Begin of restructuring ...

- tweaking before re-work tpotinit
2025-07-01 12:32:12 +00:00 · 2023-06-14 02:17:09 +02:00 · 2023-06-14 02:17:09 +02:00 · 050c898149
commit 050c898149
parent ecb1dcd338
5 changed files with 72 additions and 102 deletions
--- a/docker/tpotinit/Dockerfile
+++ b/docker/tpotinit/Dockerfile
@ -8,23 +8,24 @@ RUN apk --no-cache -U add \
        aria2 \
        apache2-utils \
        bash \
-	    bind-tools \
+        bind-tools \
        conntrack-tools \
-	    curl \
-	    ethtool \
-	    figlet \
+        curl \
+        ethtool \
+        figlet \
        git \
        grep \
-	    iproute2 \
-	    iptables \
-	    jq \
-	    logrotate \
-	    lsblk \
-	    net-tools \
-	    openssl \
-	    pigz \
-	    tar \
-	    uuidgen && \
+        iproute2 \
+        iptables \
+        iptables-legacy \
+        jq \
+        logrotate \
+        lsblk \
+        net-tools \
+        openssl \
+        pigz \
+        tar \
+        uuidgen && \
    apk --no-cache -U add --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \
        yq && \
 #
@ -33,17 +34,6 @@ RUN apk --no-cache -U add \
    adduser -S -s /bin/ash -u 2000 -D -g 2000 tpot && \
 #
 # Install tpot
-    #sed -i "s#/opt/tpot/etc/logrotate/status#/data/tpot/etc/logrotate/status#g" bin/clean.sh && \
-    #sed -i "s#/opt/tpot/etc/compose/elk_environment#/data/tpot/etc/compose/elk_environment#g" bin/clean.sh && \
-    #sed -i "s#/usr/sbin/iptables-legacy#/sbin/iptables-legacy#g" bin/rules.sh && \
-    #sed -i "s/tr -d '\", '/tr -d '\", ,#,-'/g" bin/rules.sh && \
-    #sed -i "s#/opt/tpot/etc/compose/elk_environment#/data/tpot/etc/compose/elk_environment#g" bin/updateip.sh && \
-    #sed -i "s#.*myLOCALIP=.*#myLOCALIP=\$(/sbin/ip address show | awk '/inet .*brd/{split(\$2,a,\"/\"); print a[1]; exit}')#" bin/updateip.sh && \
-    #sed -i "s#.*myUUID=.*#myUUID=\$(cat /data/uuid)#" bin/updateip.sh && \
-    #sed -i "s#/etc/issue#/tmp/etc/issue#g" bin/updateip.sh && \
-    #sed -i "/toilet/d" bin/updateip.sh && \
-    #sed -i "/source \/etc\/environment/d" bin/updateip.sh && \
-    #touch /opt/tpot/etc/tpot.yml && \
    cp /root/dist/entrypoint.sh . && \
 #
 # Clean up
--- a/docker/tpotinit/dist/bin/clean.sh
+++ b/docker/tpotinit/dist/bin/clean.sh
@ -20,8 +20,8 @@ echo $(ls $myFOLDER | wc -l)

 # Let's create a function to rotate and compress logs
 fuLOGROTATE () {
-  local mySTATUS="/opt/tpot/etc/logrotate/status"
-  local myCONF="/opt/tpot/etc/logrotate/logrotate.conf"
+  local mySTATUS="/data/tpot/etc/logrotate/status"
+  local myCONF="/data/tpot/etc/logrotate/logrotate.conf"
  local myADBHONEYTGZ="/data/adbhoney/downloads.tgz"
  local myADBHONEYDL="/data/adbhoney/downloads/"
  local myCOWRIETTYLOGS="/data/cowrie/log/tty/"
--- a/docker/tpotinit/dist/bin/rules.sh
+++ b/docker/tpotinit/dist/bin/rules.sh
@ -33,7 +33,7 @@ fi
 function fuGETPORTS {
 ### Get ports from docker-compose.yml

-myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ' | sed -e s/^:// | cut -f1 -d ':' )
+myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ,#,-' | sed -e s/^:// | cut -f1 -d ':' )
 myDOCKERCOMPOSEPORTS+=" $myHOSTPORTS"
 myRULESPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo $i; done | sort -gu)
 echo "Setting up / removing these ports:"
@ -44,24 +44,24 @@ function fuSETRULES {
 ### Setting up iptables-legacy rules for honeytrap
 if [ "$myNFQCHECK" == "honeytrap" ];
  then
-    /usr/sbin/iptables-legacy -w -A INPUT -s 127.0.0.1 -j ACCEPT
-    /usr/sbin/iptables-legacy -w -A INPUT -d 127.0.0.1 -j ACCEPT
+    iptables-legacy -w -A INPUT -s 127.0.0.1 -j ACCEPT
+    iptables-legacy -w -A INPUT -d 127.0.0.1 -j ACCEPT

    for myPORT in $myRULESPORTS; do
-      /usr/sbin/iptables-legacy -w -A INPUT -p tcp --dport $myPORT -j ACCEPT
+      iptables-legacy -w -A INPUT -p tcp --dport $myPORT -j ACCEPT
    done

-    /usr/sbin/iptables-legacy -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+    iptables-legacy -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
 fi

 ### Setting up iptables-legacy rules for glutton
 if [ "$myNFQCHECK" == "glutton" ];
  then
-    /usr/sbin/iptables-legacy -w -t raw -A PREROUTING -s 127.0.0.1 -j ACCEPT
-    /usr/sbin/iptables-legacy -w -t raw -A PREROUTING -d 127.0.0.1 -j ACCEPT
+    iptables-legacy -w -t raw -A PREROUTING -s 127.0.0.1 -j ACCEPT
+    iptables-legacy -w -t raw -A PREROUTING -d 127.0.0.1 -j ACCEPT

    for myPORT in $myRULESPORTS; do
-      /usr/sbin/iptables-legacy -w -t raw -A PREROUTING -p tcp --dport $myPORT -j ACCEPT
+      iptables-legacy -w -t raw -A PREROUTING -p tcp --dport $myPORT -j ACCEPT
    done
    # No need for NFQ forwarding, such rules are set up by glutton
 fi
@ -71,24 +71,24 @@ function fuUNSETRULES {
 ### Removing  iptables-legacy rules for honeytrap
 if [ "$myNFQCHECK" == "honeytrap" ];
  then
-    /usr/sbin/iptables-legacy -w -D INPUT -s 127.0.0.1 -j ACCEPT
-    /usr/sbin/iptables-legacy -w -D INPUT -d 127.0.0.1 -j ACCEPT
+    iptables-legacy -w -D INPUT -s 127.0.0.1 -j ACCEPT
+    iptables-legacy -w -D INPUT -d 127.0.0.1 -j ACCEPT

    for myPORT in $myRULESPORTS; do
-      /usr/sbin/iptables-legacy -w -D INPUT -p tcp --dport $myPORT -j ACCEPT
+      iptables-legacy -w -D INPUT -p tcp --dport $myPORT -j ACCEPT
    done

-    /usr/sbin/iptables-legacy -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+    iptables-legacy -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
 fi

 ### Removing iptables-legacy rules for glutton
 if [ "$myNFQCHECK" == "glutton" ];
  then
-    /usr/sbin/iptables-legacy -w -t raw -D PREROUTING -s 127.0.0.1 -j ACCEPT
-    /usr/sbin/iptables-legacy -w -t raw -D PREROUTING -d 127.0.0.1 -j ACCEPT
+    iptables-legacy -w -t raw -D PREROUTING -s 127.0.0.1 -j ACCEPT
+    iptables-legacy -w -t raw -D PREROUTING -d 127.0.0.1 -j ACCEPT

    for myPORT in $myRULESPORTS; do
-      /usr/sbin/iptables-legacy -w -t raw -D PREROUTING -p tcp --dport $myPORT -j ACCEPT
+      iptables-legacy -w -t raw -D PREROUTING -p tcp --dport $myPORT -j ACCEPT
    done
    # No need for removing NFQ forwarding, such rules are removed by glutton
 fi
--- a/docker/tpotinit/dist/bin/updateip.sh
+++ b/docker/tpotinit/dist/bin/updateip.sh
@ -1,29 +1,22 @@
 #!/bin/bash
-# Let's add the first local ip to the /etc/issue and external ip to ews.ip file
+# Let's add the first local ip to the /tmp/etc/issue and external ip to ews.ip file
 # If the external IP cannot be detected, the internal IP will be inherited.
-source /etc/environment
-myCHECKIFSENSOR=$(head -n 1 /opt/tpot/etc/tpot.yml | grep "Sensor" | wc -l)
-myUUID=$(lsblk -o MOUNTPOINT,UUID | grep -e "^/ " | awk '{ print $2 }')
-myLOCALIP=$(hostname -I | awk '{ print $1 }')
+#myCHECKIFSENSOR=$(head -n 1 /opt/tpot/etc/tpot.yml | grep "Sensor" | wc -l)
+myUUID=$(cat /data/uuid)
+myLOCALIP=$(ip address show | awk '/inet .*brd/{split($2,a,"/"); print a[1]; exit}')
 myEXTIP=$(/opt/tpot/bin/myip.sh)
 if [ "$myEXTIP" = "" ];
  then
    myEXTIP=$myLOCALIP
-    myEXTIP_LAT="49.865835022498125"
-    myEXTIP_LONG="8.62606472775735"
-  else
-    myEXTIP_LOC=$(curl -s ipinfo.io/$myEXTIP/loc)
-    myEXTIP_LAT=$(echo "$myEXTIP_LOC" | cut -f1 -d",")
-    myEXTIP_LONG=$(echo "$myEXTIP_LOC" | cut -f2 -d",")
 fi

 # Load Blackhole routes if enabled 
-myBLACKHOLE_FILE1="/etc/blackhole/mass_scanner.txt"
-myBLACKHOLE_FILE2="/etc/blackhole/mass_scanner_cidr.txt"
-if [ -f "$myBLACKHOLE_FILE1" ] || [ -f "$myBLACKHOLE_FILE2" ];
-  then
-    /opt/tpot/bin/blackhole.sh add
-fi
+#myBLACKHOLE_FILE1="/etc/blackhole/mass_scanner.txt"
+#myBLACKHOLE_FILE2="/etc/blackhole/mass_scanner_cidr.txt"
+#if [ -f "$myBLACKHOLE_FILE1" ] || [ -f "$myBLACKHOLE_FILE2" ];
+#  then
+#    /opt/tpot/bin/blackhole.sh add
+#fi

 myBLACKHOLE_STATUS=$(ip r | grep "blackhole" -c)
 if [ "$myBLACKHOLE_STATUS" -gt "500" ];
@ -33,57 +26,44 @@ if [ "$myBLACKHOLE_STATUS" -gt "500" ];
    myBLACKHOLE_STATUS="| [1;34mBLACKHOLE: [ [1;30mDISABLED[1;34m ][0m"
 fi

-mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1)
-
-# Export
-export myUUID
-export myLOCALIP
-export myEXTIP
-export myEXTIP_LAT
-export myEXTIP_LONG
-export myBLACKHOLE_STATUS
-export mySSHUSER
-
 # Build issue
-echo "[H[2J" > /etc/issue
-toilet -f ivrit -F metal --filter border:metal "T-Pot   22.04" | sed 's/\\/\\\\/g' >> /etc/issue
-echo >> /etc/issue
-echo ",---- [ [1;34m\n[0m ] [ [0;34m\d[0m ] [ [1;30m\t[0m ]" >> /etc/issue
-echo "|" >> /etc/issue
-echo "| [1;34mIP: $myLOCALIP ($myEXTIP)[0m" >> /etc/issue
-echo "| [0;34mSSH: ssh -l tsec -p 64295 $myLOCALIP[0m" >> /etc/issue 
-if [ "$myCHECKIFSENSOR" == "0" ];
-  then
-    echo "| [1;30mWEB: https://$myLOCALIP:64297[0m" >> /etc/issue
-fi
-echo "| [0;37mADMIN: https://$myLOCALIP:64294[0m" >> /etc/issue
-echo "$myBLACKHOLE_STATUS" >> /etc/issue
-echo "|" >> /etc/issue
-echo "\`----" >> /etc/issue
-echo >> /etc/issue
+echo "[H[2J" > /tmp/etc/issue
+echo "T-Pot 23.12" >> /tmp/etc/issue
+echo >> /tmp/etc/issue
+echo ",---- [ [1;34m\n[0m ] [ [0;34m\d[0m ] [ [1;30m\t[0m ]" >> /tmp/etc/issue
+echo "|" >> /tmp/etc/issue
+echo "| [1;34mIP: $myLOCALIP ($myEXTIP)[0m" >> /tmp/etc/issue
+echo "| [0;34mSSH: ssh -l tsec -p 64295 $myLOCALIP[0m" >> /tmp/etc/issue
+#if [ "$myCHECKIFSENSOR" == "0" ];
+#  then
+echo "| [1;30mWEB: https://$myLOCALIP:64297[0m" >> /tmp/etc/issue
+#fi
+echo "| [0;37mADMIN: https://$myLOCALIP:64294[0m" >> /tmp/etc/issue
+echo "$myBLACKHOLE_STATUS" >> /tmp/etc/issue
+echo "|" >> /tmp/etc/issue
+echo "\`----" >> /tmp/etc/issue
+echo >> /tmp/etc/issue
 tee /data/ews/conf/ews.ip << EOF
 [MAIN]
 ip = $myEXTIP
 EOF
-tee /opt/tpot/etc/compose/elk_environment << EOF
+tee /data/tpot/etc/compose/elk_environment << EOF
 HONEY_UUID=$myUUID
 MY_EXTIP=$myEXTIP
-MY_EXTIP_LAT=$myEXTIP_LAT
-MY_EXTIP_LONG=$myEXTIP_LONG
 MY_INTIP=$myLOCALIP
 MY_HOSTNAME=$HOSTNAME
 EOF

-if [ -s "/data/elk/logstash/ls_environment" ];
-  then
-    source /data/elk/logstash/ls_environment
-    tee -a /opt/tpot/etc/compose/elk_environment << EOF
-MY_TPOT_TYPE=$MY_TPOT_TYPE
-MY_SENSOR_PRIVATEKEYFILE=$MY_SENSOR_PRIVATEKEYFILE
-MY_HIVE_USERNAME=$MY_HIVE_USERNAME
-MY_HIVE_IP=$MY_HIVE_IP
-EOF
-fi
+#if [ -s "/data/elk/logstash/ls_environment" ];
+#  then
+#    source /data/elk/logstash/ls_environment
+#    tee -a /data/tpot/etc/compose/elk_environment << EOF
+#MY_TPOT_TYPE=$MY_TPOT_TYPE
+#MY_SENSOR_PRIVATEKEYFILE=$MY_SENSOR_PRIVATEKEYFILE
+#MY_HIVE_USERNAME=$MY_HIVE_USERNAME
+#MY_HIVE_IP=$MY_HIVE_IP
+#EOF
+#fi

 chown tpot:tpot /data/ews/conf/ews.ip
 chmod 770 /data/ews/conf/ews.ip
--- a/docker/tpotinit/dist/entrypoint.sh
+++ b/docker/tpotinit/dist/entrypoint.sh
@ -37,8 +37,8 @@ if [ -f "/data/uuid" ];
    if [ "${WEB_USER}" == "changeme" ] || [ "${WEB_PW}" == "changeme" ];
      then
        echo "# Please change WEB_USER and WEB_PW in the hidden \".env\" file."
-	echo "# Aborting." 
-	echo
+	      echo "# Aborting."
+      	echo
        exit 1
    fi
    echo
@ -47,7 +47,7 @@ if [ -f "/data/uuid" ];
    mkdir -vp /data/ews/conf \
              /data/nginx/{cert,conf,log} \
              /data/tpot/etc/compose/ \
-	      /data/tpot/etc/logrotate/ \
+	            /data/tpot/etc/logrotate/ \
              /tmp/etc/
    echo
    echo "# Generating self signed certificate ..."