From 6b40c1ca7f7aa31a16972c98f307ab57f32b70cb Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 01:09:50 +0000 Subject: [PATCH 01/17] HPFEEDS: Command line option - OptIn script accepts config file as argument (--conf=hpfeeds.cfg) - Current config is written to /data/ews/conf/hpfeeds.cfg --- bin/hpfeeds_optin.sh | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/bin/hpfeeds_optin.sh b/bin/hpfeeds_optin.sh index 5310e401..fc6792bf 100755 --- a/bin/hpfeeds_optin.sh +++ b/bin/hpfeeds_optin.sh @@ -67,6 +67,24 @@ mySECRET="secret" myFORMAT="json" } +function fuWRITETOFILE () { +if [ -f '/data/ews/conf/hpfeeds.cfg' ]; then + echo "Creating backup of current config" + mv /data/ews/conf/hpfeeds.cfg /data/ews/conf/hpfeeds.cfg.old +fi +echo "Storing new config in /data/ews/conf/hpfeeds.cfg" +cat >> /data/ews/conf/hpfeeds.cfg < fi } +function fuRESTORE_HPFEEDS () { +if [ -f '/data/ews/conf/hpfeeds.cfg' ]; then + echo "### Restoring HPFEEDS in tpot.yml" + ./bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg +fi +} + ################ # Main section # @@ -297,3 +304,4 @@ fuBACKUP fuSELFUPDATE "$0" "$@" fuUPDATER fuRESTORE_EWSCFG +fuRESTORE_HPFEEDS From 8b2898bd4e7a0f3c729b962998ccd79ac61ddc61 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 06:51:48 +0000 Subject: [PATCH 03/17] Adapt testing paths --- iso/installer/install.sh | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 0fdee005..d430acde 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -677,7 +677,7 @@ pip install elasticsearch-curator yq # Cloning T-Pot from GitHub fuBANNER "Cloning T-Pot" -git clone https://github.com/dtag-dev-sec/tpotce /opt/tpot +git clone https://github.com/TheHADILP/tpotce.git -b hpfeeds-cmd /opt/tpot # Let's create the T-Pot user fuBANNER "Create user" diff --git a/update.sh b/update.sh index fd3ed850..9e024950 100755 --- a/update.sh +++ b/update.sh @@ -58,7 +58,7 @@ function fuSELFUPDATE () { echo "###### $myBLUE""No updates found in repository.""$myWHITE" return fi - myRESULT=$(git diff --name-only origin/master | grep update.sh) + myRESULT=$(git diff --name-only origin/hpfeeds-cmd | grep update.sh) if [ "$myRESULT" == "update.sh" ]; then echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE" From 4b3337de486a5f4536cd557dc468089f0ee2996f Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 07:19:50 +0000 Subject: [PATCH 04/17] Move reboot message to the end --- update.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index 9e024950..77f4e3b1 100755 --- a/update.sh +++ b/update.sh @@ -254,8 +254,6 @@ echo "### Export and import the objects easily through the Kibana WebUI:" echo "### Go to Kibana > Management > Saved Objects > Export / Import" echo "### All objects will be overwritten upon import, make sure to run an export first." echo -echo "### Please reboot." -echo } function fuRESTORE_EWSCFG () { @@ -305,3 +303,7 @@ fuSELFUPDATE "$0" "$@" fuUPDATER fuRESTORE_EWSCFG fuRESTORE_HPFEEDS + +echo +echo "### Please reboot." +echo From ad7f3a648574455f29aaeb3b1ad1f602ca18173f Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 07:26:42 +0000 Subject: [PATCH 05/17] Add Spacing --- update.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 77f4e3b1..32986fcc 100755 --- a/update.sh +++ b/update.sh @@ -253,11 +253,11 @@ echo "### https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/etc/objec echo "### Export and import the objects easily through the Kibana WebUI:" echo "### Go to Kibana > Management > Saved Objects > Export / Import" echo "### All objects will be overwritten upon import, make sure to run an export first." -echo } function fuRESTORE_EWSCFG () { if [ -f '/data/ews/conf/ews.cfg' ] && ! grep 'ews.cfg' /opt/tpot/etc/tpot.yml > /dev/null; then + echo echo "### Restoring volume mount for ews.cfg in tpot.yml" sed -i '/\/opt\/ewsposter\/ews.ip/a\\ \ \ \ \ - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg' /opt/tpot/etc/tpot.yml fi @@ -265,6 +265,7 @@ fi function fuRESTORE_HPFEEDS () { if [ -f '/data/ews/conf/hpfeeds.cfg' ]; then + echo echo "### Restoring HPFEEDS in tpot.yml" ./bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg fi From 12cf4ecd8953ae91f5b2b3f9117853bf901f9e0f Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 07:52:17 +0000 Subject: [PATCH 06/17] Update comments --- bin/hpfeeds_optin.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/hpfeeds_optin.sh b/bin/hpfeeds_optin.sh index fc6792bf..cb5cc8e6 100755 --- a/bin/hpfeeds_optin.sh +++ b/bin/hpfeeds_optin.sh @@ -69,11 +69,11 @@ myFORMAT="json" function fuWRITETOFILE () { if [ -f '/data/ews/conf/hpfeeds.cfg' ]; then - echo "Creating backup of current config" + echo "Creating backup of current config in /data/ews/conf/hpfeeds.cfg.old" mv /data/ews/conf/hpfeeds.cfg /data/ews/conf/hpfeeds.cfg.old fi echo "Storing new config in /data/ews/conf/hpfeeds.cfg" -cat >> /data/ews/conf/hpfeeds.cfg <> /data/ews/conf/hpfeeds.cfg < Date: Thu, 16 May 2019 07:59:52 +0000 Subject: [PATCH 07/17] Imrove console output --- bin/hpfeeds_optin.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/hpfeeds_optin.sh b/bin/hpfeeds_optin.sh index cb5cc8e6..f74f8337 100755 --- a/bin/hpfeeds_optin.sh +++ b/bin/hpfeeds_optin.sh @@ -99,8 +99,8 @@ sed --follow-symlinks -i "s/EWS_HPFEEDS_SECRET.*/EWS_HPFEEDS_SECRET=${mySECRET}/ sed --follow-symlinks -i "s/EWS_HPFEEDS_FORMAT.*/EWS_HPFEEDS_FORMAT=${myFORMAT}/g" "$myTPOTYMLFILE" echo "Now starting T-Pot ..." systemctl start tpot -echo "You can always change or review your settings in /data/ews/conf/hpfeeds.cfg and apply changes with" -echo "./hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg" +echo "You can always change or review your settings in /data/ews/conf/hpfeeds.cfg and apply changes by" +echo "running \"./hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg\"" echo "Done." } From 4efc62b529c558e88fee3f7ce50c9812df70463e Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 08:14:05 +0000 Subject: [PATCH 08/17] Revert "Adapt testing paths" This reverts commit 8b2898bd4e7a0f3c729b962998ccd79ac61ddc61. --- iso/installer/install.sh | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index d430acde..0fdee005 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -677,7 +677,7 @@ pip install elasticsearch-curator yq # Cloning T-Pot from GitHub fuBANNER "Cloning T-Pot" -git clone https://github.com/TheHADILP/tpotce.git -b hpfeeds-cmd /opt/tpot +git clone https://github.com/dtag-dev-sec/tpotce /opt/tpot # Let's create the T-Pot user fuBANNER "Create user" diff --git a/update.sh b/update.sh index 32986fcc..ab752784 100755 --- a/update.sh +++ b/update.sh @@ -58,7 +58,7 @@ function fuSELFUPDATE () { echo "###### $myBLUE""No updates found in repository.""$myWHITE" return fi - myRESULT=$(git diff --name-only origin/hpfeeds-cmd | grep update.sh) + myRESULT=$(git diff --name-only origin/master | grep update.sh) if [ "$myRESULT" == "update.sh" ]; then echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE" From c874e9d0803bc58f2fa2b2be08538cddad2f6973 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 11:11:40 +0200 Subject: [PATCH 09/17] Update README.md --- README.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b285c35b..2afe9e0a 100644 --- a/README.md +++ b/README.md @@ -375,11 +375,13 @@ T-Pot requires outgoing git, http, https connections for updates (Debian, Docker # Updates For the ones of you who want to live on the bleeding edge of T-Pot development we introduced an update feature which will allow you to update all T-Pot relevant files to be up to date with the T-Pot master branch. **If you made any relevant changes to the T-Pot relevant config files make sure to create a backup first.** + The Update script will: - - **merciless** overwrite local changes to be in sync with the T-Pot master branch + - **mercilessly** overwrite local changes to be in sync with the T-Pot master branch - upgrade the system to the packages available in Debian (Sid) - update all resources to be in-sync with the T-Pot master branch - ensure all T-Pot relevant system files will be patched / copied into the original T-Pot state + - restore your custom ews.cfg and HPFEED settings from `/data/ews/conf` You simply run the update script: ``` @@ -466,8 +468,17 @@ We encourage you not to disable the data submission as it is the main purpose of ## Opt-In HPFEEDS Data Submission -As an Opt-In it is now possible to also share T-Pot data with 3rd party HPFEEDS brokers, such as [SISSDEN](https://sissden.eu). -If you want to share your T-Pot data you simply have to register an account with a 3rd party broker with its own benefits towards the community. Once registered you will receive your credentials to share events with the broker. In T-Pot you simply run `hpfeeds_optin.sh` which will ask for your credentials, in case of SISSDEN this is just `Ident` and `Secret`, everything else is pre-configured. It will automatically update `/opt/tpot/etc/tpot.yml` to deliver events to your desired broker. +As an Opt-In it is now possible to also share T-Pot data with 3rd party HPFEEDS brokers, such as [SISSDEN](https://sissden.eu). +If you want to share your T-Pot data you simply have to register an account with a 3rd party broker with its own benefits towards the community. Once registered you will receive your credentials to share events with the broker. In T-Pot you simply run `hpfeeds_optin.sh` which will ask for your credentials, in case of SISSDEN this is just `Ident` and `Secret`, everything else is pre-configured. +It will automatically update `/opt/tpot/etc/tpot.yml` to deliver events to your desired broker. + +The script can accept a config file as an argument, e.g. `./hpfeeds_optin.sh --conf=hpfeeds.cfg` + +Your current config will also be stored in `/data/ews/conf/hpfeeds.cfg` where you can review or change it. +No worries: You old config is backed up in `/data/ews/conf/hpfeeds.cfg.old` +Be sure to apply any changes by running `./hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg`. + +Of course you can also rerun the `hpfeeds_optin.sh` to change and apply your settings interactively. # Roadmap From f3214b935c02375045360a0c387875607bda8e2d Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 11:19:03 +0200 Subject: [PATCH 10/17] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1da7edd0..90e64661 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 20190516 +- **HPFEEDS Opt-In commandline option** + - Pass a hpfeeds config file as a commandline argument + - hpfeeds config is saved in `/data/ews/conf/hpfeeds.cfg` + - Update script restores hpfeeds config + ## 20190511 - **Add hptest script** - Quickly test if the honeypots are working with `hptest.sh <[ip,host]>` based on nmap. From bc658a05752b4d36a5b92899f6c4684c465379f7 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 11:22:13 +0200 Subject: [PATCH 11/17] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 2afe9e0a..178c9184 100644 --- a/README.md +++ b/README.md @@ -122,6 +122,10 @@ h apt-fast the downloads will be even faster by downloading packages not only in - **Added Ansible T-Pot Deployment on Open Telekom Cloud** - Reusable Ansible Playbooks for all cloud providers - Example Showcase with our Open Telekom Cloud +- **HPFEEDS Opt-In commandline option** + - Pass a hpfeeds config file as a commandline argument + - hpfeeds config is saved in `/data/ews/conf/hpfeeds.cfg` + - Update script restores hpfeeds config # Technical Concept From 8163cf8b2d56880cf95c988bff0ff5734618b352 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 11:28:03 +0200 Subject: [PATCH 12/17] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 178c9184..6d0a3154 100644 --- a/README.md +++ b/README.md @@ -482,7 +482,7 @@ Your current config will also be stored in `/data/ews/conf/hpfeeds.cfg` where yo No worries: You old config is backed up in `/data/ews/conf/hpfeeds.cfg.old` Be sure to apply any changes by running `./hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg`. -Of course you can also rerun the `hpfeeds_optin.sh` to change and apply your settings interactively. +Of course you can also rerun the `hpfeeds_optin.sh` script to change and apply your settings interactively. # Roadmap From d71532678bb06f0a686d2b05b2a533eed1a39624 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 11:50:25 +0200 Subject: [PATCH 13/17] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6d0a3154..4c717f52 100644 --- a/README.md +++ b/README.md @@ -479,8 +479,8 @@ It will automatically update `/opt/tpot/etc/tpot.yml` to deliver events to your The script can accept a config file as an argument, e.g. `./hpfeeds_optin.sh --conf=hpfeeds.cfg` Your current config will also be stored in `/data/ews/conf/hpfeeds.cfg` where you can review or change it. -No worries: You old config is backed up in `/data/ews/conf/hpfeeds.cfg.old` -Be sure to apply any changes by running `./hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg`. +Be sure to apply any changes by running `./hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg`. +No worries: You old config gets backed up in `/data/ews/conf/hpfeeds.cfg.old` Of course you can also rerun the `hpfeeds_optin.sh` script to change and apply your settings interactively. From 965170ff21e71a59f0deddd67342ee8d155f8f39 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 10:51:04 +0000 Subject: [PATCH 14/17] Moved to hpfeeds cmdline option --- .../ansible/roles/custom_ews/tasks/main.yaml | 34 +++++-------------- .../roles/custom_ews/templates/hpfeeds.cfg} | 2 +- .../deploy_ansible_otc_t-pot.sh | 13 ------- 3 files changed, 10 insertions(+), 39 deletions(-) rename cloud/open-telekom-cloud/{.hpfeeds_settings.sh => ansible/roles/custom_ews/templates/hpfeeds.cfg} (100%) diff --git a/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml b/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml index 06404182..151ea000 100644 --- a/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml +++ b/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml @@ -12,29 +12,13 @@ insertafter: '/opt/ewsposter/ews.ip' line: ' - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg' -- name: Lookup HPFEED environment variables - set_fact: - myENABLE: "{{ lookup('env', 'myENABLE') }}" - myHOST: "{{ lookup('env', 'myHOST') }}" - myPORT: "{{ lookup('env', 'myPORT') }}" - myCHANNEL: "{{ lookup('env', 'myCHANNEL') }}" - myIDENT: "{{ lookup('env', 'myIDENT') }}" - mySECRET: "{{ lookup('env', 'mySECRET') }}" - myCERT: "{{ lookup('env', 'myCERT') }}" - myFORMAT: "{{ lookup('env', 'myFORMAT') }}" +- name: Copy hpfeeds configuration file + template: + src: ../templates/hpfeeds.cfg + dest: /data/ews/conf + owner: root + group: root + mode: 0644 -- name: Apply HPFEED settings in tpot.yml - lineinfile: - path: /opt/tpot/etc/tpot.yml - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: 'EWS_HPFEEDS_ENABLE.*', line: ' - EWS_HPFEEDS_ENABLE={{ myENABLE | lower }}' } - - { regexp: 'EWS_HPFEEDS_HOST.*', line: ' - EWS_HPFEEDS_HOST={{ myHOST }}' } - - { regexp: 'EWS_HPFEEDS_PORT.*', line: ' - EWS_HPFEEDS_PORT={{ myPORT }}' } - - { regexp: 'EWS_HPFEEDS_CHANNELS.*', line: ' - EWS_HPFEEDS_CHANNELS={{ myCHANNEL }}' } - - { regexp: 'EWS_HPFEEDS_IDENT.*', line: ' - EWS_HPFEEDS_IDENT={{ myIDENT }}' } - - { regexp: 'EWS_HPFEEDS_SECRET.*', line: ' - EWS_HPFEEDS_SECRET={{ mySECRET }}' } - - { regexp: 'EWS_HPFEEDS_TLSCERT.*', line: ' - EWS_HPFEEDS_TLSCERT={{ myCERT }}' } - - { regexp: 'EWS_HPFEEDS_TLSCERT.False', line: ' - EWS_HPFEEDS_TLSCERT={{ myCERT | lower }}' } - - { regexp: 'EWS_HPFEEDS_FORMAT.*', line: ' - EWS_HPFEEDS_FORMAT={{ myFORMAT }}' } +-name: Applying hpfeeds settings + command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg diff --git a/cloud/open-telekom-cloud/.hpfeeds_settings.sh b/cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/hpfeeds.cfg similarity index 100% rename from cloud/open-telekom-cloud/.hpfeeds_settings.sh rename to cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/hpfeeds.cfg index aae1dcad..1b981fdd 100644 --- a/cloud/open-telekom-cloud/.hpfeeds_settings.sh +++ b/cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/hpfeeds.cfg @@ -2,7 +2,7 @@ myENABLE=false myHOST=host myPORT=port myCHANNEL=channels +myCERT=false myIDENT=user mySECRET=secret -myCERT=false myFORMAT=json diff --git a/cloud/open-telekom-cloud/deploy_ansible_otc_t-pot.sh b/cloud/open-telekom-cloud/deploy_ansible_otc_t-pot.sh index 072ce0e1..9f3756f9 100755 --- a/cloud/open-telekom-cloud/deploy_ansible_otc_t-pot.sh +++ b/cloud/open-telekom-cloud/deploy_ansible_otc_t-pot.sh @@ -33,22 +33,9 @@ source .ecs_settings.sh # Import OTC authentication credentials source .otc_env.sh -# Import HPFEED settings -source .hpfeeds_settings.sh - # Password is later used by Ansible export LINUX_PASS=$linuxpass -# HPFEED settings are later used by Ansible -export myENABLE=$myENABLE -export myHOST=$myHOST -export myPORT=$myPORT -export myCHANNEL=$myCHANNEL -export myIDENT=$myIDENT -export mySECRET=$mySECRET -export myCERT=$myCERT -export myFORMAT=$myFORMAT - # Ignore ssh host keys as they are new anyway export ANSIBLE_HOST_KEY_CHECKING=False From 262e22155e54eb8905059cc4e0ca583275dfd751 Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 12:12:49 +0000 Subject: [PATCH 15/17] Fix whitespace --- .../open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml b/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml index 151ea000..b49d4df4 100644 --- a/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml +++ b/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml @@ -20,5 +20,5 @@ group: root mode: 0644 --name: Applying hpfeeds settings +- name: Applying hpfeeds settings command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg From 52c64f57d1a440dc0a03bb722506e8f98c2b123b Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Thu, 16 May 2019 18:29:48 +0200 Subject: [PATCH 16/17] Update README.md --- cloud/open-telekom-cloud/README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/cloud/open-telekom-cloud/README.md b/cloud/open-telekom-cloud/README.md index d43b5770..e40acdd5 100644 --- a/cloud/open-telekom-cloud/README.md +++ b/cloud/open-telekom-cloud/README.md @@ -18,8 +18,7 @@ This example showcases the deployment on our own Public Cloud Offering [Open Tel - [Configure `.otc_env.sh`](#otc-env) - [Configure `.ecs_settings.sh`](#ecs-settings) - [Configure `tpot.conf.dist`](#tpot-conf) - - [Optional: Custom `ews.cfg`](#ews-cfg) - - [Optional: Configure `.hpfeeds_settings.sh`](#hpfeeds) + - [Optional: Custom `ews.cfg` and HPFEEDS](#ews-hpfeeds) - [Deploying a T-Pot](#deploy) - [Further documentation](#documentation) @@ -171,11 +170,12 @@ myCONF_WEB_USER='webuser' myCONF_WEB_PW='w3b$ecret' ``` - -## Optional: Custom `ews.cfg` -To enable this feature, set `custom_ews=true` in `.ecs_settings.sh`; See here: [Configure `.ecs_settings.sh`](#ecs-settings) + +## Optional: Custom `ews.cfg` and HPFEEDS +To enable these features, set `custom_ews=true` in `.ecs_settings.sh`; See here: [Configure `.ecs_settings.sh`](#ecs-settings) -Here you can create a custom config file for `ewsposter`. +### ews.cfg +You can use a custom config file for `ewsposter`. e.g. when you have your own credentials for delivering data to our [Sicherheitstacho](https://sicherheitstacho.eu/start/main). You can find the `ews.cfg` template file here: [`ansible/roles/custom_ews/templates/ews.cfg`](ansible/roles/custom_ews/templates/ews.cfg) and adapt it for your needs. @@ -193,21 +193,21 @@ token = your_token ... ``` - -## Optional: Configure `.hpfeeds_settings.sh` -When the `custom_ews=true` setting is set in`.ecs_settings.sh` (see here: [Configure `.ecs_settings.sh`](#ecs-settings)), you can also specify custom HPFEEDS in `.hpfeeds_settings.sh`. -e.g. for SISSDEN: +### HPFEEDS +You can also specify HPFEEDS in [`ansible/roles/custom_ews/templates/hpfeeds.cfg`](ansible/roles/custom_ews/templates/hpfeeds.cfg). +That file constains the defaults (turned off) and you can adapt it for your needs, e.g. for SISSDEN: ``` myENABLE=true myHOST=hpfeeds.sissden.eu myPORT=10000 myCHANNEL=t-pot.events +myCERT=/opt/ewsposter/sissden.pem myIDENT=your_user mySECRET=your_secret -myCERT=/opt/ewsposter/sissden.pem myFORMAT=json ``` + # Deploying a T-Pot :honey_pot::honeybee: Now, after configuring everything, we can finally start deploying T-Pots: From 1113c9c0c9fcd1c5fc73785e74cda6ef58602a8c Mon Sep 17 00:00:00 2001 From: Sebastian Haderecker Date: Wed, 26 Jun 2019 09:15:29 +0000 Subject: [PATCH 17/17] Minor typo --- bin/hpfeeds_optin.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/hpfeeds_optin.sh b/bin/hpfeeds_optin.sh index f74f8337..ff27a5b8 100755 --- a/bin/hpfeeds_optin.sh +++ b/bin/hpfeeds_optin.sh @@ -88,7 +88,7 @@ EOF function fuAPPLY () { echo "Now stopping T-Pot ..." systemctl stop tpot -echo "Applying your settings in tpot.yml ... " +echo "Applying your settings to tpot.yml ... " sed --follow-symlinks -i "s/EWS_HPFEEDS_ENABLE.*/EWS_HPFEEDS_ENABLE=${myENABLE}/g" "$myTPOTYMLFILE" sed --follow-symlinks -i "s/EWS_HPFEEDS_HOST.*/EWS_HPFEEDS_HOST=${myHOST}/g" "$myTPOTYMLFILE" sed --follow-symlinks -i "s/EWS_HPFEEDS_PORT.*/EWS_HPFEEDS_PORT=${myPORT}/g" "$myTPOTYMLFILE"