Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-28 19:28:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Clean up, add Spiderfoot

Browse source 
tpot configs are now stored in /etc/tpot/
tpot related scripts are now stored /usr/share/tpot/bin
some scripts are improved
some scripts are cleaned of old comments
spiderfoot is now part of tpot
This commit is contained in:
Marco Ochse 2017-04-19 12:22:51 +00:00
parent 62ce12a8a9
commit 9fea0461fc
24 changed files with 85 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
installer/bin/check.sh
View file

@ -12,14 +12,14 @@ if [ -a /var/run/check.lock ];
exit
fi
myIMAGES=$(cat /data/images.conf)
myIMAGES=$(cat /etc/tpot/images.conf)
touch /var/run/check.lock
myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
for i in $myIMAGES
do
if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ];
if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ] && [ "$i" != "spiderfoot" ];
then
myCIDSTATUS=$(docker exec $i supervisorctl status)
if [ $? -ne 0 ];

2
installer/bin/dcres.sh
View file

@ -29,7 +29,7 @@ do
myCOUNT=$[$myCOUNT +1]
done
myIMAGES=$(cat /data/images.conf)
myIMAGES=$(cat /etc/tpot/images.conf)
touch /var/run/check.lock

24
installer/bin/dps.sh
View file

@ -1,6 +1,13 @@
#/bin/bash
# Let's ensure normal operation on exit or if interrupted ...
function fuCLEANUP {
stty sane
}
trap fuCLEANUP EXIT
stty -echo -icanon time 0 min 0
myIMAGES=$(cat /data/images.conf)
myIMAGES=$(cat /etc/tpot/images.conf)
while true
do
clear
@ -11,7 +18,14 @@ while true
echo
echo "NAME CREATED PORTS"
for i in $myIMAGES; do
/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1
mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1)
myDOWN=$(echo "$mySTATUS" | grep -c "NAMES")
if [ "$myDOWN" = "1" ];
then
printf "%-19s Down\n" $i
else
printf "$mySTATUS\n"
fi
if [ "$1" = "vv" ];
then
/usr/bin/docker exec -t $i /bin/ps -awfuwfxwf | egrep -v -E "awfuwfxwf|/bin/ps"
@ -23,10 +37,4 @@ while true
else
break
fi
read myKEY
if [ "$myKEY" == "q" ];
then
break;
fi
done
stty sane

4
installer/bin/status.sh
View file

@ -10,7 +10,7 @@ myCOUNT=1
if [[ $1 == "" ]]
then
myIMAGES=$(cat /data/images.conf)
myIMAGES=$(cat /etc/tpot/images.conf)
else myIMAGES=$1
fi
@ -42,7 +42,7 @@ echo CPU temp: $(sensors | grep "Physical" | awk '{ print $4 }')
echo
for i in $myIMAGES
do
if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ];
if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ] && [ "$i" != "spiderfoot" ];
then
echo "======| Container:" $i "|======"
docker exec $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$"

4
installer/bin/update-images.sh
View file

@ -34,7 +34,7 @@ touch /var/run/check.lock
# Stop T-Pot services and disable all T-Pot services
echo "### Stopping T-Pot services and cleaning up."
for i in $(cat /data/imgcfg/all_images.conf);
for i in $(cat /etc/tpot/imgcfg/all_images.conf);
do
systemctl stop $i
sleep 2
@ -58,7 +58,7 @@ systemctl start docker
sleep 1
# Enable only T-Pot systemd scripts from images.conf and pull the images
for i in $(cat /data/images.conf);
for i in $(cat /etc/tpot/images.conf);
do
echo
echo "### Now pulling "$i

BIN
installer/data/elkbase.tgz
View file

Binary file not shown.

1
installer/data/imgcfg/all_images.conf
View file

@ -10,3 +10,4 @@ honeytrap
suricata
netdata
ui-for-docker
spiderfoot

1
installer/data/imgcfg/industrial_images.conf
View file

@ -5,3 +5,4 @@ ewsposter
suricata
netdata
ui-for-docker
spiderfoot

1
installer/data/imgcfg/tpot_images.conf
View file

@ -8,3 +8,4 @@ honeytrap
suricata
netdata
ui-for-docker
spiderfoot

BIN
installer/data/kibana-objects.tgz
View file

Binary file not shown.

2
installer/data/systemd/conpot.service
View file

@ -7,7 +7,7 @@ After=docker.service
Restart=always
ExecStartPre=-/usr/bin/docker stop conpot
ExecStartPre=-/usr/bin/docker rm -v conpot
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh conpot off'
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh conpot off'
ExecStart=/usr/bin/docker run --name conpot --rm=true -v /data/conpot:/data/conpot -v /data/ews:/data/ews -p 1025:1025 -p 50100:50100 dtagdevsec/conpot:1706
ExecStop=/usr/bin/docker stop conpot

2
installer/data/systemd/cowrie.service
View file

@ -7,7 +7,7 @@ After=docker.service
Restart=always
ExecStartPre=-/usr/bin/docker stop cowrie
ExecStartPre=-/usr/bin/docker rm -v cowrie
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh cowrie off'
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh cowrie off'
ExecStart=/usr/bin/docker run --name cowrie --rm=true -p 22:2222 -p 23:2223 -v /data/cowrie:/data/cowrie -v /data/ews:/data/ews dtagdevsec/cowrie:1706
ExecStop=/usr/bin/docker stop cowrie

2
installer/data/systemd/dionaea.service
View file

@ -7,7 +7,7 @@ After=docker.service
Restart=always
ExecStartPre=-/usr/bin/docker stop dionaea
ExecStartPre=-/usr/bin/docker rm -v dionaea
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh dionaea off'
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh dionaea off'
ExecStart=/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 69:69/udp -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 1723:1723 -p 1883:1883 -p 1900:1900 -p 3306:3306 -p 5060:5060 -p 5061:5061 -p 5060:5060/udp -p 11211:11211 -v /data/dionaea:/data/dionaea dtagdevsec/dionaea:1706
ExecStop=/usr/bin/docker stop dionaea

2
installer/data/systemd/elasticpot.service
View file

@ -7,7 +7,7 @@ After=docker.service
Restart=always
ExecStartPre=-/usr/bin/docker stop elasticpot
ExecStartPre=-/usr/bin/docker rm -v elasticpot
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elasticpot off'
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elasticpot off'
ExecStart=/usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -p 9200:9200 dtagdevsec/elasticpot:1706
ExecStop=/usr/bin/docker stop elasticpot

4
installer/data/systemd/elk.service
View file

@ -7,8 +7,8 @@ After=docker.service
Restart=always
ExecStartPre=-/usr/bin/docker stop elk
ExecStartPre=-/usr/bin/docker rm -v elk
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk'
ExecStart=/usr/bin/docker run --name=elk --env-file /data/elk/environment --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64302:9100 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:1706
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elk'
ExecStart=/usr/bin/docker run --name=elk --env-file /etc/tpot/elk/environment --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64302:9100 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:1706
ExecStop=/usr/bin/docker stop elk
[Install]

2
installer/data/systemd/emobility.service
View file

@ -7,7 +7,7 @@ After=docker.service
Restart=always
ExecStartPre=-/usr/bin/docker stop emobility
ExecStartPre=-/usr/bin/docker rm -v emobility
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh emobility off'
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh emobility off'
ExecStart=/usr/bin/docker run --name emobility --cap-add=NET_ADMIN -p 8080:8080 -v /data/emobility:/data/eMobility -v /data/ews:/data/ews --rm=true dtagdevsec/emobility:1706
ExecStop=/usr/bin/docker stop emobility

2
installer/data/systemd/glastopf.service
View file

@ -7,7 +7,7 @@ After=docker.service
Restart=always
ExecStartPre=-/usr/bin/docker stop glastopf
ExecStartPre=-/usr/bin/docker rm -v glastopf
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh glastopf off'
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh glastopf off'
ExecStart=/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:1706
ExecStop=/usr/bin/docker stop glastopf

6
installer/data/systemd/honeytrap.service
View file

@ -7,15 +7,15 @@ After=docker.service
Restart=always
ExecStartPre=-/usr/bin/docker stop honeytrap
ExecStartPre=-/usr/bin/docker rm -v honeytrap
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh honeytrap off'
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh honeytrap off'
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:1706
ExecStop=/usr/bin/docker stop honeytrap
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE

14
installer/data/systemd/spiderfoot.service Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=spiderfoot
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=-/usr/bin/docker stop spiderfoot
ExecStartPre=-/usr/bin/docker rm -v spiderfoot
ExecStart=/usr/bin/docker run --name spiderfoot --rm=true -p 127.0.0.1:64303:8080 dtagdevsec/spiderfoot:1706
ExecStop=/usr/bin/docker stop spiderfoot
[Install]
WantedBy=multi-user.target

2
installer/data/systemd/suricata.service
View file

@ -11,7 +11,7 @@ ExecStartPre=-/usr/bin/docker rm -v suricata
ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off'
ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off'
ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on'
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh suricata off'
ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh suricata off'
ExecStart=/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:1706
ExecStop=/usr/bin/docker stop suricata

52
installer/etc/nginx/tpotweb.conf
View file

@ -104,42 +104,22 @@ server {
### Kibana
location /kibana/ {
proxy_pass http://localhost:64296;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
rewrite /kibana/(.*)$ /$1 break;
}
### ES
location /es/ {
proxy_pass http://localhost:64298/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
rewrite /es/(.*)$ /$1 break;
}
### Head standalone
### head standalone
location /myhead/ {
proxy_pass http://localhost:64302/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
rewrite /myhead/(.*)$ /$1 break;
}
### ui-for-docker
### portainer
location /ui {
proxy_pass http://127.0.0.1:64299;
proxy_http_version 1.1;
@ -152,28 +132,24 @@ server {
### web tty
location /wetty {
proxy_pass http://127.0.0.1:64300/wetty;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 43200000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
### netdata
location /netdata/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:64301;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
rewrite /netdata/(.*)$ /$1 break;
}
}
### spiderfoot
location /spiderfoot {
proxy_pass http://127.0.0.1:64303;
}
location /static {
proxy_pass http://127.0.0.1:64303/spiderfoot/static;
}
location /scanviz {
proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz;
}
}

4
installer/etc/rc.local
View file

@ -2,7 +2,7 @@
# Let's add the first local ip to the /etc/issue and external ip to ews.ip file
source /etc/environment
myLOCALIP=$(hostname -I | awk '{ print $1 }')
myEXTIP=$(/usr/bin/myip.sh)
myEXTIP=$(/usr/share/tpot/bin/myip.sh)
sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
@ -10,7 +10,7 @@ tee /data/ews/conf/ews.ip << EOF
[MAIN]
ip = $myEXTIP
EOF
tee /data/elk/environment << EOF
tee /etc/tpot/elk/environment << EOF
MY_EXTIP=$myEXTIP
MY_HOSTNAME=$HOSTNAME
EOF

38
installer/install.sh
View file

@ -39,12 +39,6 @@ fuRANDOMWORD () {
echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z)
}
# Let's make sure there is a warning if running for a second time
#if [ -f install.log ];
# then fuECHO "### Running more than once may complicate things. Erase install.log if you are really sure."
# exit 1;
#fi
# Let's setup the proxy for env
if [ -f $myPROXYFILEPATH ];
then fuECHO "### Setting up the proxy."
@ -102,7 +96,7 @@ myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose your
"INDUSTRIAL" "Conpot, eMobility, Suricata & ELK" \
"EVERYTHING" "Everything" 3>&1 1>&2 2>&3 3>&-)
# Let's ask user for a web user and password
# Let's ask user for a web username and password
myOK="1"
myUSER="tsec"
while [ 1 != 2 ]
@ -303,12 +297,6 @@ Match address 127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
PasswordAuthentication yes
EOF
# Let's patch docker defaults, so we can run images as service
#fuECHO "### Patching docker defaults."
#tee -a /etc/default/docker <<EOF
#DOCKER_OPTS="-r=false"
#EOF
# Let's restart docker for proxy changes to take effect
systemctl restart docker
sleep 5
@ -363,9 +351,6 @@ EOF
fuECHO "### Adding cronjobs."
tee -a /etc/crontab <<EOF
# Show running containers every 60s via /dev/tty2
#*/2 * * * * root status.sh > /dev/tty2
# Check if containers and services are up
*/5 * * * * root check.sh
@ -373,7 +358,7 @@ tee -a /etc/crontab <<EOF
#*/5 * * * * root alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open
# Check if updated images are available and download them
27 1 * * * root for i in \$(cat /data/images.conf); do docker pull dtagdevsec/\$i:1706; done
27 1 * * * root for i in \$(cat /etc/tpot/images.conf); do docker pull dtagdevsec/\$i:1706; done
# Restart docker service and containers
27 3 * * * root dcres.sh
@ -401,7 +386,9 @@ mkdir -p /data/conpot/log \
/data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
/data/emobility/log \
/data/ews/conf \
/data/suricata/log /home/tsec/.ssh/
/data/suricata/log /home/tsec/.ssh/ \
/etc/tpot/elk /etc/tpot/imgcfg /etc/tpot/systemd \
/usr/share/tpot/bin
# Let's take care of some files and permissions before copying
chmod 500 /root/tpot/bin/*
@ -412,9 +399,8 @@ chmod 644 /root/tpot/data/systemd/*
# Let's copy some files
tar xvfz /root/tpot/data/elkbase.tgz -C /
cp /root/tpot/data/elkbase.tgz /data/
cp -R /root/tpot/bin/* /usr/bin/
cp -R /root/tpot/data/* /data/
cp -R /root/tpot/bin/* /usr/share/tpot/bin/
cp -R /root/tpot/data/* /etc/tpot/
cp /root/tpot/data/systemd/* /etc/systemd/system/
cp /root/tpot/etc/issue /etc/
cp -R /root/tpot/etc/nginx/ssl /etc/nginx/
@ -453,20 +439,22 @@ sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup
sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup
update-initramfs -u
# Let's enable a color prompt
# Let's enable a color prompt and add /usr/share/tpot/bin to path
myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
tee -a /root/.bashrc << EOF
$myROOTPROMPT
PATH="$PATH:/usr/share/tpot/bin"
EOF
tee -a /home/tsec/.bashrc << EOF
$myUSERPROMPT
PATH="$PATH:/usr/share/tpot/bin"
EOF
# Let's create ews.ip before reboot and prevent race condition for first start
source /etc/environment
myLOCALIP=$(hostname -I | awk '{ print $1 }')
myEXTIP=$(/usr/bin/myip.sh)
myEXTIP=$(/usr/share/tpot/bin/myip.sh)
sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
@ -474,6 +462,10 @@ tee /data/ews/conf/ews.ip << EOF
[MAIN]
ip = $myEXTIP
EOF
tee /etc/tpot/elk/environment << EOF
MY_EXTIP=$myEXTIP
MY_HOSTNAME=$HOSTNAME
EOF
echo $myLOCALIP > /data/elk/logstash/mylocal.ip
chown tpot:tpot /data/ews/conf/ews.ip

3
installer/usr/share/nginx/html/navbar.html
View file

@ -12,9 +12,10 @@
<a href="/tpotweb.html" target="_top" class="btn">Home</a>
<a href="/kibana" target="main" class="btn">Kibana</a>
<a href="/myhead/" target="main" class="btn">ES Head</a>
<a href="/netdata/" target="_blank" class="btn">Netdata</a>
<a href="/spiderfoot/" target="main" class="btn">Spiderfoot</a>
<a href="/ui/" target="main" class="btn">Portainer</a>
<a href="/wetty/ssh/tsec" target="main" class="btn">WebSSH</a>
<a href="/netdata/" target="_blank" class="btn">Netdata</a>
</center>
</body>
</html>