diff --git a/bin/tped.sh b/bin/tped.sh index 8c91fe0e..d7394be0 100755 --- a/bin/tped.sh +++ b/bin/tped.sh @@ -29,7 +29,7 @@ for i in $myYMLS; do myITEMS+="$i $(echo $i | cut -d "." -f1 | tr [:lower:] [:upper:]) " done -myEDITION=$(dialog --backtitle "$myBACKTITLE" --menu "Select T-Pot Edition" 12 50 5 $myITEMS 3>&1 1>&2 2>&3 3>&-) +myEDITION=$(dialog --backtitle "$myBACKTITLE" --menu "Select T-Pot Edition" 14 50 5 $myITEMS 3>&1 1>&2 2>&3 3>&-) if [ "$myEDITION" == "" ]; then echo "Have a nice day!" diff --git a/etc/compose/mini.yml b/etc/compose/mini.yml new file mode 100644 index 00000000..6fa694f7 --- /dev/null +++ b/etc/compose/mini.yml @@ -0,0 +1,256 @@ +# T-Pot (Collector) +# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) +version: '2.3' + +networks: + cyberchef_local: + honeypots_local: + ewsposter_local: + spiderfoot_local: + +services: + +################## +#### Honeypots +################## + +# Honeypots service + honeypots: + container_name: honeypots + stdin_open: true + tty: true + restart: always + tmpfs: + - /tmp:uid=2000,gid=2000 + networks: + - honeypots_local + ports: + - "21:21" + - "22:22" + - "23:23" + - "25:25" + - "53:53/udp" + - "80:80" + - "110:110" + - "143:143" + - "389:389" + - "443:443" + - "445:445" + - "1080:1080" + - "1433:1433" + - "3306:3306" + - "5432:5432" + - "5900:5900" + - "6379:6379" + - "8080:8080" + - "9200:9200" + image: "dtagdevsec/honeypots:2006" + read_only: true + volumes: + - /data/honeypots/log:/var/log/honeypots + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + tmpfs: + - /tmp/honeytrap:uid=2000,gid=2000 + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:2006" + read_only: true + volumes: + - /data/honeytrap/attacks:/opt/honeytrap/var/attacks + - /data/honeytrap/downloads:/opt/honeytrap/var/downloads + - /data/honeytrap/log:/opt/honeytrap/var/log + + +################## +#### NSM +################## + +# Fatt service + fatt: + container_name: fatt + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/fatt:2006" + volumes: + - /data/fatt/log:/opt/fatt/log + +# P0f service + p0f: + container_name: p0f + restart: always + network_mode: "host" + image: "dtagdevsec/p0f:2006" + read_only: true + volumes: + - /data/p0f/log:/var/log/p0f + +# Suricata service + suricata: + container_name: suricata + restart: always + environment: + # For ET Pro ruleset replace "OPEN" with your OINKCODE + - OINKCODE=OPEN + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/suricata:2006" + volumes: + - /data/suricata/log:/var/log/suricata + + +################## +#### Tools +################## + +# Cyberchef service + cyberchef: + container_name: cyberchef + restart: always + networks: + - cyberchef_local + ports: + - "127.0.0.1:64299:8000" + image: "dtagdevsec/cyberchef:2006" + read_only: true + +#### ELK +## Elasticsearch service + elasticsearch: + container_name: elasticsearch + restart: always + environment: + - bootstrap.memory_lock=true +# - ES_JAVA_OPTS=-Xms2048m -Xmx2048m + - ES_TMPDIR=/tmp + cap_add: + - IPC_LOCK + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 4g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:2006" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64296:5601" + image: "dtagdevsec/kibana:2006" + +## Logstash service + logstash: + container_name: logstash + restart: always +# environment: +# - LS_JAVA_OPTS=-Xms2048m -Xmx2048m + depends_on: + elasticsearch: + condition: service_healthy + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/logstash:2006" + volumes: + - /data:/data + +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:2006" + read_only: true + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + environment: + - EWS_HPFEEDS_ENABLE=false + - EWS_HPFEEDS_HOST=host + - EWS_HPFEEDS_PORT=port + - EWS_HPFEEDS_CHANNELS=channels + - EWS_HPFEEDS_IDENT=user + - EWS_HPFEEDS_SECRET=secret + - EWS_HPFEEDS_TLSCERT=false + - EWS_HPFEEDS_FORMAT=json + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/ewsposter:2006" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Nginx service + nginx: + container_name: nginx + restart: always + environment: + ### If set to YES all changes within Heimdall will remain for the next start + ### Make sure to uncomment the corresponding volume statements below, or the setting will prevent a successful start of T-Pot. + - HEIMDALL_PERSIST=NO + tmpfs: + - /var/tmp/nginx/client_body + - /var/tmp/nginx/proxy + - /var/tmp/nginx/fastcgi + - /var/tmp/nginx/uwsgi + - /var/tmp/nginx/scgi + - /run + - /var/log/php7/ + - /var/lib/nginx/tmp:uid=100,gid=82 + - /var/lib/nginx/html/storage/logs:uid=100,gid=82 + - /var/lib/nginx/html/storage/framework/views:uid=100,gid=82 + network_mode: "host" + ports: + - "64297:64297" + - "127.0.0.1:64304:64304" + image: "dtagdevsec/nginx:2006" + read_only: true + volumes: + - /data/nginx/cert/:/etc/nginx/cert/:ro + - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro + - /data/nginx/log/:/var/log/nginx/ + ### Enable the following volumes if you set HEIMDALL_PERSIST=YES + # - /data/nginx/heimdall/database:/var/lib/nginx/html/database + # - /data/nginx/heimdall/storage:/var/lib/nginx/html/storage + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + networks: + - spiderfoot_local + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:2006" + volumes: + - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db