From 0b6cc3ca46893e2ede3a571bf291e292f716ea53 Mon Sep 17 00:00:00 2001 From: nu11secur1ty Date: Wed, 5 Jun 2024 22:01:38 +0300 Subject: [PATCH] Up Up --- Collector/README.MD | 1 - Collector/deploy.sh | 157 -------------------------------------------- 2 files changed, 158 deletions(-) delete mode 100644 Collector/README.MD delete mode 100644 Collector/deploy.sh diff --git a/Collector/README.MD b/Collector/README.MD deleted file mode 100644 index a5ef5ad7..00000000 --- a/Collector/README.MD +++ /dev/null @@ -1 +0,0 @@ -### Installer script for your sensor diff --git a/Collector/deploy.sh b/Collector/deploy.sh deleted file mode 100644 index 71669779..00000000 --- a/Collector/deploy.sh +++ /dev/null @@ -1,157 +0,0 @@ -#!/usr/bin/env bash - -myANSIBLE_PORT=64295 -myANSIBLE_TPOT_PLAYBOOK="installer/install/deploy.yml" -myADJECTIVE=$(shuf -n1 installer/install/a.txt) -myNOUN=$(shuf -n1 installer/install/n.txt) -myENV_FILE="$HOME/tpotce/.env" - -myDEPLOY=$(cat << "EOF" - - [ T-Pot ] - __ _ - / _| (_) -| |_ __ _ _ __ _ _ __ ___ __ _ ______ _ _ _ __ _ -| _/ _` | '_ \| | '_ ` _ \ / _` |_ / _` | | | |/ _` | -| || (_| | | | | | | | | | | (_| |/ / (_| | |_| | (_| | -|_| \__,_|_| |_|_|_| |_| |_|\__,_/___\__,_|\__,_|\__, | - | | - |_| - - -EOF -) - -# Check if the script is running in a HIVE installation -if ! grep -q 'TPOT_TYPE=HIVE' "$HOME/tpotce/.env"; - then - echo "# This script is only supported on HIVE installations." - echo - exit 1 -fi - -# Check if running on a supported distribution -mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu") -myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"') - -if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; - then - echo "# Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu." - echo - exit 1 -fi - -echo "${myDEPLOY}" -echo -echo "# This script will prepare a T-Pot SENSOR installation to transmit logs into this HIVE." -echo - -# Ask if a T-Pot SENSOR was installed -read -p "# Was a T-Pot SENSOR installed? (y/n): " mySENSOR_INSTALLED -if [[ ${mySENSOR_INSTALLED} != "y" ]]; - then - echo "# A T-Pot SENSOR must be installed to continue." - exit 1 -fi - -# Ask for the remote user -read -p "# Enter the remote username T-Pot SENSOR was installed with: " mySSHUSER -if [[ ${mySSHUSER} == "" ]]; - then - echo "# You need to enter a user. Aborting." - exit 1 -fi - -# Validate IP/domain name loop -while true; do - read -p "# Enter the IP/domain name of the SENSOR: " mySENSOR_IP - if [[ ${mySENSOR_IP} =~ ^([a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*\.[a-zA-Z]{2,})|(([0-9]{1,3}\.){3}[0-9]{1,3})$ ]]; - then - break - else - echo "# Invalid IP/domain. Please enter a valid IP or domain name." - fi -done - -# Check if ssh key has been deployed -read -p "# Has a SSH key been deployed to the SENSOR? (y/n): " mySSHKEY_DEPLOYED -if [[ ${mySSHKEY_DEPLOYED} != "y" ]]; - then - echo "# Generate a SSH key using 'ssh-keygen' and deploy it to the SENSOR (Example: ssh-copy-id -p 64295 ${mySSHUSER}@${mySENSOR_IP})." - exit 1 -fi - -# Validate IP/domain name of HIVE -while true; do - read -p "# Enter the IP/domain name of this HIVE: " myTPOT_HIVE_IP - if [[ ${myTPOT_HIVE_IP} =~ ^([a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*\.[a-zA-Z]{2,})|(([0-9]{1,3}\.){3}[0-9]{1,3})$ ]]; - then - break - else - echo "# Invalid IP/domain. Please enter a valid IP or domain name." - fi -done - -# Create a random SENSOR user name that is easily readable -myLS_WEB_USER="sensor-${myADJECTIVE}-${myNOUN}" - -# Create a random password -myLS_WEB_PW=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1) - -# Create myLS_WEB_USER_ENC -myLS_WEB_USER_ENC=$(htpasswd -b -n "${myLS_WEB_USER}" "${myLS_WEB_PW}") -myLS_WEB_USER_ENC_B64=$(echo -n "${myLS_WEB_USER_ENC}" | base64 -w0) - -# Create myTPOT_HIVE_USER, since this is for Logstash on the SENSOR, it needs to directly base64 encoded -myTPOT_HIVE_USER=$(echo -n "${myLS_WEB_USER}:${myLS_WEB_PW}" | base64 -w0) - -# Print credentials -echo "# The following SENSOR credentials have been created:" -echo "# New SENSOR username: ${myLS_WEB_USER}" -echo "# New SENSOR passowrd: ${myLS_WEB_PW}" -echo "# New htpasswd encoded credentials: ${myLS_WEB_USER_ENC}" -echo "# New htpasswd credentials base64 encoded: ${myLS_WEB_USER_ENC_B64}" -echo "# New SENSOR credentials base64 encoded: ${myTPOT_HIVE_USER}" -echo -echo "# Ansible will ask for the ‘BECOME password‘ which is typically the password you ’sudo’ with on the SENSOR." -echo "# The password will allow Ansible to run a reboot via sudo on the SENSOR." -echo - -# Read LS_WEB_USER from file -myENV_LS_WEB_USER=$(grep "^LS_WEB_USER=" "${myENV_FILE}" | sed 's/^LS_WEB_USER=//g' | tr -d "\"'") - -# Add the new SENSOR user -if [ "${myENV_LS_WEB_USER}" == "" ]; - then - myENV_LS_WEB_USER="${myLS_WEB_USER_ENC_B64}" - else - myENV_LS_WEB_USER="${myENV_LS_WEB_USER} ${myLS_WEB_USER_ENC_B64}" -fi - -# Need to export for Ansible -export myTPOT_HIVE_USER -export myTPOT_HIVE_IP - -ANSIBLE_LOG_PATH=${HOME}/tpotce/data/deploy_sensor.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -i ${mySENSOR_IP}, -c ssh -u ${mySSHUSER} --ask-become-pass -e "ansible_port=${myANSIBLE_PORT}" - -if [ "$?" == 0 ]; - then - # Update the T-Pot .env config and lswebpasswd (avoid the need to restart T-Pot) on the host - echo "# Updating SENSOR users on this HIVE and in the T-Pot .env config:" - sed -i "/^LS_WEB_USER=/c\LS_WEB_USER=$myENV_LS_WEB_USER" "${myENV_FILE}" - : > "${HOME}"/tpotce/data/nginx/conf/lswebpasswd - for i in $myENV_LS_WEB_USER; - do - if [[ -n $i ]]; - then - # Need to control newlines as they kept coming up for some reason - echo -n "$i" | base64 -d -w0 - echo - echo -n "$i" | base64 -d -w0 | tr -d '\n' >> ${HOME}/tpotce/data/nginx/conf/lswebpasswd - echo >> ${HOME}/tpotce/data/nginx/conf/lswebpasswd - fi - done -fi - -unset myTPOT_HIVE_USER -unset myTPOT_HIVE_IP