From 4f41b84103bce45abc885a16c2594ce0f4844381 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Mon, 19 Feb 2024 17:34:14 +0100 Subject: [PATCH] Adjust T-Pot config file, tpotinit fix logrotate.conf path add tpotinit logging add support for LS_WEB_USER in tpot config (.env) make tpotinit always validate config / adjust users on tpotinit start --- .env | 95 ++++++++++++++---------- .gitignore | 1 + docker/tpotinit/dist/bin/clean.sh | 2 +- docker/tpotinit/dist/entrypoint.sh | 115 +++++++++++++++++++++-------- docker/tpotinit/docker-compose.yml | 7 +- env.example | 93 +++++++++++++---------- 6 files changed, 201 insertions(+), 112 deletions(-) diff --git a/.env b/.env index 27acb9cc..7117094e 100644 --- a/.env +++ b/.env @@ -4,49 +4,66 @@ # T-Pot Base Settings - Adjust to your needs. # ############################################### -# Set Web username and password here, it will be used to create the Nginx password file nginxpasswd. -# Use 'htpasswd -n ' to create the WEB_USER if you want to manually deploy T-Pot -# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 -# Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' -WEB_USER='change:me' +# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd. +# : This is the default +# <'htpasswd encoded usernames / passwords'>: +# Use 'htpasswd -n ' to create the WEB_USER if you want to manually deploy T-Pot +# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 +# Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' +# Multiple users are possible, example (notice the quotes!): +# WEB_USER='user1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 +# user2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' +WEB_USER= + +# Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd. +# The Lostsash Web usernames are used for T-Pot log ingestion via Logstash, each sensor should have its own user. +# : This is empty by default. +# <'htpasswd encoded usernames / passwords'>: +# Use 'htpasswd -n ' to create the LS_WEB_USER if you want to manually deploy T-Pot +# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 +# Copy the string and replace / add LS_WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' +# Multiple users are possible, example (notice the quotes!): +# LS_WEB_USER='sensor1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 +# sensor2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' +LS_WEB_USER= # T-Pot Blackhole -# ENABLED: T-Pot will download a db of known mass scanners and nullroute them +# ENABLED: T-Pot will download a db of known mass scanners and nullroute them. # Be aware, this will put T-Pot off the map for stealth reasons and -# you will get less traffic. Routes will active until reboot and will -# be re-added with every T-Pot start until disabled. +# you will get less traffic. Routes will be active until next reboot +# and will be re-added with every T-Pot start until disabled. # DISABLED: This is the default and no stealth efforts are in place. TPOT_BLACKHOLE=DISABLED # T-Pot Persistence -# on: This is the default. T-Pot will keep the honeypot logfiles and rotate -# with logrotate for 30 days. -# off: This is recommended for Raspberry Pi or setups with weaker CPUs or -# if you just do not need any of the logfiles. +# on: This is the default. T-Pot will keep the honeypot logfiles and rotate +# with logrotate for 30 days. +# off: This is recommended for Raspberry Pi or setups with weaker CPUs or +# if you just do not need any of the logfiles. TPOT_PERSISTENCE=on # T-Pot Type -# HIVE: This is the default and offers everything to connect T-Pot sensors. -# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other -# settings as well. -# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml -# 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to -# your SENSOR host to ~/tpotce/data/hive.crt -# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below -# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd ' -# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string: -# "echo -n 'username:password' | base64" +# HIVE: This is the default and offers everything to connect T-Pot sensors. +# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other +# settings as well. +# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml +# 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to +# your SENSOR host to ~/tpotce/data/hive.crt +# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below +# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd ' +# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string: +# "echo -n 'username:password' | base64" TPOT_TYPE=HIVE # T-Pot Hive User (only relevant for SENSOR deployment) -# : This is empty by default. -# : Provide a base64 encoded string "echo -n 'username:password' | base64" -# i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ=' +# : This is empty by default. +# : Provide a base64 encoded string "echo -n 'username:password' | base64" +# i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ=' TPOT_HIVE_USER= # T-Pot Hive IP (only relevant for SENSOR deployment) -# : This is empty by default. -# : This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local) +# : This is empty by default. +# : This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local) TPOT_HIVE_IP= # T-Pot AttackMap Text Output @@ -68,16 +85,16 @@ TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC ################################################################################### # SentryPeer P2P mode -# Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1) -# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show -# the bad actors in its logs. Therefore this option is opt-in based. -# 0: This is the default, P2P mode is disabled. -# 1: Enable P2P mode. +# Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1) +# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show +# the bad actors in its logs. Therefore this option is opt-in based. +# 0: This is the default, P2P mode is disabled. +# 1: Enable P2P mode. SENTRYPEER_PEER_TO_PEER=0 # Suricata ET Pro ruleset -# OPEN: This is the default and will the ET Open ruleset -# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset +# OPEN: This is the default and will the ET Open ruleset +# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset OINKCODE=OPEN @@ -94,11 +111,11 @@ TPOT_DOCKER_ENV=./.env # Docker-Compose file TPOT_DOCKER_COMPOSE=./docker-compose.yml -# T-Pot Repo -# Depending on where you are located you may choose between DockerHub and GHCR -# dtagdevsec: This will use the DockerHub image registry -# ghcr.io/telekom-security: This will use the GitHub container registry -TPOT_REPO=ghcr.io/telekom-security +# T-Pot Docker Repo +# Depending on where you are located you may choose between DockerHub and GHCR +# dtagdevsec: This will use the DockerHub image registry +# ghcr.io/telekom-security: This will use the GitHub container registry +TPOT_REPO=dtagdevsec # T-Pot Version Tag TPOT_VERSION=alpha diff --git a/.gitignore b/.gitignore index 1a71d47e..1a98f270 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ data/ **/.DS_Store .idea +install_tpot.log diff --git a/docker/tpotinit/dist/bin/clean.sh b/docker/tpotinit/dist/bin/clean.sh index 9ba35196..faf12068 100755 --- a/docker/tpotinit/dist/bin/clean.sh +++ b/docker/tpotinit/dist/bin/clean.sh @@ -20,7 +20,7 @@ echo $(ls $myFOLDER | wc -l) # Let's create a function to rotate and compress logs fuLOGROTATE () { - local mySTATUS="/opt/tpot/etc/logrotate/status" + local mySTATUS="/data/tpot/etc/logrotate/status" local myCONF="/opt/tpot/etc/logrotate/logrotate.conf" local myADBHONEYTGZ="/data/adbhoney/downloads.tgz" local myADBHONEYDL="/data/adbhoney/downloads/" diff --git a/docker/tpotinit/dist/entrypoint.sh b/docker/tpotinit/dist/entrypoint.sh index 119c513f..559fd67b 100755 --- a/docker/tpotinit/dist/entrypoint.sh +++ b/docker/tpotinit/dist/entrypoint.sh @@ -1,6 +1,7 @@ #!/bin/bash COMPOSE="/tmp/tpot/docker-compose.yml" +exec > >(tee /data/tpotinit.log) 2>&1 # Function to check if a variable is set, not empty check_var() { @@ -10,7 +11,7 @@ check_var() { # Check if variable is set and not empty if [[ -z "$var_value" ]]; then - echo "# Error: $var_name is not set or empty." + echo "# Error: $var_name is not set or empty. Please check T-Pot config file (.env)." echo echo "# Aborting" exit 1 @@ -25,7 +26,7 @@ check_safety() { # General safety check for most variables if [[ $var_value =~ [^a-zA-Z0-9_/.:-] ]]; then - echo "# Error: Unsafe characters detected in $var_name." + echo "# Error: Unsafe characters detected in $var_name. Please check T-Pot config file (.env)." echo echo "# Aborting" exit 1 @@ -41,7 +42,7 @@ check_web_user_safety() { for user in $web_user; do # Allow alphanumeric, $, ., /, and : for WEB_USER (to accommodate htpasswd hash) if [[ ! $user =~ ^[a-zA-Z0-9]+:\$apr1\$[a-zA-Z0-9./]+\$[a-zA-Z0-9./]+$ ]]; then - echo "# Error: Unsafe characters / wrong format detected in WEB_USER for user $user." + echo "# Error: Unsafe characters / wrong format detected in (LS_)WEB_USER for user $user. Please check T-Pot config file (.env)." echo echo "# Aborting" exit 1 @@ -58,7 +59,7 @@ validate_format() { TPOT_BLACKHOLE|TPOT_PERSISTENCE|TPOT_ATTACKMAP_TEXT) if ! [[ $var_value =~ ^(ENABLED|DISABLED|on|off|true|false)$ ]]; then - echo "# Error: Invalid value for $var_name. Expected ENABLED/DISABLED, on/off, true/false." + echo "# Error: Invalid value for $var_name. Expected ENABLED/DISABLED, on/off, true/false. Please check T-Pot config file (.env)." echo echo "# Aborting" exit 1 @@ -70,28 +71,49 @@ validate_format() { esac } -create_web_users() { - echo - echo "# Creating web user from .env ..." - echo - echo "${WEB_USER}" > /data/nginx/conf/nginxpasswd - touch /data/nginx/conf/lswebpasswd +validate_ip_or_domain() { + local myCHECK=$1 + + # Regular expression for validating IPv4 addresses + local ipv4Regex='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' + + # Regular expression for validating domain names (including subdomains) + local domainRegex='^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' + + # Check if TPOT_HIVE_IP matches IPv4 or domain name + if [[ $myCHECK =~ $ipv4Regex ]]; then + echo "$myCHECK is a valid IPv4 address." + elif [[ $myCHECK =~ $domainRegex ]]; then + echo "$myCHECK is a valid domain name." + else + echo "# Error: $myCHECK is not a valid IPv4 address or domain name. Please check T-Pot config file (.env)." + echo + echo "# Aborting" + exit 1 + fi } -# Validate environment variables -for var in TPOT_BLACKHOLE TPOT_PERSISTENCE TPOT_ATTACKMAP_TEXT TPOT_ATTACKMAP_TEXT_TIMEZONE TPOT_REPO TPOT_VERSION TPOT_PULL_POLICY TPOT_OSTYPE; - do - check_var "$var" - check_safety "$var" - validate_format "$var" -done +validate_base64() { + local myCHECK=$1 -# Specific check for WEB_USER -check_var "WEB_USER" -check_web_user_safety "$WEB_USER" - -echo "# All settings seem to be valid." + # Base64 pattern match + if [[ $myCHECK =~ ^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ ]]; then + echo "$myCHECK is a valid Base64 string." + else + echo "$myCHECK is not a valid Base64 string. Please check T-Pot config file (.env)" + echo + echo "# Aborting" + exit 1 + fi +} +create_web_users() { + echo + echo "# Creating passwd files based on .env configuration ..." + echo + echo "${WEB_USER}" > /data/nginx/conf/nginxpasswd + echo "${LS_WEB_USER}" > /data/nginx/conf/lswebpasswd +} # Check for compatible OSType echo @@ -101,7 +123,7 @@ myOSTYPE=$(uname -a | grep -Eo "linuxkit") if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ]; then echo "# Docker Desktop for macOS or Windows detected." - echo "# 1. You need to adjust the OSType in the hidden \".env\" file." + echo "# 1. You need to adjust the OSType the T-Pot config file (.env)." echo "# 2. You need to use the macos or win docker compose file." echo echo "# Aborting." @@ -109,6 +131,44 @@ if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ]; exit 1 fi +# Validate environment variables +for var in TPOT_BLACKHOLE TPOT_PERSISTENCE TPOT_ATTACKMAP_TEXT TPOT_ATTACKMAP_TEXT_TIMEZONE TPOT_REPO TPOT_VERSION TPOT_PULL_POLICY TPOT_OSTYPE; + do + check_var "$var" + check_safety "$var" + validate_format "$var" +done + +if [ "${TPOT_TYPE}" == "HIVE" ]; + then + # No $ for check_var + check_var "WEB_USER" + check_web_user_safety "$WEB_USER" + TPOT_HIVE_USER="" + TPOT_HIVE_IP="" + if [ "${LS_WEB_USER}" == "" ]; + then + echo "# Warning: No LS_WEB_USER detected! T-Pots of type SENSOR will not be able to submit logs to this HIVE." + echo + else + check_web_user_safety "$LS_WEB_USER" + fi +fi +if [ "${TPOT_TYPE}" == "SENSOR" ]; + then + # No $ for check_var + check_var "TPOT_HIVE_USER" + check_var "TPOT_HIVE_IP" + validate_base64 "$TPOT_HIVE_USER" + validate_ip_or_domain "$TPOT_HIVE_IP" + WEB_USER="" +fi +echo + +echo +echo "# All settings seem to be valid." +echo + # Data folder management if [ -f "/data/uuid" ]; then @@ -124,15 +184,6 @@ if [ -f "/data/uuid" ]; figlet "Setting up ..." figlet "T-Pot: ${TPOT_VERSION}" echo - echo "# Checking for default user." - if [ "${WEB_USER}" == "change:me" ]; - then - echo "# Please change WEB_USER in the hidden \".env\" file." - echo "# Aborting." - echo - exit 1 - fi - echo echo "# Setting up data folder structure ..." echo /opt/tpot/bin/clean.sh off diff --git a/docker/tpotinit/docker-compose.yml b/docker/tpotinit/docker-compose.yml index dccc996d..09f25714 100644 --- a/docker/tpotinit/docker-compose.yml +++ b/docker/tpotinit/docker-compose.yml @@ -6,10 +6,13 @@ services: tpotinit: build: . container_name: tpotinit + env_file: + - $HOME/tpotce/.env restart: "no" - image: "dtagdevsec/tpotinit:dev" -# volumes: + image: "ghcr.io/telekom-security/tpotinit:alpha" + volumes: # - /var/run/docker.sock:/var/run/docker.sock:ro + - $HOME/tpotce/data:/data network_mode: "host" cap_add: - NET_ADMIN diff --git a/env.example b/env.example index f85d08d8..7117094e 100644 --- a/env.example +++ b/env.example @@ -4,49 +4,66 @@ # T-Pot Base Settings - Adjust to your needs. # ############################################### -# Set Web username and password here, it will be used to create the Nginx password file nginxpasswd. -# Use 'htpasswd -n ' to create the WEB_USER if you want to manually deploy T-Pot -# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 -# Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' -WEB_USER='change:me' +# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd. +# : This is the default +# <'htpasswd encoded usernames / passwords'>: +# Use 'htpasswd -n ' to create the WEB_USER if you want to manually deploy T-Pot +# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 +# Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' +# Multiple users are possible, example (notice the quotes!): +# WEB_USER='user1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 +# user2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' +WEB_USER= + +# Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd. +# The Lostsash Web usernames are used for T-Pot log ingestion via Logstash, each sensor should have its own user. +# : This is empty by default. +# <'htpasswd encoded usernames / passwords'>: +# Use 'htpasswd -n ' to create the LS_WEB_USER if you want to manually deploy T-Pot +# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 +# Copy the string and replace / add LS_WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' +# Multiple users are possible, example (notice the quotes!): +# LS_WEB_USER='sensor1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 +# sensor2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' +LS_WEB_USER= # T-Pot Blackhole -# ENABLED: T-Pot will download a db of known mass scanners and nullroute them +# ENABLED: T-Pot will download a db of known mass scanners and nullroute them. # Be aware, this will put T-Pot off the map for stealth reasons and -# you will get less traffic. Routes will active until reboot and will -# be re-added with every T-Pot start until disabled. +# you will get less traffic. Routes will be active until next reboot +# and will be re-added with every T-Pot start until disabled. # DISABLED: This is the default and no stealth efforts are in place. TPOT_BLACKHOLE=DISABLED # T-Pot Persistence -# on: This is the default. T-Pot will keep the honeypot logfiles and rotate -# with logrotate for 30 days. -# off: This is recommended for Raspberry Pi or setups with weaker CPUs or -# if you just do not need any of the logfiles. +# on: This is the default. T-Pot will keep the honeypot logfiles and rotate +# with logrotate for 30 days. +# off: This is recommended for Raspberry Pi or setups with weaker CPUs or +# if you just do not need any of the logfiles. TPOT_PERSISTENCE=on # T-Pot Type -# HIVE: This is the default and offers everything to connect T-Pot sensors. -# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other -# settings as well. -# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml -# 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to -# your SENSOR host to ~/tpotce/data/hive.crt -# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below -# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd ' -# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string: -# "echo -n 'username:password' | base64" +# HIVE: This is the default and offers everything to connect T-Pot sensors. +# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other +# settings as well. +# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml +# 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to +# your SENSOR host to ~/tpotce/data/hive.crt +# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below +# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd ' +# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string: +# "echo -n 'username:password' | base64" TPOT_TYPE=HIVE # T-Pot Hive User (only relevant for SENSOR deployment) -# : This is empty by default. -# : Provide a base64 encoded string "echo -n 'username:password' | base64" -# i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ=' +# : This is empty by default. +# : Provide a base64 encoded string "echo -n 'username:password' | base64" +# i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ=' TPOT_HIVE_USER= # T-Pot Hive IP (only relevant for SENSOR deployment) -# : This is empty by default. -# : This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local) +# : This is empty by default. +# : This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local) TPOT_HIVE_IP= # T-Pot AttackMap Text Output @@ -68,16 +85,16 @@ TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC ################################################################################### # SentryPeer P2P mode -# Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1) -# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show -# the bad actors in its logs. Therefore this option is opt-in based. -# 0: This is the default, P2P mode is disabled. -# 1: Enable P2P mode. +# Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1) +# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show +# the bad actors in its logs. Therefore this option is opt-in based. +# 0: This is the default, P2P mode is disabled. +# 1: Enable P2P mode. SENTRYPEER_PEER_TO_PEER=0 # Suricata ET Pro ruleset -# OPEN: This is the default and will the ET Open ruleset -# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset +# OPEN: This is the default and will the ET Open ruleset +# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset OINKCODE=OPEN @@ -94,10 +111,10 @@ TPOT_DOCKER_ENV=./.env # Docker-Compose file TPOT_DOCKER_COMPOSE=./docker-compose.yml -# T-Pot Repo -# Depending on where you are located you may choose between DockerHub and GHCR -# dtagdevsec: This will use the DockerHub image registry -# ghcr.io/telekom-security: This will use the GitHub container registry +# T-Pot Docker Repo +# Depending on where you are located you may choose between DockerHub and GHCR +# dtagdevsec: This will use the DockerHub image registry +# ghcr.io/telekom-security: This will use the GitHub container registry TPOT_REPO=dtagdevsec # T-Pot Version Tag