Merge pull request #1536 from t3chn0m4g3/master

Adjust T-Pot for Docker Desktop for Windows with WSL2

README.md

@@ -327,10 +327,10 @@ Choose a supported distro of your choice. It is recommended to use the minimum /
 Sometimes it is just nice if you can spin up a T-Pot instance on macOS or Windows, i.e. for development, testing or just the fun of it. As Docker Desktop is rather limited not all honeypot types or T-Pot features are supported. Also remember, by default the macOS and Windows firewall are blocking access from remote, so testing is limited to the host. For production it is recommended to run T-Pot on [Linux](#choose-your-distro).<br>
 To get things up and running just follow these steps:
 1. Install Docker Desktop for [macOS](https://docs.docker.com/desktop/install/mac-install/) or [Windows](https://docs.docker.com/desktop/install/windows-install/).
-2. Clone the GitHub repository: `git clone https://github.com/telekom-security/tpotce`
+2. Clone the GitHub repository: `git clone https://github.com/telekom-security/tpotce` (in Windows make sure the code is checked out with `LF` instead of `CRLF`!)
 3. Go to: `cd ~/tpotce`
 4. Copy `cp compose/mac_win.yml ./docker-compose.yml`
-5. Create a `WEB_USER` by running `~/tpotce/genuser.sh`
+5. Create a `WEB_USER` by running `~/tpotce/genuser.sh` (macOS) or `~/tpotce/genuserwin.ps1` (Windows)
 6. Adjust the `.env` file by changing `TPOT_OSTYPE=linux` to either `mac` or `win`:
    ```
    # OSType (linux, mac, win)

compose/mac_win.yml

@@ -53,6 +53,7 @@ services:
      - ${TPOT_DOCKER_COMPOSE}:/tmp/tpot/docker-compose.yml:ro
      - ${TPOT_DATA_PATH}/blackhole:/etc/blackhole
      - ${TPOT_DATA_PATH}:/data
+     - /var/run/docker.sock:/var/run/docker.sock:ro
 
 
 ##################
@@ -190,32 +191,6 @@ services:
     volumes:
      - ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot
 
-# Conpot kamstrup_382
-  conpot_kamstrup_382:
-    container_name: conpot_kamstrup_382
-    restart: always
-    depends_on:
-      tpotinit:
-        condition: service_healthy
-    environment:
-     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
-     - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
-     - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
-     - CONPOT_TEMPLATE=kamstrup_382
-     - CONPOT_TMP=/tmp/conpot
-    tmpfs:
-     - /tmp/conpot:uid=2000,gid=2000
-    networks:
-     - conpot_local_kamstrup_382
-    ports:
-     - "1025:1025"
-     - "50100:50100"
-    image: ${TPOT_REPO}/conpot:${TPOT_VERSION}
-    pull_policy: ${TPOT_PULL_POLICY}
-    read_only: true
-    volumes:
-     - ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot
-
 # Cowrie service
   cowrie:
     container_name: cowrie
@@ -303,7 +278,7 @@ services:
      - "81:81"
      - "135:135"
      # - "443:443"
-     - "445:445"
+     # - "445:445"
      - "1433:1433"
      - "1723:1723"
      - "1883:1883"

docker/tpotinit/dist/entrypoint.sh

@@ -7,6 +7,8 @@ exec > >(tee /data/tpotinit.log) 2>&1
 cleanup() {
   echo "# SIGTERM received, cleaning up ..."
   echo
+  if [ "${TPOT_OSTYPE}" = "linux" ];
+    then
       echo "## ... removing firewall rules."
       /opt/tpot/bin/rules.sh ${COMPOSE} unset
       echo
@@ -16,6 +18,7 @@ cleanup() {
           /opt/tpot/bin/blackhole.sh del
           echo
       fi
+  fi
   kill -TERM "$PID"
   rm -f /tmp/success
   echo "# Cleanup done."
@@ -153,25 +156,42 @@ update_permissions
 
 # Check for compatible OSType
 echo
-echo "# Checking if OSType is compatible."
+echo "# Checking if OSType is set correctly."
 echo
-myOSTYPE=$(uname -a | grep -Eo "linuxkit")
+myOSTYPE=$(uname -a | grep -Eo "microsoft|linuxkit")
-if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
+if [ "${myOSTYPE}" == "microsoft" ] && [ "${TPOT_OSTYPE}" != "win" ];
   then
-    echo "# Docker Desktop for macOS or Windows detected."
+    echo "# Docker Desktop for Windows detected, but TPOT_OSTYPE is not set to win."
-    echo "# 1. You need to adjust the OSType the T-Pot .env config."
+    echo "# 1. You need to adjust the OSType in the T-Pot .env config."
-    echo "# 2. You need to use the macos or win docker compose file."
+    echo "# 2. You need to copy compose/mac_win.yml to ./docker-compose.yml."
     echo
     echo "# Aborting."
     echo
+    sleep 1
     exit 1
 fi
 
-if ! [ "${myOSTYPE}" == "linuxkit" ] && ! [ -S /var/run/docker.sock ];
+if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" != "mac" ];
   then
-    echo "# Cannot access /var/run/docker.sock, check docker-compose.yml for proper volume definition."
+    echo "# Docker Desktop for macOS detected, but TPOT_OSTYPE is not set to mac."
+    echo "# 1. You need to adjust the OSType in the T-Pot .env config."
+    echo "# 2. You need to copy compose/mac_win.yml to ./docker-compose.yml."
     echo
     echo "# Aborting."
+    echo
+    sleep 1
+    exit 1
+fi
+
+if [ "${myOSTYPE}" == "" ] && [ "${TPOT_OSTYPE}" != "linux" ];
+  then
+    echo "# Docker Engine detected, but TPOT_OSTYPE is not set to linux."
+    echo "# 1. You need to adjust the OSType in the T-Pot .env config."
+    echo "# 2. You need to copy compose/standard.yml to ./docker-compose.yml."
+    echo
+    echo "# Aborting."
+    echo
+    sleep 1
     exit 1
 fi
 
@@ -255,12 +275,8 @@ if [ -f "/data/uuid" ];
 fi
 
 # Check if TPOT_BLACKHOLE is enabled
-if [ "${myOSTYPE}" == "linuxkit" ];
+if [ "${TPOT_OSTYPE}" == "linux" ];
   then
-    echo
-    echo "# Docker Desktop for macOS or Windows detected, Blackhole feature is not supported."
-    echo
-  else
     if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ ! -f "/etc/blackhole/mass_scanner.txt" ];
       then
         echo
@@ -278,6 +294,10 @@ if [ "${myOSTYPE}" == "linuxkit" ];
         echo
         echo "# Blackhole is not active."
     fi
+  else
+    echo
+    echo "# T-Pot is configured for macOS / Windows. Blackhole is not supported."
+    echo
 fi
 
 # Get IP
@@ -291,7 +311,7 @@ update_permissions
 
 # Update interface settings (p0f and Suricata) and setup iptables to support NFQ based honeypots (glutton, honeytrap)
 ### This is currently not supported on Docker for Desktop, only on Docker Engine for Linux
-if [ "${myOSTYPE}" != "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
+if [ "${TPOT_OSTYPE}" == "linux" ];
   then
     echo
     echo "# Get IF, disable offloading, enable promiscious mode for p0f and suricata ..."
@@ -303,10 +323,14 @@ if [ "${myOSTYPE}" != "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
     echo "# Adding firewall rules ..."
     echo
     /opt/tpot/bin/rules.sh ${COMPOSE} set
+  else
+    echo
+    echo "# T-Pot is configured for macOS / Windows. Setting up firewall rules on the host is not supported."
+    echo
 fi
 
 # Display open ports
-if [ "${myOSTYPE}" != "linuxkit" ];
+if [ "${TPOT_OSTYPE}" == "linux" ];
   then
     echo
     echo "# This is a list of open ports on the host (netstat -tulpen)."
@@ -317,7 +341,7 @@ if [ "${myOSTYPE}" != "linuxkit" ];
     echo
   else
     echo
-    echo "# Docker Desktop for macOS or Windows detected, cannot show open ports on the host."
+    echo "# T-Pot is configured for macOS / Windows. Showing open ports from the host is not supported."
     echo
 fi
 
@@ -331,25 +355,20 @@ touch /tmp/success
 
 # We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
 # Start autoheal if running on a supported os
-if [ "${myOSTYPE}" != "linuxkit" ];
+if [ "${TPOT_OSTYPE}" == "linux" ];
   then
     sleep 60
     echo "# Dropping UDP connection tables to improve visibility of true source IPs."
     /usr/sbin/conntrack -D -p udp
-    # Starting container health monitoring
-    echo
-    figlet "Starting ..."
-    figlet "Autoheal"
-    echo "# Now monitoring healthcheck enabled containers to automatically restart them when unhealthy."
-    echo
-    # exec /opt/tpot/autoheal.sh autoheal
-    /opt/tpot/autoheal.sh autoheal &
-    PID=$!
-    wait $PID
-    echo "# T-Pot Init and Autoheal were stopped. Exiting."
-  else
-    echo
-    echo "# Docker Desktop for macOS or Windows detected, Conntrack feature is not supported."
-    echo
-    sleep infinity 
 fi
+
+# Starting container health monitoring
+echo
+figlet "Starting ..."
+figlet "Autoheal"
+echo "# Now monitoring healthcheck enabled containers to automatically restart them when unhealthy."
+echo
+/opt/tpot/autoheal.sh autoheal &
+PID=$!
+wait $PID
+echo "# T-Pot Init and Autoheal were stopped. Exiting."

dps.ps1

@@ -0,0 +1,20 @@
+# Format, colorize docker ps output
+# Define a fixed width for the STATUS column
+$statusWidth = 30
+
+# Capture the Docker output into a variable
+$dockerOutput = docker ps -f status=running -f status=exited --format "{{.Names}}`t{{.Status}}`t{{.Ports}}"
+
+# Print header with colors
+Write-Host ("NAME".PadRight(20) + "STATUS".PadRight($statusWidth) + "PORTS") -ForegroundColor Cyan -NoNewline
+Write-Host ""
+
+# Split the output into lines and loop over them
+$dockerOutput -split '\r?\n' | ForEach-Object {
+    if ($_ -ne "") {
+        $fields = $_ -split "`t"
+        Write-Host ($fields[0].PadRight(20)) -NoNewline -ForegroundColor Yellow
+        Write-Host ($fields[1].PadRight($statusWidth)) -NoNewline -ForegroundColor Green
+        Write-Host ($fields[2]) -ForegroundColor Blue
+    }
+}

genuserwin.ps1

@@ -0,0 +1,12 @@
+# Run genuser.sh within tpotinit, prepare path and file
+# Define the volume paths
+$homePath = $Env:USERPROFILE + "\tpotce"
+$nginxpasswdPath = $homePath + "\data\nginx\conf\nginxpasswd"
+
+# Ensure nginxpasswd file exists
+if (-Not (Test-Path $nginxpasswdPath)) {
+    New-Item -ItemType File -Force -Path $nginxpasswdPath
+}
+
+# Run the Docker container without specifying UID / GID
+docker run -v "${homePath}:/data" --entrypoint bash -it dtagdevsec/tpotinit:24.04 "/opt/tpot/bin/genuser.sh"