Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-20 06:02:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add HPFEEDS opt-in

Browse source
This commit is contained in:
t3chn0m4g3 2019-04-01 07:56:06 +00:00
parent d4654f2bbc
commit 33e98822e3
3 changed files with 131 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -61,7 +61,7 @@ Furthermore we use the following tools
- [Tools](#tools)
- [Maintenance](#maintenance)
- [Community Data Submission](#submission)
- [Opt-In SISSDEN Data Submission](#sissden-optin)
- [Opt-In HPFEEDS Data Submission](#hpfeeds-optin)
- [Roadmap](#roadmap)
- [Disclaimer](#disclaimer)
- [FAQ](#faq)
@ -101,8 +101,8 @@ Furthermore we use the following tools
- Fixed error in Suricata where path for reference.config changed.
- **Release Cycle**
- As far as possible we will integrate changes now faster into the master branch, eliminating the need for monolithic releases. The update feature will be continuously improved on that behalf. However this might not account for all feature changes.
- **SISSDEN Opt-In**
- If you want to share your T-Pot data with [SISSDEN](https://sissden.eu) you can do so by creating an account at the SISSDEN portal and run `sissden_optin.sh` on T-Pot.
- **HPFEEDS Opt-In**
- If you want to share your T-Pot data with a 3rd party HPFEEDS broker such as [SISSDEN](https://sissden.eu) you can do so by creating an account at the SISSDEN portal and run `hpfeeds_optin.sh` on T-Pot.
- **Update Feature**
- For the ones who like to live on the bleeding edge of T-Pot development there is now an update script available in `/opt/tpot/update.sh`.
- This feature is beta and is mostly intended to provide you with the latest development advances without the need of reinstalling T-Pot.
@ -436,10 +436,10 @@ Data is submitted in a structured ews-format, a XML stucture. Hence, you can par
We encourage you not to disable the data submission as it is the main purpose of the community approach - as you all know **sharing is caring** 😍
<a name="sissden-optin"></a>
## Opt-In SISSDEN Data Submission
As an Opt-In it is now possible to also share T-Pot data with [SISSDEN](https://sissden.eu).
If you want to share your T-Pot data you simply have to regsiter an account with SISSDEN which will have its own benefits. Once registered you will receive an `Ident` and a `Secret` to share events with SISSDEN. In T-Pot you simply run `sissden_optin.sh` which will ask for your SISSDEN `Ident` and `Secret`. It will automatically update `/opt/tpot/etc/tpot.yml` to deliver events to SISSDEN.
<a name="hpfeeds-optin"></a>
## Opt-In HPFEEDS Data Submission
As an Opt-In it is now possible to also share T-Pot data with 3rd party HPFEEDS brokers, such as [SISSDEN](https://sissden.eu).
If you want to share your T-Pot data you simply have to regsiter an account with a 3rd party broker with its own benefits towards the community. Once registered you will receive your credentials to share events with the broker. In T-Pot you simply run `hpfeeds_optin.sh` which will ask for your credentials, in case of SISSDEN this is just `Ident` and `Secret`, everything else is pre-configured. It will automatically update `/opt/tpot/etc/tpot.yml` to deliver events to your desired broker.
<a name="roadmap"></a>
# Roadmap

124
bin/hpfeeds_optin.sh Executable file
View file

@ -0,0 +1,124 @@
#!/bin/bash
# Run as root only.
myWHOAMI=$(whoami)
if [ "$myWHOAMI" != "root" ]
then
echo "Need to run as root ..."
exit
fi
myTPOTYMLFILE="/opt/tpot/etc/tpot.yml"
function fuSISSDEN () {
echo
echo "You chose SISSDEN, you just need to provide ident and secret"
echo
myENABLE="true"
myHOST="hpfeeds.sissden.eu"
myPORT="10000"
myCHANNEL="t-pot.events"
myCERT="/opt/ewsposter/sissden.pem"
read -p "Ident: " myIDENT
read -p "Secret: " mySECRET
myFORMAT="json"
}
function fuGENERIC () {
echo
echo "You chose generic, please provide all the details of the broker"
echo
myENABLE="true"
read -p "Host URL: " myHOST
read -p "Port: " myPORT
read -p "Channel: " myCHANNEL
echo "For generic providers set this to 'false'"
echo "If you received a CA certficate mount it into the ewsposter container by modifying $myTPOTYMLFILE"
read -p "TLS - 'false' or path to CA in container: " myCERT
read -p "Ident: " myIDENT
read -p "Secret: " mySECRET
read -p "Format ews (xml) or json: " myFORMAT
}
function fuOPTOUT () {
echo
while [ 1 != 2 ]
do
read -s -n 1 -p "You chose to opt out (y/n)? " mySELECT
echo $mySELECT
case "$mySELECT" in
[y,Y])
echo "Opt out."
break
;;
[n,N])
echo "Aborted."
exit
;;
esac
done
myENABLE="false"
myHOST="host"
myPORT="port"
myCHANNEL="channels"
myCERT="false"
myIDENT="user"
mySECRET="secret"
myFORMAT="json"
}
function fuAPPLY () {
echo "Now stopping T-Pot ..."
systemctl stop tpot
echo "Applying your settings ... "
sed -i.bak "s/EWS_HPFEEDS_ENABLE.*/EWS_HPFEEDS_ENABLE=${myENABLE}/g" "$myTPOTYMLFILE"
sed -i "s/EWS_HPFEEDS_HOST.*/EWS_HPFEEDS_HOST=${myHOST}/g" "$myTPOTYMLFILE"
sed -i "s/EWS_HPFEEDS_PORT.*/EWS_HPFEEDS_PORT=${myPORT}/g" "$myTPOTYMLFILE"
sed -i "s/EWS_HPFEEDS_CHANNELS.*/EWS_HPFEEDS_CHANNELS=${myCHANNEL}/g" "$myTPOTYMLFILE"
sed -i "s#EWS_HPFEEDS_TLSCERT.*#EWS_HPFEEDS_TLSCERT=${myCERT}#g" "$myTPOTYMLFILE"
sed -i "s/EWS_HPFEEDS_IDENT.*/EWS_HPFEEDS_IDENT=${myIDENT}/g" "$myTPOTYMLFILE"
sed -i "s/EWS_HPFEEDS_SECRET.*/EWS_HPFEEDS_SECRET=${mySECRET}/g" "$myTPOTYMLFILE"
sed -i "s/EWS_HPFEEDS_FORMAT.*/EWS_HPFEEDS_FORMAT=${myFORMAT}/g" "$myTPOTYMLFILE"
echo "Now starting T-Pot ..."
systemctl start tpot
echo "You can always change or review your settings in the ewsposter section of $myTPOTYMLFILE"
echo "Done."
}
echo "HPFEEDS Delivery Opt-In for T-Pot"
echo "---------------------------------"
echo "By running this script you agree to share your data with a 3rd party and agree to their corresponding sharing terms."
echo
echo
echo "Please choose your broker"
echo "---------------------------"
echo "[1] - SISSDEN"
echo "[2] - Generic (enter details manually)"
echo "[0] - Opt out of HPFEEDS"
echo "[q] - Do not agree end exit"
echo
while [ 1 != 2 ]
do
read -s -n 1 -p "Your choice: " mySELECT
echo $mySELECT
case "$mySELECT" in
[1])
fuSISSDEN
break
;;
[2])
fuGENERIC
break
;;
[0])
fuOPTOUT
break
;;
[q,Q])
echo "Aborted."
exit
;;
esac
done
fuAPPLY

33
bin/sissden_optin.sh
View file

@ -1,33 +0,0 @@
#!/bin/bash
# Run as root only.
myWHOAMI=$(whoami)
if [ "$myWHOAMI" != "root" ]
then
echo "Need to run as root ..."
exit
fi
myTPOTYMLFILE="/opt/tpot/etc/tpot.yml"
echo "SISSDEN Delivery Opt-In for EWSPoster"
echo "-------------------------------------"
echo "By running this script you agree to share your data with https://sissden.eu and agree to the corresponding sharing terms."
echo
echo "Please provide the credentials you created at the SISSDEN portal ..."
read -p "Ident: " myIDENT
read -p "Secret: " mySECRET
echo
echo "Now stopping T-Pot ..."
systemctl stop tpot
echo "Adding your credentials ..."
sed -i.bak 's/EWS_HPFEEDS_ENABLE=false/EWS_HPFEEDS_ENABLE=true/g' "$myTPOTYMLFILE"
sed -i 's/EWS_HPFEEDS_HOST=host/EWS_HPFEEDS_HOST=hpfeeds.sissden.eu/g' "$myTPOTYMLFILE"
sed -i 's/EWS_HPFEEDS_PORT=port/EWS_HPFEEDS_PORT=10000/g' "$myTPOTYMLFILE"
sed -i 's/EWS_HPFEEDS_CHANNELS=channels/EWS_HPFEEDS_CHANNELS=t-pot.events/g' "$myTPOTYMLFILE"
sed -i "s/EWS_HPFEEDS_IDENT=user/EWS_HPFEEDS_IDENT=${myIDENT}/g" "$myTPOTYMLFILE"
sed -i "s/EWS_HPFEEDS_SECRET=secret/EWS_HPFEEDS_SECRET=${mySECRET}/g" "$myTPOTYMLFILE"
echo "Now starting T-Pot ..."
systemctl start tpot
echo "Done. On behalf of SISSDEN we thank you for sharing!"
echo