Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 04:22:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

prepare switch to docker-compose

Browse source
This commit is contained in:
Marco Ochse 2017-04-30 23:34:30 +00:00
parent 291034d53e
commit 365e1a1e5c
29 changed files with 586 additions and 296 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
installer/bin/clean.sh
View file

@ -8,7 +8,7 @@
########################################################
# Set persistence
myPERSISTENCE=$2
myPERSISTENCE=$1
# Check persistence
if [ "$myPERSISTENCE" = "on" ];
@ -36,7 +36,6 @@ fuCOWRIE () {
# Let's create a function to clean up and prepare dionaea data
fuDIONAEA () {
rm -rf /data/dionaea/*
rm /data/ews/dionaea/ews.json
mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp
chmod 760 /data/dionaea -R
chown tpot:tpot /data/dionaea -R
@ -93,32 +92,12 @@ fuSURICATA () {
chown tpot:tpot -R /data/suricata
}
case $1 in
conpot)
fuCONPOT $1
;;
cowrie)
fuCOWRIE $1
;;
dionaea)
fuDIONAEA $1
;;
elasticpot)
fuELASTICPOT $1
;;
elk)
fuELK $1
;;
emobility)
fuEMOBILITY $1
;;
glastopf)
fuGLASTOPF $1
;;
honeytrap)
fuHONEYTRAP $1
;;
suricata)
fuSURICATA $1
;;
esac
fuCONPOT
fuCOWRIE
fuDIONAEA
fuELASTICPOT
fuELK
fuEMOBILITY
fuGLASTOPF
fuHONEYTRAP
fuSURICATA

6
installer/bin/dps.sh
View file

@ -7,7 +7,9 @@ function fuCLEANUP {
trap fuCLEANUP EXIT
stty -echo -icanon time 0 min 0
myIMAGES=$(cat /etc/tpot/images.conf)
#myIMAGES=$(cat /etc/tpot/images.conf)
#myIMAGES=$(/usr/bin/docker ps -a -f name=$i --format "table {{.Names}}" | grep -v NAMES)
myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2)
while true
do
clear
@ -18,7 +20,7 @@ while true
echo
echo "NAME CREATED PORTS"
for i in $myIMAGES; do
mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1)
mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_0-9a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1)
myDOWN=$(echo "$mySTATUS" | grep -c "NAMES")
if [ "$myDOWN" = "1" ];
then

13
installer/data/imgcfg/all_images.conf
View file

@ -1,13 +0,0 @@
conpot
cowrie
dionaea
elasticpot
elk
emobility
ewsposter
glastopf
honeytrap
netdata
spiderfoot
suricata
ui-for-docker

6
installer/data/imgcfg/hp_images.conf
View file

@ -1,6 +0,0 @@
cowrie
dionaea
elasticpot
ewsposter
glastopf
honeytrap

8
installer/data/imgcfg/industrial_images.conf
View file

@ -1,8 +0,0 @@
conpot
elk
emobility
ewsposter
netdata
spiderfoot
suricata
ui-for-docker

11
installer/data/imgcfg/tpot_images.conf
View file

@ -1,11 +0,0 @@
cowrie
dionaea
elasticpot
elk
ewsposter
glastopf
honeytrap
netdata
spiderfoot
suricata
ui-for-docker

15
installer/data/systemd/conpot.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=conpot
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop conpot
ExecStartPre=-/usr/bin/docker rm -v conpot
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh conpot off'
ExecStart=/usr/bin/docker run --name conpot --rm=true -v /data/conpot:/data/conpot -v /data/ews:/data/ews -p 1025:1025 -p 50100:50100 dtagdevsec/conpot:1706
ExecStop=/usr/bin/docker stop conpot
[Install]
WantedBy=multi-user.target

15
installer/data/systemd/cowrie.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=cowrie
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop cowrie
ExecStartPre=-/usr/bin/docker rm -v cowrie
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh cowrie off'
ExecStart=/usr/bin/docker run --name cowrie --rm=true -p 22:2222 -p 23:2223 -v /data/cowrie:/data/cowrie -v /data/ews:/data/ews dtagdevsec/cowrie:1706
ExecStop=/usr/bin/docker stop cowrie
[Install]
WantedBy=multi-user.target

15
installer/data/systemd/dionaea.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=dionaea
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop dionaea
ExecStartPre=-/usr/bin/docker rm -v dionaea
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh dionaea off'
ExecStart=/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 69:69/udp -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 1723:1723 -p 1883:1883 -p 1900:1900 -p 3306:3306 -p 5060:5060 -p 5061:5061 -p 5060:5060/udp -p 11211:11211 -v /data/dionaea:/data/dionaea dtagdevsec/dionaea:1706
ExecStop=/usr/bin/docker stop dionaea
[Install]
WantedBy=multi-user.target

15
installer/data/systemd/elasticpot.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=elasticpot
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop elasticpot
ExecStartPre=-/usr/bin/docker rm -v elasticpot
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elasticpot off'
ExecStart=/usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -p 9200:9200 dtagdevsec/elasticpot:1706
ExecStop=/usr/bin/docker stop elasticpot
[Install]
WantedBy=multi-user.target

15
installer/data/systemd/elk.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=elk
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop elk
ExecStartPre=-/usr/bin/docker rm -v elk
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elk'
ExecStart=/usr/bin/docker run --name=elk --env-file /etc/tpot/elk/environment --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64302:9100 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:1706
ExecStop=/usr/bin/docker stop elk
[Install]
WantedBy=multi-user.target

15
installer/data/systemd/emobility.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=emobility
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop emobility
ExecStartPre=-/usr/bin/docker rm -v emobility
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh emobility off'
ExecStart=/usr/bin/docker run --name emobility --cap-add=NET_ADMIN -p 8080:8080 -v /data/emobility:/data/eMobility -v /data/ews:/data/ews --rm=true dtagdevsec/emobility:1706
ExecStop=/usr/bin/docker stop emobility
[Install]
WantedBy=multi-user.target

14
installer/data/systemd/ewsposter.service
View file

@ -1,14 +0,0 @@
[Unit]
Description=ewsposter
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop ewsposter
ExecStartPre=-/usr/bin/docker rm -v ewsposter
ExecStart=/usr/bin/docker run --name ewsposter --rm=true -v /data:/data -v /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip dtagdevsec/ewsposter:1706
ExecStop=/usr/bin/docker stop ewsposter
[Install]
WantedBy=multi-user.target

15
installer/data/systemd/glastopf.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=glastopf
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop glastopf
ExecStartPre=-/usr/bin/docker rm -v glastopf
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh glastopf off'
ExecStart=/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:1706
ExecStop=/usr/bin/docker stop glastopf
[Install]
WantedBy=multi-user.target

23
installer/data/systemd/honeytrap.service
View file

@ -1,23 +0,0 @@
[Unit]
Description=honeytrap
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop honeytrap
ExecStartPre=-/usr/bin/docker rm -v honeytrap
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh honeytrap off'
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:1706
ExecStop=/usr/bin/docker stop honeytrap
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
[Install]
WantedBy=multi-user.target

15
installer/data/systemd/netdata.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=netdata
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop netdata
ExecStartPre=-/usr/bin/docker rm -v netdata
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
ExecStart=/usr/bin/docker run --name netdata --net=host --cap-add=SYS_PTRACE --security-opt apparmor=unconfined --rm=true -v /proc:/host/proc:ro -v /sys:/host/sys:ro -v /var/run/docker.sock:/var/run/docker.sock dtagdevsec/netdata:1706
ExecStop=/usr/bin/docker stop netdata
[Install]
WantedBy=multi-user.target

14
installer/data/systemd/spiderfoot.service
View file

@ -1,14 +0,0 @@
[Unit]
Description=spiderfoot
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop spiderfoot
ExecStartPre=-/usr/bin/docker rm -v spiderfoot
ExecStart=/usr/bin/docker run --name spiderfoot --rm=true -p 127.0.0.1:64303:8080 dtagdevsec/spiderfoot:1706
ExecStop=/usr/bin/docker stop spiderfoot
[Install]
WantedBy=multi-user.target

19
installer/data/systemd/suricata.service
View file

@ -1,19 +0,0 @@
[Unit]
Description=suricata
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop suricata
ExecStartPre=-/usr/bin/docker rm -v suricata
# Get IF, disable offloading, enable promiscious mode
ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off'
ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off'
ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on'
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh suricata off'
ExecStart=/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:1706
ExecStop=/usr/bin/docker stop suricata
[Install]
WantedBy=multi-user.target

14
installer/data/systemd/ui-for-docker.service
View file

@ -1,14 +0,0 @@
[Unit]
Description=ui-for-docker
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop ui-for-docker
ExecStartPre=-/usr/bin/docker rm -v ui-for-docker
ExecStart=/usr/bin/docker run --name ui-for-docker --rm=true -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:64299:9000 dtagdevsec/ui-for-docker:1706 -H unix:///var/run/docker.sock --no-auth
ExecStop=/usr/bin/docker stop ui-for-docker
[Install]
WantedBy=multi-user.target

174
installer/etc/tpot/compose/all.yml Normal file
View file

@ -0,0 +1,174 @@
# T-Pot (Everything)
# For docker-compose version ...
version: '2'
services:
# Conpot service
conpot:
container_name: conpot
restart: always
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1706"
volumes:
- /data/conpot:/data/conpot
- /data/ews:/data/ews
# Cowrie service
cowrie:
container_name: cowrie
restart: always
ports:
- "22:2222"
- "23:2223"
image: "dtagdevsec/cowrie:1706"
volumes:
- /data/cowrie:/data/cowrie
# Dionaea service
dionaea:
container_name: dionaea
restart: always
cap_add:
- NET_BIND_SERVICE
ports:
- "21:21"
- "42:42"
- "69:69/udp"
- "8081:80"
- "135:135"
- "443:443"
- "445:445"
- "1433:1433"
- "1723:1723"
- "1883:1883"
- "1900:1900"
- "3306:3306"
- "5060:5060"
- "5061:5061"
- "5060:5060/udp"
- "11211:11211"
image: "dtagdevsec/dionaea:1706"
volumes:
- /data/dionaea:/data/dionaea
# Elasticpot service
elasticpot:
container_name: elasticpot
restart: always
ports:
- "9200:9200"
image: "dtagdevsec/elasticpot:1706"
volumes:
- /data/elasticpot:/data/elasticpot
# ELK service
elk:
container_name: elk
restart: always
env_file:
- /etc/tpot/elk/environment
cap_add:
- IPC_LOCK
ulimits:
memlock: -1
nofile: 65536
ports:
- "127.0.0.1:64296:5601"
- "127.0.0.1:64302:9100"
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elk:1706"
volumes:
- /data:/data
- /var/log:/data/host/log
# Emobility service
emobility:
container_name: emobility
restart: always
cap_add:
- NET_ADMIN
ports:
- "8080:8080"
image: "dtagdevsec/emobility:1706"
volumes:
- /data/emobility:/data/eMobility
- /data/ews:/data/ews
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
image: "dtagdevsec/ewsposter:1706"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Glastopf service
glastopf:
container_name: glastopf
restart: always
ports:
- "80:80"
image: "dtagdevsec/glastopf:1706"
volumes:
- /data/glastopf:/data/glastopf
- /data/ews:/data/ews
# Honeytrap service
honeytrap:
container_name: honeytrap
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1706"
volumes:
- /data/honeytrap:/data/honeytrap
- /data/ews:/data/ews
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
image: "dtagdevsec/netdata:1706"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
restart: always
ports:
- "127.0.0.1:64303:8080"
image: "dtagdevsec/spiderfoot:1706"
# Ui-for-docker service
ui-for-docker:
container_name: ui-for-docker
command: -H unix:///var/run/docker.sock --no-auth
restart: always
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/ui-for-docker:1706"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Suricata service
suricata:
container_name: suricata
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/suricata:1706"
volumes:
- /data/suricata:/data/suricata

84
installer/etc/tpot/compose/hp.yml Normal file
View file

@ -0,0 +1,84 @@
# T-Pot (Standard)
# For docker-compose version ...
version: '2'
services:
# Cowrie service
cowrie:
container_name: cowrie
restart: always
ports:
- "22:2222"
- "23:2223"
image: "dtagdevsec/cowrie:1706"
volumes:
- /data/cowrie:/data/cowrie
# Dionaea service
dionaea:
container_name: dionaea
restart: always
cap_add:
- NET_BIND_SERVICE
ports:
- "21:21"
- "42:42"
- "69:69/udp"
- "8081:80"
- "135:135"
- "443:443"
- "445:445"
- "1433:1433"
- "1723:1723"
- "1883:1883"
- "1900:1900"
- "3306:3306"
- "5060:5060"
- "5061:5061"
- "5060:5060/udp"
- "11211:11211"
image: "dtagdevsec/dionaea:1706"
volumes:
- /data/dionaea:/data/dionaea
# Elasticpot service
elasticpot:
container_name: elasticpot
restart: always
ports:
- "9200:9200"
image: "dtagdevsec/elasticpot:1706"
volumes:
- /data/elasticpot:/data/elasticpot
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
image: "dtagdevsec/ewsposter:1706"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Glastopf service
glastopf:
container_name: glastopf
restart: always
ports:
- "80:80"
image: "dtagdevsec/glastopf:1706"
volumes:
- /data/glastopf:/data/glastopf
- /data/ews:/data/ews
# Honeytrap service
honeytrap:
container_name: honeytrap
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1706"
volumes:
- /data/honeytrap:/data/honeytrap
- /data/ews:/data/ews

103
installer/etc/tpot/compose/industrial.yml Normal file
View file

@ -0,0 +1,103 @@
# T-Pot (Everything)
# For docker-compose version ...
version: '2'
services:
# Conpot service
conpot:
container_name: conpot
restart: always
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1706"
volumes:
- /data/conpot:/data/conpot
- /data/ews:/data/ews
# ELK service
elk:
container_name: elk
restart: always
env_file:
- /etc/tpot/elk/environment
cap_add:
- IPC_LOCK
ulimits:
memlock: -1
nofile: 65536
ports:
- "127.0.0.1:64296:5601"
- "127.0.0.1:64302:9100"
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elk:1706"
volumes:
- /data:/data
- /var/log:/data/host/log
# Emobility service
emobility:
container_name: emobility
restart: always
cap_add:
- NET_ADMIN
ports:
- "8080:8080"
image: "dtagdevsec/emobility:1706"
volumes:
- /data/emobility:/data/eMobility
- /data/ews:/data/ews
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
image: "dtagdevsec/ewsposter:1706"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
image: "dtagdevsec/netdata:1706"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
restart: always
ports:
- "127.0.0.1:64303:8080"
image: "dtagdevsec/spiderfoot:1706"
# Ui-for-docker service
ui-for-docker:
container_name: ui-for-docker
command: -H unix:///var/run/docker.sock --no-auth
restart: always
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/ui-for-docker:1706"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Suricata service
suricata:
container_name: suricata
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/suricata:1706"
volumes:
- /data/suricata:/data/suricata

149
installer/etc/tpot/compose/tpot.yml Normal file
View file

@ -0,0 +1,149 @@
# T-Pot (Standard)
# For docker-compose version ...
version: '2'
services:
# Cowrie service
cowrie:
container_name: cowrie
restart: always
ports:
- "22:2222"
- "23:2223"
image: "dtagdevsec/cowrie:1706"
volumes:
- /data/cowrie:/data/cowrie
# Dionaea service
dionaea:
container_name: dionaea
restart: always
cap_add:
- NET_BIND_SERVICE
ports:
- "21:21"
- "42:42"
- "69:69/udp"
- "8081:80"
- "135:135"
- "443:443"
- "445:445"
- "1433:1433"
- "1723:1723"
- "1883:1883"
- "1900:1900"
- "3306:3306"
- "5060:5060"
- "5061:5061"
- "5060:5060/udp"
- "11211:11211"
image: "dtagdevsec/dionaea:1706"
volumes:
- /data/dionaea:/data/dionaea
# Elasticpot service
elasticpot:
container_name: elasticpot
restart: always
ports:
- "9200:9200"
image: "dtagdevsec/elasticpot:1706"
volumes:
- /data/elasticpot:/data/elasticpot
# ELK service
elk:
container_name: elk
restart: always
env_file:
- /etc/tpot/elk/environment
cap_add:
- IPC_LOCK
ulimits:
memlock: -1
nofile: 65536
ports:
- "127.0.0.1:64296:5601"
- "127.0.0.1:64302:9100"
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elk:1706"
volumes:
- /data:/data
- /var/log:/data/host/log
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
image: "dtagdevsec/ewsposter:1706"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Glastopf service
glastopf:
container_name: glastopf
restart: always
ports:
- "80:80"
image: "dtagdevsec/glastopf:1706"
volumes:
- /data/glastopf:/data/glastopf
- /data/ews:/data/ews
# Honeytrap service
honeytrap:
container_name: honeytrap
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:1706"
volumes:
- /data/honeytrap:/data/honeytrap
- /data/ews:/data/ews
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
image: "dtagdevsec/netdata:1706"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
restart: always
ports:
- "127.0.0.1:64303:8080"
image: "dtagdevsec/spiderfoot:1706"
# Ui-for-docker service
ui-for-docker:
container_name: ui-for-docker
command: -H unix:///var/run/docker.sock --no-auth
restart: always
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/ui-for-docker:1706"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Suricata service
suricata:
container_name: suricata
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/suricata:1706"
volumes:
- /data/suricata:/data/suricata

0
installer/data/elkbase.tgz → installer/etc/tpot/elkbase.tgz
View file

0
installer/data/kibana-objects.tgz → installer/etc/tpot/kibana-objects.tgz
View file

44
installer/etc/tpot/systemd/tpot.service Normal file
View file

@ -0,0 +1,44 @@
[Unit]
Description=tpot
Requires=docker.service
After=docker.service
[Service]
Restart=always
# Clear state from /data
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh off'
# Remove old containers and volumes
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml rm -v
ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)'
# Get IF, disable offloading, enable promiscious mode for p0f and suricata
ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off'
ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off'
ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on'
# Modify access rights on docker.sock for netdata
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
# Prepare iptables rules for honeytrap
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
# Compose T-Pot up and run as daemon
ExecStart=/usr/bin/docker-compose -f /etc/tpot/tpot.yml up
# Compose T-Pot down and remove containers
ExecStop=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v
# Remove iptables rules for honeytrap
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
[Install]
WantedBy=multi-user.target

0
installer/data/systemd/wetty.service → installer/etc/tpot/systemd/wetty.service
View file

37
installer/install.sh
View file

@ -353,26 +353,26 @@ EOF
case $myFLAVOR in
HP)
echo "### Preparing HONEYPOT flavor installation."
cp /root/tpot/data/imgcfg/hp_images.conf /root/tpot/data/images.conf 2>&1>/dev/null
cp /root/tpot/etc/tpot/compose/hp.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null
;;
INDUSTRIAL)
echo "### Preparing INDUSTRIAL flavor installation."
cp /root/tpot/data/imgcfg/industrial_images.conf /root/tpot/data/images.conf 2>&1>/dev/null
cp /root/tpot/etc/tpot/compose/industrial.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null
;;
TPOT)
echo "### Preparing TPOT flavor installation."
cp /root/tpot/data/imgcfg/tpot_images.conf /root/tpot/data/images.conf 2>&1>/dev/null
cp /root/tpot/etc/tpot/compose/tpot.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null
;;
EVERYTHING)
echo "### Preparing EVERYTHING flavor installation."
cp /root/tpot/data/imgcfg/all_images.conf /root/tpot/data/images.conf 2>&1>/dev/null
cp /root/tpot/etc/tpot/compose/all.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null
;;
esac
# Let's load docker images
myIMAGESCOUNT=$(cat /root/tpot/data/images.conf | wc -w)
myIMAGESCOUNT=$(cat /root/tpot/etc/tpot/tpot.yml | grep container_name | cut -d: -f2 | wc -l)
j=0
for name in $(cat /root/tpot/data/images.conf)
for name in $(cat /root/tpot/etc/tpot/tpot.yml | grep container_name | cut -d: -f2)
do
dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \
--gauge "\n Now downloading: dtagdevsec/$name:1706\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <<EOF
@ -411,19 +411,19 @@ EOF
tee -a /etc/crontab 2>&1>/dev/null <<EOF
# Check if containers and services are up
*/5 * * * * root check.sh
#*/5 * * * * root check.sh
# Example for alerta-cli IP update
#*/5 * * * * root alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open
# Check if updated images are available and download them
27 1 * * * root for i in \$(cat /etc/tpot/images.conf); do docker pull dtagdevsec/\$i:1706; done
27 1 * * * root /usr/bin/docker-compose -f /etc/tpot/tpot.yml pull
# Restart docker service and containers
27 3 * * * root dcres.sh
#27 3 * * * root dcres.sh
# Delete elastic indices older than 90 days (kibana index is omitted by default)
27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'
#27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'
# Update IP and erase check.lock if it exists
27 5 * * * root /etc/rc.local
@ -445,31 +445,28 @@ mkdir -p /data/conpot/log \
/data/emobility/log \
/data/ews/conf \
/data/suricata/log /home/tsec/.ssh/ \
/etc/tpot/elk /etc/tpot/imgcfg /etc/tpot/systemd \
/etc/tpot/elk /etc/tpot/compose /etc/tpot/systemd \
/usr/share/tpot/bin 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
# Let's take care of some files and permissions before copying
chmod 500 /root/tpot/bin/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
chmod 600 /root/tpot/data/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
chmod 600 -R /root/tpot/etc/tpot 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
chmod 644 /root/tpot/etc/issue 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
chmod 755 /root/tpot/etc/rc.local 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
chmod 644 /root/tpot/data/systemd/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
chmod 644 /root/tpot/etc/tpot/systemd/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
# Let's copy some files
tar xvfz /root/tpot/data/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF
tar xvfz /root/tpot/etc/tpot/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF
cp -R /root/tpot/bin/* /usr/share/tpot/bin/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp -R /root/tpot/data/* /etc/tpot/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp /root/tpot/data/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp -R /root/tpot/etc/tpot/* /etc/tpot/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp /root/tpot/etc/tpot/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp /root/tpot/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp -R /root/tpot/etc/nginx/ssl /etc/nginx/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp /root/tpot/etc/nginx/nginx.conf /etc/nginx/nginx.conf 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
cp /root/tpot/usr/share/nginx/html/* /usr/share/nginx/html/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
for i in $(cat /etc/tpot/images.conf);
do
systemctl enable $i 2>&1 | dialog --title "[ Enabling service for $i ]" $myPROGRESSBOXCONF
done
systemctl enable tpot 2>&1 | dialog --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF
systemctl enable wetty 2>&1 | dialog --title "[ Enabling service for wetty ]" $myPROGRESSBOXCONF
# Let's enable T-Pot website

2
preseed/tpot.seed
View file

@ -100,7 +100,7 @@ tasksel tasksel/first multiselect ubuntu-server
########################
### Package Installation
########################
d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io dstat ethtool genisoimage git glances html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant
d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant
#################
### Update Policy