Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-12 19:28:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions1

tweaking

Browse source 
random reboot times for crontab
remix compose files
some tweaking
This commit is contained in:
t3chn0m4g3 2020-06-28 20:03:14 +00:00
parent 4e6510b5c7
commit 3a418534d8
8 changed files with 105 additions and 10 deletions

3
bin/clean.sh
View file

@ -116,8 +116,9 @@ fuCOWRIE () {
# Let's create a function to clean up and prepare dicompot data
fuDICOMPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/*; fi
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/log; fi
mkdir -p /data/dicompot/log
mkdir -p /data/dicompot/images
chmod 770 /data/dicompot -R
chown tpot:tpot /data/dicompot -R
}

1
docker/dicompot/docker-compose.yml
View file

@ -19,3 +19,4 @@ services:
volumes:
- /data/dicompot/log:/var/log/dicompot
# - /path/to/dicom/images:/opt/dicompot/images

31
etc/compose/industrial.yml
View file

@ -10,7 +10,9 @@ networks:
conpot_local_kamstrup_382:
cowrie_local:
cyberchef_local:
dicompot_local:
heralding_local:
honeysap_local:
medpot_local:
rdpy_local:
ewsposter_local:
@ -157,6 +159,23 @@ services:
- /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dicompot service
# Get the Horos Client for testing: https://horosproject.org/
# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
dicompot:
container_name: dicompot
restart: always
networks:
- dicompot_local
ports:
- "11112:11112"
image: "dtagdevsec/dicompot:2006"
read_only: true
volumes:
- /data/dicompot/log:/var/log/dicompot
# - /data/dicompot/images:/opt/dicompot/images
# Heralding service
heralding:
container_name: heralding
@ -185,6 +204,18 @@ services:
volumes:
- /data/heralding/log:/var/log/heralding
# HoneySAP service
honeysap:
container_name: honeysap
restart: always
networks:
- honeysap_local
ports:
- "3299:3299"
image: "dtagdevsec/honeysap:2006"
volumes:
- /data/honeysap/log:/opt/honeysap/log
# Honeytrap service
honeytrap:
container_name: honeytrap

9
etc/compose/nextgen.yml
View file

@ -4,6 +4,7 @@ version: '2.3'
networks:
adbhoney_local:
ciscoasa_local:
citrixhoneypot_local:
conpot_local_IEC104:
conpot_local_guardian_ast:
@ -48,9 +49,10 @@ services:
ciscoasa:
container_name: ciscoasa
restart: always
networks:
- ciscoasa_local
tmpfs:
- /tmp/ciscoasa:uid=2000,gid=2000
network_mode: "host"
ports:
- "5000:5000/udp"
- "8443:8443"
@ -179,6 +181,9 @@ services:
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dicompot service
# Get the Horos Client for testing: https://horosproject.org/
# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
dicompot:
container_name: dicompot
restart: always
@ -190,7 +195,7 @@ services:
read_only: true
volumes:
- /data/dicompot/log:/var/log/dicompot
# - /path/to/dicom/images:/opt/dicompot/images
# - /data/dicompot/images:/opt/dicompot/images
# Dionaea service
dionaea:

45
etc/compose/standard.yml
View file

@ -4,15 +4,18 @@ version: '2.3'
networks:
adbhoney_local:
citrixhoneypot_local:
conpot_local_IEC104:
conpot_local_guardian_ast:
conpot_local_ipmi:
conpot_local_kamstrup_382:
cowrie_local:
cyberchef_local:
dicompot_local:
dionaea_local:
elasticpot_local:
heralding_local:
honeysap_local:
mailoney_local:
medpot_local:
rdpy_local:
@ -55,6 +58,19 @@ services:
volumes:
- /data/ciscoasa/log:/var/log/ciscoasa
# CitrixHoneypot service
citrixhoneypot:
container_name: citrixhoneypot
restart: always
networks:
- citrixhoneypot_local
ports:
- "443:443"
image: "dtagdevsec/citrixhoneypot:2006"
read_only: true
volumes:
- /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
# Conpot IEC104 service
conpot_IEC104:
container_name: conpot_iec104
@ -161,6 +177,23 @@ services:
- /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dicompot service
# Get the Horos Client for testing: https://horosproject.org/
# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
dicompot:
container_name: dicompot
restart: always
networks:
- dicompot_local
ports:
- "11112:11112"
image: "dtagdevsec/dicompot:2006"
read_only: true
volumes:
- /data/dicompot/log:/var/log/dicompot
# - /data/dicompot/images:/opt/dicompot/images
# Dionaea service
dionaea:
container_name: dionaea
@ -240,6 +273,18 @@ services:
volumes:
- /data/heralding/log:/var/log/heralding
# HoneySAP service
honeysap:
container_name: honeysap
restart: always
networks:
- honeysap_local
ports:
- "3299:3299"
image: "dtagdevsec/honeysap:2006"
volumes:
- /data/honeysap/log:/opt/honeysap/log
# Honeytrap service
honeytrap:
container_name: honeytrap

2
etc/curator/actions.yml
View file

@ -23,4 +23,4 @@ actions:
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 60
unit_count: 90

22
iso/installer/install.sh
View file

@ -1,6 +1,14 @@
#!/bin/bash
# T-Pot Universal Installer
# Installer can only be executed once.
myTPOT_INSTALL_LOG="/install.log"
if [ -s "$myTPOT_INSTALL_LOG" ];
then
echo "Aborting. Installer can only be executed once."
exit
fi
##################
# I. Global vars #
##################
@ -153,21 +161,25 @@ ListenStream=64294
mySSHPORT="
Port 64295
"
myRANDOM_HOUR=$(shuf -i 2-22 -n 1)
myRANDOM_MINUTE=$(shuf -i 0-59 -n 1)
myDEL_HOUR=$(($myRANDOM_HOUR+1))
myPULL_HOUR=$(($myRANDOM_HOUR-2))
myCRONJOBS="
# Check if updated images are available and download them
27 1 * * * root docker-compose -f /opt/tpot/etc/tpot.yml pull
$myRANDOM_MINUTE $myPULL_HOUR * * root docker-compose -f /opt/tpot/etc/tpot.yml pull
# Delete elasticsearch logstash indices older than 90 days
27 4 * * * root curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml
$myRANDOM_MINUTE $myDEL_HOUR * * * root curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml
# Uploaded binaries are not supposed to be downloaded
*/1 * * * * root mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/
# Daily reboot
27 3 * * * root systemctl stop tpot && docker stop \$(docker ps -aq) || docker rm \$(docker ps -aq) || reboot
$myRANDOM_MINUTE $myRANDOM_HOUR * * 1-6 root systemctl stop tpot && docker stop \$(docker ps -aq) || docker rm \$(docker ps -aq) || reboot
# Check for updated packages every sunday, upgrade and reboot
27 16 * * 0 root apt-fast autoclean -y && apt-fast autoremove -y && apt-fast update -y && apt-fast upgrade -y && sleep 10 && reboot
$myRANDOM_MINUTE $myRANDOM_HOUR * * 0 root apt-fast autoclean -y && apt-fast autoremove -y && apt-fast update -y && apt-fast upgrade -y && sleep 10 && reboot
"
mySHELLCHECK='[[ $- == *i* ]] || return'
myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
@ -780,7 +792,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/conpot/log \
/data/citrixhoneypot/logs \
/data/cowrie/{downloads,keys,misc,log,log/tty} \
/data/dicompot/log \
/data/dicompot/{images,log} \
/data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
/data/elasticpot/log \
/data/elk/{data,log} \

2
update.sh
View file

@ -228,7 +228,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/conpot/log \
/data/citrixhoneypot/logs \
/data/cowrie/{downloads,keys,misc,log,log/tty} \
/data/dicompot/log \
/data/dicompot/{images,log} \
/data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
/data/elasticpot/log \
/data/elk/{data,log} \