Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 12:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update installer

Browse source
This commit is contained in:
t3chn0m4g3 2015-01-28 17:08:34 +01:00
parent 4e8ae8907f
commit bd4e58dca7
11 changed files with 147 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
installer/bin/check.sh
View file

@ -4,38 +4,57 @@
# T-Pot Community Edition # # T-Pot Community Edition #
# Check container and services script # # Check container and services script #
# # # #
# v0.10 by mo, DTAG, 2015-01-27 # # v0.11 by mo, DTAG, 2015-01-28 #
######################################################## ########################################################
if [ -f /var/run/check.lock ]; if [ -f /var/run/check.lock ];
then exit then exit
fi fi
myIMAGES=$(cat /data/images.conf)
touch /var/run/check.lock touch /var/run/check.lock
myUPTIME=$(awk '{print int($1/60)}' /proc/uptime) myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
for i in dionaea elk ews glastopf honeytrap kippo suricata for i in $myIMAGES
do do
myCIDSTATUS=$(docker exec -i $i supervisorctl status) myCIDSTATUS=$(docker exec -i $i supervisorctl status)
if [ $? -ne 0 ]; then if [ $? -ne 0 ];
myCIDSTATUS=1 then
else myCIDSTATUS=1
myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)") else
fi myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)")
if [ $myCIDSTATUS -gt 0 ]; then fi
if [ $myUPTIME -gt 5 ]; then if [ $myCIDSTATUS -gt 0 ];
service docker stop then
docker rm $(docker ps -aq) if [ $myUPTIME -gt 5 ];
service docker start then
for j in dionaea glastopf honeytrap kippo suricata ews elk for j in $myIMAGES
do do
sleep 10 service $j stop
service $j start done
done service docker restart
rm /var/run/check.lock while true
exit 0 do
fi docker info > /dev/null
fi if [ $? -ne 0 ];
then
echo Docker daemon is still starting.
else
echo Docker daemon is now available.
break
fi
sleep 0.1
done
docker rm $(docker ps -aq)
for j in $myIMAGES
do
service $j start
sleep $(((RANDOM %5)+5))
done
rm /var/run/check.lock
exit
fi
fi
done done
rm /var/run/check.lock rm /var/run/check.lock

47
installer/bin/dcres.sh Executable file
View file

@ -0,0 +1,47 @@
#!/bin/bash
########################################################
# T-Pot Community Edition #
# Container and services restart script #
# #
# v0.10 by mo, DTAG, 2015-01-28 #
########################################################
if [ -f /var/run/check.lock ];
then exit
fi
myIMAGES=$(cat /data/images.conf)
touch /var/run/check.lock
myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
if [ $myUPTIME -gt 5 ];
then
for i in $myIMAGES
do
service $i stop
done
service docker restart
while true
do
docker info > /dev/null
if [ $? -ne 0 ];
then
echo Docker daemon is still starting.
else
echo Docker daemon is now available.
break
fi
sleep 0.1
done
docker rm $(docker ps -aq)
for i in $myIMAGES
do
service $i start
sleep $(((RANDOM %5)+5))
done
fi
rm /var/run/check.lock

9
installer/bin/status.sh
View file

@ -7,6 +7,7 @@
# v0.10 by mo, DTAG, 2015-01-27 # # v0.10 by mo, DTAG, 2015-01-27 #
######################################################## ########################################################
myCOUNT=1 myCOUNT=1
myIMAGES=$(cat /data/images.conf)
while true while true
do do
if ! [ -f /var/run/check.lock ]; if ! [ -f /var/run/check.lock ];
@ -18,6 +19,12 @@ do
echo -n "Waiting for services " echo -n "Waiting for services "
else echo -n . else echo -n .
fi fi
if [ $myCOUNT = 300 ];
then
echo
echo "Services are busy or not available. Please retry later."
exit 1
fi
myCOUNT=$[$myCOUNT +1] myCOUNT=$[$myCOUNT +1]
done done
echo echo
@ -25,7 +32,7 @@ echo
echo "****************** $(date) ******************" echo "****************** $(date) ******************"
echo echo
echo echo
for i in dionaea elk ews glastopf honeytrap kippo suricata for i in $myIMAGES
do do
echo "======| Container:" $i "|======" echo "======| Container:" $i "|======"
docker exec -i $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$" docker exec -i $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$"

7
installer/data/images.conf Normal file
View file

@ -0,0 +1,7 @@
dionaea
glastopf
honeytrap
kippo
suricata
ews
elk

13
installer/etc/rc.local Executable file
View file

@ -0,0 +1,13 @@
#!/bin/sh -e
# Let's add the first local ip to the /etc/issue and ews.ip file
myIP=$(hostname -I | awk '{ print $1 }')
sed -i "s#IP:.*#IP: $myIP#" /etc/issue
tee /data/ews/conf/ews.ip << EOF
[MAIN]
ip = $myIP
EOF
if [ -f /var/run/check.lock ];
then rm /var/run/check.lock
fi
setupcon
exit 0

4
installer/install1.sh
View file

@ -4,7 +4,7 @@
# and consoleblank permanently # # and consoleblank permanently #
# Ubuntu server 14.04.1, x64 # # Ubuntu server 14.04.1, x64 #
# # # #
# v0.10 by mo, DTAG, 2015-01-20 # # v0.11 by mo, DTAG, 2015-01-28 #
############################################################# #############################################################
# Let's replace "quiet splash" options and update grub # Let's replace "quiet splash" options and update grub
@ -15,4 +15,4 @@ sed -i 's#FONTFACE="VGA"#FONTFACE="Terminus"#' /etc/default/console-setup
sed -i 's#FONTSIZE="16"#FONTSIZE="12x6"#' /etc/default/console-setup sed -i 's#FONTSIZE="16"#FONTSIZE="12x6"#' /etc/default/console-setup
# Let's move the install script to rc.local and reboot # Let's move the install script to rc.local and reboot
mv /root/install.sh /etc/rc.local && sleep 2 && reboot mv /root/tpotce/install2.sh /etc/rc.local && sleep 2 && reboot

43
installer/install2.sh
View file

@ -3,7 +3,7 @@
# T-Pot Community Edition post install script # # T-Pot Community Edition post install script #
# Ubuntu server 14.04, x64 # # Ubuntu server 14.04, x64 #
# # # #
# v0.30 by mo, DTAG, 2015-01-27 # # v0.40 by mo, DTAG, 2015-01-28 #
######################################################## ########################################################
# Let's make sure there is a warning if running for a second time # Let's make sure there is a warning if running for a second time
@ -59,9 +59,6 @@ mkdir -p /data/ews/log /data/ews/conf /data/elk/data /data/elk/log
chmod 760 -R /data chmod 760 -R /data
chown tpot:tpot -R /data chown tpot:tpot -R /data
chmod 700 /home/tsec/*.sh
chown tsec:tsec /home/tsec/*.sh
# Let's set the hostname # Let's set the hostname
fuECHO "### Setting a new hostname." fuECHO "### Setting a new hostname."
myHOST=ce$(date +%s)$RANDOM myHOST=ce$(date +%s)$RANDOM
@ -84,7 +81,7 @@ EOF
# Let's load docker images from remote # Let's load docker images from remote
fuECHO "### Downloading docker images from DockerHub. Please be patient, this may take a while." fuECHO "### Downloading docker images from DockerHub. Please be patient, this may take a while."
for name in dionaea elk ews glastopf honeytrap kippo suricata for name in $(cat /root/tpotce/data/images.conf)
do do
docker pull dtagdevsec/$name docker pull dtagdevsec/$name
done done
@ -102,29 +99,31 @@ fuECHO "### Adding cronjobs."
tee -a /etc/crontab <<EOF tee -a /etc/crontab <<EOF
# Show running containers every 60s via /dev/tty2 # Show running containers every 60s via /dev/tty2
*/2 * * * * root /usr/bin/status.sh 2 > /dev/tty2 */1 * * * * root /usr/bin/status.sh > /dev/tty2
# Check if containers and services are up # Check if containers and services are up
*/5 * * * * root /usr/bin/check.sh */5 * * * * root /usr/bin/check.sh
# Restart docker service and containers
7 3 * * * root /usr/bin/dcres.sh
EOF EOF
# Let's update rc.local # Let's take care of some files and permissions
fuECHO "### Updating rc.local." chmod 500 /root/tpotce/bin/*
tee /etc/rc.local.new <<EOF chmod 600 /root/tpotce/data/*
#!/bin/sh -e chmod 644 /root/tpotce/etc/issue
# Let's add the first local ip to the /etc/issue file chmod 755 /root/tpotce/etc/rc.local
sed -i "s#IP:.*#IP: \$(hostname -I | awk '{ print \$1 }')#" /etc/issue chmod 700 /root/tpotce/home/*
if [ -f /var/run/check.lock ]; chown tsec:tsec /root/tpotce/home/*
then rm /var/run/check.lock chmod 644 /root/tpotce/upstart/*
fi
setupcon
exit 0
EOF
chmod +x /etc/rc.local.new # Let's move some files
mv /root/tpotce/bin/* /usr/bin/
mv /root/tpotce/data/* /data/
mv /root/tpotce/etc/issue /etc/
mv /root/tpotce/home/* /home/tsec/
mv /root/tpotce/upstart/* /etc/init/
# Final steps # Final steps
fuECHO "### Thanks for your patience. Now rebooting." fuECHO "### Thanks for your patience. Now rebooting."
mv /root/upstart/*.conf /etc/init/ mv /root/tpotce/etc/rc.local /etc/rc.local && rm -rf /root/tpotce/ && chage -d 0 tsec && sleep 2 && reboot
rm -rf /root/upstart/
mv /etc/rc.local.new /etc/rc.local && chage -d 0 tsec && sleep 2 && reboot

4
installer/upstart/elk.conf
View file

@ -2,12 +2,12 @@
# T-Pot Community Edition # # T-Pot Community Edition #
# ELK upstart script # # ELK upstart script #
# # # #
# v0.50 by mo, DTAG, 2015-01-27 # # v0.51 by mo, DTAG, 2015-01-28 #
######################################################## ########################################################
description "ELK" description "ELK"
author "mo" author "mo"
start on started docker and filesystem start on started docker and filesystem and started ews and started dionaea and started glastopf and started honeytrap and started kippo and started suricata
stop on runlevel [!2345] stop on runlevel [!2345]
respawn respawn
pre-start script pre-start script

4
installer/upstart/ews.conf
View file

@ -2,12 +2,12 @@
# T-Pot Community Edition # # T-Pot Community Edition #
# EWS upstart script # # EWS upstart script #
# # # #
# v0.50 by mo, DTAG, 2015-01-27 # # v0.51 by mo, DTAG, 2015-01-28 #
######################################################## ########################################################
description "EWS" description "EWS"
author "mo" author "mo"
start on started docker and filesystem start on started docker and filesystem and started dionaea and started glastopf and started honeytrap and started kippo
stop on runlevel [!2345] stop on runlevel [!2345]
respawn respawn
pre-start script pre-start script

2
makeiso.sh
View file

@ -48,7 +48,7 @@ losetup -d /dev/loop0
# Let's add the files for the automated install # Let's add the files for the automated install
fuECHO "### Adding the automated install files." fuECHO "### Adding the automated install files."
mkdir -p $myTPOTCEDIR/tpotce mkdir -p $myTPOTCEDIR/tpotce
cp installer/* -r $myTPOTCEDIR/tpotce/ cp installer/* -R $myTPOTCEDIR/tpotce/
cp isolinux/* $myTPOTCEDIR/isolinux/ cp isolinux/* $myTPOTCEDIR/isolinux/
cp kickstart/* $myTPOTCEDIR/tpotce/ cp kickstart/* $myTPOTCEDIR/tpotce/
cp preseed/* $myTPOTCEDIR/tpotce/ cp preseed/* $myTPOTCEDIR/tpotce/

6
preseed/tpotce.seed
View file

@ -36,11 +36,7 @@ d-i pkgsel/update-policy select unattended-upgrades
# Post install # Post install
d-i preseed/late_command string \ d-i preseed/late_command string \
cp /cdrom/tpotce/install1.sh /target/etc/rc.local; \ cp /cdrom/tpotce/install1.sh /target/etc/rc.local; \
cp /cdrom/tpotce/install2.sh /target/root/install.sh; \ cp -r /cdrom/tpotce/ /target/root/
cp /cdrom/tpotce/bin/*.sh /target/usr/bin/; \
cp /cdrom/tpotce/etc/issue /target/etc/; \
cp /cdrom/tpotce/home/*.sh /target/home/tsec/; \
cp -r /cdrom/tpotce/upstart/ /target/root/
# Reboot # Reboot
d-i finish-install/reboot_in_progress note d-i finish-install/reboot_in_progress note