Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-02 05:08:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions1

finish documentation

Browse source 
add uninstaller playbook and script
tweaking and cleanup
This commit is contained in:
Marco Ochse 2024-03-24 16:21:51 +01:00
parent 013f817c19
commit 3a81e988da
7 changed files with 367 additions and 240 deletions

5
README.md
View file

@ -40,7 +40,7 @@ env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/alpha/ins
* [Installation Types](#installation-types) * [Installation Types](#installation-types)
* [Standard / HIVE](#standard--hive) * [Standard / HIVE](#standard--hive)
* [**Distributed**](#distributed) * [**Distributed**](#distributed)
* [Uninstall T-Pot (Linux only!) (to do)](#uninstall-t-pot-linux-only-to-do) * [Uninstall T-Pot](#uninstall-t-pot)
* [First Start](#first-start) * [First Start](#first-start)
* [Standalone First Start](#standalone-first-start) * [Standalone First Start](#standalone-first-start)
* [Distributed Deployment](#distributed-deployment) * [Distributed Deployment](#distributed-deployment)
@ -354,7 +354,8 @@ The distributed version of T-Pot requires at least two hosts
- The **SENSOR** will not start before finalizing the **SENSOR** installation as described in [Distributed Deployment](#distributed-deployment). - The **SENSOR** will not start before finalizing the **SENSOR** installation as described in [Distributed Deployment](#distributed-deployment).
<br><br> <br><br>
## Uninstall T-Pot (Linux only!) (to do) ## Uninstall T-Pot
Uninstallation of T-Pot is only available on the [supported Linux distros](#choose-your-distro).<br>
To uninstall T-Pot run `~/tpotce/uninstall.sh` and follow the uninstaller instructions, you will have to enter your password at least once.<br> To uninstall T-Pot run `~/tpotce/uninstall.sh` and follow the uninstaller instructions, you will have to enter your password at least once.<br>
Once the uninstall is finished reboot the machine `sudo reboot` Once the uninstall is finished reboot the machine `sudo reboot`
<br><br> <br><br>

2
deploy.sh
View file

@ -109,7 +109,7 @@ echo "# New htpasswd encoded credentials: ${myLS_WEB_USER_ENC}"
echo "# New htpasswd credentials base64 encoded: ${myLS_WEB_USER_ENC_B64}" echo "# New htpasswd credentials base64 encoded: ${myLS_WEB_USER_ENC_B64}"
echo "# New SENSOR credentials base64 encoded: ${myTPOT_HIVE_USER}" echo "# New SENSOR credentials base64 encoded: ${myTPOT_HIVE_USER}"
echo echo
echo "# When asked for a 'BECOME password' enter the password for your user on the SENSOR machine." echo "# Ansible will ask for the BECOME password which is typically the password you sudo with on the SENSOR."
echo "# The password will allow Ansible to run a reboot via sudo on the SENSOR." echo "# The password will allow Ansible to run a reboot via sudo on the SENSOR."
echo echo

13
installer/install/deploy.yml
View file

@ -1,5 +1,9 @@
--- ---
- name: TPOT configuration playbook ###########################
# T-Pot Sensor Deployment #
###########################
- name: T-POT Sensor Deployment
hosts: all hosts: all
vars: vars:
local_nginx_cert_path: "~/tpotce/data/nginx/cert/nginx.crt" local_nginx_cert_path: "~/tpotce/data/nginx/cert/nginx.crt"
@ -7,6 +11,7 @@
remote_sensor_yml_path: "~/tpotce/compose/sensor.yml" remote_sensor_yml_path: "~/tpotce/compose/sensor.yml"
remote_docker_compose_path: "~/tpotce/docker-compose.yml" remote_docker_compose_path: "~/tpotce/docker-compose.yml"
env_file_path: "~/tpotce/.env" env_file_path: "~/tpotce/.env"
tasks: tasks:
- name: Ensure the destination directory exists - name: Ensure the destination directory exists
ansible.builtin.file: ansible.builtin.file:
@ -23,19 +28,19 @@
ansible.builtin.command: ansible.builtin.command:
cmd: "cp {{ remote_sensor_yml_path }} {{ remote_docker_compose_path }}" cmd: "cp {{ remote_sensor_yml_path }} {{ remote_docker_compose_path }}"
- name: Update TPOT_HIVE_USER in .env - name: Update T-POT_HIVE_USER in .env
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ env_file_path }}" path: "{{ env_file_path }}"
regexp: '^TPOT_HIVE_USER=' regexp: '^TPOT_HIVE_USER='
line: 'TPOT_HIVE_USER={{ lookup("env", "myTPOT_HIVE_USER") }}' line: 'TPOT_HIVE_USER={{ lookup("env", "myTPOT_HIVE_USER") }}'
- name: Update TPOT_HIVE_IP in .env - name: Update T-POT_HIVE_IP in .env
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ env_file_path }}" path: "{{ env_file_path }}"
regexp: '^TPOT_HIVE_IP=' regexp: '^TPOT_HIVE_IP='
line: 'TPOT_HIVE_IP={{ lookup("env", "myTPOT_HIVE_IP") }}' line: 'TPOT_HIVE_IP={{ lookup("env", "myTPOT_HIVE_IP") }}'
- name: Ensure TPOT_TYPE is set to SENSOR in .env - name: Ensure T-POT_TYPE is set to SENSOR in .env
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ env_file_path }}" path: "{{ env_file_path }}"
regexp: '^TPOT_TYPE=' regexp: '^TPOT_TYPE='

12
installer/install/tpot.yml
View file

@ -668,6 +668,12 @@
- "Ubuntu" - "Ubuntu"
tasks: tasks:
- name: Check for non-root user id (All)
debug:
msg: "Detected user: '{{ ansible_user_id }}'"
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
failed_when: ansible_user_id == "root"
- name: Add aliases (All) - name: Add aliases (All)
blockinfile: blockinfile:
path: ~/.bashrc path: ~/.bashrc
@ -703,12 +709,6 @@
append: yes append: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- name: Check for non-root user id (All)
debug:
msg: "Detected user: '{{ ansible_user_id }}'"
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
failed_when: ansible_user_id == "root"
######################################## ########################################
# T-Pot - Install service and cron job # # T-Pot - Install service and cron job #
######################################## ########################################

55
installer/remove/sudo.yml
View file

@ -1,55 +0,0 @@
---
################################
# T-Pot - Debian Remove (sudo) #
################################
# Be sure to use root password as become password
- name: T-Pot - Debian Remove (sudo)
hosts: all
gather_facts: true
become: false
tasks:
- name: Check if running as root
assert:
that: ansible_user != 'root'
fail_msg: "T-Pot playbook should not be run as root."
success_msg: "Running as user: {{ ansible_user }}."
tags:
- "Debian"
- name: Check if running as tpot
assert:
that: ansible_user != 'tpot'
fail_msg: "Reserved username `tpot` detected."
success_msg: "Running as user: {{ ansible_user }}."
tags:
- "Debian"
- name: Remove current user from sudo group
become: true
become_method: su
command: gpasswd -d "{{ ansible_user_id }}" sudo
when: ansible_distribution == "Debian"
tags:
- "Debian"
- name: Uninstall sudo package if present
become: true
become_method: su
package:
name: sudo
state: absent
update-cache: no
when: ansible_distribution == "Debian"
tags:
- "Debian"
- name: Remove sudoers file for ansible_user_id
become: true
become_method: su
file:
path: /etc/sudoers.d/{{ ansible_user_id }}
state: absent
tags:
- "Debian"

420
installer/remove/tpot.yml
View file

@ -1,244 +1,320 @@
--- ---
################################ ###################
# T-Pot - Abort if run as root # # T-Pot - Removal #
################################ ###################
- name: T-Pot Abort if run as root #####################################################################
# T-Pot - Abort if run as tpot, root or on unsupported distribution #
#####################################################################
- name: T-Pot - Abort if run as tpot, root or on unsupported distribution
hosts: all hosts: all
gather_facts: true gather_facts: true
become: false become: false
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "Rocky"
- "Ubuntu"
pre_tasks: tasks:
- name: Check if running as root - name: Check if running as root (All)
assert: assert:
that: ansible_user_id != 'root' that: ansible_user_id != 'root'
fail_msg: "T-Pot playbook should not be run as root." fail_msg: "T-Pot playbook should not be run as root."
success_msg: "Running as user: {{ ansible_user_id }}." success_msg: "Running as user: {{ ansible_user_id }}."
- name: Check if supported distribution - name: Check if running as tpot (All)
assert: assert:
that: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"] that: ansible_user_id != 'tpot'
fail_msg: "T-Pot is not supported on this plattform: {{ ansible_distribution }}." fail_msg: "Reserved username `tpot` detected."
success_msg: "T-Pot will now install on {{ ansible_distribution }}." success_msg: "Running as user: {{ ansible_user_id }}."
###################################### - name: Check if supported distribution (All)
# T-Pot - Remove group users, bashrc # assert:
###################################### that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
fail_msg: "T-Pot uninstall is not supported on this plattform: {{ ansible_distribution }}."
success_msg: "T-Pot will now be removed from {{ ansible_distribution }}."
- name: T-Pot - Remove group users, bashrc #######################################
# T-Pot - Remove cron job and service #
#######################################
- name: Reverse T-Pot - Remove randomized daily reboot
hosts: all hosts: all
gather_facts: true gather_facts: true
become: false become: true
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "Rocky"
- "Ubuntu"
tasks: tasks:
- name: Remove aliases (All) - name: Remove the randomized daily reboot cron job (All)
cron:
name: "T-Pot Daily Reboot"
user: root
state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- name: Reverse T-Pot - Remove systemd service
hosts: all
gather_facts: true
become: true
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "Rocky"
- "Ubuntu"
tasks:
- name: Stop and disable tpot.service (All)
ansible.builtin.systemd:
name: tpot.service
state: stopped
enabled: no
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- name: Remove systemd service file for tpot
ansible.builtin.file:
path: '/etc/systemd/system/tpot.service'
state: absent
notify: Reload systemd
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
handlers:
- name: Reload systemd
become: true
ansible.builtin.systemd:
daemon_reload: yes
##################################################
# T-Pot - Adjust bashrc, remove T-Pot repository #
##################################################
- name: T-Pot - Reverse Adjustments
hosts: all
gather_facts: true
become: true
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "Rocky"
- "Ubuntu"
tasks:
- name: Remove aliases from .bashrc (All)
blockinfile: blockinfile:
path: ~/.bashrc path: ~/.bashrc
block: | block: ""
alias dps='grc --colour=on docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\t{{'{{'}}.Status{{'}}'}}\t{{'{{'}}.Ports{{'}}'}}" | sort'
alias dpsw='watch -c bash -ic dps'
marker: "# {mark} ANSIBLE MANAGED BLOCK" marker: "# {mark} ANSIBLE MANAGED BLOCK"
state: absent state: absent
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"] become: false
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- name: Remove current user from Docker, T-Pot group (All) ##########################################################
become: true # T-Pot - Restore configs, remove users and groups, etc. #
user: ##########################################################
name: "{{ ansible_user_id }}"
groups:
- docker
- tpot
state: present
remove: yes
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
- name: Check for non-root user id (All) - name: T-Pot - Adjust configs, add users and groups, etc.
debug:
msg: "Detected user: '{{ ansible_user_id }}'"
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
failed_when: ansible_user_id == "root"
##################################################
# T-Pot - Remove configs, users and groups, etc. #
##################################################
- name: T-Pot - Remove configs, users and groups, etc.
hosts: all hosts: all
gather_facts: true gather_facts: true
become: true become: true
tasks: tasks:
- name: Remove T-Pot user (All) - name: Revert DNSStubListener setting in resolved.conf (Fedora, Ubuntu)
user: lineinfile:
name: tpot path: /etc/systemd/resolved.conf
state: absent regexp: 'DNSStubListener=no'
remove: yes line: 'DNSStubListener=yes'
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"] state: present
when: ansible_distribution in ["Fedora", "Ubuntu"]
tags:
- "Fedora"
- "Ubuntu"
- name: Revert SELinux config (Fedora) - name: Revert SELinux config to enforcing (AlmaLinux, Fedora, Rocky)
lineinfile: lineinfile:
path: /etc/selinux/config path: /etc/selinux/config
regexp: '^SELINUX=' regexp: '^SELINUX='
line: 'SELINUX=enforcing' line: 'SELINUX=enforcing'
state: present when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
when: ansible_distribution in ["Fedora"] tags:
- "AlmaLinux"
- "Fedora"
- "Rocky"
- name: Revert kernel module loading (Fedora) - name: Remove iptables.conf file (AlmaLinux, Fedora, Rocky)
command: modprobe -r iptable_filter
when: ansible_distribution in ["Fedora"]
- name: Remove iptables.conf (Fedora)
file: file:
path: /etc/modules-load.d/iptables.conf path: /etc/modules-load.d/iptables.conf
state: absent state: absent
when: ansible_distribution in ["Fedora"] when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "Rocky"
- name: Revert DNSStubListener in resolved.conf (Fedora, Ubuntu) - name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
lineinfile: firewalld:
path: /etc/systemd/resolved.conf zone: public
regexp: '^.*DNSStubListener=.*' target: DROP
line: '#DNSStubListener=yes' permanent: yes
state: present state: enabled
notify: Restart Resolved when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
when: ansible_distribution in ["Fedora", "Ubuntu"] tags:
- "AlmaLinux"
- "Fedora"
- "openSUSE Tumbleweed"
- "Rocky"
- name: Revert SSH port change (Debian, Fedora, Ubuntu) - name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
firewalld:
port: 22/tcp
permanent: yes
state: enabled
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "openSUSE Tumbleweed"
- "Rocky"
- name: Remove port.conf file to revert SSH to default port (openSUSE Tumbleweed)
file:
path: /etc/ssh/sshd_config.d/port.conf
state: absent
when: ansible_distribution in ["openSUSE Tumbleweed"]
tags:
- "openSUSE Tumbleweed"
- name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
line: "Port 64295" line: "Port 64295"
state: absent state: absent
notify: Restart SSH when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["Debian", "Fedora", "Ubuntu"] tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "Raspbian"
- "Rocky"
- "Ubuntu"
- name: Revert SSH port change (openSUSE Tumbleweed) - name: Remove T-Pot user (All)
file: user:
path: /etc/ssh/sshd_config.d/port.conf name: tpot
state: absent state: absent
notify: Restart SSH when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["openSUSE Tumbleweed"] tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "Rocky"
- "Ubuntu"
- name: Remove T-Pot SSH port from Firewall (Fedora, openSUSE Tumbleweed) - name: Remove T-Pot group (All)
firewalld: group:
port: 64295/tcp name: tpot
permanent: yes state: absent
state: disabled when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["Fedora", "openSUSE Tumbleweed"] tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "Rocky"
- "Ubuntu"
- name: Remove T-Pot default target modification (Fedora, openSUSE Tumbleweed) ################################
firewalld: # T-Pot - Remove Docker Engine #
zone: public ################################
target: default
permanent: yes
state: enabled
when: ansible_distribution in ["Fedora", "openSUSE Tumbleweed"]
handlers: - name: T-Pot - Remove Docker Engine
- name: Restart Resolved
service:
name: systemd-resolved
state: restarted
when: ansible_distribution in ["Fedora", "Ubuntu"]
- name: Restart SSH
service:
name: "{{ 'sshd' if ansible_distribution == 'Debian' else 'sshd' }}"
state: restarted
enabled: true
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
#######################################################
# T-Pot - Stop and prune everything related to Docker #
#######################################################
- name: T-Pot - Stop and prune everything related to Docker
hosts: all hosts: all
gather_facts: true gather_facts: true
become: true become: true
tasks: tasks:
- name: Stop all Docker containers (All) - name: Remove Docker Engine packages (openSUSE Tumbleweed)
docker_container:
state: absent
name: "*"
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
ignore_errors: true
- name: Prune everything related to Docker (All)
docker_prune:
builder_cache: true
containers: true
images: true
networks: true
volumes: true
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
ignore_errors: true
- name: Uninstall Docker Engine packages
package: package:
name: name:
- docker - docker
- docker-bash-completion
- docker-buildx
- docker-compose
- docker-compose-switch
- liblvm2cmd2_03
- lvm2
state: absent
when: ansible_distribution in ["openSUSE Tumbleweed"]
tags:
- "openSUSE Tumbleweed"
- name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
package:
name:
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli
- containerd.io - containerd.io
- docker-buildx-plugin - docker-buildx-plugin
- docker-compose-plugin - docker-compose-plugin
- docker-compose
state: absent state: absent
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "Raspbian"
- "Rocky"
- "Ubuntu"
- name: Remove Docker repository (Fedora) ######################################
file: # T-Pot - Remove Docker Engine Repos #
path: /etc/yum.repos.d/docker-ce.repo ######################################
state: absent
when: ansible_distribution == "Fedora"
- name: Remove Docker Engine repository (Debian, Ubuntu) - name: T-Pot - Revert Docker Engine preparation
apt_repository:
filename: docker
state: absent
update_cache: yes
when: ansible_distribution in ["Debian", "Ubuntu"]
#- name: Remove Docker Engine GPG key (Debian, Ubuntu)
#file:
#path: /etc/apt/keyrings/docker.gpg
#state: absent
#when: ansible_distribution in ["Debian", "Ubuntu"]
- name: Remove Docker Engine GPG key folder (Debian, Ubuntu)
file:
path: /etc/apt/keyrings
state: absent
when: ansible_distribution in ["Debian", "Ubuntu"]
############################
# T-Pot - Cleanup packages #
############################
- name: T-Pot - Cleanup packages
hosts: all hosts: all
gather_facts: true gather_facts: true
become: true become: true
tasks: tasks:
- name: Uninstall recommended packages (Debian, Fedora, openSUSE Tumbleweed, Ubuntu) - name: Remove Docker Engine repository (Debian, Raspbian, Ubuntu)
package: apt_repository:
name: filename: docker
- busybox-net-tools
- grc
- neovim
- net-tools
state: absent state: absent
update_cache: yes when: ansible_distribution in ["Debian", "Raspbian", "Ubuntu"]
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"] tags:
- "Debian"
- "Raspbian"
- "Ubuntu"
- name: Remove Docker repository (Fedora)
shell: dnf -y config-manager --remove-repo https://download.docker.com/linux/fedora/docker-ce.repo
when: ansible_distribution in ["Fedora"]
tags:
- "Fedora"
- name: Remove Docker repository (AlmaLinux, Rocky)
shell: dnf -y config-manager --remove-repo https://download.docker.com/linux/centos/docker-ce.repo
when: ansible_distribution in ["AlmaLinux", "Rocky"]
tags:
- "AlmaLinux"
- "Rocky"
- name: Restore conflicting packages (openSUSE Tumbleweed)
package:
name:
- cups
- net-tools
- postfix
- yast2-auth-client
state: present
update_cache: yes
when: ansible_distribution == "openSUSE Tumbleweed"

100
uninstall.sh Executable file
View file

@ -0,0 +1,100 @@
#!/usr/bin/env bash
myUNINSTALL_NOTIFICATION="### Now installing required packages ..."
myUSER=$(whoami)
myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env"
myANSIBLE_TPOT_PLAYBOOK="installer/remove/tpot.yml"
myUNINSTALLER=$(cat << "EOF"
_____ ____ _ _ _ _ _ _ _
|_ _| | _ \ ___ | |_ | | | |_ __ (_)_ __ ___| |_ __ _| | | ___ _ __
| |_____| |_) / _ \| __| | | | | _ \| | _ \/ __| __/ _ | | |/ _ \ __|
| |_____| __/ (_) | |_ | |_| | | | | | | | \__ \ || (_| | | | __/ |
|_| |_| \___/ \__| \___/|_| |_|_|_| |_|___/\__\__,_|_|_|\___|_|
EOF
)
# Check if running with root privileges
if [ ${EUID} -eq 0 ];
then
echo "This script should not be run as root. Please run it as a regular user."
echo
exit 1
fi
# Check if running on a supported distribution
mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu")
myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"')
if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]];
then
echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu."
echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms."
echo
exit 1
fi
# Begin of Uninstaller
echo "$myUNINSTALLER"
echo
echo
echo "### This script will now uninstall T-Pot."
while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ];
do
echo
read -p "### Uninstall? (y/n) " myQST
echo
done
if [ "${myQST}" = "n" ];
then
echo
echo "### Aborting!"
echo
exit 0
fi
# Define tag for Ansible
myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux")
if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]];
then
myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1)
else
myANSIBLE_TAG=${myCURRENT_DISTRIBUTION}
fi
# Check type of sudo access
sudo -n true > /dev/null 2>&1
if [ $? -eq 1 ];
then
myANSIBLE_BECOME_OPTION="--ask-become-pass"
echo "### sudo not acquired, setting ansible become option to ${myANSIBLE_BECOME_OPTION}."
echo "### Ansible will ask for the BECOME password which is typically the password you sudo with."
echo
else
myANSIBLE_BECOME_OPTION="--become"
echo "### sudo acquired, setting ansible become option to ${myANSIBLE_BECOME_OPTION}."
echo
fi
# Run Ansible Playbook
echo "### Now running T-Pot Ansible Uninstallation Playbook ..."
echo
ANSIBLE_LOG_PATH=${PWD}/uninstall_tpot.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -i 127.0.0.1, -c local --tags "${myANSIBLE_TAG}" ${myANSIBLE_BECOME_OPTION}
# Something went wrong
if [ ! $? -eq 0 ];
then
echo "### Something went wrong with the Playbook, please review the output and / or uninstall_tpot.log for clues."
echo "### Aborting."
echo
exit 1
else
echo "### Playbook was successful."
echo "### Now removing $HOME/tpotce."
rm -rf $HOME/tpotce
echo
fi
# Done
echo "### Done. Please reboot and re-connect via SSH on tcp/22."
echo