From ff74ba91c2e07429ee56c2f4d99fe4a024ade283 Mon Sep 17 00:00:00 2001 From: pedro Date: Thu, 4 Sep 2025 19:18:54 +0200 Subject: [PATCH 1/9] Logos look and feel --- docker-compose.yml | 158 ++++++++++++++++++++++----------------------- 1 file changed, 79 insertions(+), 79 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1039dce3..5ad37113 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -59,22 +59,22 @@ services: ################## # Adbhoney service - adbhoney: - container_name: adbhoney - restart: always - depends_on: - tpotinit: - condition: service_healthy - networks: - - adbhoney_local - ports: - - "5555:5555" - image: ${TPOT_REPO}/adbhoney:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/adbhoney/log:/opt/adbhoney/log - - ${TPOT_DATA_PATH}/adbhoney/downloads:/opt/adbhoney/dl +# adbhoney: +# container_name: adbhoney +# restart: always +# depends_on: +# tpotinit: +# condition: service_healthy +# networks: +# - adbhoney_local +# ports: +# - "5555:5555" +# image: ${TPOT_REPO}/adbhoney:${TPOT_VERSION} +# pull_policy: ${TPOT_PULL_POLICY} +# read_only: true +# volumes: +# - ${TPOT_DATA_PATH}/adbhoney/log:/opt/adbhoney/log +# - ${TPOT_DATA_PATH}/adbhoney/downloads:/opt/adbhoney/dl # Ciscoasa service ciscoasa: @@ -226,23 +226,23 @@ services: # Get the Horos Client for testing: https://horosproject.org/ # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ # Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images - dicompot: - container_name: dicompot - restart: always - depends_on: - tpotinit: - condition: service_healthy - networks: - - dicompot_local - ports: - - "104:11112" - - "11112:11112" - image: ${TPOT_REPO}/dicompot:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/dicompot/log:/var/log/dicompot -# - ${TPOT_DATA_PATH}/dicompot/images:/opt/dicompot/images +# dicompot: +# container_name: dicompot +# restart: always +# depends_on: +# tpotinit: +# condition: service_healthy +# networks: +# - dicompot_local +# ports: +# - "104:11112" +# - "11112:11112" +# image: ${TPOT_REPO}/dicompot:${TPOT_VERSION} +# pull_policy: ${TPOT_PULL_POLICY} +# read_only: true +# volumes: +# - ${TPOT_DATA_PATH}/dicompot/log:/var/log/dicompot +## - ${TPOT_DATA_PATH}/dicompot/images:/opt/dicompot/images # Dionaea service dionaea: @@ -393,21 +393,21 @@ services: - ${TPOT_DATA_PATH}/honeytrap/log:/opt/honeytrap/var/log # Ipphoney service - ipphoney: - container_name: ipphoney - restart: always - depends_on: - tpotinit: - condition: service_healthy - networks: - - ipphoney_local - ports: - - "631:631" - image: ${TPOT_REPO}/ipphoney:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/ipphoney/log:/opt/ipphoney/log +# ipphoney: +# container_name: ipphoney +# restart: always +# depends_on: +# tpotinit: +# condition: service_healthy +# networks: +# - ipphoney_local +# ports: +# - "631:631" +# image: ${TPOT_REPO}/ipphoney:${TPOT_VERSION} +# pull_policy: ${TPOT_PULL_POLICY} +# read_only: true +# volumes: +# - ${TPOT_DATA_PATH}/ipphoney/log:/opt/ipphoney/log # Mailoney service mailoney: @@ -430,39 +430,39 @@ services: - ${TPOT_DATA_PATH}/mailoney/log:/opt/mailoney/logs # Medpot service - medpot: - container_name: medpot - restart: always - depends_on: - tpotinit: - condition: service_healthy - networks: - - medpot_local - ports: - - "2575:2575" - image: ${TPOT_REPO}/medpot:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/medpot/log/:/var/log/medpot +# medpot: +# container_name: medpot +# restart: always +# depends_on: +# tpotinit: +# condition: service_healthy +# networks: +# - medpot_local +# ports: +# - "2575:2575" +# image: ${TPOT_REPO}/medpot:${TPOT_VERSION} +# pull_policy: ${TPOT_PULL_POLICY} +# read_only: true +# volumes: +# - ${TPOT_DATA_PATH}/medpot/log/:/var/log/medpot # Miniprint service - miniprint: - container_name: miniprint - restart: always - depends_on: - tpotinit: - condition: service_healthy - networks: - - miniprint_local - ports: - - "9100:9100" - image: ${TPOT_REPO}/miniprint:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/miniprint/log/:/opt/miniprint/log/ - - ${TPOT_DATA_PATH}/miniprint/uploads/:/opt/miniprint/uploads/ +# miniprint: +# container_name: miniprint +# restart: always +# depends_on: +# tpotinit: +# condition: service_healthy +# networks: +# - miniprint_local +# ports: +# - "9100:9100" +# image: ${TPOT_REPO}/miniprint:${TPOT_VERSION} +# pull_policy: ${TPOT_PULL_POLICY} +# read_only: true +# volumes: +# - ${TPOT_DATA_PATH}/miniprint/log/:/opt/miniprint/log/ +# - ${TPOT_DATA_PATH}/miniprint/uploads/:/opt/miniprint/uploads/ # Redishoneypot service redishoneypot: From d6a1dbc40ad6db58feaaa3dc3f7291ba6f1fb4d8 Mon Sep 17 00:00:00 2001 From: pedro Date: Thu, 4 Sep 2025 19:19:10 +0200 Subject: [PATCH 2/9] Logos look and feel --- .../dist/html/assets/img/Confianza23.png | Bin 0 -> 5903 bytes docker/nginx/dist/html/index.html | 174 ++++++++++++++---- 2 files changed, 134 insertions(+), 40 deletions(-) create mode 100644 docker/nginx/dist/html/assets/img/Confianza23.png diff --git a/docker/nginx/dist/html/assets/img/Confianza23.png b/docker/nginx/dist/html/assets/img/Confianza23.png new file mode 100644 index 0000000000000000000000000000000000000000..7f88c6c5f2d479c42dab7d90bad51e6e5df454c8 GIT binary patch literal 5903 zcmV+q7x3tbP)11)d>V!GiF z5CLDT0aKj;S)}6t00010`1tw*GIjz%hyq8C0!@|!H+=&;fB|BzQI*WnuYT?e+Vg#pJ5Y=XtBxkh$N>(A@w4NmgZ#FM`J&FKF7{=tNb6002Fe zowa?0pC~?d@7It3Rkpvy)ogc|(*OYB?)P?~(_)p*wYbLWu>k1l?nzgK002S&3|+z7 z?@5cw+w1muqtvLu;X6rqxzp&OslSDer~m*s{PpAW#RolAh)`#hDo~05B5$Ix$&8@B z02*-sGlHA2%xR6dWrws*e6IjNkUMXwA7Y~bPouEb?TwPDa(S3yZX|R?R6lkbOGtV<431ApszI^%e<;#~Z zUl&H^o`f&=3g_JrUyQVR?L$H%7g#;-w!HDGm7>uWp|PKgmTKqRnm1e7QXmmXSTv%6 zM7UHw?M)5vElIn?~5DaX#u= zG+L_*kz^;AAn&$)8fUD+hvdZ?8-W16CMgV?#;U*iI2)OJivhCHwQ0Cz(a0^X`QiKw z)M*703uJ3;91U1~+&j-^z7Z-H6X234jd5cGS09lNv*+2=*Is5WLS{~sMlL#nMzYe| zm)Oqv;p6m_vql5bsI^A0AX6+{kK3z{wexQBYb<*-EWkQEnix$ZkVwFYuyQ7S8mA|l zMt<+wQ7j09h1Fuhr*YbHBE_iq?bfyh%cpUQ8X338$)|CO@@ZTo`7|z)d>R)?K8=ec zpTO)t5{uI*>eDzq{ps$)bTs_C zO{XYxe{mWd3wQU`^KSBMt=dP6i`Tqqap9xdc{lfUms)w(D~>(?iK^3A`J-!pn5?@W z`H%0MjqcrjXM+Cl?w`-Qk#COvV-k&b-t`}(Ix7|KzB@_p_%zN+<@*z9+&_`1p`_

fD?TJNU*N)uxz+ zybUYK>7|gsWt?i2ot+qDh}lC=o7?0XbFjZHZqC^SK@luBXCKmp14IWOqlsLj&PXZD z6QsQ;BXSvoF)~;+?{uu$Rle~t(0Fibk{*1*FrWNohTzc-@+>dYZKDyS=ibygNTha@ zc{a#e9W5>3si&NSW4c5)G8|yC)6*fq$Y_w4(|Q#(@z|i-gCMV`Wul%g+=8D&Dl zag`cW!f!f-H`DXT99MeXBnK{(lPD z?%()Wnq25e88Ltnv)io%1!BJjo{eP%6>Sis8n4fh#ffllMVL7zjnRVK2nk47R_$u|2+YfF(Xfx7hVE+la z^%=Ne$o+ZxcsyjzJ`ol{dee>3h8#f+g8TIqqHzw&e z&}c*c+YkP7oVpaW2j81ErPuLfu@m3Tq@f5^inZtWVQesI>iI0xZW^Q!E*}a7w@I1(qrg6izJaO0u;SQR z=Tyqa*i?xanb7c{8+FF`9A7`h652x@XS~SFbaNmP2Mil>dKPiQbZ&~XC4;yZ>c0DE z@MLD%5Ju9FImI1rQAmU20vswcK%+^9U~j?&jtg=dWL`GlfzYM7{8t(##!!zuqo0y? zmcGCunoBpYU%v@;EATo|H`|Q*86H4r%su#QsxE93^6b!x@kxxJ_#;gL-*ne#I!vF7t!O4;=dSrK?vh8X??*)6QJKI$76u zXvQTnlh<%-=?l-@A~R~vNIIbCbhjq!j^fT?c-#mYM%_ws)2N5^otD5+xKs+q3BNFJL8Ba=%c4c+5@=G= zFTuTdgSDe|9WmI~Q`&q;9~G|2d9la2fJaKxuU@%wCm7C<9Tm1jF4<4l6fm{)os%t z(H)ZQ0!Z8vHFsetXWZa)*7jkN9I|=ySeBHw$&e)zJ4FDs)NYV*rxVj&uEs1Qb9F{) zcz^-N;AKy`DabPC&@f^d4?I$W%ab!Iow+JO_uL18S!=-_4LZ;DNJHyg2n_ayU5^I6 zB4rm)7y7(W3{4+%#xEI2^vZ8t7pk^5i=kUGSo%ku*%ya;G#Ijs_C`b1Str$X z6~je?F1)S4qxWANMEfZ7&Pb)B8Ozl;p53&?5*jhi>O$3_izSm~XffdmJxJ&KZLAwi z(*p}My~?PANt6Z*5_#ghLTw24Vi?ZPcHJ51td|KRTtL$f!}QT0^PaIZIGaX0)bl!I zJx&*hZW_e%(E_SuX!ObwU;@75x=lsqWjJt=ARnaSd5Z>ZX^JcMwyVWLy@hg`7dWx8yDJNvVBgRP&4;+qymK8- z6FGs7Xv%b4NF9`GNw$&j_b0jvXxv+>upL2yhDYZ!xWoH6OZ^-rLle^X%b|mN)RaD8VnjqE(PSDai1++JqO8!d z0sh8QC{qo?PzOg5CK|uD2Ye-RDpR#u)i6j|G&b9f;Gi{;2Dx11i3U?0Jf34Sii?JF zg7=7DJEe4TX^qkV-#%zdI@_;$q@j%j$BAr@Mk+MxCC%4XXg*#^p?GT+hcV4t1|XLo^sEHfBFBG%~zTW2CIHG2YaCmGMpkFNlx# zYCPRLiiTMrn$+sWR&fh5NrmY@)Mk2oELFmGnA1))TrFy~ipAl&3i)Dj>&UA^o?!;wbph%AI(qu zqdTq^6d%Z zPfRM%6pIFCB0Uk3aTj@muM&C$s|2g7Vsb&EFYwlMjwKe#lH9o0N-HJuW!$7L5_79g zPLkWCN0hVJFj{w(%5ITGL$Ycn!ejEY(qJbBW|zqI-dSmECBpIjTq&NYG0a*%5h%6x z!C0+Cs}vUQtPrn*V|$qK1t50`Qvl1N0i!#POk!~Sn6{H~rqBx2D zkc^Eo)U?_P#Gxa^li0Y0S;s~Ume*dVR4hKJVtC0mfd-z|R>DQ2n+$hq<+VsW+ef1i zPofctm(E6_m2wU8cS#8aiv|pchjynYG_s44g@=`ZWkQA=9$96!`{xhk3ivCN2`5^$ zS~(xiGo3JwMKeEw1{&I-5hn$c7D@Y&aAmKAG-?qt{$}-5=zA3JH25Z?o(_#fE|=S{ zRQhR{@u-VNqO}isx~u&(BGgzAVJVGbGJpfgMI)O`lXxM0(z|xG)lb| ztrCE_1kiv%3}DQ_j5Ki0I_{RmfV?io$FBb1w6Zw0LK@`=_@YQhDq&DHTWG>9R}|li zM{8gx5;OPW`1fJlB#zCd0dYNCW7I9MD*7_8yL*($B9tSq-k zQg$o8vO<0cNvcFvB6}r5L(PTnL^_Fh{I3O4>Iwvju-zhPMWscmei&JftQKi2*0xuc z_ab=2j5JbSm*VuQmY2o&C>jzKGx7xJaX;rI&Z01S?sx6Yx*}^{-l@ z-+{RI+MBS7gZi#Ti%zP$A+F*XdzUNM!1l3eq&(mGL*a*sH4j7Sq^_vfaFt*N!dsKG z9wn(_GHV{LU*#}Qjm&dTMV@G+r&(^0#d!Ldp6WO%$4lLAGPyOwSH?-D;(p%4@s;q_ z+I}R_ot*P{^3><+_7?|uqoGTlmVYO9x2aI;bUL$r6;q+p@d8uILRGcX`=&rIH1KI* z&n#HF826CPzxOvJPc$U@X;sfs=!d#}8q>-H4g8#rr%N5q0d-GLnD{h?RC>n<%tH8@w2!d%Jpds$%EDKMz=;kDk6|?0b(yhEFofbU8fuPB#0;q z_|X$y^mgOcr!l1QG5q@U`}XkB!GZh9 zNl67HIx9Gi%cn6ULIY>1ay8Zah@&JOJU@K$^x5|t8*iij=a1fT5E|sDjUT>$_VnAs z1G7h1RZ_Cfa{g1%qXjg0L2qb^V=(jii(eoAKq?--V>Zmt?B*^e}54 z_csBKS+n`iZ=Zg@fdl0EnO1yZB|Un%vGLo#9vz(CJ@@hTn+Go*|M2$4cmDWbn1jb} z|M=q3d4JbO;pbmAHlCbwBhFvXe|&L4ekD literal 0 HcmV?d00001 diff --git a/docker/nginx/dist/html/index.html b/docker/nginx/dist/html/index.html index a93c3744..c25ebdf3 100644 --- a/docker/nginx/dist/html/index.html +++ b/docker/nginx/dist/html/index.html @@ -3,24 +3,45 @@ - + - - + T-Pot @@ -138,11 +230,13 @@

-
T-Pot 24.04.1
+
Confianza23 · T-Pot 24.04.1
- + + +
From 90bb45354e14233b26f69bc253cfecffe7052987 Mon Sep 17 00:00:00 2001 From: pedro Date: Mon, 8 Sep 2025 10:11:30 +0200 Subject: [PATCH 3/9] Logos look and feel --- .env | 6 +++--- .github/ISSUE_TEMPLATE/bug-report-for-t-pot.md | 8 ++++---- .../ISSUE_TEMPLATE/general-issue-for-t-pot.md | 8 ++++---- CITATION.cff | 6 +++--- README.md | 18 +++++++++--------- env.example | 6 +++--- install.sh | 2 +- installer/install/tpot.yml | 2 +- update.sh | 2 +- 9 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.env b/.env index fd39580d..b16530b5 100644 --- a/.env +++ b/.env @@ -44,7 +44,7 @@ TPOT_PERSISTENCE=on # <1-999>: Set the number of T-Pot restart cycles for logrotate. # Be mindful of this setting as the logs will use up a lot of available disk space. # In case the setting is invalid, T-Pot will default to 30 cycles. -# Remember to adjust the Elastic Search Lifecycle Policy (https://github.com/telekom-security/tpotce/?tab=readme-ov-file#log-persistence) +# Remember to adjust the Elastic Search Lifecycle Policy (https://github.com/pedro-gallego/tpotce/?tab=readme-ov-file#log-persistence) # as this setting only accounts for the honeypot logs in the ~/tpotce/data folder. TPOT_PERSISTENCE_CYCLES=30 @@ -59,7 +59,7 @@ TPOT_PERSISTENCE_CYCLES=30 # Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd ' # 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string: # "echo -n 'username:password' | base64 -w0" -# MOBILE: This will set the correct type for T-Pot Mobile (https://github.com/telekom-security/tpotmobile) +# MOBILE: This will set the correct type for T-Pot Mobile (https://github.com/pedro-gallego/tpotmobile) TPOT_TYPE=HIVE # T-Pot Hive User (only relevant for SENSOR deployment) @@ -74,7 +74,7 @@ TPOT_HIVE_USER= # contains a sAN for the HIVE IP. In scenario where the HIVE needs to be accessed via Internet, maybe with # a different NAT address, a new certificate needs to be generated before deployment that includes all the # IPs and FQDNs as sANs for logstash successfully establishing a connection to the HIVE for transmitting -# logs. Details here: https://github.com/telekom-security/tpotce?tab=readme-ov-file#distributed-deployment +# logs. Details here: https://github.com/pedro-gallego/tpotce?tab=readme-ov-file#distributed-deployment # none: This setting will disable the ssl verification check of logstash and should only be used in a testing # environment where IPs often change. It is not recommended for a production environment where trust between # HIVE and SENSOR is only established through a self signed certificate. diff --git a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md index 4e120f93..42d66a8e 100644 --- a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md +++ b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md @@ -10,10 +10,10 @@ assignees: '' # Successfully raise an issue Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue. -- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first -- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general. -- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md). -- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. +- 🔍 Use the [search function](https://github.com/pedro-gallego/tpotce/issues?utf8=%E2%9C%93&q=) first +- 🧐 Check our [Config Examples & Tutorials](https://github.com/pedro-gallego/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/pedro-gallego/tpotce/discussions) in general. +- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/pedro-gallego/tpotce/blob/master/README.md). +- ⚙️ The [Troubleshoot Section](https://github.com/pedro-gallego/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/pedro-gallego/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. - **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.
# ⚠️ Basic support information (commands are expected to run as `root`) diff --git a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md index fb65f588..ceac5583 100644 --- a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md +++ b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md @@ -10,10 +10,10 @@ assignees: '' # Successfully raise an issue Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue. -- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first -- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general. -- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md). -- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. +- 🔍 Use the [search function](https://github.com/pedro-gallego/tpotce/issues?utf8=%E2%9C%93&q=) first +- 🧐 Check our [Config Examples & Tutorials](https://github.com/pedro-gallego/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/pedro-gallego/tpotce/discussions) in general. +- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/pedro-gallego/tpotce/blob/master/README.md). +- ⚙️ The [Troubleshoot Section](https://github.com/pedro-gallego/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/pedro-gallego/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. - **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.
# ⚠️ Basic support information (commands are expected to run as `root`) diff --git a/CITATION.cff b/CITATION.cff index 3d6d8ccb..8571a644 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -13,16 +13,16 @@ authors: city: Bonn country: DE post-code: '53113' - website: 'https://github.com/telekom-security' + website: 'https://github.com/pedro-gallego' - given-names: Marco family-names: Ochse affiliation: Deutsche Telekom Security GmbH identifiers: - type: url value: >- - https://github.com/telekom-security/tpotce/releases/tag/24.04.1 + https://github.com/pedro-gallego/tpotce/releases/tag/24.04.1 description: T-Pot Release 24.04.1 -repository-code: 'https://github.com/telekom-security/tpotce' +repository-code: 'https://github.com/pedro-gallego/tpotce' abstract: >- T-Pot is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot plattform, supporting 20+ diff --git a/README.md b/README.md index 7d2d4c80..6bd22e55 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ env bash -c "$(curl -sL https://github.com/pedro-gallego/tpotce/raw/master/insta # Disclaimer - You install and run T-Pot within your responsibility. Choose your deployment wisely as a system compromise can never be ruled out. -- For fast help research the [Issues](https://github.com/telekom-security/tpotce/issues) and [Discussions](https://github.com/telekom-security/tpotce/discussions). +- For fast help research the [Issues](https://github.com/pedro-gallego/tpotce/issues) and [Discussions](https://github.com/pedro-gallego/tpotce/discussions). - The software is designed and offered with best effort in mind. As a community and open source project it uses lots of other open source software and may contain bugs and issues. Report responsibly. - Honeypots - by design - should not host any sensitive data. Make sure you don't add any. - By default, your data is submitted to [Sicherheitstacho](https://www.sicherheitstacho.eu/start/main). You can disable this in the config (`~/tpotce/docker-compose.yml`) by [removing](#community-data-submission) the `ewsposter` section. But in this case sharing really is caring! @@ -161,7 +161,7 @@ Alongside the following tools: The source code and configuration files are fully stored in the T-Pot GitHub repository. The docker images are built and preconfigured for the T-Pot environment. -The individual Dockerfiles and configurations are located in the [docker folder](https://github.com/telekom-security/tpotce/tree/master/docker). +The individual Dockerfiles and configurations are located in the [docker folder](https://github.com/pedro-gallego/tpotce/tree/master/docker).

## Services @@ -243,7 +243,7 @@ T-Pot is tested on and known to run on ... * Telekom OTC using the post install method ... others may work, but remain untested. -Some users report working installations on other clouds and hosters, i.e. Azure and GCP. Hardware requirements may be different. If you are unsure you should research [issues](https://github.com/telekom-security/tpotce/issues) and [discussions](https://github.com/telekom-security/tpotce/discussions) and run some functional tests. With T-Pot 24.04.0 and forward we made sure to remove settings that were known to interfere with cloud based installations. +Some users report working installations on other clouds and hosters, i.e. Azure and GCP. Hardware requirements may be different. If you are unsure you should research [issues](https://github.com/pedro-gallego/tpotce/issues) and [discussions](https://github.com/pedro-gallego/tpotce/discussions) and run some functional tests. With T-Pot 24.04.0 and forward we made sure to remove settings that were known to interfere with cloud based installations.

## Required Ports @@ -341,7 +341,7 @@ Once you are familiar with how things work you should choose a network you suspe

## Get and install T-Pot -1. Clone the GitHub repository: `$ git clone https://github.com/telekom-security/tpotce` or follow the [TL;DR](#tldr) and skip this section. +1. Clone the GitHub repository: `$ git clone https://github.com/pedro-gallego/tpotce` or follow the [TL;DR](#tldr) and skip this section. 2. Change into the **tpotce/** folder: `$ cd tpotce` 3. Run the installer as non-root: `$ ./install.sh`: * ⚠️ ***Depending on your Linux distribution of choice the installer will:*** @@ -356,7 +356,7 @@ Once you are familiar with how things work you should choose a network you suspe * Add `dps` and `dpsw` aliases (`grc docker ps -a`, `watch -c "grc --colour=on docker ps -a`) * Add `la`, `ll` and `ls` aliases (for `exa`, a improved `ls` command) * Add `mi` (for `micro`, a great alternative to `vi` and / or `nano`) - * Display open ports on the host (compare with T-Pot [required](https://github.com/telekom-security/tpotce#required-ports) ports) + * Display open ports on the host (compare with T-Pot [required](https://github.com/pedro-gallego/tpotce#required-ports) ports) * Add and enable `tpot.service` to `/etc/systemd/system` so T-Pot can automatically start and stop 4. Follow the installer instructions, you will have to enter your user (`sudo` or `root`) password at least once 5. Check the installer messages for errors and open ports that might cause port conflicts @@ -367,7 +367,7 @@ Once you are familiar with how things work you should choose a network you suspe Sometimes it is just nice if you can spin up a T-Pot instance on macOS or Windows, i.e. for development, testing or just the fun of it. As Docker Desktop is rather limited not all honeypot types or T-Pot features are supported. Also remember, by default the macOS and Windows firewall are blocking access from remote, so testing is limited to the host. For production it is recommended to run T-Pot on [Linux](#choose-your-distro).
To get things up and running just follow these steps: 1. Install Docker Desktop for [macOS](https://docs.docker.com/desktop/install/mac-install/) or [Windows](https://docs.docker.com/desktop/install/windows-install/). -2. Clone the GitHub repository: `git clone https://github.com/telekom-security/tpotce` (in Windows make sure the code is checked out with `LF` instead of `CRLF`!) +2. Clone the GitHub repository: `git clone https://github.com/pedro-gallego/tpotce` (in Windows make sure the code is checked out with `LF` instead of `CRLF`!) 3. Go to: `cd ~/tpotce` 4. Copy `cp compose/mac_win.yml ./docker-compose.yml` 5. Create a `WEB_USER` by running `~/tpotce/genuser.sh` (macOS) or `~/tpotce/genuserwin.ps1` (Windows) @@ -424,7 +424,7 @@ There is not much to do except to login and check via `dps` if all services and ## Distributed Deployment ### Planning and Certificates The distributed deployment involves planning as **T-Pot Init** will only create a self-signed certificate for the IP of the **Hive** host which usually is suitable for simple setups. Since **logstash** will check for a valid certificate upon connection, a distributed setup involving **Hive** to be reachable on multiple IPs (i.e. RFC 1918 and public NAT IP) and maybe even a domain name will result in a connection error where the certificate cannot be validated as such a setup needs a certificate with a common name and SANs (Subject Alternative Name).
-Before deploying any sensors make sure you have planned out domain names and IPs properly to avoid issues with the certificate. For more details see [issue #1543](https://github.com/telekom-security/tpotce/issues/1543).
+Before deploying any sensors make sure you have planned out domain names and IPs properly to avoid issues with the certificate. For more details see [issue #1543](https://github.com/pedro-gallego/tpotce/issues/1543).
Adjust the example to your IP / domain setup and follow the commands to change the certificate of **Hive**: ``` @@ -775,13 +775,13 @@ If you are a security researcher and want to responsibly report an issue please

## Issues -Please report issues (errors) on our [GitHub Issues](https://github.com/telekom-security/tpotce/issues), but [troubleshoot](#troubleshooting) first. Issues not providing information to address the error will be closed or converted into [discussions](#discussions). +Please report issues (errors) on our [GitHub Issues](https://github.com/pedro-gallego/tpotce/issues), but [troubleshoot](#troubleshooting) first. Issues not providing information to address the error will be closed or converted into [discussions](#discussions). Use the search function first, it is possible a similar issue has been addressed or discussed already, with the solution just a search away.

## Discussions -General questions, ideas, show & tell, etc. can be addressed on our [GitHub Discussions](https://github.com/telekom-security/tpotce/discussions). +General questions, ideas, show & tell, etc. can be addressed on our [GitHub Discussions](https://github.com/pedro-gallego/tpotce/discussions). Use the search function, it is possible a similar discussion has been opened already, with an answer just a search away.

diff --git a/env.example b/env.example index fd39580d..b16530b5 100644 --- a/env.example +++ b/env.example @@ -44,7 +44,7 @@ TPOT_PERSISTENCE=on # <1-999>: Set the number of T-Pot restart cycles for logrotate. # Be mindful of this setting as the logs will use up a lot of available disk space. # In case the setting is invalid, T-Pot will default to 30 cycles. -# Remember to adjust the Elastic Search Lifecycle Policy (https://github.com/telekom-security/tpotce/?tab=readme-ov-file#log-persistence) +# Remember to adjust the Elastic Search Lifecycle Policy (https://github.com/pedro-gallego/tpotce/?tab=readme-ov-file#log-persistence) # as this setting only accounts for the honeypot logs in the ~/tpotce/data folder. TPOT_PERSISTENCE_CYCLES=30 @@ -59,7 +59,7 @@ TPOT_PERSISTENCE_CYCLES=30 # Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd ' # 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string: # "echo -n 'username:password' | base64 -w0" -# MOBILE: This will set the correct type for T-Pot Mobile (https://github.com/telekom-security/tpotmobile) +# MOBILE: This will set the correct type for T-Pot Mobile (https://github.com/pedro-gallego/tpotmobile) TPOT_TYPE=HIVE # T-Pot Hive User (only relevant for SENSOR deployment) @@ -74,7 +74,7 @@ TPOT_HIVE_USER= # contains a sAN for the HIVE IP. In scenario where the HIVE needs to be accessed via Internet, maybe with # a different NAT address, a new certificate needs to be generated before deployment that includes all the # IPs and FQDNs as sANs for logstash successfully establishing a connection to the HIVE for transmitting -# logs. Details here: https://github.com/telekom-security/tpotce?tab=readme-ov-file#distributed-deployment +# logs. Details here: https://github.com/pedro-gallego/tpotce?tab=readme-ov-file#distributed-deployment # none: This setting will disable the ssl verification check of logstash and should only be used in a testing # environment where IPs often change. It is not recommended for a production environment where trust between # HIVE and SENSOR is only established through a self signed certificate. diff --git a/install.sh b/install.sh index 08479c12..c1287eff 100755 --- a/install.sh +++ b/install.sh @@ -192,7 +192,7 @@ fi if [ ! -f installer/install/tpot.yml ] && [ ! -f tpot.yml ]; then echo "### Now downloading T-Pot Ansible Installation Playbook ... " - wget -qO tpot.yml https://raw.githubusercontent.com/telekom-security/tpotce/master/installer/install/tpot.yml + wget -qO tpot.yml https://raw.githubusercontent.com/pedro-gallego/tpotce/master/installer/install/tpot.yml myANSIBLE_TPOT_PLAYBOOK="tpot.yml" echo else diff --git a/installer/install/tpot.yml b/installer/install/tpot.yml index b6fb16e8..d0cf0cfd 100644 --- a/installer/install/tpot.yml +++ b/installer/install/tpot.yml @@ -735,7 +735,7 @@ - name: Clone / Update T-Pot repository (All) git: - repo: 'https://github.com/telekom-security/tpotce' + repo: 'https://github.com/pedro-gallego/tpotce' dest: '/home/{{ ansible_user_id }}/tpotce/' version: master clone: yes diff --git a/update.sh b/update.sh index f8fa4304..25f3ea22 100755 --- a/update.sh +++ b/update.sh @@ -174,7 +174,7 @@ function fuUPDATER () { echo "### We stored the previous version as backup in $myARCHIVE." echo "### Some updates may need an import of the latest Kibana objects as well." echo "### Download the latest objects here if they recently changed:" - echo "### https://raw.githubusercontent.com/telekom-security/tpotce/master/etc/objects/kibana_export.ndjson.zip" + echo "### https://raw.githubusercontent.com/pedro-gallego/tpotce/master/etc/objects/kibana_export.ndjson.zip" echo "### Export and import the objects easily through the Kibana WebUI:" echo "### Go to Kibana > Management > Saved Objects > Export / Import" echo From 22bd1c09f3304bcd3ec4a6d0b1474c6260df43b7 Mon Sep 17 00:00:00 2001 From: pedro Date: Mon, 8 Sep 2025 20:38:52 +0200 Subject: [PATCH 4/9] Logos look and feel --- docker/nginx/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/nginx/docker-compose.yml b/docker/nginx/docker-compose.yml index af258ac6..925ded40 100644 --- a/docker/nginx/docker-compose.yml +++ b/docker/nginx/docker-compose.yml @@ -26,3 +26,4 @@ services: - $HOME/tpotce/data/nginx/cert/:/etc/nginx/cert/:ro - $HOME/tpotce/data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - $HOME/tpotce/data/nginx/log/:/var/log/nginx/ + - $HOME/tpotce/docker/nginx/dist/html:/var/lib/nginx/html:ro From 5ccbe95783b7ba3ccb5a69af50c72c23cea49a62 Mon Sep 17 00:00:00 2001 From: pedro Date: Tue, 9 Sep 2025 11:03:35 +0200 Subject: [PATCH 5/9] Logos look and feel --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 5ad37113..d60ee8a2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -838,6 +838,7 @@ services: - ${TPOT_DATA_PATH}/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - ${TPOT_DATA_PATH}/nginx/conf/lswebpasswd:/etc/nginx/lswebpasswd:ro - ${TPOT_DATA_PATH}/nginx/log/:/var/log/nginx/ + - ./docker/nginx/dist/html:/var/lib/nginx/html:ro # Spiderfoot service spiderfoot: From ed17e22d563730c51d423bd227ff1d9640a061b4 Mon Sep 17 00:00:00 2001 From: pedro Date: Tue, 9 Sep 2025 13:37:23 +0200 Subject: [PATCH 6/9] Logos look and feel --- docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index d60ee8a2..f890c8da 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -838,7 +838,8 @@ services: - ${TPOT_DATA_PATH}/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - ${TPOT_DATA_PATH}/nginx/conf/lswebpasswd:/etc/nginx/lswebpasswd:ro - ${TPOT_DATA_PATH}/nginx/log/:/var/log/nginx/ - - ./docker/nginx/dist/html:/var/lib/nginx/html:ro +# - ./docker/nginx/dist/html/index.html:/var/lib/nginx/html/index.html:ro +# - ./docker/nginx/dist/html/assets/img/:/var/lib/nginx/html/assets/img/:ro # Spiderfoot service spiderfoot: From 54ad2c8c35e1bfcda7377df8c8419f93977f96b4 Mon Sep 17 00:00:00 2001 From: pedro Date: Tue, 9 Sep 2025 13:40:42 +0200 Subject: [PATCH 7/9] Logos look and feel --- docker-compose.yml | 4 ++-- docker/nginx/dist/html/index.html | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f890c8da..aa935b51 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -838,8 +838,8 @@ services: - ${TPOT_DATA_PATH}/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - ${TPOT_DATA_PATH}/nginx/conf/lswebpasswd:/etc/nginx/lswebpasswd:ro - ${TPOT_DATA_PATH}/nginx/log/:/var/log/nginx/ -# - ./docker/nginx/dist/html/index.html:/var/lib/nginx/html/index.html:ro -# - ./docker/nginx/dist/html/assets/img/:/var/lib/nginx/html/assets/img/:ro + - ./docker/nginx/dist/html/index.html:/var/lib/nginx/html/index.html:ro + - ./docker/nginx/dist/html/assets/img/:/var/lib/nginx/html/assets/img/:ro # Spiderfoot service spiderfoot: diff --git a/docker/nginx/dist/html/index.html b/docker/nginx/dist/html/index.html index c25ebdf3..4931d114 100644 --- a/docker/nginx/dist/html/index.html +++ b/docker/nginx/dist/html/index.html @@ -230,7 +230,7 @@
-
Confianza23 · T-Pot 24.04.1
+
Confianza23 · ConfiHoney 24.04.1
@@ -242,7 +242,7 @@
Attack Map - Cyberchef + Elasticvue Kibana Spiderfoot From 86216579352559b256c5ec06f111f4a76746b7d0 Mon Sep 17 00:00:00 2001 From: pedro Date: Tue, 9 Sep 2025 13:42:01 +0200 Subject: [PATCH 8/9] Logos look and feel --- docker/nginx/dist/html/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/nginx/dist/html/index.html b/docker/nginx/dist/html/index.html index 4931d114..93ed4fd7 100644 --- a/docker/nginx/dist/html/index.html +++ b/docker/nginx/dist/html/index.html @@ -230,7 +230,7 @@
-
Confianza23 · ConfiHoney 24.04.1
+
Confianza23 · ConfiPot v24.04.1
From 1eae937354db7705f1cc06d7a4282b92b1bcdd4b Mon Sep 17 00:00:00 2001 From: pedro Date: Tue, 9 Sep 2025 13:53:03 +0200 Subject: [PATCH 9/9] Logos look and feel --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6bd22e55..78c81d15 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,7 @@ -# T-Pot - The All In One Multi Honeypot Platform +# ConfiPot23- The All In One Multi Honeypot Platform -![T-Pot](doc/tpotsocial.png) -T-Pot is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot plattform, supporting 20+ honeypots and countless visualization options using the Elastic Stack, animated live attack maps and lots of security tools to further improve the deception experience. +ConfiPot23 is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot plattform, supporting 20+ honeypots and countless visualization options using the Elastic Stack, animated live attack maps and lots of security tools to further improve the deception experience.

# TL;DR