Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 04:52:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Web based access

Browse source 
It is now possible to access T-Pot web based and without a SSH tunnel
This commit is contained in:
Marco Ochse 2016-08-08 02:21:02 +02:00
parent 5200af3ccf
commit f038173920
9 changed files with 89 additions and 267 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
installer/bin/check.sh
View file

@ -19,20 +19,23 @@ touch /var/run/check.lock
myUPTIME=$(awk '{print int($1/60)}' /proc/uptime) myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
for i in $myIMAGES for i in $myIMAGES
do do
myCIDSTATUS=$(docker exec $i supervisorctl status) if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ];
if [ $? -ne 0 ]; then
then myCIDSTATUS=$(docker exec $i supervisorctl status)
myCIDSTATUS=1 if [ $? -ne 0 ];
else then
myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)") myCIDSTATUS=1
fi else
if [ $myUPTIME -gt 4 ] && [ $myCIDSTATUS -gt 0 ]; myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)")
then fi
echo "Restarting "$i"." if [ $myUPTIME -gt 4 ] && [ $myCIDSTATUS -gt 0 ];
systemctl stop $i then
sleep 5 echo "Restarting "$i"."
systemctl start $i systemctl stop $i
fi sleep 5
systemctl start $i
fi
fi
done done
rm /var/run/check.lock rm /var/run/check.lock

9
installer/bin/status.sh
View file

@ -42,7 +42,10 @@ echo CPU temp: $(sensors | grep "Physical" | awk '{ print $4 }')
echo echo
for i in $myIMAGES for i in $myIMAGES
do do
echo "======| Container:" $i "|======" if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ];
docker exec $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$" then
echo echo "======| Container:" $i "|======"
docker exec $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$"
echo
fi
done done

9
installer/etc/issue
View file

@ -1,7 +1,5 @@
T-Pot 16.10 (development) T-Pot 16.10 (development)
Hostname: \n Hostname: \n
IP:
___________ _____________________________ ___________ _____________________________
\\__ ___/ \\______ \\_____ \\__ ___/ \\__ ___/ \\______ \\_____ \\__ ___/
@ -10,6 +8,9 @@ ___________ _____________________________
|____| |____| \\_______ /____| |____| |____| \\_______ /____|
\\/ \\/
IP:
SSH:
WEB:
CTRL+ALT+F2 - Display current container status
CTRL+ALT+F1 - Return to this screen

53
installer/etc/nginx/ssl/nginx.crt
View file

@ -1,53 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIJXTCCBUWgAwIBAgIJANU7jQr6/QTdMA0GCSqGSIb3DQEBDQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTYwODAxMTMwMjEzWhcNMjYwNzMwMTMwMjEzWjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIEIjANBgkqhkiG9w0BAQEFAAOCBA8AMIIE
CgKCBAEAnQKXLLcvpvxcoV/vZYbMxBSo8dyZKkUVJhMqWqpAi9+kkuk0bIWGD0Bj
9NEExNqdtKZ2+ZmrBWo1a5SSCrfum+jW+JrQxYQubeiEbCij6687sOwuM17EDUJn
xaF7c6ZQx+ofRGtUsIE79ycIH6amZNwBFd+Cw70HnPH28w51D65KSIQqEcb1peAC
V7eZQo8bwQ1vajRp+XF6CA3TeGA5707v+ij0AMl8xWk1q8IMel5e2USvnIF27mH+
Pc35qNJj4PzZ3yM2hOl4/zO9/3fHoQKp+WvBDYDK5R+3QeVbSBiTu/zpFtlAjCVo
reMWFPG5gxE2QlYl4YM2gbv2jN/trQpySgoY+cQiwSyd353mdJV4UXAY8ukE2NiN
dxrRpqIbBLU8G3uy/wKKIcrbBBtXYMmaGAK73fQRX06Lea0m15y9DcvEnxqsH5CZ
qK3qRE9o4HzGdStivq0WUK/fuToeAzH4mEAryiDfsk/VXSTmhKlacCRddawdwaGk
ivuqViuKJ8S3x/idyy4K2yGHU1U4ihDUT+cwF/JUOMJ/hdoiODbloN92eB7gpHVp
kn7+2bBC3BEHZtD+mQVnasztYBPyQsfIce/pDQFeI+YvRjF68f6EeJoHXFj3vx84
bONCgDcRQzfrUujJlfoC4vd9iKogk+RXpb4BKOrNIvNsEP22P/Dxw32nH9sUy29u
j/0weTLVUlpMvWFLzXc0fVGY1WmXAezaCG4f87baWZEePykgZPW+rel4Rn5q5YxD
nI76nbJrMpIBqSjTuWX+JH5vn3mNMrItF6manH6KqIEdBEPWGC5AlE1PuLoK4ort
NB1KoHG46pFOikl7hyiXSs2rWTXmaBRTFHqG5f4K1HP9i3XnMBHWdouNZ39lnLls
rxStSKsfNY8bRnPzBGb4PAzjZ53LbrScJcjHxI+jfde1CwSZIdVB6bwlbJo5HXUl
WvoGYjDKbCyFKHPLtR+8Jcb47uPvw2AQuInGamOpqGzI1y2XEM6LOU5+BNd3nQiO
l6o+e2qMpSPJYf/lECYiTCvvKbkbyHTw9SLQ6RmInNgGyolSSnTqQTTxELRqazIj
6iiz969NfwEs+nx43kCfLqo7g+86WoHdTqjFVBi2JpDNjy5quwTg2AxPqfm1gg8/
p2cB8to1Gej7iUgAjifN7lcWJmgCdw2uEL77InF+Zaw2UqYhrhsPy5IM3X61ly+e
xiZTzgWB9YbH21N8MgHGAMNd9PLdZ6eZswTQpsT1UdoBMS6RhpWy/c6cKAX0W9cA
vfBSWPHLAU56qzpKuTwbQenIQEshH2/N6x2as30bgoQ2vo2uCDbgx9J769AJglmY
dUiuvYZv7u/21I0VzEEC1z8FCqlxawIDAQABo1AwTjAdBgNVHQ4EFgQUf0gNHQde
p6OqfSRj1qqSIjujVG4wHwYDVR0jBBgwFoAUf0gNHQdep6OqfSRj1qqSIjujVG4w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCBAEAkqa41Fy6m1CkocVuaGrn
r1l2nLtPiTZjVohZ2liVpfH09Jk0xKm+FBsbUK5wbS10kIPKmtvLq60JCTb8QjK8
K43AMWiUPVl93YcEJO6ZC2FU8TKJYwHPQ7VpjsKS2kW63fGZ3J812cByCbWF70FE
Wp/aHRd7ECDAarvDUN+/GZs6UoMl0teJt2CSAmHq2UbzlxJl6eXv7BePBzPd9qrv
gqGuWnOq57voltyFNfwZGtJn3o2CQoFrPE1dlHJX+upL9oDTC7n+6LhPbxjLZo2C
M66/qqjfR1F6zLhplE+5N+J1EZ1yRF5izkMkXwyAJEeSNO+n33dzfXItPU4qmJ0J
Hqo1ME+3pO9cPI6eSMH7Rk7qR7Dr6UIpdoGRNX8dTDN5yGzopP5aI7AaTH1zd7CR
czmX8QQbKh5NClXhQMa56JI3wAJgfG4dv6jmQT+5PA8+SSR+ccdmbWvDnZ9MWX/W
LpNajalzvN6+x1d3MSAABqO0u014kywKu1cCLgcBzdKBEcGOA2au3vfBdyiBauRV
E2OB6yLoSqUDNNDw//tr5Eih4gJZqnknzKj8UD+Sv84ExOJsX04apVz62Rba9dRj
CU6Ni2h8fnPBK/ws3Yx7ob30UozofZTJaxWeBxqZ/2nBkRcsLR+2AkdIybMSrttj
NbR/+1h67c74TLivkFU+cy+KXF0KgdfVwfUZYVlleaQA12dIp/7+Ivhxo/jyaw6W
s9A8ctaGtUtp3+UZeNBOSN3bTIrcgPxDTnuzKbS8K8ABQUzbyHCIuKyhxbkPR5y8
YwIfheSmHbBYhK2fG0AWPUpTLUMQg2IR9+CPEi6GZXRcbPkRL7AjJMLSqbecJlpT
LQ+xltU/D4my/WTjonsY2b4xvEEiYhF9OT8+L4z0UUo66HGCJnuGFdJEdJdK2RDr
ABnP1NOenAp5M7+8cf79jLop6fIbP3/kWQoWvPYBW/WkIHF0Fefmw+FgyI/7N9uJ
CXTOps2YiDeMyk+kdykJOaWcKZSrs9FZGk1bOx2/HaPfbaZdI+hYdfKxedK/4L9D
YZIdU7jWtORRdBM9b45ZluPdeYsD169AgfRD3ltvKEwebWdjJFERzDc+uk2sHdPL
ojiPxLmewa4OLMQFgo2pL2jwJPybWF/n4UW0MaPIPLfTkCSmay8V3tq4EdGjXJYj
8K8jOn1VjPeDL14FHs48T1pSElgxpFanAQkVEIpPfaRCWSXRJykG9YcuBWfLWzbs
QOWwweGaC4w8fY9k8Ev08tn5FLe9YPFFBVO++gzd5JzoQTMDwORrSzUu+D23QZER
TMkwIess0COsq+7+QeZZISiYnsq8dV3OfpiAp5XAQTCbln1fVeJNWwzxBegvw118
8g==
-----END CERTIFICATE-----

100
installer/etc/nginx/ssl/nginx.key
View file

@ -1,100 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIISQQIBADANBgkqhkiG9w0BAQEFAASCEiswghInAgEAAoIEAQCdApcsty+m/Fyh
X+9lhszEFKjx3JkqRRUmEypaqkCL36SS6TRshYYPQGP00QTE2p20pnb5masFajVr
lJIKt+6b6Nb4mtDFhC5t6IRsKKPrrzuw7C4zXsQNQmfFoXtzplDH6h9Ea1SwgTv3
JwgfpqZk3AEV34LDvQec8fbzDnUPrkpIhCoRxvWl4AJXt5lCjxvBDW9qNGn5cXoI
DdN4YDnvTu/6KPQAyXzFaTWrwgx6Xl7ZRK+cgXbuYf49zfmo0mPg/NnfIzaE6Xj/
M73/d8ehAqn5a8ENgMrlH7dB5VtIGJO7/OkW2UCMJWit4xYU8bmDETZCViXhgzaB
u/aM3+2tCnJKChj5xCLBLJ3fneZ0lXhRcBjy6QTY2I13GtGmohsEtTwbe7L/Aooh
ytsEG1dgyZoYArvd9BFfTot5rSbXnL0Ny8SfGqwfkJmorepET2jgfMZ1K2K+rRZQ
r9+5Oh4DMfiYQCvKIN+yT9VdJOaEqVpwJF11rB3BoaSK+6pWK4onxLfH+J3LLgrb
IYdTVTiKENRP5zAX8lQ4wn+F2iI4NuWg33Z4HuCkdWmSfv7ZsELcEQdm0P6ZBWdq
zO1gE/JCx8hx7+kNAV4j5i9GMXrx/oR4mgdcWPe/Hzhs40KANxFDN+tS6MmV+gLi
932IqiCT5FelvgEo6s0i82wQ/bY/8PHDfacf2xTLb26P/TB5MtVSWky9YUvNdzR9
UZjVaZcB7NoIbh/zttpZkR4/KSBk9b6t6XhGfmrljEOcjvqdsmsykgGpKNO5Zf4k
fm+feY0ysi0XqZqcfoqogR0EQ9YYLkCUTU+4ugriiu00HUqgcbjqkU6KSXuHKJdK
zatZNeZoFFMUeobl/grUc/2LdecwEdZ2i41nf2WcuWyvFK1Iqx81jxtGc/MEZvg8
DONnnctutJwlyMfEj6N917ULBJkh1UHpvCVsmjkddSVa+gZiMMpsLIUoc8u1H7wl
xvju4+/DYBC4icZqY6mobMjXLZcQzos5Tn4E13edCI6Xqj57aoylI8lh/+UQJiJM
K+8puRvIdPD1ItDpGYic2AbKiVJKdOpBNPEQtGprMiPqKLP3r01/ASz6fHjeQJ8u
qjuD7zpagd1OqMVUGLYmkM2PLmq7BODYDE+p+bWCDz+nZwHy2jUZ6PuJSACOJ83u
VxYmaAJ3Da4QvvsicX5lrDZSpiGuGw/LkgzdfrWXL57GJlPOBYH1hsfbU3wyAcYA
w1308t1np5mzBNCmxPVR2gExLpGGlbL9zpwoBfRb1wC98FJY8csBTnqrOkq5PBtB
6chASyEfb83rHZqzfRuChDa+ja4INuDH0nvr0AmCWZh1SK69hm/u7/bUjRXMQQLX
PwUKqXFrAgMBAAECggQAXcWfTih2AFA2bnbifotcnjsMj67Fl1Y9BElsAUwvUpqW
Ktu24J16bH9zc1Kme39psuu8oOPjHU/Kad8IvfgOPPV59m5YA68nH6M/+2zmQaud
hdP439tYUeb4HTONjIunMU6lr/I+WVBF5R1dn7GjLResWkjsS0UJV/W3HIDk7yGT
4e11RrrCGXhJTeQsV3ErDUid4xs8s6rPTCIdy4YE8+T8NDbjS9kKeMiWMmeplifo
k/COxXUY99R0yKrM0cQdvNCmurrII+dgyWI4tmvuQT5bD8kIOq1SADfJ9kQqGUv8
Z8jr2SaVg14QP9IhbQ7VUe8krcfPxfjcw+zjmk1fIPrdOVUAh6NZcm/YNiaS7cwb
WOAPNnxu1ae4DYtp7RBh/JTVOkDNrbnxj68c0T4XGIovSunPFAdhnL9HU7tTOHC3
BJdPbgq7A/sTmoeMI5Idu/0pde8cgW7Upgn0HycTp6rfouaogIbTsyY08vVH67FN
fy5o1w+dkfidUhhuKhrE322AqaDVdPShrTBAJ0f9hY/5jWMw+QxUurWG/gVCbLp0
uHjdw24FkpNBIypPwOmhdNeCyShG9lMg6ctMdhZTmQjCsTGsyYSomd4vG8gPepoc
uf6cKM5F4NKfm4C7ReIdoDy0ggbf5n+z26QeSFH7NPiqVCW/gZWCQL6LKzar81Ff
JLVdVnHN28H8DtqIHJzDG+xQMsXpQZt92Aamk70KRqBNMvsnCCmpU4amBdwvWwes
ungtPf17NVRpI7GVA5u3g0XO8gOFowZZ+b8FLYBNS1ueMTv7ex5KTstSUOh+4y06
ueBbWWWUClMsL1sBq6f1PVVykvtTLkI5Zbc0k9duAOvEofV1wmtayy33uzuq6Q4J
opcrrzwsa+PRZb5bhXuBy8fZdgmnYVlCQfZKTnKelfk2Daf/4MtSOleQKzf9cn1d
dX31pQt/94Yduad1Ob4D+/L7m/1dvlIyjkDrBGk5IXMqb5jBELodezJsOAPjbTj/
RRrg0pUJhn/AVlOU36p1GfZXNU1mjr70T52H/5VDRYiiaPuQvX4rvE68TvFfKAEJ
MS0xzwGHG8itp5z3KFKiUb3GFaksWAhEZt+77vvN6k9b2b2TkjaDxOerRqZoL4lw
QbhTaWQy+iocfFHVPPskVlQeVY1s//o6PN4tM1wVlgLCj/ZdKrOMTGTLn5OnTE/V
AN21dyIfy6um8qx76nf3j3bhRBOPl2RNXielsrL8f8z0wB8P0Q3hBU6WQi8AV0m8
sLfRjfS1ZUUzuGnn9msywyGkor+681NjWirwkSJLIc7ZykHRdwVBsplwFiU7JH+a
t2F5A3J4JQhFQyVzML/RgHmmzEyEudnRwlFzycgWOQKCAgEAz3ZKdN5zjhDW0Eb7
3+wxFPGmp8QV5+HXjPXxt8L/CRu3fiFG/J5m0/+ElzLG4R/GsDNbnZ4bSawsuZcI
CxaTfKNVKE2QNeJjZP96H6bFpgmOpKEM60MbKSEJsvheUG941Ak9KihHXQZv7KKh
XWprfwrA9HcMxwKHVEAoIGgnNVmXGd8OdJr80jdRuQawzK+QtoKSFr6mB212zK+n
KFyoSGl4spcaZzciIIfMc87Ig9ic62GnD4HSc+OnrvWvzIOA8LPLIR5zWBVWCqW3
GDMSQ8xB20w3usT/dDgu0isRGeNebC+ZBMBHX/0wmwtQXk6RjsBY+mhF8GB6qXR7
S5dn01KwGfVOclrN5HvSnFsxfzmqOqBAmHK1Tz609XxlOr9hch2hhNoXMZkk0HGZ
e3w3l/SXE+dseVT8GLBSQRdajAa7b01aTo8rS7gcDo9QWy+9l0lWfpEX3o4lK12l
EXj1L+mcF2yiOc+Xycih+0RJFsnEBGzB+B7JCfp3d9r9SDORPMqQDCX3u3Nk9RfV
b8Hc3UNK/cw9IKKCLcQQ8CXKmm0pA6OkYUWGNSaquLOzw3aC5Rpcx0UnG4a5YIPh
aMlxCWPuc2qxvnXCpxPqOx3KewM3MT3zA+5g5Y3yheWtl36XhmLlb5ETRx3HWIQ6
8DqAJEPeL++vVOEXN1WB22ZFhhUCggIBAMG+iUZjZOvT3Ovm3kcUTAiDtcTvu0wd
xV7J/GASbN6Y+0LiQ84EeXz0hYdnny03mV3hASNalXG3/7mVRmp8tc5rd0D/wIQA
Yplabsqgt6bo07q28V25PyM0YQGD8Pt5clN6wCl6IDiC9SmPd+dwIdWCUfHvaL9d
aSP2NCsmWVbADrgF+85uFJsM+9fSTELYZuSggaWoGQ3415NRlYaE0nbJuOKm8c4g
6svRk1Weuf/Jr1thoCSu5bDbZAljPyVh5ZMWTXPC29wjqa6QJ/9iV69Jc7i/Hd7h
H2fFSEwW07H7rwZAOp0RR0o3W8KRua89BqbEBC9Qr+AScewwAn+gaAR5yIblTT4f
RURo0jGRQcy3a/leAf1HCgea1E9X9CmwyX0pIE3iSS0kzaUy1YngWwMP7++6ubQQ
hTN7K7AAjBgQ6QVo03f3r/SHzCUgajDp8OH5p+yK9PLOZCVlJ0lgEFlFCzAWhvry
mn4bR3yMZKYV+NanYHO4ELdXUorO92AEHbOvBL9kUNKVoBfuZzCd7uds+Ummg1tF
5+j01+t3/qMKITYE/d7tNNJem7u6W0h1gJlaP6vJlwR1HGp8gwDDk7dFqjmLrkt6
4F0Miro3uH7/ZcAV9B2Eeq7WRdfbb+d8wKSCwyXDv2yKH7YconclyKZvTT9c7WRD
mzWBzzoJnHl/AoICACZ2MbuU+iteZ9TZNB0BduABJPp5We5RalrRxexhlFKl9tDF
bpmq7DllZ7l4SnK2J2nHO7bu9vQjnW8S1wTnPJSg20rLhm7W98JjsspnasEriGxx
ByoemMx5OYkajrGu2OHGjLZiHUjbxqhCRlRBRIia/8bSw2WpzFkMQ+QuKwazA1Zi
ihWIHlMCun3pBaIM8nFDp73bvoAmBR5RelX7R5+VHjFN3jFAgW0yf+8AaSA4am8g
/Y3cbZ3amN3Q4rSxtJfrXT9Ym926pub2bglofnxfQ95aNQLFPu7W86c3IMaB5qF7
+Yxt8U2UbQxxfobdXhLvCg/ygPTdjiAYXjtXaII/FDLbzZ1ZxE4VvqgKKBUEJdEU
oKUirwZwA7B3TXUkwfYcFDPDEwW49KBIT0Ibd1sOl2uzPeMIpGwXVEiJAdpv7RPn
bVSfKlGxYlI4s5cUNLv1drmkQJ6cD7wIcm/Y0uv9DVkyZKj/GY7pSU6CDGLTKSoA
170eR/s3mip4SPi3xrdUfnwiFdmEvTTLJGDBuiazMRX4ZWTFfAjsDo/XEcarci0g
i3sVHpp//qqbdjpIoF/FEWpIIcXypi+Eg6efoPsysaRoJWfAAURkZspq7Xz8zaCt
cX5LFV+5fzrfp90sNP9PGmYiqUZH+QsqCJs83UDb7DdK4mCEEn/JtHducHk5AoIC
ACe+cmKiGR3XhEZQQeDK5R4KBsuzcfSXVtmvDbqXjQXM1B5QVCB7AoEDmDDCrQCV
mzyK37Tk7Cs715W2bY+Crbj+iqQm0tNBUPiseHXQqlvu/yAaT0EusykBobSx4El2
DGHbmHfpuZpeIvS3nZ04f3hRF4ZN2msHOn5KD0GayFDnbR2K/LDIHCoCa9dGKKa9
xb24v1/AMAORvIdYARhrPtFnaCn2nTvvvLq670JtITK7qOFSEYv05OF23/qdBWMh
xfp6ZMEOhBOQrUpGAC5/egVXSAnqCrKh89NRwRb6x8qHGsxpeJyn4rvyxzwOsMyl
9CtZopIiNzH8Fqqg3qJXwX7JjL0/ZK0NtSPnbNcGOT1JkzjAdCAE5qXQuSTdohS7
U1n9icbwWJqOJjFxUCTMhV8Hcez3nQi3Ktv4tGmScyqsrWCStG6zvMCo6tPi5mXK
V8PDdxMrHjyA4kJZkcmXj0MAyt6+gEoSYmbkKbH/CtaXQ0ilZT/XznYNz7zx4AUu
Uvl9ObgZWAsa7pB6M2jhvRR0Yl8dbWzX1k8PiwuevfmsJkvykjGc720IQ2IrRHaE
xDCxNsaCwBwF+iJOEIGjnTXHcLgFU2fgeQ4deIfizlIfCjxxRHaZqqEbC5DQTxBp
owscV/PzR914KDEvhpRyh8q8olgRNBGRXNGJI32AYzz5AoICAGoE6Xr7ajsFPUJA
40S9svqoD8aZskoqBTGlSfWJq9+Z7CbluIrnLqHvo6maukG0KwfdbcG3AHICL2rF
Ekf4j0m0Fqy2C9DktvP5sG6Qjr4S+j666gWRW5Y2ggnzX/Ad5QQnfIT4/y8l8abV
ATTskLkw4ROPgvAsQHxXphPFIeEzAeJZB3DwSfTKwJYQbg33FpVvblLVMQUFflER
A5VNvQjMW7wr2nnQjDkMKi8S5cUY+pog8i3eHyyjplJoBDOm44Ls3jTj5X4QAA0m
H7IqLhfxHFJVvlke4jrUoUdoU08fHX03BhDkx3e/MuWGCQKfkFt2y7GKhDT7uoA/
5azHdHaBnrbgXEHrOaPdP6gI78PzzgoXTh0NNc1esYyXAeNYIbjFl5QIg1Y0tj/m
i6N9S1pG0Km5A5QeysAok0jV2Z+uZNHU9SJbxaMn9biddku4k4R7+l0wOK0rwc+l
C5MwaLEq6ThoUKPvWgu43Mkx4LD4DOVgZgyVrXooJBLCUrF7lfPt83F/M2fdA29z
YAyzlFJR7DcMZlyABkLFgHf1/qn7+3BGu6JTUrIkyO+lTTJIpFWxK2kt2XDMpaPC
DBUVjB7kj4EjHmhdzM3CyZxTL96IrIWKhnvfJi6wJG1a3EvLdLzeNF+yLiqma4TZ
VMG44x78shJfH0z4C+wwpYb3ESR8
-----END PRIVATE KEY-----

6
installer/etc/rc.local
View file

@ -2,8 +2,10 @@
# Let's add the first local ip to the /etc/issue and external ip to ews.ip file # Let's add the first local ip to the /etc/issue and external ip to ews.ip file
source /etc/environment source /etc/environment
myLOCALIP=$(hostname -I | awk '{ print $1 }') myLOCALIP=$(hostname -I | awk '{ print $1 }')
myEXTIP=$(curl myexternalip.com/raw) myEXTIP=$(curl -s myexternalip.com/raw)
sed -i "s#IP:.*#IP: $myLOCALIP, $myEXTIP#" /etc/issue sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
tee /data/ews/conf/ews.ip << EOF tee /data/ews/conf/ews.ip << EOF
[MAIN] [MAIN]
ip = $myEXTIP ip = $myEXTIP

43
installer/home/2fa_enable.sh
View file

@ -1,43 +0,0 @@
#!/bin/bash
########################################################
# T-Pot #
# Two-Factor-Authentication and SSH enable script #
# #
# v16.10.0 by mo, DTAG, 2016-05-12 #
########################################################
myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script"
# Let's ask if the user wants to enable two-factor ...
dialog --backtitle "$myBACKTITLE" --title "[ Enable 2FA? ]" --yesno "\nDo you want to enable Two-Factor-Authentication based on Google Authenticator for SSH?" 8 70
my2FA=$?
# Let's ask if the user wants to enable ssh ...
dialog --backtitle "$myBACKTITLE" --title "[ Enable SSH? ]" --yesno "\nDo you want to enable the SSH service?" 8 70
mySSH=$?
# Enable 2FA
if [ "$my2FA" = "0" ] && ! [ -f /etc/pam.d/sshd.bak ];
then
clear
sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
google-authenticator -t -d -f -r 3 -R 30 -w 21
echo "2FA enabled. Please press return to continue ..."
read
elif [ -f /etc/pam.d/sshd.bak ]
then
dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70
fi
# Enable SSH
if [ "$mySSH" = "0" ] && [ "$(systemctl status ssh | grep -o dead)" = "dead" ];
then
clear
sudo systemctl enable ssh
sudo systemctl start ssh
dialog --backtitle "$myBACKTITLE" --title "[ SSH enabled ]" --msgbox "\nThe SSH service has been enabled and is now reachable via port tcp/64295. Password authentication is disabled by default." 8 70
elif [ "$(systemctl status ssh | grep -o dead)" = "" ]
then
dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that SSH has already been enabled." 8 70
fi

97
installer/install.sh
View file

@ -47,29 +47,6 @@ exec > >(tee "install.log")
fuECHO "### Removing link to NGINX default website." fuECHO "### Removing link to NGINX default website."
rm /etc/nginx/sites-enabled/default rm /etc/nginx/sites-enabled/default
# Let's ask user for web password
fuECHO "### Please enter a web user name and password."
myOK="n"
myUSER="tsec"
while [ "$myOK" != "y" ]
do
while [ "$myUSER" = "tsec" ]
do
echo -n "Username (tsec not allowed): "
read myUSER
echo "Your username is: "$myUSER
done
echo -n "OK (y/n)? "
read myOK
done
htpasswd -c /etc/nginx/nginxpasswd $myUSER
# Let's generate a SSL certificate
fuECHO "### Generating a self-signed-certificate for NGINX."
fuECHO "### If you are unsure you can use the default values."
mkdir -p /etc/nginx/ssl
openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "/etc/nginx/ssl/nginx.key" -out "/etc/nginx/ssl/nginx.crt" -days 3650
# Let's setup the proxy for env # Let's setup the proxy for env
if [ -f $myPROXYFILEPATH ]; if [ -f $myPROXYFILEPATH ];
then fuECHO "### Setting up the proxy." then fuECHO "### Setting up the proxy."
@ -203,25 +180,25 @@ npm install git://github.com/t3chn0m4g3/wetty -g
# Let's install docker # Let's install docker
#fuECHO "### Installing docker-engine." #fuECHO "### Installing docker-engine."
#wget -qO- https://test.docker.com/ | sh #wget -qO- https://get.docker.com/ | sh
# Let's add the docker repository # Let's add the docker repository
#fuECHO "### Adding the docker repository." fuECHO "### Adding the docker repository."
#apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
#tee /etc/apt/sources.list.d/docker.list <<EOF tee /etc/apt/sources.list.d/docker.list <<EOF
#deb https://apt.dockerproject.org/repo ubuntu-xenial main deb https://apt.dockerproject.org/repo ubuntu-xenial main
#EOF EOF
# Let's pull some updates # Let's pull some updates
#fuECHO "### Pulling Updates." fuECHO "### Pulling Updates."
#apt-get update -y apt-get update -y
# Let's install docker # Let's install docker
#fuECHO "### Installing docker-engine." fuECHO "### Installing docker-engine."
#fuECHO "### You can safely ignore the [FAILED] message," fuECHO "### You can safely ignore the [FAILED] message,"
#fuECHO "### which is caused by a bug in the docker installer." fuECHO "### which is caused by a bug in the docker installer."
#apt-get install docker-engine=1.10.2-0~trusty -y #apt-get install docker-engine=1.10.2-0~trusty -y
#apt-get install docker-engine -y || true && sleep 5 apt-get install docker-engine=1.12.0-0~xenial -y || true && sleep 5
# Let's add proxy settings to docker defaults # Let's add proxy settings to docker defaults
if [ -f $myPROXYFILEPATH ]; if [ -f $myPROXYFILEPATH ];
@ -328,7 +305,7 @@ fuECHO "### Adding cronjobs."
tee -a /etc/crontab <<EOF tee -a /etc/crontab <<EOF
# Show running containers every 60s via /dev/tty2 # Show running containers every 60s via /dev/tty2
*/2 * * * * root status.sh > /dev/tty2 #*/2 * * * * root status.sh > /dev/tty2
# Check if containers and services are up # Check if containers and services are up
*/5 * * * * root check.sh */5 * * * * root check.sh
@ -369,8 +346,6 @@ chmod 500 /root/tpot/bin/*
chmod 600 /root/tpot/data/* chmod 600 /root/tpot/data/*
chmod 644 /root/tpot/etc/issue chmod 644 /root/tpot/etc/issue
chmod 755 /root/tpot/etc/rc.local chmod 755 /root/tpot/etc/rc.local
chmod 700 /root/tpot/home/*
chown tsec:tsec /root/tpot/home/*
chmod 644 /root/tpot/data/systemd/* chmod 644 /root/tpot/data/systemd/*
# Let's copy some files # Let's copy some files
@ -379,10 +354,9 @@ cp /root/tpot/data/elkbase.tgz /data/
cp -R /root/tpot/bin/* /usr/bin/ cp -R /root/tpot/bin/* /usr/bin/
cp -R /root/tpot/data/* /data/ cp -R /root/tpot/data/* /data/
cp /root/tpot/data/systemd/* /etc/systemd/system/ cp /root/tpot/data/systemd/* /etc/systemd/system/
cp -R /root/tpot/etc/issue /etc/ cp /root/tpot/etc/issue /etc/
cp /root/tpot/etc/nginx/ssl/* /etc/nginx/ssl/ cp -R /root/tpot/etc/nginx/ssl /etc/nginx/
cp /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/ cp /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/
cp -R /root/tpot/home/* /home/tsec/
cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys
cp /root/tpot/usr/share/nginx/html/* /usr/share/nginx/html/ cp /root/tpot/usr/share/nginx/html/* /usr/share/nginx/html/
for i in $(cat /data/images.conf); for i in $(cat /data/images.conf);
@ -399,7 +373,7 @@ ln -s /etc/nginx/sites-available/tpotweb.conf /etc/nginx/sites-enabled/tpotweb.c
chmod 760 -R /data chmod 760 -R /data
chown tpot:tpot -R /data chown tpot:tpot -R /data
chmod 600 /home/tsec/.ssh/authorized_keys chmod 600 /home/tsec/.ssh/authorized_keys
chown tsec:tsec /home/tsec/*.sh /home/tsec/.ssh /home/tsec/.ssh/authorized_keys chown tsec:tsec /home/tsec/.ssh /home/tsec/.ssh/authorized_keys
# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub # Let's replace "quiet splash" options, set a console font for more screen canvas and update grub
sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub
@ -421,15 +395,50 @@ sed -i 's#\#force_color_prompt=yes#force_color_prompt=yes#' /home/tsec/.bashrc
sed -i 's#\#force_color_prompt=yes#force_color_prompt=yes#' /root/.bashrc sed -i 's#\#force_color_prompt=yes#force_color_prompt=yes#' /root/.bashrc
# Let's create ews.ip before reboot and prevent race condition for first start # Let's create ews.ip before reboot and prevent race condition for first start
source /etc/environment
myLOCALIP=$(hostname -I | awk '{ print $1 }') myLOCALIP=$(hostname -I | awk '{ print $1 }')
myEXTIP=$(curl myexternalip.com/raw) myEXTIP=$(curl -s myexternalip.com/raw)
sed -i "s#IP:.*#IP: $myLOCALIP, $myEXTIP#" /etc/issue sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
tee /data/ews/conf/ews.ip << EOF tee /data/ews/conf/ews.ip << EOF
[MAIN] [MAIN]
ip = $myEXTIP ip = $myEXTIP
EOF EOF
echo $myLOCALIP > /data/elk/logstash/mylocal.ip
chown tpot:tpot /data/ews/conf/ews.ip chown tpot:tpot /data/ews/conf/ews.ip
# Let's ask user for web password
fuECHO "### Please enter a web user name and password."
myOK="n"
myUSER="tsec"
while [ 1 != 2 ]
do
read -p "Username (tsec not allowed): " myUSER
echo "Your username is: "$myUSER
read -p "OK (y/n)? " myOK
if [ "$myOK" = "y" ] && [ "$myUSER" != "tsec" ];
then
break
fi
done
myPASS1="pass1"
myPASS2="pass2"
while [ "$myPASS1" != "$myPASS2" ]
do
read -s -p "Password: " myPASS1
echo
read -s -p "Repeat password: " myPASS2
echo
done
htpasswd -b -c /etc/nginx/nginxpasswd $myUSER $myPASS1
# Let's generate a SSL certificate
fuECHO "### Generating a self-signed-certificate for NGINX."
fuECHO "### If you are unsure you can use the default values."
mkdir -p /etc/nginx/ssl
openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "/etc/nginx/ssl/nginx.key" -out "/etc/nginx/ssl/nginx.crt" -days 3650
# Final steps # Final steps
fuECHO "### Thanks for your patience. Now rebooting." fuECHO "### Thanks for your patience. Now rebooting."
#mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && chage -d 0 tsec && sleep 2 && reboot #mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && chage -d 0 tsec && sleep 2 && reboot

2
preseed/tpot.seed
View file

@ -100,7 +100,7 @@ tasksel tasksel/first multiselect ubuntu-server
######################## ########################
### Package Installation ### Package Installation
######################## ########################
d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog docker.io dstat ethtool genisoimage git html2text htop iptables iw libpam-google-authenticator libltdl7 lm-sensors nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dstat ethtool genisoimage git html2text htop iptables iw libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant
################# #################
### Update Policy ### Update Policy