Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-28 19:28:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

tweaking, bugfixing

Browse source
This commit is contained in:
Marco Ochse 2016-08-07 19:08:13 +02:00
parent bbb708b988
commit d16698877b
7 changed files with 55 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
blah.tgz Normal file
View file

Binary file not shown.

2
installer/bin/dps.sh
View file

@ -1,2 +1,2 @@
#/bin/bash #/bin/bash
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' egrep --color=always "(^[_a-z]+ |$)|$" | GREP_COLORS='mt=01;32' egrep --color=always "(Up[ 0-9a-Z]+ |$)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(Exited[ \(0-9\)]+ [0-9a-Z ]+ ago|$)|$" docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$"

2
installer/data/systemd/elk.service
View file

@ -8,7 +8,7 @@ Restart=always
ExecStartPre=-/usr/bin/docker stop elk ExecStartPre=-/usr/bin/docker stop elk
ExecStartPre=-/usr/bin/docker rm -v elk ExecStartPre=-/usr/bin/docker rm -v elk
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk' ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk'
ExecStart=/usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:8080 -p 127.0.0.1:64297:9200 --rm=true dtagdevsec/elk:latest1610 ExecStart=/usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:latest1610
ExecStop=/usr/bin/docker stop elk ExecStop=/usr/bin/docker stop elk
[Install] [Install]

9
installer/data/systemd/honeytrap.service
View file

@ -8,10 +8,15 @@ Restart=always
ExecStartPre=-/usr/bin/docker stop honeytrap ExecStartPre=-/usr/bin/docker stop honeytrap
ExecStartPre=-/usr/bin/docker rm -v honeytrap ExecStartPre=-/usr/bin/docker rm -v honeytrap
ExecStartPre=/bin/bash -c '/usr/bin/clean.sh honeytrap off' ExecStartPre=/bin/bash -c '/usr/bin/clean.sh honeytrap off'
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 81,102,161,502,8080,9200 -j NFQUEUE
ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1610 ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1610
ExecStop=/usr/bin/docker stop honeytrap ExecStop=/usr/bin/docker stop honeytrap
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 81,102,161,502,8080,9200 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061 -j NFQUEUE
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

10
installer/data/systemd/ui-for-docker.service
View file

@ -1,14 +1,14 @@
[Unit] [Unit]
Description=uifordocker Description=ui-for-docker
Requires=docker.service Requires=docker.service
After=docker.service After=docker.service
[Service] [Service]
Restart=always Restart=always
ExecStartPre=-/usr/bin/docker stop uifordocker ExecStartPre=-/usr/bin/docker stop ui-for-docker
ExecStartPre=-/usr/bin/docker rm -v uifordocker ExecStartPre=-/usr/bin/docker rm -v ui-for-docker
ExecStart=/usr/bin/docker run --name uifordocker --rm=true -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:64299:9000 dtagdevsec/ui-for-docker:latest1610 ExecStart=/usr/bin/docker run --name ui-for-docker --rm=true -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:64299:9000 dtagdevsec/ui-for-docker:latest1610
ExecStop=/usr/bin/docker stop uifordocker ExecStop=/usr/bin/docker stop ui-for-docker
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

51
installer/install.sh
View file

@ -37,11 +37,38 @@ exec 2> >(tee "install.err")
exec > >(tee "install.log") exec > >(tee "install.log")
# Let's stop and disable ssh, nginx services # Let's stop and disable ssh, nginx services
fuECHO "### Disabling and stopping ssh, nginx services." #fuECHO "### Disabling and stopping ssh, nginx services."
systemctl disable ssh #systemctl disable ssh
systemctl stop ssh #systemctl stop ssh
systemctl disable nginx #systemctl disable nginx
systemctl stop nginx #systemctl stop nginx
# Let's disable NGINX default website
fuECHO "### Removing link to NGINX default website."
rm /etc/nginx/sites-enabled/default
# Let's ask user for web password
fuECHO "### Please enter a web user name and password."
myOK="n"
myUSER="tsec"
while [ "$myOK" != "y" ]
do
while [ "$myUSER" = "tsec" ]
do
echo -n "Username (tsec not allowed): "
read myUSER
echo "Your username is: "$myUSER
done
echo -n "OK (y/n)? "
read myOK
done
htpasswd -c /etc/nginx/nginxpasswd $myUSER
# Let's generate a SSL certificate
fuECHO "### Generating a self-signed-certificate for NGINX."
fuECHO "### If you are unsure you can use the default values."
mkdir -p /etc/nginx/ssl
openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "/etc/nginx/ssl/nginx.key" -out "/etc/nginx/ssl/nginx.crt" -days 3650
# Let's setup the proxy for env # Let's setup the proxy for env
if [ -f $myPROXYFILEPATH ]; if [ -f $myPROXYFILEPATH ];
@ -353,20 +380,19 @@ cp -R /root/tpot/bin/* /usr/bin/
cp -R /root/tpot/data/* /data/ cp -R /root/tpot/data/* /data/
cp /root/tpot/data/systemd/* /etc/systemd/system/ cp /root/tpot/data/systemd/* /etc/systemd/system/
cp -R /root/tpot/etc/issue /etc/ cp -R /root/tpot/etc/issue /etc/
cp -R /root/tpot/etc/nginx/ssl /etc/nginx/ cp /root/tpot/etc/nginx/ssl/* /etc/nginx/ssl/
cp /root/tpot/etc/nginx/nginxpasswd /etc/nginx/
cp /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/ cp /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/
cp -R /root/tpot/home/* /home/tsec/ cp -R /root/tpot/home/* /home/tsec/
cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys
cp /root/usr/share/nginx/html/* /usr/share/nginx/html/ cp /root/tpot/usr/share/nginx/html/* /usr/share/nginx/html/
for i in $(cat /data/images.conf); for i in $(cat /data/images.conf);
do do
systemctl enable $i; systemctl enable $i;
done done
systemctl enable wetty
# Let's remove nginx default website and link t-pot website # Let's enable T-Pot website
fuECHO "### Removing nginx default website and linking t-pot website." fuECHO "### Enabling T-Pot website."
rm /etc/nginx/sites-enabled/default
ln -s /etc/nginx/sites-available/tpotweb.conf /etc/nginx/sites-enabled/tpotweb.conf ln -s /etc/nginx/sites-available/tpotweb.conf /etc/nginx/sites-enabled/tpotweb.conf
# Let's take care of some files and permissions # Let's take care of some files and permissions
@ -406,4 +432,5 @@ chown tpot:tpot /data/ews/conf/ews.ip
# Final steps # Final steps
fuECHO "### Thanks for your patience. Now rebooting." fuECHO "### Thanks for your patience. Now rebooting."
mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && chage -d 0 tsec && sleep 2 && reboot #mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && chage -d 0 tsec && sleep 2 && reboot
mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && sleep 2 && reboot

4
preseed/tpot.seed
View file

@ -63,7 +63,7 @@ d-i passwd/root-login boolean false
d-i passwd/make-user boolean true d-i passwd/make-user boolean true
d-i passwd/user-fullname string tsec d-i passwd/user-fullname string tsec
d-i passwd/username string tsec d-i passwd/username string tsec
d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71 #d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71
d-i user-setup/encrypt-home boolean false d-i user-setup/encrypt-home boolean false
######################################## ########################################
@ -100,7 +100,7 @@ tasksel tasksel/first multiselect ubuntu-server
######################## ########################
### Package Installation ### Package Installation
######################## ########################
d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog docker.io dstat ethtool genisoimage git html2text htop iptables iw libpam-google-authenticator libltdl7 lm-sensors nginx-full nodejs npm ntp openssh-server openssl syslinux pv python-pip vim wireless-tools wpasupplicant d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog docker.io dstat ethtool genisoimage git html2text htop iptables iw libpam-google-authenticator libltdl7 lm-sensors nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant
################# #################
### Update Policy ### Update Policy