Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-19 13:42:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Prepare fix for Docker Desktop in Windows

Browse source
This commit is contained in:
Marco Ochse 2024-05-05 18:57:59 +02:00 committed by GitHub
parent 0451cd9acd
commit 99539562f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 82 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
compose/mac_win.yml
View file

@ -53,6 +53,7 @@ services:
- ${TPOT_DOCKER_COMPOSE}:/tmp/tpot/docker-compose.yml:ro
- ${TPOT_DATA_PATH}/blackhole:/etc/blackhole
- ${TPOT_DATA_PATH}:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
##################
@ -190,32 +191,6 @@ services:
volumes:
- ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot
# Conpot kamstrup_382
conpot_kamstrup_382:
container_name: conpot_kamstrup_382
restart: always
depends_on:
tpotinit:
condition: service_healthy
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
- CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
- CONPOT_TEMPLATE=kamstrup_382
- CONPOT_TMP=/tmp/conpot
tmpfs:
- /tmp/conpot:uid=2000,gid=2000
networks:
- conpot_local_kamstrup_382
ports:
- "1025:1025"
- "50100:50100"
image: ${TPOT_REPO}/conpot:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot
# Cowrie service
cowrie:
container_name: cowrie
@ -303,7 +278,7 @@ services:
- "81:81"
- "135:135"
# - "443:443"
- "445:445"
# - "445:445"
- "1433:1433"
- "1723:1723"
- "1883:1883"

77
docker/tpotinit/dist/entrypoint.sh vendored
View file

@ -7,14 +7,17 @@ exec > >(tee /data/tpotinit.log) 2>&1
cleanup() {
echo "# SIGTERM received, cleaning up ..."
echo
echo "## ... removing firewall rules."
/opt/tpot/bin/rules.sh ${COMPOSE} unset
echo
if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ -f "/etc/blackhole/mass_scanner.txt" ];
if [ "${TPOT_OSTYPE}" = "linux" ];
then
echo "## ... removing Blackhole routes."
/opt/tpot/bin/blackhole.sh del
echo "## ... removing firewall rules."
/opt/tpot/bin/rules.sh ${COMPOSE} unset
echo
if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ -f "/etc/blackhole/mass_scanner.txt" ];
then
echo "## ... removing Blackhole routes."
/opt/tpot/bin/blackhole.sh del
echo
fi
fi
kill -TERM "$PID"
rm -f /tmp/success
@ -153,25 +156,42 @@ update_permissions
# Check for compatible OSType
echo
echo "# Checking if OSType is compatible."
echo "# Checking if OSType is set correctly."
echo
myOSTYPE=$(uname -a | grep -Eo "linuxkit")
if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
myOSTYPE=$(uname -a | grep -Eo "microsoft|linuxkit")
if [ "${myOSTYPE}" == "microsoft" ] && [ "${TPOT_OSTYPE}" != "win" ];
then
echo "# Docker Desktop for macOS or Windows detected."
echo "# 1. You need to adjust the OSType the T-Pot .env config."
echo "# 2. You need to use the macos or win docker compose file."
echo "# Docker Desktop for Windows detected, but TPOT_OSTYPE is not set to win."
echo "# 1. You need to adjust the OSType in the T-Pot .env config."
echo "# 2. You need to copy compose/mac_win.yml to ./docker-compose.yml."
echo
echo "# Aborting."
echo
sleep 1
exit 1
fi
if ! [ "${myOSTYPE}" == "linuxkit" ] && ! [ -S /var/run/docker.sock ];
if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" != "mac" ];
then
echo "# Cannot access /var/run/docker.sock, check docker-compose.yml for proper volume definition."
echo "# Docker Desktop for macOS detected, but TPOT_OSTYPE is not set to mac."
echo "# 1. You need to adjust the OSType in the T-Pot .env config."
echo "# 2. You need to copy compose/mac_win.yml to ./docker-compose.yml."
echo
echo "# Aborting."
echo
sleep 1
exit 1
fi
if [ "${myOSTYPE}" == "" ] && [ "${TPOT_OSTYPE}" != "linux" ];
then
echo "# Docker Engine detected, but TPOT_OSTYPE is not set to linux."
echo "# 1. You need to adjust the OSType in the T-Pot .env config."
echo "# 2. You need to copy compose/standard.yml to ./docker-compose.yml."
echo
echo "# Aborting."
echo
sleep 1
exit 1
fi
@ -255,12 +275,8 @@ if [ -f "/data/uuid" ];
fi
# Check if TPOT_BLACKHOLE is enabled
if [ "${myOSTYPE}" == "linuxkit" ];
if [ "${TPOT_OSTYPE}" == "linux" ];
then
echo
echo "# Docker Desktop for macOS or Windows detected, Blackhole feature is not supported."
echo
else
if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ ! -f "/etc/blackhole/mass_scanner.txt" ];
then
echo
@ -278,6 +294,10 @@ if [ "${myOSTYPE}" == "linuxkit" ];
echo
echo "# Blackhole is not active."
fi
else
echo
echo "# T-Pot is configured for macOS / Windows. Blackhole is not supported."
echo
fi
# Get IP
@ -291,7 +311,7 @@ update_permissions
# Update interface settings (p0f and Suricata) and setup iptables to support NFQ based honeypots (glutton, honeytrap)
### This is currently not supported on Docker for Desktop, only on Docker Engine for Linux
if [ "${myOSTYPE}" != "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
if [ "${TPOT_OSTYPE}" == "linux" ];
then
echo
echo "# Get IF, disable offloading, enable promiscious mode for p0f and suricata ..."
@ -303,10 +323,14 @@ if [ "${myOSTYPE}" != "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
echo "# Adding firewall rules ..."
echo
/opt/tpot/bin/rules.sh ${COMPOSE} set
else
echo
echo "# T-Pot is configured for macOS / Windows. Setting up firewall rules on the host is not supported."
echo
fi
# Display open ports
if [ "${myOSTYPE}" != "linuxkit" ];
if [ "${TPOT_OSTYPE}" = "linux" ];
then
echo
echo "# This is a list of open ports on the host (netstat -tulpen)."
@ -317,7 +341,7 @@ if [ "${myOSTYPE}" != "linuxkit" ];
echo
else
echo
echo "# Docker Desktop for macOS or Windows detected, cannot show open ports on the host."
echo "# T-Pot is configured for macOS / Windows. Showing open ports from the host is not supported."
echo
fi
@ -331,25 +355,20 @@ touch /tmp/success
# We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
# Start autoheal if running on a supported os
if [ "${myOSTYPE}" != "linuxkit" ];
if [ "${TPOT_OSTYPE}" = "linux" ];
then
sleep 60
echo "# Dropping UDP connection tables to improve visibility of true source IPs."
/usr/sbin/conntrack -D -p udp
else
# Starting container health monitoring
echo
figlet "Starting ..."
figlet "Autoheal"
echo "# Now monitoring healthcheck enabled containers to automatically restart them when unhealthy."
echo
# exec /opt/tpot/autoheal.sh autoheal
/opt/tpot/autoheal.sh autoheal &
PID=$!
wait $PID
echo "# T-Pot Init and Autoheal were stopped. Exiting."
else
echo
echo "# Docker Desktop for macOS or Windows detected, Conntrack feature is not supported."
echo
sleep infinity
fi

20
dps.ps1 Normal file
View file

@ -0,0 +1,20 @@
# Format, colorize docker ps output
# Define a fixed width for the STATUS column
$statusWidth = 30
# Capture the Docker output into a variable
$dockerOutput = docker ps -f status=running -f status=exited --format "{{.Names}}`t{{.Status}}`t{{.Ports}}"
# Print header with colors
Write-Host ("NAME".PadRight(20) + "STATUS".PadRight($statusWidth) + "PORTS") -ForegroundColor Cyan -NoNewline
Write-Host ""
# Split the output into lines and loop over them
$dockerOutput -split '\r?\n' | ForEach-Object {
if ($_ -ne "") {
$fields = $_ -split "`t"
Write-Host ($fields[0].PadRight(20)) -NoNewline -ForegroundColor Yellow
Write-Host ($fields[1].PadRight($statusWidth)) -NoNewline -ForegroundColor Green
Write-Host ($fields[2]) -ForegroundColor Blue
}
}

12
genuserwin.ps1 Normal file
View file

@ -0,0 +1,12 @@
# Run genuser.sh within tpotinit, prepare path and file
# Define the volume paths
$homePath = $Env:USERPROFILE + "\tpotce"
$nginxpasswdPath = $homePath + "\data\nginx\conf\nginxpasswd"
# Ensure nginxpasswd file exists
if (-Not (Test-Path $nginxpasswdPath)) {
New-Item -ItemType File -Force -Path $nginxpasswdPath
}
# Run the Docker container without specifying UID / GID
docker run -v "${homePath}:/data" --entrypoint bash -it dtagdevsec/tpotinit:24.04 "/opt/tpot/bin/genuser.sh"