mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-01 20:42:11 +00:00
commit
8c475544b3
40 changed files with 602 additions and 534 deletions
|
@ -1,4 +1,5 @@
|
|||
#!/bin/bash
|
||||
# Backup all ES relevant folders
|
||||
# Make sure ES is available
|
||||
myES="http://127.0.0.1:64298/"
|
||||
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
|
||||
|
|
|
@ -1,41 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
########################################################
|
||||
# T-Pot #
|
||||
# Check container and services script #
|
||||
# #
|
||||
# v16.10.0 by mo, DTAG, 2016-05-12 #
|
||||
########################################################
|
||||
if [ -a /var/run/check.lock ];
|
||||
then
|
||||
echo "Lock exists. Exiting now."
|
||||
exit
|
||||
fi
|
||||
|
||||
myIMAGES=$(cat /etc/tpot/images.conf)
|
||||
|
||||
touch /var/run/check.lock
|
||||
|
||||
myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
|
||||
for i in $myIMAGES
|
||||
do
|
||||
if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ] && [ "$i" != "spiderfoot" ];
|
||||
then
|
||||
myCIDSTATUS=$(docker exec $i supervisorctl status)
|
||||
if [ $? -ne 0 ];
|
||||
then
|
||||
myCIDSTATUS=1
|
||||
else
|
||||
myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)")
|
||||
fi
|
||||
if [ $myUPTIME -gt 4 ] && [ $myCIDSTATUS -gt 0 ];
|
||||
then
|
||||
echo "Restarting "$i"."
|
||||
systemctl stop $i
|
||||
sleep 5
|
||||
systemctl start $i
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
rm /var/run/check.lock
|
|
@ -1,14 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
########################################################
|
||||
# T-Pot #
|
||||
# Container Data Cleaner #
|
||||
# #
|
||||
# v16.10.0 by mo, DTAG, 2016-05-28 #
|
||||
########################################################
|
||||
# T-Pot Container Data Cleaner
|
||||
|
||||
# Set persistence
|
||||
myPERSISTENCE=$2
|
||||
myPERSISTENCE=$1
|
||||
|
||||
# Check persistence
|
||||
if [ "$myPERSISTENCE" = "on" ];
|
||||
|
@ -36,7 +30,6 @@ fuCOWRIE () {
|
|||
# Let's create a function to clean up and prepare dionaea data
|
||||
fuDIONAEA () {
|
||||
rm -rf /data/dionaea/*
|
||||
rm /data/ews/dionaea/ews.json
|
||||
mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp
|
||||
chmod 760 /data/dionaea -R
|
||||
chown tpot:tpot /data/dionaea -R
|
||||
|
@ -93,32 +86,12 @@ fuSURICATA () {
|
|||
chown tpot:tpot -R /data/suricata
|
||||
}
|
||||
|
||||
case $1 in
|
||||
conpot)
|
||||
fuCONPOT $1
|
||||
;;
|
||||
cowrie)
|
||||
fuCOWRIE $1
|
||||
;;
|
||||
dionaea)
|
||||
fuDIONAEA $1
|
||||
;;
|
||||
elasticpot)
|
||||
fuELASTICPOT $1
|
||||
;;
|
||||
elk)
|
||||
fuELK $1
|
||||
;;
|
||||
emobility)
|
||||
fuEMOBILITY $1
|
||||
;;
|
||||
glastopf)
|
||||
fuGLASTOPF $1
|
||||
;;
|
||||
honeytrap)
|
||||
fuHONEYTRAP $1
|
||||
;;
|
||||
suricata)
|
||||
fuSURICATA $1
|
||||
;;
|
||||
esac
|
||||
fuCONPOT
|
||||
fuCOWRIE
|
||||
fuDIONAEA
|
||||
fuELASTICPOT
|
||||
fuELK
|
||||
fuEMOBILITY
|
||||
fuGLASTOPF
|
||||
fuHONEYTRAP
|
||||
fuSURICATA
|
||||
|
|
|
@ -1,76 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
########################################################
|
||||
# T-Pot #
|
||||
# Container and services restart script #
|
||||
# #
|
||||
# v16.10.0 by mo, DTAG, 2016-05-12 #
|
||||
########################################################
|
||||
myCOUNT=1
|
||||
|
||||
while true
|
||||
do
|
||||
if ! [ -a /var/run/check.lock ];
|
||||
then break
|
||||
fi
|
||||
sleep 0.1
|
||||
if [ "$myCOUNT" = "1" ];
|
||||
then
|
||||
echo -n "Waiting for services "
|
||||
else echo -n .
|
||||
fi
|
||||
if [ "$myCOUNT" = "6000" ];
|
||||
then
|
||||
echo
|
||||
echo "Overriding check.lock"
|
||||
rm /var/run/check.lock
|
||||
break
|
||||
fi
|
||||
myCOUNT=$[$myCOUNT +1]
|
||||
done
|
||||
|
||||
myIMAGES=$(cat /etc/tpot/images.conf)
|
||||
|
||||
touch /var/run/check.lock
|
||||
|
||||
myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
|
||||
if [ $myUPTIME -gt 4 ];
|
||||
then
|
||||
for i in $myIMAGES
|
||||
do
|
||||
systemctl stop $i
|
||||
done
|
||||
echo "### Waiting 10 seconds before restarting docker ..."
|
||||
sleep 10
|
||||
iptables -w -F
|
||||
systemctl restart docker
|
||||
while true
|
||||
do
|
||||
docker info > /dev/null
|
||||
if [ $? -ne 0 ];
|
||||
then
|
||||
echo Docker daemon is still starting.
|
||||
else
|
||||
echo Docker daemon is now available.
|
||||
break
|
||||
fi
|
||||
sleep 0.1
|
||||
done
|
||||
echo "### Docker is now up and running again."
|
||||
echo "### Removing obsolete container data ..."
|
||||
docker rm -v $(docker ps -aq)
|
||||
echo "### Removing obsolete image data ..."
|
||||
docker rmi $(docker images | grep "<none>" | awk '{print $3}')
|
||||
echo "### Starting T-Pot services ..."
|
||||
for i in $myIMAGES
|
||||
do
|
||||
systemctl start $i
|
||||
done
|
||||
sleep 5
|
||||
else
|
||||
echo "### T-Pot needs to be up and running for at least 5 minutes."
|
||||
fi
|
||||
|
||||
rm /var/run/check.lock
|
||||
|
||||
/etc/rc.local
|
|
@ -1,5 +1,5 @@
|
|||
#/bin/bash
|
||||
|
||||
# Show current status of all running containers
|
||||
# Let's ensure normal operation on exit or if interrupted ...
|
||||
function fuCLEANUP {
|
||||
stty sane
|
||||
|
@ -7,7 +7,7 @@ function fuCLEANUP {
|
|||
trap fuCLEANUP EXIT
|
||||
|
||||
stty -echo -icanon time 0 min 0
|
||||
myIMAGES=$(cat /etc/tpot/images.conf)
|
||||
myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2)
|
||||
while true
|
||||
do
|
||||
clear
|
||||
|
@ -18,7 +18,7 @@ while true
|
|||
echo
|
||||
echo "NAME CREATED PORTS"
|
||||
for i in $myIMAGES; do
|
||||
mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1)
|
||||
mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_0-9a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1)
|
||||
myDOWN=$(echo "$mySTATUS" | grep -c "NAMES")
|
||||
if [ "$myDOWN" = "1" ];
|
||||
then
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
#/bin/bash
|
||||
# Dump all ES data
|
||||
# Make sure ES is available
|
||||
myES="http://127.0.0.1:64298/"
|
||||
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
#!/bin/bash
|
||||
# Export all Kibana objects
|
||||
# Make sure ES is available
|
||||
myES="http://127.0.0.1:64298/"
|
||||
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
#!/bin/bash
|
||||
# Import Kibana objects
|
||||
# Make sure ES is available
|
||||
myES="http://127.0.0.1:64298/"
|
||||
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
|
||||
|
|
|
@ -34,8 +34,6 @@ httplist=(
|
|||
whatismyip.akamai.com
|
||||
)
|
||||
|
||||
|
||||
|
||||
# function to shuffle the global array "array"
|
||||
shuffle() {
|
||||
local i tmp size max rand
|
||||
|
@ -48,7 +46,6 @@ shuffle() {
|
|||
done
|
||||
}
|
||||
|
||||
|
||||
# if we have dig and a list of dns methods, try that first
|
||||
if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then
|
||||
eval array=( \"\${dnslist[@]}\" )
|
||||
|
@ -64,9 +61,7 @@ if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then
|
|||
done
|
||||
fi
|
||||
|
||||
|
||||
# if we haven't succeeded with DNS, try HTTP
|
||||
|
||||
if [ ${#httplist[*]} == 0 ]; then
|
||||
echo "No hosts in httplist array!" >&2
|
||||
exit 1
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
#/bin/bash
|
||||
# Restore folder based ES backup
|
||||
# Make sure ES is available
|
||||
myES="http://127.0.0.1:64298/"
|
||||
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
|
||||
|
|
|
@ -1,16 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
########################################################
|
||||
# T-Pot #
|
||||
# Container and services status script #
|
||||
# #
|
||||
# v16.10.0 by mo, DTAG, 2016-05-12 #
|
||||
########################################################
|
||||
# Show status of SupervisorD within running containers
|
||||
myCOUNT=1
|
||||
|
||||
if [[ $1 == "" ]]
|
||||
then
|
||||
myIMAGES=$(cat /etc/tpot/images.conf)
|
||||
myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2)
|
||||
else myIMAGES=$1
|
||||
fi
|
||||
|
||||
|
|
|
@ -1,78 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
##########################################################
|
||||
# T-Pot #
|
||||
# Only start the containers found in /etc/systemd/system #
|
||||
# #
|
||||
# v17.06 by mo, DTAG, 2017-03-13 #
|
||||
##########################################################
|
||||
|
||||
# Make sure not to interrupt a check
|
||||
while true
|
||||
do
|
||||
if ! [ -a /var/run/check.lock ];
|
||||
then break
|
||||
fi
|
||||
sleep 0.1
|
||||
if [ "$myCOUNT" = "1" ];
|
||||
then
|
||||
echo -n "Waiting for services "
|
||||
else echo -n .
|
||||
fi
|
||||
if [ "$myCOUNT" = "6000" ];
|
||||
then
|
||||
echo
|
||||
echo "Overriding check.lock"
|
||||
rm /var/run/check.lock
|
||||
break
|
||||
fi
|
||||
myCOUNT=$[$myCOUNT +1]
|
||||
done
|
||||
|
||||
# We do not want to get interrupted by a check
|
||||
touch /var/run/check.lock
|
||||
|
||||
# Stop T-Pot services and disable all T-Pot services
|
||||
echo "### Stopping T-Pot services and cleaning up."
|
||||
for i in $(cat /etc/tpot/imgcfg/all_images.conf);
|
||||
do
|
||||
systemctl stop $i
|
||||
sleep 2
|
||||
systemctl disable $i;
|
||||
rm /etc/systemd/system/$i.service
|
||||
done
|
||||
|
||||
# Restarting docker services and optionally clear local repository
|
||||
echo "### Stopping docker services ..."
|
||||
systemctl stop docker
|
||||
sleep 1
|
||||
# If option "hard" clear the whole repository
|
||||
if [ "$1" = "hard" ];
|
||||
then
|
||||
echo "### Clearing local docker repository."
|
||||
rm -rf /var/lib/docker
|
||||
sleep 1
|
||||
fi
|
||||
echo "### Starting docker services ..."
|
||||
systemctl start docker
|
||||
sleep 1
|
||||
|
||||
# Enable only T-Pot systemd scripts from images.conf and pull the images
|
||||
for i in $(cat /etc/tpot/images.conf);
|
||||
do
|
||||
echo
|
||||
echo "### Now pulling "$i
|
||||
docker pull dtagdevsec/$i:1706;
|
||||
cp /etc/tpot/systemd/$i.service /etc/systemd/system/
|
||||
systemctl enable $i;
|
||||
done
|
||||
|
||||
# Announce reboot
|
||||
echo
|
||||
echo "### Rebooting."
|
||||
|
||||
# Allow checks to resume
|
||||
rm /var/run/check.lock
|
||||
|
||||
# Reboot
|
||||
reboot
|
|
@ -1,13 +0,0 @@
|
|||
conpot
|
||||
cowrie
|
||||
dionaea
|
||||
elasticpot
|
||||
elk
|
||||
emobility
|
||||
ewsposter
|
||||
glastopf
|
||||
honeytrap
|
||||
netdata
|
||||
spiderfoot
|
||||
suricata
|
||||
ui-for-docker
|
|
@ -1,6 +0,0 @@
|
|||
cowrie
|
||||
dionaea
|
||||
elasticpot
|
||||
ewsposter
|
||||
glastopf
|
||||
honeytrap
|
|
@ -1,8 +0,0 @@
|
|||
conpot
|
||||
elk
|
||||
emobility
|
||||
ewsposter
|
||||
netdata
|
||||
spiderfoot
|
||||
suricata
|
||||
ui-for-docker
|
|
@ -1,11 +0,0 @@
|
|||
cowrie
|
||||
dionaea
|
||||
elasticpot
|
||||
elk
|
||||
ewsposter
|
||||
glastopf
|
||||
honeytrap
|
||||
netdata
|
||||
spiderfoot
|
||||
suricata
|
||||
ui-for-docker
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=conpot
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop conpot
|
||||
ExecStartPre=-/usr/bin/docker rm -v conpot
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh conpot off'
|
||||
ExecStart=/usr/bin/docker run --name conpot --rm=true -v /data/conpot:/data/conpot -v /data/ews:/data/ews -p 1025:1025 -p 50100:50100 dtagdevsec/conpot:1706
|
||||
ExecStop=/usr/bin/docker stop conpot
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=cowrie
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop cowrie
|
||||
ExecStartPre=-/usr/bin/docker rm -v cowrie
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh cowrie off'
|
||||
ExecStart=/usr/bin/docker run --name cowrie --rm=true -p 22:2222 -p 23:2223 -v /data/cowrie:/data/cowrie -v /data/ews:/data/ews dtagdevsec/cowrie:1706
|
||||
ExecStop=/usr/bin/docker stop cowrie
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=dionaea
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop dionaea
|
||||
ExecStartPre=-/usr/bin/docker rm -v dionaea
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh dionaea off'
|
||||
ExecStart=/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 69:69/udp -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 1723:1723 -p 1883:1883 -p 1900:1900 -p 3306:3306 -p 5060:5060 -p 5061:5061 -p 5060:5060/udp -p 11211:11211 -v /data/dionaea:/data/dionaea dtagdevsec/dionaea:1706
|
||||
ExecStop=/usr/bin/docker stop dionaea
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=elasticpot
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop elasticpot
|
||||
ExecStartPre=-/usr/bin/docker rm -v elasticpot
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elasticpot off'
|
||||
ExecStart=/usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -p 9200:9200 dtagdevsec/elasticpot:1706
|
||||
ExecStop=/usr/bin/docker stop elasticpot
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=elk
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop elk
|
||||
ExecStartPre=-/usr/bin/docker rm -v elk
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elk'
|
||||
ExecStart=/usr/bin/docker run --name=elk --env-file /etc/tpot/elk/environment --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64302:9100 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:1706
|
||||
ExecStop=/usr/bin/docker stop elk
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=emobility
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop emobility
|
||||
ExecStartPre=-/usr/bin/docker rm -v emobility
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh emobility off'
|
||||
ExecStart=/usr/bin/docker run --name emobility --cap-add=NET_ADMIN -p 8080:8080 -v /data/emobility:/data/eMobility -v /data/ews:/data/ews --rm=true dtagdevsec/emobility:1706
|
||||
ExecStop=/usr/bin/docker stop emobility
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,14 +0,0 @@
|
|||
[Unit]
|
||||
Description=ewsposter
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop ewsposter
|
||||
ExecStartPre=-/usr/bin/docker rm -v ewsposter
|
||||
ExecStart=/usr/bin/docker run --name ewsposter --rm=true -v /data:/data -v /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip dtagdevsec/ewsposter:1706
|
||||
ExecStop=/usr/bin/docker stop ewsposter
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=glastopf
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop glastopf
|
||||
ExecStartPre=-/usr/bin/docker rm -v glastopf
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh glastopf off'
|
||||
ExecStart=/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:1706
|
||||
ExecStop=/usr/bin/docker stop glastopf
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,23 +0,0 @@
|
|||
[Unit]
|
||||
Description=honeytrap
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop honeytrap
|
||||
ExecStartPre=-/usr/bin/docker rm -v honeytrap
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh honeytrap off'
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
|
||||
ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:1706
|
||||
ExecStop=/usr/bin/docker stop honeytrap
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=netdata
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop netdata
|
||||
ExecStartPre=-/usr/bin/docker rm -v netdata
|
||||
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
|
||||
ExecStart=/usr/bin/docker run --name netdata --net=host --cap-add=SYS_PTRACE --security-opt apparmor=unconfined --rm=true -v /proc:/host/proc:ro -v /sys:/host/sys:ro -v /var/run/docker.sock:/var/run/docker.sock dtagdevsec/netdata:1706
|
||||
ExecStop=/usr/bin/docker stop netdata
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,14 +0,0 @@
|
|||
[Unit]
|
||||
Description=spiderfoot
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop spiderfoot
|
||||
ExecStartPre=-/usr/bin/docker rm -v spiderfoot
|
||||
ExecStart=/usr/bin/docker run --name spiderfoot --rm=true -p 127.0.0.1:64303:8080 dtagdevsec/spiderfoot:1706
|
||||
ExecStop=/usr/bin/docker stop spiderfoot
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,19 +0,0 @@
|
|||
[Unit]
|
||||
Description=suricata
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop suricata
|
||||
ExecStartPre=-/usr/bin/docker rm -v suricata
|
||||
# Get IF, disable offloading, enable promiscious mode
|
||||
ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off'
|
||||
ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off'
|
||||
ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on'
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh suricata off'
|
||||
ExecStart=/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:1706
|
||||
ExecStop=/usr/bin/docker stop suricata
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,14 +0,0 @@
|
|||
[Unit]
|
||||
Description=ui-for-docker
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop ui-for-docker
|
||||
ExecStartPre=-/usr/bin/docker rm -v ui-for-docker
|
||||
ExecStart=/usr/bin/docker run --name ui-for-docker --rm=true -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:64299:9000 dtagdevsec/ui-for-docker:1706 -H unix:///var/run/docker.sock --no-auth
|
||||
ExecStop=/usr/bin/docker stop ui-for-docker
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -16,6 +16,3 @@ MY_HOSTNAME=$HOSTNAME
|
|||
EOF
|
||||
echo $myLOCALIP > /data/elk/logstash/mylocal.ip
|
||||
chown tpot:tpot /data/ews/conf/ews.ip
|
||||
if [ -f /var/run/check.lock ];
|
||||
then rm /var/run/check.lock
|
||||
fi
|
||||
|
|
174
installer/etc/tpot/compose/all.yml
Normal file
174
installer/etc/tpot/compose/all.yml
Normal file
|
@ -0,0 +1,174 @@
|
|||
# T-Pot (Everything)
|
||||
# For docker-compose version ...
|
||||
version: '2'
|
||||
services:
|
||||
|
||||
# Conpot service
|
||||
conpot:
|
||||
container_name: conpot
|
||||
restart: always
|
||||
ports:
|
||||
- "1025:1025"
|
||||
- "50100:50100"
|
||||
image: "dtagdevsec/conpot:1706"
|
||||
volumes:
|
||||
- /data/conpot:/data/conpot
|
||||
- /data/ews:/data/ews
|
||||
|
||||
# Cowrie service
|
||||
cowrie:
|
||||
container_name: cowrie
|
||||
restart: always
|
||||
ports:
|
||||
- "22:2222"
|
||||
- "23:2223"
|
||||
image: "dtagdevsec/cowrie:1706"
|
||||
volumes:
|
||||
- /data/cowrie:/data/cowrie
|
||||
|
||||
# Dionaea service
|
||||
dionaea:
|
||||
container_name: dionaea
|
||||
restart: always
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "21:21"
|
||||
- "42:42"
|
||||
- "69:69/udp"
|
||||
- "8081:80"
|
||||
- "135:135"
|
||||
- "443:443"
|
||||
- "445:445"
|
||||
- "1433:1433"
|
||||
- "1723:1723"
|
||||
- "1883:1883"
|
||||
- "1900:1900"
|
||||
- "3306:3306"
|
||||
- "5060:5060"
|
||||
- "5061:5061"
|
||||
- "5060:5060/udp"
|
||||
- "11211:11211"
|
||||
image: "dtagdevsec/dionaea:1706"
|
||||
volumes:
|
||||
- /data/dionaea:/data/dionaea
|
||||
|
||||
# Elasticpot service
|
||||
elasticpot:
|
||||
container_name: elasticpot
|
||||
restart: always
|
||||
ports:
|
||||
- "9200:9200"
|
||||
image: "dtagdevsec/elasticpot:1706"
|
||||
volumes:
|
||||
- /data/elasticpot:/data/elasticpot
|
||||
|
||||
# ELK service
|
||||
elk:
|
||||
container_name: elk
|
||||
restart: always
|
||||
env_file:
|
||||
- /etc/tpot/elk/environment
|
||||
cap_add:
|
||||
- IPC_LOCK
|
||||
ulimits:
|
||||
memlock: -1
|
||||
nofile: 65536
|
||||
ports:
|
||||
- "127.0.0.1:64296:5601"
|
||||
- "127.0.0.1:64302:9100"
|
||||
- "127.0.0.1:64298:9200"
|
||||
image: "dtagdevsec/elk:1706"
|
||||
volumes:
|
||||
- /data:/data
|
||||
- /var/log:/data/host/log
|
||||
|
||||
# Emobility service
|
||||
emobility:
|
||||
container_name: emobility
|
||||
restart: always
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
ports:
|
||||
- "8080:8080"
|
||||
image: "dtagdevsec/emobility:1706"
|
||||
volumes:
|
||||
- /data/emobility:/data/eMobility
|
||||
- /data/ews:/data/ews
|
||||
|
||||
# Ewsposter service
|
||||
ewsposter:
|
||||
container_name: ewsposter
|
||||
restart: always
|
||||
image: "dtagdevsec/ewsposter:1706"
|
||||
volumes:
|
||||
- /data:/data
|
||||
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
|
||||
|
||||
# Glastopf service
|
||||
glastopf:
|
||||
container_name: glastopf
|
||||
restart: always
|
||||
ports:
|
||||
- "80:80"
|
||||
image: "dtagdevsec/glastopf:1706"
|
||||
volumes:
|
||||
- /data/glastopf:/data/glastopf
|
||||
- /data/ews:/data/ews
|
||||
|
||||
# Honeytrap service
|
||||
honeytrap:
|
||||
container_name: honeytrap
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
image: "dtagdevsec/honeytrap:1706"
|
||||
volumes:
|
||||
- /data/honeytrap:/data/honeytrap
|
||||
- /data/ews:/data/ews
|
||||
|
||||
# Netdata service
|
||||
netdata:
|
||||
container_name: netdata
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
security_opt:
|
||||
- apparmor=unconfined
|
||||
image: "dtagdevsec/netdata:1706"
|
||||
volumes:
|
||||
- /proc:/host/proc:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
||||
# Spiderfoot service
|
||||
spiderfoot:
|
||||
container_name: spiderfoot
|
||||
restart: always
|
||||
ports:
|
||||
- "127.0.0.1:64303:8080"
|
||||
image: "dtagdevsec/spiderfoot:1706"
|
||||
|
||||
# Ui-for-docker service
|
||||
ui-for-docker:
|
||||
container_name: ui-for-docker
|
||||
command: -H unix:///var/run/docker.sock --no-auth
|
||||
restart: always
|
||||
ports:
|
||||
- "127.0.0.1:64299:9000"
|
||||
image: "dtagdevsec/ui-for-docker:1706"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
||||
# Suricata service
|
||||
suricata:
|
||||
container_name: suricata
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
image: "dtagdevsec/suricata:1706"
|
||||
volumes:
|
||||
- /data/suricata:/data/suricata
|
84
installer/etc/tpot/compose/hp.yml
Normal file
84
installer/etc/tpot/compose/hp.yml
Normal file
|
@ -0,0 +1,84 @@
|
|||
# T-Pot (Standard)
|
||||
# For docker-compose version ...
|
||||
version: '2'
|
||||
services:
|
||||
|
||||
# Cowrie service
|
||||
cowrie:
|
||||
container_name: cowrie
|
||||
restart: always
|
||||
ports:
|
||||
- "22:2222"
|
||||
- "23:2223"
|
||||
image: "dtagdevsec/cowrie:1706"
|
||||
volumes:
|
||||
- /data/cowrie:/data/cowrie
|
||||
|
||||
# Dionaea service
|
||||
dionaea:
|
||||
container_name: dionaea
|
||||
restart: always
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "21:21"
|
||||
- "42:42"
|
||||
- "69:69/udp"
|
||||
- "8081:80"
|
||||
- "135:135"
|
||||
- "443:443"
|
||||
- "445:445"
|
||||
- "1433:1433"
|
||||
- "1723:1723"
|
||||
- "1883:1883"
|
||||
- "1900:1900"
|
||||
- "3306:3306"
|
||||
- "5060:5060"
|
||||
- "5061:5061"
|
||||
- "5060:5060/udp"
|
||||
- "11211:11211"
|
||||
image: "dtagdevsec/dionaea:1706"
|
||||
volumes:
|
||||
- /data/dionaea:/data/dionaea
|
||||
|
||||
# Elasticpot service
|
||||
elasticpot:
|
||||
container_name: elasticpot
|
||||
restart: always
|
||||
ports:
|
||||
- "9200:9200"
|
||||
image: "dtagdevsec/elasticpot:1706"
|
||||
volumes:
|
||||
- /data/elasticpot:/data/elasticpot
|
||||
|
||||
# Ewsposter service
|
||||
ewsposter:
|
||||
container_name: ewsposter
|
||||
restart: always
|
||||
image: "dtagdevsec/ewsposter:1706"
|
||||
volumes:
|
||||
- /data:/data
|
||||
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
|
||||
|
||||
# Glastopf service
|
||||
glastopf:
|
||||
container_name: glastopf
|
||||
restart: always
|
||||
ports:
|
||||
- "80:80"
|
||||
image: "dtagdevsec/glastopf:1706"
|
||||
volumes:
|
||||
- /data/glastopf:/data/glastopf
|
||||
- /data/ews:/data/ews
|
||||
|
||||
# Honeytrap service
|
||||
honeytrap:
|
||||
container_name: honeytrap
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
image: "dtagdevsec/honeytrap:1706"
|
||||
volumes:
|
||||
- /data/honeytrap:/data/honeytrap
|
||||
- /data/ews:/data/ews
|
103
installer/etc/tpot/compose/industrial.yml
Normal file
103
installer/etc/tpot/compose/industrial.yml
Normal file
|
@ -0,0 +1,103 @@
|
|||
# T-Pot (Everything)
|
||||
# For docker-compose version ...
|
||||
version: '2'
|
||||
services:
|
||||
|
||||
# Conpot service
|
||||
conpot:
|
||||
container_name: conpot
|
||||
restart: always
|
||||
ports:
|
||||
- "1025:1025"
|
||||
- "50100:50100"
|
||||
image: "dtagdevsec/conpot:1706"
|
||||
volumes:
|
||||
- /data/conpot:/data/conpot
|
||||
- /data/ews:/data/ews
|
||||
|
||||
# ELK service
|
||||
elk:
|
||||
container_name: elk
|
||||
restart: always
|
||||
env_file:
|
||||
- /etc/tpot/elk/environment
|
||||
cap_add:
|
||||
- IPC_LOCK
|
||||
ulimits:
|
||||
memlock: -1
|
||||
nofile: 65536
|
||||
ports:
|
||||
- "127.0.0.1:64296:5601"
|
||||
- "127.0.0.1:64302:9100"
|
||||
- "127.0.0.1:64298:9200"
|
||||
image: "dtagdevsec/elk:1706"
|
||||
volumes:
|
||||
- /data:/data
|
||||
- /var/log:/data/host/log
|
||||
|
||||
# Emobility service
|
||||
emobility:
|
||||
container_name: emobility
|
||||
restart: always
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
ports:
|
||||
- "8080:8080"
|
||||
image: "dtagdevsec/emobility:1706"
|
||||
volumes:
|
||||
- /data/emobility:/data/eMobility
|
||||
- /data/ews:/data/ews
|
||||
|
||||
# Ewsposter service
|
||||
ewsposter:
|
||||
container_name: ewsposter
|
||||
restart: always
|
||||
image: "dtagdevsec/ewsposter:1706"
|
||||
volumes:
|
||||
- /data:/data
|
||||
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
|
||||
|
||||
# Netdata service
|
||||
netdata:
|
||||
container_name: netdata
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
security_opt:
|
||||
- apparmor=unconfined
|
||||
image: "dtagdevsec/netdata:1706"
|
||||
volumes:
|
||||
- /proc:/host/proc:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
||||
# Spiderfoot service
|
||||
spiderfoot:
|
||||
container_name: spiderfoot
|
||||
restart: always
|
||||
ports:
|
||||
- "127.0.0.1:64303:8080"
|
||||
image: "dtagdevsec/spiderfoot:1706"
|
||||
|
||||
# Ui-for-docker service
|
||||
ui-for-docker:
|
||||
container_name: ui-for-docker
|
||||
command: -H unix:///var/run/docker.sock --no-auth
|
||||
restart: always
|
||||
ports:
|
||||
- "127.0.0.1:64299:9000"
|
||||
image: "dtagdevsec/ui-for-docker:1706"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
||||
# Suricata service
|
||||
suricata:
|
||||
container_name: suricata
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
image: "dtagdevsec/suricata:1706"
|
||||
volumes:
|
||||
- /data/suricata:/data/suricata
|
149
installer/etc/tpot/compose/tpot.yml
Normal file
149
installer/etc/tpot/compose/tpot.yml
Normal file
|
@ -0,0 +1,149 @@
|
|||
# T-Pot (Standard)
|
||||
# For docker-compose version ...
|
||||
version: '2'
|
||||
services:
|
||||
|
||||
# Cowrie service
|
||||
cowrie:
|
||||
container_name: cowrie
|
||||
restart: always
|
||||
ports:
|
||||
- "22:2222"
|
||||
- "23:2223"
|
||||
image: "dtagdevsec/cowrie:1706"
|
||||
volumes:
|
||||
- /data/cowrie:/data/cowrie
|
||||
|
||||
# Dionaea service
|
||||
dionaea:
|
||||
container_name: dionaea
|
||||
restart: always
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
ports:
|
||||
- "21:21"
|
||||
- "42:42"
|
||||
- "69:69/udp"
|
||||
- "8081:80"
|
||||
- "135:135"
|
||||
- "443:443"
|
||||
- "445:445"
|
||||
- "1433:1433"
|
||||
- "1723:1723"
|
||||
- "1883:1883"
|
||||
- "1900:1900"
|
||||
- "3306:3306"
|
||||
- "5060:5060"
|
||||
- "5061:5061"
|
||||
- "5060:5060/udp"
|
||||
- "11211:11211"
|
||||
image: "dtagdevsec/dionaea:1706"
|
||||
volumes:
|
||||
- /data/dionaea:/data/dionaea
|
||||
|
||||
# Elasticpot service
|
||||
elasticpot:
|
||||
container_name: elasticpot
|
||||
restart: always
|
||||
ports:
|
||||
- "9200:9200"
|
||||
image: "dtagdevsec/elasticpot:1706"
|
||||
volumes:
|
||||
- /data/elasticpot:/data/elasticpot
|
||||
|
||||
# ELK service
|
||||
elk:
|
||||
container_name: elk
|
||||
restart: always
|
||||
env_file:
|
||||
- /etc/tpot/elk/environment
|
||||
cap_add:
|
||||
- IPC_LOCK
|
||||
ulimits:
|
||||
memlock: -1
|
||||
nofile: 65536
|
||||
ports:
|
||||
- "127.0.0.1:64296:5601"
|
||||
- "127.0.0.1:64302:9100"
|
||||
- "127.0.0.1:64298:9200"
|
||||
image: "dtagdevsec/elk:1706"
|
||||
volumes:
|
||||
- /data:/data
|
||||
- /var/log:/data/host/log
|
||||
|
||||
# Ewsposter service
|
||||
ewsposter:
|
||||
container_name: ewsposter
|
||||
restart: always
|
||||
image: "dtagdevsec/ewsposter:1706"
|
||||
volumes:
|
||||
- /data:/data
|
||||
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
|
||||
|
||||
# Glastopf service
|
||||
glastopf:
|
||||
container_name: glastopf
|
||||
restart: always
|
||||
ports:
|
||||
- "80:80"
|
||||
image: "dtagdevsec/glastopf:1706"
|
||||
volumes:
|
||||
- /data/glastopf:/data/glastopf
|
||||
- /data/ews:/data/ews
|
||||
|
||||
# Honeytrap service
|
||||
honeytrap:
|
||||
container_name: honeytrap
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
image: "dtagdevsec/honeytrap:1706"
|
||||
volumes:
|
||||
- /data/honeytrap:/data/honeytrap
|
||||
- /data/ews:/data/ews
|
||||
|
||||
# Netdata service
|
||||
netdata:
|
||||
container_name: netdata
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
security_opt:
|
||||
- apparmor=unconfined
|
||||
image: "dtagdevsec/netdata:1706"
|
||||
volumes:
|
||||
- /proc:/host/proc:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
||||
# Spiderfoot service
|
||||
spiderfoot:
|
||||
container_name: spiderfoot
|
||||
restart: always
|
||||
ports:
|
||||
- "127.0.0.1:64303:8080"
|
||||
image: "dtagdevsec/spiderfoot:1706"
|
||||
|
||||
# Ui-for-docker service
|
||||
ui-for-docker:
|
||||
container_name: ui-for-docker
|
||||
command: -H unix:///var/run/docker.sock --no-auth
|
||||
restart: always
|
||||
ports:
|
||||
- "127.0.0.1:64299:9000"
|
||||
image: "dtagdevsec/ui-for-docker:1706"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
||||
# Suricata service
|
||||
suricata:
|
||||
container_name: suricata
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
image: "dtagdevsec/suricata:1706"
|
||||
volumes:
|
||||
- /data/suricata:/data/suricata
|
44
installer/etc/tpot/systemd/tpot.service
Normal file
44
installer/etc/tpot/systemd/tpot.service
Normal file
|
@ -0,0 +1,44 @@
|
|||
[Unit]
|
||||
Description=tpot
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
|
||||
# Clear state from /data
|
||||
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh off'
|
||||
|
||||
# Remove old containers and volumes
|
||||
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||
ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml rm -v
|
||||
ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)'
|
||||
|
||||
# Get IF, disable offloading, enable promiscious mode for p0f and suricata
|
||||
ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off'
|
||||
ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off'
|
||||
ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on'
|
||||
|
||||
# Modify access rights on docker.sock for netdata
|
||||
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
|
||||
|
||||
# Prepare iptables rules for honeytrap
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
|
||||
|
||||
# Compose T-Pot up and run as daemon
|
||||
ExecStart=/usr/bin/docker-compose -f /etc/tpot/tpot.yml up
|
||||
|
||||
# Compose T-Pot down and remove containers
|
||||
ExecStop=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||
|
||||
# Remove iptables rules for honeytrap
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,10 +1,5 @@
|
|||
#!/bin/bash
|
||||
########################################################
|
||||
# T-Pot post install script #
|
||||
# Ubuntu server 16.04.0, x64 #
|
||||
# #
|
||||
# v17.06 by mo, DTAG, 2017-03-22 #
|
||||
########################################################
|
||||
# T-Pot post install script
|
||||
|
||||
# Set TERM, DIALOGRC
|
||||
export TERM=linux
|
||||
|
@ -32,6 +27,8 @@ fuRANDOMWORD () {
|
|||
}
|
||||
|
||||
# Let's wait a few seconds to avoid interference with service messages
|
||||
sleep 3
|
||||
tput civis
|
||||
dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7
|
||||
|
||||
# Let's setup the proxy for env
|
||||
|
@ -104,6 +101,7 @@ rm -rf /usr/share/nginx/html/index.html 2>&1 | dialog --title "[ Removing NGINX
|
|||
|
||||
# Let's ask user for install flavor
|
||||
# Install types are TPOT, HP, INDUSTRIAL, ALL
|
||||
tput cnorm
|
||||
myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose your edition ]" --no-tags --menu \
|
||||
"\nRequired: 4GB RAM, 64GB disk\nRecommended: 8GB RAM, 128GB SSD" 14 60 4 \
|
||||
"TPOT" "Standard Honeypots, Suricata & ELK" \
|
||||
|
@ -198,6 +196,7 @@ while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ]
|
|||
htpasswd -b -c /etc/nginx/nginxpasswd "$myUSER" "$myPASS1" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF;
|
||||
|
||||
# Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway)
|
||||
tput civis
|
||||
mkdir -p /etc/nginx/ssl 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF;
|
||||
openssl req \
|
||||
-nodes \
|
||||
|
@ -353,34 +352,34 @@ EOF
|
|||
case $myFLAVOR in
|
||||
HP)
|
||||
echo "### Preparing HONEYPOT flavor installation."
|
||||
cp /root/tpot/data/imgcfg/hp_images.conf /root/tpot/data/images.conf 2>&1>/dev/null
|
||||
cp /root/tpot/etc/tpot/compose/hp.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null
|
||||
;;
|
||||
INDUSTRIAL)
|
||||
echo "### Preparing INDUSTRIAL flavor installation."
|
||||
cp /root/tpot/data/imgcfg/industrial_images.conf /root/tpot/data/images.conf 2>&1>/dev/null
|
||||
cp /root/tpot/etc/tpot/compose/industrial.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null
|
||||
;;
|
||||
TPOT)
|
||||
echo "### Preparing TPOT flavor installation."
|
||||
cp /root/tpot/data/imgcfg/tpot_images.conf /root/tpot/data/images.conf 2>&1>/dev/null
|
||||
cp /root/tpot/etc/tpot/compose/tpot.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null
|
||||
;;
|
||||
EVERYTHING)
|
||||
echo "### Preparing EVERYTHING flavor installation."
|
||||
cp /root/tpot/data/imgcfg/all_images.conf /root/tpot/data/images.conf 2>&1>/dev/null
|
||||
cp /root/tpot/etc/tpot/compose/all.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null
|
||||
;;
|
||||
esac
|
||||
|
||||
# Let's load docker images
|
||||
myIMAGESCOUNT=$(cat /root/tpot/data/images.conf | wc -w)
|
||||
myIMAGESCOUNT=$(cat /root/tpot/etc/tpot/tpot.yml | grep container_name | cut -d: -f2 | wc -l)
|
||||
j=0
|
||||
for name in $(cat /root/tpot/data/images.conf)
|
||||
for name in $(cat /root/tpot/etc/tpot/tpot.yml | grep image | cut -d'"' -f2)
|
||||
do
|
||||
dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \
|
||||
--gauge "\n Now downloading: dtagdevsec/$name:1706\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <<EOF
|
||||
--gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <<EOF
|
||||
EOF
|
||||
docker pull dtagdevsec/$name:1706 2>&1>/dev/null
|
||||
docker pull $name 2>&1>/dev/null
|
||||
let j+=1
|
||||
dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \
|
||||
--gauge "\n Now downloading: dtagdevsec/$name:1706\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <<EOF
|
||||
--gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <<EOF
|
||||
EOF
|
||||
done
|
||||
|
||||
|
@ -410,29 +409,20 @@ dialog --title "[ Adding cronjobs ]" $myPROGRESSBOXCONF <<EOF
|
|||
EOF
|
||||
tee -a /etc/crontab 2>&1>/dev/null <<EOF
|
||||
|
||||
# Check if containers and services are up
|
||||
*/5 * * * * root check.sh
|
||||
|
||||
# Example for alerta-cli IP update
|
||||
#*/5 * * * * root alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open
|
||||
#*/5 * * * * root alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open
|
||||
|
||||
# Check if updated images are available and download them
|
||||
27 1 * * * root for i in \$(cat /etc/tpot/images.conf); do docker pull dtagdevsec/\$i:1706; done
|
||||
|
||||
# Restart docker service and containers
|
||||
27 3 * * * root dcres.sh
|
||||
27 1 * * * root /usr/bin/docker-compose -f /etc/tpot/tpot.yml pull
|
||||
|
||||
# Delete elastic indices older than 90 days (kibana index is omitted by default)
|
||||
27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'
|
||||
|
||||
# Update IP and erase check.lock if it exists
|
||||
27 5 * * * root /etc/rc.local
|
||||
#27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'
|
||||
|
||||
# Daily reboot
|
||||
27 23 * * * root reboot
|
||||
27 3 * * * root reboot
|
||||
|
||||
# Check for updated packages every sunday, upgrade and reboot
|
||||
27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot
|
||||
27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot
|
||||
EOF
|
||||
|
||||
# Let's create some files and folders
|
||||
|
@ -445,31 +435,28 @@ mkdir -p /data/conpot/log \
|
|||
/data/emobility/log \
|
||||
/data/ews/conf \
|
||||
/data/suricata/log /home/tsec/.ssh/ \
|
||||
/etc/tpot/elk /etc/tpot/imgcfg /etc/tpot/systemd \
|
||||
/etc/tpot/elk /etc/tpot/compose /etc/tpot/systemd \
|
||||
/usr/share/tpot/bin 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
|
||||
|
||||
# Let's take care of some files and permissions before copying
|
||||
chmod 500 /root/tpot/bin/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
|
||||
chmod 600 /root/tpot/data/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
|
||||
chmod 600 -R /root/tpot/etc/tpot 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
|
||||
chmod 644 /root/tpot/etc/issue 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
|
||||
chmod 755 /root/tpot/etc/rc.local 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
|
||||
chmod 644 /root/tpot/data/systemd/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
|
||||
chmod 644 /root/tpot/etc/tpot/systemd/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF
|
||||
|
||||
# Let's copy some files
|
||||
tar xvfz /root/tpot/data/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF
|
||||
tar xvfz /root/tpot/etc/tpot/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF
|
||||
cp -R /root/tpot/bin/* /usr/share/tpot/bin/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp -R /root/tpot/data/* /etc/tpot/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp /root/tpot/data/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp -R /root/tpot/etc/tpot/* /etc/tpot/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp /root/tpot/etc/tpot/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp /root/tpot/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp -R /root/tpot/etc/nginx/ssl /etc/nginx/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp /root/tpot/etc/nginx/nginx.conf /etc/nginx/nginx.conf 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
cp /root/tpot/usr/share/nginx/html/* /usr/share/nginx/html/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF
|
||||
for i in $(cat /etc/tpot/images.conf);
|
||||
do
|
||||
systemctl enable $i 2>&1 | dialog --title "[ Enabling service for $i ]" $myPROGRESSBOXCONF
|
||||
done
|
||||
systemctl enable tpot 2>&1 | dialog --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF
|
||||
systemctl enable wetty 2>&1 | dialog --title "[ Enabling service for wetty ]" $myPROGRESSBOXCONF
|
||||
|
||||
# Let's enable T-Pot website
|
||||
|
|
|
@ -100,7 +100,7 @@ tasksel tasksel/first multiselect ubuntu-server
|
|||
########################
|
||||
### Package Installation
|
||||
########################
|
||||
d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io dstat ethtool genisoimage git glances html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant
|
||||
d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant
|
||||
|
||||
#################
|
||||
### Update Policy
|
||||
|
|
Loading…
Reference in a new issue