From 6bd6f4bbdbe84b579479cd9e486bf8bcda9c05ef Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Fri, 28 Nov 2014 18:02:20 +0100
Subject: [PATCH] Init

---
 installer/install1.sh        |  14 ++
 installer/install2.sh        | 261 +++++++++++++++++++++++++
 installer/install2.sh.backup | 357 +++++++++++++++++++++++++++++++++++
 isolinux/txt.cfg             |   5 +
 kickstart/ks.cfg             |  41 ++++
 makeiso.sh                   |  71 +++++++
 preseed/tpotce.seed          |  82 ++++++++
 7 files changed, 831 insertions(+)
 create mode 100755 installer/install1.sh
 create mode 100755 installer/install2.sh
 create mode 100755 installer/install2.sh.backup
 create mode 100755 isolinux/txt.cfg
 create mode 100644 kickstart/ks.cfg
 create mode 100755 makeiso.sh
 create mode 100755 preseed/tpotce.seed

diff --git a/installer/install1.sh b/installer/install1.sh
new file mode 100755
index 00000000..d9ff95f8
--- /dev/null
+++ b/installer/install1.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+#############################################################
+# T-Pot Community Edition - disable splash boot permanently #
+# Ubuntu server 14.04, x64                                  #
+#                                                           #
+# v0.04 by mo, 2014-11-28                                   #
+#############################################################
+
+# Let's comment out the "quiet splash" options and update grub
+sed -i.bak 's#GRUB_CMDLINE_LINUX_DEFAULT#\#GRUB_CMDLINE_LINUX_DEFAULT#' /etc/default/grub
+update-grub
+
+# Let's move the install script to rc.local and reboot
+mv /root/install.sh /etc/rc.local && sleep 2 && reboot
diff --git a/installer/install2.sh b/installer/install2.sh
new file mode 100755
index 00000000..7202e6ae
--- /dev/null
+++ b/installer/install2.sh
@@ -0,0 +1,261 @@
+#!/bin/bash
+########################################################
+# T-Pot Community Edition post install script          #
+# Ubuntu server 14.04, x64                             #
+#                                                      #
+# v0.15 by mo, DTAG, 2014-11-28                        #
+########################################################
+
+# Let's make sure there is a warning if running for a second time
+if [ -f install.log ];
+  then fuECHO "### Running more than once may complicate things. Erase install.log if you are really sure."
+  exit 1;
+fi
+
+# Let's log for the beauty of it
+set -e
+exec 2> >(tee "install.err")
+exec > >(tee "install.log")
+
+# Let's create a function for colorful output
+fuECHO () {
+  local myRED=1
+  local myWHT=7
+  tput setaf $myRED
+  echo $1 "$2"
+  tput setaf $myWHT
+}
+
+# Let's modify the sources list
+sed -i '/cdrom/d' /etc/apt/sources.list
+
+# Let's add the docker repository
+fuECHO "### Adding docker repository."
+apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
+tee /etc/apt/sources.list.d/docker.list <<EOF
+deb https://get.docker.io/ubuntu docker main
+EOF
+
+# Let's pull some updates
+fuECHO "### Pulling Updates."
+apt-get update -y
+fuECHO "### Installing Updates."
+apt-get dist-upgrade -y
+
+# Let's install all the packages we need
+fuECHO "### Installing packages."
+apt-get install ntp lxc-docker git -y
+
+# Create the data partition and limit its size
+# If we want to extent the size of that filesystem later, without loss of data:
+# resize2fs -p data.img 8192M
+#fuECHO "### Creating data partition (Please be patient, this may take a while)."
+#mkdir -p /opt/virtual-disk/
+#dd if=/dev/zero of=/opt/virtual-disk/data.ext4 bs=1024 count=4096000
+#mkfs.ext4 /opt/virtual-disk/data.ext4 -F
+#tee -a /etc/fstab <<EOF
+#/opt/virtual-disk/data.ext4 /data       ext4    loop,rw,nosuid
+#EOF
+#mkdir -p /data
+#mount /opt/virtual-disk/data.ext4 -o loop,rw,nosuid
+
+# Let's add a new user
+fuECHO "### Adding new user."
+addgroup --gid 2000 tpot
+adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
+
+# Let's create some files and folders
+fuECHO "### Creating some files and folders."
+mkdir -p /data/ews/log /data/ews/conf
+#mkdir -p /data/puppet/
+
+# Let's modify the ownership / access rights
+chmod 760 -R /data
+chown tpot:tpot -R /data
+
+# Let's set the hostname
+fuECHO "### Setting a new hostname."
+myHOST=ce$(date +%s)$RANDOM
+hostnamectl set-hostname $myHOST
+sed -i 's/127.0.1.1.*/127.0.1.1\t'"$myHOST"'/g' /etc/hosts
+#echo $myHOST > /data/puppet/name.conf
+
+# Let's patch sshd_config
+fuECHO "### Patching sshd_config to listen on port 64295 and deny password authentication."
+sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config
+sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config
+
+# Disable ssh service
+mv /etc/init/ssh.conf /etc/init/ssh.conf.disable
+
+# Let's add the ssh keys
+#fuECHO "### Adding ssh keys for the admin user."
+#mkdir -p /home/admin/.ssh/
+#tee /home/admin/.ssh/authorized_keys <<EOF
+#ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8f8Dq8/XuVZl3M8ARxPQNz74T46Gez8nFTV6xjGKh6VZmyU8BL/+ERXSTJg47HsncNLEpqHgPnZTTh1hZK7HxJvPLQ1JrfPO7Fbl2B5Qy26yzAYJTnHQYUBMGTpI8gmLczE6eZcGuK0huMOoot+m7WeIMHQbzZcuNAknPsxBhJHY4s3rvElrJnY7ckz4mroqRSZXvu6w7igthUX3a1A+xsxVmxUatzFJ1Ky4jYswKFdcNPA77/nRckxtt86ORpqJq/r2PjDpuv2JpRha9zdUDpvpdCIQJFM1SdRyGMSrvbMyEWZBCTB3YF/GmQT04sfEytqHUY7zbK7kzNyDhXeg5Q== av@telekom
+#ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCt6Af5L8FYaNiDG0JKHPlJDLAbXklK5wVHj1IYqLINR8dIBcGcFwIF+YoJypZmsf1geta9WPjEW8bpd4G6XiYYg6YNRYxgBZScSb0WGVn0rHBMH+cuQxkhIdHucEMq4JFsRTVFWXjpQspu6p5gQxafGHnsLY/RYrgFy9XktS7Ha0Tfa6WXxpF72jyCoRRBUKF8CSip1XFaHIIY0xA0wTHZpmAI7dea4XA44oVDfr6g/4CTDTPQJiwn0HrRnZjgqJPzCT4gyXv+L6c5lcdrob4JpRj/YIis6aD6AMw4PeDsp3d/P9L2Vm9+p2a5Xx5U5cfGNUanvkvicrzZC1v+v3H9 mo@telekom
+#ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHM2Pht1q6VDfRs+gPYu3/Eg5wgFfQrM45A+jRduskcIJSlwO5m/dMEipc10Y+Ut+tIST8ydQA8ZTYicinOjoCbSUju7sTDRb5jMs60nBRaj4BmzCQOqo4hidt3iX8+IpU9JUl8RR5rQzwDsWTdkhuCEEjiD+2YDdJO5kjMoaa1UW19iFEOLY582psoDTmkNY9MOfhoJla4S7m0A6eOMfq4DO/eKMKgOxJ0W8K6fQjSAyMSmqlamirxSjZ2OGohS7r1JVYhTdU6cmJxYRVNa2Rr8BHn8uf1cR4uaV49CfqJgx3W5YMjSjc3nCLt0csfdQd+sur25Gv0033liq7ZQFR ms@telekom
+#EOF
+#chmod 700 -R /home/admin/.ssh
+#chmod 600 /home/admin/.ssh/authorized_keys
+#chown admin:admin -R /home/admin/.ssh
+
+# Let's patch docker defaults, so we can run images as service
+fuECHO "### Patching docker defaults."
+tee -a /etc/default/docker <<EOF
+DOCKER_OPTS="-r=false"
+EOF
+
+# Let's create an upstart config for the dionaea docker image
+fuECHO "### Adding upstart config for the dionaea docker image."
+tee -a /etc/init/dionaea.conf <<EOF
+description "Dionaea"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+script
+  sleep 1
+  /usr/bin/docker run --name dionaea --cap-add=NET_ADMIN --rm -p 21:21 -p 42:42 -p 8080:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5061:5061 -p 5060:5060 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea dtagdevsec/dionaea
+end script
+post-stop script
+  sleep 1
+  /usr/bin/docker rm dionaea
+end script
+EOF
+
+# Let's create an upstart config for the ews docker image
+fuECHO "### Adding upstart config for the ews docker image."
+tee -a /etc/init/ews.conf <<EOF
+description "EWS"
+author "mo"
+start on started docker and filesystem and started dionaea and started honeytrap and started kippo and started glastopf
+stop on runlevel [!2345]
+respawn
+script
+  sleep 15 
+  /usr/bin/docker run --name ews --volumes-from dionaea --volumes-from glastopf --volumes-from honeytrap --volumes-from kippo --rm -v /data/ews/:/data/ews/ --link kippo:kippo dtagdevsec/ews
+end script
+post-stop script
+  sleep 1
+  /usr/bin/docker rm ews
+end script
+EOF
+
+# Let's create an upstart config for the glastopf docker image
+fuECHO "### Adding upstart config for the glastopf docker image."
+tee -a /etc/init/glastopf.conf <<EOF
+description "Glastopf"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+script
+  sleep 1
+  /usr/bin/docker run --name glastopf --rm -p 80:80 -v /data/glastopf dtagdevsec/glastopf 
+end script
+post-stop script
+  sleep 1
+  /usr/bin/docker rm glastopf
+end script
+EOF
+
+# Let's create an upstart config for the honeytrap docker image
+fuECHO "### Adding upstart config for the honeytrap docker image."
+tee -a /etc/init/honeytrap.conf <<EOF
+description "Honeytrap"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+  sleep 1
+  /sbin/iptables -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+end script
+script
+  sleep 1
+  /usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm -v /data/honeytrap dtagdevsec/honeytrap
+end script
+post-stop script
+  sleep 1
+  /sbin/iptables -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+  /usr/bin/docker rm honeytrap
+end script
+EOF
+
+# Let's create an upstart config for the kippo docker image
+fuECHO "### Adding upstart config for the kippo docker image."
+tee -a /etc/init/kippo.conf <<EOF
+description "Kippo"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+script
+  sleep 1 
+  /usr/bin/docker run --name kippo --rm -p 22:2222 -v /data/kippo dtagdevsec/kippo 
+end script
+post-stop script
+  sleep 1
+  /usr/bin/docker rm kippo
+end script
+EOF
+
+# Let's load docker images from local
+#fuECHO "### Loading docker images from local."
+#cd /root/images
+#for name in dionaea ews glastopf honeytrap kippo
+#do
+#  docker load -i $(ls $name*)
+#  docker tag $(ls $name* | cut -d "_" -f 2 | cut -c-12) t3chn0m4g3/beehive:$name
+#done
+#cd /root
+#rm -rf /root/images
+
+# Let's load docker images from remote
+fuECHO "### Downloading docker images from DockerHub. Please be patient, this may take a while."
+for name in dionaea ews glastopf honeytrap kippo
+do
+  docker pull dtagdevsec/$name
+done
+
+# Let's add the daily update check with a weekly clean interval
+fuECHO "### Modifying update checks."
+tee /etc/apt/apt.conf.d/10periodic <<EOF
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "0";
+APT::Periodic::AutocleanInterval "7";
+EOF
+
+# Let's add a nice and useful issue text and update rc.local accordingly
+fuECHO "### Adding a nice and useful issue text and updating rc.local accordingly."
+tee /etc/issue <<EOF
+T-Pot Community Edition
+Hostname: \n 
+IP:
+
+
+
+              xxx              .            
+            xxx xxx          ==            
+          xxx xxx xxx       ===            
+       /""""""""""""""""\___/ ===        
+  ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ /  ===- ~~~   
+       \______ o          __/            
+         \    \        __/             
+          \____\______/                
+
+
+
+
+EOF
+
+echo "#!/bin/sh -e" > /etc/rc.local.new
+echo "# Let's add the first local ip to the /etc/issue file" >> /etc/rc.local.new
+echo 'sed -i "s#IP:.*#IP: ""$(hostname -I | awk '"'"'{ print $1 }'"'"')""#" /etc/issue' >> /etc/rc.local.new
+echo "exit 0" >> /etc/rc.local.new
+chmod +x /etc/rc.local.new
+
+# Final steps
+fuECHO "### Thanks for your patience. Now rebooting."
+mv /etc/rc.local.new /etc/rc.local && chage -d 0 tsec && sleep 2 && reboot
diff --git a/installer/install2.sh.backup b/installer/install2.sh.backup
new file mode 100755
index 00000000..a76e5be1
--- /dev/null
+++ b/installer/install2.sh.backup
@@ -0,0 +1,357 @@
+#!/bin/bash
+########################################################
+# Beehive post install script                          #
+# Ubuntu server 14.04, x64                             #
+#                                                      #
+# v0.12 by MO, DTAG, 2014-11-07                        #
+########################################################
+
+# Let's make sure there is a warning if running for a second time
+if [ -f install.log ];
+  then fuECHO "### Running more than once may complicate things. Erase install.log if you are really sure."
+  exit 1;
+fi
+
+# Let's log for the beauty of it
+set -e
+exec 2> >(tee "install.err")
+exec > >(tee "install.log")
+
+# Let's create a function for colorful output
+fuECHO () {
+  local myRED=1
+  local myWHT=7
+  tput setaf $myRED
+  echo $1 "$2"
+  tput setaf $myWHT
+}
+
+# Let's modify the sources list
+sed -i '/cdrom/d' /etc/apt/sources.list
+
+# Let's add the docker repository
+fuECHO "### Adding docker repository."
+apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
+tee /etc/apt/sources.list.d/docker.list <<EOF
+deb https://get.docker.io/ubuntu docker main
+EOF
+
+# Let's pull some updates
+fuECHO "### Pulling Updates."
+apt-get update -y
+fuECHO "### Installing Updates."
+apt-get dist-upgrade -y
+
+# Let's install all the packages we need
+fuECHO "### Installing packages."
+apt-get install ntp lxc-docker puppet git -y
+
+# Create the data partition and limit its size
+# Reminder if you want to extent the size of the filesystem later, without loss of data:
+# resize2fs -p data.img 8192M
+fuECHO "### Creating data partition (Please be patient, this may take a while)."
+mkdir -p /opt/virtual-disk/
+dd if=/dev/zero of=/opt/virtual-disk/data.ext4 bs=1024 count=4096000
+mkfs.ext4 /opt/virtual-disk/data.ext4 -F
+tee -a /etc/fstab <<EOF
+/opt/virtual-disk/data.ext4 /data       ext4    loop,rw,nosuid
+EOF
+mkdir -p /data
+mount /opt/virtual-disk/data.ext4 -o loop,rw,nosuid
+
+# Let's add a new user
+fuECHO "### Adding new user."
+addgroup --gid 2000 bee
+adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 bee
+
+# Let's create some files and folders
+fuECHO "### Creating some files and folders."
+mkdir -p /data/ews
+mkdir -p /data/ews/log
+mkdir -p /data/ews/data
+#mkdir -p /data/dionaea
+#mkdir -p /data/dionaea/log
+#mkdir -p /data/dionaea/bistreams
+#mkdir -p /data/dionaea/binaries
+#mkdir -p /data/dionaea/rtp
+#mkdir -p /data/dionaea/wwwroot
+mkdir -p /data/glastopf
+tee /data/glastopf/glastopf.cfg <<EOF
+[webserver]
+host = 0.0.0.0
+port = 80
+uid = bee 
+gid = bee
+proxy_enabled = False
+
+#Generic logging for general monitoring
+[logging]
+consolelog_enabled = True
+filelog_enabled = True
+logfile = log/glastopf.log
+
+[dork-db]
+enabled = True
+pattern = rfi
+#Extracts dorks from a online dorks service operated by The Honeynet Project
+mnem_service = True
+
+[hpfeed]
+enabled = False
+host = hpfriends.honeycloud.net
+port = 20000
+secret = 
+# channels comma separated
+chan_events = glastopf.events
+chan_files = glastopf.files
+ident = 
+
+[main-database]
+#If disabled a sqlite database will be created (db/glastopf.db)
+#to be used as dork storage.
+enabled = True
+#mongodb or sqlalchemy connection string, ex:
+#mongodb://localhost:27017/glastopf
+#mongodb://james:bond@localhost:27017/glastopf
+#mysql://james:bond@somehost.com/glastopf
+connection_string = sqlite:///db/glastopf.db
+
+[surfcertids]
+enabled = False
+host = localhost
+port = 5432
+user = 
+password = 
+database = idsserver
+
+[syslog]
+enabled = False
+socket = /dev/log
+
+[mail]
+enabled = False
+# an email notification will be sent only if a specified matched pattern is identified.
+# Use the wildcard char *, to be notified every time
+patterns = rfi,lfi
+user =
+pwd =
+mail_from =
+mail_to = 
+smtp_host = smtp.gmail.com
+smtp_port = 587
+
+[taxii]
+enabled = False
+host = taxiitest.mitre.org
+port = 80
+inbox_path = /services/inbox/default/
+use_https = False
+use_auth_basic = False
+auth_basic_username = your_username
+auth_basic_password = your_password
+use_auth_certificate = False
+auth_certificate_keyfile = full_path_to_keyfile
+auth_certificate_certfile = full_path_to_certfile
+include_contact_info = False
+contact_name = ...
+contact_email = ...
+
+[misc]
+# set webserver banner
+banner = Apache/2.0.48
+EOF
+mkdir -p /data/honeytrap
+mkdir -p /data/honeytrap/log
+mkdir -p /data/honeytrap/data
+mkdir -p /data/honeytrap/attacks
+mkdir -p /data/honeytrap/downloads
+mkdir -p /data/kippo
+mkdir -p /data/kippo/data
+mkdir -p /data/kippo/log
+mkdir -p /data/kippo/log/tty
+tee /data/kippo/userdb.txt << EOF
+root:0:12345
+EOF
+mkdir -p /data/puppet
+
+# Let's set the hostname
+fuECHO "### Setting a new hostname."
+#myHOST=ce$(ifconfig docker0 | grep HWaddr | awk '{ print $5 }' | tr -d ":")
+myHOST=ce$(date +%s)$RANDOM
+hostnamectl set-hostname $myHOST
+sed -i 's/127.0.1.1.*/127.0.1.1\t'"$myHOST"'/g' /etc/hosts
+echo $myHOST > /data/puppet/name.conf
+
+# Let's modify the ownership / access rights
+chmod 760 -R /data
+chown bee:bee -R /data
+
+# Let's patch sshd_config
+fuECHO "### Patching sshd_config to listen on port 64295 and deny password authentication."
+sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config
+sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config
+
+# Let's add the ssh keys
+fuECHO "### Adding ssh keys for the hive user."
+mkdir -p /home/hive/.ssh/
+tee /home/hive/.ssh/authorized_keys <<EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8f8Dq8/XuVZl3M8ARxPQNz74T46Gez8nFTV6xjGKh6VZmyU8BL/+ERXSTJg47HsncNLEpqHgPnZTTh1hZK7HxJvPLQ1JrfPO7Fbl2B5Qy26yzAYJTnHQYUBMGTpI8gmLczE6eZcGuK0huMOoot+m7WeIMHQbzZcuNAknPsxBhJHY4s3rvElrJnY7ckz4mroqRSZXvu6w7igthUX3a1A+xsxVmxUatzFJ1Ky4jYswKFdcNPA77/nRckxtt86ORpqJq/r2PjDpuv2JpRha9zdUDpvpdCIQJFM1SdRyGMSrvbMyEWZBCTB3YF/GmQT04sfEytqHUY7zbK7kzNyDhXeg5Q== av@telekom
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCt6Af5L8FYaNiDG0JKHPlJDLAbXklK5wVHj1IYqLINR8dIBcGcFwIF+YoJypZmsf1geta9WPjEW8bpd4G6XiYYg6YNRYxgBZScSb0WGVn0rHBMH+cuQxkhIdHucEMq4JFsRTVFWXjpQspu6p5gQxafGHnsLY/RYrgFy9XktS7Ha0Tfa6WXxpF72jyCoRRBUKF8CSip1XFaHIIY0xA0wTHZpmAI7dea4XA44oVDfr6g/4CTDTPQJiwn0HrRnZjgqJPzCT4gyXv+L6c5lcdrob4JpRj/YIis6aD6AMw4PeDsp3d/P9L2Vm9+p2a5Xx5U5cfGNUanvkvicrzZC1v+v3H9 mo@telekom
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHM2Pht1q6VDfRs+gPYu3/Eg5wgFfQrM45A+jRduskcIJSlwO5m/dMEipc10Y+Ut+tIST8ydQA8ZTYicinOjoCbSUju7sTDRb5jMs60nBRaj4BmzCQOqo4hidt3iX8+IpU9JUl8RR5rQzwDsWTdkhuCEEjiD+2YDdJO5kjMoaa1UW19iFEOLY582psoDTmkNY9MOfhoJla4S7m0A6eOMfq4DO/eKMKgOxJ0W8K6fQjSAyMSmqlamirxSjZ2OGohS7r1JVYhTdU6cmJxYRVNa2Rr8BHn8uf1cR4uaV49CfqJgx3W5YMjSjc3nCLt0csfdQd+sur25Gv0033liq7ZQFR ms@telekom
+EOF
+chmod 700 -R /home/hive/.ssh
+chmod 600 /home/hive/.ssh/authorized_keys
+chown hive:hive -R /home/hive/.ssh
+
+# Let's patch docker defaults, so we can run images as service
+fuECHO "### Patching docker defaults."
+tee -a /etc/default/docker <<EOF
+DOCKER_OPTS="-r=false"
+EOF
+
+# Let's create an upstart config for the dionaea docker image
+fuECHO "### Adding upstart config for the dionaea docker image."
+tee -a /etc/init/dionaea.conf <<EOF
+description "Dionaea"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+script
+  sleep 1
+  /usr/bin/docker run --name dionaea --cap-add=NET_ADMIN --rm -p 21:21 -p 42:42 -p 8080:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5061:5061 -p 5060:5060 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea t3chn0m4g3/beehive:dionaea
+end script
+post-stop script
+  sleep 1
+  /usr/bin/docker rm dionaea
+end script
+EOF
+
+# Let's create an upstart config for the ews docker image
+fuECHO "### Adding upstart config for the ews docker image."
+tee -a /etc/init/ews.conf <<EOF
+description "EWS"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+script
+  sleep 1
+  /usr/bin/docker run --name ews --rm -v /data/:/data/ --link kippo:kippo t3chn0m4g3/beehive:ews
+end script
+post-stop script
+  sleep 1
+  /usr/bin/docker rm ews
+end script
+EOF
+
+# Let's create an upstart config for the glastopf docker image
+fuECHO "### Adding upstart config for the glastopf docker image."
+tee -a /etc/init/glastopf.conf <<EOF
+description "Glastopf"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+script
+  sleep 1
+  /usr/bin/docker run --name glastopf --rm -p 80:80 -v /data/glastopf:/data/glastopf t3chn0m4g3/beehive:glastopf
+end script
+post-stop script
+  sleep 1
+  /usr/bin/docker rm glastopf
+end script
+EOF
+
+# Let's create an upstart config for the honeytrap docker image
+fuECHO "### Adding upstart config for the honeytrap docker image."
+tee -a /etc/init/honeytrap.conf <<EOF
+description "Honeytrap"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+  sleep 1
+  /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+end script
+script
+  sleep 1
+  /usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm -v /data/honeytrap:/data/honeytrap t3chn0m4g3/beehive:honeytrap
+end script
+post-stop script
+  sleep 1
+  /sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+  /usr/bin/docker rm honeytrap
+end script
+EOF
+
+# Let's create an upstart config for the kippo docker image
+fuECHO "### Adding upstart config for the kippo docker image."
+tee -a /etc/init/kippo.conf <<EOF
+description "Kippo"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+script
+  sleep 1
+  /usr/bin/docker run --name kippo --rm -p 22:2222 -v /data/kippo:/data/kippo t3chn0m4g3/beehive:kippo
+end script
+post-stop script
+  sleep 1
+  /usr/bin/docker rm kippo
+end script
+EOF
+
+# Let's load docker images from local
+fuECHO "### Loading docker images from local."
+cd /root/images
+for name in dionaea ews glastopf honeytrap kippo
+do
+  docker load -i $(ls $name*)
+  docker tag $(ls $name* | cut -d "_" -f 2 | cut -c-12) t3chn0m4g3/beehive:$name
+done
+cd /root
+rm -rf /root/images
+
+# Let's add the daily update check with a weekly clean interval
+fuECHO "### Modifying update checks."
+tee /etc/apt/apt.conf.d/10periodic <<EOF
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "0";
+APT::Periodic::AutocleanInterval "7";
+EOF
+
+# Let's add a nice and useful issue text and update rc.local accordingly
+fuECHO "### Adding a nice and useful issue text and updating rc.local accordingly."
+tee /etc/issue <<EOF
+Beehive 14.04.1 Alpha
+Hostname: \n 
+IP:
+
+
+
+              xxx              .            
+            xxx xxx          ==            
+          xxx xxx xxx       ===            
+       /""""""""""""""""\___/ ===        
+  ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ /  ===- ~~~   
+       \______ o          __/            
+         \    \        __/             
+          \____\______/                
+
+
+
+
+EOF
+
+echo "#!/bin/sh -e" > /etc/rc.local.new
+echo "# Let's add the first local ip to the /etc/issue file" >> /etc/rc.local.new
+echo 'sed -i "s#IP:.*#IP: ""$(hostname -I | awk '"'"'{ print $1 }'"'"')""#" /etc/issue' >> /etc/rc.local.new
+echo "exit 0" >> /etc/rc.local.new
+chmod +x /etc/rc.local.new
+
+# Final steps
+fuECHO "### Thanks for your patience. Now rebooting."
+mv /etc/rc.local.new /etc/rc.local && sleep 2 && reboot
diff --git a/isolinux/txt.cfg b/isolinux/txt.cfg
new file mode 100755
index 00000000..08226794
--- /dev/null
+++ b/isolinux/txt.cfg
@@ -0,0 +1,5 @@
+default install
+label install
+  menu label ^Install T-Pot Community Edition
+  kernel /install/vmlinuz
+  append  file=/cdrom/tpotce/tpotce.seed initrd=/install/initrd.gz ks=cdrom:/tpotce/ks.cfg debian-installer/locale=en_US console-setup/ask_detect=false keyboard-configuration/layoutcode=de --
diff --git a/kickstart/ks.cfg b/kickstart/ks.cfg
new file mode 100644
index 00000000..54a93810
--- /dev/null
+++ b/kickstart/ks.cfg
@@ -0,0 +1,41 @@
+#Generated by Kickstart Configurator
+#platform=AMD64 or Intel EM64T
+
+#System language
+lang en_US
+#Language modules to install
+langsupport en_US
+#System keyboard
+keyboard de
+#System mouse
+mouse
+#System timezone
+timezone Europe/Berlin
+#Root password
+rootpw --disabled
+#Initial user
+user tsec --fullname "tsec" --iscrypted --password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71
+#Reboot after installation
+reboot
+#Use text mode install
+text
+#Install OS instead of upgrade
+install
+#Use CDROM installation media
+cdrom
+#System bootloader configuration
+bootloader --location=mbr 
+#Clear the Master Boot Record
+zerombr yes
+#Partition clearing information
+clearpart --all --initlabel 
+#Disk partitioning information
+part swap --recommended 
+part /data --fstype ext4 --size 8192 
+part / --fstype ext4 --size 1 --grow 
+#System authorization infomation
+auth  --useshadow  --enablemd5 
+#Firewall configuration
+firewall --disabled 
+#Do not configure the X Window System
+skipx
diff --git a/makeiso.sh b/makeiso.sh
new file mode 100755
index 00000000..8fd86eb4
--- /dev/null
+++ b/makeiso.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+########################################################
+# .iso maker for tpotce                                #
+#                                                      #
+#                                                      #
+# v0.01 by mo, 2014-11-28                              #
+########################################################
+
+# Let's define some global vars
+myUBUNTULINK="http://de.releases.ubuntu.com/14.04.1/ubuntu-14.04.1-server-amd64.iso"
+myUBUNTUISO="ubuntu-14.04.1-server-amd64.iso"
+myTPOTCEISO="tpotce.iso"
+myTPOTCEDIR="tpotceiso"
+myTMP="tmp"
+
+# Let's create a function for colorful output
+fuECHO () {
+  local myRED=1
+  local myWHT=7
+  tput setaf $myRED
+  echo $1 "$2"
+  tput setaf $myWHT
+}
+
+# Let's install all the packages we need
+fuECHO "### Installing packages."
+apt-get install mkisofs isolinux -y
+
+# Let's get Ubuntu 14.04.1 as .iso
+fuECHO "### Downloading Ubuntu 14.04.1."
+if [ ! -f $myUBUNTUFILE ]
+  then wget $myUBUNTULINK;
+  else fuECHO "### Found it locally."
+fi
+
+# Let's loop mount it and copy all contents
+fuECHO "### Mounting .iso and copying all contents."
+mkdir -p $myTMP $myTPOTCEDIR
+losetup /dev/loop0 $myUBUNTUISO
+mount /dev/loop0 $myTMP
+cp -rT $myTMP $myTPOTCEDIR
+chmod 777 -R $myTPOTCEDIR
+umount $myTMP
+losetup -d /dev/loop0
+
+# Let's add the files for the automated install
+fuECHO "### Adding the automated install files."
+mkdir -p $myTPOTCEDIR/tpotce
+cp installer/* $myTPOTCEDIR/tpotce/
+cp isolinux/* $myTPOTCEDIR/isolinux/
+cp kickstart/* $myTPOTCEDIR/tpotce/
+cp preseed/* $myTPOTCEDIR/tpotce/
+chmod 777 -R $myTPOTCEDIR
+
+# Let's create the new .iso
+fuECHO "### Now creating the .iso."
+cd $myTPOTCEDIR
+mkisofs -D -r -V "T-Pot CE" -cache-inodes -J -l -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o ../$myTPOTCEISO ../$myTPOTCEDIR
+cd ..
+isohybrid $myTPOTCEISO
+  
+# Let's clean up
+fuECHO "### Cleaning up."
+rm -rf $myTMP $myTPOTCEDIR
+
+# Done.
+fuECHO "### Done."
+fuECHO "### Install to usb stick"
+fuECHO "###### Show devices:    df"
+fuECHO "###### Write to device: dd bs=1M if="$myTPOTCEISO" of=/dev/sdb" 
+exit 0
diff --git a/preseed/tpotce.seed b/preseed/tpotce.seed
new file mode 100755
index 00000000..2537fb19
--- /dev/null
+++ b/preseed/tpotce.seed
@@ -0,0 +1,82 @@
+# Beehive preseed file by mo
+# Setting locale
+d-i debian-installer/language string en
+d-i debian-installer/country string DE
+d-i debian-installer/locale string en_US.UTF-8
+
+# Keyboard selection
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/layoutcode string de
+
+# Network Configuration
+d-i netcfg/choose_interface select auto
+d-i netcfg/dhcp_timeout string 60
+d-i netcfg/get_hostname string t-pot 
+
+# Proxy
+d-i mirror/http/proxy string
+
+# Time
+d-i clock-setup/utc boolean true
+d-i time/zone string Europe/Berlin
+d-i clock-setup/ntp boolean true
+
+# Partitioning
+# old, not working with nuc
+#d-i partman-auto/init_automatically_partition select biggest_free
+#d-i partman-auto/choose_recipe select atomic
+#d-i partman-auto/method string regular
+#d-i partman-lvm/confirm boolean true
+#d-i partman-lvm/confirm_nooverwrite boolean true
+#d-i partman-lvm/device_remove_lvm boolean true
+#d-i partman-md/device_remove_md boolean true
+#d-i partman/default_filesystem string ext4
+#d-i partman-partitioning/confirm_write_new_label boolean true
+#d-i partman/choose_partition select finish
+#d-i partman/confirm boolean true
+#d-i partman/confirm_nooverwrite boolean true
+
+# testing, works with nuc, but trying ks file first
+#d-i partman-auto/disk string /dev/sda
+#d-i partman-auto/choose_recipe select atomic
+#d-i partman-auto/method string regular
+#d-i partman-lvm/confirm boolean true
+#d-i partman-lvm/confirm_nooverwrite boolean true
+#d-i partman-lvm/device_remove_lvm boolean true
+#d-i partman-md/device_remove_md boolean true
+#d-i partman/default_filesystem string ext4
+#d-i partman-partitioning/confirm_write_new_label boolean true
+#d-i partman/choose_partition select finish
+#d-i partman/confirm boolean true
+#d-i partman/confirm_nooverwrite boolean true
+
+# User setup
+#d-i passwd/user-fullname string admin 
+#d-i passwd/username string admin
+
+# Encrypted using an MD5 hash (printf "password" | mkpasswd -s -m md5)
+#d-i passwd/user-password-crypted password $1$8deB8hXr$S/5SDG559KmAPGAL62s3i1
+#d-i user-setup/allow-password-weak boolean true
+#d-i user-setup/encrypt-home boolean false
+
+# Package Groups
+tasksel tasksel/first multiselect ubuntu-server
+
+# Packages
+d-i pkgsel/include string openssh-server
+
+# Update Policy
+d-i pkgsel/update-policy select unattended-upgrades
+
+# Grub
+#d-i grub-installer/only_debian boolean true
+
+# Post install
+d-i preseed/late_command string \
+cp /cdrom/tpotce/install1.sh /target/etc/rc.local; \
+cp /cdrom/tpotce/install2.sh /target/root/install.sh
+#mkdir -p /target/root/images/; \
+#cp /cdrom/tpotce/images/* /target/root/images/
+
+# Reboot
+d-i finish-install/reboot_in_progress note