From 717167b55cdd5d4f94c42aa79b2f674046e327a2 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Sat, 19 Mar 2022 21:32:11 +0000 Subject: [PATCH] updater tweaking --- iso/installer/install.sh | 64 ++++++++++++++--------------- update.sh | 89 +++++++++++++++++++++------------------- 2 files changed, 78 insertions(+), 75 deletions(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 530d322f..31b4ddc9 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -18,7 +18,7 @@ myCONF_FILE="/root/installer/iso.conf" myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" mySITES="https://ghcr.io https://github.com https://pypi.python.org https://debian.org" myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" -myLSB_STABLE_SUPPORTED="buster bullseye" +myLSB_STABLE_SUPPORTED="bullseye" myLSB_TESTING_SUPPORTED="stable" myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org https://listbot.sicherheitstacho.eu" myPREINSTALLPACKAGES="aria2 apache2-utils cracklib-runtime curl dialog figlet fuse grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet" @@ -813,38 +813,36 @@ fi # Let's create some files and folders fuBANNER "Files & folders" mkdir -vp /data/adbhoney/{downloads,log} \ - /data/ciscoasa/log \ - /data/conpot/log \ - /data/citrixhoneypot/logs \ - /data/cowrie/{downloads,keys,misc,log,log/tty} \ - /data/ddospot/{bl,db,log} \ - /data/dicompot/{images,log} \ - /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ - /data/elasticpot/log \ - /data/elk/{data,log} \ - /data/endlessh/log \ - /data/fatt/log \ - /data/honeytrap/{log,attacks,downloads} \ - /data/glutton/log \ - /data/hellpot/log \ - /data/heralding/log \ - /data/honeypots/log \ - /data/honeysap/log \ - /data/ipphoney/log \ - /data/log4pot/{log,payloads} \ - /data/mailoney/log \ - /data/medpot/log \ - /data/nginx/{log,heimdall} \ - /data/emobility/log \ - /data/ews/conf \ - /data/rdpy/log \ - /data/redishoneypot/log \ - /data/sentrypeer/log \ - /data/spiderfoot \ - /data/suricata/log \ - /data/tanner/{log,files} \ - /data/p0f/log \ - /home/tsec/.ssh/ + /data/ciscoasa/log \ + /data/conpot/log \ + /data/citrixhoneypot/logs \ + /data/cowrie/{downloads,keys,misc,log,log/tty} \ + /data/ddospot/{bl,db,log} \ + /data/dicompot/{images,log} \ + /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ + /data/elasticpot/log \ + /data/elk/{data,log} \ + /data/endlessh/log \ + /data/ews/conf \ + /data/fatt/log \ + /data/glutton/log \ + /data/hellpot/log \ + /data/heralding/log \ + /data/honeypots/log \ + /data/honeysap/log \ + /data/honeytrap/{log,attacks,downloads} \ + /data/ipphoney/log \ + /data/log4pot/{log,payloads} \ + /data/mailoney/log \ + /data/medpot/log \ + /data/nginx/{log,heimdall} \ + /data/p0f/log \ + /data/redishoneypot/log \ + /data/sentrypeer/log \ + /data/spiderfoot \ + /data/suricata/log \ + /data/tanner/{log,files} \ + /home/tsec/.ssh/ touch /data/nginx/log/error.log # Let's copy some files diff --git a/update.sh b/update.sh index 23dfedd2..5006a299 100755 --- a/update.sh +++ b/update.sh @@ -100,19 +100,30 @@ if [ "$myRELEASE" != "$myLSB_RELEASE" ] done if [ "$myQST" = "n" ]; then + echo echo $myGREEN"Aborting!"$myWHITE + echo exit else echo "###### Stopping and disabling T-Pot services ... " + echo systemctl stop tpot systemctl disable tpot echo "###### Switching /etc/apt/sources.list from buster to bullseye ... " + echo sed -i 's/buster/bullseye/g' /etc/apt/sources.list echo "###### Updating repositories ... " + echo apt-fast update echo "###### Running full upgrade ... " - apt-fast full-upgrade -y -o Dpkg::Options::="--force-confold" - echo "###### Please reboot now and re-run update.sh." + echo + echo "docker.io docker.io/restart boolean true" | debconf-set-selections -v + echo "debconf debconf/frontend select noninteractive" | debconf-set-selections -v + apt-fast full-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes + dpkg --configure -a + echo "###### $myBLUE""Finished with upgrading. Now restarting update.sh and to continue with T-Pot related updates.""$myWHITE" + exec "$0" "$@" + exit 1 fi exit fi @@ -211,9 +222,9 @@ export DEBIAN_FRONTEND=noninteractive echo "### Installing apt-fast" /bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)" local myPACKAGES=$(cat /opt/tpot/packages.txt) -# Remove purge in the future -echo "### Removing repository based install of elasticsearch-curator" -apt-get purge elasticsearch-curator -y +echo "### Removing and holding back problematic packages ..." +apt-fast -y purge cockpit-pcp elasticsearch-curator exim4-base glances mailutils pcp +apt-mark hold exim4-base mailutils pcp cockpit-pcp hash -r echo "### Now upgrading packages ..." dpkg --configure -a @@ -229,11 +240,8 @@ apt-fast -y dist-upgrade -o Dpkg::Options::="--force-confdef" -o Dpkg::Options:: dpkg --configure -a npm cache clean --force npm install elasticdump -g -pip3 install --upgrade yq +pip3 install --upgrade glances yq hash -r -echo "### Removing and holding back problematic packages ..." -apt-fast -y purge exim4-base mailutils pcp cockpit-pcp elasticsearch-curator -apt-mark hold exim4-base mailutils pcp cockpit-pcp echo echo "### Now replacing T-Pot related config files on host" @@ -254,39 +262,36 @@ echo ### Ensure creation of T-Pot related folders, just in case mkdir -vp /data/adbhoney/{downloads,log} \ - /data/ciscoasa/log \ - /data/conpot/log \ - /data/citrixhoneypot/logs \ - /data/cowrie/{downloads,keys,misc,log,log/tty} \ - /data/ddospot/{bl,db,log} \ - /data/dicompot/{images,log} \ - /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ - /data/elasticpot/log \ - /data/elk/{data,log} \ - /data/endlessh/log \ - /data/fatt/log \ - /data/honeytrap/{log,attacks,downloads} \ - /data/glutton/log \ - /data/hellpot/log \ - /data/heralding/log \ - /data/honeypots/log \ - /data/honeysap/log \ - /data/ipphoney/log \ - /data/log4pot/{log,payloads} \ - /data/log4pot/log \ - /data/mailoney/log \ - /data/medpot/log \ - /data/nginx/{log,heimdall} \ - /data/emobility/log \ - /data/ews/conf \ - /data/rdpy/log \ - /data/redishoneypot/log \ - /data/sentrypeer/log \ - /data/spiderfoot \ - /data/suricata/log \ - /data/tanner/{log,files} \ - /data/p0f/log \ - /home/tsec/.ssh/ + /data/ciscoasa/log \ + /data/conpot/log \ + /data/citrixhoneypot/logs \ + /data/cowrie/{downloads,keys,misc,log,log/tty} \ + /data/ddospot/{bl,db,log} \ + /data/dicompot/{images,log} \ + /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ + /data/elasticpot/log \ + /data/elk/{data,log} \ + /data/endlessh/log \ + /data/ews/conf \ + /data/fatt/log \ + /data/glutton/log \ + /data/hellpot/log \ + /data/heralding/log \ + /data/honeypots/log \ + /data/honeysap/log \ + /data/honeytrap/{log,attacks,downloads} \ + /data/ipphoney/log \ + /data/log4pot/{log,payloads} \ + /data/mailoney/log \ + /data/medpot/log \ + /data/nginx/{log,heimdall} \ + /data/p0f/log \ + /data/redishoneypot/log \ + /data/sentrypeer/log \ + /data/spiderfoot \ + /data/suricata/log \ + /data/tanner/{log,files} \ + /home/tsec/.ssh/ ### For some honeypots to work we need to ensure ntp.service is not listening echo "### Ensure ntp.service is not listening to avoid potential port conflict with ddospot."