continue working on env, tpotinit and deploy

2025-04-19 21:52:27 +00:00 · 2024-02-23 16:41:52 +01:00 · 2024-02-23 16:41:52 +01:00 · 31f09413e0
commit 31f09413e0
parent 72fd6d963b
3 changed files with 99 additions and 71 deletions
--- a/docker/tpotinit/dist/entrypoint.sh
+++ b/docker/tpotinit/dist/entrypoint.sh
@ -11,7 +11,7 @@ check_var() {
    # Check if variable is set and not empty
    if [[ -z "$var_value" ]]; 
      then
-        echo "# Error: $var_name is not set or empty. Please check T-Pot config file (.env)."
+        echo "# Error: $var_name is not set or empty. Please check T-Pot .env config."
        echo
        echo "# Aborting"
        exit 1
@ -26,27 +26,28 @@ check_safety() {
    # General safety check for most variables
    if [[ $var_value =~ [^a-zA-Z0-9_/.:-] ]]; 
      then
-        echo "# Error: Unsafe characters detected in $var_name. Please check T-Pot config file (.env)."
+        echo "# Error: Unsafe characters detected in $var_name. Please check T-Pot .env config."
        echo
        echo "# Aborting"
        exit 1
    fi
 }

-# Function to check the safety of the WEB_USER variable
-check_web_user_safety() {
-    local web_user="$1"
-    local IFS=$'\n'  # Set the Internal Field Separator (IFS) to newline for the loop
-
-    # Iterate over each line in web_user
-    for user in $web_user; do
-        # Allow alphanumeric, $, ., /, and : for WEB_USER (to accommodate htpasswd hash)
-        if [[ ! $user =~ ^[a-zA-Z0-9]+:\$apr1\$[a-zA-Z0-9./]+\$[a-zA-Z0-9./]+$ ]]; then
-            echo "# Error: Unsafe characters / wrong format detected in (LS_)WEB_USER for user $user. Please check T-Pot config file (.env)."
-            echo
-            echo "# Aborting"
-            exit 1
-        fi
+validate_base64() {
+    local myCHECK=$1
+    # base64 pattern match
+    for i in ${myCHECK};
+      do
+        if [[ $i =~ ^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ ]];
+          then
+            echo -n "Found valid user: "
+            echo $i | base64 -d -w0 | cut -f1 -d":"
+          else
+	        echo "$i is not a valid base64 string. Please check T-Pot .env config."
+	        echo
+	        echo "# Aborting"
+	        exit 1
+	    fi
    done
 }

@ -59,15 +60,12 @@ validate_format() {
        TPOT_BLACKHOLE|TPOT_PERSISTENCE|TPOT_ATTACKMAP_TEXT)
            if ! [[ $var_value =~ ^(ENABLED|DISABLED|on|off|true|false)$ ]]; 
              then
-                echo "# Error: Invalid value for $var_name. Expected ENABLED/DISABLED, on/off, true/false. Please check T-Pot config file (.env)."
+                echo "# Error: Invalid value for $var_name. Expected ENABLED/DISABLED, on/off, true/false. Please check T-Pot .env config."
 		        echo
 		        echo "# Aborting"
                exit 1
            fi
            ;;
-        *)
-            # Add additional specific format checks here if necessary
-            ;;
    esac
 }

@ -81,26 +79,12 @@ validate_ip_or_domain() {
    local domainRegex='^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'

    # Check if TPOT_HIVE_IP matches IPv4 or domain name
-    if [[ $myCHECK =~ $ipv4Regex ]]; then
-        echo "$myCHECK is a valid IPv4 address."
-    elif [[ $myCHECK =~ $domainRegex ]]; then
-        echo "$myCHECK is a valid domain name."
+    if [[ ${myCHECK} =~ $ipv4Regex ]]; then
+        echo "${myCHECK} is a valid IPv4 address."
+    elif [[ ${myCHECK} =~ $domainRegex ]]; then
+        echo "${myCHECK} is a valid domain name."
    else
-        echo "# Error: $myCHECK is not a valid IPv4 address or domain name. Please check T-Pot config file (.env)."
-        echo
-        echo "# Aborting"
-        exit 1
-    fi
-}
-
-validate_base64() {
-    local myCHECK=$1
-
-    # Base64 pattern match
-    if [[ $myCHECK =~ ^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ ]]; then
-        echo "$myCHECK is a valid Base64 string."
-    else
-        echo "$myCHECK is not a valid Base64 string. Please check T-Pot config file (.env)"
+        echo "# Error: $myCHECK is not a valid IPv4 address or domain name. Please check T-Pot .env config."
        echo
        echo "# Aborting"
        exit 1
@ -109,10 +93,29 @@ validate_base64() {

 create_web_users() {
    echo
-    echo "# Creating passwd files based on .env configuration ..."
-    echo
-    echo "${WEB_USER}" > /data/nginx/conf/nginxpasswd
-    echo "${LS_WEB_USER}" > /data/nginx/conf/lswebpasswd
+    echo "# Creating passwd files based on T-Pot .env config ..."
+    # Clear / create the passwd files
+    : > /data/nginx/conf/nginxpasswd
+    : > /data/nginx/conf/lswebpasswd
+    for i in ${WEB_USER};
+      do
+	    if [[ -n $i ]]; 
+	      then
+	        # Need to control newlines as they kept coming up for some reason
+	        echo -n "$i" | base64 -d -w0 | tr -d '\n' >> /data/nginx/conf/nginxpasswd
+	        echo >> /data/nginx/conf/nginxpasswd
+	    fi
+    done
+
+    for i in ${LS_WEB_USER}; 
+      do
+        if [[ -n $i ]]; 
+          then
+            # Need to control newlines as they kept coming up for some reason
+            echo -n "$i" | base64 -d -w0 | tr -d '\n' >> /data/nginx/conf/lswebpasswd
+            echo >> /data/nginx/conf/lswebpasswd
+          fi
+    done
 }

 # Check for compatible OSType
@ -123,7 +126,7 @@ myOSTYPE=$(uname -a | grep -Eo "linuxkit")
 if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
  then
    echo "# Docker Desktop for macOS or Windows detected."
-    echo "# 1. You need to adjust the OSType the T-Pot config file (.env)."
+    echo "# 1. You need to adjust the OSType the T-Pot .env config."
    echo "# 2. You need to use the macos or win docker compose file."
    echo
    echo "# Aborting."
@ -143,7 +146,7 @@ if [ "${TPOT_TYPE}" == "HIVE" ];
  then
    # No $ for check_var
    check_var "WEB_USER" 
-    check_web_user_safety "$WEB_USER"
+    validate_base64 "${WEB_USER}"
    TPOT_HIVE_USER=""
    TPOT_HIVE_IP=""
    if [ "${LS_WEB_USER}" == "" ];
@ -151,7 +154,7 @@ if [ "${TPOT_TYPE}" == "HIVE" ];
        echo "# Warning: No LS_WEB_USER detected! T-Pots of type SENSOR will not be able to submit logs to this HIVE."
        echo
      else
-        check_web_user_safety "$LS_WEB_USER"
+        validate_base64 "${LS_WEB_USER}"
    fi
 fi
 if [ "${TPOT_TYPE}" == "SENSOR" ];
--- a/installer/install/deploy.sh
+++ b/installer/install/deploy.sh
@ -1,9 +1,22 @@
 #!/usr/bin/env bash

 myANSIBLE_PORT=64295
-myANSIBLE_TPOT_PLAYBOOK="deploy.yml"
+myANSIBLE_TPOT_PLAYBOOK="installer/install/deploy.yml"
+myADJECTIVE=$(shuf -n1 installer/install/a.txt)
+myNOUN=$(shuf -n1 installer/install/n.txt)
 myENV_FILE="$HOME/tpotce/.env"

+myDEPLOY=$(cat << "EOF"
+
+ ____   [ T-Pot ]                  ____             _
+/ ___|  ___ _ __  ___  ___  _ __  |  _ \  ___ _ __ | | ___  _   _
+\___ \ / _ \  _ \/ __|/ _ \|  __| | | | |/ _ \  _ \| |/ _ \| | | |
+ ___) |  __/ | | \__ \ (_) | |    | |_| |  __/ |_) | | (_) | |_| |
+|____/ \___|_| |_|___/\___/|_|    |____/ \___| .__/|_|\___/ \__, |
+                                             |_|            |___/
+
+EOF
+)

 # Check if the script is running in a HIVE installation
 if ! grep -q 'TPOT_TYPE=HIVE' "$HOME/tpotce/.env";
@ -12,25 +25,30 @@ if ! grep -q 'TPOT_TYPE=HIVE' "$HOME/tpotce/.env";
    exit 1
 fi

-# Ask if a T-Pot sensor was installed
-read -p "# Was a T-Pot sensor installed? (y/n): " mySENSOR_INSTALLED
+echo "${myDEPLOY}"
+echo
+echo "This script will prepare a T-Pot SENSOR installation to transmit logs into this HIVE."
+echo
+
+# Ask if a T-Pot SENSOR was installed
+read -p "# Was a T-Pot SENSOR installed? (y/n): " mySENSOR_INSTALLED
 if [[ ${mySENSOR_INSTALLED} != "y" ]]; 
    then
-      echo "# A T-Pot sensor must be installed to continue."
+      echo "# A T-Pot SENSOR must be installed to continue."
      exit 1
 fi

 # Check if ssh key has been deployed
-read -p "# Has the SSH key been deployed to the sensor? (y/n): " mySSHKEY_DEPLOYED
+read -p "# Has the SSH key been deployed to the SENSOR? (y/n): " mySSHKEY_DEPLOYED
 if [[ ${mySSHKEY_DEPLOYED} != "y" ]]; 
    then
-      echo "# Generate a SSH key using 'ssh-keygen' and deploy it to the sensor with 'ssh-copy-id user@sensor-ip'."
+      echo "# Generate a SSH key using 'ssh-keygen' and deploy it to the SENSOR with 'ssh-copy-id user@sensor-ip'."
      exit 1
 fi

 # Validate IP/domain name loop
 while true; do
-  read -p "# Enter the IP/domain name of the sensor: " mySENSOR_IP
+  read -p "# Enter the IP/domain name of the SENSOR: " mySENSOR_IP
  if [[ ${mySENSOR_IP} =~ ^([a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*\.[a-zA-Z]{2,})|(([0-9]{1,3}\.){3}[0-9]{1,3})$ ]];
    then
      break
@ -50,10 +68,8 @@ while true; do
  fi
 done

-# Create a random sensor user name that is easily readable
-adjective=$(shuf -n1 a.txt)
-noun=$(shuf -n1 n.txt)
-myLS_WEB_USER="sensor-${adjective}-${noun}"
+# Create a random SENSOR user name that is easily readable
+myLS_WEB_USER="sensor-${myADJECTIVE}-${myNOUN}"

 # Create a random password
 myLS_WEB_PW=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)
@ -62,35 +78,44 @@ myLS_WEB_PW=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)
 myLS_WEB_USER_ENC=$(htpasswd -b -n "${myLS_WEB_USER}" "${myLS_WEB_PW}")
 myLS_WEB_USER_ENC_B64=$(echo -n "${myLS_WEB_USER_ENC}" | base64 -w0)

-# Create myTPOT_HIVE_USER, since this is for Logstash on the sensor, it needs to directly base64 encoded
+# Create myTPOT_HIVE_USER, since this is for Logstash on the SENSOR, it needs to directly base64 encoded
 myTPOT_HIVE_USER=$(echo -n "${myLS_WEB_USER}:${myLS_WEB_PW}" | base64 -w0)

 # Print credentials
-echo "# The following sensor credentials have been created:"
-echo "# New sensor username: ${myLS_WEB_USER}"
-echo "# New sensor passowrd: ${myLS_WEB_PW}"
+echo "# The following SENSOR credentials have been created:"
+echo "# New SENSOR username: ${myLS_WEB_USER}"
+echo "# New SENSOR passowrd: ${myLS_WEB_PW}"
 echo "# New htpasswd encoded credentials: ${myLS_WEB_USER_ENC}"
 echo "# New htpasswd credentials base64 encoded: ${myLS_WEB_USER_ENC_B64}"
-echo "# New sensor credentials base64 encoded: ${myTPOT_HIVE_USER}"
+echo "# New SENSOR credentials base64 encoded: ${myTPOT_HIVE_USER}"

 # Read LS_WEB_USER from file
 myENV_LS_WEB_USER=$(grep "^LS_WEB_USER=" "${myENV_FILE}" | sed 's/^LS_WEB_USER=//g' | tr -d "\"'")

-# Add the new sensor and show a complete list of all the sensors
+# Add the new SENSOR and show a complete list of all the SENSORs
 myENV_LS_WEB_USER="${myENV_LS_WEB_USER} ${myLS_WEB_USER_ENC_B64}"

-# Update the .env on the host
+# Update the T-Pot .env config and lswebpasswd (avoid the need to restart T-Pot) on the host
+echo "# Updating SENSOR users on this HIVE and in the T-Pot .env config:"
 sed -i "/^LS_WEB_USER=/c\LS_WEB_USER=${myENV_LS_WEB_USER}" "${myENV_FILE}"
-
-echo "# Here is the complete and updated sensor list on HIVE:"
+: > "${HOME}"/tpotce/data/nginx/conf/lswebpasswd
 for i in $myENV_LS_WEB_USER;
  do
-    echo -n $i | base64 --decode -w0
-    echo -n " :" $i
-    echo
+    if [[ -n $i ]]; 
+      then
+        # Need to control newlines as they kept coming up for some reason
+        echo -n "$i" | base64 -d -w0
+        echo
+        echo -n "$i" | base64 -d -w0 | tr -d '\n' >> ${HOME}/tpotce/data/nginx/conf/lswebpasswd
+        echo >> ${HOME}/tpotce/data/nginx/conf/lswebpasswd
+      fi
 done

+# Need to export for Ansible
 export myTPOT_HIVE_USER
 export myTPOT_HIVE_IP

-ANSIBLE_LOG_PATH=$HOME/data/deploy_sensor.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -vvv -i ${mySENSOR_IP}, --check -c ssh -e "ansible_port=${myANSIBLE_PORT}"
+ANSIBLE_LOG_PATH=${HOME}/tpotce/data/deploy_sensor.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -i ${mySENSOR_IP}, --check -c ssh -e "ansible_port=${myANSIBLE_PORT}"
+
+unset myTPOT_HIVE_USER
+unset myTPOT_HIVE_IP