tweaking

2025-07-01 04:22:11 +00:00 · 2019-01-28 21:52:55 +01:00 · 2019-01-28 21:52:55 +01:00 · 0cab79cd35
commit 0cab79cd35
parent 80411c9466
5 changed files with 33 additions and 42 deletions
--- a/host/etc/systemd/tpot.service
+++ b/host/etc/systemd/tpot.service
@ -27,9 +27,6 @@ ExecStartPre=-/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^
 ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off'
 ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on'

-# Modify access rights on docker.sock for netdata
-ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
-
 # Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
 # Forward all other connections to honeytrap / NFQUEUE
 ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@ -6,11 +6,11 @@
 ##################################

 myLSB=$(lsb_release -r | awk '{ print $2 }')
-myLSB_SUPPORTED="18.04"
+myLSB_SUPPORTED="testing"
 myINFO="\
-############################################
-### T-Pot Installer for Ubuntu $myLSB_SUPPORTED LTS ###
-############################################
+##########################################
+### T-Pot Installer for Debian $myLSB_SUPPORTED ###
+##########################################

 Disclaimer:
 This script will install T-Pot on this system, by running the script you know what you are doing:
@ -29,7 +29,7 @@ Example:

 if [ "$myLSB" != "$myLSB_SUPPORTED" ];
  then
-    echo "Aborting. Ubuntu $myLSB is not supported."
+    echo "Aborting. Debian $myLSB is not supported."
    exit
 fi
 if [ "$1" == "" ];
@ -64,7 +64,7 @@ for i in "$@"
        echo "  A configuration example is available in \"tpotce/iso/installer/tpot.conf.dist\"."
        echo
        echo "--type=<[user, auto, iso]>"
-        echo "  user, use this if you want to manually install a T-Pot on a Ubuntu 18.04 LTS machine."
+	echo "  user, use this if you want to manually install a T-Pot on a Debian (testing) machine."
        echo "  auto, implied if a configuration file is passed as an argument for automatic deployment."
        echo "  iso, use this if you are a T-Pot developer and want to install a T-Pot from a pre-compiled iso."
        echo
@ -129,7 +129,7 @@ function fuGET_DEPS {
 local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
 apt-get -y update
 apt-get -y install software-properties-common
-add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe restricted multiverse"
+add-apt-repository "deb http://ftp.debian.org/debian testing main contrib non-free"
 echo
 echo "### Getting update information."
 echo
@ -215,7 +215,7 @@ export DIALOGRC=/etc/dialogrc
 myBACKTITLE="T-Pot-Installer"
 myCONF_FILE="/root/installer/iso.conf"
 myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80"
-mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://ubuntu.com"
+mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org"
 myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"

 #####################
@ -375,7 +375,7 @@ if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
    printf "%s" "$myCONF_TPOT_USER:$myPASS1" | chpasswd
 fi

-# Let's ask for a web user credentials if deployment type is iso or user
+# Let's ask for web user credentials if deployment type is iso or user
 # In case of auto, credentials are created from config values
 # Skip this step entirely if SENSOR flavor
 if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
@ -506,15 +506,15 @@ network={
  private_key_passwd="$myCONF_PFX_PW"
 }
 "
-#if [ "myCONF_PFX_USE" == "0" ];
-#  then
-#    cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
-#    echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
-#
-#    echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
-#
-#    echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
-#fi
+if [ "myCONF_PFX_USE" == "0" ];
+  then
+    cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
+    echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
+
+    echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
+
+    echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
+fi

 # Let's provide a wireless example config ...
 myNETWORK_WLANEXAMPLE="
@ -545,7 +545,7 @@ myNETWORK_WLANEXAMPLE="
 #   wpa-key-mgmt WPA-PSK
 #   wpa-psk \"<your_password_here_without_brackets>\"
 "
-#echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Provide WLAN example config ]" $myPROGRESSBOXCONF
+echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Provide WLAN example config ]" $myPROGRESSBOXCONF

 # Let's modify the sources list
 sed -i '/cdrom/d' /etc/apt/sources.list
@ -572,10 +572,6 @@ n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt)
 myHOST=$a$n
 hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
 sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
-if [ -f "/etc/cloud/cloud.cfg" ];
-  then
-    sed -i 's/preserve_hostname: false/preserve_hostname: true/' /etc/cloud/cloud.cfg
-fi

 # Let's patch cockpit.socket, sshd_config
 sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket 2>&1 | dialog --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF
--- a/iso/isolinux/txt.cfg
+++ b/iso/isolinux/txt.cfg
@ -1,6 +1,6 @@
 default install
 label install
-  menu label ^T-Pot 18.11.1
+  menu label ^T-Pot (based on Debian testing)
  menu default
  kernel linux
  append vga=788 initrd=initrd.gz console-setup/ask_detect=true --
--- a/iso/preseed/tpot.seed
+++ b/iso/preseed/tpot.seed
@ -25,7 +25,6 @@ d-i console-setup/detected note
 #########################
 ### Network Configuration
 #########################
-#d-i netcfg/do_not_use_netplan true
 #d-i netcfg/choose_interface select auto
 #d-i netcfg/dhcp_timeout string 60
 d-i netcfg/get_hostname string t-pot
@ -71,8 +70,8 @@ d-i user-setup/encrypt-home boolean false
 ### Country Mirror & Proxy Configuration
 ########################################
 d-i mirror/country string manual
-d-i mirror/http/hostname string archive.ubuntu.com
-d-i mirror/http/directory string /ubuntu
+d-i mirror/http/hostname string deb.debian.org
+d-i mirror/http/directory string /debian
 d-i mirror/http/proxy string

 ###########################
@ -91,17 +90,17 @@ d-i lilo-installer/skip boolean true
 d-i clock-setup/utc boolean true
 d-i time/zone string UTC
 d-i clock-setup/ntp boolean true
-d-i clock-setup/ntp-server string ntp.ubuntu.com
+d-i clock-setup/ntp-server string debian.pool.ntp.org

 ##################
 ### Package Groups
 ##################
-tasksel tasksel/first multiselect ubuntu-server
+tasksel tasksel/first multiselect ssh-server

 ########################
 ### Package Installation
 ########################
-d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant
+d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant

 #################
 ### Update Policy
--- a/makeiso.sh
+++ b/makeiso.sh
@ -7,9 +7,8 @@ export DIALOGRC=/etc/dialogrc
 # Let's define some global vars
 myBACKTITLE="T-Pot - ISO Creator"
 # If you need latest hardware support, try using the hardware enablement (hwe) ISO, usually released later in time
-# myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/hwe-netboot/mini.iso"
-myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/netboot/mini.iso"
-myUBUNTUISO="mini.iso"
+myMINIISOLINK="http://ftp.debian.org/debian/dists/testing/main/installer-amd64/current/images/netboot/mini.iso"
+myMINIISO="mini.iso"
 myTPOTISO="tpot.iso"
 myTPOTDIR="tpotiso"
 myTPOTSEED="iso/preseed/tpot.seed"
@ -81,7 +80,7 @@ function valid_ip()
 }

 # Let's ask if the user wants to run the script ...
-dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Ubuntu Mini ISO and build the T-Pot Install Image." 8 50
+dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Debian Mini ISO and build the T-Pot Install Image." 8 50
 mySTART=$?
 if [ "$mySTART" = "1" ];
  then
@ -207,18 +206,18 @@ if [ "$myCONF_PROXY_USE" == "0" ] || [ "$myCONF_PFX_USE" == "0" ] || [ "$myCONF_
    echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE
 fi

-# Let's download Ubuntu Minimal ISO
-if [ ! -f $myUBUNTUISO ]
+# Let's download Debian Minimal ISO
+if [ ! -f $myMINIISO ]
  then
-    wget $myUBUNTULINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... ]" --gauge "" 5 70;
-    echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... Done! ]" --gauge "" 5 70;
+    wget $myMINIISOLINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... ]" --gauge "" 5 70;
+    echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... Done! ]" --gauge "" 5 70;
  else
    dialog --infobox "Using previously downloaded .iso ..." 3 50;
 fi

 # Let's loop mount it and copy all contents
 mkdir -p $myTMP $myTPOTDIR
-mount -o loop $myUBUNTUISO $myTMP
+mount -o loop $myMINIISO $myTMP
 rsync -a $myTMP/ $myTPOTDIR
 umount $myTMP