From 6b77e64ff46af330add62cb07d73e48dea01956f Mon Sep 17 00:00:00 2001
From: listbot <sean.dexter@gmail.com>
Date: Mon, 20 Aug 2018 15:06:10 +0000
Subject: [PATCH] tweaking updater, conpot
---
docker/conpot/Dockerfile | 7 +-
.../dist/templates/kamstrup_382/template.xml | 6 +-
update.sh | 230 ++++++++++--------
3 files changed, 129 insertions(+), 114 deletions(-)
diff --git a/docker/conpot/Dockerfile b/docker/conpot/Dockerfile
index f76b924f..69106951 100644
--- a/docker/conpot/Dockerfile
+++ b/docker/conpot/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine
+FROM alpine:3.7
# Include dist
ADD dist/ /root/dist/
@@ -12,10 +12,10 @@ RUN apk -U --no-cache add \
libev \
libtool \
libcap \
+ libxml2-dev \
libxslt \
- libxslt-dev \
- mariadb-dev \
mariadb-client-libs \
+ mariadb-dev \
pkgconfig \
python \
python-dev \
@@ -58,6 +58,7 @@ RUN apk -U --no-cache add \
git \
libev \
libtool \
+ libxml2-dev \
libxslt-dev \
mariadb-dev \
pkgconfig \
diff --git a/docker/conpot/dist/templates/kamstrup_382/template.xml b/docker/conpot/dist/templates/kamstrup_382/template.xml
index 7998a2c0..376cf9c6 100644
--- a/docker/conpot/dist/templates/kamstrup_382/template.xml
+++ b/docker/conpot/dist/templates/kamstrup_382/template.xml
@@ -446,10 +446,10 @@
<value type="value">'255.255.255.0'</value>
</key>
<key name="kap_a_server_hostname">
- <value type="value">'kapserver.evilpowerprovider.org'</value>
+ <value type="value">'pwr_ctrl_mgmt01.int.local'</value>
</key>
<key name="kap_a_server_ip">
- <value type="value">'202.202.202.1'</value>
+ <value type="value">'10.232.15.242'</value>
</key>
<key name="kap_a_server_port">
<value type="value">'50'</value>
@@ -513,4 +513,4 @@
</key>
</key_value_mappings>
</databus>
-</core>
\ No newline at end of file
+</core>
diff --git a/update.sh b/update.sh
index 94afc856..b37b1fdb 100755
--- a/update.sh
+++ b/update.sh
@@ -12,14 +12,6 @@ myGREEN="�[0;32m"
myWHITE="�[0;0m"
myBLUE="�[0;34m"
-# Got root?
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
- then
- echo "Need to run as root ..."
- sudo ./$0
- exit
-fi
# Check for existing tpot.yml
function fuCONFIGCHECK () {
@@ -28,12 +20,12 @@ function fuCONFIGCHECK () {
if ! [ -f $myCONFIGFILE ];
then
echo
- echo $myRED"Error - No T-Pot configuration file present."
- echo "Please copy one of the preconfigured configuration files from /opt/tpot/etc/compose/*.yml to /opt/tpot/etc/tpot.yml."$myWHITE
+ echo "[ $myRED""NOT OK""$myWHITE ] - No T-Pot configuration found."
+ echo "Please create a link to your desired config i.e. 'ln -s /opt/tpot/etc/compose/standard.yml /opt/tpot/etc/tpot.yml'."
echo
exit 1
else
- echo $myGREEN"OK"$myWHITE
+ echo "[ $myGREEN""OK""$myWHITE ]"
fi
}
@@ -47,25 +39,25 @@ mySITES=$1
curl --connect-timeout 5 -IsS $i 2>&1>/dev/null
if [ $? -ne 0 ];
then
- echo
- echo $myRED"Error - Internet connection test failed. This might indicate some problems with your connection."
- echo "Exiting."$myWHITE
+ echo
+ echo "###### $myBLUE""Error - Internet connection test failed.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
+ echo "Exiting.""$myWHITE"
echo
exit 1
else
- echo $myGREEN"OK"$myWHITE
+ echo "[ $myGREEN"OK"$myWHITE ]"
fi
done;
}
-# Self Update
+# Update
function fuSELFUPDATE () {
echo "### Now checking for newer files in repository ..."
- git fetch
+ git fetch --all
myREMOTESTAT=$(git status | grep -c "up-to-date")
if [ "$myREMOTESTAT" != "0" ];
then
- echo "###### $myBLUE"No updates found in repository."$myWHITE"
+ echo "###### $myBLUE""No updates found in repository.""$myWHITE"
return
fi
myRESULT=$(git diff --name-only origin/master | grep update.sh)
@@ -74,18 +66,15 @@ function fuSELFUPDATE () {
then
if [ "$myLOCALSTAT" == "0" ];
then
- echo "###### $myBLUE"Found newer version, will update myself and restart."$myWHITE"
+ echo "###### $myBLUE""Found newer version, will update myself and restart.""$myWHITE"
+ git reset --hard
git pull --force
exec "$1" "$2"
exit 1
- else
- echo $myRED"Error - Update script was changed locally, cannot update."
- echo "Exiting."$myWHITE
- echo
- exit 1
fi
else
- echo "###### Update script is already up-to-date."
+ echo "###### $myBLUE""Update script is already up-to-date.""$myWHITE"
+ git reset --hard
git pull --force
fi
}
@@ -95,120 +84,145 @@ function fuCHECK_VERSION () {
local myMINVERSION="18.04.0"
local myMASTERVERSION="18.04.0"
echo
-echo -n "##### Checking for version tag: "
+echo "### Checking for version tag ..."
if [ -f "version" ];
then
myVERSION=$(cat version)
- echo "[ OK ] - You are running $myVERSION"
if [[ "$myVERSION" > "$myMINVERSION" || "$myVERSION" == "$myMINVERSION" ]] && [[ "$myVERSION" < "$myMASTERVERSION" || "$myVERSION" == "$myMASTERVERSION" ]]
then
- echo "##### Valid version found. Update procedure will be initiated."
- exit
+ echo "###### $myBLUE$myVERSION is eligible for the update procedure.$myWHITE"" [ $myGREEN""OK""$myWHITE ]"
else
- echo "##### Your T-Pot installation cannot be upgraded automatically. Please run a fresh install."
- exit
+ echo "###### $myBLUE $myVERSION cannot be upgraded automatically. Please run a fresh install.$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
+ exit
fi
else
- echo "[ NOT OK ]"
- echo "##### 'version' is missing. Please run 'update.sh' from within '/opt/tpot'."
+ echo "###### $myBLUE""Unable to determine version. Please run 'update.sh' from within '/opt/tpot'.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
exit
fi
}
+
+# Stop T-Pot to avoid race conditions with running containers with regard to the current T-Pot config
+function fuSTOP_TPOT () {
+echo "### Need to stop T-Pot ..."
+echo -n "###### $myBLUE Now stopping T-Pot.$myWHITE "
+systemctl stop tpot
+if [ $? -ne 0 ];
+ then
+ echo " [ $myRED""NOT OK""$myWHITE ]"
+ echo "###### $myBLUE""Could not stop T-Pot.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
+ echo "Exiting.""$myWHITE"
+ echo
+ exit 1
+ else
+ echo "[ $myGREEN"OK"$myWHITE ]"
+fi
+}
+
+# Backup
+function fuBACKUP () {
+local myARCHIVE="/root/$(date +%Y%m%d%H%M)_tpot_backup.tgz"
+local myPATH=$PWD
+echo "### Create a backup, just in case ... "
+echo -n "###### $myBLUE Building archive in $myARCHIVE $myWHITE"
+cd /opt/tpot
+tar cvfz $myARCHIVE * 2>&1>/dev/null
+if [ $? -ne 0 ];
+ then
+ echo " [ $myRED""NOT OK""$myWHITE ]"
+ echo "###### $myBLUE""Something went wrong.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
+ echo "Exiting.""$myWHITE"
+ echo
+ cd $myPATH
+ exit 1
+ else
+ echo "[ $myGREEN"OK"$myWHITE ]"
+ cd $myPATH
+fi
+}
+
+# Let's load docker images in parallel
+function fuPULLIMAGES {
+local myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
+for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | uniq)
+ do
+ docker pull $name &
+ done
+wait
+}
+
+function fuUPDATER () {
+local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
+echo "### Now upgrading packages ..."
+apt-get -y autoclean
+apt-get -y autoremove
+apt-get update
+apt-get -y install $myPACKAGES
+# Some updates require interactive attention, you can override that for unattended upgrades.
+# Be warned, this can easily break your system.
+# apt-get dist-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
+apt-get -y dist-upgrade
+npm install "https://github.com/taskrabbit/elasticsearch-dump#9fcc8cc" -g
+pip install --upgrade pip
+hash -r
+pip install --upgrade elasticsearch-curator yq
+wget https://github.com/bcicen/ctop/releases/download/v0.7.1/ctop-0.7.1-linux-amd64 -O /usr/bin/ctop && chmod +x /usr/bin/ctop
+echo
+
+echo "### Now replacing T-Pot related config files on host"
+cp host/etc/systemd/* /etc/systemd/system/
+cp host/etc/issue /etc/
+echo
+
+echo "### Now pulling latest docker images"
+fuPULLIMAGES
+echo
+
+echo "### If you made changes to tpot.yml please ensure to add them again."
+echo "### We stored the previous version as backup in /root/."
+echo "### Done, please reboot."
+}
+
+
+################
+# Main section #
+################
+
+# Got root?
+myWHOAMI=$(whoami)
+if [ "$myWHOAMI" != "root" ]
+ then
+ echo "Need to run as root ..."
+ sudo ./$0
+ exit
+fi
+
# Only run with command switch
if [ "$1" != "-y" ]; then
echo "This script will update / upgrade all T-Pot related scripts, tools and packages"
echo "Some of your changes might be overwritten, so make sure to save your work"
- echo "This is beta feature and only recommended for experienced users, run with \"-y\" switch"
+ echo "This is beta feature and only recommended for experienced users, run with '-y' switch"
echo
exit
fi
-echo "### Now running T-Pot update script."
-echo
-
-fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com"
-echo
-
-fuSELFUPDATE "$0" "$@"
+fuCHECK_VERSION
echo
fuCONFIGCHECK
echo
-echo "### Now stopping T-Pot"
-systemctl stop tpot
-
-# Better safe than sorry
-echo "###### Creating backup and storing it in /home/tsec"
-tar cvfz /root/tpot_backup.tgz /opt/tpot
-
-echo "###### Getting the current install flavor"
-myFLAVOR=$(head $myCONFIGFILE -n 1 | awk '{ print $3 }' | tr -d :'()':)
-
-echo "###### Updating compose file"
-case $myFLAVOR in
- HP)
- echo "###### Restoring HONEYPOT flavor installation."
- cp $myCOMPOSEPATH/hp.yml $myCONFIGFILE
- ;;
- Industrial)
- echo "###### Restoring INDUSTRIAL flavor installation."
- cp $myCOMPOSEPATH/industrial.yml $myCONFIGFILE
- ;;
- Standard)
- echo "###### Restoring TPOT flavor installation."
- cp $myCOMPOSEPATH/tpot.yml $myCONFIGFILE
- ;;
- Everything)
- echo "###### Restoring EVERYTHING flavor installation."
- cp $myCOMPOSEPATH/all.yml $myCONFIGFILE
- ;;
-esac
-
+fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com"
echo
-echo "### Now upgrading packages"
-apt-get autoclean -y
-apt-get autoremove -y
-apt-get update
-apt-get dist-upgrade -y
-pip install --upgrade pip
-pip install docker-compose==1.16.1
-pip install elasticsearch-curator==5.2.0
-ln -s /usr/bin/nodejs /usr/bin/node 2>&1
-npm install https://github.com/t3chn0m4g3/wetty -g
-npm install https://github.com/t3chn0m4g3/elasticsearch-dump -g
-wget https://github.com/bcicen/ctop/releases/download/v0.6.1/ctop-0.6.1-linux-amd64 -O /usr/bin/ctop && chmod +x /usr/bin/ctop
+fuSTOP_TPOT
echo
-echo "### Now replacing T-Pot related config files on host"
-cp host/etc/systemd/* /etc/systemd/system/
-cp host/etc/issue /etc/
-cp -R host/etc/nginx/ssl /etc/nginx/
-cp host/etc/nginx/tpotweb.conf /etc/nginx/sites-available/
-cp host/etc/nginx/nginx.conf /etc/nginx/nginx.conf
-cp host/usr/share/nginx/html/* /usr/share/nginx/html/
+fuBACKUP
echo
-echo "### Now reloading systemd, nginx"
-systemctl daemon-reload
-nginx -s reload
+fuSELFUPDATE "$0" "$@"
echo
-echo "### Now restarting wetty, nginx, docker"
-systemctl restart wetty.service
-systemctl restart nginx.service
-systemctl restart docker.service
+fuUPDATER
echo
-echo "### Now pulling latest docker images"
-docker-compose -f /opt/tpot/etc/tpot.yml pull
-
-echo
-echo "### Now starting T-Pot service"
-systemctl start tpot
-
-echo
-echo "### If you made changes to tpot.yml please ensure to add them again."
-echo "### We stored the previous version as backup in /home/tsec."
-echo "### Done."