Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-20 06:02:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

clean up, update readme

Browse source
This commit is contained in:
t3chn0m4g3 2016-03-09 14:05:06 +01:00
parent 6f18240ade
commit f9e67c897c
8 changed files with 29 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -18,7 +18,7 @@ The image can then be used to install T-Pot on a physical or virtual machine.
cd tpotce
2. Invoke the script that builds the ISO image.
The script will download and install dependecies necessary to build the image on the invoking machine. It will further download the ubuntu base image (~600MB) which T-Pot is based on.
The script will download and install dependencies necessary to build the image on the invoking machine. It will further download the ubuntu base image (~600MB) which T-Pot is based on.
sudo ./makeiso.sh
@ -38,7 +38,7 @@ When installing the T-Pot ISO image, make sure the target system (physical/virtu
### Sensor Installation (Cowrie, Dionaea, ElasticPot, Glastopf, Honeytrap)
This installation type is currently only available via ISO Creator.
When installing the T-Pot ISO image, make sure the target system (physical/virtual) meets the following minimum requirements:
- 3 GB RAM (4-6 GB recommended)
- 3 GB RAM (4-6 GB recommended)
- 64 GB disk (64 GB SSD recommended)
- Network via DHCP
- A working internet connection
@ -66,7 +66,7 @@ Once the installation is finished, the system will automatically reboot and you
You will need to set a new password after first login.
All honeypot services are started automatically.
All honeypot services are started automatically.
# T-Pot Dashboard

4
getimages.sh
View file

@ -4,11 +4,11 @@
# T-Pot #
# Export docker images maker #
# #
# v0.02 by mo, DTAG, 2016-02-22 #
# v16.03.1 by mo, DTAG, 2016-03-09 #
########################################################
# This feature is experimental and requires at least docker 1.7!
# Using any docker version < 1.7 may result in a unusable installation
# Using any docker version < 1.7 may result in a unusable T-Pot installation
# This script will download the docker images and export them to the folder "images".
# When building the .iso image the preloaded docker images will be exported to the .iso which

8
installer/bin/backup_elk.sh
View file

@ -4,7 +4,7 @@
# T-Pot #
# ELK DB backup script #
# #
# v0.01 by mo, DTAG, 2016-02-12 #
# v16.03.1 by mo, DTAG, 2016-03-09 #
########################################################
myCOUNT=1
myDATE=$(date +%Y%m%d%H%M)
@ -43,13 +43,12 @@ sleep 10
# Backup DB in 2 flavors
echo "Now backing up Elasticsearch data ..."
tar cvfz $myBACKUPPATH"$myDATE"_elkall.tgz $myELKPATH
tar cvfz $myBACKUPPATH"$myDATE"_elkall.tgz $myELKPATH
rm -rf "$myELKPATH"log/*
rm -rf "$myELKPATH"data/elasticsearch/nodes/0/indices/logstash*
tar cvfz $myBACKUPPATH"$myDATE"_elkbase.tgz $myELKPATH
rm -rf $myELKPATH
tar xvfz $myBACKUPPATH"$myDATE"_elkall.tgz -C /
#tar xvfz $myBACKUPPATH"$myDATE"_elkbase.tgz -C /
tar xvfz $myBACKUPPATH"$myDATE"_elkall.tgz -C /
chmod 760 -R $myELKPATH
chown tpot:tpot -R $myELKPATH
@ -59,4 +58,3 @@ echo "Now starting up ELK ..."
# Allow checks to resume
rm /var/run/check.lock

6
installer/bin/check.sh
View file

@ -4,10 +4,10 @@
# T-Pot #
# Check container and services script #
# #
# v0.03 by mo, DTAG, 2016-02-12 #
# v16.03.1 by mo, DTAG, 2016-03-09 #
########################################################
if [ -a /var/run/check.lock ];
then
then
echo "Lock exists. Exiting now."
exit
fi
@ -34,5 +34,5 @@ for i in $myIMAGES
service $i start
fi
done
rm /var/run/check.lock

20
installer/bin/dcres.sh
View file

@ -4,7 +4,7 @@
# T-Pot #
# Container and services restart script #
# #
# v0.04 by mo, DTAG, 2016-02-12 #
# v16.03.1 by mo, DTAG, 2016-03-09 #
########################################################
myCOUNT=1
@ -40,7 +40,7 @@ if [ $myUPTIME -gt 4 ];
do
service $i stop
done
echo "Waiting 10 seconds before restarting docker ..."
echo "### Waiting 10 seconds before restarting docker ..."
sleep 10
iptables -w -F
service docker restart
@ -56,25 +56,21 @@ if [ $myUPTIME -gt 4 ];
fi
sleep 0.1
done
echo "Docker is now up and running again."
echo "Removing obsolete container data ..."
echo "### Docker is now up and running again."
echo "### Removing obsolete container data ..."
docker rm -v $(docker ps -aq)
echo "Removing obsolete image data ..."
echo "### Removing obsolete image data ..."
docker rmi $(docker images | grep "^<none>" | awk '{print $3}')
echo "Starting T-Pot services ..."
echo "### Starting T-Pot services ..."
for i in $myIMAGES
do
service $i start
done
sleep 5
else
echo "T-Pot needs to be up and running for at least 5 minutes."
else
echo "### T-Pot needs to be up and running for at least 5 minutes."
fi
rm /var/run/check.lock
/etc/rc.local
echo "Done. Now running status.sh"
/usr/bin/status.sh

2
installer/bin/status.sh
View file

@ -4,7 +4,7 @@
# T-Pot #
# Container and services status script #
# #
# v0.05 by mo, DTAG, 2016-02-12 #
# v16.03.1 by mo, DTAG, 2016-03-09 #
########################################################
myCOUNT=1

8
installer/bin/update-images.sh
View file

@ -4,7 +4,7 @@
# T-Pot #
# Only start the containers found in /etc/init/ #
# #
# v0.03 by mo, DTAG, 2016-02-12 #
# v16.03.1 by mo, DTAG, 2016-03-09 #
########################################################
# Make sure not to interrupt a check
@ -40,7 +40,7 @@ done
# Setup only T-Pot upstart scripts from images.conf and pull the images
for i in $(cat /data/images.conf);
do
do
docker pull dtagdevsec/$i:latest1603;
cp /data/upstart/"$i".conf /etc/init/;
done
@ -49,8 +49,8 @@ done
rm /var/run/check.lock
# Announce reboot
echo "Rebooting in 5 seconds for the changes to take effect."
sleep 5
echo "### Rebooting in 60 seconds for the changes to take effect."
sleep 60
# Reboot
reboot

10
installer/home/2fa_enable.sh
View file

@ -4,7 +4,7 @@
# T-Pot #
# Two-Factor-Authentication and SSH enable script #
# #
# v16.03.1 by mo, DTAG, 2016-03-07 #
# v16.03.2 by mo, DTAG, 2016-03-09 #
########################################################
myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script"
@ -18,7 +18,7 @@ dialog --backtitle "$myBACKTITLE" --title "[ Enable SSH? ]" --yesno "\nDo you wa
mySSH=$?
# Enable 2FA
if [ $my2FA == 0 ] && ! [ -f /etc/pam.d/sshd.bak ];
if [ "$my2FA" = "0" ] && ! [ -f /etc/pam.d/sshd.bak ];
then
clear
sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
@ -27,12 +27,12 @@ if [ $my2FA == 0 ] && ! [ -f /etc/pam.d/sshd.bak ];
echo "2FA enabled. Please press return to continue ..."
read
elif [ -f /etc/pam.d/sshd.bak ]
then
dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70
then
dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70
fi
# Enable SSH
if [ $mySSH == 0 ] && [ -f /etc/init/ssh.override ];
if [ "$mySSH" = "0" ] && [ -f /etc/init/ssh.override ];
then
clear
sudo rm /etc/init/ssh.override