Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 12:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Adjust T-Pot config file, tpotinit

Browse source 
fix logrotate.conf path
add tpotinit logging
add support for LS_WEB_USER in tpot config (.env)
make tpotinit always validate config / adjust users on tpotinit start
This commit is contained in:
t3chn0m4g3 2024-02-19 17:34:14 +01:00
parent 09b75cb5be
commit 4f41b84103
6 changed files with 201 additions and 112 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

95
.env
View file

@ -4,49 +4,66 @@
# T-Pot Base Settings - Adjust to your needs. # # T-Pot Base Settings - Adjust to your needs. #
############################################### ###############################################
# Set Web username and password here, it will be used to create the Nginx password file nginxpasswd. # Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
# Use 'htpasswd -n <username>' to create the WEB_USER if you want to manually deploy T-Pot # <empty>: This is the default
# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 # <'htpasswd encoded usernames / passwords'>:
# Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' # Use 'htpasswd -n <username>' to create the WEB_USER if you want to manually deploy T-Pot
WEB_USER='change:me' # Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
# Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
# Multiple users are possible, example (notice the quotes!):
# WEB_USER='user1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
# user2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
WEB_USER=
# Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd.
# The Lostsash Web usernames are used for T-Pot log ingestion via Logstash, each sensor should have its own user.
# <empty>: This is empty by default.
# <'htpasswd encoded usernames / passwords'>:
# Use 'htpasswd -n <username>' to create the LS_WEB_USER if you want to manually deploy T-Pot
# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
# Copy the string and replace / add LS_WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
# Multiple users are possible, example (notice the quotes!):
# LS_WEB_USER='sensor1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
# sensor2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
LS_WEB_USER=
# T-Pot Blackhole # T-Pot Blackhole
# ENABLED: T-Pot will download a db of known mass scanners and nullroute them # ENABLED: T-Pot will download a db of known mass scanners and nullroute them.
# Be aware, this will put T-Pot off the map for stealth reasons and # Be aware, this will put T-Pot off the map for stealth reasons and
# you will get less traffic. Routes will active until reboot and will # you will get less traffic. Routes will be active until next reboot
# be re-added with every T-Pot start until disabled. # and will be re-added with every T-Pot start until disabled.
# DISABLED: This is the default and no stealth efforts are in place. # DISABLED: This is the default and no stealth efforts are in place.
TPOT_BLACKHOLE=DISABLED TPOT_BLACKHOLE=DISABLED
# T-Pot Persistence # T-Pot Persistence
# on: This is the default. T-Pot will keep the honeypot logfiles and rotate # on: This is the default. T-Pot will keep the honeypot logfiles and rotate
# with logrotate for 30 days. # with logrotate for 30 days.
# off: This is recommended for Raspberry Pi or setups with weaker CPUs or # off: This is recommended for Raspberry Pi or setups with weaker CPUs or
# if you just do not need any of the logfiles. # if you just do not need any of the logfiles.
TPOT_PERSISTENCE=on TPOT_PERSISTENCE=on
# T-Pot Type # T-Pot Type
# HIVE: This is the default and offers everything to connect T-Pot sensors. # HIVE: This is the default and offers everything to connect T-Pot sensors.
# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other # SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
# settings as well. # settings as well.
# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml # 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
# 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to # 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to
# your SENSOR host to ~/tpotce/data/hive.crt # your SENSOR host to ~/tpotce/data/hive.crt
# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below # 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>' # Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string: # 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
# "echo -n 'username:password' | base64" # "echo -n 'username:password' | base64"
TPOT_TYPE=HIVE TPOT_TYPE=HIVE
# T-Pot Hive User (only relevant for SENSOR deployment) # T-Pot Hive User (only relevant for SENSOR deployment)
# <empty>: This is empty by default. # <empty>: This is empty by default.
# <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64" # <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64"
# i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ=' # i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
TPOT_HIVE_USER= TPOT_HIVE_USER=
# T-Pot Hive IP (only relevant for SENSOR deployment) # T-Pot Hive IP (only relevant for SENSOR deployment)
# <empty>: This is empty by default. # <empty>: This is empty by default.
# <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local) # <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
TPOT_HIVE_IP= TPOT_HIVE_IP=
# T-Pot AttackMap Text Output # T-Pot AttackMap Text Output
@ -68,16 +85,16 @@ TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC
################################################################################### ###################################################################################
# SentryPeer P2P mode # SentryPeer P2P mode
# Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1) # Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show # In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
# the bad actors in its logs. Therefore this option is opt-in based. # the bad actors in its logs. Therefore this option is opt-in based.
# 0: This is the default, P2P mode is disabled. # 0: This is the default, P2P mode is disabled.
# 1: Enable P2P mode. # 1: Enable P2P mode.
SENTRYPEER_PEER_TO_PEER=0 SENTRYPEER_PEER_TO_PEER=0
# Suricata ET Pro ruleset # Suricata ET Pro ruleset
# OPEN: This is the default and will the ET Open ruleset # OPEN: This is the default and will the ET Open ruleset
# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset # OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
OINKCODE=OPEN OINKCODE=OPEN
@ -94,11 +111,11 @@ TPOT_DOCKER_ENV=./.env
# Docker-Compose file # Docker-Compose file
TPOT_DOCKER_COMPOSE=./docker-compose.yml TPOT_DOCKER_COMPOSE=./docker-compose.yml
# T-Pot Repo # T-Pot Docker Repo
# Depending on where you are located you may choose between DockerHub and GHCR # Depending on where you are located you may choose between DockerHub and GHCR
# dtagdevsec: This will use the DockerHub image registry # dtagdevsec: This will use the DockerHub image registry
# ghcr.io/telekom-security: This will use the GitHub container registry # ghcr.io/telekom-security: This will use the GitHub container registry
TPOT_REPO=ghcr.io/telekom-security TPOT_REPO=dtagdevsec
# T-Pot Version Tag # T-Pot Version Tag
TPOT_VERSION=alpha TPOT_VERSION=alpha

1
.gitignore vendored
View file

@ -2,3 +2,4 @@
data/ data/
**/.DS_Store **/.DS_Store
.idea .idea
install_tpot.log

2
docker/tpotinit/dist/bin/clean.sh vendored
View file

@ -20,7 +20,7 @@ echo $(ls $myFOLDER | wc -l)
# Let's create a function to rotate and compress logs # Let's create a function to rotate and compress logs
fuLOGROTATE () { fuLOGROTATE () {
local mySTATUS="/opt/tpot/etc/logrotate/status" local mySTATUS="/data/tpot/etc/logrotate/status"
local myCONF="/opt/tpot/etc/logrotate/logrotate.conf" local myCONF="/opt/tpot/etc/logrotate/logrotate.conf"
local myADBHONEYTGZ="/data/adbhoney/downloads.tgz" local myADBHONEYTGZ="/data/adbhoney/downloads.tgz"
local myADBHONEYDL="/data/adbhoney/downloads/" local myADBHONEYDL="/data/adbhoney/downloads/"

115
docker/tpotinit/dist/entrypoint.sh vendored
View file

@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
COMPOSE="/tmp/tpot/docker-compose.yml" COMPOSE="/tmp/tpot/docker-compose.yml"
exec > >(tee /data/tpotinit.log) 2>&1
# Function to check if a variable is set, not empty # Function to check if a variable is set, not empty
check_var() { check_var() {
@ -10,7 +11,7 @@ check_var() {
# Check if variable is set and not empty # Check if variable is set and not empty
if [[ -z "$var_value" ]]; if [[ -z "$var_value" ]];
then then
echo "# Error: $var_name is not set or empty." echo "# Error: $var_name is not set or empty. Please check T-Pot config file (.env)."
echo echo
echo "# Aborting" echo "# Aborting"
exit 1 exit 1
@ -25,7 +26,7 @@ check_safety() {
# General safety check for most variables # General safety check for most variables
if [[ $var_value =~ [^a-zA-Z0-9_/.:-] ]]; if [[ $var_value =~ [^a-zA-Z0-9_/.:-] ]];
then then
echo "# Error: Unsafe characters detected in $var_name." echo "# Error: Unsafe characters detected in $var_name. Please check T-Pot config file (.env)."
echo echo
echo "# Aborting" echo "# Aborting"
exit 1 exit 1
@ -41,7 +42,7 @@ check_web_user_safety() {
for user in $web_user; do for user in $web_user; do
# Allow alphanumeric, $, ., /, and : for WEB_USER (to accommodate htpasswd hash) # Allow alphanumeric, $, ., /, and : for WEB_USER (to accommodate htpasswd hash)
if [[ ! $user =~ ^[a-zA-Z0-9]+:\$apr1\$[a-zA-Z0-9./]+\$[a-zA-Z0-9./]+$ ]]; then if [[ ! $user =~ ^[a-zA-Z0-9]+:\$apr1\$[a-zA-Z0-9./]+\$[a-zA-Z0-9./]+$ ]]; then
echo "# Error: Unsafe characters / wrong format detected in WEB_USER for user $user." echo "# Error: Unsafe characters / wrong format detected in (LS_)WEB_USER for user $user. Please check T-Pot config file (.env)."
echo echo
echo "# Aborting" echo "# Aborting"
exit 1 exit 1
@ -58,7 +59,7 @@ validate_format() {
TPOT_BLACKHOLE|TPOT_PERSISTENCE|TPOT_ATTACKMAP_TEXT) TPOT_BLACKHOLE|TPOT_PERSISTENCE|TPOT_ATTACKMAP_TEXT)
if ! [[ $var_value =~ ^(ENABLED|DISABLED|on|off|true|false)$ ]]; if ! [[ $var_value =~ ^(ENABLED|DISABLED|on|off|true|false)$ ]];
then then
echo "# Error: Invalid value for $var_name. Expected ENABLED/DISABLED, on/off, true/false." echo "# Error: Invalid value for $var_name. Expected ENABLED/DISABLED, on/off, true/false. Please check T-Pot config file (.env)."
echo echo
echo "# Aborting" echo "# Aborting"
exit 1 exit 1
@ -70,28 +71,49 @@ validate_format() {
esac esac
} }
create_web_users() { validate_ip_or_domain() {
echo local myCHECK=$1
echo "# Creating web user from .env ..."
echo # Regular expression for validating IPv4 addresses
echo "${WEB_USER}" > /data/nginx/conf/nginxpasswd local ipv4Regex='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
touch /data/nginx/conf/lswebpasswd
# Regular expression for validating domain names (including subdomains)
local domainRegex='^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
# Check if TPOT_HIVE_IP matches IPv4 or domain name
if [[ $myCHECK =~ $ipv4Regex ]]; then
echo "$myCHECK is a valid IPv4 address."
elif [[ $myCHECK =~ $domainRegex ]]; then
echo "$myCHECK is a valid domain name."
else
echo "# Error: $myCHECK is not a valid IPv4 address or domain name. Please check T-Pot config file (.env)."
echo
echo "# Aborting"
exit 1
fi
} }
# Validate environment variables validate_base64() {
for var in TPOT_BLACKHOLE TPOT_PERSISTENCE TPOT_ATTACKMAP_TEXT TPOT_ATTACKMAP_TEXT_TIMEZONE TPOT_REPO TPOT_VERSION TPOT_PULL_POLICY TPOT_OSTYPE; local myCHECK=$1
do
check_var "$var"
check_safety "$var"
validate_format "$var"
done
# Specific check for WEB_USER # Base64 pattern match
check_var "WEB_USER" if [[ $myCHECK =~ ^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ ]]; then
check_web_user_safety "$WEB_USER" echo "$myCHECK is a valid Base64 string."
else
echo "# All settings seem to be valid." echo "$myCHECK is not a valid Base64 string. Please check T-Pot config file (.env)"
echo
echo "# Aborting"
exit 1
fi
}
create_web_users() {
echo
echo "# Creating passwd files based on .env configuration ..."
echo
echo "${WEB_USER}" > /data/nginx/conf/nginxpasswd
echo "${LS_WEB_USER}" > /data/nginx/conf/lswebpasswd
}
# Check for compatible OSType # Check for compatible OSType
echo echo
@ -101,7 +123,7 @@ myOSTYPE=$(uname -a | grep -Eo "linuxkit")
if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ]; if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
then then
echo "# Docker Desktop for macOS or Windows detected." echo "# Docker Desktop for macOS or Windows detected."
echo "# 1. You need to adjust the OSType in the hidden \".env\" file." echo "# 1. You need to adjust the OSType the T-Pot config file (.env)."
echo "# 2. You need to use the macos or win docker compose file." echo "# 2. You need to use the macos or win docker compose file."
echo echo
echo "# Aborting." echo "# Aborting."
@ -109,6 +131,44 @@ if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
exit 1 exit 1
fi fi
# Validate environment variables
for var in TPOT_BLACKHOLE TPOT_PERSISTENCE TPOT_ATTACKMAP_TEXT TPOT_ATTACKMAP_TEXT_TIMEZONE TPOT_REPO TPOT_VERSION TPOT_PULL_POLICY TPOT_OSTYPE;
do
check_var "$var"
check_safety "$var"
validate_format "$var"
done
if [ "${TPOT_TYPE}" == "HIVE" ];
then
# No $ for check_var
check_var "WEB_USER"
check_web_user_safety "$WEB_USER"
TPOT_HIVE_USER=""
TPOT_HIVE_IP=""
if [ "${LS_WEB_USER}" == "" ];
then
echo "# Warning: No LS_WEB_USER detected! T-Pots of type SENSOR will not be able to submit logs to this HIVE."
echo
else
check_web_user_safety "$LS_WEB_USER"
fi
fi
if [ "${TPOT_TYPE}" == "SENSOR" ];
then
# No $ for check_var
check_var "TPOT_HIVE_USER"
check_var "TPOT_HIVE_IP"
validate_base64 "$TPOT_HIVE_USER"
validate_ip_or_domain "$TPOT_HIVE_IP"
WEB_USER=""
fi
echo
echo
echo "# All settings seem to be valid."
echo
# Data folder management # Data folder management
if [ -f "/data/uuid" ]; if [ -f "/data/uuid" ];
then then
@ -124,15 +184,6 @@ if [ -f "/data/uuid" ];
figlet "Setting up ..." figlet "Setting up ..."
figlet "T-Pot: ${TPOT_VERSION}" figlet "T-Pot: ${TPOT_VERSION}"
echo echo
echo "# Checking for default user."
if [ "${WEB_USER}" == "change:me" ];
then
echo "# Please change WEB_USER in the hidden \".env\" file."
echo "# Aborting."
echo
exit 1
fi
echo
echo "# Setting up data folder structure ..." echo "# Setting up data folder structure ..."
echo echo
/opt/tpot/bin/clean.sh off /opt/tpot/bin/clean.sh off

7
docker/tpotinit/docker-compose.yml
View file

@ -6,10 +6,13 @@ services:
tpotinit: tpotinit:
build: . build: .
container_name: tpotinit container_name: tpotinit
env_file:
- $HOME/tpotce/.env
restart: "no" restart: "no"
image: "dtagdevsec/tpotinit:dev" image: "ghcr.io/telekom-security/tpotinit:alpha"
# volumes: volumes:
# - /var/run/docker.sock:/var/run/docker.sock:ro # - /var/run/docker.sock:/var/run/docker.sock:ro
- $HOME/tpotce/data:/data
network_mode: "host" network_mode: "host"
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN

93
env.example
View file

@ -4,49 +4,66 @@
# T-Pot Base Settings - Adjust to your needs. # # T-Pot Base Settings - Adjust to your needs. #
############################################### ###############################################
# Set Web username and password here, it will be used to create the Nginx password file nginxpasswd. # Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
# Use 'htpasswd -n <username>' to create the WEB_USER if you want to manually deploy T-Pot # <empty>: This is the default
# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0 # <'htpasswd encoded usernames / passwords'>:
# Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0' # Use 'htpasswd -n <username>' to create the WEB_USER if you want to manually deploy T-Pot
WEB_USER='change:me' # Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
# Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
# Multiple users are possible, example (notice the quotes!):
# WEB_USER='user1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
# user2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
WEB_USER=
# Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd.
# The Lostsash Web usernames are used for T-Pot log ingestion via Logstash, each sensor should have its own user.
# <empty>: This is empty by default.
# <'htpasswd encoded usernames / passwords'>:
# Use 'htpasswd -n <username>' to create the LS_WEB_USER if you want to manually deploy T-Pot
# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
# Copy the string and replace / add LS_WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
# Multiple users are possible, example (notice the quotes!):
# LS_WEB_USER='sensor1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
# sensor2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
LS_WEB_USER=
# T-Pot Blackhole # T-Pot Blackhole
# ENABLED: T-Pot will download a db of known mass scanners and nullroute them # ENABLED: T-Pot will download a db of known mass scanners and nullroute them.
# Be aware, this will put T-Pot off the map for stealth reasons and # Be aware, this will put T-Pot off the map for stealth reasons and
# you will get less traffic. Routes will active until reboot and will # you will get less traffic. Routes will be active until next reboot
# be re-added with every T-Pot start until disabled. # and will be re-added with every T-Pot start until disabled.
# DISABLED: This is the default and no stealth efforts are in place. # DISABLED: This is the default and no stealth efforts are in place.
TPOT_BLACKHOLE=DISABLED TPOT_BLACKHOLE=DISABLED
# T-Pot Persistence # T-Pot Persistence
# on: This is the default. T-Pot will keep the honeypot logfiles and rotate # on: This is the default. T-Pot will keep the honeypot logfiles and rotate
# with logrotate for 30 days. # with logrotate for 30 days.
# off: This is recommended for Raspberry Pi or setups with weaker CPUs or # off: This is recommended for Raspberry Pi or setups with weaker CPUs or
# if you just do not need any of the logfiles. # if you just do not need any of the logfiles.
TPOT_PERSISTENCE=on TPOT_PERSISTENCE=on
# T-Pot Type # T-Pot Type
# HIVE: This is the default and offers everything to connect T-Pot sensors. # HIVE: This is the default and offers everything to connect T-Pot sensors.
# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other # SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
# settings as well. # settings as well.
# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml # 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
# 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to # 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to
# your SENSOR host to ~/tpotce/data/hive.crt # your SENSOR host to ~/tpotce/data/hive.crt
# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below # 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>' # Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string: # 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
# "echo -n 'username:password' | base64" # "echo -n 'username:password' | base64"
TPOT_TYPE=HIVE TPOT_TYPE=HIVE
# T-Pot Hive User (only relevant for SENSOR deployment) # T-Pot Hive User (only relevant for SENSOR deployment)
# <empty>: This is empty by default. # <empty>: This is empty by default.
# <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64" # <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64"
# i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ=' # i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
TPOT_HIVE_USER= TPOT_HIVE_USER=
# T-Pot Hive IP (only relevant for SENSOR deployment) # T-Pot Hive IP (only relevant for SENSOR deployment)
# <empty>: This is empty by default. # <empty>: This is empty by default.
# <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local) # <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
TPOT_HIVE_IP= TPOT_HIVE_IP=
# T-Pot AttackMap Text Output # T-Pot AttackMap Text Output
@ -68,16 +85,16 @@ TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC
################################################################################### ###################################################################################
# SentryPeer P2P mode # SentryPeer P2P mode
# Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1) # Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show # In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
# the bad actors in its logs. Therefore this option is opt-in based. # the bad actors in its logs. Therefore this option is opt-in based.
# 0: This is the default, P2P mode is disabled. # 0: This is the default, P2P mode is disabled.
# 1: Enable P2P mode. # 1: Enable P2P mode.
SENTRYPEER_PEER_TO_PEER=0 SENTRYPEER_PEER_TO_PEER=0
# Suricata ET Pro ruleset # Suricata ET Pro ruleset
# OPEN: This is the default and will the ET Open ruleset # OPEN: This is the default and will the ET Open ruleset
# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset # OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
OINKCODE=OPEN OINKCODE=OPEN
@ -94,10 +111,10 @@ TPOT_DOCKER_ENV=./.env
# Docker-Compose file # Docker-Compose file
TPOT_DOCKER_COMPOSE=./docker-compose.yml TPOT_DOCKER_COMPOSE=./docker-compose.yml
# T-Pot Repo # T-Pot Docker Repo
# Depending on where you are located you may choose between DockerHub and GHCR # Depending on where you are located you may choose between DockerHub and GHCR
# dtagdevsec: This will use the DockerHub image registry # dtagdevsec: This will use the DockerHub image registry
# ghcr.io/telekom-security: This will use the GitHub container registry # ghcr.io/telekom-security: This will use the GitHub container registry
TPOT_REPO=dtagdevsec TPOT_REPO=dtagdevsec
# T-Pot Version Tag # T-Pot Version Tag