tweaking, bugfixing

installer/bin/dps.sh

@@ -1,2 +1,2 @@
 #/bin/bash
-docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' egrep --color=always "(^[_a-z]+ |$)|$" | GREP_COLORS='mt=01;32' egrep --color=always "(Up[ 0-9a-Z]+ |$)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(Exited[ \(0-9\)]+ [0-9a-Z ]+ ago|$)|$"
+docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$"

installer/data/systemd/elk.service

@@ -8,7 +8,7 @@ Restart=always
 ExecStartPre=-/usr/bin/docker stop elk
 ExecStartPre=-/usr/bin/docker rm -v elk
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk'
-ExecStart=/usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:8080 -p 127.0.0.1:64297:9200 --rm=true dtagdevsec/elk:latest1610
+ExecStart=/usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:latest1610
 ExecStop=/usr/bin/docker stop elk
 
 [Install]

installer/data/systemd/honeytrap.service

@@ -8,10 +8,15 @@ Restart=always
 ExecStartPre=-/usr/bin/docker stop honeytrap
 ExecStartPre=-/usr/bin/docker rm -v honeytrap
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh honeytrap off'
-ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061 -j NFQUEUE
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 81,102,161,502,8080,9200 -j NFQUEUE
 ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1610
 ExecStop=/usr/bin/docker stop honeytrap
-ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 81,102,161,502,8080,9200 -j NFQUEUE
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061 -j NFQUEUE
 
 [Install]
 WantedBy=multi-user.target
+

installer/data/systemd/ui-for-docker.service

@@ -1,14 +1,14 @@
 [Unit]
-Description=uifordocker
+Description=ui-for-docker
 Requires=docker.service
 After=docker.service
 
 [Service]
 Restart=always
-ExecStartPre=-/usr/bin/docker stop uifordocker
-ExecStartPre=-/usr/bin/docker rm -v uifordocker
-ExecStart=/usr/bin/docker run --name uifordocker --rm=true -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:64299:9000 dtagdevsec/ui-for-docker:latest1610
-ExecStop=/usr/bin/docker stop uifordocker 
+ExecStartPre=-/usr/bin/docker stop ui-for-docker
+ExecStartPre=-/usr/bin/docker rm -v ui-for-docker
+ExecStart=/usr/bin/docker run --name ui-for-docker --rm=true -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:64299:9000 dtagdevsec/ui-for-docker:latest1610
+ExecStop=/usr/bin/docker stop ui-for-docker
 
 [Install]
 WantedBy=multi-user.target

installer/install.sh

@@ -37,11 +37,38 @@ exec 2> >(tee "install.err")
 exec > >(tee "install.log")
 
 # Let's stop and disable ssh, nginx services
-fuECHO "### Disabling and stopping ssh, nginx services."
-systemctl disable ssh
-systemctl stop ssh
-systemctl disable nginx
-systemctl stop nginx
+#fuECHO "### Disabling and stopping ssh, nginx services."
+#systemctl disable ssh
+#systemctl stop ssh
+#systemctl disable nginx
+#systemctl stop nginx
+
+# Let's disable NGINX default website
+fuECHO "### Removing link to NGINX default website."
+rm /etc/nginx/sites-enabled/default
+
+# Let's ask user for web password
+fuECHO "### Please enter a web user name and password."
+myOK="n"
+myUSER="tsec"
+while [ "$myOK" != "y"  ]
+  do
+    while [ "$myUSER" = "tsec"  ]
+      do
+        echo -n "Username (tsec not allowed): "
+        read myUSER
+        echo "Your username is: "$myUSER
+      done
+    echo -n "OK (y/n)? "
+    read myOK
+done
+htpasswd -c /etc/nginx/nginxpasswd $myUSER
+
+# Let's generate a SSL certificate
+fuECHO "### Generating a self-signed-certificate for NGINX."
+fuECHO "### If you are unsure you can use the default values."
+mkdir -p /etc/nginx/ssl
+openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "/etc/nginx/ssl/nginx.key" -out "/etc/nginx/ssl/nginx.crt" -days 3650
 
 # Let's setup the proxy for env
 if [ -f $myPROXYFILEPATH ];
@@ -353,20 +380,19 @@ cp -R /root/tpot/bin/* /usr/bin/
 cp -R /root/tpot/data/* /data/
 cp    /root/tpot/data/systemd/* /etc/systemd/system/
 cp -R /root/tpot/etc/issue /etc/
-cp -R /root/tpot/etc/nginx/ssl /etc/nginx/
-cp    /root/tpot/etc/nginx/nginxpasswd /etc/nginx/
+cp    /root/tpot/etc/nginx/ssl/* /etc/nginx/ssl/
 cp    /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/
 cp -R /root/tpot/home/* /home/tsec/
 cp    /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys
-cp    /root/usr/share/nginx/html/* /usr/share/nginx/html/
+cp    /root/tpot/usr/share/nginx/html/* /usr/share/nginx/html/
 for i in $(cat /data/images.conf);
   do
     systemctl enable $i;
 done
+systemctl enable wetty
 
-# Let's remove nginx default website and link t-pot website 
-fuECHO "### Removing nginx default website and linking t-pot website."
-rm /etc/nginx/sites-enabled/default
+# Let's enable T-Pot website 
+fuECHO "### Enabling T-Pot website."
 ln -s /etc/nginx/sites-available/tpotweb.conf /etc/nginx/sites-enabled/tpotweb.conf
 
 # Let's take care of some files and permissions
@@ -406,4 +432,5 @@ chown tpot:tpot /data/ews/conf/ews.ip
 
 # Final steps
 fuECHO "### Thanks for your patience. Now rebooting."
-mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && chage -d 0 tsec && sleep 2 && reboot
+#mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && chage -d 0 tsec && sleep 2 && reboot
+mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && sleep 2 && reboot

preseed/tpot.seed

@@ -63,7 +63,7 @@ d-i passwd/root-login boolean false
 d-i passwd/make-user boolean true
 d-i passwd/user-fullname string tsec
 d-i passwd/username string tsec
-d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71
+#d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71
 d-i user-setup/encrypt-home boolean false
 
 ########################################
@@ -100,7 +100,7 @@ tasksel tasksel/first multiselect ubuntu-server
 ########################
 ### Package Installation
 ########################
-d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog docker.io dstat ethtool genisoimage git html2text htop iptables iw libpam-google-authenticator libltdl7 lm-sensors nginx-full nodejs npm ntp openssh-server openssl syslinux pv python-pip vim wireless-tools wpasupplicant
+d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog docker.io dstat ethtool genisoimage git html2text htop iptables iw libpam-google-authenticator libltdl7 lm-sensors nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant
 
 #################
 ### Update Policy