diff --git a/docker/elk/elasticsearch/Dockerfile b/docker/elk/elasticsearch/Dockerfile index e2c73d0a..bc6df649 100644 --- a/docker/elk/elasticsearch/Dockerfile +++ b/docker/elk/elasticsearch/Dockerfile @@ -1,7 +1,7 @@ FROM alpine # # VARS -ENV ES_VER=7.7.0 \ +ENV ES_VER=7.7.1 \ JAVA_HOME=/usr/lib/jvm/java-11-openjdk # Include dist ADD dist/ /root/dist/ diff --git a/docker/elk/kibana/Dockerfile b/docker/elk/kibana/Dockerfile index 51aafcf3..b1b1f9e1 100644 --- a/docker/elk/kibana/Dockerfile +++ b/docker/elk/kibana/Dockerfile @@ -1,7 +1,7 @@ FROM node:10.19.0-alpine # # VARS -ENV KB_VER=7.7.0 +ENV KB_VER=7.7.1 # # Include dist ADD dist/ /root/dist/ diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile index 1f7925c1..356508d1 100644 --- a/docker/elk/logstash/Dockerfile +++ b/docker/elk/logstash/Dockerfile @@ -1,7 +1,7 @@ FROM alpine # # VARS -ENV LS_VER=7.7.0 +ENV LS_VER=7.7.1 # Include dist ADD dist/ /root/dist/ # @@ -36,7 +36,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \ chmod u+x /usr/bin/update.sh && \ mkdir -p /etc/logstash/conf.d && \ cp logstash.conf /etc/logstash/conf.d/ && \ - cp elasticsearch-template-es7x.json /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.5.1-java/lib/logstash/outputs/elasticsearch/ && \ + cp elasticsearch-template-es7x.json /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/ && \ # # Setup user, groups and configs addgroup -g 2000 logstash && \ diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 80dac96d..d58d590e 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -14,7 +14,7 @@ myLSB_STABLE_SUPPORTED="stretch buster" myLSB_TESTING_SUPPORTED="stable" myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org https://listbot.sicherheitstacho.eu" myPREINSTALLPACKAGES="aria2 apache2-utils cracklib-runtime curl dialog figlet fuse grc libcrack2 libpq-dev lsb-release netselect-apt net-tools software-properties-common toilet" -myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose elasticsearch-curator ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail netselect-apt net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common syslinux psmisc pv python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" +myINSTALLPACKAGES="aria2 apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail netselect-apt net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common syslinux psmisc pv python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" myINFO="\ ########################################### ### T-Pot Installer for Debian (Stable) ### @@ -310,9 +310,9 @@ EOF apt-fast -y install $myINSTALLPACKAGES # Remove exim4 echo "### Removing and holding back problematic packages ..." - apt-fast -y purge exim4-base mailutils pcp cockpit-pcp + apt-fast -y purge exim4-base mailutils pcp cockpit-pcp elasticsearch-curator apt-fast -y autoremove - apt-mark hold exim4-base mailutils pcp cockpit-pcp + apt-mark hold exim4-base mailutils pcp cockpit-pcp elasticsearch-curator } # Check for other services @@ -681,10 +681,10 @@ echo "$myNETWORK_WLANEXAMPLE" | tee -a /etc/network/interfaces fuBANNER "SSH roaming off" echo "UseRoaming no" | tee -a /etc/ssh/ssh_config -# Installing elasticdump, yq +# Installing elasticdump, elasticsearch-curator, yq fuBANNER "Installing pkgs" npm install elasticdump -g -pip3 install yq +pip3 install elasticsearch-curator yq hash -r # Cloning T-Pot from GitHub @@ -775,29 +775,30 @@ echo "$myCRONJOBS" | tee -a /etc/crontab # Let's create some files and folders fuBANNER "Files & folders" -mkdir -p /data/adbhoney/downloads /data/adbhoney/log \ +mkdir -vp /data/adbhoney/{downloads,log} \ /data/ciscoasa/log \ - /data/citrixhoneypot/logs \ - /data/conpot/log \ - /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \ - /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \ + /data/conpot/log \ + /data/citrixhoneypot/logs \ + /data/cowrie/{downloads,keys,misc,log,log/tty} \ + /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ /data/elasticpot/log \ - /data/elk/data /data/elk/log \ - /data/fatt/log \ - /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \ + /data/elk/{data,log} \ + /data/fatt/log \ + /data/honeytrap/{log,attacks,downloads} \ /data/glutton/log \ /data/heralding/log \ /data/honeypy/log \ /data/mailoney/log \ /data/medpot/log \ - /data/nginx/log /data/nginx/heimdall \ + /data/nginx/{log,heimdall} \ /data/emobility/log \ /data/ews/conf \ /data/rdpy/log \ /data/spiderfoot \ - /data/suricata/log /home/tsec/.ssh/ \ - /data/tanner/log /data/tanner/files \ - /data/p0f/log + /data/suricata/log \ + /data/tanner/{log,files} \ + /data/p0f/log \ + /home/tsec/.ssh/ touch /data/spiderfoot/spiderfoot.db touch /data/nginx/log/error.log diff --git a/update.sh b/update.sh index 1b107313..343a5490 100755 --- a/update.sh +++ b/update.sh @@ -183,9 +183,10 @@ function fuUPDATER () { export DEBIAN_FRONTEND=noninteractive echo "### Installing apt-fast" /bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)" -local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose elasticsearch-curator ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail netselect-apt net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common syslinux psmisc pv python3-elasticsearch-curator python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" -echo "### Removing pip based install of elasticsearch-curator" -pip3 uninstall elasticsearch-curator -y +local myPACKAGES="aria2 apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit console-setup console-setup-linux cracklib-runtime curl debconf-utils dialog dnsutils docker.io docker-compose ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 libpam-google-authenticator man mosh multitail netselect-apt net-tools npm ntp openssh-server openssl pass pigz prips software-properties-common syslinux psmisc pv python3-elasticsearch-curator python3-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" +# Remove purge in the future +echo "### Removing repository based install of elasticsearch-curator" +apt-get purge elasticsearch-curator -y hash -r echo "### Now upgrading packages ..." dpkg --configure -a @@ -201,10 +202,12 @@ apt-fast -y dist-upgrade -o Dpkg::Options::="--force-confdef" -o Dpkg::Options:: dpkg --configure -a npm install elasticdump -g pip3 install --upgrade yq +# Remove --force switch in the future ... +pip3 install elasticsearch-curator --force -y hash -r echo "### Removing and holding back problematic packages ..." -apt-fast -y purge exim4-base mailutils pcp cockpit-pcp -apt-mark hold exim4-base mailutils pcp cockpit-pcp +apt-fast -y purge exim4-base mailutils pcp cockpit-pcp elasticsearch-curator +apt-mark hold exim4-base mailutils pcp cockpit-pcp elasticsearch-curator echo echo "### Now replacing T-Pot related config files on host" @@ -219,29 +222,30 @@ echo "Port 64295" >> /etc/ssh/sshd_config echo ### Ensure creation of T-Pot related folders, just in case -mkdir -p /data/adbhoney/downloads /data/adbhoney/log \ +mkdir -vp /data/adbhoney/{downloads,log} \ /data/ciscoasa/log \ /data/conpot/log \ /data/citrixhoneypot/logs \ - /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \ - /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \ + /data/cowrie/{downloads,keys,misc,log,log/tty} \ + /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ /data/elasticpot/log \ - /data/elk/data /data/elk/log \ + /data/elk/{data,log} \ /data/fatt/log \ - /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \ + /data/honeytrap/{log,attacks,downloads} \ /data/glutton/log \ /data/heralding/log \ /data/honeypy/log \ /data/mailoney/log \ /data/medpot/log \ - /data/nginx/log /data/nginx/heimdall \ + /data/nginx/{log,heimdall} \ /data/emobility/log \ /data/ews/conf \ /data/rdpy/log \ /data/spiderfoot \ - /data/suricata/log /home/tsec/.ssh/ \ - /data/tanner/log /data/tanner/files \ - /data/p0f/log + /data/suricata/log \ + /data/tanner/{log,files} \ + /data/p0f/log \ + /home/tsec/.ssh/ ### Let's take care of some files and permissions chmod 770 -R /data