diff --git a/README.md b/README.md
index bbdfe1e7..bf44441a 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/alpha/ins
* [Installation Types](#installation-types)
* [Standard / HIVE](#standard--hive)
* [**Distributed**](#distributed)
- * [Uninstall T-Pot (Linux only!) (to do)](#uninstall-t-pot-linux-only-to-do)
+ * [Uninstall T-Pot](#uninstall-t-pot)
* [First Start](#first-start)
* [Standalone First Start](#standalone-first-start)
* [Distributed Deployment](#distributed-deployment)
@@ -354,7 +354,8 @@ The distributed version of T-Pot requires at least two hosts
- The **SENSOR** will not start before finalizing the **SENSOR** installation as described in [Distributed Deployment](#distributed-deployment).
-## Uninstall T-Pot (Linux only!) (to do)
+## Uninstall T-Pot
+Uninstallation of T-Pot is only available on the [supported Linux distros](#choose-your-distro).
To uninstall T-Pot run `~/tpotce/uninstall.sh` and follow the uninstaller instructions, you will have to enter your password at least once.
Once the uninstall is finished reboot the machine `sudo reboot`
diff --git a/deploy.sh b/deploy.sh
index 545e09d5..d5733d5a 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -109,7 +109,7 @@ echo "# New htpasswd encoded credentials: ${myLS_WEB_USER_ENC}"
echo "# New htpasswd credentials base64 encoded: ${myLS_WEB_USER_ENC_B64}"
echo "# New SENSOR credentials base64 encoded: ${myTPOT_HIVE_USER}"
echo
-echo "# When asked for a 'BECOME password' enter the password for your user on the SENSOR machine."
+echo "# Ansible will ask for the ‘BECOME password‘ which is typically the password you ’sudo’ with on the SENSOR."
echo "# The password will allow Ansible to run a reboot via sudo on the SENSOR."
echo
diff --git a/installer/install/deploy.yml b/installer/install/deploy.yml
index 6b0ee587..d39160a4 100644
--- a/installer/install/deploy.yml
+++ b/installer/install/deploy.yml
@@ -1,5 +1,9 @@
---
-- name: TPOT configuration playbook
+###########################
+# T-Pot Sensor Deployment #
+###########################
+
+- name: T-POT Sensor Deployment
hosts: all
vars:
local_nginx_cert_path: "~/tpotce/data/nginx/cert/nginx.crt"
@@ -7,6 +11,7 @@
remote_sensor_yml_path: "~/tpotce/compose/sensor.yml"
remote_docker_compose_path: "~/tpotce/docker-compose.yml"
env_file_path: "~/tpotce/.env"
+
tasks:
- name: Ensure the destination directory exists
ansible.builtin.file:
@@ -23,19 +28,19 @@
ansible.builtin.command:
cmd: "cp {{ remote_sensor_yml_path }} {{ remote_docker_compose_path }}"
- - name: Update TPOT_HIVE_USER in .env
+ - name: Update T-POT_HIVE_USER in .env
ansible.builtin.lineinfile:
path: "{{ env_file_path }}"
regexp: '^TPOT_HIVE_USER='
line: 'TPOT_HIVE_USER={{ lookup("env", "myTPOT_HIVE_USER") }}'
- - name: Update TPOT_HIVE_IP in .env
+ - name: Update T-POT_HIVE_IP in .env
ansible.builtin.lineinfile:
path: "{{ env_file_path }}"
regexp: '^TPOT_HIVE_IP='
line: 'TPOT_HIVE_IP={{ lookup("env", "myTPOT_HIVE_IP") }}'
- - name: Ensure TPOT_TYPE is set to SENSOR in .env
+ - name: Ensure T-POT_TYPE is set to SENSOR in .env
ansible.builtin.lineinfile:
path: "{{ env_file_path }}"
regexp: '^TPOT_TYPE='
diff --git a/installer/install/tpot.yml b/installer/install/tpot.yml
index cc4f4f16..be1716ed 100644
--- a/installer/install/tpot.yml
+++ b/installer/install/tpot.yml
@@ -668,6 +668,12 @@
- "Ubuntu"
tasks:
+ - name: Check for non-root user id (All)
+ debug:
+ msg: "Detected user: '{{ ansible_user_id }}'"
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
+ failed_when: ansible_user_id == "root"
+
- name: Add aliases (All)
blockinfile:
path: ~/.bashrc
@@ -703,12 +709,6 @@
append: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- - name: Check for non-root user id (All)
- debug:
- msg: "Detected user: '{{ ansible_user_id }}'"
- when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- failed_when: ansible_user_id == "root"
-
########################################
# T-Pot - Install service and cron job #
########################################
diff --git a/installer/remove/sudo.yml b/installer/remove/sudo.yml
deleted file mode 100644
index 6d135f40..00000000
--- a/installer/remove/sudo.yml
+++ /dev/null
@@ -1,55 +0,0 @@
----
-################################
-# T-Pot - Debian Remove (sudo) #
-################################
-
-# Be sure to use root password as become password
-- name: T-Pot - Debian Remove (sudo)
- hosts: all
- gather_facts: true
- become: false
-
- tasks:
- - name: Check if running as root
- assert:
- that: ansible_user != 'root'
- fail_msg: "T-Pot playbook should not be run as root."
- success_msg: "Running as user: {{ ansible_user }}."
- tags:
- - "Debian"
-
- - name: Check if running as tpot
- assert:
- that: ansible_user != 'tpot'
- fail_msg: "Reserved username `tpot` detected."
- success_msg: "Running as user: {{ ansible_user }}."
- tags:
- - "Debian"
-
- - name: Remove current user from sudo group
- become: true
- become_method: su
- command: gpasswd -d "{{ ansible_user_id }}" sudo
- when: ansible_distribution == "Debian"
- tags:
- - "Debian"
-
- - name: Uninstall sudo package if present
- become: true
- become_method: su
- package:
- name: sudo
- state: absent
- update-cache: no
- when: ansible_distribution == "Debian"
- tags:
- - "Debian"
-
- - name: Remove sudoers file for ansible_user_id
- become: true
- become_method: su
- file:
- path: /etc/sudoers.d/{{ ansible_user_id }}
- state: absent
- tags:
- - "Debian"
diff --git a/installer/remove/tpot.yml b/installer/remove/tpot.yml
index 9ab3bda5..304e2d48 100644
--- a/installer/remove/tpot.yml
+++ b/installer/remove/tpot.yml
@@ -1,244 +1,320 @@
---
-################################
-# T-Pot - Abort if run as root #
-################################
+###################
+# T-Pot - Removal #
+###################
-- name: T-Pot Abort if run as root
+#####################################################################
+# T-Pot - Abort if run as tpot, root or on unsupported distribution #
+#####################################################################
+
+- name: T-Pot - Abort if run as tpot, root or on unsupported distribution
hosts: all
gather_facts: true
become: false
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
- pre_tasks:
- - name: Check if running as root
+ tasks:
+ - name: Check if running as root (All)
assert:
that: ansible_user_id != 'root'
fail_msg: "T-Pot playbook should not be run as root."
success_msg: "Running as user: {{ ansible_user_id }}."
- - name: Check if supported distribution
+ - name: Check if running as tpot (All)
assert:
- that: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
- fail_msg: "T-Pot is not supported on this plattform: {{ ansible_distribution }}."
- success_msg: "T-Pot will now install on {{ ansible_distribution }}."
+ that: ansible_user_id != 'tpot'
+ fail_msg: "Reserved username `tpot` detected."
+ success_msg: "Running as user: {{ ansible_user_id }}."
-######################################
-# T-Pot - Remove group users, bashrc #
-######################################
+ - name: Check if supported distribution (All)
+ assert:
+ that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
+ fail_msg: "T-Pot uninstall is not supported on this plattform: {{ ansible_distribution }}."
+ success_msg: "T-Pot will now be removed from {{ ansible_distribution }}."
-- name: T-Pot - Remove group users, bashrc
+#######################################
+# T-Pot - Remove cron job and service #
+#######################################
+
+- name: Reverse T-Pot - Remove randomized daily reboot
hosts: all
gather_facts: true
- become: false
+ become: true
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
tasks:
- - name: Remove aliases (All)
+ - name: Remove the randomized daily reboot cron job (All)
+ cron:
+ name: "T-Pot Daily Reboot"
+ user: root
+ state: absent
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
+
+- name: Reverse T-Pot - Remove systemd service
+ hosts: all
+ gather_facts: true
+ become: true
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
+
+ tasks:
+ - name: Stop and disable tpot.service (All)
+ ansible.builtin.systemd:
+ name: tpot.service
+ state: stopped
+ enabled: no
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
+
+ - name: Remove systemd service file for tpot
+ ansible.builtin.file:
+ path: '/etc/systemd/system/tpot.service'
+ state: absent
+ notify: Reload systemd
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
+
+ handlers:
+ - name: Reload systemd
+ become: true
+ ansible.builtin.systemd:
+ daemon_reload: yes
+
+##################################################
+# T-Pot - Adjust bashrc, remove T-Pot repository #
+##################################################
+
+- name: T-Pot - Reverse Adjustments
+ hosts: all
+ gather_facts: true
+ become: true
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
+
+ tasks:
+ - name: Remove aliases from .bashrc (All)
blockinfile:
path: ~/.bashrc
- block: |
- alias dps='grc --colour=on docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\t{{'{{'}}.Status{{'}}'}}\t{{'{{'}}.Ports{{'}}'}}" | sort'
- alias dpsw='watch -c bash -ic dps'
+ block: ""
marker: "# {mark} ANSIBLE MANAGED BLOCK"
state: absent
- when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
+ become: false
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- - name: Remove current user from Docker, T-Pot group (All)
- become: true
- user:
- name: "{{ ansible_user_id }}"
- groups:
- - docker
- - tpot
- state: present
- remove: yes
- when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
+##########################################################
+# T-Pot - Restore configs, remove users and groups, etc. #
+##########################################################
- - name: Check for non-root user id (All)
- debug:
- msg: "Detected user: '{{ ansible_user_id }}'"
- when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
- failed_when: ansible_user_id == "root"
-
-##################################################
-# T-Pot - Remove configs, users and groups, etc. #
-##################################################
-
-- name: T-Pot - Remove configs, users and groups, etc.
+- name: T-Pot - Adjust configs, add users and groups, etc.
hosts: all
gather_facts: true
become: true
tasks:
- - name: Remove T-Pot user (All)
- user:
- name: tpot
- state: absent
- remove: yes
- when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
+ - name: Revert DNSStubListener setting in resolved.conf (Fedora, Ubuntu)
+ lineinfile:
+ path: /etc/systemd/resolved.conf
+ regexp: 'DNSStubListener=no'
+ line: 'DNSStubListener=yes'
+ state: present
+ when: ansible_distribution in ["Fedora", "Ubuntu"]
+ tags:
+ - "Fedora"
+ - "Ubuntu"
- - name: Revert SELinux config (Fedora)
+ - name: Revert SELinux config to enforcing (AlmaLinux, Fedora, Rocky)
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
- state: present
- when: ansible_distribution in ["Fedora"]
+ when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
+ tags:
+ - "AlmaLinux"
+ - "Fedora"
+ - "Rocky"
- - name: Revert kernel module loading (Fedora)
- command: modprobe -r iptable_filter
- when: ansible_distribution in ["Fedora"]
-
- - name: Remove iptables.conf (Fedora)
+ - name: Remove iptables.conf file (AlmaLinux, Fedora, Rocky)
file:
path: /etc/modules-load.d/iptables.conf
state: absent
- when: ansible_distribution in ["Fedora"]
+ when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
+ tags:
+ - "AlmaLinux"
+ - "Fedora"
+ - "Rocky"
- - name: Revert DNSStubListener in resolved.conf (Fedora, Ubuntu)
- lineinfile:
- path: /etc/systemd/resolved.conf
- regexp: '^.*DNSStubListener=.*'
- line: '#DNSStubListener=yes'
- state: present
- notify: Restart Resolved
- when: ansible_distribution in ["Fedora", "Ubuntu"]
+ - name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
+ firewalld:
+ zone: public
+ target: DROP
+ permanent: yes
+ state: enabled
+ when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
+ tags:
+ - "AlmaLinux"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Rocky"
- - name: Revert SSH port change (Debian, Fedora, Ubuntu)
+ - name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
+ firewalld:
+ port: 22/tcp
+ permanent: yes
+ state: enabled
+ when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
+ tags:
+ - "AlmaLinux"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Rocky"
+
+ - name: Remove port.conf file to revert SSH to default port (openSUSE Tumbleweed)
+ file:
+ path: /etc/ssh/sshd_config.d/port.conf
+ state: absent
+ when: ansible_distribution in ["openSUSE Tumbleweed"]
+ tags:
+ - "openSUSE Tumbleweed"
+
+ - name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
lineinfile:
path: /etc/ssh/sshd_config
line: "Port 64295"
state: absent
- notify: Restart SSH
- when: ansible_distribution in ["Debian", "Fedora", "Ubuntu"]
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
- - name: Revert SSH port change (openSUSE Tumbleweed)
- file:
- path: /etc/ssh/sshd_config.d/port.conf
+ - name: Remove T-Pot user (All)
+ user:
+ name: tpot
state: absent
- notify: Restart SSH
- when: ansible_distribution in ["openSUSE Tumbleweed"]
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
- - name: Remove T-Pot SSH port from Firewall (Fedora, openSUSE Tumbleweed)
- firewalld:
- port: 64295/tcp
- permanent: yes
- state: disabled
- when: ansible_distribution in ["Fedora", "openSUSE Tumbleweed"]
+ - name: Remove T-Pot group (All)
+ group:
+ name: tpot
+ state: absent
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
- - name: Remove T-Pot default target modification (Fedora, openSUSE Tumbleweed)
- firewalld:
- zone: public
- target: default
- permanent: yes
- state: enabled
- when: ansible_distribution in ["Fedora", "openSUSE Tumbleweed"]
+################################
+# T-Pot - Remove Docker Engine #
+################################
- handlers:
- - name: Restart Resolved
- service:
- name: systemd-resolved
- state: restarted
- when: ansible_distribution in ["Fedora", "Ubuntu"]
-
- - name: Restart SSH
- service:
- name: "{{ 'sshd' if ansible_distribution == 'Debian' else 'sshd' }}"
- state: restarted
- enabled: true
- when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
-
-#######################################################
-# T-Pot - Stop and prune everything related to Docker #
-#######################################################
-
-- name: T-Pot - Stop and prune everything related to Docker
+- name: T-Pot - Remove Docker Engine
hosts: all
gather_facts: true
become: true
tasks:
- - name: Stop all Docker containers (All)
- docker_container:
- state: absent
- name: "*"
- when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
- ignore_errors: true
-
- - name: Prune everything related to Docker (All)
- docker_prune:
- builder_cache: true
- containers: true
- images: true
- networks: true
- volumes: true
- when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
- ignore_errors: true
-
- - name: Uninstall Docker Engine packages
+ - name: Remove Docker Engine packages (openSUSE Tumbleweed)
package:
name:
- docker
+ - docker-bash-completion
+ - docker-buildx
+ - docker-compose
+ - docker-compose-switch
+ - liblvm2cmd2_03
+ - lvm2
+ state: absent
+ when: ansible_distribution in ["openSUSE Tumbleweed"]
+ tags:
+ - "openSUSE Tumbleweed"
+
+ - name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
+ package:
+ name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
- - docker-compose
state: absent
- when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
- - name: Remove Docker repository (Fedora)
- file:
- path: /etc/yum.repos.d/docker-ce.repo
- state: absent
- when: ansible_distribution == "Fedora"
+######################################
+# T-Pot - Remove Docker Engine Repos #
+######################################
- - name: Remove Docker Engine repository (Debian, Ubuntu)
- apt_repository:
- filename: docker
- state: absent
- update_cache: yes
- when: ansible_distribution in ["Debian", "Ubuntu"]
-
- #- name: Remove Docker Engine GPG key (Debian, Ubuntu)
- #file:
- #path: /etc/apt/keyrings/docker.gpg
- #state: absent
- #when: ansible_distribution in ["Debian", "Ubuntu"]
-
- - name: Remove Docker Engine GPG key folder (Debian, Ubuntu)
- file:
- path: /etc/apt/keyrings
- state: absent
- when: ansible_distribution in ["Debian", "Ubuntu"]
-
-############################
-# T-Pot - Cleanup packages #
-############################
-
-- name: T-Pot - Cleanup packages
+- name: T-Pot - Revert Docker Engine preparation
hosts: all
gather_facts: true
become: true
tasks:
- - name: Uninstall recommended packages (Debian, Fedora, openSUSE Tumbleweed, Ubuntu)
- package:
- name:
- - busybox-net-tools
- - grc
- - neovim
- - net-tools
+ - name: Remove Docker Engine repository (Debian, Raspbian, Ubuntu)
+ apt_repository:
+ filename: docker
state: absent
- update_cache: yes
- when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
+ when: ansible_distribution in ["Debian", "Raspbian", "Ubuntu"]
+ tags:
+ - "Debian"
+ - "Raspbian"
+ - "Ubuntu"
+
+ - name: Remove Docker repository (Fedora)
+ shell: dnf -y config-manager --remove-repo https://download.docker.com/linux/fedora/docker-ce.repo
+ when: ansible_distribution in ["Fedora"]
+ tags:
+ - "Fedora"
+
+ - name: Remove Docker repository (AlmaLinux, Rocky)
+ shell: dnf -y config-manager --remove-repo https://download.docker.com/linux/centos/docker-ce.repo
+ when: ansible_distribution in ["AlmaLinux", "Rocky"]
+ tags:
+ - "AlmaLinux"
+ - "Rocky"
- - name: Restore conflicting packages (openSUSE Tumbleweed)
- package:
- name:
- - cups
- - net-tools
- - postfix
- - yast2-auth-client
- state: present
- update_cache: yes
- when: ansible_distribution == "openSUSE Tumbleweed"
diff --git a/uninstall.sh b/uninstall.sh
new file mode 100755
index 00000000..740a0bcc
--- /dev/null
+++ b/uninstall.sh
@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+
+myUNINSTALL_NOTIFICATION="### Now installing required packages ..."
+myUSER=$(whoami)
+myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env"
+myANSIBLE_TPOT_PLAYBOOK="installer/remove/tpot.yml"
+
+myUNINSTALLER=$(cat << "EOF"
+ _____ ____ _ _ _ _ _ _ _
+|_ _| | _ \ ___ | |_ | | | |_ __ (_)_ __ ___| |_ __ _| | | ___ _ __
+ | |_____| |_) / _ \| __| | | | | _ \| | _ \/ __| __/ _ | | |/ _ \ __|
+ | |_____| __/ (_) | |_ | |_| | | | | | | | \__ \ || (_| | | | __/ |
+ |_| |_| \___/ \__| \___/|_| |_|_|_| |_|___/\__\__,_|_|_|\___|_|
+EOF
+)
+
+# Check if running with root privileges
+if [ ${EUID} -eq 0 ];
+ then
+ echo "This script should not be run as root. Please run it as a regular user."
+ echo
+ exit 1
+fi
+
+# Check if running on a supported distribution
+mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu")
+myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"')
+
+if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]];
+ then
+ echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu."
+ echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms."
+ echo
+ exit 1
+fi
+
+# Begin of Uninstaller
+echo "$myUNINSTALLER"
+echo
+echo
+echo "### This script will now uninstall T-Pot."
+while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ];
+ do
+ echo
+ read -p "### Uninstall? (y/n) " myQST
+ echo
+ done
+if [ "${myQST}" = "n" ];
+ then
+ echo
+ echo "### Aborting!"
+ echo
+ exit 0
+fi
+
+# Define tag for Ansible
+myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux")
+if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]];
+ then
+ myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1)
+ else
+ myANSIBLE_TAG=${myCURRENT_DISTRIBUTION}
+fi
+
+# Check type of sudo access
+sudo -n true > /dev/null 2>&1
+if [ $? -eq 1 ];
+ then
+ myANSIBLE_BECOME_OPTION="--ask-become-pass"
+ echo "### ‘sudo‘ not acquired, setting ansible become option to ${myANSIBLE_BECOME_OPTION}."
+ echo "### Ansible will ask for the ‘BECOME password‘ which is typically the password you ’sudo’ with."
+ echo
+ else
+ myANSIBLE_BECOME_OPTION="--become"
+ echo "### ‘sudo‘ acquired, setting ansible become option to ${myANSIBLE_BECOME_OPTION}."
+ echo
+fi
+
+# Run Ansible Playbook
+echo "### Now running T-Pot Ansible Uninstallation Playbook ..."
+echo
+ANSIBLE_LOG_PATH=${PWD}/uninstall_tpot.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -i 127.0.0.1, -c local --tags "${myANSIBLE_TAG}" ${myANSIBLE_BECOME_OPTION}
+
+# Something went wrong
+if [ ! $? -eq 0 ];
+ then
+ echo "### Something went wrong with the Playbook, please review the output and / or uninstall_tpot.log for clues."
+ echo "### Aborting."
+ echo
+ exit 1
+ else
+ echo "### Playbook was successful."
+ echo "### Now removing $HOME/tpotce."
+ rm -rf $HOME/tpotce
+ echo
+fi
+
+# Done
+echo "### Done. Please reboot and re-connect via SSH on tcp/22."
+echo