From f69455a3b01980881de07e5da04ee15e5e2498d6 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Wed, 25 Mar 2020 16:03:10 +0100 Subject: [PATCH 1/8] Add Open Telekom Cloud Terraform Deployment --- cloud/terraform/otc/clouds.yaml | 8 ++++ cloud/terraform/otc/main.tf | 67 ++++++++++++++++++++++++++++ cloud/terraform/otc/outputs.tf | 11 +++++ cloud/terraform/otc/provider.tf | 3 ++ cloud/terraform/otc/variables.tf | 76 ++++++++++++++++++++++++++++++++ cloud/terraform/otc/versions.tf | 3 ++ 6 files changed, 168 insertions(+) create mode 100644 cloud/terraform/otc/clouds.yaml create mode 100644 cloud/terraform/otc/main.tf create mode 100644 cloud/terraform/otc/outputs.tf create mode 100644 cloud/terraform/otc/provider.tf create mode 100644 cloud/terraform/otc/variables.tf create mode 100644 cloud/terraform/otc/versions.tf diff --git a/cloud/terraform/otc/clouds.yaml b/cloud/terraform/otc/clouds.yaml new file mode 100644 index 00000000..742ceb4b --- /dev/null +++ b/cloud/terraform/otc/clouds.yaml @@ -0,0 +1,8 @@ +clouds: + open-telekom-cloud: + auth: + project_name: eu-de_your_project + username: your_api_user + password: your_password + user_domain_name: OTC-EU-DE-000000000010000XXXXX + auth_url: https://iam.eu-de.otc.t-systems.com/v3 diff --git a/cloud/terraform/otc/main.tf b/cloud/terraform/otc/main.tf new file mode 100644 index 00000000..36030911 --- /dev/null +++ b/cloud/terraform/otc/main.tf @@ -0,0 +1,67 @@ +resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" { + name = var.secgroup_name + description = var.secgroup_desc +} + +resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" { + direction = "ingress" + ethertype = "IPv4" + remote_ip_prefix = "0.0.0.0/0" + security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id +} + +resource "opentelekomcloud_networking_network_v2" "network_1" { + name = var.network_name +} + +resource "opentelekomcloud_networking_subnet_v2" "subnet_1" { + name = var.subnet_name + network_id = opentelekomcloud_networking_network_v2.network_1.id + cidr = "192.168.0.0/24" + dns_nameservers = ["1.1.1.1", "8.8.8.8"] +} + +resource "opentelekomcloud_networking_router_v2" "router_1" { + name = var.router_name +} + +resource "opentelekomcloud_networking_router_interface_v2" "router_interface_1" { + router_id = opentelekomcloud_networking_router_v2.router_1.id + subnet_id = opentelekomcloud_networking_subnet_v2.subnet_1.id +} + +resource "random_id" "tpot" { + byte_length = 6 + prefix = var.ecs_prefix +} + +resource "opentelekomcloud_compute_instance_v2" "ecs_1" { + availability_zone = var.availabiliy_zone + name = random_id.tpot.b64 + flavor_name = var.flavor + key_pair = var.key_pair + security_groups = [opentelekomcloud_networking_secgroup_v2.secgroup_1.name] + user_data = templatefile("../cloud-init.yaml", {timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password}) + + network { + name = opentelekomcloud_networking_network_v2.network_1.name + } + + block_device { + uuid = var.image_id + source_type = "image" + volume_size = var.volume_size + destination_type = "volume" + delete_on_termination = "true" + } + + depends_on = [opentelekomcloud_networking_router_interface_v2.router_interface_1] +} + +resource "opentelekomcloud_networking_floatingip_v2" "floatip_1" { +} + +resource "opentelekomcloud_compute_floatingip_associate_v2" "fip_2" { + floating_ip = opentelekomcloud_networking_floatingip_v2.floatip_1.address + instance_id = opentelekomcloud_compute_instance_v2.ecs_1.id +} diff --git a/cloud/terraform/otc/outputs.tf b/cloud/terraform/otc/outputs.tf new file mode 100644 index 00000000..2ec77c27 --- /dev/null +++ b/cloud/terraform/otc/outputs.tf @@ -0,0 +1,11 @@ +output "Admin_UI" { + value = "https://${opentelekomcloud_networking_floatingip_v2.floatip_1.address}:64294" +} + +output "SSH_Access" { + value = "ssh -p 64295 linux@${opentelekomcloud_networking_floatingip_v2.floatip_1.address}" +} + +output "Web_UI" { + value = "https://${opentelekomcloud_networking_floatingip_v2.floatip_1.address}:64297" +} diff --git a/cloud/terraform/otc/provider.tf b/cloud/terraform/otc/provider.tf new file mode 100644 index 00000000..9dac3e37 --- /dev/null +++ b/cloud/terraform/otc/provider.tf @@ -0,0 +1,3 @@ +provider "opentelekomcloud" { + cloud = "open-telekom-cloud" +} diff --git a/cloud/terraform/otc/variables.tf b/cloud/terraform/otc/variables.tf new file mode 100644 index 00000000..24eca503 --- /dev/null +++ b/cloud/terraform/otc/variables.tf @@ -0,0 +1,76 @@ +# cloud-init configuration +variable "timezone" { + default = "UTC" +} + +variable "linux_password" { + #default = "LiNuXuSeRPaSs#" + description = "Set a password for the default user" +} + +# Cloud resources name configuration +variable "secgroup_name" { + default = "tpot-secgroup" +} + +variable "secgroup_desc" { + default = "T-Pot Security Group" +} + +variable "network_name" { + default = "tpot-network" +} + +variable "subnet_name" { + default = "tpot-subnet" +} + +variable "router_name" { + default = "tpot-router" +} + +variable "ecs_prefix" { + default = "tpot-" +} + +# ECS configuration +variable "availabiliy_zone" { + default = "eu-de-03" + description = "Select an availability zone" +} + +variable "flavor" { + default = "s2.medium.8" + description = "Select a compute flavor" +} + +variable "key_pair" { + #default = "" + description = "Specify your SSH key pair" +} + +variable "image_id" { + default = "d97dd29c-9318-4e4c-8d3a-7307d1513b77" + description = "Select a Debian 10 base image id" +} + +variable "volume_size" { + default = "128" + description = "Set the volume size" +} + +# These will go in the generated tpot.conf file +variable "tpot_flavor" { + default = "STANDARD" + description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN]" +} + +variable "web_user" { + default = "webuser" + description = "Set a username for the web user" +} + +variable "web_password" { + #default = "w3b$ecret" + description = "Set a password for the web user" +} diff --git a/cloud/terraform/otc/versions.tf b/cloud/terraform/otc/versions.tf new file mode 100644 index 00000000..d9b6f790 --- /dev/null +++ b/cloud/terraform/otc/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.12" +} From 3d217d1eaf21cd3395e2c6cfde3030e072784e6d Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 26 Mar 2020 18:41:05 +0100 Subject: [PATCH 2/8] Update README.md --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a8139055..74a67319 100644 --- a/README.md +++ b/README.md @@ -282,7 +282,7 @@ If you would like to contribute, you can add other cloud deployments like Chef o ### Ansible Deployment You can find an [Ansible](https://www.ansible.com/) based T-Pot deployment in the [`cloud/ansible`](cloud/ansible) folder. -The Playbook in the [`cloud/ansible/openstack`](cloud/ansible/openstack) folder is reusable for all OpenStack clouds out of the box. +The Playbook in the [`cloud/ansible/openstack`](cloud/ansible/openstack) folder is reusable for all **OpenStack** clouds out of the box. It first creates all resources (security group, network, subnet, router), deploys a new server and then installs and configures T-Pot. @@ -295,7 +295,8 @@ You can find [Terraform](https://www.terraform.io/) configuration in the [`cloud This can be used to launch a virtual machine, bootstrap any dependencies and install T-Pot in a single step. -Configuration for Amazon Web Services (AWS) is currently included and this can easily be extended to support other [Terraform providers](https://www.terraform.io/docs/providers/index.html). +Configuration for **Amazon Web Services** (AWS) and **Open Telekom Cloud** (OTC) is currently included. +This can easily be extended to support other [Terraform providers](https://www.terraform.io/docs/providers/index.html). ## First Run From 4db8f60ddfdc93746803f8c697679aefa799e342 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Fri, 27 Mar 2020 08:42:53 +0100 Subject: [PATCH 3/8] Update README.md --- cloud/ansible/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cloud/ansible/README.md b/cloud/ansible/README.md index e52da17e..15aed061 100644 --- a/cloud/ansible/README.md +++ b/cloud/ansible/README.md @@ -226,6 +226,8 @@ If you are running on a machine which asks for a sudo password, you can use: The Playbook will first install required packages on the Ansible Master and then deploy a new server instance. After that, T-Pot gets installed and configured on the newly created host, optionally custom configs are applied and finally it reboots. +Once this is done, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access). + # Further documentation - [Ansible Documentation](https://docs.ansible.com/ansible/latest/) From 6b77862e5cf33812093d1e4b3a8b85a69dcbe765 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Fri, 27 Mar 2020 08:44:57 +0100 Subject: [PATCH 4/8] Update README.md --- cloud/terraform/README.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/cloud/terraform/README.md b/cloud/terraform/README.md index 65896523..aa91c3d1 100644 --- a/cloud/terraform/README.md +++ b/cloud/terraform/README.md @@ -120,12 +120,4 @@ This will perform the following actions: ## Connecting to the Instance -### SSH - -Prior to the final reboot, you will temporarily be able to SSH to port 22 as per standard. Following the reboot, port 22 is used for the honeypot. The *real* SSH server is listening on port **64295** - -### Browser - -https://www.example.com:64297/ - -Replace with the FQDN of your EC2 instance. Refer to the [T-POT documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access) for further details. +When the installation is completed, you can proceed with connecting/logging in to the T-Pot. Refer to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access) for further details. From 78587cb85cce387796545d2d30bd2f2a33c3dac2 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Fri, 27 Mar 2020 08:45:35 +0100 Subject: [PATCH 5/8] Update README.md --- cloud/terraform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloud/terraform/README.md b/cloud/terraform/README.md index aa91c3d1..e0ef492d 100644 --- a/cloud/terraform/README.md +++ b/cloud/terraform/README.md @@ -120,4 +120,4 @@ This will perform the following actions: ## Connecting to the Instance -When the installation is completed, you can proceed with connecting/logging in to the T-Pot. Refer to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access) for further details. +When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access). From 63131b67129813c07673e632a9c8b2c2d52b2b25 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Fri, 27 Mar 2020 09:08:18 +0100 Subject: [PATCH 6/8] Update README.md --- cloud/terraform/README.md | 52 +-------------------------------------- 1 file changed, 1 insertion(+), 51 deletions(-) diff --git a/cloud/terraform/README.md b/cloud/terraform/README.md index e0ef492d..3bb6d969 100644 --- a/cloud/terraform/README.md +++ b/cloud/terraform/README.md @@ -37,15 +37,11 @@ In `aws/variables.tf`, change the following variables to correspond to your exis * `ec2_region` ### Admin Credentials - -In `tpot.conf`, change the following variables: - ``` myCONF_WEB_USER='webuser' myCONF_WEB_PW='w3b$ecret' ``` - -This will be used to configure credentials for the T-Pot Kibana interface. Refer to [Options](https://github.com/dtag-dev-sec/tpotce#options) for more information. +This will be used to configure credentials for the T-Pot Kibana interface. ## Initialising @@ -54,32 +50,6 @@ The [`terraform init`](https://www.terraform.io/docs/commands/init.html) command ``` $ cd aws $ terraform init - -Initializing the backend... - -Initializing provider plugins... -- Checking for available provider plugins... -- Downloading plugin for provider "aws" (terraform-providers/aws) 2.16.0... - -The following providers do not have any version constraints in configuration, -so the latest version was installed. - -To prevent automatic upgrades to new major versions that may contain breaking -changes, it is recommended to add version = "..." constraints to the -corresponding provider blocks in configuration, with the constraint strings -suggested below. - -* provider.aws: version = "~> 2.16" - -Terraform has been successfully initialized! - -You may now begin working with Terraform. Try running "terraform plan" to see -any changes that are required for your infrastructure. All Terraform commands -should now work. - -If you ever set or change modules or backend configuration for Terraform, -rerun this command to reinitialize your working directory. If you forget, other -commands will detect it and remind you to do so if necessary. ``` ## Applying the Configuration @@ -88,26 +58,6 @@ The [`terraform apply`](https://www.terraform.io/docs/commands/apply.html) comma ``` $ terraform apply - -An execution plan has been generated and is shown below. -Resource actions are indicated with the following symbols: - + create - -Terraform will perform the following actions: - - # aws_instance.tpot will be created - ... - - # aws_security_group.tpot will be created - ... - -Plan: 2 to add, 0 to change, 0 to destroy. - -Do you want to perform these actions? - Terraform will perform the actions described above. - Only 'yes' will be accepted to approve. - - Enter a value: ``` This will perform the following actions: From bedd13af2020dd9c15b29120b536e2e43d2b4737 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Fri, 27 Mar 2020 11:36:28 +0100 Subject: [PATCH 7/8] Update README.md --- cloud/terraform/README.md | 95 ++++++++++++++++++++++++++------------- 1 file changed, 65 insertions(+), 30 deletions(-) diff --git a/cloud/terraform/README.md b/cloud/terraform/README.md index 3bb6d969..8ce5a107 100644 --- a/cloud/terraform/README.md +++ b/cloud/terraform/README.md @@ -1,34 +1,73 @@ # T-Pot Terraform +This [Terraform](https://www.terraform.io/) configuration can be used to launch a virtual machine, bootstrap any dependencies and install T-Pot in a single step. +Configuration for Amazon Web Services (AWS) and Open Telekom Cloud (OTC) is currently included. +This can easily be extended to support other [Terraform providers](https://www.terraform.io/docs/providers/index.html). -This [Terraform](https://www.terraform.io/) configuration can be used to provision a T-Pot instance in AWS in addition to all of the necessary pre-requisites. Specifically, the following resources will be created: +[Cloud-init](https://cloudinit.readthedocs.io/en/latest/) is used to bootstrap the instance and install T-Pot on startup. +# Table of Contents +- [What get's created](#what-created) + - [Amazon Web Services (AWS)](#what-created-aws) + - [Open Telekom Cloud (OTC)](#what-created-otc) +- [Pre-Requisites](#pre) + - [Amazon Web Services (AWS)](#pre-aws) + - [Open Telekom Cloud (OTC)](#pre-otc) +- [Terraform Variables](#variables) + - [Common configuration items](#variables-common) + - [Amazon Web Services (AWS)](#variables-aws) + - [Open Telekom Cloud (OTC)](#variables-otc) +- [Initialising](#initialising) +- [Applying the Configuration](#applying) +- [Connecting to the Instance](#connecting) + + + +## What get's created + + +### Amazon Web Services (AWS) * EC2 instance: * t3.large (2 vCPU, 8 GiB RAM) * 128GB disk - * [Debian Stretch](https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch) (The T-Pot installation script will then upgrade this to Debian Sid) + * [Debian Buster](https://wiki.debian.org/Cloud/AmazonEC2Image/Buster) * AWS Security Group: * TCP/UDP ports <= 64000 open to the Internet * TCP ports 64294, 64295 and 64297 open to a chosen administrative IP -[Cloud-init](https://cloudinit.readthedocs.io/en/latest/) is used to bootstrap the instance and install T-Pot on startup. Additional provisioning using Ansible etc. is not required. - -The following resources are NOT automatically created and need to be specified in the configuration below: - -* VPC -* Subnet + +### Open Telekom Cloud (OTC) +* +* + ## Pre-Requisites - * [Terraform](https://www.terraform.io/) 0.12 + + +### Amazon Web Services (AWS) * AWS Account - * Existing VPC. VPC ID should be specified in configuration below - * Existing subnet. Subnet ID should be specified in configuration below + * Existing VPC: VPC ID needs to be specified in `aws/variables.tf` + * Existing subnet: Subnet ID needs to be specified in `aws/variables.tf` * AWS Authentication credentials should be [set using environment variables](https://www.terraform.io/docs/providers/aws/index.html#environment-variables) -## Required Configuration Changes + +### Open Telekom Cloud (OTC) +* +* -### Terraform Variables + +## Terraform Variables + +### Common configuration items +These variables exist in `aws/variables.tf` and `otc/variables.tf` respectively: +* +* +* +This will be used to configure credentials for the T-Pot Kibana interface. + + +### Amazon Web Services (AWS) In `aws/variables.tf`, change the following variables to correspond to your existing EC2 infrastructure: * `admin_ip` - source IP address(es) that you will use to administer the system. Connections to TCP ports 64294, 64295 and 64297 will be allowed from this IP only. Multiple IPs or CIDR blocks can be specified in the format: `["127.0.0.1/32", "192.168.0.0/24"]` @@ -36,38 +75,34 @@ In `aws/variables.tf`, change the following variables to correspond to your exis * `ec2_subnet_id` * `ec2_region` -### Admin Credentials -``` -myCONF_WEB_USER='webuser' -myCONF_WEB_PW='w3b$ecret' -``` -This will be used to configure credentials for the T-Pot Kibana interface. + +### Open Telekom Cloud (OTC) +* +* + ## Initialising - The [`terraform init`](https://www.terraform.io/docs/commands/init.html) command is used to initialize a working directory containing Terraform configuration files. ``` $ cd aws $ terraform init ``` +OR +``` +$ cd otc +$ terraform init +``` + ## Applying the Configuration - The [`terraform apply`](https://www.terraform.io/docs/commands/apply.html) command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a [`terraform plan`](https://www.terraform.io/docs/commands/plan.html) execution plan. ``` $ terraform apply ``` +This will create your infrastructure and start a Cloud Server. On startup, the Server gets bootstrapped with cloud-init and will install T-Pot. Once this is done, the server will reboot. -This will perform the following actions: - -1. Create EC2 security group -2. Start a Debian EC2 instance -3. Update all packages and reboot if necessary -4. Install T-Pot and required dependencies -5. Reboot - + ## Connecting to the Instance - When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access). From bde3d5df29d4f56a1c9e1ff7e192fd6b2b6cf31d Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Fri, 27 Mar 2020 17:00:26 +0100 Subject: [PATCH 8/8] Update README.md --- cloud/terraform/README.md | 59 ++++++++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 20 deletions(-) diff --git a/cloud/terraform/README.md b/cloud/terraform/README.md index 8ce5a107..9ee86cea 100644 --- a/cloud/terraform/README.md +++ b/cloud/terraform/README.md @@ -20,24 +20,29 @@ This can easily be extended to support other [Terraform providers](https://www.t - [Applying the Configuration](#applying) - [Connecting to the Instance](#connecting) - ## What get's created ### Amazon Web Services (AWS) * EC2 instance: - * t3.large (2 vCPU, 8 GiB RAM) - * 128GB disk - * [Debian Buster](https://wiki.debian.org/Cloud/AmazonEC2Image/Buster) -* AWS Security Group: + * t3.large (2 vCPUs, 8 GB RAM) + * 128 GB disk + * Debian 10 + * Public IP +* Security Group: * TCP/UDP ports <= 64000 open to the Internet * TCP ports 64294, 64295 and 64297 open to a chosen administrative IP ### Open Telekom Cloud (OTC) -* -* +* ECS instance: + * s2.medium.8 (1 vCPU, 8 GB RAM) + * 128 GB disk + * Debian 10 + * Public EIP +* Security Group +* Network, Subnet, Router (= Virtual Private Cloud [VPC]) ## Pre-Requisites @@ -48,37 +53,49 @@ This can easily be extended to support other [Terraform providers](https://www.t * AWS Account * Existing VPC: VPC ID needs to be specified in `aws/variables.tf` * Existing subnet: Subnet ID needs to be specified in `aws/variables.tf` + * Existing SSH key pair: Key name needs to be specified in `aws/variables.tf` * AWS Authentication credentials should be [set using environment variables](https://www.terraform.io/docs/providers/aws/index.html#environment-variables) ### Open Telekom Cloud (OTC) -* -* +* OTC Account + * Existing SSH key pair: Key name needs to be specified in `otc/variables.tf` +* OTC Authentication credentials (Username, Password, Project Name, User Domain Name) can be set in the `otc/clouds.yaml` file ## Terraform Variables ### Common configuration items -These variables exist in `aws/variables.tf` and `otc/variables.tf` respectively: -* -* -* -This will be used to configure credentials for the T-Pot Kibana interface. +These variables exist in `aws/variables.tf` and `otc/variables.tf` respectively. +Settings for cloud-init: +* `timezone` - Set the Server's timezone +* `linux_password`- Set a password for the Linux Operating System user (which is also used on the Admin UI) + +Settings for T-Pot: +* `tpot_flavor` - Set the flavor of the T-Pot (Available flavors are listed in the variable's description) +* `web_user` - Set a username for the T-Pot Kibana Dasboard +* `web_password` - Set a password for the T-Pot Kibana Dashboard ### Amazon Web Services (AWS) -In `aws/variables.tf`, change the following variables to correspond to your existing EC2 infrastructure: - +In `aws/variables.tf`, you can change the additional variables: * `admin_ip` - source IP address(es) that you will use to administer the system. Connections to TCP ports 64294, 64295 and 64297 will be allowed from this IP only. Multiple IPs or CIDR blocks can be specified in the format: `["127.0.0.1/32", "192.168.0.0/24"]` -* `ec2_vpc_id` -* `ec2_subnet_id` +* `ec2_vpc_id` - Specify an existing VPC ID +* `ec2_subnet_id` - Specify an existing Subnet ID * `ec2_region` +* `ec2_ssh_key_name` - Specify an existing SSH key pair +* `ec2_instance_type` ### Open Telekom Cloud (OTC) -* -* +In `otc/variables.tf`, you can change the additional variables: +* `availabiliy_zone` +* `flavor` +* `key_pair` - Specify an existing SSH key pair +* `image_id` +* `volume_size` +Furthermore you can configure the naming of the created infrastructure (per default everything gets prefixed with "tpot-", e.g. "tpot-router"). ## Initialising @@ -103,6 +120,8 @@ $ terraform apply ``` This will create your infrastructure and start a Cloud Server. On startup, the Server gets bootstrapped with cloud-init and will install T-Pot. Once this is done, the server will reboot. +If you want the remove the built infrastructure, you can run [`terraform destroy`](https://www.terraform.io/docs/commands/destroy.html) to delete it. + ## Connecting to the Instance When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access).