From 097e1d4684001ac15896c077ac44d78ab7f0feff Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Wed, 13 Feb 2019 13:33:53 +0100 Subject: [PATCH] tweak installer --- iso/installer/install.sh | 150 ++++--- iso/installer/install.sh.backup | 766 ++++++++++++++++++++++++++++++++ 2 files changed, 856 insertions(+), 60 deletions(-) create mode 100755 iso/installer/install.sh.backup diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 4bd97edc..bd14b6a8 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -185,6 +185,10 @@ if [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; fi } +#!/bin/bash +function fuBANNER { +toilet -f smmono12 -o -F metal "$1" | pv -qL 4000 +} # Prepare running the installer echo "$myINFO" | head -n 3 @@ -422,30 +426,35 @@ if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; htpasswd -b -c /data/nginx/conf/nginxpasswd "$myCONF_WEB_USER" "$myCONF_WEB_PW" 2>&1 | dialog --keep-window --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; fi +dialog --clear ######################## # Installation section # ######################## +fuBANNER "Installing" + # Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway) if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; then -mkdir -p /data/nginx/cert 2>&1 | dialog --keep-window --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; -openssl req \ - -nodes \ - -x509 \ - -sha512 \ - -newkey rsa:8192 \ - -keyout "/data/nginx/cert/nginx.key" \ - -out "/data/nginx/cert/nginx.crt" \ - -days 3650 \ - -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' 2>&1 | dialog --keep-window --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; + fuBANNER "NGINX Certificate" + mkdir -p /data/nginx/cert + openssl req \ + -nodes \ + -x509 \ + -sha512 \ + -newkey rsa:8192 \ + -keyout "/data/nginx/cert/nginx.key" \ + -out "/data/nginx/cert/nginx.crt" \ + -days 3650 \ + -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' fi # Let's setup the ntp server if [ "$myCONF_NTP_USE" == "0" ]; then - cp $myCONF_NTP_CONF_FILE /etc/ntp.conf 2>&1 | dialog --keep-window --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF + fuBANNER "Setup NTP" + cp $myCONF_NTP_CONF_FILE /etc/ntp.conf fi # Let's setup 802.1x networking @@ -493,12 +502,13 @@ network={ " if [ "myCONF_PFX_USE" == "0" ]; then - cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF - echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + fuBANNER "Setup 802.1x" + cp $myCONF_PFX_FILE /etc/wpa_supplicant/ + echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces - echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf - echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf fi # Let's provide a wireless example config ... @@ -530,38 +540,42 @@ myNETWORK_WLANEXAMPLE=" # wpa-key-mgmt WPA-PSK # wpa-psk \"\" " -echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces | dialog --keep-window --title "[ Provide WLAN example config ]" $myPROGRESSBOXCONF - -# Let's modify the sources list -sed -i '/cdrom/d' /etc/apt/sources.list +fuBANNER "Example config" +echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces # Let's make sure SSH roaming is turned off (CVE-2016-0777, CVE-2016-0778) -echo "UseRoaming no" 2>&1 | tee -a /etc/ssh/ssh_config | dialog --keep-window --title "[ Turn SSH roaming off ]" $myPROGRESSBOXCONF +fuBANNER "SSH roaming off" +echo "UseRoaming no" 2>&1 | tee -a /etc/ssh/ssh_config # Installing ctop, elasticdump, tpot, yq -npm install https://github.com/taskrabbit/elasticsearch-dump -g 2>&1 | dialog --keep-window --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF -pip install --upgrade pip 2>&1 | dialog --keep-window --title "[ Installing pip ]" $myPROGRESSBOXCONF -hash -r 2>&1 | dialog --keep-window --title "[ Installing pip ]" $myPROGRESSBOXCONF -pip install elasticsearch-curator yq 2>&1 | dialog --keep-window --title "[ Installing elasticsearch-curator, yq ]" $myPROGRESSBOXCONF -wget https://github.com/bcicen/ctop/releases/download/v0.7.2/ctop-0.7.2-linux-amd64 -O /usr/bin/ctop 2>&1 | dialog --keep-window --title "[ Installing ctop ]" $myPROGRESSBOXCONF -chmod +x /usr/bin/ctop 2>&1 | dialog --keep-window --title "[ Installing ctop ]" $myPROGRESSBOXCONF -git clone https://github.com/dtag-dev-sec/tpotce -b debian /opt/tpot 2>&1 | dialog --keep-window --title "[ Cloning T-Pot ]" $myPROGRESSBOXCONF +fuBANNER "Installing packages" +npm install https://github.com/taskrabbit/elasticsearch-dump -g +pip install --upgrade pip +hash -r +pip install elasticsearch-curator yq + +# Cloning T-Pot from GitHub +fuBANNER "Cloning T-Pot" +git clone https://github.com/dtag-dev-sec/tpotce -b debian /opt/tpot # Let's create the T-Pot user -addgroup --gid 2000 tpot 2>&1 | dialog --keep-window --title "[ Adding T-Pot user ]" $myPROGRESSBOXCONF -adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot 2>&1 | dialog --keep-window --title "[ Adding T-Pot user ]" $myPROGRESSBOXCONF +fuBANNER "Create user" +addgroup --gid 2000 tpot +adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot # Let's set the hostname a=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/a.txt) n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt) myHOST=$a$n -hostnamectl set-hostname $myHOST 2>&1 | dialog --keep-window --title "[ Setting new hostname ]" $myPROGRESSBOXCONF -sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --keep-window --title "[ Setting new hostname ]" $myPROGRESSBOXCONF +fuBANNER "Set hostname" +hostnamectl set-hostname $myHOST +sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts # Let's patch cockpit.socket, sshd_config -sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket 2>&1 | dialog --keep-window --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF -sed -i '/^port/Id' /etc/ssh/sshd_config 2>&1 | dialog --keep-window --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF -echo "Port 64295" >> /etc/ssh/sshd_config 2>&1 | dialog --keep-window --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF +fuBANNER "Adjust tcp ports" +sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket +sed -i '/^port/Id' /etc/ssh/sshd_config +echo "Port 64295" >> /etc/ssh/sshd_config # Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started case $myCONF_TPOT_FLAVOR in @@ -599,14 +613,16 @@ for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | un done wait } -fuPULLIMAGES 2>&1 | dialog --keep-window --title "[ Pulling docker images, please be patient ]" $myPROGRESSBOXCONF +fuBANNER "Pull images" +fuPULLIMAGES # Let's add the daily update check with a weekly clean interval myUPDATECHECK="APT::Periodic::Update-Package-Lists \"1\"; APT::Periodic::Download-Upgradeable-Packages \"0\"; APT::Periodic::AutocleanInterval \"7\"; " -echo "$myUPDATECHECK" 2>&1 | tee /etc/apt/apt.conf.d/10periodic | dialog --keep-window --title "[ Modifying update checks ]" $myPROGRESSBOXCONF +fuBANNER "Modify update checks" +echo "$myUPDATECHECK" | tee /etc/apt/apt.conf.d/10periodic # Let's make sure to reboot the system after a kernel panic mySYSCTLCONF=" @@ -619,7 +635,8 @@ net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 " -echo "$mySYSCTLCONF" 2>&1 | tee -a /etc/sysctl.conf | dialog --keep-window --title "[ Tweak Sysctl ]" $myPROGRESSBOXCONF +fuBANNER "Tweak systctl" +echo "$mySYSCTLCONF" | tee -a /etc/sysctl.conf # Let's setup fail2ban config myFAIL2BANCONF="[DEFAULT] @@ -646,14 +663,16 @@ port = 64295 filter = sshd logpath = /var/log/auth.log " -echo "$myFAIL2BANCONF" 2>&1 | tee /etc/fail2ban/jail.d/tpot.conf | dialog --keep-window --title "[ Setup fail2ban config ]" $myPROGRESSBOXCONF +fuBANNER "Setup fail2ban" +echo "$myFAIL2BANCONF" | tee /etc/fail2ban/jail.d/tpot.conf # Fix systemd error https://github.com/systemd/systemd/issues/3374 mySYSTEMDFIX="[Link] NamePolicy=kernel database onboard slot path MACAddressPolicy=none " -echo "$mySYSTEMDFIX" 2>&1 | tee /etc/systemd/network/99-default.link | dialog --keep-window --title "[ systemd fix ]" $myPROGRESSBOXCONF +fuBANNER "Systemd fix" +echo "$mySYSTEMDFIX" | tee /etc/systemd/network/99-default.link # Let's add some cronjobs myCRONJOBS=" @@ -672,9 +691,11 @@ myCRONJOBS=" # Check for updated packages every sunday, upgrade and reboot 27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot " -echo "$myCRONJOBS" 2>&1 | tee -a /etc/crontab | dialog --keep-window --title "[ Adding cronjobs ]" $myPROGRESSBOXCONF +fuBANNNER "Add cronjobs" +echo "$myCRONJOBS" | tee -a /etc/crontab # Let's create some files and folders +fuBANNER "Create files & folders" mkdir -p /data/adbhoney/downloads /data/adbhoney/log \ /data/ciscoasa/log \ /data/conpot/log \ @@ -695,33 +716,39 @@ mkdir -p /data/adbhoney/downloads /data/adbhoney/log \ /data/spiderfoot \ /data/suricata/log /home/tsec/.ssh/ \ /data/tanner/log /data/tanner/files \ - /data/p0f/log 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF -touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --keep-window --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF -touch /data/nginx/log/error.log 2>&1 | dialog --keep-window --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF + /data/p0f/log +touch /data/spiderfoot/spiderfoot.db +touch /data/nginx/log/error.log # Let's copy some files -tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C / 2>&1 | dialog --keep-window --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF -cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ 2>&1 | dialog --keep-window --title "[ Copy configs ]" $myPROGRESSBOXCONF -systemctl enable tpot 2>&1 | dialog --keep-window --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF +fuBANNER "Copy configs" +tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C / +cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ +systemctl enable tpot # Let's take care of some files and permissions -chmod 760 -R /data 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF -chown tpot:tpot -R /data 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF -chmod 644 -R /data/nginx/conf 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF -chmod 644 -R /data/nginx/cert 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +fuBANNER "Set permissions" +chmod 760 -R /data +chown tpot:tpot -R /data +chmod 644 -R /data/nginx/conf +chmod 644 -R /data/nginx/cert # Let's replace "quiet splash" options, set a console font for more screen canvas and update grub -sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet"#GRUB_CMDLINE_LINUX_DEFAULT="quiet consoleblank=0"#' /etc/default/grub 2>&1>/dev/null -sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub 2>&1>/dev/null -update-grub 2>&1 | dialog --keep-window --title "[ Update grub ]" $myPROGRESSBOXCONF +fuBANNER "Set options" +sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet"#GRUB_CMDLINE_LINUX_DEFAULT="quiet consoleblank=0"#' /etc/default/grub +sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub +update-grub 2>&1 + +fuBANNER "Setup console" cp /usr/share/consolefonts/Uni2-Terminus12x6.psf.gz /etc/console-setup/ gunzip /etc/console-setup/Uni2-Terminus12x6.psf.gz sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup -update-initramfs -u 2>&1 | dialog --keep-window --title "[ Update initramfs ]" $myPROGRESSBOXCONF -sed -i 's#After=.*#After=systemd-tmpfiles-setup.service console-screen.service kbd.service local-fs.target#' /etc/systemd/system/multi-user.target.wants/console-setup.service 2>&1 | dialog --keep-window --title "[ Fix race with console setup ]" $myPROGRESSBOXCONF +update-initramfs -u +sed -i 's#After=.*#After=systemd-tmpfiles-setup.service console-screen.service kbd.service local-fs.target#' /etc/systemd/system/multi-user.target.wants/console-setup.service # Let's enable a color prompt and add /opt/tpot/bin to path +fuBANNER "Setup prompts" myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' myROOTCOLORS="export LS_OPTIONS='--color=auto' @@ -729,25 +756,27 @@ eval \"\`dircolors\`\" alias ls='ls \$LS_OPTIONS' alias ll='ls \$LS_OPTIONS -l' alias l='ls \$LS_OPTIONS -lA'" -tee -a /root/.bashrc 2>&1>/dev/null <&1>/dev/null <&1>/dev/null +fuBANNER "Update IP" +/opt/tpot/bin/updateip.sh # Let's clean up apt -apt-get autoclean -y 2>&1 | dialog --keep-window --title "[ Cleaning up ]" $myPROGRESSBOXCONF -apt-get autoremove -y 2>&1 | dialog --keep-window --title "[ Cleaning up ]" $myPROGRESSBOXCONF +fuBANNER "Clean up" +apt-get autoclean -y +apt-get autoremove -y # Final steps cp /opt/tpot/host/etc/rc.local /etc/rc.local 2>&1>/dev/null && \ @@ -762,5 +791,6 @@ if [ "$myTPOT_DEPLOYMENT_TYPE" == "auto" ]; else dialog --keep-window --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Thanks for your patience. Now rebooting. ]" --pause "" 6 80 2 && \ systemctl restart console-setup.service + dialog --clear reboot fi diff --git a/iso/installer/install.sh.backup b/iso/installer/install.sh.backup new file mode 100755 index 00000000..4bd97edc --- /dev/null +++ b/iso/installer/install.sh.backup @@ -0,0 +1,766 @@ +#!/bin/bash +# T-Pot Universal Installer + +################################## +# Extract command line arguments # +################################## + +myLSB=$(lsb_release -c | awk '{ print $2 }') +myLSB_STABLE_SUPPORTED="stretch" +myLSB_TESTING_SUPPORTED="sid" +myINFO="\ +########################################### +### T-Pot Installer for Debian unstable ### +########################################### + +Disclaimer: +This script will install T-Pot on this system, by running the script you know what you are doing: +1. SSH will be reconfigured to tcp/64295 +2. Some packages will be installed, some will be upgraded +3. Please ensure other means of access to this system in case something goes wrong. +4. At best this script well be executed on the console instead through a SSH session. + +########################################## + +Usage: + $0 --help - Help. + +Example: + $0 --type=user - Best option for most users." + +if [ "$myLSB" != "$myLSB_STABLE_SUPPORTED" ] && [ "$myLSB" != "$myLSB_TESTING_SUPPORTED" ]; + then + echo "Aborting. Debian $myLSB is not supported." + exit +fi +if [ "$1" == "" ]; + then + echo "$myINFO" + exit +fi +for i in "$@" + do + case $i in + --conf=*) + myTPOT_CONF_FILE="${i#*=}" + shift + ;; + --type=user) + myTPOT_DEPLOYMENT_TYPE="${i#*=}" + shift + ;; + --type=auto) + myTPOT_DEPLOYMENT_TYPE="${i#*=}" + shift + ;; + --type=iso) + myTPOT_DEPLOYMENT_TYPE="${i#*=}" + shift + ;; + --help) + echo "Usage: $0 " + echo + echo "--conf=" + echo " Use this if you want to automatically deploy a T-Pot instance (--type=auto implied)." + echo " A configuration example is available in \"tpotce/iso/installer/tpot.conf.dist\"." + echo + echo "--type=<[user, auto, iso]>" + echo " user, use this if you want to manually install a T-Pot on a Debian (testing) machine." + echo " auto, implied if a configuration file is passed as an argument for automatic deployment." + echo " iso, use this if you are a T-Pot developer and want to install a T-Pot from a pre-compiled iso." + echo + exit + ;; + *) + echo "$myINFO" + exit + ;; + esac + done + + +################################################### +# Validate command line arguments and load config # +################################################### + +# If a valid config file exists, set deployment type to "auto" and load the configuration +if [ "$myTPOT_DEPLOYMENT_TYPE" == "auto" ] && [ "$myTPOT_CONF_FILE" == "" ]; + then + echo "Aborting. No configuration file given." + exit +fi +if [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ]; + then + myTPOT_DEPLOYMENT_TYPE="auto" + if [ "$(head -n 1 $myTPOT_CONF_FILE | grep -c "# tpot")" == "1" ]; + then + source "$myTPOT_CONF_FILE" + else + echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not a T-Pot configuration file." + exit + fi + elif ! [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ]; + then + echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not found." + exit +fi + + +####################### +# Prepare environment # +####################### + +# Got root? +function fuGOT_ROOT { +echo +echo -n "### Checking for root: " +if [ "$(whoami)" != "root" ]; + then + echo "[ NOT OK ]" + echo "### Please run as root." + echo "### Example: sudo $0" + exit + else + echo "[ OK ]" +fi +} + +# Let's check if all dependencies are met +function fuGET_DEPS { +local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" +export DEBIAN_FRONTEND=noninteractive +apt-get -y update +apt-get -y install libpq-dev software-properties-common +tee /etc/apt/sources.list 2>&1>/dev/null <&1 | tee -a /etc/environment | dialog --keep-window --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF + source /etc/environment + + # Let's setup the proxy for apt + echo "$myPROXY_APT" 2>&1 | tee /etc/apt/apt.conf | dialog --keep-window --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF + + # Let's add proxy settings to docker defaults + echo "$myPROXY_DOCKER" 2>&1 | tee -a /etc/default/docker | dialog --keep-window --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF + + # Let's restart docker for proxy changes to take effect + systemctl stop docker 2>&1 | dialog --keep-window --title "[ Stop docker service ]" $myPROGRESSBOXCONF + systemctl start docker 2>&1 | dialog --keep-window --title "[ Start docker service ]" $myPROGRESSBOXCONF +fi +### ---> End proxy setup + +# Let's test the internet connection +if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; + then + mySITESCOUNT=$(echo $mySITES | wc -w) + j=0 + for i in $mySITES; + do + curl --connect-timeout 30 -IsS $i 2>&1>/dev/null | dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) + if [ $? -ne 0 ]; + then + dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nInternet connection test failed. This might indicate some problems with your connection. You can continue, but the installation might fail." 10 50 + if [ $? = 1 ]; + then + dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Abort ]" --msgbox "\nInstallation aborted. Exiting the installer." 7 50 + exit + else + break; + fi; + fi; + let j+=1 + echo 2>&1>/dev/null | dialog --keep-window --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) + done; +fi + +#################### +# User interaction # +#################### + +# Let's ask the user for install flavor +if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; + then + myCONF_TPOT_FLAVOR=$(dialog --keep-window --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose Your T-Pot NG Edition ]" --menu \ + "\nRequired: 6GB RAM, 128GB SSD\nRecommended: 8GB RAM, 256GB SSD" 15 70 7 \ + "STANDARD" "Honeypots, ELK, NSM & Tools" \ + "SENSOR" "Just Honeypots, EWS Poster & NSM" \ + "INDUSTRIAL" "Conpot, RDPY, Vnclowpot, ELK, NSM & Tools" \ + "COLLECTOR" "Heralding, ELK, NSM & Tools" \ + "NEXTGEN" "NextGen (Glutton instead of Honeytrap)" \ + "LEGACY" "Standard Edition from previous release" 3>&1 1>&2 2>&3 3>&-) +fi + +# Let's ask for a secure tsec password if installation type is iso +if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ]; + then + myCONF_TPOT_USER="tsec" + myPASS1="pass1" + myPASS2="pass2" + mySECURE="0" + while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] + do + while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] + do + myPASS1=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \ + --title "[ Enter password for console user (tsec) ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + done + myPASS2=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \ + --title "[ Repeat password for console user (tsec) ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + if [ "$myPASS1" != "$myPASS2" ]; + then + dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ + --msgbox "\nPlease re-enter your password." 7 60 + myPASS1="pass1" + myPASS2="pass2" + fi + mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") + if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; + then + dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 + myOK=$? + if [ "$myOK" == "1" ]; + then + myPASS1="pass1" + myPASS2="pass2" + fi + fi + done + printf "%s" "$myCONF_TPOT_USER:$myPASS1" | chpasswd +fi + +# Let's ask for web user credentials if deployment type is iso or user +# In case of auto, credentials are created from config values +# Skip this step entirely if SENSOR flavor +if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; + then + myOK="1" + myCONF_WEB_USER="webuser" + myCONF_WEB_PW="pass1" + myCONF_WEB_PW2="pass2" + mySECURE="0" + while [ 1 != 2 ] + do + myCONF_WEB_USER=$(dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Enter your web user name ]" --inputbox "\nUsername (tsec not allowed)" 9 50 3>&1 1>&2 2>&3 3>&-) + myCONF_WEB_USER=$(echo $myCONF_WEB_USER | tr -cd "[:alnum:]_.-") + dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myCONF_WEB_USER" 7 50 + myOK=$? + if [ "$myOK" = "0" ] && [ "$myCONF_WEB_USER" != "tsec" ] && [ "$myCONF_WEB_USER" != "" ]; + then + break + fi + done + while [ "$myCONF_WEB_PW" != "$myCONF_WEB_PW2" ] && [ "$mySECURE" == "0" ] + do + while [ "$myCONF_WEB_PW" == "pass1" ] || [ "$myCONF_WEB_PW" == "" ] + do + myCONF_WEB_PW=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \ + --title "[ Enter password for your web user ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + done + myCONF_WEB_PW2=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \ + --title "[ Repeat password for your web user ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + if [ "$myCONF_WEB_PW" != "$myCONF_WEB_PW2" ]; + then + dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ + --msgbox "\nPlease re-enter your password." 7 60 + myCONF_WEB_PW="pass1" + myCONF_WEB_PW2="pass2" + fi + mySECURE=$(printf "%s" "$myCONF_WEB_PW" | cracklib-check | grep -c "OK") + if [ "$mySECURE" == "0" ] && [ "$myCONF_WEB_PW" == "$myCONF_WEB_PW2" ]; + then + dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 + myOK=$? + if [ "$myOK" == "1" ]; + then + myCONF_WEB_PW="pass1" + myCONF_WEB_PW2="pass2" + fi + fi + done +fi +# If flavor is SENSOR do not write credentials +if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; + then + mkdir -p /data/nginx/conf 2>&1 + htpasswd -b -c /data/nginx/conf/nginxpasswd "$myCONF_WEB_USER" "$myCONF_WEB_PW" 2>&1 | dialog --keep-window --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; +fi + + +######################## +# Installation section # +######################## + +# Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway) +if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; +then +mkdir -p /data/nginx/cert 2>&1 | dialog --keep-window --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; +openssl req \ + -nodes \ + -x509 \ + -sha512 \ + -newkey rsa:8192 \ + -keyout "/data/nginx/cert/nginx.key" \ + -out "/data/nginx/cert/nginx.crt" \ + -days 3650 \ + -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' 2>&1 | dialog --keep-window --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; +fi + +# Let's setup the ntp server +if [ "$myCONF_NTP_USE" == "0" ]; + then + cp $myCONF_NTP_CONF_FILE /etc/ntp.conf 2>&1 | dialog --keep-window --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF +fi + +# Let's setup 802.1x networking +myNETWORK_INTERFACES=" +wpa-driver wired +wpa-conf /etc/wpa_supplicant/wired8021x.conf + +### Example wireless config for 802.1x +### This configuration was tested with the IntelNUC series +### If problems occur you can try and change wpa-driver to \"iwlwifi\" +### Do not forget to enter a ssid in /etc/wpa_supplicant/wireless8021x.conf +### The Intel NUC uses wlpXsY notation instead of wlanX +# +#auto wlp2s0 +#iface wlp2s0 inet dhcp +# wpa-driver wext +# wpa-conf /etc/wpa_supplicant/wireless8021x.conf +" +myNETWORK_WIRED8021x="ctrl_interface=/var/run/wpa_supplicant +ctrl_interface_group=root +eapol_version=1 +ap_scan=1 +network={ + key_mgmt=IEEE8021X + eap=TLS + identity=\"host/$myCONF_PFX_HOST_ID\" + private_key=\"/etc/wpa_supplicant/8021x.pfx\" + private_key_passwd=\"$myCONF_PFX_PW\" +} +" +myNETWORK_WLAN8021x="ctrl_interface=/var/run/wpa_supplicant +ctrl_interface_group=root +eapol_version=1 +ap_scan=1 +network={ + ssid="" + key_mgmt=WPA-EAP + pairwise=CCMP + group=CCMP + eap=TLS + identity="host/$myCONF_PFX_HOST_ID" + private_key="/etc/wpa_supplicant/8021x.pfx" + private_key_passwd="$myCONF_PFX_PW" +} +" +if [ "myCONF_PFX_USE" == "0" ]; + then + cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + + echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + + echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF +fi + +# Let's provide a wireless example config ... +myNETWORK_WLANEXAMPLE=" +### Example static ip config +### Replace with the name of your physical interface name +# +#auto eth0 +#iface eth0 inet static +# address 192.168.1.1 +# netmask 255.255.255.0 +# network 192.168.1.0 +# broadcast 192.168.1.255 +# gateway 192.168.1.1 +# dns-nameservers 192.168.1.1 + +### Example wireless config without 802.1x +### This configuration was tested with the IntelNUC series +### If problems occur you can try and change wpa-driver to "iwlwifi" +# +#auto wlan0 +#iface wlan0 inet dhcp +# wpa-driver wext +# wpa-ssid +# wpa-ap-scan 1 +# wpa-proto RSN +# wpa-pairwise CCMP +# wpa-group CCMP +# wpa-key-mgmt WPA-PSK +# wpa-psk \"\" +" +echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces | dialog --keep-window --title "[ Provide WLAN example config ]" $myPROGRESSBOXCONF + +# Let's modify the sources list +sed -i '/cdrom/d' /etc/apt/sources.list + +# Let's make sure SSH roaming is turned off (CVE-2016-0777, CVE-2016-0778) +echo "UseRoaming no" 2>&1 | tee -a /etc/ssh/ssh_config | dialog --keep-window --title "[ Turn SSH roaming off ]" $myPROGRESSBOXCONF + +# Installing ctop, elasticdump, tpot, yq +npm install https://github.com/taskrabbit/elasticsearch-dump -g 2>&1 | dialog --keep-window --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF +pip install --upgrade pip 2>&1 | dialog --keep-window --title "[ Installing pip ]" $myPROGRESSBOXCONF +hash -r 2>&1 | dialog --keep-window --title "[ Installing pip ]" $myPROGRESSBOXCONF +pip install elasticsearch-curator yq 2>&1 | dialog --keep-window --title "[ Installing elasticsearch-curator, yq ]" $myPROGRESSBOXCONF +wget https://github.com/bcicen/ctop/releases/download/v0.7.2/ctop-0.7.2-linux-amd64 -O /usr/bin/ctop 2>&1 | dialog --keep-window --title "[ Installing ctop ]" $myPROGRESSBOXCONF +chmod +x /usr/bin/ctop 2>&1 | dialog --keep-window --title "[ Installing ctop ]" $myPROGRESSBOXCONF +git clone https://github.com/dtag-dev-sec/tpotce -b debian /opt/tpot 2>&1 | dialog --keep-window --title "[ Cloning T-Pot ]" $myPROGRESSBOXCONF + +# Let's create the T-Pot user +addgroup --gid 2000 tpot 2>&1 | dialog --keep-window --title "[ Adding T-Pot user ]" $myPROGRESSBOXCONF +adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot 2>&1 | dialog --keep-window --title "[ Adding T-Pot user ]" $myPROGRESSBOXCONF + +# Let's set the hostname +a=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/a.txt) +n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt) +myHOST=$a$n +hostnamectl set-hostname $myHOST 2>&1 | dialog --keep-window --title "[ Setting new hostname ]" $myPROGRESSBOXCONF +sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --keep-window --title "[ Setting new hostname ]" $myPROGRESSBOXCONF + +# Let's patch cockpit.socket, sshd_config +sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket 2>&1 | dialog --keep-window --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF +sed -i '/^port/Id' /etc/ssh/sshd_config 2>&1 | dialog --keep-window --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF +echo "Port 64295" >> /etc/ssh/sshd_config 2>&1 | dialog --keep-window --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF + +# Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started +case $myCONF_TPOT_FLAVOR in + STANDARD) + echo "### Preparing STANDARD flavor installation." + ln -s /opt/tpot/etc/compose/standard.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; + SENSOR) + echo "### Preparing SENSOR flavor installation." + ln -s /opt/tpot/etc/compose/sensor.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; + INDUSTRIAL) + echo "### Preparing INDUSTRIAL flavor installation." + ln -s /opt/tpot/etc/compose/industrial.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; + COLLECTOR) + echo "### Preparing COLLECTOR flavor installation." + ln -s /opt/tpot/etc/compose/collector.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; + NEXTGEN) + echo "### Preparing NEXTGEN flavor installation." + ln -s /opt/tpot/etc/compose/nextgen.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; + LEGACY) + echo "### Preparing LEGACY flavor installation." + ln -s /opt/tpot/etc/compose/legacy.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; +esac + +# Let's load docker images in parallel +function fuPULLIMAGES { +for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | uniq) + do + docker pull $name & +done +wait +} +fuPULLIMAGES 2>&1 | dialog --keep-window --title "[ Pulling docker images, please be patient ]" $myPROGRESSBOXCONF + +# Let's add the daily update check with a weekly clean interval +myUPDATECHECK="APT::Periodic::Update-Package-Lists \"1\"; +APT::Periodic::Download-Upgradeable-Packages \"0\"; +APT::Periodic::AutocleanInterval \"7\"; +" +echo "$myUPDATECHECK" 2>&1 | tee /etc/apt/apt.conf.d/10periodic | dialog --keep-window --title "[ Modifying update checks ]" $myPROGRESSBOXCONF + +# Let's make sure to reboot the system after a kernel panic +mySYSCTLCONF=" +# Reboot after kernel panic, check via /proc/sys/kernel/panic[_on_oops] +# Set required map count for ELK +kernel.panic = 1 +kernel.panic_on_oops = 1 +vm.max_map_count = 262144 +net.ipv6.conf.all.disable_ipv6 = 1 +net.ipv6.conf.default.disable_ipv6 = 1 +net.ipv6.conf.lo.disable_ipv6 = 1 +" +echo "$mySYSCTLCONF" 2>&1 | tee -a /etc/sysctl.conf | dialog --keep-window --title "[ Tweak Sysctl ]" $myPROGRESSBOXCONF + +# Let's setup fail2ban config +myFAIL2BANCONF="[DEFAULT] +ignore-ip = 127.0.0.1/8 +bantime = 3600 +findtime = 600 +maxretry = 5 + +[nginx-http-auth] +enabled = true +filter = nginx-http-auth +port = 64297 +logpath = /data/nginx/log/error.log + +[pam-generic] +enabled = true +port = 64294 +filter = pam-generic +logpath = /var/log/auth.log + +[sshd] +enabled = true +port = 64295 +filter = sshd +logpath = /var/log/auth.log +" +echo "$myFAIL2BANCONF" 2>&1 | tee /etc/fail2ban/jail.d/tpot.conf | dialog --keep-window --title "[ Setup fail2ban config ]" $myPROGRESSBOXCONF + +# Fix systemd error https://github.com/systemd/systemd/issues/3374 +mySYSTEMDFIX="[Link] +NamePolicy=kernel database onboard slot path +MACAddressPolicy=none +" +echo "$mySYSTEMDFIX" 2>&1 | tee /etc/systemd/network/99-default.link | dialog --keep-window --title "[ systemd fix ]" $myPROGRESSBOXCONF + +# Let's add some cronjobs +myCRONJOBS=" +# Check if updated images are available and download them +27 1 * * * root docker-compose -f /opt/tpot/etc/tpot.yml pull + +# Delete elasticsearch logstash indices older than 90 days +27 4 * * * root curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml + +# Uploaded binaries are not supposed to be downloaded +*/1 * * * * root mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/ + +# Daily reboot +27 3 * * * root systemctl stop tpot && docker stop \$(docker ps -aq) || docker rm \$(docker ps -aq) || reboot + +# Check for updated packages every sunday, upgrade and reboot +27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot +" +echo "$myCRONJOBS" 2>&1 | tee -a /etc/crontab | dialog --keep-window --title "[ Adding cronjobs ]" $myPROGRESSBOXCONF + +# Let's create some files and folders +mkdir -p /data/adbhoney/downloads /data/adbhoney/log \ + /data/ciscoasa/log \ + /data/conpot/log \ + /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \ + /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \ + /data/elasticpot/log \ + /data/elk/data /data/elk/log \ + /data/glastopf/log /data/glastopf/db \ + /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \ + /data/glutton/log \ + /data/heralding/log \ + /data/mailoney/log \ + /data/medpot/log \ + /data/nginx/log \ + /data/emobility/log \ + /data/ews/conf \ + /data/rdpy/log \ + /data/spiderfoot \ + /data/suricata/log /home/tsec/.ssh/ \ + /data/tanner/log /data/tanner/files \ + /data/p0f/log 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF +touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --keep-window --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF +touch /data/nginx/log/error.log 2>&1 | dialog --keep-window --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF + +# Let's copy some files +tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C / 2>&1 | dialog --keep-window --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ 2>&1 | dialog --keep-window --title "[ Copy configs ]" $myPROGRESSBOXCONF +systemctl enable tpot 2>&1 | dialog --keep-window --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF + +# Let's take care of some files and permissions +chmod 760 -R /data 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +chown tpot:tpot -R /data 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +chmod 644 -R /data/nginx/conf 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +chmod 644 -R /data/nginx/cert 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF + +# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub +sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet"#GRUB_CMDLINE_LINUX_DEFAULT="quiet consoleblank=0"#' /etc/default/grub 2>&1>/dev/null +sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub 2>&1>/dev/null +update-grub 2>&1 | dialog --keep-window --title "[ Update grub ]" $myPROGRESSBOXCONF +cp /usr/share/consolefonts/Uni2-Terminus12x6.psf.gz /etc/console-setup/ +gunzip /etc/console-setup/Uni2-Terminus12x6.psf.gz +sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup +sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup +update-initramfs -u 2>&1 | dialog --keep-window --title "[ Update initramfs ]" $myPROGRESSBOXCONF +sed -i 's#After=.*#After=systemd-tmpfiles-setup.service console-screen.service kbd.service local-fs.target#' /etc/systemd/system/multi-user.target.wants/console-setup.service 2>&1 | dialog --keep-window --title "[ Fix race with console setup ]" $myPROGRESSBOXCONF + +# Let's enable a color prompt and add /opt/tpot/bin to path +myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' +myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' +myROOTCOLORS="export LS_OPTIONS='--color=auto' +eval \"\`dircolors\`\" +alias ls='ls \$LS_OPTIONS' +alias ll='ls \$LS_OPTIONS -l' +alias l='ls \$LS_OPTIONS -lA'" +tee -a /root/.bashrc 2>&1>/dev/null <&1>/dev/null <&1>/dev/null + +# Let's clean up apt +apt-get autoclean -y 2>&1 | dialog --keep-window --title "[ Cleaning up ]" $myPROGRESSBOXCONF +apt-get autoremove -y 2>&1 | dialog --keep-window --title "[ Cleaning up ]" $myPROGRESSBOXCONF + +# Final steps +cp /opt/tpot/host/etc/rc.local /etc/rc.local 2>&1>/dev/null && \ +rm -rf /root/installer 2>&1>/dev/null && \ +rm -rf /etc/issue.d/cockpit.issue 2>&1>/dev/null && \ +rm -rf /etc/motd.d/cockpit 2>&1>/dev/null && \ +rm -rf /etc/issue.net 2>&1>/dev/null && \ +rm -rf /etc/motd 2>&1>/dev/null && \ +if [ "$myTPOT_DEPLOYMENT_TYPE" == "auto" ]; + then + echo "Done. Please reboot." + else + dialog --keep-window --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Thanks for your patience. Now rebooting. ]" --pause "" 6 80 2 && \ + systemctl restart console-setup.service + reboot +fi