finetuning

add p0f
change some defaults

installer/bin/clean.sh

@@ -94,6 +94,14 @@ fuSURICATA () {
   chown tpot:tpot -R /data/suricata
 }
 
+# Let's create a function to clean up and prepare p0f data
+fuP0F () {
+  rm -rf /data/p0f/*
+  mkdir -p /data/p0f/log
+  chmod 760 -R /data/p0f
+  chown tpot:tpot -R /data/p0f
+}
+
 fuCONPOT
 fuCOWRIE
 fuDIONAEA
@@ -104,3 +112,4 @@ fuGLASTOPF
 fuHONEYTRAP
 fuSPIDERFOOT
 fuSURICATA
+fuP0F

installer/bin/dps.sh

@@ -10,7 +10,6 @@ stty -echo -icanon time 0 min 0
 myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2)
 while true
   do
-    clear
     echo ""
     echo "======| System |======"
     echo Date:"     "$(date)

installer/etc/tpot/systemd/tpot.service

@@ -39,7 +39,7 @@ ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
 
 # Compose T-Pot up
-ExecStart=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml up
+ExecStart=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml up --no-color
 
 # Compose T-Pot down, remove containers and volumes
 ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v

installer/install.sh

@@ -445,6 +445,7 @@ mkdir -p /data/conpot/log \
          /data/ews/conf \
          /data/spiderfoot \
          /data/suricata/log /home/tsec/.ssh/ \
+         /data/p0f/log \
          /etc/tpot/elk /etc/tpot/compose /etc/tpot/systemd \
          /usr/share/tpot/bin 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
 touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF