Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 12:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tweaking editions

Browse source
This commit is contained in:
t3chn0m4g3 2022-03-23 21:56:44 +00:00
parent 691ac58abf
commit 75c1b3400f
11 changed files with 619 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
etc/compose/hive.yml
View file

@ -43,6 +43,7 @@ services:
depends_on:
elasticsearch:
condition: service_healthy
# mem_limit: 1g
ports:
- "127.0.0.1:64296:5601"
image: "dtagdevsec/kibana:2203"
@ -60,6 +61,7 @@ services:
- /opt/tpot/etc/compose/elk_environment
ports:
- "127.0.0.1:64305:64305"
# mem_limit: 2g
image: "dtagdevsec/logstash:2203"
volumes:
- /data:/data

76
etc/compose/hive_sensor.yml
View file

@ -1,25 +1,29 @@
# T-Pot (Hive-Sensor)
# T-Pot (Hive_Sensor)
# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
version: '2.3'
networks:
adbhoney_local:
ciscoasa_local:
citrixhoneypot_local:
conpot_local_IEC104:
conpot_local_guardian_ast:
conpot_local_ipmi:
conpot_local_kamstrup_382:
cowrie_local:
cyberchef_local:
ddospot_local:
dicompot_local:
dionaea_local:
elasticpot_local:
heralding_local:
logstash_local:
ipphoney_local:
mailoney_local:
medpot_local:
redishoneypot_local:
tanner_local:
ewsposter_local:
sentrypeer_local:
spiderfoot_local:
services:
@ -175,6 +179,25 @@ services:
- /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Ddospot service
ddospot:
container_name: ddospot
restart: always
networks:
- ddospot_local
ports:
- "19:19/udp"
- "53:53/udp"
- "123:123/udp"
# - "161:161/udp"
- "1900:1900/udp"
image: "dtagdevsec/ddospot:2203"
read_only: true
volumes:
- /data/ddospot/log:/opt/ddospot/ddospot/logs
- /data/ddospot/bl:/opt/ddospot/ddospot/bl
- /data/ddospot/db:/opt/ddospot/ddospot/db
# Dicompot service
# Get the Horos Client for testing: https://horosproject.org/
# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
@ -288,6 +311,19 @@ services:
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
# Ipphoney service
ipphoney:
container_name: ipphoney
restart: always
networks:
- ipphoney_local
ports:
- "631:631"
image: "dtagdevsec/ipphoney:2203"
read_only: true
volumes:
- /data/ipphoney/log:/opt/ipphoney/log
# Mailoney service
mailoney:
container_name: mailoney
@ -320,6 +356,32 @@ services:
volumes:
- /data/medpot/log/:/var/log/medpot
# Redishoneypot service
redishoneypot:
container_name: redishoneypot
restart: always
networks:
- redishoneypot_local
ports:
- "6379:6379"
image: "dtagdevsec/redishoneypot:2203"
read_only: true
volumes:
- /data/redishoneypot/log:/var/log/redishoneypot
# SentryPeer service
sentrypeer:
container_name: sentrypeer
restart: always
networks:
- sentrypeer_local
ports:
- "5060:5060/udp"
image: "dtagdevsec/sentrypeer:2203"
read_only: true
volumes:
- /data/sentrypeer/log:/var/log/sentrypeer
#### Snare / Tanner
## Tanner Redis Service
tanner_redis:
@ -375,6 +437,7 @@ services:
- /data/tanner/files:/opt/tanner/files
depends_on:
- tanner_api
# - tanner_web
- tanner_phpox
## Snare Service
@ -441,14 +504,15 @@ services:
#### Tools
##################
# Logstash service
## Logstash service
logstash:
container_name: logstash
restart: always
networks:
- logstash_local
# environment:
# - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
depends_on:
elasticsearch:
condition: service_healthy
env_file:
- /opt/tpot/etc/compose/elk_environment
mem_limit: 2g

39
etc/compose/industrial.yml
View file

@ -334,6 +334,45 @@ services:
volumes:
- /data:/data
## Map Redis Service
map_redis:
container_name: map_redis
restart: always
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/redis:2203"
read_only: true
## Map Web Service
map_web:
container_name: map_web
restart: always
environment:
- MAP_COMMAND=AttackMapServer.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
ports:
- "127.0.0.1:64299:64299"
image: "dtagdevsec/map_server:2203"
## Map Data Service
map_data:
container_name: map_data
restart: always
depends_on:
elasticsearch:
condition: service_healthy
environment:
- MAP_COMMAND=DataServer_v2.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/map_server:2203"
#### /ELK
# Ewsposter service
ewsposter:
container_name: ewsposter

39
etc/compose/log4j.yml
View file

@ -153,6 +153,45 @@ services:
volumes:
- /data:/data
## Map Redis Service
map_redis:
container_name: map_redis
restart: always
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/redis:2203"
read_only: true
## Map Web Service
map_web:
container_name: map_web
restart: always
environment:
- MAP_COMMAND=AttackMapServer.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
ports:
- "127.0.0.1:64299:64299"
image: "dtagdevsec/map_server:2203"
## Map Data Service
map_data:
container_name: map_data
restart: always
depends_on:
elasticsearch:
condition: service_healthy
environment:
- MAP_COMMAND=DataServer_v2.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/map_server:2203"
#### /ELK
# Ewsposter service
ewsposter:
container_name: ewsposter

39
etc/compose/medical.yml
View file

@ -147,6 +147,45 @@ services:
volumes:
- /data:/data
## Map Redis Service
map_redis:
container_name: map_redis
restart: always
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/redis:2203"
read_only: true
## Map Web Service
map_web:
container_name: map_web
restart: always
environment:
- MAP_COMMAND=AttackMapServer.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
ports:
- "127.0.0.1:64299:64299"
image: "dtagdevsec/map_server:2203"
## Map Data Service
map_data:
container_name: map_data
restart: always
depends_on:
elasticsearch:
condition: service_healthy
environment:
- MAP_COMMAND=DataServer_v2.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/map_server:2203"
#### /ELK
# Ewsposter service
ewsposter:
container_name: ewsposter

41
etc/compose/mini.yml
View file

@ -13,7 +13,7 @@ services:
#### Honeypots
##################
# Honeypots service
# qHoneypots service
honeypots:
container_name: honeypots
stdin_open: true
@ -172,6 +172,45 @@ services:
volumes:
- /data:/data
## Map Redis Service
map_redis:
container_name: map_redis
restart: always
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/redis:2203"
read_only: true
## Map Web Service
map_web:
container_name: map_web
restart: always
environment:
- MAP_COMMAND=AttackMapServer.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
ports:
- "127.0.0.1:64299:64299"
image: "dtagdevsec/map_server:2203"
## Map Data Service
map_data:
container_name: map_data
restart: always
depends_on:
elasticsearch:
condition: service_healthy
environment:
- MAP_COMMAND=DataServer_v2.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/map_server:2203"
#### /ELK
# Ewsposter service
ewsposter:
container_name: ewsposter

2
etc/compose/nextgen.yml
View file

@ -10,9 +10,9 @@ networks:
conpot_local_guardian_ast:
conpot_local_ipmi:
conpot_local_kamstrup_382:
ddospot_local:
dicompot_local:
dionaea_local:
ddospot_local:
elasticpot_local:
endlessh_local:
hellpot_local:

66
etc/compose/sensor.yml
View file

@ -4,21 +4,26 @@ version: '2.3'
networks:
adbhoney_local:
ciscoasa_local:
citrixhoneypot_local:
conpot_local_IEC104:
conpot_local_guardian_ast:
conpot_local_ipmi:
conpot_local_kamstrup_382:
cowrie_local:
cyberchef_local:
ddospot_local:
dicompot_local:
dionaea_local:
elasticpot_local:
heralding_local:
ipphoney_local:
mailoney_local:
medpot_local:
redishoneypot_local:
tanner_local:
ewsposter_local:
sentrypeer_local:
spiderfoot_local:
services:
@ -174,6 +179,25 @@ services:
- /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Ddospot service
ddospot:
container_name: ddospot
restart: always
networks:
- ddospot_local
ports:
- "19:19/udp"
- "53:53/udp"
- "123:123/udp"
# - "161:161/udp"
- "1900:1900/udp"
image: "dtagdevsec/ddospot:2203"
read_only: true
volumes:
- /data/ddospot/log:/opt/ddospot/ddospot/logs
- /data/ddospot/bl:/opt/ddospot/ddospot/bl
- /data/ddospot/db:/opt/ddospot/ddospot/db
# Dicompot service
# Get the Horos Client for testing: https://horosproject.org/
# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
@ -287,6 +311,19 @@ services:
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
# Ipphoney service
ipphoney:
container_name: ipphoney
restart: always
networks:
- ipphoney_local
ports:
- "631:631"
image: "dtagdevsec/ipphoney:2203"
read_only: true
volumes:
- /data/ipphoney/log:/opt/ipphoney/log
# Mailoney service
mailoney:
container_name: mailoney
@ -319,6 +356,32 @@ services:
volumes:
- /data/medpot/log/:/var/log/medpot
# Redishoneypot service
redishoneypot:
container_name: redishoneypot
restart: always
networks:
- redishoneypot_local
ports:
- "6379:6379"
image: "dtagdevsec/redishoneypot:2203"
read_only: true
volumes:
- /data/redishoneypot/log:/var/log/redishoneypot
# SentryPeer service
sentrypeer:
container_name: sentrypeer
restart: always
networks:
- sentrypeer_local
ports:
- "5060:5060/udp"
image: "dtagdevsec/sentrypeer:2203"
read_only: true
volumes:
- /data/sentrypeer/log:/var/log/sentrypeer
#### Snare / Tanner
## Tanner Redis Service
tanner_redis:
@ -374,6 +437,7 @@ services:
- /data/tanner/files:/opt/tanner/files
depends_on:
- tanner_api
# - tanner_web
- tanner_phpox
## Snare Service

46
etc/compose/standard.yml
View file

@ -4,6 +4,7 @@ version: '2.3'
networks:
adbhoney_local:
ciscoasa_local:
citrixhoneypot_local:
conpot_local_IEC104:
conpot_local_guardian_ast:
@ -15,8 +16,10 @@ networks:
dionaea_local:
elasticpot_local:
heralding_local:
ipphoney_local:
mailoney_local:
medpot_local:
redishoneypot_local:
tanner_local:
ewsposter_local:
sentrypeer_local:
@ -308,6 +311,19 @@ services:
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
# Ipphoney service
ipphoney:
container_name: ipphoney
restart: always
networks:
- ipphoney_local
ports:
- "631:631"
image: "dtagdevsec/ipphoney:2203"
read_only: true
volumes:
- /data/ipphoney/log:/opt/ipphoney/log
# Mailoney service
mailoney:
container_name: mailoney
@ -340,6 +356,19 @@ services:
volumes:
- /data/medpot/log/:/var/log/medpot
# Redishoneypot service
redishoneypot:
container_name: redishoneypot
restart: always
networks:
- redishoneypot_local
ports:
- "6379:6379"
image: "dtagdevsec/redishoneypot:2203"
read_only: true
volumes:
- /data/redishoneypot/log:/var/log/redishoneypot
# SentryPeer service
sentrypeer:
container_name: sentrypeer
@ -391,23 +420,6 @@ services:
depends_on:
- tanner_redis
## Tanner WEB Service
# tanner_web:
# container_name: tanner_web
# restart: always
# tmpfs:
# - /tmp/tanner:uid=2000,gid=2000
# tty: true
# networks:
# - tanner_local
# image: "dtagdevsec/tanner:2203"
# command: tannerweb
# read_only: true
# volumes:
# - /data/tanner/log:/var/log/tanner
# depends_on:
# - tanner_redis
## Tanner Service
tanner:
container_name: tanner

287
etc/compose/tarpit.yml Normal file
View file

@ -0,0 +1,287 @@
# T-Pot (Tarpit)
# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
version: '2.3'
networks:
endlessh_local:
hellpot_local:
heralding_local:
ewsposter_local:
spiderfoot_local:
services:
##################
#### Honeypots
##################
# Endlessh service
endlessh:
container_name: endlessh
restart: always
networks:
- endlessh_local
ports:
- "22:2222"
image: "dtagdevsec/endlessh:2203"
read_only: true
volumes:
- /data/endlessh/log:/var/log/endlessh
# Heralding service
heralding:
container_name: heralding
restart: always
tmpfs:
- /tmp/heralding:uid=2000,gid=2000
networks:
- heralding_local
ports:
# - "21:21"
# - "22:22"
# - "23:23"
# - "25:25"
# - "80:80"
- "110:110"
- "143:143"
# - "443:443"
- "465:465"
- "993:993"
- "995:995"
# - "3306:3306"
# - "3389:3389"
- "1080:1080"
- "5432:5432"
- "5900:5900"
image: "dtagdevsec/heralding:2203"
read_only: true
volumes:
- /data/heralding/log:/var/log/heralding
# Honeytrap service
honeytrap:
container_name: honeytrap
restart: always
tmpfs:
- /tmp/honeytrap:uid=2000,gid=2000
network_mode: "host"
cap_add:
- NET_ADMIN
image: "dtagdevsec/honeytrap:2203"
read_only: true
volumes:
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
# Hellpot service
hellpot:
container_name: hellpot
restart: always
networks:
- hellpot_local
ports:
- "80:8080"
image: "dtagdevsec/hellpot:2203"
read_only: true
volumes:
- /data/hellpot/log:/var/log/hellpot
##################
#### NSM
##################
# Fatt service
fatt:
container_name: fatt
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
- SYS_NICE
- NET_RAW
image: "dtagdevsec/fatt:2203"
volumes:
- /data/fatt/log:/opt/fatt/log
# P0f service
p0f:
container_name: p0f
restart: always
network_mode: "host"
image: "dtagdevsec/p0f:2203"
read_only: true
volumes:
- /data/p0f/log:/var/log/p0f
# Suricata service
suricata:
container_name: suricata
restart: always
environment:
# For ET Pro ruleset replace "OPEN" with your OINKCODE
- OINKCODE=OPEN
# Loading externel Rules from URL
# - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
network_mode: "host"
cap_add:
- NET_ADMIN
- SYS_NICE
- NET_RAW
image: "dtagdevsec/suricata:2203"
volumes:
- /data/suricata/log:/var/log/suricata
##################
#### Tools
##################
#### ELK
## Elasticsearch service
elasticsearch:
container_name: elasticsearch
restart: always
environment:
- bootstrap.memory_lock=true
- ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- ES_TMPDIR=/tmp
cap_add:
- IPC_LOCK
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
mem_limit: 4g
ports:
- "127.0.0.1:64298:9200"
image: "dtagdevsec/elasticsearch:2203"
volumes:
- /data:/data
## Kibana service
kibana:
container_name: kibana
restart: always
depends_on:
elasticsearch:
condition: service_healthy
mem_limit: 1g
ports:
- "127.0.0.1:64296:5601"
image: "dtagdevsec/kibana:2203"
## Logstash service
logstash:
container_name: logstash
restart: always
# environment:
# - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
depends_on:
elasticsearch:
condition: service_healthy
env_file:
- /opt/tpot/etc/compose/elk_environment
mem_limit: 2g
image: "dtagdevsec/logstash:2203"
volumes:
- /data:/data
## Map Redis Service
map_redis:
container_name: map_redis
restart: always
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/redis:2203"
read_only: true
## Map Web Service
map_web:
container_name: map_web
restart: always
environment:
- MAP_COMMAND=AttackMapServer.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
ports:
- "127.0.0.1:64299:64299"
image: "dtagdevsec/map_server:2203"
## Map Data Service
map_data:
container_name: map_data
restart: always
depends_on:
elasticsearch:
condition: service_healthy
environment:
- MAP_COMMAND=DataServer_v2.py
env_file:
- /opt/tpot/etc/compose/elk_environment
stop_signal: SIGKILL
tty: true
image: "dtagdevsec/map_server:2203"
#### /ELK
# Ewsposter service
ewsposter:
container_name: ewsposter
restart: always
networks:
- ewsposter_local
environment:
- EWS_HPFEEDS_ENABLE=false
- EWS_HPFEEDS_HOST=host
- EWS_HPFEEDS_PORT=port
- EWS_HPFEEDS_CHANNELS=channels
- EWS_HPFEEDS_IDENT=user
- EWS_HPFEEDS_SECRET=secret
- EWS_HPFEEDS_TLSCERT=false
- EWS_HPFEEDS_FORMAT=json
env_file:
- /opt/tpot/etc/compose/elk_environment
image: "dtagdevsec/ewsposter:2203"
volumes:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Nginx service
nginx:
container_name: nginx
restart: always
tmpfs:
- /var/tmp/nginx/client_body
- /var/tmp/nginx/proxy
- /var/tmp/nginx/fastcgi
- /var/tmp/nginx/uwsgi
- /var/tmp/nginx/scgi
- /run
- /var/lib/nginx/tmp:uid=100,gid=82
network_mode: "host"
ports:
- "64297:64297"
- "127.0.0.1:64304:64304"
image: "dtagdevsec/nginx:2203"
read_only: true
volumes:
- /data/nginx/cert/:/etc/nginx/cert/:ro
- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- /data/nginx/log/:/var/log/nginx/
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
restart: always
networks:
- spiderfoot_local
ports:
- "127.0.0.1:64303:8080"
image: "dtagdevsec/spiderfoot:2203"
volumes:
- /data/spiderfoot:/home/spiderfoot/.spiderfoot

15
iso/installer/install.sh
View file

@ -519,14 +519,15 @@ fi
if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
then
myCONF_TPOT_FLAVOR=$(dialog --keep-window --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose Your T-Pot Edition ]" --menu \
"\nRequired: 8GB RAM, 128GB SSD\nRecommended: 8GB RAM, 256GB SSD" 15 70 7 \
"STANDARD" "Honeypots, ELK, NSM & Tools" \
"\nRequired: 8-16GB RAM, 128GB SSD\nRecommended: 16GB RAM, 256GB SSD" 17 70 1 \
"STANDARD" "T-Pot Standalone with everything you need" \
"HIVE" "T-Pot Hive: ELK & Tools" \
"HIVE_SENSOR" "T-Pot Hive Sensor: Honeypots & NSM" \
"INDUSTRIAL" "Same as Standard with focus on Conpot" \
"LOG4J" "Log4Pot, ELK, NSM & Tools" \
"SENSOR" "Just Honeypots, EWS Poster & NSM" \
"INDUSTRIAL" "Conpot, RDPY, Vnclowpot, ELK, NSM & Tools" \
"COLLECTOR" "Heralding, ELK, NSM & Tools" \
"NEXTGEN" "NextGen (Glutton, HoneyPy)" \
"MEDICAL" "Dicompot, Medpot, ELK, NSM & Tools" 3>&1 1>&2 2>&3 3>&-)
"MEDICAL" "Dicompot, Medpot, ELK, NSM & Tools" \
"MINI" "Same as Standard with focus on qHoneypots" \
"SENSOR" "Just Honeypots & NSM" 3>&1 1>&2 2>&3 3>&-)
fi
# Let's ask for a secure tsec password if installation type is iso