Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-10-13 20:09:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #1 from pedro-gallego/customer/250804

Browse source 
customer/250804
This commit is contained in:
pedro-gallego 2025-09-09 13:57:14 +02:00 committed by GitHub
commit 3c022ca29b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 248 additions and 152 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.env
View file

@ -44,7 +44,7 @@ TPOT_PERSISTENCE=on
# <1-999>: Set the number of T-Pot restart cycles for logrotate.
# Be mindful of this setting as the logs will use up a lot of available disk space.
# In case the setting is invalid, T-Pot will default to 30 cycles.
# Remember to adjust the Elastic Search Lifecycle Policy (https://github.com/telekom-security/tpotce/?tab=readme-ov-file#log-persistence)
# Remember to adjust the Elastic Search Lifecycle Policy (https://github.com/pedro-gallego/tpotce/?tab=readme-ov-file#log-persistence)
# as this setting only accounts for the honeypot logs in the ~/tpotce/data folder.
TPOT_PERSISTENCE_CYCLES=30
@ -59,7 +59,7 @@ TPOT_PERSISTENCE_CYCLES=30
# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
# "echo -n 'username:password' | base64 -w0"
# MOBILE: This will set the correct type for T-Pot Mobile (https://github.com/telekom-security/tpotmobile)
# MOBILE: This will set the correct type for T-Pot Mobile (https://github.com/pedro-gallego/tpotmobile)
TPOT_TYPE=HIVE
# T-Pot Hive User (only relevant for SENSOR deployment)
@ -74,7 +74,7 @@ TPOT_HIVE_USER=
# contains a sAN for the HIVE IP. In scenario where the HIVE needs to be accessed via Internet, maybe with
# a different NAT address, a new certificate needs to be generated before deployment that includes all the
# IPs and FQDNs as sANs for logstash successfully establishing a connection to the HIVE for transmitting
# logs. Details here: https://github.com/telekom-security/tpotce?tab=readme-ov-file#distributed-deployment
# logs. Details here: https://github.com/pedro-gallego/tpotce?tab=readme-ov-file#distributed-deployment
# none: This setting will disable the ssl verification check of logstash and should only be used in a testing
# environment where IPs often change. It is not recommended for a production environment where trust between
# HIVE and SENSOR is only established through a self signed certificate.

8
.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md vendored
View file

@ -10,10 +10,10 @@ assignees: ''
# Successfully raise an issue
Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first
- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general.
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md).
- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
- 🔍 Use the [search function](https://github.com/pedro-gallego/tpotce/issues?utf8=%E2%9C%93&q=) first
- 🧐 Check our [Config Examples & Tutorials](https://github.com/pedro-gallego/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/pedro-gallego/tpotce/discussions) in general.
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/pedro-gallego/tpotce/blob/master/README.md).
- ⚙️ The [Troubleshoot Section](https://github.com/pedro-gallego/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/pedro-gallego/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
# ⚠️ Basic support information (commands are expected to run as `root`)

8
.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md vendored
View file

@ -10,10 +10,10 @@ assignees: ''
# Successfully raise an issue
Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first
- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general.
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md).
- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
- 🔍 Use the [search function](https://github.com/pedro-gallego/tpotce/issues?utf8=%E2%9C%93&q=) first
- 🧐 Check our [Config Examples & Tutorials](https://github.com/pedro-gallego/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/pedro-gallego/tpotce/discussions) in general.
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/pedro-gallego/tpotce/blob/master/README.md).
- ⚙️ The [Troubleshoot Section](https://github.com/pedro-gallego/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/pedro-gallego/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
# ⚠️ Basic support information (commands are expected to run as `root`)

6
CITATION.cff
View file

@ -13,16 +13,16 @@ authors:
city: Bonn
country: DE
post-code: '53113'
website: 'https://github.com/telekom-security'
website: 'https://github.com/pedro-gallego'
- given-names: Marco
family-names: Ochse
affiliation: Deutsche Telekom Security GmbH
identifiers:
- type: url
value: >-
https://github.com/telekom-security/tpotce/releases/tag/24.04.1
https://github.com/pedro-gallego/tpotce/releases/tag/24.04.1
description: T-Pot Release 24.04.1
repository-code: 'https://github.com/telekom-security/tpotce'
repository-code: 'https://github.com/pedro-gallego/tpotce'
abstract: >-
T-Pot is the all in one, optionally distributed, multiarch
(amd64, arm64) honeypot plattform, supporting 20+

23
README.md
View file

@ -1,8 +1,7 @@
# T-Pot - The All In One Multi Honeypot Platform
# ConfiPot23- The All In One Multi Honeypot Platform
![T-Pot](doc/tpotsocial.png)
T-Pot is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot plattform, supporting 20+ honeypots and countless visualization options using the Elastic Stack, animated live attack maps and lots of security tools to further improve the deception experience.
ConfiPot23 is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot plattform, supporting 20+ honeypots and countless visualization options using the Elastic Stack, animated live attack maps and lots of security tools to further improve the deception experience.
<br><br>
# TL;DR
@ -98,7 +97,7 @@ env bash -c "$(curl -sL https://github.com/pedro-gallego/tpotce/raw/master/insta
# Disclaimer
- You install and run T-Pot within your responsibility. Choose your deployment wisely as a system compromise can never be ruled out.
- For fast help research the [Issues](https://github.com/telekom-security/tpotce/issues) and [Discussions](https://github.com/telekom-security/tpotce/discussions).
- For fast help research the [Issues](https://github.com/pedro-gallego/tpotce/issues) and [Discussions](https://github.com/pedro-gallego/tpotce/discussions).
- The software is designed and offered with best effort in mind. As a community and open source project it uses lots of other open source software and may contain bugs and issues. Report responsibly.
- Honeypots - by design - should not host any sensitive data. Make sure you don't add any.
- By default, your data is submitted to [Sicherheitstacho](https://www.sicherheitstacho.eu/start/main). You can disable this in the config (`~/tpotce/docker-compose.yml`) by [removing](#community-data-submission) the `ewsposter` section. But in this case sharing really is caring!
@ -161,7 +160,7 @@ Alongside the following tools:
The source code and configuration files are fully stored in the T-Pot GitHub repository. The docker images are built and preconfigured for the T-Pot environment.
The individual Dockerfiles and configurations are located in the [docker folder](https://github.com/telekom-security/tpotce/tree/master/docker).
The individual Dockerfiles and configurations are located in the [docker folder](https://github.com/pedro-gallego/tpotce/tree/master/docker).
<br><br>
## Services
@ -243,7 +242,7 @@ T-Pot is tested on and known to run on ...
* Telekom OTC using the post install method
... others may work, but remain untested.
Some users report working installations on other clouds and hosters, i.e. Azure and GCP. Hardware requirements may be different. If you are unsure you should research [issues](https://github.com/telekom-security/tpotce/issues) and [discussions](https://github.com/telekom-security/tpotce/discussions) and run some functional tests. With T-Pot 24.04.0 and forward we made sure to remove settings that were known to interfere with cloud based installations.
Some users report working installations on other clouds and hosters, i.e. Azure and GCP. Hardware requirements may be different. If you are unsure you should research [issues](https://github.com/pedro-gallego/tpotce/issues) and [discussions](https://github.com/pedro-gallego/tpotce/discussions) and run some functional tests. With T-Pot 24.04.0 and forward we made sure to remove settings that were known to interfere with cloud based installations.
<br><br>
## Required Ports
@ -341,7 +340,7 @@ Once you are familiar with how things work you should choose a network you suspe
<br><br>
## Get and install T-Pot
1. Clone the GitHub repository: `$ git clone https://github.com/telekom-security/tpotce` or follow the [TL;DR](#tldr) and skip this section.
1. Clone the GitHub repository: `$ git clone https://github.com/pedro-gallego/tpotce` or follow the [TL;DR](#tldr) and skip this section.
2. Change into the **tpotce/** folder: `$ cd tpotce`
3. Run the installer as non-root: `$ ./install.sh`:
* ⚠️ ***Depending on your Linux distribution of choice the installer will:***
@ -356,7 +355,7 @@ Once you are familiar with how things work you should choose a network you suspe
* Add `dps` and `dpsw` aliases (`grc docker ps -a`, `watch -c "grc --colour=on docker ps -a`)
* Add `la`, `ll` and `ls` aliases (for `exa`, a improved `ls` command)
* Add `mi` (for `micro`, a great alternative to `vi` and / or `nano`)
* Display open ports on the host (compare with T-Pot [required](https://github.com/telekom-security/tpotce#required-ports) ports)
* Display open ports on the host (compare with T-Pot [required](https://github.com/pedro-gallego/tpotce#required-ports) ports)
* Add and enable `tpot.service` to `/etc/systemd/system` so T-Pot can automatically start and stop
4. Follow the installer instructions, you will have to enter your user (`sudo` or `root`) password at least once
5. Check the installer messages for errors and open ports that might cause port conflicts
@ -367,7 +366,7 @@ Once you are familiar with how things work you should choose a network you suspe
Sometimes it is just nice if you can spin up a T-Pot instance on macOS or Windows, i.e. for development, testing or just the fun of it. As Docker Desktop is rather limited not all honeypot types or T-Pot features are supported. Also remember, by default the macOS and Windows firewall are blocking access from remote, so testing is limited to the host. For production it is recommended to run T-Pot on [Linux](#choose-your-distro).<br>
To get things up and running just follow these steps:
1. Install Docker Desktop for [macOS](https://docs.docker.com/desktop/install/mac-install/) or [Windows](https://docs.docker.com/desktop/install/windows-install/).
2. Clone the GitHub repository: `git clone https://github.com/telekom-security/tpotce` (in Windows make sure the code is checked out with `LF` instead of `CRLF`!)
2. Clone the GitHub repository: `git clone https://github.com/pedro-gallego/tpotce` (in Windows make sure the code is checked out with `LF` instead of `CRLF`!)
3. Go to: `cd ~/tpotce`
4. Copy `cp compose/mac_win.yml ./docker-compose.yml`
5. Create a `WEB_USER` by running `~/tpotce/genuser.sh` (macOS) or `~/tpotce/genuserwin.ps1` (Windows)
@ -424,7 +423,7 @@ There is not much to do except to login and check via `dps` if all services and
## Distributed Deployment
### Planning and Certificates
The distributed deployment involves planning as **T-Pot Init** will only create a self-signed certificate for the IP of the **Hive** host which usually is suitable for simple setups. Since **logstash** will check for a valid certificate upon connection, a distributed setup involving **Hive** to be reachable on multiple IPs (i.e. RFC 1918 and public NAT IP) and maybe even a domain name will result in a connection error where the certificate cannot be validated as such a setup needs a certificate with a common name and SANs (Subject Alternative Name).<br>
Before deploying any sensors make sure you have planned out domain names and IPs properly to avoid issues with the certificate. For more details see [issue #1543](https://github.com/telekom-security/tpotce/issues/1543).<br>
Before deploying any sensors make sure you have planned out domain names and IPs properly to avoid issues with the certificate. For more details see [issue #1543](https://github.com/pedro-gallego/tpotce/issues/1543).<br>
Adjust the example to your IP / domain setup and follow the commands to change the certificate of **Hive**:
```
@ -775,13 +774,13 @@ If you are a security researcher and want to responsibly report an issue please
<br><br>
## Issues
Please report issues (errors) on our [GitHub Issues](https://github.com/telekom-security/tpotce/issues), but [troubleshoot](#troubleshooting) first. Issues not providing information to address the error will be closed or converted into [discussions](#discussions).
Please report issues (errors) on our [GitHub Issues](https://github.com/pedro-gallego/tpotce/issues), but [troubleshoot](#troubleshooting) first. Issues not providing information to address the error will be closed or converted into [discussions](#discussions).
Use the search function first, it is possible a similar issue has been addressed or discussed already, with the solution just a search away.
<br><br>
## Discussions
General questions, ideas, show & tell, etc. can be addressed on our [GitHub Discussions](https://github.com/telekom-security/tpotce/discussions).
General questions, ideas, show & tell, etc. can be addressed on our [GitHub Discussions](https://github.com/pedro-gallego/tpotce/discussions).
Use the search function, it is possible a similar discussion has been opened already, with an answer just a search away.
<br><br>

160
docker-compose.yml
View file

@ -59,22 +59,22 @@ services:
##################
# Adbhoney service
adbhoney:
container_name: adbhoney
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- adbhoney_local
ports:
- "5555:5555"
image: ${TPOT_REPO}/adbhoney:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/adbhoney/log:/opt/adbhoney/log
- ${TPOT_DATA_PATH}/adbhoney/downloads:/opt/adbhoney/dl
# adbhoney:
# container_name: adbhoney
# restart: always
# depends_on:
# tpotinit:
# condition: service_healthy
# networks:
# - adbhoney_local
# ports:
# - "5555:5555"
# image: ${TPOT_REPO}/adbhoney:${TPOT_VERSION}
# pull_policy: ${TPOT_PULL_POLICY}
# read_only: true
# volumes:
# - ${TPOT_DATA_PATH}/adbhoney/log:/opt/adbhoney/log
# - ${TPOT_DATA_PATH}/adbhoney/downloads:/opt/adbhoney/dl
# Ciscoasa service
ciscoasa:
@ -226,23 +226,23 @@ services:
# Get the Horos Client for testing: https://horosproject.org/
# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
dicompot:
container_name: dicompot
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- dicompot_local
ports:
- "104:11112"
- "11112:11112"
image: ${TPOT_REPO}/dicompot:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/dicompot/log:/var/log/dicompot
# - ${TPOT_DATA_PATH}/dicompot/images:/opt/dicompot/images
# dicompot:
# container_name: dicompot
# restart: always
# depends_on:
# tpotinit:
# condition: service_healthy
# networks:
# - dicompot_local
# ports:
# - "104:11112"
# - "11112:11112"
# image: ${TPOT_REPO}/dicompot:${TPOT_VERSION}
# pull_policy: ${TPOT_PULL_POLICY}
# read_only: true
# volumes:
# - ${TPOT_DATA_PATH}/dicompot/log:/var/log/dicompot
## - ${TPOT_DATA_PATH}/dicompot/images:/opt/dicompot/images
# Dionaea service
dionaea:
@ -393,21 +393,21 @@ services:
- ${TPOT_DATA_PATH}/honeytrap/log:/opt/honeytrap/var/log
# Ipphoney service
ipphoney:
container_name: ipphoney
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- ipphoney_local
ports:
- "631:631"
image: ${TPOT_REPO}/ipphoney:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/ipphoney/log:/opt/ipphoney/log
# ipphoney:
# container_name: ipphoney
# restart: always
# depends_on:
# tpotinit:
# condition: service_healthy
# networks:
# - ipphoney_local
# ports:
# - "631:631"
# image: ${TPOT_REPO}/ipphoney:${TPOT_VERSION}
# pull_policy: ${TPOT_PULL_POLICY}
# read_only: true
# volumes:
# - ${TPOT_DATA_PATH}/ipphoney/log:/opt/ipphoney/log
# Mailoney service
mailoney:
@ -430,39 +430,39 @@ services:
- ${TPOT_DATA_PATH}/mailoney/log:/opt/mailoney/logs
# Medpot service
medpot:
container_name: medpot
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- medpot_local
ports:
- "2575:2575"
image: ${TPOT_REPO}/medpot:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/medpot/log/:/var/log/medpot
# medpot:
# container_name: medpot
# restart: always
# depends_on:
# tpotinit:
# condition: service_healthy
# networks:
# - medpot_local
# ports:
# - "2575:2575"
# image: ${TPOT_REPO}/medpot:${TPOT_VERSION}
# pull_policy: ${TPOT_PULL_POLICY}
# read_only: true
# volumes:
# - ${TPOT_DATA_PATH}/medpot/log/:/var/log/medpot
# Miniprint service
miniprint:
container_name: miniprint
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- miniprint_local
ports:
- "9100:9100"
image: ${TPOT_REPO}/miniprint:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/miniprint/log/:/opt/miniprint/log/
- ${TPOT_DATA_PATH}/miniprint/uploads/:/opt/miniprint/uploads/
# miniprint:
# container_name: miniprint
# restart: always
# depends_on:
# tpotinit:
# condition: service_healthy
# networks:
# - miniprint_local
# ports:
# - "9100:9100"
# image: ${TPOT_REPO}/miniprint:${TPOT_VERSION}
# pull_policy: ${TPOT_PULL_POLICY}
# read_only: true
# volumes:
# - ${TPOT_DATA_PATH}/miniprint/log/:/opt/miniprint/log/
# - ${TPOT_DATA_PATH}/miniprint/uploads/:/opt/miniprint/uploads/
# Redishoneypot service
redishoneypot:
@ -838,6 +838,8 @@ services:
- ${TPOT_DATA_PATH}/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- ${TPOT_DATA_PATH}/nginx/conf/lswebpasswd:/etc/nginx/lswebpasswd:ro
- ${TPOT_DATA_PATH}/nginx/log/:/var/log/nginx/
- ./docker/nginx/dist/html/index.html:/var/lib/nginx/html/index.html:ro
- ./docker/nginx/dist/html/assets/img/:/var/lib/nginx/html/assets/img/:ro
# Spiderfoot service
spiderfoot:

BIN
docker/nginx/dist/html/assets/img/Confianza23.png vendored Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 5.8 KiB

176
docker/nginx/dist/html/index.html vendored
View file

@ -3,24 +3,45 @@
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'self'; object-src 'none'">
<meta charset="UTF-8">
<!--Setup Font Awesome-->
<!-- Font Awesome local -->
<link href="assets/fonts/awesome/css/all.css" rel="stylesheet">
<!--Setup Particles, Particles Conf, Clock-->
<!-- Check integrity: openssl dgst -sha384 -binary your.file.name | openssl base64 -A-->
<!-- Particles, Config y Clock (local) -->
<script src="assets/js/particles.min.js" defer integrity="sha384-d+UOwmNNIC7V4izkTAKSXzWhjC2GxiS9PTykO1XdOPC3nc2z65UOS7SP6QdKPA70" crossorigin="anonymous"></script>
<script src="assets/js/particles_conf.js" defer integrity="sha384-0191YAiOrh905UCYh44ZxeO+pKbvuEOIDEmo3F6qHKDL8FO8s66r6P2w8NGMWp7I" crossorigin="anonymous"></script>
<script src="assets/js/clock.js" defer integrity="sha384-ymJnuq0yExd1vCEQFQAvYDv0IWfHL1XJYSRt2nyK73ofjF6GzG5baOjLN1dLkGLI" crossorigin="anonymous"></script>
<title>T-Pot</title>
<style>
/* russo-one-regular - latin */
/* === Paleta Confianza23 ===
Azul oscuro: #003366
Azul medio: #00539A
Azul claro: #0A79D1
Acento (bandera): #E31E24 (rojo) / #F7C600 (amarillo) — usar muy sutil
*/
/* russo-one-regular - latin (local) */
@font-face {
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
font-display: swap;
font-family: 'Russo One';
font-style: normal;
font-weight: 400;
src: url('assets/fonts/russo-one-v16-latin-regular.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
src: url('assets/fonts/russo-one-v16-latin-regular.woff2') format('woff2');
}
:root{
--c23-dark:#003366;
--c23-mid:#00539A;
--c23-light:#0A79D1;
--c23-bg:#0b1220; /* fondo base muy oscuro azulado */
--c23-panel: rgba(255,255,255,0.08);
--c23-panel-hover: rgba(255,255,255,0.12);
--c23-text:#EAF2FF;
--c23-muted:#A9C4E6;
--c23-shadow: rgba(10,121,209,0.45);
}
*{ box-sizing: border-box; }
body, html {
margin: 0;
padding: 0;
@ -30,25 +51,47 @@
justify-content: center;
align-items: center;
overflow: hidden;
background-color: #000;
font-family: 'Russo One', normal;
/* Fondo con gradiente corporativo + fallback color */
background: var(--c23-bg);
background-image: radial-gradient(1200px 600px at 80% 30%, rgba(10,121,209,0.18), transparent 60%),
radial-gradient(900px 500px at 20% 70%, rgba(0,83,154,0.22), transparent 60%),
linear-gradient(180deg, #091326 0%, #070C17 100%);
color: var(--c23-text);
font-family: 'Russo One', system-ui, -apple-system, Segoe UI, Roboto, Ubuntu, Cantarell, 'Helvetica Neue', Arial, sans-serif;
letter-spacing: .2px;
}
/* Cabecera (reutiliza estructura original) */
.header-container {
display: flex;
justify-content: space-between;
align-items: center;
position: absolute;
top: 0px;
top: 0;
left: 20px;
right: 20px;
padding: 14px 10px;
border-bottom: 1px solid rgba(255,255,255,0.06);
backdrop-filter: blur(6px);
}
.clock-container, .dynamic-text {
color: #e20074;
font-size: 72px;
color: var(--c23-light);
font-size: 64px;
line-height: 1;
text-shadow: 0 0 14px rgba(10,121,209,0.35);
}
.dynamic-text {
/* Subtítulo versión */
.dynamic-text{
text-align: right;
color: var(--c23-muted);
font-size: 40px;
text-shadow: none;
}
/* Contenedor de logo centrado a la derecha (igual estructura) */
.logo-container {
width: 100%;
display: flex;
@ -56,79 +99,128 @@
position: absolute;
top: 45%;
transform: translateY(-50%);
pointer-events: none;
}
.logo {
width: 25vw;
width: 26vw;
max-width: 520px;
height: auto;
position: relative;
opacity: 0.9;
right: 10%;
z-index: 1;
opacity: 0.92;
filter: drop-shadow(0 10px 24px rgba(0,0,0,0.35));
}
/* Partículas por detrás */
#particles-js {
position: absolute;
width: 100%;
height: 100%;
z-index: 1;
}
/* Cajones de enlaces (misma estructura y enlaces) */
.boxes-container {
display: flex;
justify-content: flex-start;
position: absolute;
bottom: 50px;
bottom: 48px;
left: 20px;
padding: 0 20px;
gap: 20px;
z-index: 10;
}
.link-box {
margin: 0 10px;
padding: 20px;
padding-top: 60px;
background: rgba(51, 51, 51, 0.3);
border-radius: 20px;
padding: 22px;
padding-top: 64px;
background: var(--c23-panel);
border: 1px solid rgba(255,255,255,0.08);
border-radius: 16px;
text-align: center;
transition: box-shadow 0.5s ease;
transition: box-shadow 280ms ease, background 220ms ease, transform 180ms ease;
z-index: 10;
box-sizing: border-box;
position: relative;
width: 400px; /* Adjust as needed */
width: 400px;
min-height: 500px;
max-width: 100%;
display: flex;
flex-direction: column;
justify-content: top;
justify-content: flex-start;
align-items: center;
backdrop-filter: blur(6px);
}
/* Títulos con iconos (no se tocan los data-caption ni clases) */
.links-box::before, .tools-box::before {
font-family: 'FontAwesome';
content: attr(data-caption);
position: absolute;
top: -20px;
top: -24px;
left: 50%;
transform: translateX(-50%);
background: transparent;
color: #FFF;
padding: 0 10px;
font-size: 36px;
white-space: nowrap;
background: linear-gradient(90deg, var(--c23-dark), var(--c23-mid));
color: #fff;
padding: 6px 14px;
font-size: 28px;
border-radius: 999px;
border: 1px solid rgba(255,255,255,0.10);
box-shadow: 0 6px 18px var(--c23-shadow);
}
.link-box:hover {
box-shadow: 0 0 15px 5px rgba(226, 0, 116, 0.6);
background: rgba(51, 51, 51, 0.3);
box-shadow: 0 12px 32px var(--c23-shadow);
background: var(--c23-panel-hover);
transform: translateY(-2px);
}
.link-box:hover::before {
color: #e20074;
transition: color 0.5s ease;
background: linear-gradient(90deg, var(--c23-mid), var(--c23-light));
}
.link {
display: block;
color: #FFF;
color: var(--c23-text);
text-decoration: none;
margin: 10px 0;
font-size: 42px;
transition: color 0.5s ease;
margin: 12px 0;
font-size: 36px;
line-height: 1.25;
transition: color 200ms ease, transform 120ms ease;
text-shadow: 0 1px 0 rgba(0,0,0,0.2);
}
.link:hover {
color: #e20074;
color: var(--c23-light);
transform: translateY(-1px);
}
/* Micro-detalle de acento “bandera” en la parte baja de las cajas */
.link-box::after{
content: "";
position: absolute;
bottom: 10px; left: 50%;
transform: translateX(-50%);
width: 46px; height: 4px;
background: linear-gradient(90deg, #E31E24 0 50%, #F7C600 50% 100%);
border-radius: 2px;
opacity: .85;
}
/* Responsivo básico */
@media (max-width: 1200px){
.clock-container{ font-size: 48px; }
.dynamic-text{ font-size: 28px; }
.logo{ width: 38vw; right: 6%; }
.link{ font-size: 28px; }
.link-box{ width: 340px; min-height: 440px; }
}
@media (max-width: 860px){
.boxes-container{ flex-direction: column; left: 50%; transform: translateX(-50%); }
.link-box{ width: 86vw; }
.logo{ display:none; }
}
</style>
</head>
@ -138,17 +230,19 @@
<div class="header-container">
<div class="clock-container" id="clock"></div>
<div class="dynamic-text">T-Pot 24.04.1</div>
<div class="dynamic-text">Confianza23 · ConfiPot v24.04.1</div>
</div>
<div class="logo-container">
<img src="assets/img/logo.webp" alt="T-Pot Logo" class="logo">
<!-- OPCIONAL: cambia a tu logo corporativo si ya lo tienes en assets -->
<!-- <img src="assets/img/confianza23_logo.png" alt="Confianza23" class="logo"> -->
<img src="assets/img/Confianza23.png" alt="C23 Logo" class="logo">
</div>
<div class="boxes-container">
<div class="link-box tools-box" data-caption="&#xf085;">
<a href="/map/" class="link" target="_blank">Attack Map</a>
<a href="/cyberchef/" class="link" target="_blank">Cyberchef</a>
<!-- <a href="/cyberchef/" class="link" target="_blank">Cyberchef</a>-->
<a href="/elasticvue/" class="link" target="_blank">Elasticvue</a>
<a href="/kibana/" class="link" target="_blank">Kibana</a>
<a href="/spiderfoot/" class="link" target="_blank">Spiderfoot</a>

1
docker/nginx/docker-compose.yml
View file

@ -26,3 +26,4 @@ services:
- $HOME/tpotce/data/nginx/cert/:/etc/nginx/cert/:ro
- $HOME/tpotce/data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- $HOME/tpotce/data/nginx/log/:/var/log/nginx/
- $HOME/tpotce/docker/nginx/dist/html:/var/lib/nginx/html:ro

6
env.example
View file

@ -44,7 +44,7 @@ TPOT_PERSISTENCE=on
# <1-999>: Set the number of T-Pot restart cycles for logrotate.
# Be mindful of this setting as the logs will use up a lot of available disk space.
# In case the setting is invalid, T-Pot will default to 30 cycles.
# Remember to adjust the Elastic Search Lifecycle Policy (https://github.com/telekom-security/tpotce/?tab=readme-ov-file#log-persistence)
# Remember to adjust the Elastic Search Lifecycle Policy (https://github.com/pedro-gallego/tpotce/?tab=readme-ov-file#log-persistence)
# as this setting only accounts for the honeypot logs in the ~/tpotce/data folder.
TPOT_PERSISTENCE_CYCLES=30
@ -59,7 +59,7 @@ TPOT_PERSISTENCE_CYCLES=30
# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
# "echo -n 'username:password' | base64 -w0"
# MOBILE: This will set the correct type for T-Pot Mobile (https://github.com/telekom-security/tpotmobile)
# MOBILE: This will set the correct type for T-Pot Mobile (https://github.com/pedro-gallego/tpotmobile)
TPOT_TYPE=HIVE
# T-Pot Hive User (only relevant for SENSOR deployment)
@ -74,7 +74,7 @@ TPOT_HIVE_USER=
# contains a sAN for the HIVE IP. In scenario where the HIVE needs to be accessed via Internet, maybe with
# a different NAT address, a new certificate needs to be generated before deployment that includes all the
# IPs and FQDNs as sANs for logstash successfully establishing a connection to the HIVE for transmitting
# logs. Details here: https://github.com/telekom-security/tpotce?tab=readme-ov-file#distributed-deployment
# logs. Details here: https://github.com/pedro-gallego/tpotce?tab=readme-ov-file#distributed-deployment
# none: This setting will disable the ssl verification check of logstash and should only be used in a testing
# environment where IPs often change. It is not recommended for a production environment where trust between
# HIVE and SENSOR is only established through a self signed certificate.

2
install.sh
View file

@ -192,7 +192,7 @@ fi
if [ ! -f installer/install/tpot.yml ] && [ ! -f tpot.yml ];
then
echo "### Now downloading T-Pot Ansible Installation Playbook ... "
wget -qO tpot.yml https://raw.githubusercontent.com/telekom-security/tpotce/master/installer/install/tpot.yml
wget -qO tpot.yml https://raw.githubusercontent.com/pedro-gallego/tpotce/master/installer/install/tpot.yml
myANSIBLE_TPOT_PLAYBOOK="tpot.yml"
echo
else

2
installer/install/tpot.yml
View file

@ -735,7 +735,7 @@
- name: Clone / Update T-Pot repository (All)
git:
repo: 'https://github.com/telekom-security/tpotce'
repo: 'https://github.com/pedro-gallego/tpotce'
dest: '/home/{{ ansible_user_id }}/tpotce/'
version: master
clone: yes

2
update.sh
View file

@ -174,7 +174,7 @@ function fuUPDATER () {
echo "### We stored the previous version as backup in $myARCHIVE."
echo "### Some updates may need an import of the latest Kibana objects as well."
echo "### Download the latest objects here if they recently changed:"
echo "### https://raw.githubusercontent.com/telekom-security/tpotce/master/etc/objects/kibana_export.ndjson.zip"
echo "### https://raw.githubusercontent.com/pedro-gallego/tpotce/master/etc/objects/kibana_export.ndjson.zip"
echo "### Export and import the objects easily through the Kibana WebUI:"
echo "### Go to Kibana > Management > Saved Objects > Export / Import"
echo