Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 04:22:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tweak install script and configs

Browse source
This commit is contained in:
Marco Ochse 2023-06-30 22:03:53 +02:00
parent 58ca11f85e
commit 4df54390dc
3 changed files with 117 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.env
View file

@ -4,8 +4,8 @@
# Removing the password after first run is recommended # Removing the password after first run is recommended
# You can always add or remove users as you see fit using htpasswd: # You can always add or remove users as you see fit using htpasswd:
# htpasswd -b -c /<data_folder>/nginx/conf/nginxpasswd <username> <password> # htpasswd -b -c /<data_folder>/nginx/conf/nginxpasswd <username> <password>
WEB_USER=changeme WEB_USER='changeme'
WEB_PW=changeme WEB_PW='changeme'
# T-Pot Blackhole # T-Pot Blackhole
# ENABLED: T-Pot will download a db of known mass scanners and nullroute them # ENABLED: T-Pot will download a db of known mass scanners and nullroute them
@ -32,7 +32,9 @@ TPOT_DOCKER_ENV=./.env
TPOT_DOCKER_COMPOSE=./docker-compose.yml TPOT_DOCKER_COMPOSE=./docker-compose.yml
# T-Pot Repo # T-Pot Repo
#TPOT_REPO=dtagdevsec # Depending on where you are located you may choose between DockerHub and GHCR
# dtagdevsec: This will use the DockerHub image registry
# ghcr.io/telekom-security: This will use the GitHub container registry
TPOT_REPO=ghcr.io/telekom-security TPOT_REPO=ghcr.io/telekom-security
# T-Pot Version Tag # T-Pot Version Tag

9
env.example
View file

@ -1,11 +1,11 @@
# T-Pot Light config file. Do not remove. # T-Pot config file. Do not remove.
# Set Web username and password here, only required for first run # Set Web username and password here, only required for first run
# Removing the password after first run is recommended # Removing the password after first run is recommended
# You can always add or remove users as you see fit using htpasswd: # You can always add or remove users as you see fit using htpasswd:
# htpasswd -b -c /<data_folder>/nginx/conf/nginxpasswd <username> <password> # htpasswd -b -c /<data_folder>/nginx/conf/nginxpasswd <username> <password>
WEB_USER=changeme WEB_USER='changeme'
WEB_PW=changeme WEB_PW='changeme'
# T-Pot Blackhole # T-Pot Blackhole
# ENABLED: T-Pot will download a db of known mass scanners and nullroute them # ENABLED: T-Pot will download a db of known mass scanners and nullroute them
@ -32,6 +32,9 @@ TPOT_DOCKER_ENV=./.env
TPOT_DOCKER_COMPOSE=./docker-compose.yml TPOT_DOCKER_COMPOSE=./docker-compose.yml
# T-Pot Repo # T-Pot Repo
# Depending on where you are located you may choose between DockerHub and GHCR
# dtagdevsec: This will use the DockerHub image registry
# ghcr.io/telekom-security: This will use the GitHub container registry
TPOT_REPO=dtagdevsec TPOT_REPO=dtagdevsec
# T-Pot Version Tag # T-Pot Version Tag

126
install.sh
View file

@ -1,5 +1,8 @@
#!/bin/bash #!/bin/bash
myINSTALL_NOTIFICATION="### Now installing required packages ..."
myUSER=$(whoami)
myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env"
myPACKAGES="ansible wget" myPACKAGES="ansible wget"
myINSTALLER=$(cat << "EOF" myINSTALLER=$(cat << "EOF"
_____ ____ _ ___ _ _ _ _____ ____ _ ___ _ _ _
@ -11,9 +14,10 @@ EOF
) )
# Check if running with root privileges # Check if running with root privileges
if [ $EUID -eq 0 ]; if [ ${EUID} -eq 0 ];
then then
echo "This script should not be run as root. Please run it as a regular user." echo "This script should not be run as root. Please run it as a regular user."
echo
exit 1 exit 1
fi fi
@ -24,6 +28,7 @@ myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"'
if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]];
then then
echo "### Only the following distributions are supported: Fedora, Debian, openSUSE Tumbleweed and Ubuntu." echo "### Only the following distributions are supported: Fedora, Debian, openSUSE Tumbleweed and Ubuntu."
echo
exit 1 exit 1
fi fi
@ -32,11 +37,13 @@ echo "$myINSTALLER"
echo echo
echo echo
echo "### This script will now install T-Pot and all of its dependencies." echo "### This script will now install T-Pot and all of its dependencies."
while [ "$myQST" != "y" ] && [ "$myQST" != "n" ]; while [ "${myQST}" != "y" ] && [ "{$myQST}" != "n" ];
do do
echo
read -p "### Install? (y/n) " myQST read -p "### Install? (y/n) " myQST
echo
done done
if [ "$myQST" = "n" ]; if [ "${myQST}" = "n" ];
then then
echo echo
echo "### Aborting!" echo "### Aborting!"
@ -45,26 +52,37 @@ if [ "$myQST" = "n" ];
fi fi
# Install packages based on the distribution # Install packages based on the distribution
case $myCURRENT_DISTRIBUTION in case ${myCURRENT_DISTRIBUTION} in
"Fedora Linux") "Fedora Linux")
echo
echo ${myINSTALL_NOTIFICATION}
echo
sudo dnf update -y sudo dnf update -y
sudo dnf install -y ${myPACKAGES} sudo dnf install -y cracklib ${myPACKAGES}
;; ;;
"Debian GNU/Linux"|"Ubuntu") "Debian GNU/Linux"|"Ubuntu")
if ! command -v sudo >/dev/null; echo
echo ${myINSTALL_NOTIFICATION}
echo
if ! command -v sudo >/dev/null;
then then
echo "### sudo is not installed. To continue you need to provide the root password ... " echo "### sudo is not installed. To continue you need to provide the root password"
echo "### ... or press CTRL-C to manually install sudo and add your user to the sudoers." echo "### or press CTRL-C to manually install sudo and add your user to the sudoers."
su -c "apt -y update && apt -y install sudo ${myPACKAGES}" echo
su -c "/usr/sbin/usermod -aG sudo $(whoami)" su -c "apt -y update && \
# Refresh groups, so sudo is directly usable apt -y install sudo cracklib-runtime ${myPACKAGES} && \
newgrp sudo /usr/sbin/usermod -aG sudo ${myUSER} && \
echo '${myUSER} ALL=(ALL:ALL) ALL' | tee /etc/sudoers.d/${myUSER} >/dev/null && \
chmod 440 /etc/sudoers.d/${myUSER}"
else else
sudo apt update sudo apt update
sudo apt install -y ${myPACKAGES} sudo apt install -y cracklib ${myPACKAGES}
fi fi
;; ;;
"openSUSE Tumbleweed") "openSUSE Tumbleweed")
echo
echo ${myINSTALL_NOTIFICATION}
echo
sudo zypper refresh sudo zypper refresh
sudo zypper install -y ${myPACKAGES} sudo zypper install -y ${myPACKAGES}
echo "export ANSIBLE_PYTHON_INTERPRETER=/bin/python3" | sudo tee /etc/profile.d/ansible.sh >/dev/null echo "export ANSIBLE_PYTHON_INTERPRETER=/bin/python3" | sudo tee /etc/profile.d/ansible.sh >/dev/null
@ -73,7 +91,7 @@ case $myCURRENT_DISTRIBUTION in
esac esac
echo echo
# Check if sudo access is available # Check type of sudo access
sudo -n true > /dev/null 2>&1 sudo -n true > /dev/null 2>&1
if [ $? -eq 1 ]; if [ $? -eq 1 ];
then then
@ -102,18 +120,86 @@ fi
echo "### Now running T-Pot Ansible Installation Playbook ..." echo "### Now running T-Pot Ansible Installation Playbook ..."
echo "### Ansible will ask for the BECOME password which is typically the password you sudo with." echo "### Ansible will ask for the BECOME password which is typically the password you sudo with."
echo echo
ANSIBLE_LOG_PATH=$PWD/install_tpot.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -i 127.0.0.1, -c local ${myANSIBLE_BECOME_OPTION} ANSIBLE_LOG_PATH=${PWD}/install_tpot.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -i 127.0.0.1, -c local ${myANSIBLE_BECOME_OPTION}
# Asking for web user name
myWEB_USER=""
while [ 1 != 2 ];
do
myOK=""
read -rp "### Enter your web user name: " myWEB_USER
myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-")
echo "### Your username is: ${myWEB_USER}"
while [[ ! "${myOK}" =~ [YyNn] ]];
do
read -rp "### Is this correct? (y/n) " myOK
done
if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ];
then
break
else
echo
fi
done
# Asking for web user password
myWEB_PW="pass1"
myWEB_PW2="pass2"
mySECURE=0
myOK=""
while [ "${myWEB_PW}" != "${myWEB_PW2}" ] && [ "${mySECURE}" == "0" ]
do
echo
while [ "${myWEB_PW}" == "pass1" ] || [ "${myWEB_PW}" == "" ]
do
read -rsp "### Enter password for your web user: " myWEB_PW
echo
done
read -rsp "### Repeat password you your web user: " myWEB_PW2
echo
if [ "${myWEB_PW}" != "${myWEB_PW2}" ];
then
echo "### Passwords do not match."
myWEB_PW="pass1"
myWEB_PW2="pass2"
fi
mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK")
if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ];
then
while [[ ! "${myOK}" =~ [YyNn] ]];
do
read -rp "### Keep insecure password? (y/n) " myOK
done
if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ];
then
myWEB_PW="pass1"
myWEB_PW2="pass2"
mySECURE=0
myOK=""
fi
fi
done
# Write username and password to T-Pot config file
echo "### Writing username and password to T-Pot config file: ${myTPOT_CONF_FILE}"
echo "### You can empty the password <WEB_PW=''> after the first start of T-Pot."
echo
sed -i "/^WEB_USER=/s/.*/WEB_USER='${myWEB_USER}'/" ${myTPOT_CONF_FILE}
sed -i "/^WEB_PW=/s/.*/WEB_PW='${myWEB_PW}'/" ${myTPOT_CONF_FILE}
# Pull docker images # Pull docker images
echo "### Now pulling images ..." echo "### Now pulling images ..."
docker compose -f /home/$(whoami)/tpotce/docker-compose.yml pull sudo docker compose -f /home/${myUSER}/tpotce/docker-compose.yml pull
echo echo
# Done and show running services # Show running services
echo "### Please review for possible honeypot port conflicts."
echo "### While SSH is taken care of, other services such as"
echo "### SMTP, HTTP, etc. might prevent T-Pot from starting."
echo
sudo grc netstat -tulpen sudo grc netstat -tulpen
echo "Please review for possible honeypot port conflicts." echo
echo "While SSH is taken care of, other services such as"
echo "SMTP, HTTP, etc. might prevent T-Pot from starting."
# Done
echo "Done. Please reboot and re-connect via SSH on tcp/64295." echo "Done. Please reboot and re-connect via SSH on tcp/64295."
echo echo