mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-19 21:52:27 +00:00
adjust group and permissions for /data
This commit is contained in:
listbot
parent
ce89e44474
commit
c09547e3a4
6 changed files with 36 additions and 26 deletions
|
|
@ -1,5 +1,9 @@
|
|||
# Changelog
|
||||
|
||||
## 20190508
|
||||
- **Add tsec / install user to tpot group**
|
||||
- For users being able to easily download logs from the /data folder the installer now adds the `tpot` or the logged in user (`who am i`) via `usermod -a -G tpot <user>` to the tpot group. Also /data permissions will now be enforced to `770`, which is necessary for directory listings.
|
||||
|
||||
## 20190502
|
||||
- **Fix KVPs**
|
||||
- Some KVPs for Cowrie changed and the tagcloud was not showing any values in the Cowrie dashboard.
|
||||
|
|
|
|||
44
bin/clean.sh
44
bin/clean.sh
|
|
@ -37,7 +37,7 @@ fuLOGROTATE () {
|
|||
local myTANNERFTGZ="/data/tanner/files.tgz"
|
||||
|
||||
# Ensure correct permissions and ownerships for logrotate to run without issues
|
||||
chmod 760 /data/ -R
|
||||
chmod 770 /data/ -R
|
||||
chown tpot:tpot /data -R
|
||||
chmod 644 /data/nginx/conf -R
|
||||
chmod 644 /data/nginx/cert -R
|
||||
|
|
@ -56,7 +56,7 @@ if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar cvfz $myHONEYTRAPDLTGZ $myHO
|
|||
if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar cvfz $myTANNERFTGZ $myTANNERF; fi
|
||||
|
||||
# Ensure correct permissions and ownership for previously created archives
|
||||
chmod 760 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
|
||||
chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
|
||||
chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
|
||||
|
||||
# Need to remove subfolders since too many files cause rm to exit with errors
|
||||
|
|
@ -64,7 +64,7 @@ rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $my
|
|||
|
||||
# Recreate subfolders with correct permissions and ownership
|
||||
mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
chmod 760 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
|
||||
|
||||
# Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
|
||||
|
|
@ -75,7 +75,7 @@ logrotate -s $mySTATUS $myCONF
|
|||
fuADBHONEY () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/adbhoney/*; fi
|
||||
mkdir -p /data/adbhoney/log/ /data/adbhoney/downloads/
|
||||
chmod 760 /data/adbhoney/ -R
|
||||
chmod 770 /data/adbhoney/ -R
|
||||
chown tpot:tpot /data/adbhoney/ -R
|
||||
}
|
||||
|
||||
|
|
@ -83,7 +83,7 @@ fuADBHONEY () {
|
|||
fuCISCOASA () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ciscoasa/*; fi
|
||||
mkdir -p /data/ciscoasa/log
|
||||
chmod 760 /data/ciscoasa -R
|
||||
chmod 770 /data/ciscoasa -R
|
||||
chown tpot:tpot /data/ciscoasa -R
|
||||
}
|
||||
|
||||
|
|
@ -91,7 +91,7 @@ fuCISCOASA () {
|
|||
fuCONPOT () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi
|
||||
mkdir -p /data/conpot/log
|
||||
chmod 760 /data/conpot -R
|
||||
chmod 770 /data/conpot -R
|
||||
chown tpot:tpot /data/conpot -R
|
||||
}
|
||||
|
||||
|
|
@ -99,7 +99,7 @@ fuCONPOT () {
|
|||
fuCOWRIE () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/cowrie/*; fi
|
||||
mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/
|
||||
chmod 760 /data/cowrie -R
|
||||
chmod 770 /data/cowrie -R
|
||||
chown tpot:tpot /data/cowrie -R
|
||||
}
|
||||
|
||||
|
|
@ -107,7 +107,7 @@ fuCOWRIE () {
|
|||
fuDIONAEA () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dionaea/*; fi
|
||||
mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp
|
||||
chmod 760 /data/dionaea -R
|
||||
chmod 770 /data/dionaea -R
|
||||
chown tpot:tpot /data/dionaea -R
|
||||
}
|
||||
|
||||
|
|
@ -115,7 +115,7 @@ fuDIONAEA () {
|
|||
fuELASTICPOT () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elasticpot/*; fi
|
||||
mkdir -p /data/elasticpot/log
|
||||
chmod 760 /data/elasticpot -R
|
||||
chmod 770 /data/elasticpot -R
|
||||
chown tpot:tpot /data/elasticpot -R
|
||||
}
|
||||
|
||||
|
|
@ -125,7 +125,7 @@ fuELK () {
|
|||
# ELK daemon log files will be removed
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elk/log/*; fi
|
||||
mkdir -p /data/elk
|
||||
chmod 760 /data/elk -R
|
||||
chmod 770 /data/elk -R
|
||||
chown tpot:tpot /data/elk -R
|
||||
}
|
||||
|
||||
|
|
@ -133,7 +133,7 @@ fuELK () {
|
|||
fuGLASTOPF () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glastopf/*; fi
|
||||
mkdir -p /data/glastopf/db /data/glastopf/log
|
||||
chmod 760 /data/glastopf -R
|
||||
chmod 770 /data/glastopf -R
|
||||
chown tpot:tpot /data/glastopf -R
|
||||
}
|
||||
|
||||
|
|
@ -141,7 +141,7 @@ fuGLASTOPF () {
|
|||
fuGLUTTON () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi
|
||||
mkdir -p /data/glutton/log
|
||||
chmod 760 /data/glutton -R
|
||||
chmod 770 /data/glutton -R
|
||||
chown tpot:tpot /data/glutton -R
|
||||
}
|
||||
|
||||
|
|
@ -149,7 +149,7 @@ fuGLUTTON () {
|
|||
fuHERALDING () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/heralding/*; fi
|
||||
mkdir -p /data/heralding/log
|
||||
chmod 760 /data/heralding -R
|
||||
chmod 770 /data/heralding -R
|
||||
chown tpot:tpot /data/heralding -R
|
||||
}
|
||||
|
||||
|
|
@ -157,7 +157,7 @@ fuHERALDING () {
|
|||
fuHONEYPY () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeypy/*; fi
|
||||
mkdir -p /data/honeypy/log
|
||||
chmod 760 /data/honeypy -R
|
||||
chmod 770 /data/honeypy -R
|
||||
chown tpot:tpot /data/honeypy -R
|
||||
}
|
||||
|
||||
|
|
@ -165,7 +165,7 @@ fuHONEYPY () {
|
|||
fuHONEYTRAP () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeytrap/*; fi
|
||||
mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
|
||||
chmod 760 /data/honeytrap/ -R
|
||||
chmod 770 /data/honeytrap/ -R
|
||||
chown tpot:tpot /data/honeytrap/ -R
|
||||
}
|
||||
|
||||
|
|
@ -173,7 +173,7 @@ fuHONEYTRAP () {
|
|||
fuMAILONEY () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/mailoney/*; fi
|
||||
mkdir -p /data/mailoney/log/
|
||||
chmod 760 /data/mailoney/ -R
|
||||
chmod 770 /data/mailoney/ -R
|
||||
chown tpot:tpot /data/mailoney/ -R
|
||||
}
|
||||
|
||||
|
|
@ -181,7 +181,7 @@ fuMAILONEY () {
|
|||
fuMEDPOT () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/medpot/*; fi
|
||||
mkdir -p /data/medpot/log/
|
||||
chmod 760 /data/medpot/ -R
|
||||
chmod 770 /data/medpot/ -R
|
||||
chown tpot:tpot /data/medpot/ -R
|
||||
}
|
||||
|
||||
|
|
@ -197,7 +197,7 @@ fuNGINX () {
|
|||
fuRDPY () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/rdpy/*; fi
|
||||
mkdir -p /data/rdpy/log/
|
||||
chmod 760 /data/rdpy/ -R
|
||||
chmod 770 /data/rdpy/ -R
|
||||
chown tpot:tpot /data/rdpy/ -R
|
||||
}
|
||||
|
||||
|
|
@ -205,7 +205,7 @@ fuRDPY () {
|
|||
fuSPIDERFOOT () {
|
||||
mkdir -p /data/spiderfoot
|
||||
touch /data/spiderfoot/spiderfoot.db
|
||||
chmod 760 -R /data/spiderfoot
|
||||
chmod 770 -R /data/spiderfoot
|
||||
chown tpot:tpot -R /data/spiderfoot
|
||||
}
|
||||
|
||||
|
|
@ -213,7 +213,7 @@ fuSPIDERFOOT () {
|
|||
fuSURICATA () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/suricata/*; fi
|
||||
mkdir -p /data/suricata/log
|
||||
chmod 760 -R /data/suricata
|
||||
chmod 770 -R /data/suricata
|
||||
chown tpot:tpot -R /data/suricata
|
||||
}
|
||||
|
||||
|
|
@ -221,7 +221,7 @@ fuSURICATA () {
|
|||
fuP0F () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/p0f/*; fi
|
||||
mkdir -p /data/p0f/log
|
||||
chmod 760 -R /data/p0f
|
||||
chmod 770 -R /data/p0f
|
||||
chown tpot:tpot -R /data/p0f
|
||||
}
|
||||
|
||||
|
|
@ -229,7 +229,7 @@ fuP0F () {
|
|||
fuTANNER () {
|
||||
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/tanner/*; fi
|
||||
mkdir -p /data/tanner/log /data/tanner/files
|
||||
chmod 760 -R /data/tanner
|
||||
chmod 770 -R /data/tanner
|
||||
chown tpot:tpot -R /data/tanner
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -31,4 +31,4 @@ MY_INTIP=$myLOCALIP
|
|||
MY_HOSTNAME=$HOSTNAME
|
||||
EOF
|
||||
chown tpot:tpot /data/ews/conf/ews.ip
|
||||
chmod 760 /data/ews/conf/ews.ip
|
||||
chmod 770 /data/ews/conf/ews.ip
|
||||
|
|
|
|||
2
docker/elk/logstash/dist/logstash.conf
vendored
2
docker/elk/logstash/dist/logstash.conf
vendored
|
|
@ -427,7 +427,7 @@ output {
|
|||
|
||||
#if [type] == "Suricata" {
|
||||
# file {
|
||||
# file_mode => 0760
|
||||
# file_mode => 0770
|
||||
# path => "/data/suricata/log/suricata_ews.log"
|
||||
# }
|
||||
#}
|
||||
|
|
|
|||
|
|
@ -792,7 +792,13 @@ systemctl enable tpot
|
|||
|
||||
# Let's take care of some files and permissions
|
||||
fuBANNER "Permissions"
|
||||
chmod 760 -R /data
|
||||
chmod 770 -R /data
|
||||
if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
|
||||
then
|
||||
usermod -a -G tpot tsec
|
||||
else
|
||||
usermod -a -G tpot $(who am i | awk '{ print $1 }')
|
||||
fi
|
||||
chown tpot:tpot -R /data
|
||||
chown tsec:tsec -R /home/tsec/.ssh
|
||||
chmod 644 -R /data/nginx/conf
|
||||
|
|
|
|||
|
|
@ -235,7 +235,7 @@ mkdir -p /data/adbhoney/downloads /data/adbhoney/log \
|
|||
/data/p0f/log
|
||||
|
||||
### Let's take care of some files and permissions
|
||||
chmod 760 -R /data
|
||||
chmod 770 -R /data
|
||||
chown tpot:tpot -R /data
|
||||
chmod 644 -R /data/nginx/conf
|
||||
chmod 644 -R /data/nginx/cert
|
||||
|
|
|
|||
Loading…
Reference in a new issue