diff --git a/installer/bin/backup_es_folders.sh b/installer/bin/backup_es_folders.sh index c3c19de0..08155332 100755 --- a/installer/bin/backup_es_folders.sh +++ b/installer/bin/backup_es_folders.sh @@ -1,4 +1,5 @@ #!/bin/bash +# Backup all ES relevant folders # Make sure ES is available myES="http://127.0.0.1:64298/" myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) diff --git a/installer/bin/check.sh b/installer/bin/check.sh deleted file mode 100755 index 0ea3423c..00000000 --- a/installer/bin/check.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -######################################################## -# T-Pot # -# Check container and services script # -# # -# v16.10.0 by mo, DTAG, 2016-05-12 # -######################################################## -if [ -a /var/run/check.lock ]; - then - echo "Lock exists. Exiting now." - exit -fi - -myIMAGES=$(cat /etc/tpot/images.conf) - -touch /var/run/check.lock - -myUPTIME=$(awk '{print int($1/60)}' /proc/uptime) -for i in $myIMAGES - do - if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ] && [ "$i" != "spiderfoot" ]; - then - myCIDSTATUS=$(docker exec $i supervisorctl status) - if [ $? -ne 0 ]; - then - myCIDSTATUS=1 - else - myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)") - fi - if [ $myUPTIME -gt 4 ] && [ $myCIDSTATUS -gt 0 ]; - then - echo "Restarting "$i"." - systemctl stop $i - sleep 5 - systemctl start $i - fi - fi -done - -rm /var/run/check.lock diff --git a/installer/bin/clean.sh b/installer/bin/clean.sh index 2e23a9e7..ae60d124 100755 --- a/installer/bin/clean.sh +++ b/installer/bin/clean.sh @@ -1,14 +1,8 @@ #!/bin/bash - -######################################################## -# T-Pot # -# Container Data Cleaner # -# # -# v16.10.0 by mo, DTAG, 2016-05-28 # -######################################################## +# T-Pot Container Data Cleaner # Set persistence -myPERSISTENCE=$2 +myPERSISTENCE=$1 # Check persistence if [ "$myPERSISTENCE" = "on" ]; @@ -36,7 +30,6 @@ fuCOWRIE () { # Let's create a function to clean up and prepare dionaea data fuDIONAEA () { rm -rf /data/dionaea/* - rm /data/ews/dionaea/ews.json mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp chmod 760 /data/dionaea -R chown tpot:tpot /data/dionaea -R @@ -93,32 +86,12 @@ fuSURICATA () { chown tpot:tpot -R /data/suricata } -case $1 in - conpot) - fuCONPOT $1 - ;; - cowrie) - fuCOWRIE $1 - ;; - dionaea) - fuDIONAEA $1 - ;; - elasticpot) - fuELASTICPOT $1 - ;; - elk) - fuELK $1 - ;; - emobility) - fuEMOBILITY $1 - ;; - glastopf) - fuGLASTOPF $1 - ;; - honeytrap) - fuHONEYTRAP $1 - ;; - suricata) - fuSURICATA $1 - ;; -esac +fuCONPOT +fuCOWRIE +fuDIONAEA +fuELASTICPOT +fuELK +fuEMOBILITY +fuGLASTOPF +fuHONEYTRAP +fuSURICATA diff --git a/installer/bin/dcres.sh b/installer/bin/dcres.sh deleted file mode 100755 index 26e1f884..00000000 --- a/installer/bin/dcres.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -######################################################## -# T-Pot # -# Container and services restart script # -# # -# v16.10.0 by mo, DTAG, 2016-05-12 # -######################################################## -myCOUNT=1 - -while true -do - if ! [ -a /var/run/check.lock ]; - then break - fi - sleep 0.1 - if [ "$myCOUNT" = "1" ]; - then - echo -n "Waiting for services " - else echo -n . - fi - if [ "$myCOUNT" = "6000" ]; - then - echo - echo "Overriding check.lock" - rm /var/run/check.lock - break - fi - myCOUNT=$[$myCOUNT +1] -done - -myIMAGES=$(cat /etc/tpot/images.conf) - -touch /var/run/check.lock - -myUPTIME=$(awk '{print int($1/60)}' /proc/uptime) -if [ $myUPTIME -gt 4 ]; - then - for i in $myIMAGES - do - systemctl stop $i - done - echo "### Waiting 10 seconds before restarting docker ..." - sleep 10 - iptables -w -F - systemctl restart docker - while true - do - docker info > /dev/null - if [ $? -ne 0 ]; - then - echo Docker daemon is still starting. - else - echo Docker daemon is now available. - break - fi - sleep 0.1 - done - echo "### Docker is now up and running again." - echo "### Removing obsolete container data ..." - docker rm -v $(docker ps -aq) - echo "### Removing obsolete image data ..." - docker rmi $(docker images | grep "" | awk '{print $3}') - echo "### Starting T-Pot services ..." - for i in $myIMAGES - do - systemctl start $i - done - sleep 5 - else - echo "### T-Pot needs to be up and running for at least 5 minutes." -fi - -rm /var/run/check.lock - -/etc/rc.local diff --git a/installer/bin/dps.sh b/installer/bin/dps.sh index 3a12913f..2f3910b1 100755 --- a/installer/bin/dps.sh +++ b/installer/bin/dps.sh @@ -1,5 +1,5 @@ #/bin/bash - +# Show current status of all running containers # Let's ensure normal operation on exit or if interrupted ... function fuCLEANUP { stty sane @@ -7,7 +7,7 @@ function fuCLEANUP { trap fuCLEANUP EXIT stty -echo -icanon time 0 min 0 -myIMAGES=$(cat /etc/tpot/images.conf) +myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2) while true do clear @@ -18,7 +18,7 @@ while true echo echo "NAME CREATED PORTS" for i in $myIMAGES; do - mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1) + mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_0-9a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1) myDOWN=$(echo "$mySTATUS" | grep -c "NAMES") if [ "$myDOWN" = "1" ]; then diff --git a/installer/bin/dump_es.sh b/installer/bin/dump_es.sh index 74e95043..d496a98e 100755 --- a/installer/bin/dump_es.sh +++ b/installer/bin/dump_es.sh @@ -1,4 +1,5 @@ #/bin/bash +# Dump all ES data # Make sure ES is available myES="http://127.0.0.1:64298/" myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) diff --git a/installer/bin/export_kibana-objects.sh b/installer/bin/export_kibana-objects.sh index ac630dd3..a48b9011 100755 --- a/installer/bin/export_kibana-objects.sh +++ b/installer/bin/export_kibana-objects.sh @@ -1,4 +1,5 @@ #!/bin/bash +# Export all Kibana objects # Make sure ES is available myES="http://127.0.0.1:64298/" myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) diff --git a/installer/bin/import_kibana-objects.sh b/installer/bin/import_kibana-objects.sh index c291ce63..2ae37e6a 100755 --- a/installer/bin/import_kibana-objects.sh +++ b/installer/bin/import_kibana-objects.sh @@ -1,4 +1,5 @@ #!/bin/bash +# Import Kibana objects # Make sure ES is available myES="http://127.0.0.1:64298/" myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) diff --git a/installer/bin/myip.sh b/installer/bin/myip.sh index 10580971..86a9114e 100755 --- a/installer/bin/myip.sh +++ b/installer/bin/myip.sh @@ -34,8 +34,6 @@ httplist=( whatismyip.akamai.com ) - - # function to shuffle the global array "array" shuffle() { local i tmp size max rand @@ -48,7 +46,6 @@ shuffle() { done } - # if we have dig and a list of dns methods, try that first if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then eval array=( \"\${dnslist[@]}\" ) @@ -64,9 +61,7 @@ if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then done fi - # if we haven't succeeded with DNS, try HTTP - if [ ${#httplist[*]} == 0 ]; then echo "No hosts in httplist array!" >&2 exit 1 diff --git a/installer/bin/restore_es.sh b/installer/bin/restore_es.sh index e1dc01d3..506a5c8c 100755 --- a/installer/bin/restore_es.sh +++ b/installer/bin/restore_es.sh @@ -1,4 +1,5 @@ #/bin/bash +# Restore folder based ES backup # Make sure ES is available myES="http://127.0.0.1:64298/" myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) diff --git a/installer/bin/status.sh b/installer/bin/status.sh index a37900c1..c4f27eb9 100755 --- a/installer/bin/status.sh +++ b/installer/bin/status.sh @@ -1,16 +1,10 @@ #!/bin/bash - -######################################################## -# T-Pot # -# Container and services status script # -# # -# v16.10.0 by mo, DTAG, 2016-05-12 # -######################################################## +# Show status of SupervisorD within running containers myCOUNT=1 if [[ $1 == "" ]] then - myIMAGES=$(cat /etc/tpot/images.conf) + myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2) else myIMAGES=$1 fi diff --git a/installer/bin/update-images.sh b/installer/bin/update-images.sh deleted file mode 100755 index 0ee431eb..00000000 --- a/installer/bin/update-images.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash - -########################################################## -# T-Pot # -# Only start the containers found in /etc/systemd/system # -# # -# v17.06 by mo, DTAG, 2017-03-13 # -########################################################## - -# Make sure not to interrupt a check -while true -do - if ! [ -a /var/run/check.lock ]; - then break - fi - sleep 0.1 - if [ "$myCOUNT" = "1" ]; - then - echo -n "Waiting for services " - else echo -n . - fi - if [ "$myCOUNT" = "6000" ]; - then - echo - echo "Overriding check.lock" - rm /var/run/check.lock - break - fi - myCOUNT=$[$myCOUNT +1] -done - -# We do not want to get interrupted by a check -touch /var/run/check.lock - -# Stop T-Pot services and disable all T-Pot services -echo "### Stopping T-Pot services and cleaning up." -for i in $(cat /etc/tpot/imgcfg/all_images.conf); - do - systemctl stop $i - sleep 2 - systemctl disable $i; - rm /etc/systemd/system/$i.service -done - -# Restarting docker services and optionally clear local repository -echo "### Stopping docker services ..." -systemctl stop docker -sleep 1 -# If option "hard" clear the whole repository -if [ "$1" = "hard" ]; - then - echo "### Clearing local docker repository." - rm -rf /var/lib/docker - sleep 1 -fi -echo "### Starting docker services ..." -systemctl start docker -sleep 1 - -# Enable only T-Pot systemd scripts from images.conf and pull the images -for i in $(cat /etc/tpot/images.conf); - do - echo - echo "### Now pulling "$i - docker pull dtagdevsec/$i:1706; - cp /etc/tpot/systemd/$i.service /etc/systemd/system/ - systemctl enable $i; -done - -# Announce reboot -echo -echo "### Rebooting." - -# Allow checks to resume -rm /var/run/check.lock - -# Reboot -reboot diff --git a/installer/data/imgcfg/all_images.conf b/installer/data/imgcfg/all_images.conf deleted file mode 100644 index 0b64dfee..00000000 --- a/installer/data/imgcfg/all_images.conf +++ /dev/null @@ -1,13 +0,0 @@ -conpot -cowrie -dionaea -elasticpot -elk -emobility -ewsposter -glastopf -honeytrap -netdata -spiderfoot -suricata -ui-for-docker diff --git a/installer/data/imgcfg/hp_images.conf b/installer/data/imgcfg/hp_images.conf deleted file mode 100644 index e5aa3e75..00000000 --- a/installer/data/imgcfg/hp_images.conf +++ /dev/null @@ -1,6 +0,0 @@ -cowrie -dionaea -elasticpot -ewsposter -glastopf -honeytrap diff --git a/installer/data/imgcfg/industrial_images.conf b/installer/data/imgcfg/industrial_images.conf deleted file mode 100644 index 6c242158..00000000 --- a/installer/data/imgcfg/industrial_images.conf +++ /dev/null @@ -1,8 +0,0 @@ -conpot -elk -emobility -ewsposter -netdata -spiderfoot -suricata -ui-for-docker diff --git a/installer/data/imgcfg/tpot_images.conf b/installer/data/imgcfg/tpot_images.conf deleted file mode 100644 index 62e9f29b..00000000 --- a/installer/data/imgcfg/tpot_images.conf +++ /dev/null @@ -1,11 +0,0 @@ -cowrie -dionaea -elasticpot -elk -ewsposter -glastopf -honeytrap -netdata -spiderfoot -suricata -ui-for-docker diff --git a/installer/data/systemd/conpot.service b/installer/data/systemd/conpot.service deleted file mode 100644 index a60d6b04..00000000 --- a/installer/data/systemd/conpot.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=conpot -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop conpot -ExecStartPre=-/usr/bin/docker rm -v conpot -ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh conpot off' -ExecStart=/usr/bin/docker run --name conpot --rm=true -v /data/conpot:/data/conpot -v /data/ews:/data/ews -p 1025:1025 -p 50100:50100 dtagdevsec/conpot:1706 -ExecStop=/usr/bin/docker stop conpot - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/cowrie.service b/installer/data/systemd/cowrie.service deleted file mode 100644 index a52633ce..00000000 --- a/installer/data/systemd/cowrie.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=cowrie -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop cowrie -ExecStartPre=-/usr/bin/docker rm -v cowrie -ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh cowrie off' -ExecStart=/usr/bin/docker run --name cowrie --rm=true -p 22:2222 -p 23:2223 -v /data/cowrie:/data/cowrie -v /data/ews:/data/ews dtagdevsec/cowrie:1706 -ExecStop=/usr/bin/docker stop cowrie - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/dionaea.service b/installer/data/systemd/dionaea.service deleted file mode 100644 index 87385f7f..00000000 --- a/installer/data/systemd/dionaea.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=dionaea -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop dionaea -ExecStartPre=-/usr/bin/docker rm -v dionaea -ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh dionaea off' -ExecStart=/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 69:69/udp -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 1723:1723 -p 1883:1883 -p 1900:1900 -p 3306:3306 -p 5060:5060 -p 5061:5061 -p 5060:5060/udp -p 11211:11211 -v /data/dionaea:/data/dionaea dtagdevsec/dionaea:1706 -ExecStop=/usr/bin/docker stop dionaea - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/elasticpot.service b/installer/data/systemd/elasticpot.service deleted file mode 100644 index 3b0ed484..00000000 --- a/installer/data/systemd/elasticpot.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=elasticpot -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop elasticpot -ExecStartPre=-/usr/bin/docker rm -v elasticpot -ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elasticpot off' -ExecStart=/usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -p 9200:9200 dtagdevsec/elasticpot:1706 -ExecStop=/usr/bin/docker stop elasticpot - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/elk.service b/installer/data/systemd/elk.service deleted file mode 100644 index 3fe38e38..00000000 --- a/installer/data/systemd/elk.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=elk -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop elk -ExecStartPre=-/usr/bin/docker rm -v elk -ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elk' -ExecStart=/usr/bin/docker run --name=elk --env-file /etc/tpot/elk/environment --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64302:9100 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:1706 -ExecStop=/usr/bin/docker stop elk - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/emobility.service b/installer/data/systemd/emobility.service deleted file mode 100644 index cc96e0b8..00000000 --- a/installer/data/systemd/emobility.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=emobility -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop emobility -ExecStartPre=-/usr/bin/docker rm -v emobility -ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh emobility off' -ExecStart=/usr/bin/docker run --name emobility --cap-add=NET_ADMIN -p 8080:8080 -v /data/emobility:/data/eMobility -v /data/ews:/data/ews --rm=true dtagdevsec/emobility:1706 -ExecStop=/usr/bin/docker stop emobility - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/ewsposter.service b/installer/data/systemd/ewsposter.service deleted file mode 100644 index 3979aa2f..00000000 --- a/installer/data/systemd/ewsposter.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=ewsposter -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop ewsposter -ExecStartPre=-/usr/bin/docker rm -v ewsposter -ExecStart=/usr/bin/docker run --name ewsposter --rm=true -v /data:/data -v /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip dtagdevsec/ewsposter:1706 -ExecStop=/usr/bin/docker stop ewsposter - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/glastopf.service b/installer/data/systemd/glastopf.service deleted file mode 100644 index 1ac6f39b..00000000 --- a/installer/data/systemd/glastopf.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=glastopf -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop glastopf -ExecStartPre=-/usr/bin/docker rm -v glastopf -ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh glastopf off' -ExecStart=/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:1706 -ExecStop=/usr/bin/docker stop glastopf - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/honeytrap.service b/installer/data/systemd/honeytrap.service deleted file mode 100644 index a3b2f5f2..00000000 --- a/installer/data/systemd/honeytrap.service +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=honeytrap -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop honeytrap -ExecStartPre=-/usr/bin/docker rm -v honeytrap -ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh honeytrap off' -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE -ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:1706 -ExecStop=/usr/bin/docker stop honeytrap -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/netdata.service b/installer/data/systemd/netdata.service deleted file mode 100644 index d4d6e1f5..00000000 --- a/installer/data/systemd/netdata.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=netdata -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop netdata -ExecStartPre=-/usr/bin/docker rm -v netdata -ExecStartPre=-/bin/chmod 666 /var/run/docker.sock -ExecStart=/usr/bin/docker run --name netdata --net=host --cap-add=SYS_PTRACE --security-opt apparmor=unconfined --rm=true -v /proc:/host/proc:ro -v /sys:/host/sys:ro -v /var/run/docker.sock:/var/run/docker.sock dtagdevsec/netdata:1706 -ExecStop=/usr/bin/docker stop netdata - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/spiderfoot.service b/installer/data/systemd/spiderfoot.service deleted file mode 100644 index acae2287..00000000 --- a/installer/data/systemd/spiderfoot.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=spiderfoot -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop spiderfoot -ExecStartPre=-/usr/bin/docker rm -v spiderfoot -ExecStart=/usr/bin/docker run --name spiderfoot --rm=true -p 127.0.0.1:64303:8080 dtagdevsec/spiderfoot:1706 -ExecStop=/usr/bin/docker stop spiderfoot - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/suricata.service b/installer/data/systemd/suricata.service deleted file mode 100644 index d062895f..00000000 --- a/installer/data/systemd/suricata.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=suricata -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop suricata -ExecStartPre=-/usr/bin/docker rm -v suricata -# Get IF, disable offloading, enable promiscious mode -ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off' -ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off' -ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on' -ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh suricata off' -ExecStart=/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:1706 -ExecStop=/usr/bin/docker stop suricata - -[Install] -WantedBy=multi-user.target diff --git a/installer/data/systemd/ui-for-docker.service b/installer/data/systemd/ui-for-docker.service deleted file mode 100644 index c833f756..00000000 --- a/installer/data/systemd/ui-for-docker.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=ui-for-docker -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStartPre=-/usr/bin/docker stop ui-for-docker -ExecStartPre=-/usr/bin/docker rm -v ui-for-docker -ExecStart=/usr/bin/docker run --name ui-for-docker --rm=true -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:64299:9000 dtagdevsec/ui-for-docker:1706 -H unix:///var/run/docker.sock --no-auth -ExecStop=/usr/bin/docker stop ui-for-docker - -[Install] -WantedBy=multi-user.target diff --git a/installer/etc/rc.local b/installer/etc/rc.local index 8e5ade55..7b64eb94 100755 --- a/installer/etc/rc.local +++ b/installer/etc/rc.local @@ -16,6 +16,3 @@ MY_HOSTNAME=$HOSTNAME EOF echo $myLOCALIP > /data/elk/logstash/mylocal.ip chown tpot:tpot /data/ews/conf/ews.ip -if [ -f /var/run/check.lock ]; - then rm /var/run/check.lock -fi diff --git a/installer/etc/tpot/compose/all.yml b/installer/etc/tpot/compose/all.yml new file mode 100644 index 00000000..ca6dfc38 --- /dev/null +++ b/installer/etc/tpot/compose/all.yml @@ -0,0 +1,174 @@ +# T-Pot (Everything) +# For docker-compose version ... +version: '2' +services: + +# Conpot service + conpot: + container_name: conpot + restart: always + ports: + - "1025:1025" + - "50100:50100" + image: "dtagdevsec/conpot:1706" + volumes: + - /data/conpot:/data/conpot + - /data/ews:/data/ews + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + ports: + - "22:2222" + - "23:2223" + image: "dtagdevsec/cowrie:1706" + volumes: + - /data/cowrie:/data/cowrie + +# Dionaea service + dionaea: + container_name: dionaea + restart: always + cap_add: + - NET_BIND_SERVICE + ports: + - "21:21" + - "42:42" + - "69:69/udp" + - "8081:80" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "1900:1900" + - "3306:3306" + - "5060:5060" + - "5061:5061" + - "5060:5060/udp" + - "11211:11211" + image: "dtagdevsec/dionaea:1706" + volumes: + - /data/dionaea:/data/dionaea + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1706" + volumes: + - /data/elasticpot:/data/elasticpot + +# ELK service + elk: + container_name: elk + restart: always + env_file: + - /etc/tpot/elk/environment + cap_add: + - IPC_LOCK + ulimits: + memlock: -1 + nofile: 65536 + ports: + - "127.0.0.1:64296:5601" + - "127.0.0.1:64302:9100" + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elk:1706" + volumes: + - /data:/data + - /var/log:/data/host/log + +# Emobility service + emobility: + container_name: emobility + restart: always + cap_add: + - NET_ADMIN + ports: + - "8080:8080" + image: "dtagdevsec/emobility:1706" + volumes: + - /data/emobility:/data/eMobility + - /data/ews:/data/ews + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + image: "dtagdevsec/ewsposter:1706" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Glastopf service + glastopf: + container_name: glastopf + restart: always + ports: + - "80:80" + image: "dtagdevsec/glastopf:1706" + volumes: + - /data/glastopf:/data/glastopf + - /data/ews:/data/ews + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1706" + volumes: + - /data/honeytrap:/data/honeytrap + - /data/ews:/data/ews + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + image: "dtagdevsec/netdata:1706" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1706" + +# Ui-for-docker service + ui-for-docker: + container_name: ui-for-docker + command: -H unix:///var/run/docker.sock --no-auth + restart: always + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/ui-for-docker:1706" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Suricata service + suricata: + container_name: suricata + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/suricata:1706" + volumes: + - /data/suricata:/data/suricata diff --git a/installer/etc/tpot/compose/hp.yml b/installer/etc/tpot/compose/hp.yml new file mode 100644 index 00000000..ea3ed8f4 --- /dev/null +++ b/installer/etc/tpot/compose/hp.yml @@ -0,0 +1,84 @@ +# T-Pot (Standard) +# For docker-compose version ... +version: '2' +services: + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + ports: + - "22:2222" + - "23:2223" + image: "dtagdevsec/cowrie:1706" + volumes: + - /data/cowrie:/data/cowrie + +# Dionaea service + dionaea: + container_name: dionaea + restart: always + cap_add: + - NET_BIND_SERVICE + ports: + - "21:21" + - "42:42" + - "69:69/udp" + - "8081:80" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "1900:1900" + - "3306:3306" + - "5060:5060" + - "5061:5061" + - "5060:5060/udp" + - "11211:11211" + image: "dtagdevsec/dionaea:1706" + volumes: + - /data/dionaea:/data/dionaea + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1706" + volumes: + - /data/elasticpot:/data/elasticpot + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + image: "dtagdevsec/ewsposter:1706" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Glastopf service + glastopf: + container_name: glastopf + restart: always + ports: + - "80:80" + image: "dtagdevsec/glastopf:1706" + volumes: + - /data/glastopf:/data/glastopf + - /data/ews:/data/ews + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1706" + volumes: + - /data/honeytrap:/data/honeytrap + - /data/ews:/data/ews diff --git a/installer/etc/tpot/compose/industrial.yml b/installer/etc/tpot/compose/industrial.yml new file mode 100644 index 00000000..1f451c33 --- /dev/null +++ b/installer/etc/tpot/compose/industrial.yml @@ -0,0 +1,103 @@ +# T-Pot (Everything) +# For docker-compose version ... +version: '2' +services: + +# Conpot service + conpot: + container_name: conpot + restart: always + ports: + - "1025:1025" + - "50100:50100" + image: "dtagdevsec/conpot:1706" + volumes: + - /data/conpot:/data/conpot + - /data/ews:/data/ews + +# ELK service + elk: + container_name: elk + restart: always + env_file: + - /etc/tpot/elk/environment + cap_add: + - IPC_LOCK + ulimits: + memlock: -1 + nofile: 65536 + ports: + - "127.0.0.1:64296:5601" + - "127.0.0.1:64302:9100" + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elk:1706" + volumes: + - /data:/data + - /var/log:/data/host/log + +# Emobility service + emobility: + container_name: emobility + restart: always + cap_add: + - NET_ADMIN + ports: + - "8080:8080" + image: "dtagdevsec/emobility:1706" + volumes: + - /data/emobility:/data/eMobility + - /data/ews:/data/ews + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + image: "dtagdevsec/ewsposter:1706" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + image: "dtagdevsec/netdata:1706" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1706" + +# Ui-for-docker service + ui-for-docker: + container_name: ui-for-docker + command: -H unix:///var/run/docker.sock --no-auth + restart: always + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/ui-for-docker:1706" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Suricata service + suricata: + container_name: suricata + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/suricata:1706" + volumes: + - /data/suricata:/data/suricata diff --git a/installer/etc/tpot/compose/tpot.yml b/installer/etc/tpot/compose/tpot.yml new file mode 100644 index 00000000..39150568 --- /dev/null +++ b/installer/etc/tpot/compose/tpot.yml @@ -0,0 +1,149 @@ +# T-Pot (Standard) +# For docker-compose version ... +version: '2' +services: + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + ports: + - "22:2222" + - "23:2223" + image: "dtagdevsec/cowrie:1706" + volumes: + - /data/cowrie:/data/cowrie + +# Dionaea service + dionaea: + container_name: dionaea + restart: always + cap_add: + - NET_BIND_SERVICE + ports: + - "21:21" + - "42:42" + - "69:69/udp" + - "8081:80" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "1900:1900" + - "3306:3306" + - "5060:5060" + - "5061:5061" + - "5060:5060/udp" + - "11211:11211" + image: "dtagdevsec/dionaea:1706" + volumes: + - /data/dionaea:/data/dionaea + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1706" + volumes: + - /data/elasticpot:/data/elasticpot + +# ELK service + elk: + container_name: elk + restart: always + env_file: + - /etc/tpot/elk/environment + cap_add: + - IPC_LOCK + ulimits: + memlock: -1 + nofile: 65536 + ports: + - "127.0.0.1:64296:5601" + - "127.0.0.1:64302:9100" + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elk:1706" + volumes: + - /data:/data + - /var/log:/data/host/log + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + image: "dtagdevsec/ewsposter:1706" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Glastopf service + glastopf: + container_name: glastopf + restart: always + ports: + - "80:80" + image: "dtagdevsec/glastopf:1706" + volumes: + - /data/glastopf:/data/glastopf + - /data/ews:/data/ews + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1706" + volumes: + - /data/honeytrap:/data/honeytrap + - /data/ews:/data/ews + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + image: "dtagdevsec/netdata:1706" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1706" + +# Ui-for-docker service + ui-for-docker: + container_name: ui-for-docker + command: -H unix:///var/run/docker.sock --no-auth + restart: always + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/ui-for-docker:1706" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Suricata service + suricata: + container_name: suricata + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/suricata:1706" + volumes: + - /data/suricata:/data/suricata diff --git a/installer/data/elkbase.tgz b/installer/etc/tpot/elkbase.tgz similarity index 100% rename from installer/data/elkbase.tgz rename to installer/etc/tpot/elkbase.tgz diff --git a/installer/data/kibana-objects.tgz b/installer/etc/tpot/kibana-objects.tgz similarity index 100% rename from installer/data/kibana-objects.tgz rename to installer/etc/tpot/kibana-objects.tgz diff --git a/installer/etc/tpot/systemd/tpot.service b/installer/etc/tpot/systemd/tpot.service new file mode 100644 index 00000000..40344551 --- /dev/null +++ b/installer/etc/tpot/systemd/tpot.service @@ -0,0 +1,44 @@ +[Unit] +Description=tpot +Requires=docker.service +After=docker.service + +[Service] +Restart=always + +# Clear state from /data +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh off' + +# Remove old containers and volumes +ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v +ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml rm -v +ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)' + +# Get IF, disable offloading, enable promiscious mode for p0f and suricata +ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off' +ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off' +ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on' + +# Modify access rights on docker.sock for netdata +ExecStartPre=-/bin/chmod 666 /var/run/docker.sock + +# Prepare iptables rules for honeytrap +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE + +# Compose T-Pot up and run as daemon +ExecStart=/usr/bin/docker-compose -f /etc/tpot/tpot.yml up + +# Compose T-Pot down and remove containers +ExecStop=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v + +# Remove iptables rules for honeytrap +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE + +[Install] +WantedBy=multi-user.target diff --git a/installer/data/systemd/wetty.service b/installer/etc/tpot/systemd/wetty.service similarity index 100% rename from installer/data/systemd/wetty.service rename to installer/etc/tpot/systemd/wetty.service diff --git a/installer/install.sh b/installer/install.sh index 05fb622b..24717ac9 100755 --- a/installer/install.sh +++ b/installer/install.sh @@ -1,10 +1,5 @@ #!/bin/bash -######################################################## -# T-Pot post install script # -# Ubuntu server 16.04.0, x64 # -# # -# v17.06 by mo, DTAG, 2017-03-22 # -######################################################## +# T-Pot post install script # Set TERM, DIALOGRC export TERM=linux @@ -32,6 +27,8 @@ fuRANDOMWORD () { } # Let's wait a few seconds to avoid interference with service messages +sleep 3 +tput civis dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7 # Let's setup the proxy for env @@ -104,6 +101,7 @@ rm -rf /usr/share/nginx/html/index.html 2>&1 | dialog --title "[ Removing NGINX # Let's ask user for install flavor # Install types are TPOT, HP, INDUSTRIAL, ALL +tput cnorm myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose your edition ]" --no-tags --menu \ "\nRequired: 4GB RAM, 64GB disk\nRecommended: 8GB RAM, 128GB SSD" 14 60 4 \ "TPOT" "Standard Honeypots, Suricata & ELK" \ @@ -198,6 +196,7 @@ while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] htpasswd -b -c /etc/nginx/nginxpasswd "$myUSER" "$myPASS1" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; # Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway) +tput civis mkdir -p /etc/nginx/ssl 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; openssl req \ -nodes \ @@ -353,34 +352,34 @@ EOF case $myFLAVOR in HP) echo "### Preparing HONEYPOT flavor installation." - cp /root/tpot/data/imgcfg/hp_images.conf /root/tpot/data/images.conf 2>&1>/dev/null + cp /root/tpot/etc/tpot/compose/hp.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null ;; INDUSTRIAL) echo "### Preparing INDUSTRIAL flavor installation." - cp /root/tpot/data/imgcfg/industrial_images.conf /root/tpot/data/images.conf 2>&1>/dev/null + cp /root/tpot/etc/tpot/compose/industrial.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null ;; TPOT) echo "### Preparing TPOT flavor installation." - cp /root/tpot/data/imgcfg/tpot_images.conf /root/tpot/data/images.conf 2>&1>/dev/null + cp /root/tpot/etc/tpot/compose/tpot.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null ;; EVERYTHING) echo "### Preparing EVERYTHING flavor installation." - cp /root/tpot/data/imgcfg/all_images.conf /root/tpot/data/images.conf 2>&1>/dev/null + cp /root/tpot/etc/tpot/compose/all.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null ;; esac # Let's load docker images -myIMAGESCOUNT=$(cat /root/tpot/data/images.conf | wc -w) +myIMAGESCOUNT=$(cat /root/tpot/etc/tpot/tpot.yml | grep container_name | cut -d: -f2 | wc -l) j=0 -for name in $(cat /root/tpot/data/images.conf) +for name in $(cat /root/tpot/etc/tpot/tpot.yml | grep image | cut -d'"' -f2) do dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ - --gauge "\n Now downloading: dtagdevsec/$name:1706\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <&1>/dev/null + docker pull $name 2>&1>/dev/null let j+=1 dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ - --gauge "\n Now downloading: dtagdevsec/$name:1706\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <&1>/dev/null <:/api delete --filters resource= && alerta --endpoint-url http://:/api send -e IP -r -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open +#*/5 * * * * root alerta --endpoint-url http://:/api delete --filters resource= && alerta --endpoint-url http://:/api send -e IP -r -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open # Check if updated images are available and download them -27 1 * * * root for i in \$(cat /etc/tpot/images.conf); do docker pull dtagdevsec/\$i:1706; done - -# Restart docker service and containers -27 3 * * * root dcres.sh +27 1 * * * root /usr/bin/docker-compose -f /etc/tpot/tpot.yml pull # Delete elastic indices older than 90 days (kibana index is omitted by default) -27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d' - -# Update IP and erase check.lock if it exists -27 5 * * * root /etc/rc.local +#27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d' # Daily reboot -27 23 * * * root reboot +27 3 * * * root reboot # Check for updated packages every sunday, upgrade and reboot -27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot +27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot EOF # Let's create some files and folders @@ -445,31 +435,28 @@ mkdir -p /data/conpot/log \ /data/emobility/log \ /data/ews/conf \ /data/suricata/log /home/tsec/.ssh/ \ - /etc/tpot/elk /etc/tpot/imgcfg /etc/tpot/systemd \ + /etc/tpot/elk /etc/tpot/compose /etc/tpot/systemd \ /usr/share/tpot/bin 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF # Let's take care of some files and permissions before copying chmod 500 /root/tpot/bin/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF -chmod 600 /root/tpot/data/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF +chmod 600 -R /root/tpot/etc/tpot 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF chmod 644 /root/tpot/etc/issue 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF chmod 755 /root/tpot/etc/rc.local 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF -chmod 644 /root/tpot/data/systemd/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF +chmod 644 /root/tpot/etc/tpot/systemd/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF # Let's copy some files -tar xvfz /root/tpot/data/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF +tar xvfz /root/tpot/etc/tpot/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF cp -R /root/tpot/bin/* /usr/share/tpot/bin/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp -R /root/tpot/data/* /etc/tpot/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp /root/tpot/data/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp -R /root/tpot/etc/tpot/* /etc/tpot/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /root/tpot/etc/tpot/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF cp /root/tpot/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF cp -R /root/tpot/etc/nginx/ssl /etc/nginx/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF cp /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF cp /root/tpot/etc/nginx/nginx.conf /etc/nginx/nginx.conf 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF cp /root/tpot/usr/share/nginx/html/* /usr/share/nginx/html/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -for i in $(cat /etc/tpot/images.conf); - do - systemctl enable $i 2>&1 | dialog --title "[ Enabling service for $i ]" $myPROGRESSBOXCONF -done +systemctl enable tpot 2>&1 | dialog --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF systemctl enable wetty 2>&1 | dialog --title "[ Enabling service for wetty ]" $myPROGRESSBOXCONF # Let's enable T-Pot website diff --git a/preseed/tpot.seed b/preseed/tpot.seed index c42a48c6..5f6502bc 100755 --- a/preseed/tpot.seed +++ b/preseed/tpot.seed @@ -100,7 +100,7 @@ tasksel tasksel/first multiselect ubuntu-server ######################## ### Package Installation ######################## -d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io dstat ethtool genisoimage git glances html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant +d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant ################# ### Update Policy