tweaking ntp and logstash

remove ntp and replace with timesyncd (client only)

adjust logstash config

docker/elk/logstash/Dockerfile

@@ -36,12 +36,12 @@ RUN apt-get update -y && \
     chmod u+x /usr/bin/entrypoint.sh && \
     mkdir -p /etc/logstash/conf.d /usr/share/logstash/config && \
     cp logstash.conf /etc/logstash/conf.d/ && \
-    cp logstash.yml /etc/logstash/conf.d/ && \
     cp http_input.conf /etc/logstash/conf.d/ && \
     cp http_output.conf /etc/logstash/conf.d/ && \
     cp pipelines.yml /usr/share/logstash/config/pipelines.yml && \
     cp pipelines_sensor.yml /usr/share/logstash/config/pipelines_sensor.yml && \
     cp tpot-template.json /etc/logstash/ && \
+    rm /etc/logstash/pipelines.yml && \
 #
 # Setup user, groups and configs
     groupmod -g 2000 logstash && \

iso/installer/install.sh

@@ -798,23 +798,6 @@ echo "$mySYSTEMDFIX" | tee /etc/systemd/network/99-default.link
 fuBANNER "Add cronjobs"
 echo "$myCRONJOBS" | tee -a /etc/crontab
 
-### For some honeypots to work we need to ensure ntp.service is not listening
-echo "### Ensure ntp.service is not listening to avoid potential port conflict with ddospot."
-myNTP_IF_DISABLE="interface ignore wildcard
-interface ignore 127.0.0.1
-interface ignore ::1"
-
-if [ "$(cat /etc/ntp.conf | grep "interface ignore wildcard" | wc -l)" != "1" ];
-  then
-    echo "### Found active ntp listeners and updating config."
-    echo "$myNTP_IF_DISABLE" | tee -a /etc/ntp.conf
-    echo "### Restarting ntp.service for changes to take effect."
-    systemctl stop ntp.service
-    systemctl start ntp.service
-  else
-    echo "### Found no active ntp listeners."
-fi
-
 # Let's create some files and folders
 fuBANNER "Files & folders"
 mkdir -vp /data/adbhoney/{downloads,log} \

packages.txt

@@ -41,7 +41,6 @@ multitail
 net-tools
 neovim
 npm
-ntp
 openssh-server
 openssl
 pass
@@ -52,6 +51,7 @@ sshpass
 psmisc
 pv
 python3-pip
+systemd-timesyncd
 toilet
 unattended-upgrades
 unzip

update.sh

@@ -239,8 +239,8 @@ echo "### Installing apt-fast"
 local myPACKAGES=$(cat /opt/tpot/packages.txt)
 echo
 echo "### Removing and holding back problematic packages ..."
-apt-fast -y purge cockpit-pcp elasticsearch-curator exim4-base glances mailutils pcp
+apt-fast -y purge cockpit-pcp elasticsearch-curator exim4-base glances mailutils ntp pcp
-apt-mark hold exim4-base mailutils pcp cockpit-pcp
+apt-mark hold exim4-base mailutils ntp pcp cockpit-pcp
 hash -r
 echo
 echo "### Now upgrading packages ..."
@@ -308,28 +308,6 @@ mkdir -vp /data/adbhoney/{downloads,log} \
           /data/tanner/{log,files} \
           /home/tsec/.ssh/
 
-### For some honeypots to work we need to ensure ntp.service is not listening
-echo
-echo "### Ensure ntp.service is not listening to avoid potential port conflict with ddospot."
-myNTP_IF_DISABLE="interface ignore wildcard
-interface ignore 127.0.0.1
-interface ignore ::1"
-
-if [ "$(cat /etc/ntp.conf | grep "interface ignore wildcard" | wc -l)" != "1" ];
-  then
-    echo
-    echo "### Found active ntp listeners and updating config."
-    echo "$myNTP_IF_DISABLE" | tee -a /etc/ntp.conf
-    echo
-    echo "### Restarting ntp.service for changes to take effect."
-    systemctl stop ntp.service
-    systemctl start ntp.service
-  else
-    echo
-    echo "### Found no active ntp listeners."
-fi
-
-
 ### Let's take care of some files and permissions
 chmod 770 -R /data
 chown tpot:tpot -R /data