diff options
Diffstat (limited to 'old/sliver-c2/templates')
| -rw-r--r-- | old/sliver-c2/templates/index.html.j2 | 0 | ||||
| -rw-r--r-- | old/sliver-c2/templates/jail.local.j2 | 46 | ||||
| -rw-r--r-- | old/sliver-c2/templates/nginx.conf.j2 | 57 | ||||
| -rw-r--r-- | old/sliver-c2/templates/server.json.j2 | 18 | ||||
| -rw-r--r-- | old/sliver-c2/templates/sliver.service.j2 | 15 | ||||
| -rw-r--r-- | old/sliver-c2/templates/sslh.j2 | 3 |
6 files changed, 139 insertions, 0 deletions
diff --git a/old/sliver-c2/templates/index.html.j2 b/old/sliver-c2/templates/index.html.j2 new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/old/sliver-c2/templates/index.html.j2 diff --git a/old/sliver-c2/templates/jail.local.j2 b/old/sliver-c2/templates/jail.local.j2 new file mode 100644 index 0000000..dd548df --- /dev/null +++ b/old/sliver-c2/templates/jail.local.j2 @@ -0,0 +1,46 @@ +[INCLUDES] +#before = paths-distro.conf +before = paths-debian.conf + +[DEFAULT] +#ignoreself = true +#ignoreip = 127.0.0.1/8 ::1 +ignorecommand = +bantime = 1h +findtime = 10m +maxretry = 3 +maxmatches = %(maxretry)s +backend = auto +usedns = warn +logencoding = auto +enabled = false +mode = normal +filter = %(__name__)s[mode=%(mode)s] +destemail = root@localhost +sender = root@<fq-hostname> +mta = sendmail +protocol = tcp +chain = <known/chain> +port = 0:65535 +fail2ban_agent = Fail2Ban/%(fail2ban_version)s +banaction = iptables-multiport +banaction_allports = iptables-allports +action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mw = %(action_)s + %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mwl = %(action_)s + %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] +action_xarf = %(action_)s + xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] +action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] + %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] +action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] +action_abuseipdb = abuseipdb +action = %(action_)s + +[sshd] +mode = aggressive +enabled = true +port = ssh +logpath = %(sshd_log)s +backend = %(sshd_backend)s diff --git a/old/sliver-c2/templates/nginx.conf.j2 b/old/sliver-c2/templates/nginx.conf.j2 new file mode 100644 index 0000000..a735338 --- /dev/null +++ b/old/sliver-c2/templates/nginx.conf.j2 @@ -0,0 +1,57 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_tokens off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log warn; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + server { + listen 127.0.0.1:{{ internal_nginx_port }} ssl default_server; + server_name _; + + root /var/www/html; + index index.html; + + ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + location / { + try_files $uri $uri/ =404; + } + + location ~ /\.(?!well-known) { + deny all; + } + } +} diff --git a/old/sliver-c2/templates/server.json.j2 b/old/sliver-c2/templates/server.json.j2 new file mode 100644 index 0000000..9c59062 --- /dev/null +++ b/old/sliver-c2/templates/server.json.j2 @@ -0,0 +1,18 @@ +{ + "daemon_mode": false, + "daemon": { + "host": "{{ sliver_server }}", + "port": 31337 + }, + "logs": { + "level": 4, + "grpc_unary_payloads": false, + "grpc_stream_payloads": false, + "tls_key_logger": false + }, + "jobs": { + "multiplayer": null + }, + "watch_tower": null, + "go_proxy": "" +} diff --git a/old/sliver-c2/templates/sliver.service.j2 b/old/sliver-c2/templates/sliver.service.j2 new file mode 100644 index 0000000..c45687d --- /dev/null +++ b/old/sliver-c2/templates/sliver.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=Sliver +After=network.target +StartLimitIntervalSec=0 + +[Service] +Type=simple +Restart=on-failure +RestartSec=3 +User=root +Environment=SLIVER_ROOT_DIR={{ install_path }}/.sliver +ExecStart={{ install_path }}/sliver-server daemon + +[Install] +WantedBy=multi-user.target diff --git a/old/sliver-c2/templates/sslh.j2 b/old/sliver-c2/templates/sslh.j2 new file mode 100644 index 0000000..8820a74 --- /dev/null +++ b/old/sliver-c2/templates/sslh.j2 @@ -0,0 +1,3 @@ +RUN=yes +DAEMON=/usr/sbin/sslh +DAEMON_OPTS="--user sslh --listen 0.0.0.0:{{ public_sslh_port }} --ssh 127.0.0.1:{{ internal_sshd_port }} --http 127.0.0.1:{{ internal_nginx_port }}" |