include conpot

README.md

@@ -24,20 +24,34 @@ The script will download and install dependecies necessary to build the image on
 
 After a successful build, you will find the ISO image `tpot.iso` in your directory.
 
-### T-Pot Full Installation
+### T-Pot Installation (Cowrie, Dionaea, ElasticPot, Glastopf, Honeytrap, ELK, Suricata+P0f)
 When installing the T-Pot ISO image, make sure the target system (physical/virtual) meets the following minimum requirements:
 - 4 GB RAM (6-8 GB recommended)
 - 64 GB disk (128 GB SSD recommended)
 - Network via DHCP
 - A working internet connection
 
-### T-Pot Sensor Installation (no ELK, no Suricata - only available thru ISO Creator)
+### Sensor Installation (Cowrie, Dionaea, ElasticPot, Glastopf, Honeytrap - only available thru ISO Creator)
 When installing the T-Pot ISO image, make sure the target system (physical/virtual) meets the following minimum requirements:
 - 3 GB RAM (4-6 GB recommended) 
 - 64 GB disk (64 GB SSD recommended)
 - Network via DHCP
 - A working internet connection
 
+### Industrial Installation (ConPot, eMobility, ELK, Suricata+P0f - only available thru ISO Creator)
+When installing the T-Pot ISO image, make sure the target system (physical/virtual) meets the following minimum requirements:
+- 4 GB RAM (8 GB recommended)
+- 64 GB disk (128 GB SSD recommended)
+- Network via DHCP
+- A working internet connection
+
+### Everything Installation (Everything)
+When installing the T-Pot ISO image, make sure the target system (physical/virtual) meets the following minimum requirements:
+- 8 GB RAM
+- 128 GB disk or larger (128 GB SSD or larger recommended)
+- Network via DHCP
+- A working internet connection
+
 The installation requires very little interaction. Most things should be configured automatically. The system will reboot a couple of times. Make sure it can access the internet as it needs to download the dockerized honeypot components. Depending on your network connection, the installation may take some time.
 Once the installation is finished, the system will automatically reboot and you will be presented with a login screen. The user credentials for the first login are:
 - user: tsec

installer/data/imgcfg/all_images.conf

@@ -1,3 +1,4 @@
+conpot
 cowrie
 dionaea
 elasticpot

installer/data/imgcfg/industrial_images.conf

@@ -1,3 +1,4 @@
+conpot
 elk
 emobility
 suricata

installer/data/upstart/conpot.conf

@@ -0,0 +1,31 @@
+########################################################
+# T-Pot                                                #
+# ConPot upstart script                                #
+#                                                      #
+# v16.03.1 by mo, DTAG, 2016-02-19                     #
+########################################################
+
+description "ConPot"
+author "mo"
+start on started docker and filesystem
+stop on runlevel [!2345]
+respawn
+pre-start script
+  # Remove any existing conpot containers
+  myCID=$(docker ps -a | grep conpot | awk '{ print $1 }')
+  if [ "$myCID" != "" ];
+    then docker rm -v $myCID;
+  fi
+  # Remove any data from previous container
+  rm -rf /data/conpot/* || true
+  mkdir -p /data/conpot/log
+  chmod 760 /data/conpot -R
+  chown tpot:tpot /data/conpot -R
+end script
+script
+  /usr/bin/docker run --name conpot --rm=true -v /data/conpot:/data/conpot -v /data/ews:/data/ews -p 81:80 -p 102:102 -p 161:161/udp -p 502:502 dtagdevsec/conpot:latest1603
+end script
+post-start script
+  # Delay next start to avoid rapid respawning
+  sleep 2
+end script

installer/install.sh

@@ -3,7 +3,7 @@
 # T-Pot post install script                            #
 # Ubuntu server 14.04.3, x64                           #
 #                                                      #
-# v16.03.9 by mo, DTAG, 2016-02-15                     #
+# v16.03.10 by mo, DTAG, 2016-02-19                    #
 ########################################################
 
 # Type of install, SENSOR, INDUSTRIAL or FULL?
@@ -223,7 +223,6 @@ if [ "$myFLAVOR" = "ALL" ]
     cp /root/tpot/data/imgcfg/all_images.conf /root/tpot/data/images.conf
 fi
 
-
 # Let's load docker images
 fuECHO "### Loading docker images. Please be patient, this may take a while."
 if [ -d /root/tpot/images ];
@@ -281,18 +280,19 @@ tee -a /etc/crontab <<EOF
 27 15 * * *   root  /etc/rc.local
 
 # Check for updated packages every sunday, upgrade and reboot
-27 16 * * 0   root  sleep \$((RANDOM %600)); apt-get autoclean -y; apt-get autoremove -y; apt-get update -y; apt-get upgrade -y; sleep 5; reboot
+27 16 * * 0   root  apt-get autoclean -y; apt-get autoremove -y; apt-get update -y; apt-get upgrade -y; sleep 5; reboot
 EOF
 
 # Let's create some files and folders
 fuECHO "### Creating some files and folders."
-mkdir -p /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/emobility \
+mkdir -p /data/conpot/log \
          /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \
-         /data/elasticpot/log \
          /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot \
+         /data/elasticpot/log \
          /data/elk/data /data/elk/log /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
-         /data/suricata/log /home/tsec/.ssh/ \
+         /data/emobility/log \
-         /data/emobility/log
+         /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/emobility \
+         /data/suricata/log /home/tsec/.ssh/
 
 # Let's take care of some files and permissions before copying
 chmod 500 /root/tpot/bin/*

makeiso.sh

@@ -86,7 +86,7 @@ if [ "$mySTART" = "1" ];
 fi
 
 # Let's ask for the type of installation SENSOR, INDUSTRIAL or FULL?
-myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Installation type ... ]" --radiolist "" 11 70 4 "TPOT" "Standard (w/o INDUSTRIAL)" on "HP" "Honeypots only (w/o INDUSTRIAL)" off "INDUSTRIAL" "eMobility, ELK, Suricata (8GB RAM recommended)" off "ALL" "Everything (8GB RAM required)" off 3>&1 1>&2 2>&3 3>&-)
+myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Installation type ... ]" --radiolist "" 11 76 4 "TPOT" "Standard (w/o INDUSTRIAL)" on "HP" "Honeypots only (w/o INDUSTRIAL)" off "INDUSTRIAL" "ConPot, eMobility, ELK, Suricata (8GB RAM recommended)" off "ALL" "Everything (8GB RAM required)" off 3>&1 1>&2 2>&3 3>&-)
 sed -i 's#^myFLAVOR=.*#myFLAVOR="'$myFLAVOR'"#' $myINSTALLERPATH
 
 # Let's ask the user for a proxy ...