Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-20 06:02:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

continue working on installer

Browse source 
remove portainer
remove wetty
remove netdata
add cockpit
tweak fail2ban for cockpit, sshd, nginx
update logo to 18.10
remove configs with regard to portainer, wetty, netdata
adjust packages for install.sh, preseed
This commit is contained in:
t3chn0m4g3 2018-06-23 21:23:33 +00:00
parent 96e02eeb10
commit d6077792b9
11 changed files with 36 additions and 288 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bin/updateip.sh
View file

@ -12,6 +12,7 @@ mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1)
sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
sed -i "s#ADMIN:.*#ADMIN: https://$myLOCALIP:64294#" /etc/issue
tee /data/ews/conf/ews.ip << EOF
[MAIN]
ip = $myEXTIP
@ -21,8 +22,5 @@ MY_EXTIP=$myEXTIP
MY_INTIP=$myLOCALIP
MY_HOSTNAME=$HOSTNAME
EOF
tee /opt/tpot/etc/compose/wetty_environment << EOF
MY_SSHUSER=$mySSHUSER
EOF
chown tpot:tpot /data/ews/conf/ews.ip
chmod 760 /data/ews/conf/ews.ip

41
docker/nginx/dist/conf/tpotweb.conf vendored
View file

@ -2,11 +2,6 @@
### NGINX T-Pot configuration file by mo ###
############################################
###################################
### Allow for 60 reloads per minute
###################################
limit_req_zone $binary_remote_addr zone=base:1m rate=1r/s;
server {
#########################
@ -39,16 +34,16 @@ server {
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
####################################
### OWASP recommendations / settings
####################################
### Size Limits & Buffer Overflows
### the size may be configured based on the needs.
client_body_buffer_size 100K;
client_body_buffer_size 128k;
client_header_buffer_size 1k;
client_max_body_size 100k;
client_max_body_size 256k;
large_client_header_buffers 2 1k;
### Mitigate Slow HHTP DoS Attack
@ -89,14 +84,6 @@ server {
auth_basic_user_file /etc/nginx/nginxpasswd;
##############################
### Limit brute-force attempts
##############################
location = / {
limit_req zone=base burst=1 nodelay;
}
#################
### Proxied sites
#################
@ -119,27 +106,6 @@ server {
rewrite /myhead/(.*)$ /$1 break;
}
### portainer
location /ui {
proxy_pass http://127.0.0.1:64299;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_redirect off;
rewrite /ui/(.*)$ /$1 break;
}
### web tty
location /wetty {
proxy_pass http://127.0.0.1:64300/wetty;
}
### netdata
location /netdata/ {
proxy_pass http://localhost:64301;
rewrite /netdata/(.*)$ /$1 break;
}
### spiderfoot
location /spiderfoot {
proxy_pass http://127.0.0.1:64303;
@ -156,4 +122,5 @@ server {
location /scandelete {
proxy_pass http://127.0.0.1:64303/spiderfoot/scandelete;
}
}

9
docker/nginx/dist/html/navbar.html vendored
View file

@ -10,12 +10,13 @@
<body bgcolor="#E20074">
<center>
<a href="/tpotweb.html" target="_top" class="btn">Home</a>
<a href="/kibana" target="main" class="btn">Kibana</a>
<script language="JavaScript">
document.write('<a href="' + window.location.protocol + '//' + window.location.hostname + ':64294' + '" target="_blank" class="btn">Cockpit</a> ' );
</script>
<a href="/myhead/" target="main" class="btn">ES Head</a>
<a href="/netdata/" target="_blank" class="btn">Netdata</a>
<a href="/kibana" target="main" class="btn">Kibana</a>
<a href="/spiderfoot/" target="main" class="btn">Spiderfoot</a>
<a href="/ui/" target="main" class="btn">Portainer</a>
<a href="/wetty/" target="main" class="btn">WebTTY</a>
</center>
</body>
</html>

46
etc/compose/collector.yml
View file

@ -171,26 +171,6 @@ services:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
depends_on:
elasticsearch:
condition: service_healthy
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
ports:
- "64301:64301"
image: "dtagdevsec/netdata:1804"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
# Nginx service
nginx:
container_name: nginx
@ -212,20 +192,6 @@ services:
- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- /data/nginx/log/:/var/log/nginx/
# Portainer service
portainer:
container_name: portainer
command: -H unix:///var/run/docker.sock --no-auth
restart: always
networks:
- portainer_local
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/portainer:1804"
read_only: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
@ -238,15 +204,3 @@ services:
volumes:
- /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
# Wetty service
wetty:
container_name: wetty
restart: always
stop_signal: SIGKILL
network_mode: "host"
env_file:
- /opt/tpot/etc/compose/wetty_environment
tmpfs:
- /home/wetty/.ssh/:uid=2000,gid=2000
image: "dtagdevsec/wetty:1804"
read_only: true

46
etc/compose/experimental.yml
View file

@ -505,26 +505,6 @@ services:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
depends_on:
elasticsearch:
condition: service_healthy
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
ports:
- "64301:64301"
image: "dtagdevsec/netdata:1804"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
# Nginx service
nginx:
container_name: nginx
@ -546,20 +526,6 @@ services:
- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- /data/nginx/log/:/var/log/nginx/
# Portainer service
portainer:
container_name: portainer
command: -H unix:///var/run/docker.sock --no-auth
restart: always
networks:
- portainer_local
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/portainer:1804"
read_only: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
@ -572,15 +538,3 @@ services:
volumes:
- /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
# Wetty service
wetty:
container_name: wetty
restart: always
stop_signal: SIGKILL
network_mode: "host"
env_file:
- /opt/tpot/etc/compose/wetty_environment
tmpfs:
- /home/wetty/.ssh/:uid=2000,gid=2000
image: "dtagdevsec/wetty:1804"
read_only: true

47
etc/compose/industrial.yml
View file

@ -324,26 +324,6 @@ services:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
depends_on:
elasticsearch:
condition: service_healthy
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
ports:
- "64301:64301"
image: "dtagdevsec/netdata:1804"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
# Nginx service
nginx:
container_name: nginx
@ -365,20 +345,6 @@ services:
- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- /data/nginx/log/:/var/log/nginx/
# Portainer service
portainer:
container_name: portainer
command: -H unix:///var/run/docker.sock --no-auth
restart: always
networks:
- portainer_local
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/portainer:1804"
read_only: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
@ -390,16 +356,3 @@ services:
image: "dtagdevsec/spiderfoot:1804"
volumes:
- /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
# Wetty service
wetty:
container_name: wetty
restart: always
stop_signal: SIGKILL
network_mode: "host"
env_file:
- /opt/tpot/etc/compose/wetty_environment
tmpfs:
- /home/wetty/.ssh/:uid=2000,gid=2000
image: "dtagdevsec/wetty:1804"
read_only: true

46
etc/compose/legacy.yml
View file

@ -290,26 +290,6 @@ services:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
depends_on:
elasticsearch:
condition: service_healthy
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
ports:
- "64301:64301"
image: "dtagdevsec/netdata:1804"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
# Nginx service
nginx:
container_name: nginx
@ -331,20 +311,6 @@ services:
- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- /data/nginx/log/:/var/log/nginx/
# Portainer service
portainer:
container_name: portainer
command: -H unix:///var/run/docker.sock --no-auth
restart: always
networks:
- portainer_local
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/portainer:1804"
read_only: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
@ -357,15 +323,3 @@ services:
volumes:
- /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
# Wetty service
wetty:
container_name: wetty
restart: always
stop_signal: SIGKILL
network_mode: "host"
env_file:
- /opt/tpot/etc/compose/wetty_environment
tmpfs:
- /home/wetty/.ssh/:uid=2000,gid=2000
image: "dtagdevsec/wetty:1804"
read_only: true

47
etc/compose/standard.yml
View file

@ -16,7 +16,6 @@ networks:
vnclowpot_local:
ewsposter_local:
spiderfoot_local:
portainer_local:
services:
@ -505,26 +504,6 @@ services:
- /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
# Netdata service
netdata:
container_name: netdata
restart: always
network_mode: "host"
depends_on:
elasticsearch:
condition: service_healthy
cap_add:
- SYS_PTRACE
security_opt:
- apparmor=unconfined
ports:
- "64301:64301"
image: "dtagdevsec/netdata:1804"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
# Nginx service
nginx:
container_name: nginx
@ -546,20 +525,6 @@ services:
- /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- /data/nginx/log/:/var/log/nginx/
# Portainer service
portainer:
container_name: portainer
command: -H unix:///var/run/docker.sock --no-auth
restart: always
networks:
- portainer_local
ports:
- "127.0.0.1:64299:9000"
image: "dtagdevsec/portainer:1804"
read_only: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Spiderfoot service
spiderfoot:
container_name: spiderfoot
@ -572,15 +537,3 @@ services:
volumes:
- /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
# Wetty service
wetty:
container_name: wetty
restart: always
stop_signal: SIGKILL
network_mode: "host"
env_file:
- /opt/tpot/etc/compose/wetty_environment
tmpfs:
- /home/wetty/.ssh/:uid=2000,gid=2000
image: "dtagdevsec/wetty:1804"
read_only: true

17
host/etc/issue
View file

@ -1,12 +1,12 @@

┌───────────────────────────────────────────────────
│ _____ ____ _ _ ___ ___ _ _ │
│|_ _| | _ \\ ___ | |_ / |( _ ) / _ \\| || | │
│ | |_____| |_) / _ \\| __| | |/ _ \\| | | | || |_ 
│ | |_____| __/ (_) | |_ | | (_) | |_| |__ _|│
│ |_| |_| \\___/ \\__| |_|\\___(_)___/ |_| │
│ │
└───────────────────────────────────────────────────
┌────────────────────────────────────────────────┐
│ _____ ____ _ _ ___ _ ___ │
│|_ _| | _ \\ ___ | |_ / |( _ ) / |/ _ \\ │
│ | |_____| |_) / _ \\| __| | |/ _ \\ | | | | |│
│ | |_____| __/ (_) | |_ | | (_) || | |_| |│
│ |_| |_| \\___/ \\__| |_|\\___(_)_|\\___/ │
│ │
└────────────────────────────────────────────────┘
,---- [ \n ] [ \d ] [ \t ]
@ -14,6 +14,7 @@
| IP:
| SSH:
| WEB:
| ADMIN:
|
`----

19
iso/installer/install.sh
View file

@ -131,7 +131,7 @@ fi
# Let's check if all dependencies are met
function fuGET_DEPS {
local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
echo
echo "### Getting update information."
echo
@ -610,7 +610,8 @@ myHOST=$a$n
hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
# Let's patch sshd_config
# Let's patch cockpit.socket, sshd_config
sed -i 's#ListenStream=9090#ListeStream=64294#' /etc/systemd/system/sockets.target.wants/cockpit.socket 2>&1 | dialog --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF
sed -i 's#\#Port 22#Port 64295#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF
# Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started
@ -685,11 +686,23 @@ dialog --title "[ Setup fail2ban config ]" $myPROGRESSBOXCONF <<EOF
EOF
tee /etc/fail2ban/jail.d/tpot.conf 2>&1>/dev/null <<EOF
[DEFAULT]
ignoreip = 127.0.0.1/8
ignore-ip = 127.0.0.1/8
bantime = 3600
findtime = 600
maxretry = 5
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = 64297
logpath = /data/nginx/log/error.log
[pam-generic]
enabled = true
port = 64294
filter = pam-generic
logpath = /var/log/auth.log
[sshd]
enabled = true
port = 64295

2
iso/preseed/tpot.seed
View file

@ -101,7 +101,7 @@ tasksel tasksel/first multiselect ubuntu-server
########################
### Package Installation
########################
d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant
d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant
#################
### Update Policy