From 572d540ead4a296ed91e6c3a01ecdd2711584e16 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Wed, 30 Mar 2022 20:32:24 +0000 Subject: [PATCH] tweaking ntp and logstash remove ntp and replace with timesyncd (client only) adjust logstash config --- docker/elk/logstash/Dockerfile | 2 +- iso/installer/install.sh | 17 ----------------- packages.txt | 2 +- update.sh | 26 ++------------------------ 4 files changed, 4 insertions(+), 43 deletions(-) diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile index 703462bf..bc9dbdb1 100644 --- a/docker/elk/logstash/Dockerfile +++ b/docker/elk/logstash/Dockerfile @@ -36,12 +36,12 @@ RUN apt-get update -y && \ chmod u+x /usr/bin/entrypoint.sh && \ mkdir -p /etc/logstash/conf.d /usr/share/logstash/config && \ cp logstash.conf /etc/logstash/conf.d/ && \ - cp logstash.yml /etc/logstash/conf.d/ && \ cp http_input.conf /etc/logstash/conf.d/ && \ cp http_output.conf /etc/logstash/conf.d/ && \ cp pipelines.yml /usr/share/logstash/config/pipelines.yml && \ cp pipelines_sensor.yml /usr/share/logstash/config/pipelines_sensor.yml && \ cp tpot-template.json /etc/logstash/ && \ + rm /etc/logstash/pipelines.yml && \ # # Setup user, groups and configs groupmod -g 2000 logstash && \ diff --git a/iso/installer/install.sh b/iso/installer/install.sh index b0c6f93d..3323c849 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -798,23 +798,6 @@ echo "$mySYSTEMDFIX" | tee /etc/systemd/network/99-default.link fuBANNER "Add cronjobs" echo "$myCRONJOBS" | tee -a /etc/crontab -### For some honeypots to work we need to ensure ntp.service is not listening -echo "### Ensure ntp.service is not listening to avoid potential port conflict with ddospot." -myNTP_IF_DISABLE="interface ignore wildcard -interface ignore 127.0.0.1 -interface ignore ::1" - -if [ "$(cat /etc/ntp.conf | grep "interface ignore wildcard" | wc -l)" != "1" ]; - then - echo "### Found active ntp listeners and updating config." - echo "$myNTP_IF_DISABLE" | tee -a /etc/ntp.conf - echo "### Restarting ntp.service for changes to take effect." - systemctl stop ntp.service - systemctl start ntp.service - else - echo "### Found no active ntp listeners." -fi - # Let's create some files and folders fuBANNER "Files & folders" mkdir -vp /data/adbhoney/{downloads,log} \ diff --git a/packages.txt b/packages.txt index e23be58a..0eed131f 100644 --- a/packages.txt +++ b/packages.txt @@ -41,7 +41,6 @@ multitail net-tools neovim npm -ntp openssh-server openssl pass @@ -52,6 +51,7 @@ sshpass psmisc pv python3-pip +systemd-timesyncd toilet unattended-upgrades unzip diff --git a/update.sh b/update.sh index 407104e4..e4acfa57 100755 --- a/update.sh +++ b/update.sh @@ -239,8 +239,8 @@ echo "### Installing apt-fast" local myPACKAGES=$(cat /opt/tpot/packages.txt) echo echo "### Removing and holding back problematic packages ..." -apt-fast -y purge cockpit-pcp elasticsearch-curator exim4-base glances mailutils pcp -apt-mark hold exim4-base mailutils pcp cockpit-pcp +apt-fast -y purge cockpit-pcp elasticsearch-curator exim4-base glances mailutils ntp pcp +apt-mark hold exim4-base mailutils ntp pcp cockpit-pcp hash -r echo echo "### Now upgrading packages ..." @@ -308,28 +308,6 @@ mkdir -vp /data/adbhoney/{downloads,log} \ /data/tanner/{log,files} \ /home/tsec/.ssh/ -### For some honeypots to work we need to ensure ntp.service is not listening -echo -echo "### Ensure ntp.service is not listening to avoid potential port conflict with ddospot." -myNTP_IF_DISABLE="interface ignore wildcard -interface ignore 127.0.0.1 -interface ignore ::1" - -if [ "$(cat /etc/ntp.conf | grep "interface ignore wildcard" | wc -l)" != "1" ]; - then - echo - echo "### Found active ntp listeners and updating config." - echo "$myNTP_IF_DISABLE" | tee -a /etc/ntp.conf - echo - echo "### Restarting ntp.service for changes to take effect." - systemctl stop ntp.service - systemctl start ntp.service - else - echo - echo "### Found no active ntp listeners." -fi - - ### Let's take care of some files and permissions chmod 770 -R /data chown tpot:tpot -R /data