Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 12:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tweaking for docker-compose

Browse source 
get rid of self-check scripts, docker-compose takes care of that now
use tpot.yml config for tpot scripts
wipe crontab clean of legacy scripts
check.lock no longer needed (rc.local)
adjust installer (invisible cursor, get image info from tpot.yml, some tweaking)
This commit is contained in:
Marco Ochse 2017-05-01 19:03:27 +00:00
parent 365e1a1e5c
commit 3de02ee7b0
14 changed files with 23 additions and 245 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
installer/bin/backup_es_folders.sh
View file

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
# Backup all ES relevant folders
# Make sure ES is available # Make sure ES is available
myES="http://127.0.0.1:64298/" myES="http://127.0.0.1:64298/"
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)

41
installer/bin/check.sh
View file

@ -1,41 +0,0 @@
#!/bin/bash
########################################################
# T-Pot #
# Check container and services script #
# #
# v16.10.0 by mo, DTAG, 2016-05-12 #
########################################################
if [ -a /var/run/check.lock ];
then
echo "Lock exists. Exiting now."
exit
fi
myIMAGES=$(cat /etc/tpot/images.conf)
touch /var/run/check.lock
myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
for i in $myIMAGES
do
if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ] && [ "$i" != "spiderfoot" ];
then
myCIDSTATUS=$(docker exec $i supervisorctl status)
if [ $? -ne 0 ];
then
myCIDSTATUS=1
else
myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)")
fi
if [ $myUPTIME -gt 4 ] && [ $myCIDSTATUS -gt 0 ];
then
echo "Restarting "$i"."
systemctl stop $i
sleep 5
systemctl start $i
fi
fi
done
rm /var/run/check.lock

8
installer/bin/clean.sh
View file

@ -1,11 +1,5 @@
#!/bin/bash #!/bin/bash
# T-Pot Container Data Cleaner
########################################################
# T-Pot #
# Container Data Cleaner #
# #
# v16.10.0 by mo, DTAG, 2016-05-28 #
########################################################
# Set persistence # Set persistence
myPERSISTENCE=$1 myPERSISTENCE=$1

76
installer/bin/dcres.sh
View file

@ -1,76 +0,0 @@
#!/bin/bash
########################################################
# T-Pot #
# Container and services restart script #
# #
# v16.10.0 by mo, DTAG, 2016-05-12 #
########################################################
myCOUNT=1
while true
do
if ! [ -a /var/run/check.lock ];
then break
fi
sleep 0.1
if [ "$myCOUNT" = "1" ];
then
echo -n "Waiting for services "
else echo -n .
fi
if [ "$myCOUNT" = "6000" ];
then
echo
echo "Overriding check.lock"
rm /var/run/check.lock
break
fi
myCOUNT=$[$myCOUNT +1]
done
myIMAGES=$(cat /etc/tpot/images.conf)
touch /var/run/check.lock
myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
if [ $myUPTIME -gt 4 ];
then
for i in $myIMAGES
do
systemctl stop $i
done
echo "### Waiting 10 seconds before restarting docker ..."
sleep 10
iptables -w -F
systemctl restart docker
while true
do
docker info > /dev/null
if [ $? -ne 0 ];
then
echo Docker daemon is still starting.
else
echo Docker daemon is now available.
break
fi
sleep 0.1
done
echo "### Docker is now up and running again."
echo "### Removing obsolete container data ..."
docker rm -v $(docker ps -aq)
echo "### Removing obsolete image data ..."
docker rmi $(docker images | grep "<none>" | awk '{print $3}')
echo "### Starting T-Pot services ..."
for i in $myIMAGES
do
systemctl start $i
done
sleep 5
else
echo "### T-Pot needs to be up and running for at least 5 minutes."
fi
rm /var/run/check.lock
/etc/rc.local

4
installer/bin/dps.sh
View file

@ -1,5 +1,5 @@
#/bin/bash #/bin/bash
# Show current status of all running containers
# Let's ensure normal operation on exit or if interrupted ... # Let's ensure normal operation on exit or if interrupted ...
function fuCLEANUP { function fuCLEANUP {
stty sane stty sane
@ -7,8 +7,6 @@ function fuCLEANUP {
trap fuCLEANUP EXIT trap fuCLEANUP EXIT
stty -echo -icanon time 0 min 0 stty -echo -icanon time 0 min 0
#myIMAGES=$(cat /etc/tpot/images.conf)
#myIMAGES=$(/usr/bin/docker ps -a -f name=$i --format "table {{.Names}}" | grep -v NAMES)
myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2) myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2)
while true while true
do do

1
installer/bin/dump_es.sh
View file

@ -1,4 +1,5 @@
#/bin/bash #/bin/bash
# Dump all ES data
# Make sure ES is available # Make sure ES is available
myES="http://127.0.0.1:64298/" myES="http://127.0.0.1:64298/"
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)

1
installer/bin/export_kibana-objects.sh
View file

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
# Export all Kibana objects
# Make sure ES is available # Make sure ES is available
myES="http://127.0.0.1:64298/" myES="http://127.0.0.1:64298/"
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)

1
installer/bin/import_kibana-objects.sh
View file

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
# Import Kibana objects
# Make sure ES is available # Make sure ES is available
myES="http://127.0.0.1:64298/" myES="http://127.0.0.1:64298/"
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)

5
installer/bin/myip.sh
View file

@ -34,8 +34,6 @@ httplist=(
whatismyip.akamai.com whatismyip.akamai.com
) )
# function to shuffle the global array "array" # function to shuffle the global array "array"
shuffle() { shuffle() {
local i tmp size max rand local i tmp size max rand
@ -48,7 +46,6 @@ shuffle() {
done done
} }
# if we have dig and a list of dns methods, try that first # if we have dig and a list of dns methods, try that first
if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then
eval array=( \"\${dnslist[@]}\" ) eval array=( \"\${dnslist[@]}\" )
@ -64,9 +61,7 @@ if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then
done done
fi fi
# if we haven't succeeded with DNS, try HTTP # if we haven't succeeded with DNS, try HTTP
if [ ${#httplist[*]} == 0 ]; then if [ ${#httplist[*]} == 0 ]; then
echo "No hosts in httplist array!" >&2 echo "No hosts in httplist array!" >&2
exit 1 exit 1

1
installer/bin/restore_es.sh
View file

@ -1,4 +1,5 @@
#/bin/bash #/bin/bash
# Restore folder based ES backup
# Make sure ES is available # Make sure ES is available
myES="http://127.0.0.1:64298/" myES="http://127.0.0.1:64298/"
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)

10
installer/bin/status.sh
View file

@ -1,16 +1,10 @@
#!/bin/bash #!/bin/bash
# Show status of SupervisorD within running containers
########################################################
# T-Pot #
# Container and services status script #
# #
# v16.10.0 by mo, DTAG, 2016-05-12 #
########################################################
myCOUNT=1 myCOUNT=1
if [[ $1 == "" ]] if [[ $1 == "" ]]
then then
myIMAGES=$(cat /etc/tpot/images.conf) myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2)
else myIMAGES=$1 else myIMAGES=$1
fi fi

78
installer/bin/update-images.sh
View file

@ -1,78 +0,0 @@
#!/bin/bash
##########################################################
# T-Pot #
# Only start the containers found in /etc/systemd/system #
# #
# v17.06 by mo, DTAG, 2017-03-13 #
##########################################################
# Make sure not to interrupt a check
while true
do
if ! [ -a /var/run/check.lock ];
then break
fi
sleep 0.1
if [ "$myCOUNT" = "1" ];
then
echo -n "Waiting for services "
else echo -n .
fi
if [ "$myCOUNT" = "6000" ];
then
echo
echo "Overriding check.lock"
rm /var/run/check.lock
break
fi
myCOUNT=$[$myCOUNT +1]
done
# We do not want to get interrupted by a check
touch /var/run/check.lock
# Stop T-Pot services and disable all T-Pot services
echo "### Stopping T-Pot services and cleaning up."
for i in $(cat /etc/tpot/imgcfg/all_images.conf);
do
systemctl stop $i
sleep 2
systemctl disable $i;
rm /etc/systemd/system/$i.service
done
# Restarting docker services and optionally clear local repository
echo "### Stopping docker services ..."
systemctl stop docker
sleep 1
# If option "hard" clear the whole repository
if [ "$1" = "hard" ];
then
echo "### Clearing local docker repository."
rm -rf /var/lib/docker
sleep 1
fi
echo "### Starting docker services ..."
systemctl start docker
sleep 1
# Enable only T-Pot systemd scripts from images.conf and pull the images
for i in $(cat /etc/tpot/images.conf);
do
echo
echo "### Now pulling "$i
docker pull dtagdevsec/$i:1706;
cp /etc/tpot/systemd/$i.service /etc/systemd/system/
systemctl enable $i;
done
# Announce reboot
echo
echo "### Rebooting."
# Allow checks to resume
rm /var/run/check.lock
# Reboot
reboot

3
installer/etc/rc.local
View file

@ -16,6 +16,3 @@ MY_HOSTNAME=$HOSTNAME
EOF EOF
echo $myLOCALIP > /data/elk/logstash/mylocal.ip echo $myLOCALIP > /data/elk/logstash/mylocal.ip
chown tpot:tpot /data/ews/conf/ews.ip chown tpot:tpot /data/ews/conf/ews.ip
if [ -f /var/run/check.lock ];
then rm /var/run/check.lock
fi

30
installer/install.sh
View file

@ -1,10 +1,5 @@
#!/bin/bash #!/bin/bash
######################################################## # T-Pot post install script
# T-Pot post install script #
# Ubuntu server 16.04.0, x64 #
# #
# v17.06 by mo, DTAG, 2017-03-22 #
########################################################
# Set TERM, DIALOGRC # Set TERM, DIALOGRC
export TERM=linux export TERM=linux
@ -32,6 +27,8 @@ fuRANDOMWORD () {
} }
# Let's wait a few seconds to avoid interference with service messages # Let's wait a few seconds to avoid interference with service messages
sleep 3
tput civis
dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7 dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7
# Let's setup the proxy for env # Let's setup the proxy for env
@ -104,6 +101,7 @@ rm -rf /usr/share/nginx/html/index.html 2>&1 | dialog --title "[ Removing NGINX
# Let's ask user for install flavor # Let's ask user for install flavor
# Install types are TPOT, HP, INDUSTRIAL, ALL # Install types are TPOT, HP, INDUSTRIAL, ALL
tput cnorm
myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose your edition ]" --no-tags --menu \ myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose your edition ]" --no-tags --menu \
"\nRequired: 4GB RAM, 64GB disk\nRecommended: 8GB RAM, 128GB SSD" 14 60 4 \ "\nRequired: 4GB RAM, 64GB disk\nRecommended: 8GB RAM, 128GB SSD" 14 60 4 \
"TPOT" "Standard Honeypots, Suricata & ELK" \ "TPOT" "Standard Honeypots, Suricata & ELK" \
@ -198,6 +196,7 @@ while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ]
htpasswd -b -c /etc/nginx/nginxpasswd "$myUSER" "$myPASS1" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; htpasswd -b -c /etc/nginx/nginxpasswd "$myUSER" "$myPASS1" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF;
# Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway) # Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway)
tput civis
mkdir -p /etc/nginx/ssl 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; mkdir -p /etc/nginx/ssl 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF;
openssl req \ openssl req \
-nodes \ -nodes \
@ -372,15 +371,15 @@ esac
# Let's load docker images # Let's load docker images
myIMAGESCOUNT=$(cat /root/tpot/etc/tpot/tpot.yml | grep container_name | cut -d: -f2 | wc -l) myIMAGESCOUNT=$(cat /root/tpot/etc/tpot/tpot.yml | grep container_name | cut -d: -f2 | wc -l)
j=0 j=0
for name in $(cat /root/tpot/etc/tpot/tpot.yml | grep container_name | cut -d: -f2) for name in $(cat /root/tpot/etc/tpot/tpot.yml | grep image | cut -d'"' -f2)
do do
dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \
--gauge "\n Now downloading: dtagdevsec/$name:1706\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <<EOF --gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <<EOF
EOF EOF
docker pull dtagdevsec/$name:1706 2>&1>/dev/null docker pull $name 2>&1>/dev/null
let j+=1 let j+=1
dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \
--gauge "\n Now downloading: dtagdevsec/$name:1706\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <<EOF --gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <<EOF
EOF EOF
done done
@ -410,26 +409,17 @@ dialog --title "[ Adding cronjobs ]" $myPROGRESSBOXCONF <<EOF
EOF EOF
tee -a /etc/crontab 2>&1>/dev/null <<EOF tee -a /etc/crontab 2>&1>/dev/null <<EOF
# Check if containers and services are up
#*/5 * * * * root check.sh
# Example for alerta-cli IP update # Example for alerta-cli IP update
#*/5 * * * * root alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open #*/5 * * * * root alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open
# Check if updated images are available and download them # Check if updated images are available and download them
27 1 * * * root /usr/bin/docker-compose -f /etc/tpot/tpot.yml pull 27 1 * * * root /usr/bin/docker-compose -f /etc/tpot/tpot.yml pull
# Restart docker service and containers
#27 3 * * * root dcres.sh
# Delete elastic indices older than 90 days (kibana index is omitted by default) # Delete elastic indices older than 90 days (kibana index is omitted by default)
#27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d' #27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'
# Update IP and erase check.lock if it exists
27 5 * * * root /etc/rc.local
# Daily reboot # Daily reboot
27 23 * * * root reboot 27 3 * * * root reboot
# Check for updated packages every sunday, upgrade and reboot # Check for updated packages every sunday, upgrade and reboot
27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot 27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot