diff --git a/installer/bin/dps.sh b/installer/bin/dps.sh index 2f3910b1..752176b6 100755 --- a/installer/bin/dps.sh +++ b/installer/bin/dps.sh @@ -11,12 +11,15 @@ myIMAGES=$(cat /etc/tpot/tpot.yml | grep container_name | cut -d: -f2) while true do clear + echo "" echo "======| System |======" echo Date:" "$(date) echo Uptime:" "$(uptime) echo CPU temp: $(sensors | grep "Physical" | awk '{ print $4 }') echo - echo "NAME CREATED PORTS" + printf "NAME" + printf "%-15s STATUS" + printf "%-13s PORTS\n" for i in $myIMAGES; do mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_0-9a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1) myDOWN=$(echo "$mySTATUS" | grep -c "NAMES") diff --git a/installer/etc/rc.local b/installer/etc/rc.local index 7b64eb94..7fddb557 100755 --- a/installer/etc/rc.local +++ b/installer/etc/rc.local @@ -14,5 +14,4 @@ tee /etc/tpot/elk/environment << EOF MY_EXTIP=$myEXTIP MY_HOSTNAME=$HOSTNAME EOF -echo $myLOCALIP > /data/elk/logstash/mylocal.ip chown tpot:tpot /data/ews/conf/ews.ip diff --git a/installer/etc/tpot/compose/all.yml b/installer/etc/tpot/compose/all.yml index ca6dfc38..df5bf1f4 100644 --- a/installer/etc/tpot/compose/all.yml +++ b/installer/etc/tpot/compose/all.yml @@ -1,12 +1,26 @@ # T-Pot (Everything) -# For docker-compose version ... +# For docker-compose ... version: '2' + +networks: + conpot_local: + cowrie_local: + dionaea_local: + elasticpot_local: + emobility_local: + ewsposter_local: + glastopf_local: + spiderfoot_local: + ui-for-docker_local: + services: # Conpot service conpot: container_name: conpot restart: always + networks: + - conpot_local ports: - "1025:1025" - "50100:50100" @@ -19,6 +33,8 @@ services: cowrie: container_name: cowrie restart: always + networks: + - cowrie_local ports: - "22:2222" - "23:2223" @@ -30,6 +46,8 @@ services: dionaea: container_name: dionaea restart: always + networks: + - dionaea_local cap_add: - NET_BIND_SERVICE ports: @@ -57,36 +75,77 @@ services: elasticpot: container_name: elasticpot restart: always + networks: + - elasticpot_local ports: - "9200:9200" image: "dtagdevsec/elasticpot:1706" volumes: - /data/elasticpot:/data/elasticpot -# ELK service - elk: - container_name: elk +# ELK services +## Elasticsearch service + elasticsearch: + container_name: elasticsearch restart: always - env_file: - - /etc/tpot/elk/environment + environment: + - bootstrap.memory_lock=true +# - "ES_JAVA_OPTS=-Xms1g -Xmx1g" cap_add: - IPC_LOCK ulimits: - memlock: -1 - nofile: 65536 + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 2g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1706" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + - elasticsearch ports: - "127.0.0.1:64296:5601" - - "127.0.0.1:64302:9100" - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elk:1706" + image: "dtagdevsec/kibana:1706" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + - elasticsearch + env_file: + - /etc/tpot/elk/environment + image: "dtagdevsec/logstash:1706" volumes: - /data:/data - /var/log:/data/host/log +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + - elasticsearch + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1706" + # Emobility service emobility: container_name: emobility restart: always + networks: + - emobility_local cap_add: - NET_ADMIN ports: @@ -100,6 +159,8 @@ services: ewsposter: container_name: ewsposter restart: always + networks: + - ewsposter_local image: "dtagdevsec/ewsposter:1706" volumes: - /data:/data @@ -109,6 +170,8 @@ services: glastopf: container_name: glastopf restart: always + networks: + - glastopf_local ports: - "80:80" image: "dtagdevsec/glastopf:1706" @@ -147,6 +210,8 @@ services: spiderfoot: container_name: spiderfoot restart: always + networks: + - spiderfoot_local ports: - "127.0.0.1:64303:8080" image: "dtagdevsec/spiderfoot:1706" @@ -156,6 +221,8 @@ services: container_name: ui-for-docker command: -H unix:///var/run/docker.sock --no-auth restart: always + networks: + - ui-for-docker_local ports: - "127.0.0.1:64299:9000" image: "dtagdevsec/ui-for-docker:1706" diff --git a/installer/etc/tpot/compose/hp.yml b/installer/etc/tpot/compose/hp.yml index ea3ed8f4..393b03b1 100644 --- a/installer/etc/tpot/compose/hp.yml +++ b/installer/etc/tpot/compose/hp.yml @@ -1,12 +1,22 @@ -# T-Pot (Standard) -# For docker-compose version ... +# T-Pot (Honeypots) +# For docker-compose ... version: '2' + +networks: + cowrie_local: + dionaea_local: + elasticpot_local: + ewsposter_local: + glastopf_local: + services: # Cowrie service cowrie: container_name: cowrie restart: always + networks: + - cowrie_local ports: - "22:2222" - "23:2223" @@ -18,6 +28,8 @@ services: dionaea: container_name: dionaea restart: always + networks: + - dionaea_local cap_add: - NET_BIND_SERVICE ports: @@ -45,6 +57,8 @@ services: elasticpot: container_name: elasticpot restart: always + networks: + - elasticpot_local ports: - "9200:9200" image: "dtagdevsec/elasticpot:1706" @@ -55,6 +69,8 @@ services: ewsposter: container_name: ewsposter restart: always + networks: + - ewsposter_local image: "dtagdevsec/ewsposter:1706" volumes: - /data:/data @@ -64,6 +80,8 @@ services: glastopf: container_name: glastopf restart: always + networks: + - glastopf_local ports: - "80:80" image: "dtagdevsec/glastopf:1706" diff --git a/installer/etc/tpot/compose/industrial.yml b/installer/etc/tpot/compose/industrial.yml index 1f451c33..cfee2add 100644 --- a/installer/etc/tpot/compose/industrial.yml +++ b/installer/etc/tpot/compose/industrial.yml @@ -1,12 +1,22 @@ -# T-Pot (Everything) -# For docker-compose version ... +# T-Pot (Industrial) +# For docker-compose ... version: '2' + +networks: + conpot_local: + emobility_local: + ewsposter_local: + spiderfoot_local: + ui-for-docker_local: + services: # Conpot service conpot: container_name: conpot restart: always + networks: + - conpot_local ports: - "1025:1025" - "50100:50100" @@ -15,30 +25,69 @@ services: - /data/conpot:/data/conpot - /data/ews:/data/ews -# ELK service - elk: - container_name: elk +# ELK services +## Elasticsearch service + elasticsearch: + container_name: elasticsearch restart: always - env_file: - - /etc/tpot/elk/environment + environment: + - bootstrap.memory_lock=true +# - "ES_JAVA_OPTS=-Xms1g -Xmx1g" cap_add: - IPC_LOCK ulimits: - memlock: -1 - nofile: 65536 + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 2g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1706" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + - elasticsearch ports: - "127.0.0.1:64296:5601" - - "127.0.0.1:64302:9100" - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elk:1706" + image: "dtagdevsec/kibana:1706" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + - elasticsearch + env_file: + - /etc/tpot/elk/environment + image: "dtagdevsec/logstash:1706" volumes: - /data:/data - /var/log:/data/host/log +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + - elasticsearch + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1706" + # Emobility service emobility: container_name: emobility restart: always + networks: + - emobility_local cap_add: - NET_ADMIN ports: @@ -52,6 +101,8 @@ services: ewsposter: container_name: ewsposter restart: always + networks: + - ewsposter_local image: "dtagdevsec/ewsposter:1706" volumes: - /data:/data @@ -76,6 +127,8 @@ services: spiderfoot: container_name: spiderfoot restart: always + networks: + - spiderfoot_local ports: - "127.0.0.1:64303:8080" image: "dtagdevsec/spiderfoot:1706" @@ -85,6 +138,8 @@ services: container_name: ui-for-docker command: -H unix:///var/run/docker.sock --no-auth restart: always + networks: + - ui-for-docker_local ports: - "127.0.0.1:64299:9000" image: "dtagdevsec/ui-for-docker:1706" diff --git a/installer/etc/tpot/compose/tpot.yml b/installer/etc/tpot/compose/tpot.yml index 39150568..522a9d17 100644 --- a/installer/etc/tpot/compose/tpot.yml +++ b/installer/etc/tpot/compose/tpot.yml @@ -1,12 +1,24 @@ # T-Pot (Standard) -# For docker-compose version ... +# For docker-compose ... version: '2' + +networks: + cowrie_local: + dionaea_local: + elasticpot_local: + ewsposter_local: + glastopf_local: + spiderfoot_local: + ui-for-docker_local: + services: # Cowrie service cowrie: container_name: cowrie restart: always + networks: + - cowrie_local ports: - "22:2222" - "23:2223" @@ -18,6 +30,8 @@ services: dionaea: container_name: dionaea restart: always + networks: + - dionaea_local cap_add: - NET_BIND_SERVICE ports: @@ -45,36 +59,77 @@ services: elasticpot: container_name: elasticpot restart: always + networks: + - elasticpot_local ports: - "9200:9200" image: "dtagdevsec/elasticpot:1706" volumes: - /data/elasticpot:/data/elasticpot -# ELK service - elk: - container_name: elk +# ELK services +## Elasticsearch service + elasticsearch: + container_name: elasticsearch restart: always - env_file: - - /etc/tpot/elk/environment + environment: + - bootstrap.memory_lock=true +# - "ES_JAVA_OPTS=-Xms1g -Xmx1g" cap_add: - IPC_LOCK ulimits: - memlock: -1 - nofile: 65536 + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 2g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1706" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + - elasticsearch ports: - "127.0.0.1:64296:5601" - - "127.0.0.1:64302:9100" - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elk:1706" + image: "dtagdevsec/kibana:1706" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + - elasticsearch + env_file: + - /etc/tpot/elk/environment + image: "dtagdevsec/logstash:1706" volumes: - /data:/data - /var/log:/data/host/log +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + - elasticsearch + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1706" + # Ewsposter service ewsposter: container_name: ewsposter restart: always + networks: + - ewsposter_local image: "dtagdevsec/ewsposter:1706" volumes: - /data:/data @@ -84,6 +139,8 @@ services: glastopf: container_name: glastopf restart: always + networks: + - glastopf_local ports: - "80:80" image: "dtagdevsec/glastopf:1706" @@ -122,6 +179,8 @@ services: spiderfoot: container_name: spiderfoot restart: always + networks: + - spiderfoot_local ports: - "127.0.0.1:64303:8080" image: "dtagdevsec/spiderfoot:1706" @@ -131,6 +190,8 @@ services: container_name: ui-for-docker command: -H unix:///var/run/docker.sock --no-auth restart: always + networks: + - ui-for-docker_local ports: - "127.0.0.1:64299:9000" image: "dtagdevsec/ui-for-docker:1706" diff --git a/installer/etc/tpot/systemd/tpot.service b/installer/etc/tpot/systemd/tpot.service index 40344551..12e159f0 100644 --- a/installer/etc/tpot/systemd/tpot.service +++ b/installer/etc/tpot/systemd/tpot.service @@ -9,10 +9,12 @@ Restart=always # Clear state from /data ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh off' -# Remove old containers and volumes +# Remove old containers, images and volumes ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml down -v ExecStartPre=/usr/bin/docker-compose -f /etc/tpot/tpot.yml rm -v ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)' +ExecStartPre=-/bin/bash -c 'docker rmi $(docker images | grep "" | awk \'{print $3}\')' +ExecStartPre=-/bin/bash -c 'docker rm -v $(docker ps -aq)' # Get IF, disable offloading, enable promiscious mode for p0f and suricata ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off' diff --git a/installer/install.sh b/installer/install.sh index 24717ac9..c14fbe40 100755 --- a/installer/install.sh +++ b/installer/install.sh @@ -409,9 +409,6 @@ dialog --title "[ Adding cronjobs ]" $myPROGRESSBOXCONF <&1>/dev/null <:/api delete --filters resource= && alerta --endpoint-url http://:/api send -e IP -r -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open - # Check if updated images are available and download them 27 1 * * * root /usr/bin/docker-compose -f /etc/tpot/tpot.yml pull @@ -430,7 +427,7 @@ mkdir -p /data/conpot/log \ /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \ /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \ /data/elasticpot/log \ - /data/elk/data /data/elk/log /data/elk/logstash/conf \ + /data/elk/data /data/elk/log \ /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \ /data/emobility/log \ /data/ews/conf \ @@ -510,7 +507,6 @@ tee /etc/tpot/elk/environment 2>&1>/dev/null < /data/elk/logstash/mylocal.ip 2>&1>/dev/null chown tpot:tpot /data/ews/conf/ews.ip 2>&1>/dev/null # Final steps