exercise the right to control the distribution of derivative or 204 | collective works based on the Library. 205 | 206 | In addition, mere aggregation of another work not based on the Library 207 | with the Library (or with a work based on the Library) on a volume of 208 | a storage or distribution medium does not bring the other work under 209 | the scope of this License. 210 | 211 | 3. You may opt to apply the terms of the ordinary GNU General Public 212 | License instead of this License to a given copy of the Library. To do 213 | this, you must alter all the notices that refer to this License, so 214 | that they refer to the ordinary GNU General Public License, version 2, 215 | instead of to this License. (If a newer version than version 2 of the 216 | ordinary GNU General Public License has appeared, then you can specify 217 | that version instead if you wish.) Do not make any other change in 218 | these notices. 219 | 220 | Once this change is made in a given copy, it is irreversible for 221 | that copy, so the ordinary GNU General Public License applies to all 222 | subsequent copies and derivative works made from that copy. 223 | 224 | This option is useful when you wish to copy part of the code of 225 | the Library into a program that is not a library. 226 | 227 | 4. You may copy and distribute the Library (or a portion or 228 | derivative of it, under Section 2) in object code or executable form 229 | under the terms of Sections 1 and 2 above provided that you accompany 230 | it with the complete corresponding machine-readable source code, which 231 | must be distributed under the terms of Sections 1 and 2 above on a 232 | medium customarily used for software interchange. 233 | 234 | If distribution of object code is made by offering access to copy 235 | from a designated place, then offering equivalent access to copy the 236 | source code from the same place satisfies the requirement to 237 | distribute the source code, even though third parties are not 238 | compelled to copy the source along with the object code. 239 | 240 | 5. A program that contains no derivative of any portion of the 241 | Library, but is designed to work with the Library by being compiled or 242 | linked with it, is called a "work that uses the Library". Such a 243 | work, in isolation, is not a derivative work of the Library, and 244 | therefore falls outside the scope of this License. 245 | 246 | However, linking a "work that uses the Library" with the Library 247 | creates an executable that is a derivative of the Library (because it 248 | contains portions of the Library), rather than a "work that uses the 249 | library". The executable is therefore covered by this License. 250 | Section 6 states terms for distribution of such executables. 251 | 252 | When a "work that uses the Library" uses material from a header file 253 | that is part of the Library, the object code for the work may be a 254 | derivative work of the Library even though the source code is not. 255 | Whether this is true is especially significant if the work can be 256 | linked without the Library, or if the work is itself a library. The 257 | threshold for this to be true is not precisely defined by law. 258 | 259 | If such an object file uses only numerical parameters, data 260 | structure layouts and accessors, and small macros and small inline 261 | functions (ten lines or less in length), then the use of the object 262 | file is unrestricted, regardless of whether it is legally a derivative 263 | work. (Executables containing this object code plus portions of the 264 | Library will still fall under Section 6.) 265 | 266 | Otherwise, if the work is a derivative of the Library, you may 267 | distribute the object code for the work under the terms of Section 6. 268 | Any executables containing that work also fall under Section 6, 269 | whether or not they are linked directly with the Library itself. 270 | 271 | 6. As an exception to the Sections above, you may also combine or 272 | link a "work that uses the Library" with the Library to produce a 273 | work containing portions of the Library, and distribute that work 274 | under terms of your choice, provided that the terms permit 275 | modification of the work for the customer's own use and reverse 276 | engineering for debugging such modifications. 277 | 278 | You must give prominent notice with each copy of the work that the 279 | Library is used in it and that the Library and its use are covered by 280 | this License. You must supply a copy of this License. If the work 281 | during execution displays copyright notices, you must include the 282 | copyright notice for the Library among them, as well as a reference 283 | directing the user to the copy of this License. Also, you must do one 284 | of these things: 285 | 286 | a) Accompany the work with the complete corresponding 287 | machine-readable source code for the Library including whatever 288 | changes were used in the work (which must be distributed under 289 | Sections 1 and 2 above); and, if the work is an executable linked 290 | with the Library, with the complete machine-readable "work that 291 | uses the Library", as object code and/or source code, so that the 292 | user can modify the Library and then relink to produce a modified 293 | executable containing the modified Library. (It is understood 294 | that the user who changes the contents of definitions files in the 295 | Library will not necessarily be able to recompile the application 296 | to use the modified definitions.) 297 | 298 | b) Use a suitable shared library mechanism for linking with the 299 | Library. A suitable mechanism is one that (1) uses at run time a 300 | copy of the library already present on the user's computer system, 301 | rather than copying library functions into the executable, and (2) 302 | will operate properly with a modified version of the library, if 303 | the user installs one, as long as the modified version is 304 | interface-compatible with the version that the work was made with. 305 | 306 | c) Accompany the work with a written offer, valid for at 307 | least three years, to give the same user the materials 308 | specified in Subsection 6a, above, for a charge no more 309 | than the cost of performing this distribution. 310 | 311 | d) If distribution of the work is made by offering access to copy 312 | from a designated place, offer equivalent access to copy the above 313 | specified materials from the same place. 314 | 315 | e) Verify that the user has already received a copy of these 316 | materials or that you have already sent this user a copy. 317 | 318 | For an executable, the required form of the "work that uses the 319 | Library" must include any data and utility programs needed for 320 | reproducing the executable from it. However, as a special exception, 321 | the materials to be distributed need not include anything that is 322 | normally distributed (in either source or binary form) with the major 323 | components (compiler, kernel, and so on) of the operating system on 324 | which the executable runs, unless that component itself accompanies 325 | the executable. 326 | 327 | It may happen that this requirement contradicts the license 328 | restrictions of other proprietary libraries that do not normally 329 | accompany the operating system. Such a contradiction means you cannot 330 | use both them and the Library together in an executable that you 331 | distribute. 332 | 333 | 7. You may place library facilities that are a work based on the 334 | Library side-by-side in a single library together with other library 335 | facilities not covered by this License, and distribute such a combined 336 | library, provided that the separate distribution of the work based on 337 | the Library and of the other library facilities is otherwise 338 | permitted, and provided that you do these two things: 339 | 340 | a) Accompany the combined library with a copy of the same work 341 | based on the Library, uncombined with any other library 342 | facilities. This must be distributed under the terms of the 343 | Sections above. 344 | 345 | b) Give prominent notice with the combined library of the fact 346 | that part of it is a work based on the Library, and explaining 347 | where to find the accompanying uncombined form of the same work. 348 | 349 | 8. You may not copy, modify, sublicense, link with, or distribute 350 | the Library except as expressly provided under this License. Any 351 | attempt otherwise to copy, modify, sublicense, link with, or 352 | distribute the Library is void, and will automatically terminate your 353 | rights under this License. However, parties who have received copies, 354 | or rights, from you under this License will not have their licenses 355 | terminated so long as such parties remain in full compliance. 356 | 357 | 9. You are not required to accept this License, since you have not 358 | signed it. However, nothing else grants you permission to modify or 359 | distribute the Library or its derivative works. These actions are 360 | prohibited by law if you do not accept this License. Therefore, by 361 | modifying or distributing the Library (or any work based on the 362 | Library), you indicate your acceptance of this License to do so, and 363 | all its terms and conditions for copying, distributing or modifying 364 | the Library or works based on it. 365 | 366 | 10. Each time you redistribute the Library (or any work based on the 367 | Library), the recipient automatically receives a license from the 368 | original licensor to copy, distribute, link with or modify the Library 369 | subject to these terms and conditions. You may not impose any further 370 | restrictions on the recipients' exercise of the rights granted herein. 371 | You are not responsible for enforcing compliance by third parties with 372 | this License. 373 | 374 | 11. If, as a consequence of a court judgment or allegation of patent 375 | infringement or for any other reason (not limited to patent issues), 376 | conditions are imposed on you (whether by court order, agreement or 377 | otherwise) that contradict the conditions of this License, they do not 378 | excuse you from the conditions of this License. If you cannot 379 | distribute so as to satisfy simultaneously your obligations under this 380 | License and any other pertinent obligations, then as a consequence you 381 | may not distribute the Library at all. For example, if a patent 382 | license would not permit royalty-free redistribution of the Library by 383 | all those who receive copies directly or indirectly through you, then 384 | the only way you could satisfy both it and this License would be to 385 | refrain entirely from distribution of the Library. 386 | 387 | If any portion of this section is held invalid or unenforceable under any 388 | particular circumstance, the balance of the section is intended to apply, 389 | and the section as a whole is intended to apply in other circumstances. 390 | 391 | It is not the purpose of this section to induce you to infringe any 392 | patents or other property right claims or to contest validity of any 393 | such claims; this section has the sole purpose of protecting the 394 | integrity of the free software distribution system which is 395 | implemented by public license practices. Many people have made 396 | generous contributions to the wide range of software distributed 397 | through that system in reliance on consistent application of that 398 | system; it is up to the author/donor to decide if he or she is willing 399 | to distribute software through any other system and a licensee cannot 400 | impose that choice. 401 | 402 | This section is intended to make thoroughly clear what is believed to 403 | be a consequence of the rest of this License. 404 | 405 | 12. If the distribution and/or use of the Library is restricted in 406 | certain countries either by patents or by copyrighted interfaces, the 407 | original copyright holder who places the Library under this License may add 408 | an explicit geographical distribution limitation excluding those countries, 409 | so that distribution is permitted only in or among countries not thus 410 | excluded. In such case, this License incorporates the limitation as if 411 | written in the body of this License. 412 | 413 | 13. The Free Software Foundation may publish revised and/or new 414 | versions of the Lesser General Public License from time to time. 415 | Such new versions will be similar in spirit to the present version, 416 | but may differ in detail to address new problems or concerns. 417 | 418 | Each version is given a distinguishing version number. If the Library 419 | specifies a version number of this License which applies to it and 420 | "any later version", you have the option of following the terms and 421 | conditions either of that version or of any later version published by 422 | the Free Software Foundation. If the Library does not specify a 423 | license version number, you may choose any version ever published by 424 | the Free Software Foundation. 425 | 426 | 14. If you wish to incorporate parts of the Library into other free 427 | programs whose distribution conditions are incompatible with these, 428 | write to the author to ask for permission. For software which is 429 | copyrighted by the Free Software Foundation, write to the Free 430 | Software Foundation; we sometimes make exceptions for this. Our 431 | decision will be guided by the two goals of preserving the free status 432 | of all derivatives of our free software and of promoting the sharing 433 | and reuse of software generally. 434 | 435 | NO WARRANTY 436 | 437 | 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO 438 | WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. 439 | EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR 440 | OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY 441 | KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE 442 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 443 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE 444 | LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME 445 | THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 446 | 447 | 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN 448 | WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY 449 | AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU 450 | FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR 451 | CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE 452 | LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING 453 | RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A 454 | FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF 455 | SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 456 | DAMAGES. 457 | 458 | END OF TERMS AND CONDITIONS 459 | 460 | How to Apply These Terms to Your New Libraries 461 | 462 | If you develop a new library, and you want it to be of the greatest 463 | possible use to the public, we recommend making it free software that 464 | everyone can redistribute and change. You can do so by permitting 465 | redistribution under these terms (or, alternatively, under the terms of the 466 | ordinary General Public License). 467 | 468 | To apply these terms, attach the following notices to the library. It is 469 | safest to attach them to the start of each source file to most effectively 470 | convey the exclusion of warranty; and each file should have at least the 471 | "copyright" line and a pointer to where the full notice is found. 472 | 473 | 474 | Copyright (C) 475 | 476 | This library is free software; you can redistribute it and/or 477 | modify it under the terms of the GNU Lesser General Public 478 | License as published by the Free Software Foundation; either 479 | version 2.1 of the License, or (at your option) any later version. 480 | 481 | This library is distributed in the hope that it will be useful, 482 | but WITHOUT ANY WARRANTY; without even the implied warranty of 483 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 484 | Lesser General Public License for more details. 485 | 486 | You should have received a copy of the GNU Lesser General Public 487 | License along with this library; if not, write to the Free Software 488 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 489 | USA 490 | 491 | Also add information on how to contact you by electronic and paper mail. 492 | 493 | You should also get your employer (if you work as a programmer) or your 494 | school, if any, to sign a "copyright disclaimer" for the library, if 495 | necessary. Here is a sample; alter the names: 496 | 497 | Yoyodyne, Inc., hereby disclaims all copyright interest in the 498 | library `Frob' (a library for tweaking knobs) written by James Random 499 | Hacker. 500 | 501 | , 1 April 1990 502 | Ty Coon, President of Vice 503 | 504 | That's all there is to it! 505 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CHN Quickstart 2 | 3 | Tools and helper scripts for use when spinning up a new CHN instance. Full 4 | documentation [here](https://communityhoneynetwork.readthedocs.io/en/stable/) 5 | 6 | ## 'Quickstart' or 'Documentation is for Chumps' 7 | 8 | Install procedure: 9 | 10 | * Install docker & docker-compose 11 | * Ensure python3 & pip3 are available 12 | * `python3 -m pip install -r requirements.txt` 13 | * Clone the [latest release](https://github.com/CommunityHoneyNetwork/chn-quickstart/releases/latest) repository and `cd` into it 14 | * `./guided_docker_compose.py` 15 | 16 | Presuming an AWS Ubuntu instance: 17 | 18 | * `sudo apt update && sudo apt upgrade -y && sudo apt install -y docker-compose jq python3 python3-pip && sudo python3 -m pip install -r requirements.txt && sudo usermod -aG docker ubuntu && sudo systemctl enable docker && sudo reboot` 19 | * `sudo git clone -b v1.9 https://github.com/CommunityHoneyNetwork/chn-quickstart.git /opt/chnserver && sudo chown -R 20 | ubuntu:docker /opt/chnserver` 21 | * Run `cd /opt/chnserver && ./guided_docker_compose.py` 22 | * Run `docker-compose up` 23 | -------------------------------------------------------------------------------- /config/sysconfig/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CommunityHoneyNetwork/chn-quickstart/274bb681fdc7ae190c9bf665f7e42657bbac5f41/config/sysconfig/.keep -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '2' 3 | services: 4 | configure: 5 | image: chn-config 6 | build: 7 | context: . 8 | volumes: 9 | - './config/sysconfig:/config:z' 10 | entrypoint: ['/code/scripts/generate_chn_sysconfig.py', '-o', '/config/chnserver.sysconfig', '-s', 'https://EXAMPLE.com', '-f'] 11 | mongodb: 12 | image: stingar/mongodb:1.7 13 | volumes: 14 | - ./storage/mongodb:/var/lib/mongo:z 15 | redis: 16 | image: stingar/redis:1.7 17 | volumes: 18 | - ./storage/redis:/var/lib/redis:z 19 | hpfeeds: 20 | image: stingar/hpfeeds:1.7 21 | links: 22 | - mongodb:mongodb 23 | ports: 24 | - "10000:10000" 25 | mnemosyne: 26 | image: stingar/mnemosyne:1.7 27 | links: 28 | - mongodb:mongodb 29 | - hpfeeds:hpfeeds 30 | chnserver: 31 | image: stingar/chn-server:1.7 32 | depends_on: 33 | - configure 34 | volumes: 35 | - ./config/collector:/etc/collector:z 36 | - ./storage/chnserver/sqlite:/opt/sqlite:z 37 | - ./config/sysconfig/chnserver.sysconfig:/etc/default/chnserver:z 38 | - ./certs:/etc/letsencrypt:z 39 | links: 40 | - mongodb:mongodb 41 | - redis:redis 42 | - hpfeeds:hpfeeds 43 | ports: 44 | - "80:80" 45 | - "443:443" 46 | -------------------------------------------------------------------------------- /guided_docker_compose.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | import socket 4 | import os 5 | import argparse 6 | import validators 7 | import secrets 8 | import string 9 | from urllib.parse import urlparse 10 | import re 11 | 12 | def make_color(color, msg): 13 | bcolors = { 14 | 'HEADER': '\033[95m', 15 | 'OKBLUE': '\033[94m', 16 | 'OKGREEN': '\033[92m', 17 | 'WARNING': '\033[93m', 18 | 'FAIL': '\033[91m', 19 | 'ENDC': '\033[0m', 20 | 'BOLD': '\033[1m', 21 | 'UNDERLINE': '\033[4m', 22 | } 23 | return bcolors[color] + "%s" % msg + bcolors['ENDC'] 24 | 25 | 26 | def touch(fname, times=None): 27 | with open(fname, 'a'): 28 | os.utime(fname, times) 29 | 30 | 31 | def generate_password(length=32): 32 | 33 | alphabet = string.ascii_letters + string.digits 34 | password = ''.join(secrets.choice(alphabet) for i in range(length)) 35 | return password 36 | 37 | 38 | def check_url(url): 39 | """ 40 | Make sure this is a real URL 41 | """ 42 | if validators.url(url): 43 | return url 44 | else: 45 | raise argparse.ArgumentTypeError("%s is an invalid url" % url) 46 | 47 | 48 | def check_cert_strategy(certificate_strategy, domain): 49 | """ 50 | If it's an IP addr or localhost, certbot won't issue a cert, so set SELFSIGNED if it matches one of those 51 | """ 52 | # we assume they know what they're doing if they've elected to bring their own cert 53 | if certificate_strategy == 'BYO' or certificate_strategy == 'SELFSIGNED': 54 | return certificate_strategy 55 | if (validators.ip_address.ipv4(domain) or 56 | validators.ip_address.ipv6(domain) or 57 | domain.startswith('localhost')): 58 | # "Selected cert strategy was CERTBOT but detected IP address or localhost for Base URL\n" 59 | print( 60 | make_color( 61 | "BOLD", 62 | "Overriding cert strategy to SELFSIGNED since certbot won't issue for IP addresses or localhost") 63 | ) 64 | print() 65 | return 'SELFSIGNED' 66 | else: 67 | return certificate_strategy 68 | 69 | 70 | def generate_sysconfig(output_file, template_file, force_overwrite=True, **kwargs): 71 | with open(template_file) as sysconfig_template_file: 72 | template = sysconfig_template_file.read().format(**kwargs) 73 | 74 | if not os.path.exists(output_file) or force_overwrite: 75 | f = open(output_file, 'w') 76 | f.write(template) 77 | f.close() 78 | print("Wrote file to %s" % output_file) 79 | else: 80 | sys.stderr.write("Not writing file, add -f to override\n") 81 | 82 | 83 | def write_docker_compose(template_file, output_file, mode='w'): 84 | f = open(template_file, 'r') 85 | template = f.read() 86 | f.close() 87 | 88 | compose = open(output_file, mode) 89 | compose.write(template) 90 | compose.write("\n") 91 | compose.close() 92 | 93 | 94 | def configure_chn(): 95 | print( 96 | make_color( 97 | "BOLD", 98 | ("Please enter the URL where you'd like your CHN web console available. Note that the " 99 | "domain must be resolvable. E.g.: sub.domain.tld or localhost/chn."))) 100 | domain = None 101 | cert_strategy = None 102 | 103 | touch('config/sysconfig/chnserver.env') 104 | 105 | while not domain: 106 | domain = input('Domain: ') 107 | # if it's a bare fqdn, prepend the proto scheme https so we can use urlparse 108 | # without a scheme, urlparse puts the full url + path all in netloc attribute of its return object 109 | # that makes it difficult later to determine if there's a custom path in the url 110 | if not domain.startswith('http'): 111 | domain = 'https://' + domain 112 | url_parsed = urlparse(domain) 113 | try: 114 | socket.getaddrinfo(url_parsed.netloc, 443) 115 | except Exception as e: 116 | sys.stderr.write( 117 | make_color("FAIL", 118 | "%s is not an active domain name\n" % url_parsed.netloc)) 119 | domain = None 120 | 121 | while not cert_strategy: 122 | certificate_strategies = { 123 | 'CERTBOT': 124 | ('Signed certificate by an ACME provider such as LetsEncrypt. ' 125 | 'Most folks will want to use this. You must ensure your URL is ' 126 | 'accessible from the ACME hosts for verification here'), 127 | 'BYO': 128 | ("Bring Your Own. Use this if you already have a signed cert" 129 | ", or if you want a real certificate without CertBot"), 130 | 'SELFSIGNED': 131 | "Generate a simple self-signed certificate" 132 | } 133 | print( 134 | make_color( 135 | "BOLD", 136 | "Please enter a Certificate Strategy. This should be one of:") 137 | ) 138 | print() 139 | for strat, strat_help in certificate_strategies.items(): 140 | print("%s: %s" % (strat, strat_help)) 141 | 142 | cert_strategy = input('Certificate Strategy: ') 143 | if cert_strategy not in certificate_strategies.keys(): 144 | print() 145 | sys.stderr.write( 146 | make_color( 147 | "FAIL", "You must use one of %s\n" % 148 | certificate_strategies.keys())) 149 | cert_strategy = None 150 | 151 | generate_sysconfig(output_file="config/sysconfig/chnserver.env", 152 | template_file="templates/chn_server.env.template", 153 | server_base_url="https://%s%s" % ( 154 | url_parsed.netloc, url_parsed.path), 155 | password=generate_password(), 156 | certificate_strategy=check_cert_strategy( 157 | cert_strategy, url_parsed.netloc) 158 | ) 159 | 160 | 161 | def configure_mnemosyne(): 162 | retention = None 163 | 164 | while not retention: 165 | print() 166 | print( 167 | make_color( 168 | "BOLD", 169 | "How many days of honeypot data should be maintained in the database (default 30 days)?" 170 | ) 171 | ) 172 | days_str = input("Number of Days: ") 173 | try: 174 | days = int(days_str) 175 | if days < 1: 176 | print( 177 | make_color("FAIL", 178 | "%s is not a valid number of days. Please choose a number greater than zero." % days_str) 179 | ) 180 | continue 181 | retention = days * 60 * 60 * 24 182 | except ValueError: 183 | print( 184 | make_color("FAIL", 185 | "%s is not a valid number." % days_str) 186 | ) 187 | retention = None 188 | 189 | generate_sysconfig(output_file="config/sysconfig/mnemosyne.env", 190 | template_file="templates/mnemosyne.env.template", 191 | retention=retention 192 | ) 193 | 194 | 195 | def configure_hpfeeds_cif(): 196 | valid_url = None 197 | valid_token = None 198 | valid_provider = None 199 | 200 | while not valid_url: 201 | print() 202 | cif_server_url = input('Please enter the URL for the remote CIFv3 server: ') 203 | valid_url = validators.url(cif_server_url) 204 | if not valid_url: 205 | print('Invalid URL, please ensure the URL includes the scheme (https://)!') 206 | 207 | while not valid_token: 208 | print() 209 | cif_write_token = input('Please enter the *write* API token for the remote CIFv3 server: ') 210 | if re.match('[0-9a-z]{80}', cif_write_token.strip('\n')): 211 | valid_token = True 212 | else: 213 | print('Input provided did not match expected pattern for a CIF API token!') 214 | 215 | while not valid_provider: 216 | cif_org = input('Please enter a name you wish to be associated with your organization (partnerX): ') 217 | if re.match('[a-zA-Z0-9_-]+', cif_org): 218 | valid_provider = True 219 | else: 220 | print('Input provided is not a valid provider ID; valid character set is [a-zA-Z0-9_-]') 221 | 222 | generate_sysconfig(output_file="config/sysconfig/hpfeeds-cif.env", 223 | template_file="templates/hpfeeds-cif.env.template", 224 | cif_server_url=cif_server_url, 225 | cif_token=cif_write_token, 226 | cif_org=cif_org, 227 | ident=generate_password(8)) 228 | 229 | 230 | def configure_chn_intel_feeds(): 231 | valid_url = None 232 | valid_read_token = None 233 | valid_write_token = None 234 | valid_provider = None 235 | 236 | while not valid_url: 237 | print() 238 | cif_server_url = input('Please enter the URL for the remote CIFv3 server: ') 239 | valid_url = validators.url(cif_server_url) 240 | if not valid_url: 241 | print('Invalid URL, please ensure the URL includes the scheme (https://)!') 242 | 243 | while not valid_read_token: 244 | print() 245 | cif_read_token = input('Please enter the *read* API token for the remote CIFv3 server: ') 246 | if re.match('[0-9a-z]{80}', cif_read_token.strip('\n')): 247 | valid_read_token = True 248 | else: 249 | print('Input provided did not match expected pattern for a CIF API token!') 250 | 251 | while not valid_write_token: 252 | print() 253 | cif_write_token = input('Please enter the *write* API token for the remote CIFv3 server: ') 254 | if re.match('[0-9a-z]{80}', cif_write_token.strip('\n')): 255 | valid_write_token = True 256 | else: 257 | print('Input provided did not match expected pattern for a CIF API token!') 258 | 259 | while not valid_provider: 260 | cif_org = input('Please enter the name associated with your organization safelist (partnerX): ') 261 | if re.match('[a-zA-Z0-9_-]+', cif_org): 262 | valid_provider = True 263 | else: 264 | print('Input provided is not a valid provider ID; valid character set is [a-zA-Z0-9_-]') 265 | 266 | generate_sysconfig(output_file="config/sysconfig/chn-intel-feeds.env", 267 | template_file="templates/chn-intel-feeds.env.template", 268 | cif_server_url=cif_server_url, 269 | cif_write_token=cif_write_token, 270 | cif_read_token=cif_read_token, 271 | cif_org=cif_org) 272 | 273 | 274 | def configure_hpfeeds_logger(): 275 | log_format = None 276 | while not log_format: 277 | logging_formats = { 278 | 'splunk': 279 | 'Comma delimited key/value logging format for use with Splunk', 280 | 'json': 281 | "JSON formatted log format", 282 | 'arcsight': 283 | "Log format for use with ArcSight SIEM appliances", 284 | 'json_raw': 285 | "Raw JSON output from hpfeeds. More verbose that other formats, but also not normalized. Can generate a large amount of data." 286 | } 287 | 288 | print() 289 | for fmt, fmt_help in logging_formats.items(): 290 | print("%s: %s" % (fmt, fmt_help)) 291 | 292 | log_format = input('Logging Format: ') 293 | if log_format not in logging_formats.keys(): 294 | print() 295 | sys.stderr.write( 296 | make_color( 297 | "FAIL", "You must use one of %s\n" % 298 | logging_formats.keys())) 299 | log_format = None 300 | 301 | generate_sysconfig(output_file="config/sysconfig/hpfeeds-logger.env", 302 | template_file="templates/hpfeeds-logger.env.template", 303 | log_format=log_format, 304 | ident=generate_password(8)) 305 | 306 | 307 | def main(): 308 | 309 | chn_sysconfig_exists = os.path.exists( 310 | "config/sysconfig/chnserver.env") 311 | 312 | reconfig = False 313 | if chn_sysconfig_exists: 314 | answer = input(make_color("BOLD", 315 | "Previous chn-server.env file detected. Do you wish to reconfigure? [y/N]: ")) 316 | reconfig = answer.lower() == ("y" or "yes") 317 | 318 | if reconfig or not chn_sysconfig_exists: 319 | configure_chn() 320 | configure_mnemosyne() 321 | 322 | write_docker_compose( 323 | "templates/docker-compose.yml.template", "docker-compose.yml", 'w') 324 | 325 | # Check if user wants to enable hpfeeds-cif 326 | cif_sysconfig_exists = os.path.exists( 327 | "config/sysconfig/hpfeeds-cif.env") 328 | 329 | reconfig = False 330 | enable_cif = False 331 | if cif_sysconfig_exists: 332 | answer = input(make_color("BOLD", 333 | "Previous hpfeeds-cif.env file detected. Do you wish to reconfigure? [y/N]: ")) 334 | reconfig = answer.lower() == ("y" or "yes") 335 | else: 336 | answer = input(make_color("BOLD", 337 | "Do you wish to enable logging to a remote CIFv3 server? [y/N]: ")) 338 | enable_cif = answer.lower() == ("y" or "yes") 339 | 340 | if enable_cif or reconfig: 341 | configure_hpfeeds_cif() 342 | 343 | if enable_cif or reconfig or cif_sysconfig_exists: 344 | write_docker_compose( 345 | "templates/docker-compose-cif.yml.template", "docker-compose.yml", 'a') 346 | 347 | # Check if user wants to enable hpfeeds-logger 348 | logger_sysconfig_exists = os.path.exists( 349 | "config/sysconfig/hpfeeds-logger.env") 350 | 351 | reconfig = False 352 | enable_logger = False 353 | if logger_sysconfig_exists: 354 | answer = input(make_color("BOLD", 355 | "Previous hpfeeds-logger.env file detected. Do you wish to reconfigure? [y/N]: ")) 356 | reconfig = answer.lower() == ("y" or "yes") 357 | else: 358 | answer = input(make_color("BOLD", 359 | "Do you wish to enable logging to a local file? [y/N]: ")) 360 | enable_logger = answer.lower() == ("y" or "yes") 361 | 362 | if enable_logger or reconfig: 363 | configure_hpfeeds_logger() 364 | 365 | if enable_logger or reconfig or logger_sysconfig_exists: 366 | write_docker_compose( 367 | "templates/docker-compose-log.yml.template", "docker-compose.yml", 'a') 368 | 369 | # Check if user wants to enable hpfeeds-logger 370 | feeds_exists = os.path.exists( 371 | "config/sysconfig/chn-intel-feeds.env") 372 | 373 | reconfig = False 374 | enable_feeds = False 375 | if feeds_exists: 376 | answer = input(make_color("BOLD", 377 | "Previous chn-intel-feeds.env file detected. Do you wish to reconfigure? [y/N]: ")) 378 | reconfig = answer.lower() == ("y" or "yes") 379 | else: 380 | answer = input(make_color("BOLD", 381 | "Do you wish to enable intelligence feeds from a remote CIF instance? [y/N]: ")) 382 | enable_feeds = answer.lower() == ("y" or "yes") 383 | 384 | if enable_feeds or reconfig: 385 | configure_chn_intel_feeds() 386 | 387 | if enable_feeds or reconfig or feeds_exists: 388 | write_docker_compose( 389 | "templates/docker-compose-chn-intel-feeds.yml.template", "docker-compose.yml", 'a') 390 | 391 | 392 | if __name__ == "__main__": 393 | main() 394 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | validators 2 | -------------------------------------------------------------------------------- /templates/chn-intel-feeds.env.template: -------------------------------------------------------------------------------- 1 | # Turn on additional logging 2 | DEBUG=false 3 | 4 | # Number of minutes between each refresh of the feeds 5 | SLEEP=5 6 | 7 | # Number of hours between each refresh of the safelist 8 | SAFELIST_SLEEP=24 9 | 10 | # Change the port the web server listens on in the container 11 | # You must also adjust the docker-compose ports stanza to match 12 | PORT=9000 13 | 14 | # Enable the process to retrieve feeds from a remote CIF instance 15 | CIF_FEED_ENABLED=true 16 | 17 | # Specify feeds by prefacing each variable with "CHNFEEDX" where "X" is the feed number 18 | # A minimal configuration includes: FILENAME, REMOTE, TOKEN, ITYPE, TAGS, and DAYS or HOURS 19 | # You are limited to 10 feed specifications; this limit can be changed in code 20 | # Any of the VALID_FILTERS may be used as part of the specification 21 | # VALID_FILTERS = ['indicator', 'itype', 'confidence', 'provider', 'limit', 'application', 'nolog', 'tags', 'days', 22 | # 'hours', 'groups', 'reporttime', 'cc', 'asn', 'asn_desc', 'rdata', 'firsttime', 'lasttime', 23 | # 'region', 'id'] 24 | 25 | CHNFEED1_FILENAME=stingar_ip.txt 26 | CHNFEED1_REMOTE={cif_server_url} 27 | CHNFEED1_TOKEN={cif_read_token} 28 | CHNFEED1_TLS_VERIFY=True 29 | CHNFEED1_ITYPE=ipv4 30 | CHNFEED1_LIMIT=150000 31 | CHNFEED1_HOURS=24 32 | CHNFEED1_CONFIDENCE=8 33 | CHNFEED1_TAGS=honeypot 34 | 35 | CHNFEED2_FILENAME=stingar_sha256.txt 36 | CHNFEED2_REMOTE={cif_server_url} 37 | CHNFEED2_TOKEN={cif_read_token} 38 | CHNFEED2_TLS_VERIFY=True 39 | CHNFEED2_ITYPE=sha256 40 | CHNFEED2_LIMIT=150000 41 | CHNFEED2_DAYS=1 42 | CHNFEED2_CONFIDENCE=8 43 | CHNFEED2_TAGS=honeypot 44 | 45 | 46 | CHNFEED3_FILENAME=stingar_url.txt 47 | CHNFEED3_REMOTE={cif_server_url} 48 | CHNFEED3_TOKEN={cif_read_token} 49 | CHNFEED3_TLS_VERIFY=True 50 | CHNFEED3_ITYPE=url 51 | CHNFEED3_LIMIT=150000 52 | CHNFEED3_DAYS=1 53 | CHNFEED3_CONFIDENCE=8 54 | CHNFEED3_TAGS=honeypot 55 | 56 | # Enable the uploading of local safelist items to CIF 57 | # Currently supports IPv4 only 58 | CIF_SAFELIST_ENABLED=false 59 | 60 | # Specify safelists by prefacing each variable with "CHNSAFELISTX" where "X" is the safelist number 61 | # A minimal configuration includes: FILENAME, REMOTE, TOKEN, PROVIDER, and ITYPE 62 | # You are limited to 5 feed specifications; this limit can be changed in code 63 | # The FILENAME should be a file available in the container path /var/www/safelists 64 | # A PROVIDER variable is required and corresponds to a CIF group to write the safelist to 65 | # The ITYPE is used to validate entries found in the FILENAME. YMMV. 66 | 67 | CHNSAFELIST1_FILENAME=safelist.txt 68 | CHNSAFELIST1_REMOTE={cif_server_url} 69 | CHNSAFELIST1_TOKEN={cif_write_token} 70 | CHNSAFELIST1_TLS_VERIFY=True 71 | CHNSAFELIST1_ITYPE=ipv4 72 | CHNSAFELIST1_PROVIDER={cif_org} 73 | 74 | # Specify that the local CHN-Server API should be queried for a feed 75 | CHN_FEED_ENABLED=false 76 | 77 | # Similar configuration to a CIF feed, but for CHN servers direct queries 78 | # The number of hours queried is the biggest factor in performance, the limit 79 | # is applied AFTER retrieval of the feed 80 | 81 | CHNAPIFEED_FILENAME=chn_ip.txt 82 | CHNAPIFEED_REMOTE= 83 | CHNAPIFEED_TOKEN= 84 | CHNAPIFEED_TLS_VERIFY=True 85 | CHNAPIFEED_HOURS=72 86 | CHNAPIFEED_LIMIT=10000 87 | -------------------------------------------------------------------------------- /templates/chn_server.env.template: -------------------------------------------------------------------------------- 1 | # Generated from generate_chn_sysconfig.py 2 | # This can be modified to change the default setup of the chnserver unattended 3 | # installation 4 | 5 | DEBUG=false 6 | 7 | EMAIL=admin@localhost 8 | # For TLS support, you MUST set SERVER_BASE_URL to "https://your.site.tld" 9 | SERVER_BASE_URL={server_base_url} 10 | MAIL_SERVER=127.0.0.1 11 | MAIL_PORT=25 12 | MAIL_TLS=y 13 | MAIL_SSL=y 14 | MAIL_USERNAME= 15 | MAIL_PASSWORD= 16 | DEFAULT_MAIL_SENDER= 17 | MONGODB_HOST=mongodb 18 | MONGODB_PORT=27017 19 | HPFEEDS_HOST=hpfeeds3 20 | HPFEEDS_PORT=10000 21 | 22 | SUPERUSER_EMAIL=admin@localhost 23 | SUPERUSER_PASSWORD={password} 24 | SECRET_KEY= 25 | DEPLOY_KEY= 26 | 27 | # See https://communityhoneynetwork.readthedocs.io/en/stable/certificates/ 28 | # Options are: 'CERTBOT', 'SELFSIGNED', 'BYO' 29 | CERTIFICATE_STRATEGY={certificate_strategy} 30 | -------------------------------------------------------------------------------- /templates/docker-compose-chn-intel-feeds.yml.template: -------------------------------------------------------------------------------- 1 | chn-intel-feeds: 2 | image: stingar/chn-intel-feeds:1.9.1 3 | env_file: 4 | - ./config/sysconfig/chn-intel-feeds.env 5 | volumes: 6 | - ./safelists:/var/www/safelists 7 | ports: 8 | - 9000:9000 9 | restart: always 10 | -------------------------------------------------------------------------------- /templates/docker-compose-cif.yml.template: -------------------------------------------------------------------------------- 1 | hpfeeds-cif: 2 | image: stingar/hpfeeds-cif:1.9.1 3 | env_file: 4 | - ./config/sysconfig/hpfeeds-cif.env 5 | links: 6 | - hpfeeds3:hpfeeds3 7 | - mongodb:mongodb 8 | - redis:redis 9 | restart: always 10 | -------------------------------------------------------------------------------- /templates/docker-compose-log.yml.template: -------------------------------------------------------------------------------- 1 | hpfeeds-logger: 2 | image: stingar/hpfeeds-logger:1.9.1 3 | volumes: 4 | - ./storage/hpfeeds-logs:/var/log/hpfeeds-logger:z 5 | env_file: 6 | - config/sysconfig/hpfeeds-logger.env 7 | links: 8 | - hpfeeds3:hpfeeds3 9 | - mongodb:mongodb 10 | restart: always 11 | -------------------------------------------------------------------------------- /templates/docker-compose.yml.template: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3' 3 | services: 4 | mongodb: 5 | image: mongo:3.4.24-xenial 6 | volumes: 7 | - ./storage/mongodb:/data/db:z 8 | restart: always 9 | 10 | redis: 11 | image: redis:alpine 12 | volumes: 13 | - ./storage/redis:/data:z 14 | restart: always 15 | 16 | hpfeeds3: 17 | image: stingar/hpfeeds3:1.9.1 18 | links: 19 | - mongodb:mongodb 20 | ports: 21 | - "10000:10000" 22 | restart: always 23 | 24 | mnemosyne: 25 | image: stingar/mnemosyne:1.9.1 26 | env_file: 27 | - ./config/sysconfig/mnemosyne.env 28 | links: 29 | - mongodb:mongodb 30 | - hpfeeds3:hpfeeds3 31 | restart: always 32 | 33 | chnserver: 34 | image: stingar/chn-server:1.9.1 35 | volumes: 36 | - ./storage/chnserver/sqlite:/opt/sqlite:z 37 | - ./certs:/etc/letsencrypt:z 38 | env_file: 39 | - ./config/sysconfig/chnserver.env 40 | links: 41 | - mongodb:mongodb 42 | ports: 43 | - "80:80" 44 | - "443:443" 45 | restart: always 46 | -------------------------------------------------------------------------------- /templates/hpfeeds-cif.env.template: -------------------------------------------------------------------------------- 1 | HPFEEDS_HOST=hpfeeds3 2 | HPFEEDS_PORT=10000 3 | IDENT=hpfeeds-cif-{ident} 4 | 5 | MONGODB_HOST=mongodb 6 | MONGODB_PORT=27017 7 | 8 | CIF_HOST={cif_server_url} 9 | CIF_TOKEN={cif_token} 10 | CIF_PROVIDER={cif_org} 11 | CIF_TLP=green 12 | CIF_CONFIDENCE=8 13 | CIF_TAGS=honeypot 14 | CIF_GROUP=everyone 15 | # Set the below value to True if your CIF instance uses a valid, CA-signed, certificate 16 | CIF_VERIFY_SSL=False 17 | 18 | # Set to False if you wish to submit private addresses to CIF 19 | IGNORE_RFC1918=True 20 | 21 | # Specify CIDR networks for which we should NOT submit CIF indicators 22 | # Useful for not reporting any locally compromised hosts and prepopulated with RFC1918 addresses 23 | IGNORE_CIDR=192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 24 | 25 | # Include the honeypot specific tags in CIFv3 26 | INCLUDE_HP_TAGS=False 27 | 28 | # ADVANCED: Specify the Redis database number to use for caching CIF submissions. This is only necessary when 29 | # running multiple CIF containers on the same host submitting to different instances. Note that hpfeeds-bhr defaults 30 | # to using database 1 and hpfeeds-cif defaults to using database 2, so generally safe choices are in the range of 3-15. 31 | # CIF_CACHE_DB=2 32 | -------------------------------------------------------------------------------- /templates/hpfeeds-logger.env.template: -------------------------------------------------------------------------------- 1 | # Defaults here are for containers, but can be adjusted 2 | # after install for a regular server or to customize the containers 3 | 4 | MONGODB_HOST=mongodb 5 | MONGODB_PORT=27017 6 | 7 | # Log to local file; the path is internal to the container and the host filesystem 8 | # location is controlled by volume mapping in the docker-compose.yml 9 | FILELOG_ENABLED=true 10 | LOG_FILE=/var/log/hpfeeds-logger/chn.log 11 | 12 | # Choose to rotate the log file based on 'size'(default) or 'time' 13 | ROTATION_STRATEGY=size 14 | 15 | # If rotating by 'size', the number of MB to rotate at 16 | ROTATION_SIZE_MAX=100 17 | 18 | # If rotating by 'time', the unit to count in; valid values are "m","h", and "d" 19 | ROTATION_TIME_UNIT=h 20 | 21 | # If rotating by 'time', the number of hours to rotate at 22 | ROTATION_TIME_MAX=24 23 | 24 | # Log to syslog 25 | SYSLOG_ENABLED=false 26 | SYSLOG_HOST=localhost 27 | SYSLOG_PORT=514 28 | SYSLOG_FACILITY=user 29 | 30 | # Options are arcsight, json, raw_json, splunk 31 | FORMATTER_NAME={log_format} 32 | 33 | # To log data from an external HPFeeds stream, uncomment and fill out these 34 | # variables. Additionally, change the HPFEEDS_* variables to point to the 35 | # remote service. 36 | 37 | IDENT=hpfeeds-logger-{ident} 38 | # SECRET= 39 | # CHANNELS= 40 | 41 | HPFEEDS_HOST=hpfeeds3 42 | HPFEEDS_PORT=10000 -------------------------------------------------------------------------------- /templates/mnemosyne.env.template: -------------------------------------------------------------------------------- 1 | # This can be modified to change the default setup of the unattended installation 2 | 3 | HPFEEDS_HOST=hpfeeds3 4 | HPFEEDS_PORT=10000 5 | 6 | MONGODB_HOST=mongodb 7 | MONGODB_PORT=27017 8 | 9 | # MONGODB_INDEXTTL sets the number of seconds to keep data in the mongo database 10 | # This default value is 30 days 11 | MONGODB_INDEXTTL={retention} 12 | 13 | IGNORE_RFC1918=False --------------------------------------------------------------------------------