#!/usr/bin/env python3 """ SYLink HoneyBot — mini UI web port 8080. Permet à l'admin client de : - voir l'URL d'activation complète + QR code scannable - cliquer directement le lien pour aller sur le portail UniSOC - configurer le réseau (DHCP / IP statique) AVANT l'activation - apply netplan localement Design aligné avec le portail UniSOC (thème clair, cards rounded, palette slate/orange). Auto-shutdown : quand license.json apparaît, re-run init.py pour basculer le banner en mode COUVERTURE Windows BackupServer, puis stop ce service. """ from __future__ import annotations import base64 import json import os import socket import subprocess import threading import time from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer from pathlib import Path from urllib.parse import urlparse, parse_qs CONFIG_DIR = Path("/opt/sylink-honeypot/etc") PORT = int(os.environ.get("SETUP_UI_PORT", "8080")) # ────────────────────────────────────────────────────────────────────────────── # Helpers state + réseau local # ────────────────────────────────────────────────────────────────────────────── def load_state() -> dict: state = {"activated": False} for fname in ("enroll.json", "license.json"): f = CONFIG_DIR / fname if not f.exists(): continue try: data = json.loads(f.read_text()) except Exception: continue if fname == "license.json" and (data.get("license_token") or data.get("api_key")): state["activated"] = True state["tenant_id"] = data.get("tenant_id") state["honeypot_id"] = data.get("honeypot_id") else: state.update(data) return state def primary_iface() -> str: try: out = subprocess.run(["ip", "-4", "route", "show", "default"], capture_output=True, text=True, timeout=4).stdout for line in out.splitlines(): parts = line.split() if "dev" in parts: return parts[parts.index("dev") + 1] except Exception: pass return "ens192" def current_network() -> dict: iface = primary_iface() info = {"interface": iface, "mode": "dhcp", "ip_cidr": "", "gateway": "", "dns": []} try: out = subprocess.run(["ip", "-4", "-o", "addr", "show", "dev", iface], capture_output=True, text=True, timeout=4).stdout for line in out.splitlines(): parts = line.split() for i, p in enumerate(parts): if p == "inet" and i + 1 < len(parts): info["ip_cidr"] = parts[i + 1] break except Exception: pass try: out = subprocess.run(["ip", "-4", "route", "show", "default"], capture_output=True, text=True, timeout=4).stdout for line in out.splitlines(): parts = line.split() if "via" in parts: info["gateway"] = parts[parts.index("via") + 1] if "proto" in parts: info["mode"] = parts[parts.index("proto") + 1] except Exception: pass try: with open("/etc/resolv.conf") as f: info["dns"] = [l.split()[1] for l in f if l.startswith("nameserver")][:4] except Exception: pass return info def render_qr_png_b64(data: str) -> str: """Génère un QR PNG via qrencode et le renvoie en base64 (pour ).""" try: r = subprocess.run( ["qrencode", "-t", "PNG", "-s", "5", "-m", "2", "-o", "-", data], capture_output=True, timeout=5, check=True, ) return base64.b64encode(r.stdout).decode("ascii") except Exception: return "" def detect_network_system() -> str: """Renvoie 'netplan' (Ubuntu) ou 'ifupdown' (Debian) selon ce qui est installé/utilisé.""" if Path("/etc/netplan").is_dir() and subprocess.run(["which", "netplan"], capture_output=True).returncode == 0: return "netplan" return "ifupdown" def apply_network_static(iface: str, ip_cidr: str, gateway: str, dns: list[str]) -> tuple[bool, str]: if not ip_cidr or not gateway: return False, "IP et passerelle requises." if "/" not in ip_cidr: return False, "Format IP attendu : 192.168.1.222/24 (avec CIDR)." dns_clean = [d for d in dns if d] or ["8.8.8.8", "1.1.1.1"] sys_type = detect_network_system() if sys_type == "netplan": yaml = f"""# UniSOC honeypot — config statique appliquée depuis :8080 network: version: 2 ethernets: {iface}: dhcp4: no addresses: - {ip_cidr} routes: - to: default via: {gateway} nameservers: addresses: [{', '.join(dns_clean)}] """ try: target = Path("/etc/netplan/99-unisoc-honeypot.yaml") target.write_text(yaml) os.chmod(target, 0o600) for f in Path("/etc/netplan").glob("*.yaml"): if f.name != target.name: f.rename(f.with_suffix(".yaml.unisoc-bak")) subprocess.run(["netplan", "generate"], check=True, timeout=15) subprocess.Popen(["bash", "-c", "sleep 2 && netplan apply"]) return True, f"[netplan] Config posée. IP {ip_cidr} dans ~5 s." except Exception as e: return False, f"netplan échec : {e}" # ─── ifupdown (Debian) ────────────────────────────────────────────── try: # Backup initial /etc/network/interfaces (1 seule fois) interfaces_path = Path("/etc/network/interfaces") backup_path = Path("/etc/network/interfaces.unisoc-bak") if not backup_path.exists() and interfaces_path.exists(): backup_path.write_text(interfaces_path.read_text()) # Réécrit /etc/network/interfaces en minimal + source des .d interfaces_path.write_text("""# Géré par UniSOC honeypot — voir /etc/network/interfaces.d/ source /etc/network/interfaces.d/* auto lo iface lo inet loopback """) # Écrit la config statique dans le drop-in dropin = Path(f"/etc/network/interfaces.d/99-unisoc-honeypot") cfg = f"""# UniSOC honeypot — config statique appliquée depuis :8080 allow-hotplug {iface} iface {iface} inet static address {ip_cidr} gateway {gateway} dns-nameservers {' '.join(dns_clean)} """ dropin.write_text(cfg) os.chmod(dropin, 0o644) # Apply en background pour ne pas couper la réponse HTTP subprocess.Popen([ "bash", "-c", f"sleep 2 && ifdown {iface} 2>/dev/null ; ifup {iface}" ]) return True, f"[ifupdown] Config posée. IP {ip_cidr} dans ~5 s — rechargez sur la nouvelle IP." except Exception as e: return False, f"ifupdown échec : {e}" def apply_network_dhcp(iface: str) -> tuple[bool, str]: sys_type = detect_network_system() if sys_type == "netplan": try: f_unisoc = Path("/etc/netplan/99-unisoc-honeypot.yaml") if f_unisoc.exists(): f_unisoc.unlink() for f in Path("/etc/netplan").glob("*.yaml.unisoc-bak"): f.rename(f.with_suffix("")) if not list(Path("/etc/netplan").glob("*.yaml")): Path("/etc/netplan/01-dhcp.yaml").write_text( f"network:\n version: 2\n ethernets:\n {iface}:\n dhcp4: true\n" ) os.chmod("/etc/netplan/01-dhcp.yaml", 0o600) subprocess.run(["netplan", "generate"], check=True, timeout=15) subprocess.Popen(["bash", "-c", "sleep 2 && netplan apply"]) return True, "[netplan] DHCP restauré." except Exception as e: return False, str(e) # ─── ifupdown ─────────────────────────────────────────────────────── try: dropin = Path(f"/etc/network/interfaces.d/99-unisoc-honeypot") if dropin.exists(): dropin.unlink() # Restore le backup s'il existe, sinon génère un default DHCP backup_path = Path("/etc/network/interfaces.unisoc-bak") interfaces_path = Path("/etc/network/interfaces") if backup_path.exists(): interfaces_path.write_text(backup_path.read_text()) else: interfaces_path.write_text(f"""source /etc/network/interfaces.d/* auto lo iface lo inet loopback allow-hotplug {iface} iface {iface} inet dhcp """) subprocess.Popen([ "bash", "-c", f"sleep 2 && ifdown {iface} 2>/dev/null ; ifup {iface}" ]) return True, "[ifupdown] DHCP restauré. Re-bail dans ~5 s." except Exception as e: return False, str(e) # ────────────────────────────────────────────────────────────────────────────── # HTML — design aligné portail UniSOC (light, slate, primary orange) # ────────────────────────────────────────────────────────────────────────────── HTML_TEMPLATE = """ SYLink HoneyBot — Activation
SY

SYLink HoneyBot — Activation

VM honeypot interne · 14 services leurres · piloté par UniSOC AI
{status_banner} {activation_section} {network_card}

Spécifications

Hostname
{hostname}
Fingerprint VM
{fp_short}…
API
{api_base}
Portail SOC
{portal_base}
Documentation : guide d'installation  ·  Support : contact@unisoc.fr
""" def render_status_banner(state: dict) -> str: if state.get("activated"): return f"""""" return """""" def render_activation_section(state: dict) -> str: if state.get("activated"): return "" url = state.get("qr_url", "#") code = state.get("short_code", "—") qr_b64 = render_qr_png_b64(url) qr_img = (f'QR code activation' if qr_b64 else '
QR indisponible — utilisez le lien ci-contre
') return f"""

🔗 Activation en 1 clic

▶ Ouvrir la page d'activation UniSOC
{url}
{code}

📱 Activation par QR Code

{qr_img}
Scannez avec un smartphone connecté à Internet,
vous serez redirigé vers la page d'activation UniSOC.
""" def render_network_card(state: dict) -> str: if state.get("activated"): return "" net = current_network() msg = state.get("_network_msg", "") msg_html = "" if msg: kind = "ok" if state.get("_network_ok") else "err" msg_html = f'
{msg}
' return f"""

🌐 Configuration réseau (avant activation)

Actuellement : {net.get('mode','?')}  ·  IP {net.get('ip_cidr','—')}  ·  GW {net.get('gateway','—')}  ·  iface {net.get('interface','—')}
Garder DHCP
Fixer IP statique
{msg_html}
""" def render_page(extra_state: dict | None = None) -> str: state = load_state() if extra_state: state.update(extra_state) return HTML_TEMPLATE.format( hostname=os.uname().nodename, fp_short=(state.get("machine_fingerprint") or "—")[:24], api_base=state.get("hp_api_base", "https://api.unisoc.fr"), portal_base=state.get("portal_base", "https://client.unisoc.fr"), status_banner=render_status_banner(state), activation_section=render_activation_section(state), network_card=render_network_card(state), ) # ────────────────────────────────────────────────────────────────────────────── # Auto-shutdown : quand license.json apparaît, re-run init.py pour basculer # /etc/issue en banner COUVERTURE Windows BackupServer, puis stop ce service. # ────────────────────────────────────────────────────────────────────────────── def auto_shutdown_watcher(): license_file = CONFIG_DIR / "license.json" while True: time.sleep(15) if license_file.exists(): try: lic = json.loads(license_file.read_text()) if lic.get("license_token") or lic.get("api_key"): print("[setup-ui] license.json détecté — bascule banner couverture + auto-stop dans 20s") time.sleep(20) try: subprocess.run(["/opt/sylink-honeypot/bin/init.py"], timeout=15) except Exception as e: print(f"[setup-ui] init.py rerun échec : {e}") subprocess.run(["systemctl", "disable", "--now", "sylink-honeypot-setup-ui.service"], timeout=20) return except Exception as e: print(f"[setup-ui] erreur watch license : {e}") # ────────────────────────────────────────────────────────────────────────────── # HTTP handlers # ────────────────────────────────────────────────────────────────────────────── class Handler(BaseHTTPRequestHandler): def do_GET(self): if urlparse(self.path).path != "/": self.send_response(404); self.end_headers(); return self.send_response(200) self.send_header("Content-Type", "text/html; charset=utf-8") self.end_headers() self.wfile.write(render_page().encode()) def do_POST(self): if urlparse(self.path).path != "/apply-network": self.send_response(404); self.end_headers(); return try: n = int(self.headers.get("Content-Length", 0)) body = self.rfile.read(n).decode("utf-8", errors="replace") form = {k: v[0] for k, v in parse_qs(body).items()} mode = form.get("mode", "dhcp") iface = form.get("interface") or primary_iface() if mode == "static": dns = [d.strip() for d in (form.get("dns") or "").split(",") if d.strip()] ok, msg = apply_network_static(iface, form.get("ip_cidr", "").strip(), form.get("gateway", "").strip(), dns) else: ok, msg = apply_network_dhcp(iface) page = render_page({"_network_ok": ok, "_network_msg": msg}) self.send_response(200) self.send_header("Content-Type", "text/html; charset=utf-8") self.end_headers() self.wfile.write(page.encode()) except Exception as e: self.send_response(500); self.end_headers() self.wfile.write(f"erreur : {e}".encode()) def log_message(self, format, *args): pass def main(): threading.Thread(target=auto_shutdown_watcher, daemon=True).start() server = ThreadingHTTPServer(("0.0.0.0", PORT), Handler) print(f"sylink-honeypot-setup-ui listening on 0.0.0.0:{PORT}") server.serve_forever() if __name__ == "__main__": main()