Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-06-30 20:12:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

clean up, update readme

Browse source
This commit is contained in:
t3chn0m4g3 2016-03-09 14:05:06 +01:00
parent 6f18240ade
commit f9e67c897c
8 changed files with 29 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -18,7 +18,7 @@ The image can then be used to install T-Pot on a physical or virtual machine.
cd tpotce cd tpotce
2. Invoke the script that builds the ISO image. 2. Invoke the script that builds the ISO image.
The script will download and install dependecies necessary to build the image on the invoking machine. It will further download the ubuntu base image (~600MB) which T-Pot is based on. The script will download and install dependencies necessary to build the image on the invoking machine. It will further download the ubuntu base image (~600MB) which T-Pot is based on.
sudo ./makeiso.sh sudo ./makeiso.sh
@ -38,7 +38,7 @@ When installing the T-Pot ISO image, make sure the target system (physical/virtu
### Sensor Installation (Cowrie, Dionaea, ElasticPot, Glastopf, Honeytrap) ### Sensor Installation (Cowrie, Dionaea, ElasticPot, Glastopf, Honeytrap)
This installation type is currently only available via ISO Creator. This installation type is currently only available via ISO Creator.
When installing the T-Pot ISO image, make sure the target system (physical/virtual) meets the following minimum requirements: When installing the T-Pot ISO image, make sure the target system (physical/virtual) meets the following minimum requirements:
- 3 GB RAM (4-6 GB recommended) - 3 GB RAM (4-6 GB recommended)
- 64 GB disk (64 GB SSD recommended) - 64 GB disk (64 GB SSD recommended)
- Network via DHCP - Network via DHCP
- A working internet connection - A working internet connection
@ -66,7 +66,7 @@ Once the installation is finished, the system will automatically reboot and you
You will need to set a new password after first login. You will need to set a new password after first login.
All honeypot services are started automatically. All honeypot services are started automatically.
# T-Pot Dashboard # T-Pot Dashboard

4
getimages.sh
View file

@ -4,11 +4,11 @@
# T-Pot # # T-Pot #
# Export docker images maker # # Export docker images maker #
# # # #
# v0.02 by mo, DTAG, 2016-02-22 # # v16.03.1 by mo, DTAG, 2016-03-09 #
######################################################## ########################################################
# This feature is experimental and requires at least docker 1.7! # This feature is experimental and requires at least docker 1.7!
# Using any docker version < 1.7 may result in a unusable installation # Using any docker version < 1.7 may result in a unusable T-Pot installation
# This script will download the docker images and export them to the folder "images". # This script will download the docker images and export them to the folder "images".
# When building the .iso image the preloaded docker images will be exported to the .iso which # When building the .iso image the preloaded docker images will be exported to the .iso which

8
installer/bin/backup_elk.sh
View file

@ -4,7 +4,7 @@
# T-Pot # # T-Pot #
# ELK DB backup script # # ELK DB backup script #
# # # #
# v0.01 by mo, DTAG, 2016-02-12 # # v16.03.1 by mo, DTAG, 2016-03-09 #
######################################################## ########################################################
myCOUNT=1 myCOUNT=1
myDATE=$(date +%Y%m%d%H%M) myDATE=$(date +%Y%m%d%H%M)
@ -43,13 +43,12 @@ sleep 10
# Backup DB in 2 flavors # Backup DB in 2 flavors
echo "Now backing up Elasticsearch data ..." echo "Now backing up Elasticsearch data ..."
tar cvfz $myBACKUPPATH"$myDATE"_elkall.tgz $myELKPATH tar cvfz $myBACKUPPATH"$myDATE"_elkall.tgz $myELKPATH
rm -rf "$myELKPATH"log/* rm -rf "$myELKPATH"log/*
rm -rf "$myELKPATH"data/elasticsearch/nodes/0/indices/logstash* rm -rf "$myELKPATH"data/elasticsearch/nodes/0/indices/logstash*
tar cvfz $myBACKUPPATH"$myDATE"_elkbase.tgz $myELKPATH tar cvfz $myBACKUPPATH"$myDATE"_elkbase.tgz $myELKPATH
rm -rf $myELKPATH rm -rf $myELKPATH
tar xvfz $myBACKUPPATH"$myDATE"_elkall.tgz -C / tar xvfz $myBACKUPPATH"$myDATE"_elkall.tgz -C /
#tar xvfz $myBACKUPPATH"$myDATE"_elkbase.tgz -C /
chmod 760 -R $myELKPATH chmod 760 -R $myELKPATH
chown tpot:tpot -R $myELKPATH chown tpot:tpot -R $myELKPATH
@ -59,4 +58,3 @@ echo "Now starting up ELK ..."
# Allow checks to resume # Allow checks to resume
rm /var/run/check.lock rm /var/run/check.lock

6
installer/bin/check.sh
View file

@ -4,10 +4,10 @@
# T-Pot # # T-Pot #
# Check container and services script # # Check container and services script #
# # # #
# v0.03 by mo, DTAG, 2016-02-12 # # v16.03.1 by mo, DTAG, 2016-03-09 #
######################################################## ########################################################
if [ -a /var/run/check.lock ]; if [ -a /var/run/check.lock ];
then then
echo "Lock exists. Exiting now." echo "Lock exists. Exiting now."
exit exit
fi fi
@ -34,5 +34,5 @@ for i in $myIMAGES
service $i start service $i start
fi fi
done done
rm /var/run/check.lock rm /var/run/check.lock

20
installer/bin/dcres.sh
View file

@ -4,7 +4,7 @@
# T-Pot # # T-Pot #
# Container and services restart script # # Container and services restart script #
# # # #
# v0.04 by mo, DTAG, 2016-02-12 # # v16.03.1 by mo, DTAG, 2016-03-09 #
######################################################## ########################################################
myCOUNT=1 myCOUNT=1
@ -40,7 +40,7 @@ if [ $myUPTIME -gt 4 ];
do do
service $i stop service $i stop
done done
echo "Waiting 10 seconds before restarting docker ..." echo "### Waiting 10 seconds before restarting docker ..."
sleep 10 sleep 10
iptables -w -F iptables -w -F
service docker restart service docker restart
@ -56,25 +56,21 @@ if [ $myUPTIME -gt 4 ];
fi fi
sleep 0.1 sleep 0.1
done done
echo "Docker is now up and running again." echo "### Docker is now up and running again."
echo "Removing obsolete container data ..." echo "### Removing obsolete container data ..."
docker rm -v $(docker ps -aq) docker rm -v $(docker ps -aq)
echo "Removing obsolete image data ..." echo "### Removing obsolete image data ..."
docker rmi $(docker images | grep "^<none>" | awk '{print $3}') docker rmi $(docker images | grep "^<none>" | awk '{print $3}')
echo "Starting T-Pot services ..." echo "### Starting T-Pot services ..."
for i in $myIMAGES for i in $myIMAGES
do do
service $i start service $i start
done done
sleep 5 sleep 5
else else
echo "T-Pot needs to be up and running for at least 5 minutes." echo "### T-Pot needs to be up and running for at least 5 minutes."
fi fi
rm /var/run/check.lock rm /var/run/check.lock
/etc/rc.local /etc/rc.local
echo "Done. Now running status.sh"
/usr/bin/status.sh

2
installer/bin/status.sh
View file

@ -4,7 +4,7 @@
# T-Pot # # T-Pot #
# Container and services status script # # Container and services status script #
# # # #
# v0.05 by mo, DTAG, 2016-02-12 # # v16.03.1 by mo, DTAG, 2016-03-09 #
######################################################## ########################################################
myCOUNT=1 myCOUNT=1

8
installer/bin/update-images.sh
View file

@ -4,7 +4,7 @@
# T-Pot # # T-Pot #
# Only start the containers found in /etc/init/ # # Only start the containers found in /etc/init/ #
# # # #
# v0.03 by mo, DTAG, 2016-02-12 # # v16.03.1 by mo, DTAG, 2016-03-09 #
######################################################## ########################################################
# Make sure not to interrupt a check # Make sure not to interrupt a check
@ -40,7 +40,7 @@ done
# Setup only T-Pot upstart scripts from images.conf and pull the images # Setup only T-Pot upstart scripts from images.conf and pull the images
for i in $(cat /data/images.conf); for i in $(cat /data/images.conf);
do do
docker pull dtagdevsec/$i:latest1603; docker pull dtagdevsec/$i:latest1603;
cp /data/upstart/"$i".conf /etc/init/; cp /data/upstart/"$i".conf /etc/init/;
done done
@ -49,8 +49,8 @@ done
rm /var/run/check.lock rm /var/run/check.lock
# Announce reboot # Announce reboot
echo "Rebooting in 5 seconds for the changes to take effect." echo "### Rebooting in 60 seconds for the changes to take effect."
sleep 5 sleep 60
# Reboot # Reboot
reboot reboot

10
installer/home/2fa_enable.sh
View file

@ -4,7 +4,7 @@
# T-Pot # # T-Pot #
# Two-Factor-Authentication and SSH enable script # # Two-Factor-Authentication and SSH enable script #
# # # #
# v16.03.1 by mo, DTAG, 2016-03-07 # # v16.03.2 by mo, DTAG, 2016-03-09 #
######################################################## ########################################################
myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script" myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script"
@ -18,7 +18,7 @@ dialog --backtitle "$myBACKTITLE" --title "[ Enable SSH? ]" --yesno "\nDo you wa
mySSH=$? mySSH=$?
# Enable 2FA # Enable 2FA
if [ $my2FA == 0 ] && ! [ -f /etc/pam.d/sshd.bak ]; if [ "$my2FA" = "0" ] && ! [ -f /etc/pam.d/sshd.bak ];
then then
clear clear
sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
@ -27,12 +27,12 @@ if [ $my2FA == 0 ] && ! [ -f /etc/pam.d/sshd.bak ];
echo "2FA enabled. Please press return to continue ..." echo "2FA enabled. Please press return to continue ..."
read read
elif [ -f /etc/pam.d/sshd.bak ] elif [ -f /etc/pam.d/sshd.bak ]
then then
dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70 dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70
fi fi
# Enable SSH # Enable SSH
if [ $mySSH == 0 ] && [ -f /etc/init/ssh.override ]; if [ "$mySSH" = "0" ] && [ -f /etc/init/ssh.override ];
then then
clear clear
sudo rm /etc/init/ssh.override sudo rm /etc/init/ssh.override