diff --git a/installer/bin/backup_elk.sh b/installer/bin/backup_elk.sh new file mode 100755 index 00000000..695f8d9c --- /dev/null +++ b/installer/bin/backup_elk.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +######################################################## +# T-Pot # +# ELK DB backup script # +# # +# v0.01 by mo, DTAG, 2016-02-12 # +######################################################## +myCOUNT=1 +myDATE=$(date +%Y%m%d%H%M) +myELKPATH="/data/elk/" +myBACKUPPATH="/data/" + +# Make sure not to interrupt a check +while true +do + if ! [ -a /var/run/check.lock ]; + then break + fi + sleep 0.1 + if [ "$myCOUNT" = "1" ]; + then + echo -n "Waiting for services " + else echo -n . + fi + if [ "$myCOUNT" = "6000" ]; + then + echo + echo "Overriding check.lock" + rm /var/run/check.lock + break + fi + myCOUNT=$[$myCOUNT +1] +done + +# We do not want to get interrupted by a check +touch /var/run/check.lock + +# Stop ELK to lift db lock +echo "Now stopping ELK ..." +service elk stop +sleep 10 + +# Backup DB in 2 flavors +echo "Now backing up Elasticsearch data ..." +tar cvfz $myBACKUPPATH"$myDATE"_elkall.tgz $myELKPATH +rm -rf "$myELKPATH"log/* +rm -rf "$myELKPATH"data/elasticsearch/nodes/0/indices/logstash* +tar cvfz $myBACKUPPATH"$myDATE"_elkbase.tgz $myELKPATH +rm -rf $myELKPATH +tar xvfz $myBACKUPPATH"$myDATE"_elkall.tgz -C / +#tar xvfz $myBACKUPPATH"$myDATE"_elkbase.tgz -C / +chmod 760 -R $myELKPATH +chown tpot:tpot -R $myELKPATH + +# Start ELK +service elk start +echo "Now starting up ELK ..." + +# Allow checks to resume +rm /var/run/check.lock + diff --git a/installer/bin/check.sh b/installer/bin/check.sh index ddc58525..4c601dc4 100755 --- a/installer/bin/check.sh +++ b/installer/bin/check.sh @@ -4,10 +4,12 @@ # T-Pot # # Check container and services script # # # -# v0.02 by mo, DTAG, 2015-08-08 # +# v0.03 by mo, DTAG, 2016-02-12 # ######################################################## if [ -a /var/run/check.lock ]; - then exit + then + echo "Lock exists. Exiting now." + exit fi myIMAGES=$(cat /data/images.conf) @@ -24,38 +26,13 @@ for i in $myIMAGES else myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)") fi - if [ $myCIDSTATUS -gt 0 ]; + if [ $myUPTIME -gt 4 ] && [ $myCIDSTATUS -gt 0 ]; then - if [ $myUPTIME -gt 5 ]; - then - for j in $myIMAGES - do - service $j stop - done - iptables -w -F - service docker restart - while true - do - docker info > /dev/null - if [ $? -ne 0 ]; - then - echo Docker daemon is still starting. - else - echo Docker daemon is now available. - break - fi - sleep 0.1 - done - docker rm -v $(docker ps -aq) - for j in $myIMAGES - do - service $j start - sleep $(((RANDOM %5)+5)) - done - rm /var/run/check.lock - exit - fi + echo "Restarting "$i"." + service $i stop + sleep 5 + service $i start fi done - + rm /var/run/check.lock diff --git a/installer/bin/dcres.sh b/installer/bin/dcres.sh index 2797dc6f..e824263f 100755 --- a/installer/bin/dcres.sh +++ b/installer/bin/dcres.sh @@ -4,7 +4,7 @@ # T-Pot # # Container and services restart script # # # -# v0.03 by mo, DTAG, 2015-11-02 # +# v0.04 by mo, DTAG, 2016-02-12 # ######################################################## myCOUNT=1 @@ -21,9 +21,9 @@ do fi if [ "$myCOUNT" = "6000" ]; then - echo - echo "Overriding check.lock" - rm /var/run/check.lock + echo + echo "Overriding check.lock" + rm /var/run/check.lock break fi myCOUNT=$[$myCOUNT +1] @@ -34,12 +34,14 @@ myIMAGES=$(cat /data/images.conf) touch /var/run/check.lock myUPTIME=$(awk '{print int($1/60)}' /proc/uptime) -if [ $myUPTIME -gt 5 ]; +if [ $myUPTIME -gt 4 ]; then for i in $myIMAGES do service $i stop done + echo "Waiting 10 seconds before restarting docker ..." + sleep 10 iptables -w -F service docker restart while true @@ -54,15 +56,25 @@ if [ $myUPTIME -gt 5 ]; fi sleep 0.1 done + echo "Docker is now up and running again." + echo "Removing obsolete container data ..." docker rm -v $(docker ps -aq) + echo "Removing obsolete image data ..." docker rmi $(docker images | grep "^" | awk '{print $3}') + echo "Starting T-Pot services ..." for i in $myIMAGES do service $i start - sleep $(((RANDOM %5)+5)) done + sleep 5 + else + echo "T-Pot needs to be up and running for at least 5 minutes." fi rm /var/run/check.lock /etc/rc.local + +echo "Done. Now running status.sh" +/usr/bin/status.sh + diff --git a/installer/bin/status.sh b/installer/bin/status.sh index 5e471c98..e6ab3e0c 100755 --- a/installer/bin/status.sh +++ b/installer/bin/status.sh @@ -4,10 +4,16 @@ # T-Pot # # Container and services status script # # # -# v0.04 by mo, DTAG, 2015-08-20 # +# v0.05 by mo, DTAG, 2016-02-12 # ######################################################## myCOUNT=1 -myIMAGES=$(cat /data/images.conf) + +if [[ $1 == "" ]] + then + myIMAGES=$(cat /data/images.conf) + else myIMAGES=$1 +fi + while true do if ! [ -a /var/run/check.lock ]; diff --git a/installer/bin/update-images.sh b/installer/bin/update-images.sh index 6eb3cd3d..dfbbfa2e 100755 --- a/installer/bin/update-images.sh +++ b/installer/bin/update-images.sh @@ -2,11 +2,36 @@ ######################################################## # T-Pot # -# Only start the container found in /etc/init/t-pot # +# Only start the containers found in /etc/init/ # # # -# v0.02 by mo, DTAG, 2016-02-08 # +# v0.03 by mo, DTAG, 2016-02-12 # ######################################################## +# Make sure not to interrupt a check +while true +do + if ! [ -a /var/run/check.lock ]; + then break + fi + sleep 0.1 + if [ "$myCOUNT" = "1" ]; + then + echo -n "Waiting for services " + else echo -n . + fi + if [ "$myCOUNT" = "6000" ]; + then + echo + echo "Overriding check.lock" + rm /var/run/check.lock + break + fi + myCOUNT=$[$myCOUNT +1] +done + +# We do not want to get interrupted by a check +touch /var/run/check.lock + # Delete all T-Pot upstart scripts for i in $(ls /data/upstart/); do @@ -20,4 +45,12 @@ for i in $(cat /data/images.conf); cp /data/upstart/"$i".conf /etc/init/; done -echo Please reboot for the changes to take effect. +# Allow checks to resume +rm /var/run/check.lock + +# Announce reboot +echo "Rebooting in 5 seconds for the changes to take effect." +sleep 5 + +# Reboot +reboot diff --git a/installer/data/all_images.conf b/installer/data/all_images.conf new file mode 100644 index 00000000..83bb09dd --- /dev/null +++ b/installer/data/all_images.conf @@ -0,0 +1,8 @@ +cowrie +dionaea +elasticpot +elk +emobility +glastopf +honeytrap +suricata diff --git a/installer/data/elk/data/elasticsearch/nodes/0/_state/global-18.st b/installer/data/elk/data/elasticsearch/nodes/0/_state/global-18.st deleted file mode 100644 index b2b57451..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/_state/global-18.st and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/_state/state-17.st b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/_state/state-17.st deleted file mode 100644 index 9cc6e95d..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/_state/state-17.st and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.fdt b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.fdt deleted file mode 100755 index 8ea24459..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.fdt and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.fdx b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.fdx deleted file mode 100755 index 6d9981a0..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.fdx and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.fnm b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.fnm deleted file mode 100755 index e9417871..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.fnm and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.nvd b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.nvd deleted file mode 100755 index cd7dcde4..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.nvd and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.nvm b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.nvm deleted file mode 100755 index f8bf548a..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.nvm and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.si b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.si deleted file mode 100755 index 1352f8cf..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z.si and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_3.liv b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_3.liv deleted file mode 100644 index db33e738..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_3.liv and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.doc b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.doc deleted file mode 100755 index b327665b..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.doc and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.pos b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.pos deleted file mode 100755 index 51da421b..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.pos and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.tim b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.tim deleted file mode 100755 index d2cc36c2..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.tim and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.tip b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.tip deleted file mode 100755 index c74f8d95..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene50_0.tip and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene54_0.dvd b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene54_0.dvd deleted file mode 100755 index 08656b52..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene54_0.dvd and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene54_0.dvm b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene54_0.dvm deleted file mode 100755 index e7b340a1..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_2z_Lucene54_0.dvm and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_36.cfe b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_36.cfe deleted file mode 100644 index c938dd01..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_36.cfe and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_36.cfs b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_36.cfs deleted file mode 100644 index e1328012..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_36.cfs and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_36.si b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_36.si deleted file mode 100644 index 0f1d33f1..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_36.si and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_37.cfe b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_37.cfe deleted file mode 100644 index 4c9c1082..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_37.cfe and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_37.cfs b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_37.cfs deleted file mode 100644 index 73684646..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_37.cfs and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_37.si b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_37.si deleted file mode 100644 index 29a81e8b..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_37.si and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_39.cfe b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_39.cfe deleted file mode 100644 index 4c3aacc4..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_39.cfe and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_39.cfs b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_39.cfs deleted file mode 100644 index 8a0449fb..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_39.cfs and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_39.si b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_39.si deleted file mode 100644 index 1e0b3097..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/_39.si and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/segments_1v b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/segments_1v deleted file mode 100644 index facf1926..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/segments_1v and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/write.lock b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/index/write.lock deleted file mode 100755 index e69de29b..00000000 diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-2.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-2.ckp deleted file mode 100755 index caab9abf..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-2.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-39.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-39.ckp deleted file mode 100755 index f8d0bc73..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-39.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-40.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-40.ckp deleted file mode 100755 index 6879c2cf..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-40.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-41.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-41.ckp deleted file mode 100755 index 35795483..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-41.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-42.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-42.ckp deleted file mode 100755 index d790d22d..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-42.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-43.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-43.ckp deleted file mode 100755 index 55714792..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-43.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-44.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-44.ckp deleted file mode 100755 index f52bc622..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-44.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-45.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-45.ckp deleted file mode 100755 index 0b865c67..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-45.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-45.tlog b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-45.tlog deleted file mode 100644 index c95b0c94..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-45.tlog and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-46.tlog b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-46.tlog deleted file mode 100644 index c95b0c94..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-46.tlog and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-9.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-9.ckp deleted file mode 100755 index bb5a5496..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog-9.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog.ckp b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog.ckp deleted file mode 100755 index aa5d3cbe..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/0/translog/translog.ckp and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/_state/state-24.st b/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/_state/state-24.st deleted file mode 100644 index a81b96bd..00000000 Binary files a/installer/data/elk/data/elasticsearch/nodes/0/indices/.kibana/_state/state-24.st and /dev/null differ diff --git a/installer/data/elk/data/elasticsearch/nodes/0/node.lock b/installer/data/elk/data/elasticsearch/nodes/0/node.lock deleted file mode 100755 index e69de29b..00000000 diff --git a/installer/data/elkbase.tgz b/installer/data/elkbase.tgz new file mode 100644 index 00000000..06da24a5 Binary files /dev/null and b/installer/data/elkbase.tgz differ diff --git a/installer/data/sensor_images.conf b/installer/data/hp_images.conf similarity index 100% rename from installer/data/sensor_images.conf rename to installer/data/hp_images.conf diff --git a/installer/data/full_images.conf b/installer/data/tpot_images.conf similarity index 100% rename from installer/data/full_images.conf rename to installer/data/tpot_images.conf diff --git a/installer/data/upstart/cowrie.conf b/installer/data/upstart/cowrie.conf index 41958e47..1629e852 100644 --- a/installer/data/upstart/cowrie.conf +++ b/installer/data/upstart/cowrie.conf @@ -27,5 +27,5 @@ script end script post-start script # Delay next start to avoid rapid respawning - sleep $(((RANDOM % 5)+5)) + sleep 2 end script diff --git a/installer/data/upstart/dionaea.conf b/installer/data/upstart/dionaea.conf index e49e470e..bd5bcfe3 100644 --- a/installer/data/upstart/dionaea.conf +++ b/installer/data/upstart/dionaea.conf @@ -28,5 +28,5 @@ script end script post-start script # Delay next start to avoid rapid respawning - sleep $(((RANDOM % 5)+5)) + sleep 2 end script diff --git a/installer/data/upstart/elasticpot.conf b/installer/data/upstart/elasticpot.conf index a55d8c9c..ac80ee85 100644 --- a/installer/data/upstart/elasticpot.conf +++ b/installer/data/upstart/elasticpot.conf @@ -27,5 +27,5 @@ script end script post-start script # Delay next start to avoid rapid respawning - sleep $(((RANDOM % 5)+5)) + sleep 2 end script diff --git a/installer/data/upstart/elk.conf b/installer/data/upstart/elk.conf index d7a77435..e5bc89f6 100644 --- a/installer/data/upstart/elk.conf +++ b/installer/data/upstart/elk.conf @@ -22,5 +22,5 @@ script end script post-start script # Delay next start to avoid rapid respawning - sleep $(((RANDOM % 5)+5)) + sleep 2 end script diff --git a/installer/data/upstart/emobility.conf b/installer/data/upstart/emobility.conf index 0b1d461f..f24ef41a 100644 --- a/installer/data/upstart/emobility.conf +++ b/installer/data/upstart/emobility.conf @@ -25,6 +25,6 @@ pre-start script end script script # Delayed start to avoid rapid respawning - sleep $(((RANDOM % 5)+5)) + sleep 2 /usr/bin/docker run --name emobility --cap-add=NET_ADMIN -p 8080:8080 -v /data/emobility:/data/eMobility -v /data/ews:/data/ews --rm=true dtagdevsec/emobility:latest1603 end script diff --git a/installer/data/upstart/glastopf.conf b/installer/data/upstart/glastopf.conf index a83ccbfd..a20fc7de 100644 --- a/installer/data/upstart/glastopf.conf +++ b/installer/data/upstart/glastopf.conf @@ -24,5 +24,5 @@ script end script post-start script # Delay next start to avoid rapid respawning - sleep $(((RANDOM % 5)+5)) + sleep 2 end script diff --git a/installer/data/upstart/honeytrap.conf b/installer/data/upstart/honeytrap.conf index a95dc75a..cfdcd28f 100644 --- a/installer/data/upstart/honeytrap.conf +++ b/installer/data/upstart/honeytrap.conf @@ -28,7 +28,7 @@ script end script post-start script # Delay next start to avoid rapid respawning - sleep $(((RANDOM % 5)+5)) + sleep 2 end script post-stop script /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE diff --git a/installer/data/upstart/suricata.conf b/installer/data/upstart/suricata.conf index e3e9abe0..fc1fda16 100644 --- a/installer/data/upstart/suricata.conf +++ b/installer/data/upstart/suricata.conf @@ -28,7 +28,7 @@ pre-start script end script script # Delayed start to avoid rapid respawning - sleep $(((RANDOM % 5)+5)) + sleep 2 /usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:latest1603 end script post-start script diff --git a/installer/install.sh b/installer/install.sh index 17f944a6..70594e3c 100755 --- a/installer/install.sh +++ b/installer/install.sh @@ -3,11 +3,11 @@ # T-Pot post install script # # Ubuntu server 14.04.3, x64 # # # -# v16.03.7 by mo, DTAG, 2016-02-11 # +# v16.03.8 by mo, DTAG, 2016-02-12 # ######################################################## # Type of install, SENSOR, INDUSTRIAL or FULL? -myFLAVOR="FULL" +myFLAVOR="TPOT" # Some global vars myPROXYFILEPATH="/root/tpot/etc/proxy" @@ -206,18 +206,23 @@ DOCKER_OPTS="-r=false" EOF # Let's make sure only myFLAVOR images will be downloaded and started -if [ "$myFLAVOR" = "SENSOR" ] +if [ "$myFLAVOR" = "HP" ] then - cp /root/tpot/data/sensor_images.conf /root/tpot/data/images.conf + cp /root/tpot/data/hp_images.conf /root/tpot/data/images.conf fi if [ "$myFLAVOR" = "INDUSTRIAL" ] then cp /root/tpot/data/industrial_images.conf /root/tpot/data/images.conf fi -if [ "$myFLAVOR" = "FULL" ] +if [ "$myFLAVOR" = "TPOT" ] then - cp /root/tpot/data/full_images.conf /root/tpot/data/images.conf + cp /root/tpot/data/tpot_images.conf /root/tpot/data/images.conf fi +if [ "$myFLAVOR" = "ALL" ] + then + cp /root/tpot/data/all_images.conf /root/tpot/data/images.conf +fi + # Let's load docker images fuECHO "### Loading docker images. Please be patient, this may take a while." @@ -308,6 +313,7 @@ for i in $(cat /data/images.conf); do cp /data/upstart/$i.conf /etc/init/; done +tar xvfz /data/elkbase.tgz -C / # Let's take care of some files and permissions chmod 760 -R /data diff --git a/makeiso.sh b/makeiso.sh index 33c47fa6..f941e4bc 100755 --- a/makeiso.sh +++ b/makeiso.sh @@ -86,7 +86,7 @@ if [ "$mySTART" = "1" ]; fi # Let's ask for the type of installation SENSOR, INDUSTRIAL or FULL? -myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Installation type ... ]" --radiolist "" 9 70 4 "FULL" "Everything (w/o INDUSTRIAL)" on "SENSOR" "Honeypots only (w/o INDUSTRIAL)" off "INDUSTRIAL" "eMobility, ELK, Suricata (8GB RAM required)" off 3>&1 1>&2 2>&3 3>&-) +myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Installation type ... ]" --radiolist "" 11 70 4 "TPOT" "Standard (w/o INDUSTRIAL)" on "HP" "Honeypots only (w/o INDUSTRIAL)" off "INDUSTRIAL" "eMobility, ELK, Suricata (8GB RAM recommended)" off "ALL" "Everything (8GB RAM required)" off 3>&1 1>&2 2>&3 3>&-) sed -i 's#^myFLAVOR=.*#myFLAVOR="'$myFLAVOR'"#' $myINSTALLERPATH # Let's ask the user for a proxy ...