Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-19 21:52:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

tweaking and fixes

Browse source
This commit is contained in:
Marco Ochse 2018-06-24 01:55:41 +02:00
parent 081397b48a
commit 9d9af24ace
6 changed files with 31 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bin/rules.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
### Vars, Ports for Standard services ### Vars, Ports for Standard services
myHOSTPORTS="7634 64295" myHOSTPORTS="7634 64294 64295"
myDOCKERCOMPOSEYML="$1" myDOCKERCOMPOSEYML="$1"
myRULESFUNCTION="$2" myRULESFUNCTION="$2"
@ -19,7 +19,7 @@ fi
function fuNFQCHECK { function fuNFQCHECK {
### Check if honeytrap or glutton is actively enabled in docker-compose.yml ### Check if honeytrap or glutton is actively enabled in docker-compose.yml
myNFQCHECK=$(grep -e '^\s*honeytrap:\|^\s*glutton:' $myDOCKERCOMPOSEYML | tr -d ': ' | uniq) myNFQCHECK=$(grep -e '^\s*honeytrap:\|^\s*glutton:' $myDOCKERCOMPOSEYML | tr -d ': ' | uniq)
if [ "$myNFQCHECK" == "" ]; if [ "$myNFQCHECK" == "" ];
then then
@ -32,7 +32,7 @@ fi
function fuGETPORTS { function fuGETPORTS {
### Get ports from docker-compose.yml ### Get ports from docker-compose.yml
myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ' | sed -e s/^:// | cut -f1 -d ':' ) myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ' | sed -e s/^:// | cut -f1 -d ':' )
myDOCKERCOMPOSEPORTS+=" $myHOSTPORTS" myDOCKERCOMPOSEPORTS+=" $myHOSTPORTS"
myRULESPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo $i; done | sort -gu) myRULESPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo $i; done | sort -gu)
@ -50,7 +50,7 @@ if [ "$myNFQCHECK" == "honeytrap" ];
for myPORT in $myRULESPORTS; do for myPORT in $myRULESPORTS; do
/sbin/iptables -w -A INPUT -p tcp --dport $myPORT -j ACCEPT /sbin/iptables -w -A INPUT -p tcp --dport $myPORT -j ACCEPT
done done
/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE /sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
fi fi

11
iso/installer/install.sh
View file

@ -24,9 +24,9 @@ This script will install T-Pot on this system, by running the script you know wh
Usage: Usage:
$0 --help - Help. $0 --help - Help.
Example: Example:
$0 --type=user - Best option for most users." $0 --type=user - Best option for most users."
if [ "$myLSB" != "$myLSB_SUPPORTED" ]; if [ "$myLSB" != "$myLSB_SUPPORTED" ];
then then
echo "Aborting. Ubuntu $myLSB is not supported." echo "Aborting. Ubuntu $myLSB is not supported."
@ -100,10 +100,10 @@ if [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ];
exit exit
fi fi
elif ! [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ]; elif ! [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ];
then then
echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not found." echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not found."
exit exit
fi fi
####################### #######################
@ -599,7 +599,7 @@ hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]
sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
# Let's patch cockpit.socket, sshd_config # Let's patch cockpit.socket, sshd_config
sed -i 's#ListenStream=9090#ListeStream=64294#' /etc/systemd/system/sockets.target.wants/cockpit.socket 2>&1 | dialog --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket 2>&1 | dialog --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF
sed -i 's#\#Port 22#Port 64295#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF sed -i 's#\#Port 22#Port 64295#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF
# Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started # Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started
@ -740,6 +740,7 @@ mkdir -p /data/ciscoasa/log \
/data/p0f/log \ /data/p0f/log \
/data/vnclowpot/log 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF /data/vnclowpot/log 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
touch /data/nginx/log/error.log 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
# Let's copy some files # Let's copy some files
tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF

4
iso/installer/rc.local.install
View file

@ -1,4 +1,4 @@
rc.local.inst:
#!/bin/bash #!/bin/bash
plymouth --quit plymouth --quit
cd /root/installer openvt -f -w -s /root/installer/wrapper.sh
openvt -f -w -s install.sh --type=iso

3
iso/installer/wrapper.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
cd /root/installer
./install.sh --type=iso

27
makeiso.sh
View file

@ -191,18 +191,21 @@ EOF
done done
# Let's write the config file # Let's write the config file
echo "# makeiso configuration file" > $myCONF_FILE if [ "$myCONF_PROXY_USE" == "0" ] || [ "$myCONF_PFX_USE" == "0" ] || [ "$myCONF_NTP_USE" == "0" ];
echo "myCONF_PROXY_USE=\"$myCONF_PROXY_USE\"" >> $myCONF_FILE then
echo "myCONF_PROXY_IP=\"$myCONF_PROXY_IP\"" >> $myCONF_FILE echo "# makeiso configuration file" > $myCONF_FILE
echo "myCONF_PROXY_PORT=\"$myCONF_PROXY_PORT\"" >> $myCONF_FILE echo "myCONF_PROXY_USE=\"$myCONF_PROXY_USE\"" >> $myCONF_FILE
echo "myCONF_PFX_USE=\"$myCONF_PFX_USE\"" >> $myCONF_FILE echo "myCONF_PROXY_IP=\"$myCONF_PROXY_IP\"" >> $myCONF_FILE
echo "myCONF_PFX_FILE=\"/root/installer/keys/8021x.pfx\"" >> $myCONF_FILE echo "myCONF_PROXY_PORT=\"$myCONF_PROXY_PORT\"" >> $myCONF_FILE
echo "myCONF_PFX_PW_USE=\"$myCONF_PFX_PW_USE\"" >> $myCONF_FILE echo "myCONF_PFX_USE=\"$myCONF_PFX_USE\"" >> $myCONF_FILE
echo "myCONF_PFX_PW=\"$myCONF_PFX_PW\"" >> $myCONF_FILE echo "myCONF_PFX_FILE=\"/root/installer/keys/8021x.pfx\"" >> $myCONF_FILE
echo "myCONF_PFX_HOST_ID=\"$myCONF_PFX_HOST_ID\"" >> $myCONF_FILE echo "myCONF_PFX_PW_USE=\"$myCONF_PFX_PW_USE\"" >> $myCONF_FILE
echo "myCONF_NTP_USE=\"$myCONF_NTP_USE\"" >> $myCONF_FILE echo "myCONF_PFX_PW=\"$myCONF_PFX_PW\"" >> $myCONF_FILE
echo "myCONF_NTP_IP=\"$myCONF_NTP_IP\"" >> $myCONF_FILE echo "myCONF_PFX_HOST_ID=\"$myCONF_PFX_HOST_ID\"" >> $myCONF_FILE
echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE echo "myCONF_NTP_USE=\"$myCONF_NTP_USE\"" >> $myCONF_FILE
echo "myCONF_NTP_IP=\"$myCONF_NTP_IP\"" >> $myCONF_FILE
echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE
fi
# Let's download Ubuntu Minimal ISO # Let's download Ubuntu Minimal ISO
if [ ! -f $myUBUNTUISO ] if [ ! -f $myUBUNTUISO ]

1
version Normal file
View file

@ -0,0 +1 @@
18.10.0