From 41ab55f957febf129be53fa58e2e6eccf8a2b8bc Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Tue, 27 Jan 2015 17:46:52 +0100
Subject: [PATCH] Installer upgrade
---
installer/bin/check.sh | 42 ++++++
installer/bin/status.sh | 33 +++++
installer/etc/issue | 16 ++
installer/home/2fa_enable.sh | 31 ++++
installer/home/ssh_enable.sh | 32 ++++
installer/install1.sh | 2 +-
installer/install2.sh | 246 +++----------------------------
installer/upstart/dionaea.conf | 24 +++
installer/upstart/docker.conf | 58 ++++++++
installer/upstart/elk.conf | 24 +++
installer/upstart/ews.conf | 24 +++
installer/upstart/glastopf.conf | 24 +++
installer/upstart/honeytrap.conf | 28 ++++
installer/upstart/kippo.conf | 24 +++
installer/upstart/suricata.conf | 28 ++++
makeiso.sh | 9 +-
preseed/tpotce.seed | 6 +-
tpotce | 1 +
18 files changed, 420 insertions(+), 232 deletions(-)
create mode 100755 installer/bin/check.sh
create mode 100755 installer/bin/status.sh
create mode 100644 installer/etc/issue
create mode 100755 installer/home/2fa_enable.sh
create mode 100755 installer/home/ssh_enable.sh
create mode 100644 installer/upstart/dionaea.conf
create mode 100644 installer/upstart/docker.conf
create mode 100644 installer/upstart/elk.conf
create mode 100644 installer/upstart/ews.conf
create mode 100644 installer/upstart/glastopf.conf
create mode 100644 installer/upstart/honeytrap.conf
create mode 100644 installer/upstart/kippo.conf
create mode 100644 installer/upstart/suricata.conf
create mode 160000 tpotce
diff --git a/installer/bin/check.sh b/installer/bin/check.sh
new file mode 100755
index 00000000..e147dd69
--- /dev/null
+++ b/installer/bin/check.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+########################################################
+# T-Pot Community Edition #
+# Check container and services script #
+# #
+# v0.10 by mo, DTAG, 2015-01-27 #
+########################################################
+
+if [ -f /var/run/check.lock ];
+ then exit
+fi
+
+touch /var/run/check.lock
+
+myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
+for i in dionaea elk ews glastopf honeytrap kippo suricata
+do
+ myCIDSTATUS=$(docker exec -i $i supervisorctl status)
+ if [ $? -ne 0 ]; then
+ myCIDSTATUS=1
+ else
+ myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)")
+ fi
+ if [ $myCIDSTATUS -gt 0 ]; then
+ if [ $myUPTIME -gt 5 ]; then
+ service docker stop
+ docker rm $(docker ps -aq)
+ service docker start
+ for j in dionaea glastopf honeytrap kippo suricata ews elk
+ do
+ sleep 10
+ service $j start
+ done
+ rm /var/run/check.lock
+ exit 0
+ fi
+ fi
+done
+
+rm /var/run/check.lock
+
diff --git a/installer/bin/status.sh b/installer/bin/status.sh
new file mode 100755
index 00000000..7a72c0b3
--- /dev/null
+++ b/installer/bin/status.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+########################################################
+# T-Pot Community Edition #
+# Container and services status script #
+# #
+# v0.10 by mo, DTAG, 2015-01-27 #
+########################################################
+myCOUNT=1
+while true
+do
+ if ! [ -f /var/run/check.lock ];
+ then break
+ fi
+ sleep 0.1
+ if [ $myCOUNT = 1 ];
+ then
+ echo -n "Waiting for services "
+ else echo -n .
+ fi
+ myCOUNT=$[$myCOUNT +1]
+done
+echo
+echo
+echo "****************** $(date) ******************"
+echo
+echo
+for i in dionaea elk ews glastopf honeytrap kippo suricata
+do
+ echo "======| Container:" $i "|======"
+ docker exec -i $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$"
+ echo
+done
diff --git a/installer/etc/issue b/installer/etc/issue
new file mode 100644
index 00000000..99a2e813
--- /dev/null
+++ b/installer/etc/issue
@@ -0,0 +1,16 @@
+T-Pot Community Edition (Beta)
+Hostname: \n
+IP: 10.4.122.95
+
+
+___________ _____________________________
+\\__ ___/ \\______ \\_____ \\__ ___/
+ | | ______ | ___// | \\| |
+ | | /_____/ | | / | \\ |
+ |____| |____| \\_______ /____|
+ \\/
+
+
+CTRL+ALT+F2 - Display current container status
+CTRL+ALT+F1 - Return to this screen
+
diff --git a/installer/home/2fa_enable.sh b/installer/home/2fa_enable.sh
new file mode 100755
index 00000000..e3c8e409
--- /dev/null
+++ b/installer/home/2fa_enable.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+########################################################
+# T-Pot Community Edition #
+# Two-Factor authentication enable script #
+# #
+# v0.20 by mo, DTAG, 2015-01-27 #
+########################################################
+
+echo "### This script will enable Two-Factor-Authentication based on Google Authenticator for SSH."
+while true
+do
+ echo -n "### Do you want to continue (y/n)? "; read myANSWER;
+ case $myANSWER in
+ n)
+ echo "### Exiting."
+ exit 0;
+ ;;
+ y)
+ break
+ ;;
+ esac
+done
+if [ -f /etc/pam.d/sshd.bak ];
+ then echo "### Already enabled. Exiting."
+ exit 1;
+fi
+sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
+sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
+google-authenticator -t -d -f -r 3 -R 30 -w 21
+echo "### Please do not forget to run the ssh_enable script."
diff --git a/installer/home/ssh_enable.sh b/installer/home/ssh_enable.sh
new file mode 100755
index 00000000..5c97efc8
--- /dev/null
+++ b/installer/home/ssh_enable.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+########################################################
+# T-Pot Community Edition #
+# SSH enable script #
+# #
+# v0.21 by mo, DTAG, 2015-01-27 #
+########################################################
+
+if ! [ -f /etc/init/ssh.override ];
+ then echo "### SSH is already enabled. Exiting."
+ exit 1;
+fi
+
+echo "### This script will enable the ssh service (default port tcp/64295)."
+echo "### Password authentication is disabled by default."
+
+while true
+do
+ echo -n "### Do you want to continue (y/n)? "; read myANSWER;
+ case $myANSWER in
+ n)
+ echo "### Exiting."
+ exit 0;
+ ;;
+ y)
+ break
+ ;;
+ esac
+done
+sudo rm /etc/init/ssh.override
+sudo service ssh start
diff --git a/installer/install1.sh b/installer/install1.sh
index b502ec57..5682f884 100755
--- a/installer/install1.sh
+++ b/installer/install1.sh
@@ -4,7 +4,7 @@
# and consoleblank permanently #
# Ubuntu server 14.04.1, x64 #
# #
-# v0.07 by mo, DTAG, 2015-01-20 #
+# v0.10 by mo, DTAG, 2015-01-20 #
#############################################################
# Let's replace "quiet splash" options and update grub
diff --git a/installer/install2.sh b/installer/install2.sh
index 26b2515e..a7b19a74 100755
--- a/installer/install2.sh
+++ b/installer/install2.sh
@@ -3,7 +3,7 @@
# T-Pot Community Edition post install script #
# Ubuntu server 14.04, x64 #
# #
-# v0.21 by mo, DTAG, 2015-01-22 #
+# v0.30 by mo, DTAG, 2015-01-27 #
########################################################
# Let's make sure there is a warning if running for a second time
@@ -55,15 +55,18 @@ adduser --system --no-create-home --uid 2000 --disabled-password --disabled-logi
fuECHO "### Creating some files and folders."
mkdir -p /data/ews/log /data/ews/conf /data/elk/data /data/elk/log
-# Let's modify the ownership / access rights
+# Let's modify some ownership / access rights
chmod 760 -R /data
chown tpot:tpot -R /data
+chmod 700 /home/tsec/*.sh
+chown tsec:tsec /home/tsec/*.sh
+
# Let's set the hostname
fuECHO "### Setting a new hostname."
myHOST=ce$(date +%s)$RANDOM
hostnamectl set-hostname $myHOST
-sed -i 's/127.0.1.1.*/127.0.1.1\t'"$myHOST"'/g' /etc/hosts
+sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts
# Let's patch sshd_config
fuECHO "### Patching sshd_config to listen on port 64295 and deny password authentication."
@@ -71,67 +74,7 @@ sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config
sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config
# Let's disable ssh service
-mv /etc/init/ssh.conf /etc/init/ssh.conf.disable
-
-# Let's create the 2FA enable script
-fuECHO "### Creating 2FA enable script."
-tee /home/tsec/2fa_enable.sh <<EOF
-#!/bin/bash
-echo "### This script will enable Two-Factor-Authentication based on Google Authenticator for SSH."
-while true
-do
- echo -n "### Do you want to continue (y/n)? "; read myANSWER;
- case \$myANSWER in
- n)
- echo "### Exiting."
- exit 0;
- ;;
- y)
- break
- ;;
- esac
-done
-if [ -f /etc/pam.d/sshd.bak ];
- then echo "### Already enabled. Exiting."
- exit 1;
-fi
-sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
-sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
-google-authenticator -t -d -f -r 3 -R 30 -w 21
-echo "### Please do not forget to run the ssh_enable script."
-EOF
-chmod 700 /home/tsec/2fa_enable.sh
-chown tsec:tsec /home/tsec/2fa_enable.sh
-
-# Let's create the ssh enable script
-fuECHO "### Creating ssh enable script."
-tee /home/tsec/ssh_enable.sh <<EOF
-#!/bin/bash
-echo "### This script will enable the ssh service (default port tcp/64295)."
-echo "### Password authentication is disabled by default."
-while true
-do
- echo -n "### Do you want to continue (y/n)? "; read myANSWER;
- case \$myANSWER in
- n)
- echo "### Exiting."
- exit 0;
- ;;
- y)
- break
- ;;
- esac
-done
-if [ -f /etc/init/ssh.conf ];
- then echo "### Already enabled. Exiting."
- exit 1;
-fi
-sudo mv /etc/init/ssh.conf.disable /etc/init/ssh.conf
-sudo service ssh start
-EOF
-chmod 700 /home/tsec/ssh_enable.sh
-chown tsec:tsec /home/tsec/ssh_enable.sh
-
+echo "manual" >> /etc/init/ssh.override
# Let's patch docker defaults, so we can run images as service
fuECHO "### Patching docker defaults."
@@ -139,144 +82,6 @@ tee -a /etc/default/docker <<EOF
DOCKER_OPTS="-r=false"
EOF
-# Let's create an upstart config for the dionaea docker image
-fuECHO "### Adding upstart config for the dionaea docker image."
-tee /etc/init/dionaea.conf <<EOF
-description "Dionaea"
-author "mo"
-start on started docker and filesystem
-stop on runlevel [!2345]
-respawn
-script
- sleep 1
- /usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8080:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5061:5061 -p 5060:5060 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea dtagdevsec/dionaea
-end script
-post-stop script
- sleep 1
- /usr/bin/docker rm dionaea
-end script
-EOF
-
-# Let's create an upstart config for the elk docker image
-fuECHO "### Adding upstart config for the elk docker image."
-tee /etc/init/elk.conf <<EOF
-description "ELK"
-author "mo"
-start on started docker and filesystem and started suricata and started ews
-stop on runlevel [!2345]
-respawn
-script
- sleep 1
- /usr/bin/docker run --name=elk --volumes-from ews --volumes-from suricata -v /data/elk/:/data/elk/ -p 127.0.0.1:64296:80 --rm=true dtagdevsec/elk
-end script
-post-stop script
- sleep 1
- /usr/bin/docker rm elk
-end script
-EOF
-
-# Let's create an upstart config for the ews docker image
-fuECHO "### Adding upstart config for the ews docker image."
-tee /etc/init/ews.conf <<EOF
-description "EWS"
-author "mo"
-start on started docker and filesystem and started dionaea and started honeytrap and started kippo and started glastopf
-stop on runlevel [!2345]
-respawn
-script
- sleep 15
- /usr/bin/docker run --name ews --volumes-from dionaea --volumes-from glastopf --volumes-from honeytrap --volumes-from kippo --rm=true -v /data/ews/:/data/ews/ --link kippo:kippo dtagdevsec/ews
-end script
-post-stop script
- sleep 1
- /usr/bin/docker rm ews
-end script
-EOF
-
-# Let's create an upstart config for the glastopf docker image
-fuECHO "### Adding upstart config for the glastopf docker image."
-tee /etc/init/glastopf.conf <<EOF
-description "Glastopf"
-author "mo"
-start on started docker and filesystem
-stop on runlevel [!2345]
-respawn
-script
- sleep 1
- /usr/bin/docker run --name glastopf --rm=true -p 80:80 -v /data/glastopf dtagdevsec/glastopf
-end script
-post-stop script
- sleep 1
- /usr/bin/docker rm glastopf
-end script
-EOF
-
-# Let's create an upstart config for the honeytrap docker image
-fuECHO "### Adding upstart config for the honeytrap docker image."
-tee /etc/init/honeytrap.conf <<EOF
-description "Honeytrap"
-author "mo"
-start on started docker and filesystem
-stop on runlevel [!2345]
-respawn
-pre-start script
- sleep 1
- /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
-end script
-script
- sleep 1
- /usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap dtagdevsec/honeytrap
-end script
-post-stop script
- sleep 1
- /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
- /usr/bin/docker rm honeytrap
-end script
-EOF
-
-# Let's create an upstart config for the kippo docker image
-fuECHO "### Adding upstart config for the kippo docker image."
-tee /etc/init/kippo.conf <<EOF
-description "Kippo"
-author "mo"
-start on started docker and filesystem
-stop on runlevel [!2345]
-respawn
-script
- sleep 1
- /usr/bin/docker run --name kippo --rm=true -p 22:2222 -v /data/kippo dtagdevsec/kippo
-end script
-post-stop script
- sleep 1
- /usr/bin/docker rm kippo
-end script
-EOF
-
-# Let's create an upstart config for the suricata docker image
-fuECHO "### Adding upstart config for the suricata docker image."
-tee /etc/init/suricata.conf <<EOF
-description "Suricata"
-author "mo"
-start on started docker and filesystem
-stop on runlevel [!2345]
-respawn
-pre-start script
- sleep 1
- myIF=\$(route | grep default | awk '{ print \$8 }')
- /sbin/ethtool --offload \$myIF rx off tx off
- /sbin/ethtool -K \$myIF gso off gro off
- /sbin/ip link set \$myIF promisc on
-end script
-script
- sleep 1
- /usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata/ dtagdevsec/suricata
-end script
-post-stop script
- sleep 1
- /usr/bin/docker rm suricata
-end script
-EOF
-
# Let's load docker images from remote
fuECHO "### Downloading docker images from DockerHub. Please be patient, this may take a while."
for name in dionaea elk ews glastopf honeytrap kippo suricata
@@ -292,39 +97,26 @@ APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "7";
EOF
-# Let's add "docker ps" output to /dev/tty2 every 60s
-fuECHO "### Adding useful docker output to tty2"
+# Let's add some conrjobs
+fuECHO "### Adding cronjobs."
tee -a /etc/crontab <<EOF
# Show running containers every 60s via /dev/tty2
-*/1 * * * * root echo > /dev/tty2; date > /dev/tty2; docker ps > /dev/tty2; echo > /dev/tty2
-EOF
-
-# Let's add a nice and useful issue text and update rc.local accordingly
-fuECHO "### Adding a nice and useful issue text and updating rc.local accordingly."
-tee /etc/issue <<EOF
-T-Pot Community Edition
-Hostname: \n
-IP:
-
-
-___________ _____________________________
-\\\__ ___/ \\\______ \\\_____ \\\__ ___/
- | | ______ | ___// | \\\| |
- | | /_____/ | | / | \\\ |
- |____| |____| \\\_______ /____|
- \\\/
-
-
-CTRL+ALT+F2 - Display current container status
-CTRL+ALT+F1 - Return to this screen
-
+*/2 * * * * root /usr/bin/status.sh 2 > /dev/tty2
+
+# Check if containers and services are up
+*/5 * * * * root /usr/bin/check.sh
EOF
+# Let's update rc.local
+fuECHO "### Updating rc.local."
tee /etc/rc.local.new <<EOF
#!/bin/sh -e
# Let's add the first local ip to the /etc/issue file
sed -i "s#IP:.*#IP: \$(hostname -I | awk '{ print \$1 }')#" /etc/issue
+if [ -f /var/run/check.lock ];
+ then rm /var/run/check.lock
+fi
setupcon
exit 0
EOF
@@ -333,4 +125,6 @@ chmod +x /etc/rc.local.new
# Final steps
fuECHO "### Thanks for your patience. Now rebooting."
+mv /root/upstart/*.conf /etc/init/
+rm -rf /root/upstart/
mv /etc/rc.local.new /etc/rc.local && chage -d 0 tsec && sleep 2 && reboot
diff --git a/installer/upstart/dionaea.conf b/installer/upstart/dionaea.conf
new file mode 100644
index 00000000..b2000bd4
--- /dev/null
+++ b/installer/upstart/dionaea.conf
@@ -0,0 +1,24 @@
+########################################################
+# T-Pot Community Edition #
+# Dionaea upstart script #
+# #
+# v0.50 by mo, DTAG, 2015-01-27 #
+########################################################
+
+description "Dionaea"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+ # Remove any existing dionaea containers
+ myCID=$(docker ps -a | grep dionaea | awk '{ print $1 }')
+ if [ "$myCID" != "" ];
+ then docker rm $myCID;
+ fi
+end script
+script
+ # Delayed start to avoid rapid respawning
+ sleep $(((RANDOM % 5)+5))
+ /usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8080:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5061:5061 -p 5060:5060 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea dtagdevsec/dionaea
+end script
diff --git a/installer/upstart/docker.conf b/installer/upstart/docker.conf
new file mode 100644
index 00000000..f9930bd3
--- /dev/null
+++ b/installer/upstart/docker.conf
@@ -0,0 +1,58 @@
+description "Docker daemon"
+
+start on (local-filesystems and net-device-up IFACE!=lo)
+stop on runlevel [!2345]
+limit nofile 524288 1048576
+limit nproc 524288 1048576
+
+respawn
+
+pre-start script
+ # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+ if grep -v '^#' /etc/fstab | grep -q cgroup \
+ || [ ! -e /proc/cgroups ] \
+ || [ ! -d /sys/fs/cgroup ]; then
+ exit 0
+ fi
+ if ! mountpoint -q /sys/fs/cgroup; then
+ mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+ fi
+ (
+ cd /sys/fs/cgroup
+ for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+ mkdir -p $sys
+ if ! mountpoint -q $sys; then
+ if ! mount -n -t cgroup -o $sys cgroup $sys; then
+ rmdir $sys || true
+ fi
+ fi
+ done
+ )
+end script
+
+script
+ # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
+ DOCKER=/usr/bin/$UPSTART_JOB
+ DOCKER_OPTS=
+ if [ -f /etc/default/$UPSTART_JOB ]; then
+ . /etc/default/$UPSTART_JOB
+ fi
+ exec "$DOCKER" -d $DOCKER_OPTS
+end script
+
+# Don't emit "started" event until docker.sock is ready.
+# See https://github.com/docker/docker/issues/6647
+post-start script
+ DOCKER_OPTS=
+ if [ -f /etc/default/$UPSTART_JOB ]; then
+ . /etc/default/$UPSTART_JOB
+ fi
+ if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
+ while ! [ -e /var/run/docker.sock ]; do
+ initctl status $UPSTART_JOB | grep -q "stop/" && exit 1
+ echo "Waiting for /var/run/docker.sock"
+ sleep 0.1
+ done
+ echo "/var/run/docker.sock is up"
+ fi
+end script
diff --git a/installer/upstart/elk.conf b/installer/upstart/elk.conf
new file mode 100644
index 00000000..a8a118af
--- /dev/null
+++ b/installer/upstart/elk.conf
@@ -0,0 +1,24 @@
+########################################################
+# T-Pot Community Edition #
+# ELK upstart script #
+# #
+# v0.50 by mo, DTAG, 2015-01-27 #
+########################################################
+
+description "ELK"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+ # Remove any existing elk containers
+ myCID=$(docker ps -a | grep elk | awk '{ print $1 }')
+ if [ "$myCID" != "" ];
+ then docker rm $myCID;
+ fi
+end script
+script
+ # Delayed start to avoid rapid respawning
+ sleep $(((RANDOM % 5)+5))
+ /usr/bin/docker run --name=elk --volumes-from ews --volumes-from suricata -v /data/elk/:/data/elk/ -p 127.0.0.1:64296:80 --rm=true dtagdevsec/elk
+end script
diff --git a/installer/upstart/ews.conf b/installer/upstart/ews.conf
new file mode 100644
index 00000000..5bae4e6d
--- /dev/null
+++ b/installer/upstart/ews.conf
@@ -0,0 +1,24 @@
+########################################################
+# T-Pot Community Edition #
+# EWS upstart script #
+# #
+# v0.50 by mo, DTAG, 2015-01-27 #
+########################################################
+
+description "EWS"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+ # Remove any existing ews containers
+ myCID=$(docker ps -a | grep ews | awk '{ print $1 }')
+ if [ "$myCID" != "" ];
+ then docker rm $myCID;
+ fi
+end script
+script
+ # Delayed start to avoid rapid respawning
+ sleep $(((RANDOM % 5)+5))
+ /usr/bin/docker run --name ews --volumes-from dionaea --volumes-from glastopf --volumes-from honeytrap --volumes-from kippo --rm=true -v /data/ews/:/data/ews/ --link kippo:kippo dtagdevsec/ews
+end script
diff --git a/installer/upstart/glastopf.conf b/installer/upstart/glastopf.conf
new file mode 100644
index 00000000..06840bed
--- /dev/null
+++ b/installer/upstart/glastopf.conf
@@ -0,0 +1,24 @@
+########################################################
+# T-Pot Community Edition #
+# Glastopf upstart script #
+# #
+# v0.50 by mo, DTAG, 2015-01-27 #
+########################################################
+
+description "Glastopf"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+ # Remove any existing glastopf containers
+ myCID=$(docker ps -a | grep glastopf | awk '{ print $1 }')
+ if [ "$myCID" != "" ];
+ then docker rm $myCID;
+ fi
+end script
+script
+ # Delayed start to avoid rapid respawning
+ sleep $(((RANDOM % 5)+5))
+ /usr/bin/docker run --name glastopf --rm=true -p 80:80 -v /data/glastopf dtagdevsec/glastopf
+end script
diff --git a/installer/upstart/honeytrap.conf b/installer/upstart/honeytrap.conf
new file mode 100644
index 00000000..64743ba0
--- /dev/null
+++ b/installer/upstart/honeytrap.conf
@@ -0,0 +1,28 @@
+########################################################
+# T-Pot Community Edition #
+# Honeytrap upstart script #
+# #
+# v0.50 by mo, DTAG, 2015-01-27 #
+########################################################
+
+description "Honeytrap"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+ # Remove any existing honeytrap containers
+ myCID=$(docker ps -a | grep honeytrap | awk '{ print $1 }')
+ if [ "$myCID" != "" ];
+ then docker rm $myCID;
+ fi
+ /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
+end script
+script
+ # Delayed start to avoid rapid respawning
+ sleep $(((RANDOM % 5)+5))
+ /usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap dtagdevsec/honeytrap
+end script
+post-stop script
+ /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
+end script
diff --git a/installer/upstart/kippo.conf b/installer/upstart/kippo.conf
new file mode 100644
index 00000000..5655f840
--- /dev/null
+++ b/installer/upstart/kippo.conf
@@ -0,0 +1,24 @@
+########################################################
+# T-Pot Community Edition #
+# Kippo upstart script #
+# #
+# v0.50 by mo, DTAG, 2015-01-27 #
+########################################################
+
+description "Kippo"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+ # Remove any existing kippo containers
+ myCID=$(docker ps -a | grep kippo | awk '{ print $1 }')
+ if [ "$myCID" != "" ];
+ then docker rm $myCID;
+ fi
+end script
+script
+ # Delayed start to avoid rapid respawning
+ sleep $(((RANDOM % 5)+5))
+ /usr/bin/docker run --name kippo --rm=true -p 22:2222 -v /data/kippo dtagdevsec/kippo
+end script
diff --git a/installer/upstart/suricata.conf b/installer/upstart/suricata.conf
new file mode 100644
index 00000000..cbdb4428
--- /dev/null
+++ b/installer/upstart/suricata.conf
@@ -0,0 +1,28 @@
+########################################################
+# T-Pot Community Edition #
+# Suricata upstart script #
+# #
+# v0.50 by mo, DTAG, 2015-01-27 #
+########################################################
+
+description "Suricata"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+ # Remove any existing suricata containers
+ myCID=$(docker ps -a | grep suricata | awk '{ print $1 }')
+ if [ "$myCID" != "" ];
+ then docker rm $myCID;
+ fi
+ myIF=$(route | grep default | awk '{ print $8 }')
+ /sbin/ethtool --offload $myIF rx off tx off
+ /sbin/ethtool -K $myIF gso off gro off
+ /sbin/ip link set $myIF promisc on
+end script
+script
+ # Delayed start to avoid rapid respawning
+ sleep $(((RANDOM % 5)+5))
+ /usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata/ dtagdevsec/suricata
+end script
diff --git a/makeiso.sh b/makeiso.sh
index 8059d7cb..dbfd18e2 100755
--- a/makeiso.sh
+++ b/makeiso.sh
@@ -1,9 +1,10 @@
#!/bin/bash
+
########################################################
-# .iso maker for tpotce #
+# T-Pot Community Edition #
+# .ISO maker #
# #
-# #
-# v0.04 by mo, 2014-12-11 #
+# v0.10 by mo, DTAG, 2015-01-27 #
########################################################
# Let's define some global vars
@@ -47,7 +48,7 @@ losetup -d /dev/loop0
# Let's add the files for the automated install
fuECHO "### Adding the automated install files."
mkdir -p $myTPOTCEDIR/tpotce
-cp installer/* $myTPOTCEDIR/tpotce/
+cp installer/* -r $myTPOTCEDIR/tpotce/
cp isolinux/* $myTPOTCEDIR/isolinux/
cp kickstart/* $myTPOTCEDIR/tpotce/
cp preseed/* $myTPOTCEDIR/tpotce/
diff --git a/preseed/tpotce.seed b/preseed/tpotce.seed
index eeabe2bd..2027e125 100755
--- a/preseed/tpotce.seed
+++ b/preseed/tpotce.seed
@@ -36,7 +36,11 @@ d-i pkgsel/update-policy select unattended-upgrades
# Post install
d-i preseed/late_command string \
cp /cdrom/tpotce/install1.sh /target/etc/rc.local; \
-cp /cdrom/tpotce/install2.sh /target/root/install.sh
+cp /cdrom/tpotce/install2.sh /target/root/install.sh; \
+cp /cdrom/tpotce/bin/*.sh /target/usr/bin/; \
+cp /cdrom/tpotce/etc/issue /target/etc/; \
+cp /cdrom/tpotce/home/*.sh /target/home/tsec/; \
+cp -r /cdrom/tpotce/upstart/ /target/root/
# Reboot
d-i finish-install/reboot_in_progress note
diff --git a/tpotce b/tpotce
new file mode 160000
index 00000000..43e4f479
--- /dev/null
+++ b/tpotce
@@ -0,0 +1 @@
+Subproject commit 43e4f47977152a51ecb20ea104962caa87bbaaa6