tpotce/installer/etc/tpot/systemd/tpot.service

[Unit]
Description=tpot
Requires=docker.service
After=docker.service

[Service]
Restart=always

# Clear state from /data
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh off'

# Remove old containers, images and volumes
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml rm -v
ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)'
ExecStartPre=-/bin/bash -c 'docker rmi $(docker images | grep "<none>" | awk \'{print $3}\')'
ExecStartPre=-/bin/bash -c 'docker rm -v $(docker ps -aq)'

# Get IF, disable offloading, enable promiscious mode for p0f and suricata
ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) rx off tx off'
ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off'
ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on'

# Modify access rights on docker.sock for netdata
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock

# Prepare iptables rules for honeytrap
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE

# Compose T-Pot up
ExecStart=/usr/bin/docker-compose -f /etc/tpot/tpot.yml up

# Compose T-Pot down and remove containers
ExecStop=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v

# Remove iptables rules for honeytrap
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE

[Install]
WantedBy=multi-user.target
prepare switch to docker-compose 2017-04-30 23:34:30 +00:00			`[Unit]`
			`Description=tpot`
			`Requires=docker.service`
			`After=docker.service`

			`[Service]`
			`Restart=always`

			`# Clear state from /data`
			`ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh off'`

tweaking, prepare for elk microservice 2017-05-03 20:55:18 +00:00			`# Remove old containers, images and volumes`
prepare switch to docker-compose 2017-04-30 23:34:30 +00:00			`ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v`
			`ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml rm -v`
			`ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)'`
tweaking, prepare for elk microservice 2017-05-03 20:55:18 +00:00			`ExecStartPre=-/bin/bash -c 'docker rmi $(docker images \| grep "<none>" \| awk \'{print $3}\')'`
			`ExecStartPre=-/bin/bash -c 'docker rm -v $(docker ps -aq)'`
prepare switch to docker-compose 2017-04-30 23:34:30 +00:00
			`# Get IF, disable offloading, enable promiscious mode for p0f and suricata`
tweaking update dps.sh adjust docker-compose related tpot configs for dionaea (stdin_open: true) adjust tpot.service (suritcata / p0f prep) to be aware of a situation without local network route ( Fixes#99 ) 2017-05-11 17:01:21 +00:00			`ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address \| grep "^2: " \| awk \'{ print $2 }\' \| tr -d [:punct:]) rx off tx off'`
			`ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address \| grep "^2: " \| awk \'{ print $2 }\' \| tr -d [:punct:]) gso off gro off'`
			`ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address \| grep "^2: " \| awk \'{ print $2 }\' \| tr -d [:punct:]) promisc on'`
prepare switch to docker-compose 2017-04-30 23:34:30 +00:00
			`# Modify access rights on docker.sock for netdata`
			`ExecStartPre=-/bin/chmod 666 /var/run/docker.sock`

			`# Prepare iptables rules for honeytrap`
			`ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE`
			`ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE`
tweaking update dps.sh adjust docker-compose related tpot configs for dionaea (stdin_open: true) adjust tpot.service (suritcata / p0f prep) to be aware of a situation without local network route ( Fixes#99 ) 2017-05-11 17:01:21 +00:00			`ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE`
prepare switch to docker-compose 2017-04-30 23:34:30 +00:00			`ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE`

tweaking update dps.sh adjust docker-compose related tpot configs for dionaea (stdin_open: true) adjust tpot.service (suritcata / p0f prep) to be aware of a situation without local network route ( Fixes#99 ) 2017-05-11 17:01:21 +00:00			`# Compose T-Pot up`
prepare switch to docker-compose 2017-04-30 23:34:30 +00:00			`ExecStart=/usr/bin/docker-compose -f /etc/tpot/tpot.yml up`

			`# Compose T-Pot down and remove containers`
			`ExecStop=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v`

			`# Remove iptables rules for honeytrap`
			`ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE`
tweaking update dps.sh adjust docker-compose related tpot configs for dionaea (stdin_open: true) adjust tpot.service (suritcata / p0f prep) to be aware of a situation without local network route ( Fixes#99 ) 2017-05-11 17:01:21 +00:00			`ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE`
prepare switch to docker-compose 2017-04-30 23:34:30 +00:00			`ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE`
			`ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE`

			`[Install]`
			`WantedBy=multi-user.target`