From c556d02a30ababab6d7a23cce7ccc84931d8d571 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Wed, 2 Jul 2025 19:41:32 +0200 Subject: [PATCH 1/5] update issue templates --- .github/ISSUE_TEMPLATE/bug-report-for-t-pot.md | 8 ++++---- .github/ISSUE_TEMPLATE/general-issue-for-t-pot.md | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md index e2eb2e88..4e120f93 100644 --- a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md +++ b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md @@ -10,10 +10,10 @@ assignees: '' # Successfully raise an issue Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue. -- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first -- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions) -- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md). -- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. +- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first +- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general. +- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md). +- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. - **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.
# ⚠️ Basic support information (commands are expected to run as `root`) diff --git a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md index 45ca029d..fb65f588 100644 --- a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md +++ b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md @@ -10,10 +10,10 @@ assignees: '' # Successfully raise an issue Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue. -- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first -- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions) -- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md). -- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. +- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first +- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general. +- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md). +- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. - **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.
# ⚠️ Basic support information (commands are expected to run as `root`) From 6faf600d401ce44f4568d35dc38b46dcf29acae9 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Thu, 3 Jul 2025 10:48:18 +0200 Subject: [PATCH 2/5] Fix logstash logging issue, introduced with Sentrypeer 4.0.4 Similar to #1807 --- docker/elk/logstash/dist/http_output.conf | 11 +++++++---- docker/elk/logstash/dist/logstash.conf | 11 +++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/docker/elk/logstash/dist/http_output.conf b/docker/elk/logstash/dist/http_output.conf index d3dd5716..9c1932a1 100644 --- a/docker/elk/logstash/dist/http_output.conf +++ b/docker/elk/logstash/dist/http_output.conf @@ -698,12 +698,15 @@ filter { remove_field => ["event_timestamp"] } mutate { - rename => { - "source_ip" => "src_ip" - "destination_ip" => "dest_ip" - } + split => ["source_ip", ":"] + rename => { "destination_ip" => "dest_ip" } add_field => { "dest_port" => "5060" } } + mutate { + add_field => { "src_ip" => "%{[source_ip][0]}" } + add_field => { "src_port" => "%{[source_ip][1]}" } + remove_field => ["source_ip"] + } } # Tanner diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf index fd797ba1..ad23f165 100644 --- a/docker/elk/logstash/dist/logstash.conf +++ b/docker/elk/logstash/dist/logstash.conf @@ -698,12 +698,15 @@ filter { remove_field => ["event_timestamp"] } mutate { - rename => { - "source_ip" => "src_ip" - "destination_ip" => "dest_ip" - } + split => ["source_ip", ":"] + rename => { "destination_ip" => "dest_ip" } add_field => { "dest_port" => "5060" } } + mutate { + add_field => { "src_ip" => "%{[source_ip][0]}" } + add_field => { "src_port" => "%{[source_ip][1]}" } + remove_field => ["source_ip"] + } } # Tanner From 8e79c596f3b41a3055e4550210ae4654bf0b60ef Mon Sep 17 00:00:00 2001 From: dz Date: Fri, 4 Jul 2025 10:57:00 -0400 Subject: [PATCH 3/5] Comment out Port(s) in sshd_config to avoid port conflicts when multiple SSH Port definitions present (#1809) - Comment out Port(s) in sshd_config to avoid port conflicts when multiple SSH Port definitions present - Resolve duplication issue for repeatedly running the install playbook - Avoid accidental uncommenting of Port 22 --- installer/install/tpot.yml | 15 +++++++++++++++ installer/remove/tpot.yml | 15 +++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/installer/install/tpot.yml b/installer/install/tpot.yml index e4de97a4..b6fb16e8 100644 --- a/installer/install/tpot.yml +++ b/installer/install/tpot.yml @@ -478,6 +478,21 @@ tags: - "Ubuntu" + - name: Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu) + ansible.builtin.replace: + path: /etc/ssh/sshd_config + regexp: '^(Port (?!64295$)[0-9]+)' + replace: '# \1' + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + tags: + - "AlmaLinux" + - "Debian" + - "Fedora" + - "openSUSE Tumbleweed" + - "Raspbian" + - "Rocky" + - "Ubuntu" + - name: Change SSH Port to 64295 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) lineinfile: path: /etc/ssh/sshd_config diff --git a/installer/remove/tpot.yml b/installer/remove/tpot.yml index 6196f31a..eb89ae86 100644 --- a/installer/remove/tpot.yml +++ b/installer/remove/tpot.yml @@ -215,6 +215,21 @@ - "Rocky" - "Ubuntu" + - name: Revert Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu) + ansible.builtin.replace: + path: /etc/ssh/sshd_config + regexp: '^# (Port (?!22$)[0-9]+)' + replace: '\1' + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + tags: + - "AlmaLinux" + - "Debian" + - "Fedora" + - "openSUSE Tumbleweed" + - "Raspbian" + - "Rocky" + - "Ubuntu" + - name: Remove vm.max_map_count setting (All) lineinfile: path: /etc/sysctl.conf From 1c259e8b10e2aae74c4927c860b32e76d7914d36 Mon Sep 17 00:00:00 2001 From: natitomattis Date: Fri, 4 Jul 2025 12:17:49 -0300 Subject: [PATCH 4/5] Adjust restore procedure on upgrade.sh (#1777) * small fix on upgrade.sh * typo --- update.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/update.sh b/update.sh index 3f54a207..460f38bb 100755 --- a/update.sh +++ b/update.sh @@ -188,6 +188,10 @@ function fuRESTORE () { fi echo "### Restoring T-Pot config file .env" tar xvf $myARCHIVE .env -C $HOME/tpotce >/dev/null 2>&1 + # Backup file (.env) contains a record of the TPOT_VERSION that is used in docker-compose commmands. + # We should upgrade the version in this file after restoring the backup. + newVERSION=$(cat version) + sed -i 's/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/' $HOME/tpotce/.env } ################ From 3232781a6dc80b16a4771c5837501059f6a03eed Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Fri, 4 Jul 2025 17:29:19 +0200 Subject: [PATCH 5/5] fix var expansion --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 460f38bb..f8fa4304 100755 --- a/update.sh +++ b/update.sh @@ -191,7 +191,7 @@ function fuRESTORE () { # Backup file (.env) contains a record of the TPOT_VERSION that is used in docker-compose commmands. # We should upgrade the version in this file after restoring the backup. newVERSION=$(cat version) - sed -i 's/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/' $HOME/tpotce/.env + sed -i "s/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/" $HOME/tpotce/.env } ################