start rework env, sensor deploy

env.example

@@ -6,25 +6,23 @@
 
 # Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
 #  <empty>: This is the default
-#  <'htpasswd encoded usernames / passwords'>:
-#   Use 'htpasswd -n <username>' to create the WEB_USER if you want to manually deploy T-Pot
-#   Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
-#   Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
-#   Multiple users are possible, example (notice the quotes!):
-#   WEB_USER='user1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
-#   user2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
+#  <base64 encoded htpasswd usernames / passwords>:
+#   Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot
+#   Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
+#   Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
+#   Multiple users are possible:
+#   WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= dHNlYzokYXByMSR6VUFHVWdmOCRROXI3a09CTjFjY3lCeU1DTloyanEvCgo=
 WEB_USER=
 
 # Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd.
 # The Lostsash Web usernames are used for T-Pot log ingestion via Logstash, each sensor should have its own user.
 #  <empty>: This is empty by default.
 #  <'htpasswd encoded usernames / passwords'>:
-#   Use 'htpasswd -n <username>' to create the LS_WEB_USER if you want to manually deploy T-Pot
-#   Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
-#   Copy the string and replace / add LS_WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
-#   Multiple users are possible, example (notice the quotes!):
-#   LS_WEB_USER='sensor1:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
-#   sensor2:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
+#   Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the LS_WEB_USER if you want to manually deploy the sensor.
+#   Example: 'htpasswd -n -b "sensor" "sensor" | base64 -w0' will print c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
+#   Copy the string and replace / add LS_WEB_USER=c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
+#   Multiple users are possible:
+#   LS_WEB_USER=c2Vuc29yMTokYXByMSQ5aXhNRk5yMCR6d3F2dGFwQ2x0cFBhU1pqMm9ZemYxCgo= c2Vuc29yMjokYXByMSRtYTlOS1J2NCQvU3dsVVBMeW5RaVIyM3pyWVAzOUkwCgo=
 LS_WEB_USER=
 
 # T-Pot Blackhole
@@ -52,12 +50,12 @@ TPOT_PERSISTENCE=on
 #          3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
 #             Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
 #          4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
-#                        "echo -n 'username:password' | base64"
+#                        "echo -n 'username:password' | base64 -w0"
 TPOT_TYPE=HIVE
 
 # T-Pot Hive User (only relevant for SENSOR deployment)
 #  <empty>: This is empty by default.
-#  <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64"
+#  <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64 -w0"
 #                           i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
 TPOT_HIVE_USER=
 

install.sh

@@ -251,10 +251,12 @@ if [ "${myTPOT_TYPE}" == "HIVE" ];
 	done
 
 	# Write username and password to T-Pot config file
-	echo "### Creating htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"
+	echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"
 	myWEB_USER_ENC=$(htpasswd -b -n "${myWEB_USER}" "${myWEB_PW}")
+    myWEB_USER_ENC_B64=$(echo -n "${myWEB_USER_ENC}" | base64 -w0)
+    
 	echo
-	sed -i "s|^WEB_USER=.*|WEB_USER='${myWEB_USER_ENC}'|" ${myTPOT_CONF_FILE}
+	sed -i "s|^WEB_USER=.*|WEB_USER='${myWEB_USER_ENC_B64}'|" ${myTPOT_CONF_FILE}
 
     # Install T-Pot Type HIVE and use standard.yml for installation
     cp ${HOME}/tpotce/compose/standard.yml ${HOME}/tpotce/docker-compose.yml

installer/install/deploy.sh

@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+
+myANSIBLE_PORT=64295
+myANSIBLE_TPOT_PLAYBOOK="deploy.yml"
+myENV_FILE="$HOME/tpotce/.env"
+
+
+# Check if the script is running in a HIVE installation
+if ! grep -q 'TPOT_TYPE=HIVE' "$HOME/tpotce/.env";
+  then
+    echo "# This script is only supported on HIVE installations."
+    exit 1
+fi
+
+# Ask if a T-Pot sensor was installed
+read -p "# Was a T-Pot sensor installed? (y/n): " mySENSOR_INSTALLED
+if [[ ${mySENSOR_INSTALLED} != "y" ]]; 
+    then
+      echo "# A T-Pot sensor must be installed to continue."
+      exit 1
+fi
+
+# Check if ssh key has been deployed
+read -p "# Has the SSH key been deployed to the sensor? (y/n): " mySSHKEY_DEPLOYED
+if [[ ${mySSHKEY_DEPLOYED} != "y" ]]; 
+    then
+      echo "# Generate a SSH key using 'ssh-keygen' and deploy it to the sensor with 'ssh-copy-id user@sensor-ip'."
+      exit 1
+fi
+
+# Validate IP/domain name loop
+while true; do
+  read -p "# Enter the IP/domain name of the sensor: " mySENSOR_IP
+  if [[ ${mySENSOR_IP} =~ ^([a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*\.[a-zA-Z]{2,})|(([0-9]{1,3}\.){3}[0-9]{1,3})$ ]];
+    then
+      break
+    else
+      echo "# Invalid IP/domain. Please enter a valid IP or domain name."
+  fi
+done
+
+# Validate IP/domain name of HIVE
+while true; do
+  read -p "# Enter the IP/domain name of this HIVE: " myTPOT_HIVE_IP
+  if [[ ${myTPOT_HIVE_IP} =~ ^([a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*\.[a-zA-Z]{2,})|(([0-9]{1,3}\.){3}[0-9]{1,3})$ ]]; 
+    then
+      break
+    else
+      echo "# Invalid IP/domain. Please enter a valid IP or domain name."
+  fi
+done
+
+# Create a random sensor user name that is easily readable
+adjective=$(shuf -n1 a.txt)
+noun=$(shuf -n1 n.txt)
+myLS_WEB_USER="sensor-${adjective}-${noun}"
+
+# Create a random password
+myLS_WEB_PW=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)
+
+# Create myLS_WEB_USER_ENC
+myLS_WEB_USER_ENC=$(htpasswd -b -n "${myLS_WEB_USER}" "${myLS_WEB_PW}")
+myLS_WEB_USER_ENC_B64=$(echo -n "${myLS_WEB_USER_ENC}" | base64 -w0)
+
+# Create myTPOT_HIVE_USER, since this is for Logstash on the sensor, it needs to directly base64 encoded
+myTPOT_HIVE_USER=$(echo -n "${myLS_WEB_USER}:${myLS_WEB_PW}" | base64 -w0)
+
+# Print credentials
+echo "# The following sensor credentials have been created:"
+echo "# New sensor username: ${myLS_WEB_USER}"
+echo "# New sensor passowrd: ${myLS_WEB_PW}"
+echo "# New htpasswd encoded credentials: ${myLS_WEB_USER_ENC}"
+echo "# New htpasswd credentials base64 encoded: ${myLS_WEB_USER_ENC_B64}"
+echo "# New sensor credentials base64 encoded: ${myTPOT_HIVE_USER}"
+
+# Read LS_WEB_USER from file
+myENV_LS_WEB_USER=$(grep "^LS_WEB_USER=" "${myENV_FILE}" | sed 's/^LS_WEB_USER=//g' | tr -d "\"'")
+
+# Add the new sensor and show a complete list of all the sensors
+myENV_LS_WEB_USER="${myENV_LS_WEB_USER} ${myLS_WEB_USER_ENC_B64}"
+
+# Update the .env on the host
+sed -i "/^LS_WEB_USER=/c\LS_WEB_USER=${myENV_LS_WEB_USER}" "${myENV_FILE}"
+
+echo "# Here is the complete and updated sensor list on HIVE:"
+for i in $myENV_LS_WEB_USER;
+  do
+    echo -n $i | base64 --decode -w0
+    echo -n " :" $i
+    echo
+done
+
+export myTPOT_HIVE_USER
+export myTPOT_HIVE_IP
+
+ANSIBLE_LOG_PATH=$HOME/data/deploy_sensor.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -vvv -i ${mySENSOR_IP}, --check -c ssh -e "ansible_port=${myANSIBLE_PORT}"

installer/install/deploy.yml

@@ -0,0 +1,51 @@
+---
+- name: TPOT configuration playbook
+  hosts: all
+  vars:
+    local_nginx_cert_path: "~/tpotce/data/nginx/cert/nginx.crt"
+    remote_cert_path: "~/tpotce/data/hive.crt"
+    remote_sensor_yml_path: "~/tpotce/compose/sensor.yml"
+    remote_docker_compose_path: "~/tpotce/docker-compose.yml"
+    env_file_path: "~/tpotce/.env"
+  tasks:
+    - name: Copy nginx.crt from local to remote host
+      ansible.builtin.copy:
+        src: "{{ local_nginx_cert_path }}"
+        dest: "{{ remote_cert_path }}"
+
+    - name: Copy sensor.yml to docker-compose.yml on the remote host
+      ansible.builtin.command:
+        cmd: "cp {{ remote_sensor_yml_path }} {{ remote_docker_compose_path }}"
+
+    - name: Update TPOT_HIVE_USER in .env
+      ansible.builtin.lineinfile:
+        path: "{{ env_file_path }}"
+        regexp: '^TPOT_HIVE_USER='
+        line: 'TPOT_HIVE_USER={{ lookup("env", "myTPOT_HIVE_USER") }}'
+
+    - name: Update TPOT_HIVE_IP in .env
+      ansible.builtin.lineinfile:
+        path: "{{ env_file_path }}"
+        regexp: '^TPOT_HIVE_IP='
+        line: 'TPOT_HIVE_IP={{ lookup("env", "myTPOT_HIVE_IP") }}'
+
+    - name: Ensure TPOT_TYPE is set to SENSOR in .env
+      ansible.builtin.lineinfile:
+        path: "{{ env_file_path }}"
+        regexp: '^TPOT_TYPE='
+        line: 'TPOT_TYPE=SENSOR'
+        create: yes
+
+    - name: Ensure WEB_USER is empty in .env
+      ansible.builtin.lineinfile:
+        path: "{{ env_file_path }}"
+        regexp: '^WEB_USER='
+        line: 'WEB_USER='
+        create: yes
+
+    - name: Ensure LS_WEB_USER is empty in .env
+      ansible.builtin.lineinfile:
+        path: "{{ env_file_path }}"
+        regexp: '^LS_WEB_USER='
+        line: 'LS_WEB_USER='
+        create: yes