Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-09 00:28:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

prepare for emobility

Browse source
This commit is contained in:
Marco Ochse 2016-02-08 12:21:03 +01:00
parent 63ba812446
commit ebb58955c4
11 changed files with 59 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
installer/bin/update-images.sh Executable file
View file

@ -0,0 +1,15 @@
#!/bin/bash
########################################################
# T-Pot #
# Only start the container found in /etc/init/t-pot #
# #
# v0.01 by mo, DTAG, 2016-02-08 #
########################################################
rm -rf /etc/init/t-pot/*.conf || true
for i in $(cat /data/images.conf);
do
cp /data/upstart/"$i".conf /etc/init/t-pot/;
done
echo Please reboot for the changes to take effect.

3
installer/data/industrial_images.conf Normal file
View file

@ -0,0 +1,3 @@
elk
emobility
suricata

4
installer/upstart/cowrie.conf → installer/data/upstart/cowrie.conf
View file

@ -2,7 +2,7 @@
# T-Pot # # T-Pot #
# Cowrie upstart script # # Cowrie upstart script #
# # # #
# v16.03.2 by av / mo, DTAG, 2015-12-14 # # v16.03.3 by av / mo, DTAG, 2016-02-08 #
######################################################## ########################################################
description "Cowrie" description "Cowrie"
@ -17,7 +17,7 @@ pre-start script
then docker rm -v $myCID; then docker rm -v $myCID;
fi fi
# Remove any data from previous container # Remove any data from previous container
rm -rf /data/cowrie/* rm -rf /data/cowrie/* || true
mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/
chmod 760 /data/cowrie -R chmod 760 /data/cowrie -R
chown tpot:tpot /data/cowrie -R chown tpot:tpot /data/cowrie -R

6
installer/upstart/dionaea.conf → installer/data/upstart/dionaea.conf
View file

@ -2,7 +2,7 @@
# T-Pot # # T-Pot #
# Dionaea upstart script # # Dionaea upstart script #
# # # #
# v16.03.4 by mo, DTAG, 2016-02-06 # # v16.03.5 by mo, DTAG, 2016-02-08 #
######################################################## ########################################################
description "Dionaea" description "Dionaea"
@ -17,8 +17,8 @@ pre-start script
then docker rm -v $myCID; then docker rm -v $myCID;
fi fi
# Remove any data from previous container # Remove any data from previous container
rm -rf /data/dionaea/* rm -rf /data/dionaea/* || true
rm /data/ews/dionaea/ews.json rm /data/ews/dionaea/ews.json || true
mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot
chmod 760 /data/dionaea -R chmod 760 /data/dionaea -R
chown tpot:tpot /data/dionaea -R chown tpot:tpot /data/dionaea -R

4
installer/upstart/elasticpot.conf → installer/data/upstart/elasticpot.conf
View file

@ -2,7 +2,7 @@
# T-Pot # # T-Pot #
# Elasticpot upstart script # # Elasticpot upstart script #
# # # #
# v16.03.3 by ms/mo, DTAG, 2016-02-04 # # v16.03.4 by ms/mo, DTAG, 2016-02-08 #
######################################################## ########################################################
description "ElasticPot" description "ElasticPot"
@ -17,7 +17,7 @@ pre-start script
then docker rm -v $myCID; then docker rm -v $myCID;
fi fi
# Remove any data from previous container # Remove any data from previous container
rm -rf /data/elasticpot/* rm -rf /data/elasticpot/* || true
mkdir -p /data/elasticpot/log mkdir -p /data/elasticpot/log
chmod 760 /data/elasticpot -R chmod 760 /data/elasticpot -R
chown tpot:tpot /data/elasticpot -R chown tpot:tpot /data/elasticpot -R

0
installer/upstart/elk.conf → installer/data/upstart/elk.conf
View file

4
installer/upstart/glastopf.conf → installer/data/upstart/glastopf.conf
View file

@ -2,7 +2,7 @@
# T-Pot # # T-Pot #
# Glastopf upstart script # # Glastopf upstart script #
# # # #
# v16.03.2 by mo, DTAG, 2015-12-14 # # v16.03.3 by mo, DTAG, 2016-02-08 #
######################################################## ########################################################
description "Glastopf" description "Glastopf"
@ -17,7 +17,7 @@ pre-start script
then docker rm -v $myCID; then docker rm -v $myCID;
fi fi
# Remove any data from previous container # Remove any data from previous container
rm -rf /data/glastopf/* rm -rf /data/glastopf/* || true
end script end script
script script
/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:latest1603 /usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:latest1603

4
installer/upstart/honeytrap.conf → installer/data/upstart/honeytrap.conf
View file

@ -2,7 +2,7 @@
# T-Pot # # T-Pot #
# Honeytrap upstart script # # Honeytrap upstart script #
# # # #
# v16.03.4 by mo, DTAG, 2016-01-27 # # v16.03.5 by mo, DTAG, 2016-02-08 #
######################################################## ########################################################
description "Honeytrap" description "Honeytrap"
@ -17,7 +17,7 @@ pre-start script
then docker rm -v $myCID; then docker rm -v $myCID;
fi fi
# Remove any data from previous container # Remove any data from previous container
rm -rf /data/honeytrap/* rm -rf /data/honeytrap/* || true
mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
chmod 760 /data/honeytrap/ -R chmod 760 /data/honeytrap/ -R
chown tpot:tpot /data/honeytrap/ -R chown tpot:tpot /data/honeytrap/ -R

4
installer/upstart/suricata.conf → installer/data/upstart/suricata.conf
View file

@ -2,7 +2,7 @@
# T-Pot # # T-Pot #
# Suricata upstart script # # Suricata upstart script #
# # # #
# v16.03.2 by mo, DTAG, 2016-02-06 # # v16.03.2 by mo, DTAG, 2016-02-08 #
######################################################## ########################################################
description "Suricata" description "Suricata"
@ -17,7 +17,7 @@ pre-start script
then docker rm -v $myCID; then docker rm -v $myCID;
fi fi
# Remove any data from previous container # Remove any data from previous container
rm -rf /data/suricata/* rm -rf /data/suricata/* || true
mkdir -p /data/suricata/log mkdir -p /data/suricata/log
chmod 760 -R /data/suricata chmod 760 -R /data/suricata
chown tpot:tpot -R /data/suricata chown tpot:tpot -R /data/suricata

42
installer/install.sh
View file

@ -3,10 +3,10 @@
# T-Pot post install script # # T-Pot post install script #
# Ubuntu server 14.04.3, x64 # # Ubuntu server 14.04.3, x64 #
# # # #
# v16.03.5 by mo, DTAG, 2016-02-04 # # v16.03.6 by mo, DTAG, 2016-02-08 #
######################################################## ########################################################
# Type of install, SENSOR or FULL? # Type of install, SENSOR, INDUSTRIAL or FULL?
myFLAVOR="FULL" myFLAVOR="FULL"
# Some global vars # Some global vars
@ -150,7 +150,6 @@ tee -a /etc/ssh/ssh_config <<EOF
UseRoaming no UseRoaming no
EOF EOF
# Let's pull some updates # Let's pull some updates
fuECHO "### Pulling Updates." fuECHO "### Pulling Updates."
apt-get update -y apt-get update -y
@ -204,9 +203,13 @@ EOF
if [ "$myFLAVOR" = "SENSOR" ] if [ "$myFLAVOR" = "SENSOR" ]
then then
cp /root/tpot/data/sensor_images.conf /root/tpot/data/images.conf cp /root/tpot/data/sensor_images.conf /root/tpot/data/images.conf
echo "manual" >> /etc/init/suricata.override fi
echo "manual" >> /etc/init/elk.override if [ "$myFLAVOR" = "INDUSTRIAL" ]
else then
cp /root/tpot/data/industrial_images.conf /root/tpot/data/images.conf
fi
if [ "$myFLAVOR" = "FULL" ]
then
cp /root/tpot/data/full_images.conf /root/tpot/data/images.conf cp /root/tpot/data/full_images.conf /root/tpot/data/images.conf
fi fi
@ -270,15 +273,6 @@ tee -a /etc/crontab <<EOF
27 16 * * 0 root sleep \$((RANDOM %600)); apt-get autoclean -y; apt-get autoremove -y; apt-get update -y; apt-get upgrade -y; apt-get upgrade docker-engine -y; sleep 5; reboot 27 16 * * 0 root sleep \$((RANDOM %600)); apt-get autoclean -y; apt-get autoremove -y; apt-get update -y; apt-get upgrade -y; apt-get upgrade docker-engine -y; sleep 5; reboot
EOF EOF
# Let's take care of some files and permissions before copying
chmod 500 /root/tpot/bin/*
chmod 600 /root/tpot/data/*
chmod 644 /root/tpot/etc/issue
chmod 755 /root/tpot/etc/rc.local
chmod 700 /root/tpot/home/*
chown tsec:tsec /root/tpot/home/*
chmod 644 /root/tpot/upstart/*
# Let's create some files and folders # Let's create some files and folders
fuECHO "### Creating some files and folders." fuECHO "### Creating some files and folders."
mkdir -p /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/glastopf /data/ews/honeytrap \ mkdir -p /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/glastopf /data/ews/honeytrap \
@ -286,15 +280,29 @@ mkdir -p /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/glastopf /data
/data/elasticpot /data/elasticpot/log \ /data/elasticpot /data/elasticpot/log \
/data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot \ /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot \
/data/elk/data /data/elk/log /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \ /data/elk/data /data/elk/log /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
/data/suricata/log /home/tsec/.ssh/ /data/suricata/log /home/tsec/.ssh/ \
/etc/init/t-pot
# Let's take care of some files and permissions before copying
chmod 500 /root/tpot/bin/*
chmod 600 /root/tpot/data/*
chmod 644 /root/tpot/etc/issue
chmod 755 /root/tpot/etc/rc.local
chmod 700 /root/tpot/home/*
chown tsec:tsec /root/tpot/home/*
chmod 644 /root/tpot/data/upstart/*
chmod 644 /etc/init/t-pot
# Let's copy some files # Let's copy some files
cp -R /root/tpot/bin/* /usr/bin/ cp -R /root/tpot/bin/* /usr/bin/
cp -R /root/tpot/data/* /data/ cp -R /root/tpot/data/* /data/
cp -R /root/tpot/etc/issue /etc/ cp -R /root/tpot/etc/issue /etc/
cp -R /root/tpot/home/* /home/tsec/ cp -R /root/tpot/home/* /home/tsec/
cp -R /root/tpot/upstart/* /etc/init/
cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys
for i in $(cat /data/images.conf);
do
cp /data/upstart/$i.conf /etc/init/t-pot/;
done
# Let's take care of some files and permissions # Let's take care of some files and permissions
chmod 760 -R /data chmod 760 -R /data

6
makeiso.sh
View file

@ -4,7 +4,7 @@
# T-Pot # # T-Pot #
# .ISO maker # # .ISO maker #
# # # #
# v16.03.1 by mo, DTAG, 2016-01-14 # # v16.03.2 by mo, DTAG, 2016-02-08 #
######################################################## ########################################################
# Let's define some global vars # Let's define some global vars
@ -85,8 +85,8 @@ if [ "$mySTART" = "1" ];
exit exit
fi fi
# Let's ask for the type of installation FULL or SENSOR? # Let's ask for the type of installation SENSOR, INDUSTRIAL or FULL?
myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Installation type ... ]" --radiolist "" 8 50 2 "FULL" "Install Everything" on "SENSOR" "Install Honeypots & EWS Poster" off 3>&1 1>&2 2>&3 3>&-) myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Installation type ... ]" --radiolist "" 9 50 4 "FULL" "Everything (w/o INDUSTRIAL)" on "SENSOR" "Honeypots (w/o INDUSTRIAL)" off "INDUSTRIAL" "Experimental (+ELK +Suricata)" off 3>&1 1>&2 2>&3 3>&-)
sed -i 's#^myFLAVOR=.*#myFLAVOR="'$myFLAVOR'"#' $myINSTALLERPATH sed -i 's#^myFLAVOR=.*#myFLAVOR="'$myFLAVOR'"#' $myINSTALLERPATH
# Let's ask the user for a proxy ... # Let's ask the user for a proxy ...