Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 12:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tweaking

Browse source
This commit is contained in:
techn0m4g3 2019-01-28 21:52:55 +01:00
parent 80411c9466
commit 0cab79cd35
5 changed files with 33 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
host/etc/systemd/tpot.service
View file

@ -27,9 +27,6 @@ ExecStartPre=-/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^
ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off' ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off'
ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on' ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on'
# Modify access rights on docker.sock for netdata
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE # Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
# Forward all other connections to honeytrap / NFQUEUE # Forward all other connections to honeytrap / NFQUEUE
ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set

42
iso/installer/install.sh
View file

@ -6,11 +6,11 @@
################################## ##################################
myLSB=$(lsb_release -r | awk '{ print $2 }') myLSB=$(lsb_release -r | awk '{ print $2 }')
myLSB_SUPPORTED="18.04" myLSB_SUPPORTED="testing"
myINFO="\ myINFO="\
############################################ ##########################################
### T-Pot Installer for Ubuntu $myLSB_SUPPORTED LTS ### ### T-Pot Installer for Debian $myLSB_SUPPORTED ###
############################################ ##########################################
Disclaimer: Disclaimer:
This script will install T-Pot on this system, by running the script you know what you are doing: This script will install T-Pot on this system, by running the script you know what you are doing:
@ -29,7 +29,7 @@ Example:
if [ "$myLSB" != "$myLSB_SUPPORTED" ]; if [ "$myLSB" != "$myLSB_SUPPORTED" ];
then then
echo "Aborting. Ubuntu $myLSB is not supported." echo "Aborting. Debian $myLSB is not supported."
exit exit
fi fi
if [ "$1" == "" ]; if [ "$1" == "" ];
@ -64,7 +64,7 @@ for i in "$@"
echo " A configuration example is available in \"tpotce/iso/installer/tpot.conf.dist\"." echo " A configuration example is available in \"tpotce/iso/installer/tpot.conf.dist\"."
echo echo
echo "--type=<[user, auto, iso]>" echo "--type=<[user, auto, iso]>"
echo " user, use this if you want to manually install a T-Pot on a Ubuntu 18.04 LTS machine." echo " user, use this if you want to manually install a T-Pot on a Debian (testing) machine."
echo " auto, implied if a configuration file is passed as an argument for automatic deployment." echo " auto, implied if a configuration file is passed as an argument for automatic deployment."
echo " iso, use this if you are a T-Pot developer and want to install a T-Pot from a pre-compiled iso." echo " iso, use this if you are a T-Pot developer and want to install a T-Pot from a pre-compiled iso."
echo echo
@ -129,7 +129,7 @@ function fuGET_DEPS {
local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant" local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
apt-get -y update apt-get -y update
apt-get -y install software-properties-common apt-get -y install software-properties-common
add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe restricted multiverse" add-apt-repository "deb http://ftp.debian.org/debian testing main contrib non-free"
echo echo
echo "### Getting update information." echo "### Getting update information."
echo echo
@ -215,7 +215,7 @@ export DIALOGRC=/etc/dialogrc
myBACKTITLE="T-Pot-Installer" myBACKTITLE="T-Pot-Installer"
myCONF_FILE="/root/installer/iso.conf" myCONF_FILE="/root/installer/iso.conf"
myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80"
mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://ubuntu.com" mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org"
myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
##################### #####################
@ -375,7 +375,7 @@ if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
printf "%s" "$myCONF_TPOT_USER:$myPASS1" | chpasswd printf "%s" "$myCONF_TPOT_USER:$myPASS1" | chpasswd
fi fi
# Let's ask for a web user credentials if deployment type is iso or user # Let's ask for web user credentials if deployment type is iso or user
# In case of auto, credentials are created from config values # In case of auto, credentials are created from config values
# Skip this step entirely if SENSOR flavor # Skip this step entirely if SENSOR flavor
if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
@ -506,15 +506,15 @@ network={
private_key_passwd="$myCONF_PFX_PW" private_key_passwd="$myCONF_PFX_PW"
} }
" "
#if [ "myCONF_PFX_USE" == "0" ]; if [ "myCONF_PFX_USE" == "0" ];
# then then
# cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
# echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
#
# echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
#
# echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
#fi fi
# Let's provide a wireless example config ... # Let's provide a wireless example config ...
myNETWORK_WLANEXAMPLE=" myNETWORK_WLANEXAMPLE="
@ -545,7 +545,7 @@ myNETWORK_WLANEXAMPLE="
# wpa-key-mgmt WPA-PSK # wpa-key-mgmt WPA-PSK
# wpa-psk \"<your_password_here_without_brackets>\" # wpa-psk \"<your_password_here_without_brackets>\"
" "
#echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Provide WLAN example config ]" $myPROGRESSBOXCONF echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Provide WLAN example config ]" $myPROGRESSBOXCONF
# Let's modify the sources list # Let's modify the sources list
sed -i '/cdrom/d' /etc/apt/sources.list sed -i '/cdrom/d' /etc/apt/sources.list
@ -572,10 +572,6 @@ n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt)
myHOST=$a$n myHOST=$a$n
hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
if [ -f "/etc/cloud/cloud.cfg" ];
then
sed -i 's/preserve_hostname: false/preserve_hostname: true/' /etc/cloud/cloud.cfg
fi
# Let's patch cockpit.socket, sshd_config # Let's patch cockpit.socket, sshd_config
sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket 2>&1 | dialog --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket 2>&1 | dialog --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF

2
iso/isolinux/txt.cfg
View file

@ -1,6 +1,6 @@
default install default install
label install label install
menu label ^T-Pot 18.11.1 menu label ^T-Pot (based on Debian testing)
menu default menu default
kernel linux kernel linux
append vga=788 initrd=initrd.gz console-setup/ask_detect=true -- append vga=788 initrd=initrd.gz console-setup/ask_detect=true --

11
iso/preseed/tpot.seed
View file

@ -25,7 +25,6 @@ d-i console-setup/detected note
######################### #########################
### Network Configuration ### Network Configuration
######################### #########################
#d-i netcfg/do_not_use_netplan true
#d-i netcfg/choose_interface select auto #d-i netcfg/choose_interface select auto
#d-i netcfg/dhcp_timeout string 60 #d-i netcfg/dhcp_timeout string 60
d-i netcfg/get_hostname string t-pot d-i netcfg/get_hostname string t-pot
@ -71,8 +70,8 @@ d-i user-setup/encrypt-home boolean false
### Country Mirror & Proxy Configuration ### Country Mirror & Proxy Configuration
######################################## ########################################
d-i mirror/country string manual d-i mirror/country string manual
d-i mirror/http/hostname string archive.ubuntu.com d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /ubuntu d-i mirror/http/directory string /debian
d-i mirror/http/proxy string d-i mirror/http/proxy string
########################### ###########################
@ -91,17 +90,17 @@ d-i lilo-installer/skip boolean true
d-i clock-setup/utc boolean true d-i clock-setup/utc boolean true
d-i time/zone string UTC d-i time/zone string UTC
d-i clock-setup/ntp boolean true d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string ntp.ubuntu.com d-i clock-setup/ntp-server string debian.pool.ntp.org
################## ##################
### Package Groups ### Package Groups
################## ##################
tasksel tasksel/first multiselect ubuntu-server tasksel tasksel/first multiselect ssh-server
######################## ########################
### Package Installation ### Package Installation
######################## ########################
d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant
################# #################
### Update Policy ### Update Policy

17
makeiso.sh
View file

@ -7,9 +7,8 @@ export DIALOGRC=/etc/dialogrc
# Let's define some global vars # Let's define some global vars
myBACKTITLE="T-Pot - ISO Creator" myBACKTITLE="T-Pot - ISO Creator"
# If you need latest hardware support, try using the hardware enablement (hwe) ISO, usually released later in time # If you need latest hardware support, try using the hardware enablement (hwe) ISO, usually released later in time
# myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/hwe-netboot/mini.iso" myMINIISOLINK="http://ftp.debian.org/debian/dists/testing/main/installer-amd64/current/images/netboot/mini.iso"
myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/netboot/mini.iso" myMINIISO="mini.iso"
myUBUNTUISO="mini.iso"
myTPOTISO="tpot.iso" myTPOTISO="tpot.iso"
myTPOTDIR="tpotiso" myTPOTDIR="tpotiso"
myTPOTSEED="iso/preseed/tpot.seed" myTPOTSEED="iso/preseed/tpot.seed"
@ -81,7 +80,7 @@ function valid_ip()
} }
# Let's ask if the user wants to run the script ... # Let's ask if the user wants to run the script ...
dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Ubuntu Mini ISO and build the T-Pot Install Image." 8 50 dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Debian Mini ISO and build the T-Pot Install Image." 8 50
mySTART=$? mySTART=$?
if [ "$mySTART" = "1" ]; if [ "$mySTART" = "1" ];
then then
@ -207,18 +206,18 @@ if [ "$myCONF_PROXY_USE" == "0" ] || [ "$myCONF_PFX_USE" == "0" ] || [ "$myCONF_
echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE
fi fi
# Let's download Ubuntu Minimal ISO # Let's download Debian Minimal ISO
if [ ! -f $myUBUNTUISO ] if [ ! -f $myMINIISO ]
then then
wget $myUBUNTULINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... ]" --gauge "" 5 70; wget $myMINIISOLINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... ]" --gauge "" 5 70;
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... Done! ]" --gauge "" 5 70; echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... Done! ]" --gauge "" 5 70;
else else
dialog --infobox "Using previously downloaded .iso ..." 3 50; dialog --infobox "Using previously downloaded .iso ..." 3 50;
fi fi
# Let's loop mount it and copy all contents # Let's loop mount it and copy all contents
mkdir -p $myTMP $myTPOTDIR mkdir -p $myTMP $myTPOTDIR
mount -o loop $myUBUNTUISO $myTMP mount -o loop $myMINIISO $myTMP
rsync -a $myTMP/ $myTPOTDIR rsync -a $myTMP/ $myTPOTDIR
umount $myTMP umount $myTMP