Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-19 21:52:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #602 from shaderecker/terraform-otc

Browse source 
Terraform OTC
This commit is contained in:
Marco Ochse 2020-03-27 17:38:46 +01:00 committed by GitHub
commit be1a90524a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 263 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -282,7 +282,7 @@ If you would like to contribute, you can add other cloud deployments like Chef o
<a name="ansible"></a>
### Ansible Deployment
You can find an [Ansible](https://www.ansible.com/) based T-Pot deployment in the [`cloud/ansible`](cloud/ansible) folder.
The Playbook in the [`cloud/ansible/openstack`](cloud/ansible/openstack) folder is reusable for all OpenStack clouds out of the box.
The Playbook in the [`cloud/ansible/openstack`](cloud/ansible/openstack) folder is reusable for all **OpenStack** clouds out of the box.
It first creates all resources (security group, network, subnet, router), deploys a new server and then installs and configures T-Pot.
@ -295,7 +295,8 @@ You can find [Terraform](https://www.terraform.io/) configuration in the [`cloud
This can be used to launch a virtual machine, bootstrap any dependencies and install T-Pot in a single step.
Configuration for Amazon Web Services (AWS) is currently included and this can easily be extended to support other [Terraform providers](https://www.terraform.io/docs/providers/index.html).
Configuration for **Amazon Web Services** (AWS) and **Open Telekom Cloud** (OTC) is currently included.
This can easily be extended to support other [Terraform providers](https://www.terraform.io/docs/providers/index.html).
<a name="firstrun"></a>
## First Run

2
cloud/ansible/README.md
View file

@ -226,6 +226,8 @@ If you are running on a machine which asks for a sudo password, you can use:
The Playbook will first install required packages on the Ansible Master and then deploy a new server instance.
After that, T-Pot gets installed and configured on the newly created host, optionally custom configs are applied and finally it reboots.
Once this is done, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access).
<a name="documentation"></a>
# Further documentation
- [Ansible Documentation](https://docs.ansible.com/ansible/latest/)

184
cloud/terraform/README.md
View file

@ -1,131 +1,127 @@
# T-Pot Terraform
This [Terraform](https://www.terraform.io/) configuration can be used to launch a virtual machine, bootstrap any dependencies and install T-Pot in a single step.
Configuration for Amazon Web Services (AWS) and Open Telekom Cloud (OTC) is currently included.
This can easily be extended to support other [Terraform providers](https://www.terraform.io/docs/providers/index.html).
This [Terraform](https://www.terraform.io/) configuration can be used to provision a T-Pot instance in AWS in addition to all of the necessary pre-requisites. Specifically, the following resources will be created:
[Cloud-init](https://cloudinit.readthedocs.io/en/latest/) is used to bootstrap the instance and install T-Pot on startup.
# Table of Contents
- [What get's created](#what-created)
- [Amazon Web Services (AWS)](#what-created-aws)
- [Open Telekom Cloud (OTC)](#what-created-otc)
- [Pre-Requisites](#pre)
- [Amazon Web Services (AWS)](#pre-aws)
- [Open Telekom Cloud (OTC)](#pre-otc)
- [Terraform Variables](#variables)
- [Common configuration items](#variables-common)
- [Amazon Web Services (AWS)](#variables-aws)
- [Open Telekom Cloud (OTC)](#variables-otc)
- [Initialising](#initialising)
- [Applying the Configuration](#applying)
- [Connecting to the Instance](#connecting)
<a name="what-created"></a>
## What get's created
<a name="what-created-aws"></a>
### Amazon Web Services (AWS)
* EC2 instance:
* t3.large (2 vCPU, 8 GiB RAM)
* 128GB disk
* [Debian Stretch](https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch) (The T-Pot installation script will then upgrade this to Debian Sid)
* AWS Security Group:
* t3.large (2 vCPUs, 8 GB RAM)
* 128 GB disk
* Debian 10
* Public IP
* Security Group:
* TCP/UDP ports <= 64000 open to the Internet
* TCP ports 64294, 64295 and 64297 open to a chosen administrative IP
[Cloud-init](https://cloudinit.readthedocs.io/en/latest/) is used to bootstrap the instance and install T-Pot on startup. Additional provisioning using Ansible etc. is not required.
The following resources are NOT automatically created and need to be specified in the configuration below:
* VPC
* Subnet
<a name="what-created-otc"></a>
### Open Telekom Cloud (OTC)
* ECS instance:
* s2.medium.8 (1 vCPU, 8 GB RAM)
* 128 GB disk
* Debian 10
* Public EIP
* Security Group
* Network, Subnet, Router (= Virtual Private Cloud [VPC])
<a name="pre"></a>
## Pre-Requisites
* [Terraform](https://www.terraform.io/) 0.12
<a name="pre-aws"></a>
### Amazon Web Services (AWS)
* AWS Account
* Existing VPC. VPC ID should be specified in configuration below
* Existing subnet. Subnet ID should be specified in configuration below
* Existing VPC: VPC ID needs to be specified in `aws/variables.tf`
* Existing subnet: Subnet ID needs to be specified in `aws/variables.tf`
* Existing SSH key pair: Key name needs to be specified in `aws/variables.tf`
* AWS Authentication credentials should be [set using environment variables](https://www.terraform.io/docs/providers/aws/index.html#environment-variables)
## Required Configuration Changes
<a name="pre-otc"></a>
### Open Telekom Cloud (OTC)
* OTC Account
* Existing SSH key pair: Key name needs to be specified in `otc/variables.tf`
* OTC Authentication credentials (Username, Password, Project Name, User Domain Name) can be set in the `otc/clouds.yaml` file
### Terraform Variables
<a name="variables"></a>
## Terraform Variables
In `aws/variables.tf`, change the following variables to correspond to your existing EC2 infrastructure:
<a name="variables-common"></a>
### Common configuration items
These variables exist in `aws/variables.tf` and `otc/variables.tf` respectively.
Settings for cloud-init:
* `timezone` - Set the Server's timezone
* `linux_password`- Set a password for the Linux Operating System user (which is also used on the Admin UI)
Settings for T-Pot:
* `tpot_flavor` - Set the flavor of the T-Pot (Available flavors are listed in the variable's description)
* `web_user` - Set a username for the T-Pot Kibana Dasboard
* `web_password` - Set a password for the T-Pot Kibana Dashboard
<a name="variables-aws"></a>
### Amazon Web Services (AWS)
In `aws/variables.tf`, you can change the additional variables:
* `admin_ip` - source IP address(es) that you will use to administer the system. Connections to TCP ports 64294, 64295 and 64297 will be allowed from this IP only. Multiple IPs or CIDR blocks can be specified in the format: `["127.0.0.1/32", "192.168.0.0/24"]`
* `ec2_vpc_id`
* `ec2_subnet_id`
* `ec2_vpc_id` - Specify an existing VPC ID
* `ec2_subnet_id` - Specify an existing Subnet ID
* `ec2_region`
* `ec2_ssh_key_name` - Specify an existing SSH key pair
* `ec2_instance_type`
### Admin Credentials
In `tpot.conf`, change the following variables:
```
myCONF_WEB_USER='webuser'
myCONF_WEB_PW='w3b$ecret'
```
This will be used to configure credentials for the T-Pot Kibana interface. Refer to [Options](https://github.com/dtag-dev-sec/tpotce#options) for more information.
<a name="variables-otc"></a>
### Open Telekom Cloud (OTC)
In `otc/variables.tf`, you can change the additional variables:
* `availabiliy_zone`
* `flavor`
* `key_pair` - Specify an existing SSH key pair
* `image_id`
* `volume_size`
Furthermore you can configure the naming of the created infrastructure (per default everything gets prefixed with "tpot-", e.g. "tpot-router").
<a name="initialising"></a>
## Initialising
The [`terraform init`](https://www.terraform.io/docs/commands/init.html) command is used to initialize a working directory containing Terraform configuration files.
```
$ cd aws
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "aws" (terraform-providers/aws) 2.16.0...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.aws: version = "~> 2.16"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
```
OR
```
$ cd otc
$ terraform init
```
<a name="applying"></a>
## Applying the Configuration
The [`terraform apply`](https://www.terraform.io/docs/commands/apply.html) command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a [`terraform plan`](https://www.terraform.io/docs/commands/plan.html) execution plan.
```
$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.tpot will be created
...
# aws_security_group.tpot will be created
...
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
```
This will create your infrastructure and start a Cloud Server. On startup, the Server gets bootstrapped with cloud-init and will install T-Pot. Once this is done, the server will reboot.
This will perform the following actions:
1. Create EC2 security group
2. Start a Debian EC2 instance
3. Update all packages and reboot if necessary
4. Install T-Pot and required dependencies
5. Reboot
If you want the remove the built infrastructure, you can run [`terraform destroy`](https://www.terraform.io/docs/commands/destroy.html) to delete it.
<a name="connecting"></a>
## Connecting to the Instance
### SSH
Prior to the final reboot, you will temporarily be able to SSH to port 22 as per standard. Following the reboot, port 22 is used for the honeypot. The *real* SSH server is listening on port **64295**
### Browser
https://www.example.com:64297/
Replace with the FQDN of your EC2 instance. Refer to the [T-POT documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access) for further details.
When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access).

8
cloud/terraform/otc/clouds.yaml Normal file
View file

@ -0,0 +1,8 @@
clouds:
open-telekom-cloud:
auth:
project_name: eu-de_your_project
username: your_api_user
password: your_password
user_domain_name: OTC-EU-DE-000000000010000XXXXX
auth_url: https://iam.eu-de.otc.t-systems.com/v3

67
cloud/terraform/otc/main.tf Normal file
View file

@ -0,0 +1,67 @@
resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
name = var.secgroup_name
description = var.secgroup_desc
}
resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
direction = "ingress"
ethertype = "IPv4"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
}
resource "opentelekomcloud_networking_network_v2" "network_1" {
name = var.network_name
}
resource "opentelekomcloud_networking_subnet_v2" "subnet_1" {
name = var.subnet_name
network_id = opentelekomcloud_networking_network_v2.network_1.id
cidr = "192.168.0.0/24"
dns_nameservers = ["1.1.1.1", "8.8.8.8"]
}
resource "opentelekomcloud_networking_router_v2" "router_1" {
name = var.router_name
}
resource "opentelekomcloud_networking_router_interface_v2" "router_interface_1" {
router_id = opentelekomcloud_networking_router_v2.router_1.id
subnet_id = opentelekomcloud_networking_subnet_v2.subnet_1.id
}
resource "random_id" "tpot" {
byte_length = 6
prefix = var.ecs_prefix
}
resource "opentelekomcloud_compute_instance_v2" "ecs_1" {
availability_zone = var.availabiliy_zone
name = random_id.tpot.b64
flavor_name = var.flavor
key_pair = var.key_pair
security_groups = [opentelekomcloud_networking_secgroup_v2.secgroup_1.name]
user_data = templatefile("../cloud-init.yaml", {timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password})
network {
name = opentelekomcloud_networking_network_v2.network_1.name
}
block_device {
uuid = var.image_id
source_type = "image"
volume_size = var.volume_size
destination_type = "volume"
delete_on_termination = "true"
}
depends_on = [opentelekomcloud_networking_router_interface_v2.router_interface_1]
}
resource "opentelekomcloud_networking_floatingip_v2" "floatip_1" {
}
resource "opentelekomcloud_compute_floatingip_associate_v2" "fip_2" {
floating_ip = opentelekomcloud_networking_floatingip_v2.floatip_1.address
instance_id = opentelekomcloud_compute_instance_v2.ecs_1.id
}

11
cloud/terraform/otc/outputs.tf Normal file
View file

@ -0,0 +1,11 @@
output "Admin_UI" {
value = "https://${opentelekomcloud_networking_floatingip_v2.floatip_1.address}:64294"
}
output "SSH_Access" {
value = "ssh -p 64295 linux@${opentelekomcloud_networking_floatingip_v2.floatip_1.address}"
}
output "Web_UI" {
value = "https://${opentelekomcloud_networking_floatingip_v2.floatip_1.address}:64297"
}

3
cloud/terraform/otc/provider.tf Normal file
View file

@ -0,0 +1,3 @@
provider "opentelekomcloud" {
cloud = "open-telekom-cloud"
}

76
cloud/terraform/otc/variables.tf Normal file
View file

@ -0,0 +1,76 @@
# cloud-init configuration
variable "timezone" {
default = "UTC"
}
variable "linux_password" {
#default = "LiNuXuSeRPaSs#"
description = "Set a password for the default user"
}
# Cloud resources name configuration
variable "secgroup_name" {
default = "tpot-secgroup"
}
variable "secgroup_desc" {
default = "T-Pot Security Group"
}
variable "network_name" {
default = "tpot-network"
}
variable "subnet_name" {
default = "tpot-subnet"
}
variable "router_name" {
default = "tpot-router"
}
variable "ecs_prefix" {
default = "tpot-"
}
# ECS configuration
variable "availabiliy_zone" {
default = "eu-de-03"
description = "Select an availability zone"
}
variable "flavor" {
default = "s2.medium.8"
description = "Select a compute flavor"
}
variable "key_pair" {
#default = ""
description = "Specify your SSH key pair"
}
variable "image_id" {
default = "d97dd29c-9318-4e4c-8d3a-7307d1513b77"
description = "Select a Debian 10 base image id"
}
variable "volume_size" {
default = "128"
description = "Set the volume size"
}
# These will go in the generated tpot.conf file
variable "tpot_flavor" {
default = "STANDARD"
description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN]"
}
variable "web_user" {
default = "webuser"
description = "Set a username for the web user"
}
variable "web_password" {
#default = "w3b$ecret"
description = "Set a password for the web user"
}

3
cloud/terraform/otc/versions.tf Normal file
View file

@ -0,0 +1,3 @@
terraform {
required_version = ">= 0.12"
}