Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-10-30 20:12:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Installer upgrade

Browse source
This commit is contained in:
t3chn0m4g3 2015-01-27 17:46:52 +01:00
parent 1cb5191bba
commit 41ab55f957
18 changed files with 420 additions and 232 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
installer/bin/check.sh Executable file
View file

@ -0,0 +1,42 @@
#!/bin/bash
########################################################
# T-Pot Community Edition #
# Check container and services script #
# #
# v0.10 by mo, DTAG, 2015-01-27 #
########################################################
if [ -f /var/run/check.lock ];
then exit
fi
touch /var/run/check.lock
myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
for i in dionaea elk ews glastopf honeytrap kippo suricata
do
myCIDSTATUS=$(docker exec -i $i supervisorctl status)
if [ $? -ne 0 ]; then
myCIDSTATUS=1
else
myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)")
fi
if [ $myCIDSTATUS -gt 0 ]; then
if [ $myUPTIME -gt 5 ]; then
service docker stop
docker rm $(docker ps -aq)
service docker start
for j in dionaea glastopf honeytrap kippo suricata ews elk
do
sleep 10
service $j start
done
rm /var/run/check.lock
exit 0
fi
fi
done
rm /var/run/check.lock

33
installer/bin/status.sh Executable file
View file

@ -0,0 +1,33 @@
#!/bin/bash
########################################################
# T-Pot Community Edition #
# Container and services status script #
# #
# v0.10 by mo, DTAG, 2015-01-27 #
########################################################
myCOUNT=1
while true
do
if ! [ -f /var/run/check.lock ];
then break
fi
sleep 0.1
if [ $myCOUNT = 1 ];
then
echo -n "Waiting for services "
else echo -n .
fi
myCOUNT=$[$myCOUNT +1]
done
echo
echo
echo "****************** $(date) ******************"
echo
echo
for i in dionaea elk ews glastopf honeytrap kippo suricata
do
echo "======| Container:" $i "|======"
docker exec -i $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$"
echo
done

16
installer/etc/issue Normal file
View file

@ -0,0 +1,16 @@
T-Pot Community Edition (Beta)
Hostname: \n
IP: 10.4.122.95
___________ _____________________________
\\__ ___/ \\______ \\_____ \\__ ___/
| | ______ | ___// | \\| |
| | /_____/ | | / | \\ |
|____| |____| \\_______ /____|
\\/
CTRL+ALT+F2 - Display current container status
CTRL+ALT+F1 - Return to this screen

31
installer/home/2fa_enable.sh Executable file
View file

@ -0,0 +1,31 @@
#!/bin/bash
########################################################
# T-Pot Community Edition #
# Two-Factor authentication enable script #
# #
# v0.20 by mo, DTAG, 2015-01-27 #
########################################################
echo "### This script will enable Two-Factor-Authentication based on Google Authenticator for SSH."
while true
do
echo -n "### Do you want to continue (y/n)? "; read myANSWER;
case $myANSWER in
n)
echo "### Exiting."
exit 0;
;;
y)
break
;;
esac
done
if [ -f /etc/pam.d/sshd.bak ];
then echo "### Already enabled. Exiting."
exit 1;
fi
sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
google-authenticator -t -d -f -r 3 -R 30 -w 21
echo "### Please do not forget to run the ssh_enable script."

32
installer/home/ssh_enable.sh Executable file
View file

@ -0,0 +1,32 @@
#!/bin/bash
########################################################
# T-Pot Community Edition #
# SSH enable script #
# #
# v0.21 by mo, DTAG, 2015-01-27 #
########################################################
if ! [ -f /etc/init/ssh.override ];
then echo "### SSH is already enabled. Exiting."
exit 1;
fi
echo "### This script will enable the ssh service (default port tcp/64295)."
echo "### Password authentication is disabled by default."
while true
do
echo -n "### Do you want to continue (y/n)? "; read myANSWER;
case $myANSWER in
n)
echo "### Exiting."
exit 0;
;;
y)
break
;;
esac
done
sudo rm /etc/init/ssh.override
sudo service ssh start

2
installer/install1.sh
View file

@ -4,7 +4,7 @@
# and consoleblank permanently # # and consoleblank permanently #
# Ubuntu server 14.04.1, x64 # # Ubuntu server 14.04.1, x64 #
# # # #
# v0.07 by mo, DTAG, 2015-01-20 # # v0.10 by mo, DTAG, 2015-01-20 #
############################################################# #############################################################
# Let's replace "quiet splash" options and update grub # Let's replace "quiet splash" options and update grub

246
installer/install2.sh
View file

@ -3,7 +3,7 @@
# T-Pot Community Edition post install script # # T-Pot Community Edition post install script #
# Ubuntu server 14.04, x64 # # Ubuntu server 14.04, x64 #
# # # #
# v0.21 by mo, DTAG, 2015-01-22 # # v0.30 by mo, DTAG, 2015-01-27 #
######################################################## ########################################################
# Let's make sure there is a warning if running for a second time # Let's make sure there is a warning if running for a second time
@ -55,15 +55,18 @@ adduser --system --no-create-home --uid 2000 --disabled-password --disabled-logi
fuECHO "### Creating some files and folders." fuECHO "### Creating some files and folders."
mkdir -p /data/ews/log /data/ews/conf /data/elk/data /data/elk/log mkdir -p /data/ews/log /data/ews/conf /data/elk/data /data/elk/log
# Let's modify the ownership / access rights # Let's modify some ownership / access rights
chmod 760 -R /data chmod 760 -R /data
chown tpot:tpot -R /data chown tpot:tpot -R /data
chmod 700 /home/tsec/*.sh
chown tsec:tsec /home/tsec/*.sh
# Let's set the hostname # Let's set the hostname
fuECHO "### Setting a new hostname." fuECHO "### Setting a new hostname."
myHOST=ce$(date +%s)$RANDOM myHOST=ce$(date +%s)$RANDOM
hostnamectl set-hostname $myHOST hostnamectl set-hostname $myHOST
sed -i 's/127.0.1.1.*/127.0.1.1\t'"$myHOST"'/g' /etc/hosts sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts
# Let's patch sshd_config # Let's patch sshd_config
fuECHO "### Patching sshd_config to listen on port 64295 and deny password authentication." fuECHO "### Patching sshd_config to listen on port 64295 and deny password authentication."
@ -71,67 +74,7 @@ sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config
sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config
# Let's disable ssh service # Let's disable ssh service
mv /etc/init/ssh.conf /etc/init/ssh.conf.disable echo "manual" >> /etc/init/ssh.override
# Let's create the 2FA enable script
fuECHO "### Creating 2FA enable script."
tee /home/tsec/2fa_enable.sh <<EOF
#!/bin/bash
echo "### This script will enable Two-Factor-Authentication based on Google Authenticator for SSH."
while true
do
echo -n "### Do you want to continue (y/n)? "; read myANSWER;
case \$myANSWER in
n)
echo "### Exiting."
exit 0;
;;
y)
break
;;
esac
done
if [ -f /etc/pam.d/sshd.bak ];
then echo "### Already enabled. Exiting."
exit 1;
fi
sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
google-authenticator -t -d -f -r 3 -R 30 -w 21
echo "### Please do not forget to run the ssh_enable script."
EOF
chmod 700 /home/tsec/2fa_enable.sh
chown tsec:tsec /home/tsec/2fa_enable.sh
# Let's create the ssh enable script
fuECHO "### Creating ssh enable script."
tee /home/tsec/ssh_enable.sh <<EOF
#!/bin/bash
echo "### This script will enable the ssh service (default port tcp/64295)."
echo "### Password authentication is disabled by default."
while true
do
echo -n "### Do you want to continue (y/n)? "; read myANSWER;
case \$myANSWER in
n)
echo "### Exiting."
exit 0;
;;
y)
break
;;
esac
done
if [ -f /etc/init/ssh.conf ];
then echo "### Already enabled. Exiting."
exit 1;
fi
sudo mv /etc/init/ssh.conf.disable /etc/init/ssh.conf
sudo service ssh start
EOF
chmod 700 /home/tsec/ssh_enable.sh
chown tsec:tsec /home/tsec/ssh_enable.sh
# Let's patch docker defaults, so we can run images as service # Let's patch docker defaults, so we can run images as service
fuECHO "### Patching docker defaults." fuECHO "### Patching docker defaults."
@ -139,144 +82,6 @@ tee -a /etc/default/docker <<EOF
DOCKER_OPTS="-r=false" DOCKER_OPTS="-r=false"
EOF EOF
# Let's create an upstart config for the dionaea docker image
fuECHO "### Adding upstart config for the dionaea docker image."
tee /etc/init/dionaea.conf <<EOF
description "Dionaea"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
script
sleep 1
/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8080:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5061:5061 -p 5060:5060 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea dtagdevsec/dionaea
end script
post-stop script
sleep 1
/usr/bin/docker rm dionaea
end script
EOF
# Let's create an upstart config for the elk docker image
fuECHO "### Adding upstart config for the elk docker image."
tee /etc/init/elk.conf <<EOF
description "ELK"
author "mo"
start on started docker and filesystem and started suricata and started ews
stop on runlevel [!2345]
respawn
script
sleep 1
/usr/bin/docker run --name=elk --volumes-from ews --volumes-from suricata -v /data/elk/:/data/elk/ -p 127.0.0.1:64296:80 --rm=true dtagdevsec/elk
end script
post-stop script
sleep 1
/usr/bin/docker rm elk
end script
EOF
# Let's create an upstart config for the ews docker image
fuECHO "### Adding upstart config for the ews docker image."
tee /etc/init/ews.conf <<EOF
description "EWS"
author "mo"
start on started docker and filesystem and started dionaea and started honeytrap and started kippo and started glastopf
stop on runlevel [!2345]
respawn
script
sleep 15
/usr/bin/docker run --name ews --volumes-from dionaea --volumes-from glastopf --volumes-from honeytrap --volumes-from kippo --rm=true -v /data/ews/:/data/ews/ --link kippo:kippo dtagdevsec/ews
end script
post-stop script
sleep 1
/usr/bin/docker rm ews
end script
EOF
# Let's create an upstart config for the glastopf docker image
fuECHO "### Adding upstart config for the glastopf docker image."
tee /etc/init/glastopf.conf <<EOF
description "Glastopf"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
script
sleep 1
/usr/bin/docker run --name glastopf --rm=true -p 80:80 -v /data/glastopf dtagdevsec/glastopf
end script
post-stop script
sleep 1
/usr/bin/docker rm glastopf
end script
EOF
# Let's create an upstart config for the honeytrap docker image
fuECHO "### Adding upstart config for the honeytrap docker image."
tee /etc/init/honeytrap.conf <<EOF
description "Honeytrap"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
sleep 1
/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
end script
script
sleep 1
/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap dtagdevsec/honeytrap
end script
post-stop script
sleep 1
/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
/usr/bin/docker rm honeytrap
end script
EOF
# Let's create an upstart config for the kippo docker image
fuECHO "### Adding upstart config for the kippo docker image."
tee /etc/init/kippo.conf <<EOF
description "Kippo"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
script
sleep 1
/usr/bin/docker run --name kippo --rm=true -p 22:2222 -v /data/kippo dtagdevsec/kippo
end script
post-stop script
sleep 1
/usr/bin/docker rm kippo
end script
EOF
# Let's create an upstart config for the suricata docker image
fuECHO "### Adding upstart config for the suricata docker image."
tee /etc/init/suricata.conf <<EOF
description "Suricata"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
sleep 1
myIF=\$(route | grep default | awk '{ print \$8 }')
/sbin/ethtool --offload \$myIF rx off tx off
/sbin/ethtool -K \$myIF gso off gro off
/sbin/ip link set \$myIF promisc on
end script
script
sleep 1
/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata/ dtagdevsec/suricata
end script
post-stop script
sleep 1
/usr/bin/docker rm suricata
end script
EOF
# Let's load docker images from remote # Let's load docker images from remote
fuECHO "### Downloading docker images from DockerHub. Please be patient, this may take a while." fuECHO "### Downloading docker images from DockerHub. Please be patient, this may take a while."
for name in dionaea elk ews glastopf honeytrap kippo suricata for name in dionaea elk ews glastopf honeytrap kippo suricata
@ -292,39 +97,26 @@ APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "7"; APT::Periodic::AutocleanInterval "7";
EOF EOF
# Let's add "docker ps" output to /dev/tty2 every 60s # Let's add some conrjobs
fuECHO "### Adding useful docker output to tty2" fuECHO "### Adding cronjobs."
tee -a /etc/crontab <<EOF tee -a /etc/crontab <<EOF
# Show running containers every 60s via /dev/tty2 # Show running containers every 60s via /dev/tty2
*/1 * * * * root echo > /dev/tty2; date > /dev/tty2; docker ps > /dev/tty2; echo > /dev/tty2 */2 * * * * root /usr/bin/status.sh 2 > /dev/tty2
EOF
# Check if containers and services are up
# Let's add a nice and useful issue text and update rc.local accordingly */5 * * * * root /usr/bin/check.sh
fuECHO "### Adding a nice and useful issue text and updating rc.local accordingly."
tee /etc/issue <<EOF
T-Pot Community Edition
Hostname: \n
IP:
___________ _____________________________
\\\__ ___/ \\\______ \\\_____ \\\__ ___/
| | ______ | ___// | \\\| |
| | /_____/ | | / | \\\ |
|____| |____| \\\_______ /____|
\\\/
CTRL+ALT+F2 - Display current container status
CTRL+ALT+F1 - Return to this screen
EOF EOF
# Let's update rc.local
fuECHO "### Updating rc.local."
tee /etc/rc.local.new <<EOF tee /etc/rc.local.new <<EOF
#!/bin/sh -e #!/bin/sh -e
# Let's add the first local ip to the /etc/issue file # Let's add the first local ip to the /etc/issue file
sed -i "s#IP:.*#IP: \$(hostname -I | awk '{ print \$1 }')#" /etc/issue sed -i "s#IP:.*#IP: \$(hostname -I | awk '{ print \$1 }')#" /etc/issue
if [ -f /var/run/check.lock ];
then rm /var/run/check.lock
fi
setupcon setupcon
exit 0 exit 0
EOF EOF
@ -333,4 +125,6 @@ chmod +x /etc/rc.local.new
# Final steps # Final steps
fuECHO "### Thanks for your patience. Now rebooting." fuECHO "### Thanks for your patience. Now rebooting."
mv /root/upstart/*.conf /etc/init/
rm -rf /root/upstart/
mv /etc/rc.local.new /etc/rc.local && chage -d 0 tsec && sleep 2 && reboot mv /etc/rc.local.new /etc/rc.local && chage -d 0 tsec && sleep 2 && reboot

24
installer/upstart/dionaea.conf Normal file
View file

@ -0,0 +1,24 @@
########################################################
# T-Pot Community Edition #
# Dionaea upstart script #
# #
# v0.50 by mo, DTAG, 2015-01-27 #
########################################################
description "Dionaea"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing dionaea containers
myCID=$(docker ps -a | grep dionaea | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm $myCID;
fi
end script
script
# Delayed start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8080:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5061:5061 -p 5060:5060 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea dtagdevsec/dionaea
end script

58
installer/upstart/docker.conf Normal file
View file

@ -0,0 +1,58 @@
description "Docker daemon"
start on (local-filesystems and net-device-up IFACE!=lo)
stop on runlevel [!2345]
limit nofile 524288 1048576
limit nproc 524288 1048576
respawn
pre-start script
# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
if grep -v '^#' /etc/fstab | grep -q cgroup \
|| [ ! -e /proc/cgroups ] \
|| [ ! -d /sys/fs/cgroup ]; then
exit 0
fi
if ! mountpoint -q /sys/fs/cgroup; then
mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
fi
(
cd /sys/fs/cgroup
for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
mkdir -p $sys
if ! mountpoint -q $sys; then
if ! mount -n -t cgroup -o $sys cgroup $sys; then
rmdir $sys || true
fi
fi
done
)
end script
script
# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
DOCKER=/usr/bin/$UPSTART_JOB
DOCKER_OPTS=
if [ -f /etc/default/$UPSTART_JOB ]; then
. /etc/default/$UPSTART_JOB
fi
exec "$DOCKER" -d $DOCKER_OPTS
end script
# Don't emit "started" event until docker.sock is ready.
# See https://github.com/docker/docker/issues/6647
post-start script
DOCKER_OPTS=
if [ -f /etc/default/$UPSTART_JOB ]; then
. /etc/default/$UPSTART_JOB
fi
if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
while ! [ -e /var/run/docker.sock ]; do
initctl status $UPSTART_JOB | grep -q "stop/" && exit 1
echo "Waiting for /var/run/docker.sock"
sleep 0.1
done
echo "/var/run/docker.sock is up"
fi
end script

24
installer/upstart/elk.conf Normal file
View file

@ -0,0 +1,24 @@
########################################################
# T-Pot Community Edition #
# ELK upstart script #
# #
# v0.50 by mo, DTAG, 2015-01-27 #
########################################################
description "ELK"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing elk containers
myCID=$(docker ps -a | grep elk | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm $myCID;
fi
end script
script
# Delayed start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
/usr/bin/docker run --name=elk --volumes-from ews --volumes-from suricata -v /data/elk/:/data/elk/ -p 127.0.0.1:64296:80 --rm=true dtagdevsec/elk
end script

24
installer/upstart/ews.conf Normal file
View file

@ -0,0 +1,24 @@
########################################################
# T-Pot Community Edition #
# EWS upstart script #
# #
# v0.50 by mo, DTAG, 2015-01-27 #
########################################################
description "EWS"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing ews containers
myCID=$(docker ps -a | grep ews | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm $myCID;
fi
end script
script
# Delayed start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
/usr/bin/docker run --name ews --volumes-from dionaea --volumes-from glastopf --volumes-from honeytrap --volumes-from kippo --rm=true -v /data/ews/:/data/ews/ --link kippo:kippo dtagdevsec/ews
end script

24
installer/upstart/glastopf.conf Normal file
View file

@ -0,0 +1,24 @@
########################################################
# T-Pot Community Edition #
# Glastopf upstart script #
# #
# v0.50 by mo, DTAG, 2015-01-27 #
########################################################
description "Glastopf"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing glastopf containers
myCID=$(docker ps -a | grep glastopf | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm $myCID;
fi
end script
script
# Delayed start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
/usr/bin/docker run --name glastopf --rm=true -p 80:80 -v /data/glastopf dtagdevsec/glastopf
end script

28
installer/upstart/honeytrap.conf Normal file
View file

@ -0,0 +1,28 @@
########################################################
# T-Pot Community Edition #
# Honeytrap upstart script #
# #
# v0.50 by mo, DTAG, 2015-01-27 #
########################################################
description "Honeytrap"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing honeytrap containers
myCID=$(docker ps -a | grep honeytrap | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm $myCID;
fi
/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
end script
script
# Delayed start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap dtagdevsec/honeytrap
end script
post-stop script
/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
end script

24
installer/upstart/kippo.conf Normal file
View file

@ -0,0 +1,24 @@
########################################################
# T-Pot Community Edition #
# Kippo upstart script #
# #
# v0.50 by mo, DTAG, 2015-01-27 #
########################################################
description "Kippo"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing kippo containers
myCID=$(docker ps -a | grep kippo | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm $myCID;
fi
end script
script
# Delayed start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
/usr/bin/docker run --name kippo --rm=true -p 22:2222 -v /data/kippo dtagdevsec/kippo
end script

28
installer/upstart/suricata.conf Normal file
View file

@ -0,0 +1,28 @@
########################################################
# T-Pot Community Edition #
# Suricata upstart script #
# #
# v0.50 by mo, DTAG, 2015-01-27 #
########################################################
description "Suricata"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
# Remove any existing suricata containers
myCID=$(docker ps -a | grep suricata | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm $myCID;
fi
myIF=$(route | grep default | awk '{ print $8 }')
/sbin/ethtool --offload $myIF rx off tx off
/sbin/ethtool -K $myIF gso off gro off
/sbin/ip link set $myIF promisc on
end script
script
# Delayed start to avoid rapid respawning
sleep $(((RANDOM % 5)+5))
/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata/ dtagdevsec/suricata
end script

9
makeiso.sh
View file

@ -1,9 +1,10 @@
#!/bin/bash #!/bin/bash
######################################################## ########################################################
# .iso maker for tpotce # # T-Pot Community Edition #
# .ISO maker #
# # # #
# # # v0.10 by mo, DTAG, 2015-01-27 #
# v0.04 by mo, 2014-12-11 #
######################################################## ########################################################
# Let's define some global vars # Let's define some global vars
@ -47,7 +48,7 @@ losetup -d /dev/loop0
# Let's add the files for the automated install # Let's add the files for the automated install
fuECHO "### Adding the automated install files." fuECHO "### Adding the automated install files."
mkdir -p $myTPOTCEDIR/tpotce mkdir -p $myTPOTCEDIR/tpotce
cp installer/* $myTPOTCEDIR/tpotce/ cp installer/* -r $myTPOTCEDIR/tpotce/
cp isolinux/* $myTPOTCEDIR/isolinux/ cp isolinux/* $myTPOTCEDIR/isolinux/
cp kickstart/* $myTPOTCEDIR/tpotce/ cp kickstart/* $myTPOTCEDIR/tpotce/
cp preseed/* $myTPOTCEDIR/tpotce/ cp preseed/* $myTPOTCEDIR/tpotce/

6
preseed/tpotce.seed
View file

@ -36,7 +36,11 @@ d-i pkgsel/update-policy select unattended-upgrades
# Post install # Post install
d-i preseed/late_command string \ d-i preseed/late_command string \
cp /cdrom/tpotce/install1.sh /target/etc/rc.local; \ cp /cdrom/tpotce/install1.sh /target/etc/rc.local; \
cp /cdrom/tpotce/install2.sh /target/root/install.sh cp /cdrom/tpotce/install2.sh /target/root/install.sh; \
cp /cdrom/tpotce/bin/*.sh /target/usr/bin/; \
cp /cdrom/tpotce/etc/issue /target/etc/; \
cp /cdrom/tpotce/home/*.sh /target/home/tsec/; \
cp -r /cdrom/tpotce/upstart/ /target/root/
# Reboot # Reboot
d-i finish-install/reboot_in_progress note d-i finish-install/reboot_in_progress note

1
tpotce Submodule

@ -0,0 +1 @@
Subproject commit 43e4f47977152a51ecb20ea104962caa87bbaaa6