diff --git a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md
index 6eaabdc4..cdba5ea0 100644
--- a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md
+++ b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md
@@ -1,37 +1,44 @@
---
-name: Bug report for T-Pot
-about: Bug report for T-Pot
+name: Bug report for T-Pot 24.04.x
+about: Bug report for T-Pot 24.04.x
title: ''
labels: ''
assignees: ''
---
-Before you post your issue make sure it has not been answered yet and provide `basic support information` if you come to the conclusion it is a new issue.
+# Successfully raise an issue
+Before you post your issue make sure it has not been answered yet and provide **β οΈ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
- π Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
-- π§ Check our [WIKI](https://github.com/dtag-dev-sec/tpotce/wiki)
-- π Consult the documentation of π» [Debian](https://www.debian.org/doc/), π³ [Docker](https://docs.docker.com/), the π¦ [ELK stack](https://www.elastic.co/guide/index.html) and the π― [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
-- **β οΈ Provide [basic support information](#info) or similiar information with regard to your issue or we can not help you and will close the issue without further notice**
+- π§ Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions)
+- π Consult the documentation of π» your Linux OS, π³ [Docker](https://docs.docker.com/), the π¦ [Elastic stack](https://www.elastic.co/guide/index.html) and the π― [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
+- **β οΈ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.
-
-
-
+Questions such as **"Not seeing any attacks, containers are running fine"** or **"Cannot connect to the T-Pot WebUI, containers are running just fine"** are most likely caused by failures in routing and / or firewall setup and belong into the T-Pot [discussions](https://github.com/telekom-security/tpotce/discussions).
-
-## β οΈ Basic support information (commands are expected to run as `root`)
+# β οΈ Basic support information (commands are expected to run as `root`)
-- What version of the OS are you currently using `lsb_release -a` and `uname -a`?
-- What T-Pot version are you currently using?
-- What edition (Standard, Nextgen, etc.) of T-Pot are you running?
+**We happily take the time to improve T-Pot and take care of things, but we need you to take the time to create an issue that provides us with all the information we need.**
+
+- What OS are you T-Pot running on?
+- What is the version of the OS `lsb_release -a` and `uname -a`?
+- What T-Pot version are you currently using (only **T-Pot 24.04.x** is currently supported)?
- What architecture are you running on (i.e. hardware, cloud, VM, etc.)?
-- Did you have any problems during the install? If yes, please attach `/install.log` `/install.err`.
+- Review the `~/tpotce/install_tpot.log`, attach the log and highlight the errors.
- How long has your installation been running?
+ - If it is a fresh install consult the documentation first.
+ - Most likely it is a port conflict or a remote dependency was unavailable.
+ - Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described [here](#how-to-raise-an-issue).
- Did you install upgrades, packages or use the update script?
- Did you modify any scripts or configs? If yes, please attach the changes.
-- Please provide a screenshot of `glances` and `htop`.
+- Please provide a screenshot of `htop` and `docker stats`.
- How much free disk space is available (`df -h`)?
- What is the current container status (`dps.sh`)?
-- What is the status of the T-Pot service (`systemctl status tpot`)?
-- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `netstat -tulpen`
+- On Linux: What is the status of the T-Pot service (`systemctl status tpot`)?
+- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `grc netstat -tulpen`
+ - Stop T-Pot `systemctl stop tpot`
+ - Run `grc netstat -tulpen`
+ - Run T-Pot manually with `docker compose -f ~/tpotce/docker-compose.yml up` and check for errors
+ - Stop execution with `CTRL-C` and `docker compose -f ~/tpotce/docker-compose.yml down -v`
- If a single container shows as `DOWN` you can run `docker logs ` for the latest log entries
diff --git a/.github/ISSUE_TEMPLATE/feature-request-for-t-pot.md b/.github/ISSUE_TEMPLATE/feature-request-for-t-pot.md
index ff1ba956..81063643 100644
--- a/.github/ISSUE_TEMPLATE/feature-request-for-t-pot.md
+++ b/.github/ISSUE_TEMPLATE/feature-request-for-t-pot.md
@@ -1,6 +1,6 @@
---
-name: Feature request for T-Pot
-about: Suggest an idea for T-Pot
+name: Feature request for T-Pot 24.04.x
+about: Suggest an idea for T-Pot 24.04.x
title: ''
labels: ''
assignees: ''
diff --git a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md
index e86a858b..fe2abd7f 100644
--- a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md
+++ b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md
@@ -1,39 +1,44 @@
---
-name: General issue for T-Pot
-about: General issue for T-Pot
+name: General issue for T-Pot 24.04.x
+about: General issue for T-Pot 24.04.x
title: ''
labels: ''
assignees: ''
---
-π¨οΈ Please post your questions in [Discussions](https://github.com/telekom-security/tpotce/discussions) and keep the issues for **issues**. Thank you π.
-
-Before you post your issue make sure it has not been answered yet and provide `basic support information` if you come to the conclusion it is a new issue.
+# Successfully raise an issue
+Before you post your issue make sure it has not been answered yet and provide **β οΈ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
- π Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
-- π§ Check our [WIKI](https://github.com/dtag-dev-sec/tpotce/wiki)
-- π Consult the documentation of π» [Debian](https://www.debian.org/doc/), π³ [Docker](https://docs.docker.com/), the π¦ [ELK stack](https://www.elastic.co/guide/index.html) and the π― [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
-- **β οΈ Provide [basic support information](#info) or similiar information with regard to your issue or we can not help you and will close the issue without further notice**
+- π§ Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions)
+- π Consult the documentation of π» your Linux OS, π³ [Docker](https://docs.docker.com/), the π¦ [Elastic stack](https://www.elastic.co/guide/index.html) and the π― [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
+- **β οΈ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.
-
-
-
+Questions such as **"Not seeing any attacks, containers are running fine"** or **"Cannot connect to the T-Pot WebUI, containers are running just fine"** are most likely caused by failures in routing and / or firewall setup and belong into the T-Pot [discussions](https://github.com/telekom-security/tpotce/discussions).
-
-## β οΈ Basic support information (commands are expected to run as `root`)
+# β οΈ Basic support information (commands are expected to run as `root`)
-- What version of the OS are you currently using `lsb_release -a` and `uname -a`?
-- What T-Pot version are you currently using?
-- What edition (Standard, Nextgen, etc.) of T-Pot are you running?
+**We happily take the time to improve T-Pot and take care of things, but we need you to take the time to create an issue that provides us with all the information we need.**
+
+- What OS are you T-Pot running on?
+- What is the version of the OS `lsb_release -a` and `uname -a`?
+- What T-Pot version are you currently using (only **T-Pot 24.04.x** is currently supported)?
- What architecture are you running on (i.e. hardware, cloud, VM, etc.)?
-- Did you have any problems during the install? If yes, please attach `/install.log` `/install.err`.
+- Review the `~/tpotce/install_tpot.log`, attach the log and highlight the errors.
- How long has your installation been running?
+ - If it is a fresh install consult the documentation first.
+ - Most likely it is a port conflict or a remote dependency was unavailable.
+ - Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described [here](#how-to-raise-an-issue).
- Did you install upgrades, packages or use the update script?
- Did you modify any scripts or configs? If yes, please attach the changes.
-- Please provide a screenshot of `glances` and `htop`.
+- Please provide a screenshot of `htop` and `docker stats`.
- How much free disk space is available (`df -h`)?
- What is the current container status (`dps.sh`)?
-- What is the status of the T-Pot service (`systemctl status tpot`)?
-- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `netstat -tulpen`
+- On Linux: What is the status of the T-Pot service (`systemctl status tpot`)?
+- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `grc netstat -tulpen`
+ - Stop T-Pot `systemctl stop tpot`
+ - Run `grc netstat -tulpen`
+ - Run T-Pot manually with `docker compose -f ~/tpotce/docker-compose.yml up` and check for errors
+ - Stop execution with `CTRL-C` and `docker compose -f ~/tpotce/docker-compose.yml down -v`
- If a single container shows as `DOWN` you can run `docker logs ` for the latest log entries
diff --git a/CITATION.cff b/CITATION.cff
index b06dd254..8da04519 100644
--- a/CITATION.cff
+++ b/CITATION.cff
@@ -2,7 +2,7 @@
# Visit https://bit.ly/cffinit to generate yours today!
cff-version: 1.2.0
-title: T-Pot DEV
+title: T-Pot 24.04.0
message: >-
If you use this software, please cite it using the
metadata from this file.
@@ -20,8 +20,8 @@ authors:
identifiers:
- type: url
value: >-
- https://github.com/telekom-security/tpotce/releases/tag/22.04.0
- description: T-Pot Release 22.04.0
+ https://github.com/telekom-security/tpotce/releases/tag/24.04.0
+ description: T-Pot Release 24.04.0
repository-code: 'https://github.com/telekom-security/tpotce'
abstract: >-
T-Pot is the all in one, optionally distributed, multiarch
@@ -39,5 +39,5 @@ keywords:
- elk
license: GPL-3.0
commit: unreleased, under heavy development
-version: 2x.yy.z
-date-released: '202x-yy-zz'
\ No newline at end of file
+version: 24.04.0
+date-released: '2024-04-22'
\ No newline at end of file
diff --git a/PREVIEW.md b/PREVIEW.md
deleted file mode 100644
index 84b24fd6..00000000
--- a/PREVIEW.md
+++ /dev/null
@@ -1,203 +0,0 @@
-# T-Pot - Dev Preview
-
-T-Pot will be turning 10 years next year and this milestone will be celebrated when the time comes, which brings us today to the best time to reflect on how technology advanced, what this means for the project and how we can ensure T-Pot will meet the current and future requirements of the community.
-
-
-# TL;DR
-1. [Download](#choose-your-distro) or use a running, supported distribution
-2. Install the ISO with as minimal packages / services as possible (SSH required!)
-3. Install curl: `$ sudo [apt, dnf, zypper] install curl` if not installed already
-4. Run installer as non-root:
-```
-/bin/bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/dev/install.sh)"
-```
- * Follow instructions, read messages, check for possible port conflicts and reboot
-5. [Start](#start-t-pot) T-Pot as non-root for the first time:
-```
-cd tpotce/preview/
-docker compose up
-```
-
-
-# Table of Contents
-- [Disclaimer](#disclaimer)
-- [Last Time Departed](#last-time-departed)
-- [Present Time](#present-time)
-- [Destination Time](#destination-time)
-- [Technical Preview](#technical-preview)
- - [Architecture](#architecture)
-- [Installation](#installation)
- - [Choose your distro](#choose-your-distro)
- - [Get and Install T-Pot](#get-and-install-t-pot)
- - [T-Pot Config File](#t-pot-config-file)
- - [macOS & Windows](#macos--windows)
-- [Start T-Pot](#start-t-pot)
-- [Stop T-Pot](#stop-t-pot)
-- [Uninstall T-Pot](#uninstall-t-pot)
-- [Feedback](#uninstall-t-pot)
-
-
-
-# Disclaimer
-- This is a Technical Preview, a very very early stage in the development T-Pot. You have been warned - there will be dragons steering flying time machines possibly causing paradoxes.
-- The T-Pot [disclaimer](https://github.com/telekom-security/tpotce/blob/master/README.md#disclaimer) and [documentation](https://github.com/telekom-security/tpotce/blob/master/README.md) apply.
-
-
-# Last Time Departed
-Jumping back to 2014 T-Pot was born as the direct ancestor of our Raspberry Pi images we used to offer for download (which probably by now only insiders will remember π
). Docker was just the new kid on the block with the shiny new container engine everyone desperately unknowingly waited for and thus taking the dev-world by storm. At that point we wanted to ensure that T-Pot was something tangible, tethered to a physical device (Hello NUC my old friend π) while using latest technologies ensuring an easy transition should we ever leave hardware based installations (or VMs for that matter). And Oh-My-Zsh as you all know that day came faster than anticipated! (Special thanks @vorband, @shaderecker and @tmariuss for all of their contributions!)
-
-
-# Present Time
-Flash Forward to today, T-Pot offers support for Debian, both as an ISO based installation or a post installation method (install your own Debian Server), support for OTC, AWS and other clouds through Ansible and Terraform Support. All of this in many different flavors and even a distributed installation. At the same time we are still relying on the same base concept we originally started with which does not seem fit for the foreseeable future.
-In the last couple of years being independent of a certain platform was the one feature that stood out by far. The reason for this, until today, is the simple fact that T-Pot, although relying heavily on Docker, still relies on a fully controlled environment. This has its advantages but can not meet a demand where cloud based installations need different settings than we can provide (we can only run limited platform tests), companies follow different guidelines for allowed distributions or hosters simply offer Debian images slightly adjusted to their environments causing issues with the setting T-Pot relies on. Roll the dice or ask the Magic-8-Ball.
-
-
-# Destination Time
-Back to the future of T-Pot. For a brief time we had the idea of T-Pot Light which should compensate for the missing platform support. A concept was whipped up to support all of T-Pot's dockered services on minimal installations of Debian, Fedora, OpenSuse and Ubuntu Server. And it worked! It worked so good that we have almost achieved feature parity for this Technical Preview and decided that this is the best candidate for the future of the development of T-Pot
-We are thrilled to share this now, so you can test, provide us with feedback, open issues and discussions and give us the chance to make the next T-Pot the best T-Pot we have ever released!
-
-
-## Technical Preview
-For the purpose of the Technical Preview T-Pot will still use the 22.04 images and for a great part rely on the 22.04 release. This will lay the groundwork though for the next T-Pot release by just relying on the latest Docker package repositories (yes, the distros mostly do not offer Docker's bleeding edge features), some tiny modifications on the host (installer and uninstaller provided!) and move all of T-Pot's core in its own Docker image with a simple, user adjustable, configuration.
-
-
-## Architecture
-While the basic architecture still remains, the Technical Preview of T-Pot is mostly independent of the underlying OS with only some basic requirements:
-1. Underlying OS is available as supported distribution:
- * Only the bare minimum of services and packages are installed to avoid possible port conflicts with T-Pot's services
- * Debian, Fedora, OpenSuse and Ubuntu Server are currently supported, others might follow if the requirements will be met
-2. Latest Docker Engine from Docker's repositories is supported
- * Only the latest Docker Engine packages offer all the features needed for T-Pot
- * Docker Desktop does not offer host network capabilities and thus only a limited T-Pot experience (not available for the Technical Preview, but planned to even get started faster!)
-3. Changes to the host
- * Some changes to the host are necessary but will be kept as minimalistic as possible, just enough T-Pot will be able to run
- * There are uninstallers available this time π
-
-
-# System Requirements
-The known T-Pot hardware (CPU, RAM, SSD) requirements and recommendations still apply.
-
-
-# Installation
-[Download](#choose-your-distro) one of the supported Linux distro images, `git clone` the T-Pot repository and run the installer specific to your system. Running T-Pot on top of a running and supported Linux system is possible, but a clean installation is recommended to avoid port conflicts with running services.
-
-
-## Choose your distro
-Choose a supported distro of your choice. It is recommended to use the minimum / netiso installers linked below and only install a minimalistic set of packages. SSH is mandatory or you will not be able to connect to the machine remotely.
-
-| Distribution Name | x64 | arm64
-|:-----------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:--------------
-| [Alma Linux](https://almalinux.org) | [download](https://mirrors.almalinux.org/isos/x86_64/9.3.html) | [download](https://mirrors.almalinux.org/isos/aarch64/9.3.html)
-| [Debian](https://www.debian.org/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.5.0-amd64-netinst.iso) | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.5.0-arm64-netinst.iso)
-| [Fedora](https://fedoraproject.org) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/39/Server/x86_64/iso/Fedora-Server-netinst-x86_64-39-1.5.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/39/Server/aarch64/iso/Fedora-Server-netinst-aarch64-39-1.5.iso)
-| [OpenSuse](https://www.opensuse.org) | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso) | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso)
-| [Rocky Linux](https://rockylinux.org) | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.3-x86_64-minimal.iso) | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.3-aarch64-minimal.iso)
-| [Ubuntu](https://ubuntu.com) | [download](https://releases.ubuntu.com/22.04.4/ubuntu-22.04.4-live-server-amd64.iso) | [download](https://cdimage.ubuntu.com/releases/22.04/release/ubuntu-22.04.4-live-server-arm64.iso)
-
-## Raspberry Pi 4 (8GB) Support
-| Distribution Name | arm64
-|:-----------------------------------------------------------------|:-----
-| [Raspberry Pi OS (**64Bit, Lite**)](https://www.raspberrypi.com) | [download](https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz)
-
-
-
-## Get and install T-Pot
-1. Clone the GitHub repository: `$ git clone https://github.com/telekom-security/tpotce`
-2. Change into the **tpotce/preview/installer** folder: `$ cd tpotce/preview/installer`
-3. Locate your distribution, i.e. `fedora`: `$ cd fedora`
-4. Run the installer as non-root: `$ ./install.sh`:
- * β οΈ ***Depending on your Linux distribution of choice the installer will:***
- * Change the SSH port to `tcp/64295`
- * Disable the DNS Stub Listener to avoid port conflicts with honeypots
- * Set SELinux to Monitor Mode
- * Set the firewall target for the public zone to ACCEPT
- * Add Docker's repository and install Docker
- * Install recommended packages
- * Remove package known to cause issues
- * Add the current user to the docker group (allow docker interaction without `sudo`)
- * Add `dps` and `dpsw` aliases (`grc docker ps -a`, `watch -c "grc --colour=on docker ps -a`)
- * Display open ports on the host (compare with T-Pot [required](https://github.com/telekom-security/tpotce#required-ports) ports)
-5. Follow the installer instructions, you will have to enter your password at least once
-6. Check the installer messages for errors and open ports that might cause port conflicts
-7. Reboot: `$ sudo reboot`
-
-
-## T-Pot Config File
-T-Pot offers a configuration file providing environment variables not only for the docker services (i.e. honeypots and tools) but also for the docker compose environment. The configuration file is hidden in the `preview` folder and is called `.env`. There is however an example file (`env.example`) which holds the default configuration.
Before the first start set the `WEB_USER` and `WEB_PW`. Once T-Pot was initialized it is recommended to remove the password and set `WEB_PW=`. Other settings are available also, these however should only be changed if you are comfortable with possible errors π« as some of the features are not fully integrated and tested yet.
-```
-# T-Pot config file. Do not remove.
-
-# Set Web username and password here, only required for first run
-# Removing the password after first run is recommended
-# You can always add or remove users as you see fit using htpasswd:
-# htpasswd -b -c //nginx/conf/nginxpasswd
-WEB_USER=
-WEB_PW=
-
-# T-Pot Blackhole
-# ENABLED: T-Pot will download a db of known mass scanners and nullroute them
-# Be aware, this will put T-Pot off the map for stealth reasons and
-# you will get less traffic. Routes will active until reboot and will
-# be re-added with every T-Pot start until disabled.
-# DISABLED: This is the default and no stealth efforts are in place.
-TPOT_BLACKHOLE=DISABLED
-```
-
-## macOS & Windows
-Sometimes it is just nice if you can spin up a T-Pot instance on macOS or Windows, i.e. for development, testing or just the fun of it. While Docker Desktop is rather limited not all honeypot types or T-Pot features are supported. Also remember, by default the macOS and Windows firewall are blocking access from remote, so testing is limited to the host. For production it is recommended to run T-Pot on Linux.
-To get things up and running just follow these steps:
-1. Install Docker Desktop for [macOS](https://docs.docker.com/desktop/install/mac-install/) or [Windows](https://docs.docker.com/desktop/install/windows-install/)
-2. Clone the GitHub repository: `$ git clone https://github.com/telekom-security/tpotce`
-2. Change into the **tpotce/preview/compose** folder: `$ cd tpotce/preview/compose`
-3. Copy **mac_win.yml** to the **tpotce/preview** folder by overwriting **docker-compose.yml**: `$ cp mac_win.yml ../docker-compose.yml`
-4. Adjust the **.env** file by changing **TPOT_OSTYPE** to either **mac** or **win**:
-```
-# OSType (linux, mac, win)
-# Most docker features are available on linux
-TPOT_OSTYPE=mac
-```
-5. You have to ensure on your own there are no port conflicts keeping T-Pot from starting up.
-You can follow the README on how to [Start T-Pot](#start-t-pot), however you may skip the **crontab**.
-
-
-# Start T-Pot
-1. Change into the **tpotce/preview/** folder: `$ cd tpotce/preview/`
-2. Run: `$ docker compose up` (notice the missing dash, `docker-compose` no longer exists with the latest Docker installation)
- * You can also run `$ docker compose -f //tpotce/preview/docker-compose.yml up` directly if you want to avoid to change into the `preview` folder or add an alias of your choice.
-3. `docker compose` will now download all the necessary images to run the T-Pot Docker containers
-4. On the first run T-Pot (`tpotinit`) will initialize and create the `data` folder in the path specified (by default it is located in `tpotce/preview/data/`):
- * It takes about 2-3 minutes to bring all the containers up (should port conflicts arise `docker compose` will simply abort)
- * Once all containers have started successfully for the first time you can access T-Pot as described [here](https://github.com/telekom-security/tpotce#remote-access-and-tools) or cancel with `CTRL-C` ...
-5. ... and run T-Pot in the background: `$ docker compose up -d`
- * Unless you run `docker compose down -v` T-Pot's Docker service will remain persistent and restart with a reboot
- * You can however add a crontab entry with `crontab -e` which will also add some container and image management.
-```
-@reboot docker compose -f //tpotce/preview/docker-compose.yml down -v; \
-docker container prune -f; \
-docker image prune -f; \
-docker compose -f //tpotce/preview/docker-compose.yml up -d
-```
-6. By default Docker will always check if the local and remote docker images match, if not, Docker will either revert to a fitting locally cached image or download the image from remote. This ensures T-Pot images will always be up-to-date
-
-# Stop T-Pot
-1. Change into the **tpotce/preview/** folder: `$ cd tpotce/preview/`
-2. Run: `$ docker compose down -v` (notice the missing dash, `docker-compose` no longer exists with the latest docker installation)
-3. Docker will now stop all running T-Pot containers and disable reboot persistence (unless you made a [crontab entry](#start-t-pot)
- * You can also run `$ docker compose -f //tpotce/preview/docker-compose.yml down -v` directly if you want to avoid to change into the `preview` folder or add an alias of your choice.
-
-# Uninstall T-Pot
-1. Change into the **tpotce/preview/uninstaller/** folder: `$ cd tpotce/preview/uninstaller/`
-2. Locate your distribution, i.e. `fedora`: `$ cd fedora`
-3. Run the installer as non-root: `$ ./uninstall.sh`:
- * The uninstaller will reverse the installation steps
-4. Follow the uninstaller instructions, you will have to enter your password at least once
-5. Check the uninstaller messages for errors
-6. Reboot: `$ sudo reboot`
-
-
-# Feedback
-To ensure the next T-Pot release will be everything we and you - The T-Pot Community - have in mind please feel free to leave comments in the `Technical Preview` [discussion](https://github.com/telekom-security/tpotce/discussions/1325) pinned on our GitHub [Discussions](https://github.com/telekom-security/tpotce/discussions) section. Please bear in mind that this Technical Preview is made public in the earliest stage of the T-Pot development process at your convenience for ***your*** valuable input.
-
-Thank you for testing π
-
-Special thanks to all the [contributors](https://github.com/telekom-security/tpotce/graphs/contributors) and [developers](https://github.com/telekom-security/tpotce#credits) making this project possible!
diff --git a/README.md b/README.md
index e2c37383..97e289b4 100644
--- a/README.md
+++ b/README.md
@@ -17,76 +17,74 @@ env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/alpha/ins
* Follow instructions, read messages, check for possible port conflicts and reboot
# Table of Contents
-- [Disclaimer](#disclaimer)
-- [Technical Concept](#technical-concept)
- - [Technical Architecture](#technical-architecture)
- - [Services](#services)
- - [User Types](#user-types)
-- [System Requirements](#system-requirements)
- - [Running in a VM](#running-in-a-vm)
- - [Running on Hardware](#running-on-hardware)
- - [Running in a Cloud](#running-in-a-cloud)
- - [Required Ports](#required-ports)
-- [System Placement](#system-placement)
-- [Installation](#installation)
- - [ISO Based](#iso-based)
- - [Download ISO Image](#download-iso-image)
- - [Create your own ISO Image](#create-your-own-iso-image)
- - [Post Install](#post-install)
- - [Download Debian Netinstall Image](#download-debian-netinstall-image)
- - [Post Install User Method](#post-install-user-method)
- - [Post Install Auto Method](#post-install-auto-method)
- - [T-Pot Installer](#t-pot-installer)
- - [Installation Types](#installation-types)
- - [Standalone](#standalone)
- - [Distributed](#distributed)
- - [Cloud Deployments](#cloud-deployments)
- - [Ansible Deployment](#ansible-deployment)
- - [Terraform Configuration](#terraform-configuration)
-- [First Start](#first-start)
- - [Standalone Start](#standalone-first-start)
- - [Distributed Deployment](#distributed-deployment)
- - [Community Data Submission](#community-data-submission)
- - [Opt-In HPFEEDS Data Submission](#opt-in-hpfeeds-data-submission)
-- [Remote Access and Tools](#remote-access-and-tools)
- - [SSH and Cockpit](#ssh-and-cockpit)
- - [T-Pot Landing Page](#t-pot-landing-page)
- - [Kibana Dashboard](#kibana-dashboard)
- - [Attack Map](#attack-map)
- - [Cyberchef](#cyberchef)
- - [Elasticvue](#elasticvue)
- - [Spiderfoot](#spiderfoot)
-- [Maintenance](#maintenance)
- - [Updates](#updates)
- - [Update from 20.06.x](#update-from-2006x)
- - [Updates for 22.04.x](#updates-for-2204x)
- - [Known Issues](#known-issues)
- - [Grub Fails to Reconfigure](#grub-fails-to-reconfigure)
- - [Docker Images Fail to Download](#docker-images-fail-to-download)
- - [Network Interface Fails](#network-interface-fails)
- - [Start T-Pot](#start-t-pot)
- - [Stop T-Pot](#stop-t-pot)
- - [T-Pot Data Folder](#t-pot-data-folder)
- - [Log Persistence](#log-persistence)
- - [Clean Up](#clean-up)
- - [Show Containers](#show-containers)
- - [Blackhole](#blackhole)
- - [Add Users to Nginx (T-Pot WebUI)](#add-users-to-nginx-t-pot-webui)
- - [Import and Export Kibana Objects](#import-and-export-kibana-objects)
- - [Switch Editions](#switch-editions)
- - [Redeploy Hive Sensor](#redeploy-hive-sensor)
- - [Adjust tpot.yml](#adjust-tpotyml)
- - [Enable Cockpit 2FA](#enable-cockpit-2fa)
-- [Troubleshooting](#troubleshooting)
- - [Logging](#logging)
- - [Fail2Ban](#fail2ban)
- - [RAM](#ram-and-storage)
-- [Contact](#contact)
- - [Issues](#issues)
- - [Discussions](#discussions)
-- [Licenses](#licenses)
-- [Credits](#credits)
-- [Testimonials](#testimonials)
+
+* [T-Pot - The All In One Multi Honeypot Platform](#t-pot---the-all-in-one-multi-honeypot-platform)
+* [TL;DR](#tldr)
+* [Table of Contents](#table-of-contents)
+* [Disclaimer](#disclaimer)
+* [Technical Concept](#technical-concept)
+ * [Technical Architecture](#technical-architecture)
+ * [Services](#services)
+ * [User Types](#user-types)
+* [System Requirements](#system-requirements)
+ * [Running in a VM](#running-in-a-vm)
+ * [Running on Hardware](#running-on-hardware)
+ * [Running in a Cloud](#running-in-a-cloud)
+ * [Required Ports](#required-ports)
+* [System Placement](#system-placement)
+* [Installation](#installation)
+ * [Choose your distro](#choose-your-distro)
+ * [Raspberry Pi 4 (8GB) Support](#raspberry-pi-4-8gb-support)
+ * [Get and install T-Pot](#get-and-install-t-pot)
+ * [macOS & Windows](#macos--windows)
+ * [Installation Types](#installation-types)
+ * [**HIVE**](#hive)
+ * [**Distributed**](#distributed)
+ * [Uninstall T-Pot (Linux only!) (to do)](#uninstall-t-pot-linux-only-to-do)
+* [First Start](#first-start)
+ * [Standalone First Start](#standalone-first-start)
+ * [Distributed Deployment (to do)](#distributed-deployment-to-do)
+ * [Community Data Submission](#community-data-submission)
+ * [Opt-In HPFEEDS Data Submission](#opt-in-hpfeeds-data-submission)
+* [Remote Access and Tools](#remote-access-and-tools)
+ * [SSH](#ssh)
+ * [T-Pot Landing Page](#t-pot-landing-page-)
+ * [Kibana Dashboard](#kibana-dashboard)
+ * [Attack Map](#attack-map)
+ * [Cyberchef](#cyberchef)
+ * [Elasticvue](#elasticvue)
+ * [Spiderfoot](#spiderfoot)
+* [Configuration](#configuration)
+ * [T-Pot Config File](#t-pot-config-file)
+ * [Customize T-Pot Honeypots and Services](#customize-t-pot-honeypots-and-services)
+ * [Redeploy Hive Sensor (to do)](#redeploy-hive-sensor-to-do)
+* [Maintenance](#maintenance)
+ * [General Updates](#general-updates)
+ * [Update Script](#update-script)
+ * [Known Issues](#known-issues)
+ * [**Docker Images Fail to Download**](#docker-images-fail-to-download)
+ * [Start T-Pot](#start-t-pot)
+ * [Stop T-Pot](#stop-t-pot)
+ * [T-Pot Data Folder](#t-pot-data-folder)
+ * [Log Persistence](#log-persistence)
+ * [Factory Reset](#factory-reset)
+ * [Show Containers](#show-containers)
+ * [Blackhole](#blackhole)
+ * [Add Users to Nginx (T-Pot WebUI)](#add-users-to-nginx-t-pot-webui)
+ * [Import and Export Kibana Objects](#import-and-export-kibana-objects)
+ * [**Export**](#export)
+ * [**Import**](#import)
+* [Troubleshooting](#troubleshooting)
+ * [Logs](#logs)
+ * [RAM and Storage](#ram-and-storage)
+* [Contact](#contact)
+ * [Issues](#issues)
+ * [Discussions](#discussions)
+* [Licenses](#licenses)
+* [Credits](#credits)
+ * [The developers and development communities of](#the-developers-and-development-communities-of)
+* [Testimonials](#testimonials)
+
# Disclaimer
@@ -278,10 +276,6 @@ It is recommended to get yourself familiar with how T-Pot and the honeypots work
Once you are familiar with how things work you should choose a network you suspect intruders in or from (i.e. the internet). Otherwise T-Pot will most likely not capture any attacks (unless you want to prove a point)! For starters it is recommended to put T-Pot in an unfiltered zone, where all TCP and UDP traffic is forwarded to T-Pot's network interface. To avoid probing for T-Pot's management ports you should put T-Pot behind a firewall and forward all TCP / UDP traffic in the port range of 1-64000 to T-Pot while allowing access to ports > 64000 only from trusted IPs and / or only expose the [ports](#required-ports) relevant to your use-case. If you wish to catch malware traffic on unknown ports you should not limit the ports you forward since glutton and honeytrap dynamically bind any TCP port that is not occupied by other honeypot daemons and thus give you a better representation of the risks your setup is exposed to.
-# Installation
-The T-Pot installation is offered in different variations. While the overall installation of T-Pot is straightforward it heavily depends on a working, non-proxied (unless you made modifications) up and running internet connection (also see [required outgoing ports](#required-ports)). If these conditions are not met the installation **will fail!** either during the execution of the Debian Installer, after the first reboot before the T-Pot Installer is starting up or while the T-Pot installer is trying to download all the necessary dependencies.
-
-
# Installation
[Download](#choose-your-distro) one of the [supported Linux distro images](#choose-your-distro), follow the [TL;DR](#tldr) instructions or `git clone` the T-Pot repository and run the installer `~/tpotce/install.sh`. Running T-Pot on top of a running and supported Linux system is possible, but a clean installation is recommended to avoid port conflicts with running services. The T-Pot installer will require direct access to the internet as described [here](#required-ports).
@@ -298,6 +292,8 @@ Choose a supported distro of your choice. It is recommended to use the minimum /
| [Rocky Linux](https://rockylinux.org) | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.3-x86_64-minimal.iso) | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.3-aarch64-minimal.iso) |
| [Ubuntu](https://ubuntu.com) | [download](https://releases.ubuntu.com/22.04.4/ubuntu-22.04.4-live-server-amd64.iso) | [download](https://cdimage.ubuntu.com/releases/22.04/release/ubuntu-22.04.4-live-server-arm64.iso) |
+
+
## Raspberry Pi 4 (8GB) Support
| Distribution Name | arm64 |
|:-----------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -327,6 +323,24 @@ Choose a supported distro of your choice. It is recommended to use the minimum /
6. Reboot: `$ sudo reboot`
+## macOS & Windows
+Sometimes it is just nice if you can spin up a T-Pot instance on macOS or Windows, i.e. for development, testing or just the fun of it. As Docker Desktop is rather limited not all honeypot types or T-Pot features are supported. Also remember, by default the macOS and Windows firewall are blocking access from remote, so testing is limited to the host. For production it is recommended to run T-Pot on [Linux](#choose-your-distro).
+To get things up and running just follow these steps:
+1. Install Docker Desktop for [macOS](https://docs.docker.com/desktop/install/mac-install/) or [Windows](https://docs.docker.com/desktop/install/windows-install/).
+2. Clone the GitHub repository: `git clone https://github.com/telekom-security/tpotce -b alpha`.
+3. Go to: `cd ~/tpotce`
+4. Copy `cp compose/mac_win.yml ./docker-compose.yml`.
+5. Create a `WEB_USER` by running `~/tpotce/genuser.sh`
+6. Adjust the `.env` file by changing `TPOT_OSTYPE=linux` to either `mac` or `win`:
+ ```
+ # OSType (linux, mac, win)
+ # Most docker features are available on linux
+ TPOT_OSTYPE=mac
+ ```
+7. You have to ensure on your own there are no port conflicts keeping T-Pot from starting up.
+8. Start T-Pot: `docker compose up` or `docker compose up -d` if you want T-Pot to run in the background.
+9. Stop T-Pot: `CTRL-C` (it if was running in the foreground) and / or `docker compose down -v` to stop T-Pot entirely.
+
## Installation Types
### **HIVE**
@@ -342,6 +356,11 @@ The distributed version of T-Pot requires at least two hosts
To finalize the **SENSOR** installation continue to [Distributed Deployment](#distributed-deployment).
+## Uninstall T-Pot (Linux only!) (to do)
+To uninstall T-Pot run `~/tpotce/uninstall.sh` and follow the uninstaller instructions, you will have to enter your password at least once.
+Once the uninstall is finished reboot the machine `sudo reboot`
+
+
# First Start
Once the T-Pot Installer successfully finishes, the system needs to be rebooted (`sudo reboot`). Once rebooted you can log into the system using the user you setup during the installation of the system. Logins are according to the [User Types](#user-types):
@@ -363,16 +382,15 @@ There is not much to do except to login and check via `dps.sh` if all services a
## Distributed Deployment (to do)
-With the distributed deployment firstly login to **HIVE** and the **HIVE_SENSOR** and check via `dps.sh` if all services and honeypots are starting up correctly. Once you have confirmed everything is working fine you need to deploy the **HIVE_SENSOR** to the **HIVE** in order to transmit honeypot logs to the Elastic Stack.
+With the distributed deployment firstly login to **HIVE** and the **SENSOR** and check via `dps` if all services and honeypots are starting up correctly. Once you have confirmed everything is working fine you need to deploy the **SENSOR** to the **HIVE** in order to transmit honeypot logs to the Elastic Stack.
-For **deployment** simply keep the **HIVE** login data ready and follow these steps while the `deploy.sh` script will setup the **HIVE** and **HIVE_SENSOR** for securely shipping and receiving logs:
+For **deployment** simply keep the **HIVE** login data ready and follow these steps while the `deploy.sh` script will setup the **HIVE** and **SENSOR** for securely shipping and receiving logs:
```
-sudo su -
deploy.sh
```
-The script will ask for the **HIVE** login data, the **HIVE** IP address, will create SSH keys accordingly and deploy them securely over a SSH connection to the **HIVE**. On the **HIVE** machine a user with the **HIVE_SENSOR** hostname is created, belonging to a user group `tpotlogs` which may only open a SSH tunnel via port `64295` and transmit Logstash logs to port `127.0.0.1:64305`, with no permission to login on a shell. You may review the config in `/etc/ssh/sshd_config` and the corresponding `autossh` settings in `docker/elk/logstash/dist/entrypoint.sh`. Settings and keys are stored in `/data/elk/logstash` and loaded as part of `/opt/tpot/etc/tpot.yml`.
+The script will ask for the **HIVE** login data, the **HIVE** IP address, will create SSH keys accordingly and deploy them securely over a SSH connection to the **HIVE**. On the **HIVE** machine a user with the **SENSOR** hostname is created, belonging to a user group `tpotlogs` which may only open a SSH tunnel via port `64295` and transmit Logstash logs to port `127.0.0.1:64305`, with no permission to login on a shell. You may review the config in `/etc/ssh/sshd_config` and the corresponding `autossh` settings in `docker/elk/logstash/dist/entrypoint.sh`. Settings and keys are stored in `/data/elk/logstash` and loaded as part of `/opt/tpot/etc/tpot.yml`.
## Community Data Submission
@@ -469,6 +487,53 @@ On the T-Pot Landing Page just click on `Spiderfoot` and you will be forwarded t
+# Configuration
+
+## T-Pot Config File
+T-Pot offers a configuration file providing variables not only for the docker services (i.e. honeypots and tools) but also for the docker compose environment. The configuration file is hidden in `~/tpoce/.env`. There is also an example file (`env.example`) which holds the default configuration.
+Before the first start run `~/tpotce/genuser.sh` or setup the `WEB_USER` manually as described [here](#add-users-to-nginx-t-pot-webui).
+
+## Customize T-Pot Honeypots and Services
+
+In `~/tpotce/compose` you will find everything you need to adjust the T-Pot Standard / HIVE installation:
+```
+customizer.py
+mac_win.yml
+mini.yml
+mobile.yml
+raspberry_showcase.yml
+sensor.yml
+standard.yml
+tpot_services.yml
+```
+The `.yml` files are docker compose files, each representing a different set of honeypots and tools with `tpot_services.yml` being a template for `customizer.py` to create a customized docker compose file.
+To activate a compose file follow these steps:
+1. Stop T-Pot with `systemctl stop tpot`.
+2. Copy the docker compose file `cp ~/tpotce/compose/ ~/tpotce/docker-compose.yml`.
+3. Start T-Pot with `systemctl start tpot`.
+
+To create your customized docker compose file:
+1. Go to `cd ~/tpotce/compose`.
+2. Run `python3 customizer.py`.
+3. The script will guide you through the process of creating your own `docker-compose.yml`. As some honeypots and services occupy the same ports it will check if any port conflicts are present and notify regarding the conflicting services. You then can resolve them manually by adjusting `docker-compose-custom.yml` or re-run the script.
+4. Stop T-Pot with `systemctl stop tpot`.
+5. Check if everything works by running `docker-compose -f docker-compose-custom.yml up`. In case of errors follow the [Docker Compose Specification](https://docs.docker.com/compose/compose-file/) for mitigation. Most likely it is just a port conflict you can adjust by editing the docker compose file.
+6. If everything works just fine press `CTRL-C` to stop the containers and run `docker-compose -f docker-compose-custom.yml down -v`.
+7. Copy the customized docker compose file `cp ~/tpotce/compose/docker-compose-custom.yml ~/tpotce/docker-compose.yml`.
+8. Start T-Pot with `systemctl start tpot`.
+
+
+## Redeploy Hive Sensor (to do)
+In case you need to re-deploy your Hive Sensor, i.e. the IP of your Hive has changed or you want to move the Hive Sensor to a new Hive, you simply follow these commands:
+```
+sudo su -
+systemctl stop tpot
+rm /data/elk/logstash/*
+deploy.sh
+reboot
+```
+
+
# Maintenance
T-Pot is designed to be low maintenance. Since almost everything is provided through docker images there is basically nothing you have to do but let it run. We will upgrade the docker images regularly to reduce the risks of compromise; however you should read this section closely.
@@ -547,7 +612,7 @@ You can show all T-Pot relevant containers by running `dps` or `dpsw [interval]`
## Blackhole
-Some users reported they wanted to have the option to run T-Pot in a stealth mode manner without permanent visits of publicly known scanners and thus reducing the possibility of being exposed. While this is of course always a cat and mouse game T-Pot offers a blackhole feature that is null routing all requests from [known mass scanners](https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner.txt) while still catching the events through Suricata.
+Blackhole will run T-Pot in kind of a stealth mode manner without permanent visits of publicly known scanners and thus reducing the possibility of being exposed. While this is of course always a cat and mouse game the blackhole feature is null routing all requests from [known mass scanners](https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner.txt) while still catching the events through Suricata.
The feature is activated by setting `TPOT_BLACKHOLE=DISABLED` in `~/tpotce/.env`, then run `systemctl stop tpot` and `systemctl start tpot` or `sudo reboot`.
@@ -581,125 +646,49 @@ This will export a NDJSON file with all your objects. Always run a full export t
When asked: "If any of the objects already exist, do you want to automatically overwrite them?" you answer with "Yes, overwrite all".
-## Switch Editions
-You can switch between T-Pot editions (flavors) by running `tped.sh`.
-
-
-## Redeploy Hive Sensor
-In case you need to re-deploy your Hive Sensor, i.e. the IP of your Hive has changed or you want to move the Hive Sensor to a new Hive, you simply follow these commands:
-```
-sudo su -
-systemctl stop tpot
-rm /data/elk/logstash/*
-deploy.sh
-reboot
-```
-
-
-## Adjust tpot.yml
-Maybe the available T-Pot editions do not apply to your use-case or you need a different set of honeypots. You can adjust `/opt/tpot/etc/tpot.yml` to your own preference. If you need examples of how this works, just follow the configuration of the existing editions (docker-compose files) in `/opt/tpot/etc/compose` and follow the [Docker Compose Specification](https://docs.docker.com/compose/compose-file/).
-```
-sudo su -
-systemctl stop tpot
-vi /opt/tpot/etc/tpot.yml
-docker-compose -f /opt/tpot/etc/tpot.yml up (to see if everything works, CTRL+C)
-docker-compose -f /opt/tpot/etc/tpot.yml down -v
-systemctl start tpot
-```
-
-
-## Enable Cockpit 2FA
-You can enable two-factor-authentication for Cockpit by running `2fa.sh`.
-
-
# Troubleshooting
Generally T-Pot is offered ***as is*** without any commitment regarding support. Issues and discussions can be opened, but be prepared to include basic necessary info, so the community is able to help.
-## Logging
-* Check if your containers are running correctly: `dps.sh`
-
-* Check if your system resources are not exhausted: `htop`, `glances`
-
+## Logs
+* Check if your containers are running correctly: `dps`
+* Check if your system resources are not exhausted: `htop`, `docker stats`
* Check if there is a port conflict:
```
systemctl stop tpot
grc netstat -tulpen
-vi /opt/tpot/etc/tpot.yml up
-docker-compose -f /opt/tpot/etc/tpot.yml up
+mi ~/tpotce/docker-compose.yml
+docker-compose -f ~/tpotce/docker-compose.yml up
CTRL+C
-docker-compose -f /opt/tpot/etc/tpot.yml down -v
+docker-compose -f ~/tpotce/docker-compose.yml down -v
```
-
-* Check container logs: `docker logs -f `
-
-* Check if you were locked out by [fail2ban](#fail2ban).
-
-
-## Fail2Ban
-If you cannot login there are probably three possible reasons:
-1. You need to review [User Types](#user-types) and understand the different users.
-2. You are trying to SSH into T-Pot, but use `tcp/22` instead of `tcp/64295` or were using the incorrect user for Cockpit or Nginx (T-Pot WebUI).
-3. You had too many wrong attempts from the above and got locked out by `fail2ban`.
-
-To resolve Fail2Ban lockouts run `fail2ban-client status`:
-
-```
-fail2ban-client status
-Status
-|- Number of jail: 3
-nginx-http-auth, pam-generic, sshd
-```
-
-`nginx-http-auth` refers to missed BasicAuth login attempts (Nginx / T-Pot WebUI) on `tcp/64295`
-
-`sshd` refers to missed OS SSH login attempts on `tcp/64295`
-
-`pam-generic` refers to missed OS Cockpit login attempts on `tcp/64294`
-
-Check all jails, i.e. `sshd`:
-
-```
-fail2ban-client status sshd
-Status for the jail: sshd
-|- Filter
-| |- Currently failed: 0
-| |- Total failed: 0
-| `- File list: /var/log/auth.log
-`- Actions
- |- Currently banned: 0
- |- Total banned: 0
- `- Banned IP list:
-```
-
-If there are any banned IPs you can unban these with `fail2ban-client unban --all` or `fail2ban-client unban `.
+* Check individual container logs: `docker logs -f `
+* Check `tpotinit` log: `cat ~/tpotce/data/tpotinit.log`
## RAM and Storage
-The Elastic Stack is hungry for RAM, specifically `logstash` and `elasticsearch`. If the Elastic Stack is unavailable, does not receive any logs or simply keeps crashing it is most likely a RAM or Storage issue.
+The Elastic Stack is hungry for RAM, specifically `logstash` and `elasticsearch`. If the Elastic Stack is unavailable, does not receive any logs or simply keeps crashing it is most likely a RAM or storage issue.
While T-Pot keeps trying to restart the services / containers run `docker logs -f ` (either `logstash` or `elasticsearch`) and check if there are any warnings or failures involving RAM.
-Storage failures can be identified easier via `htop` or `glances`.
+Storage failures can be identified easier via `htop`.
# Contact
T-Pot is provided ***as is*** open source ***without*** any commitment regarding support ([see the disclaimer](#disclaimer)).
-If you are a company or institution and wish a personal contact aside from [issues](#issues) and [discussions](#discussions) please get in contact with our [sales team](https://www.t-systems.com/de/en/security).
-
If you are a security researcher and want to responsibly report an issue please get in touch with our [CERT](https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/introducing-deutsche-telekom-cert-358316).
## Issues
Please report issues (errors) on our [GitHub Issues](https://github.com/telekom-security/tpotce/issues), but [troubleshoot](#troubleshooting) first. Issues not providing information to address the error will be closed or converted into [discussions](#discussions).
-Feel free to use the search function, it is possible a similar issue has been addressed already, with the solution just a search away.
+Use the search function first, it is possible a similar issue has been addressed or discussed already, with the solution just a search away.
## Discussions
General questions, ideas, show & tell, etc. can be addressed on our [GitHub Discussions](https://github.com/telekom-security/tpotce/discussions).
-Feel free to use the search function, it is possible a similar discussion has been opened already, with an answer just a search away.
+Use the search function, it is possible a similar discussion has been opened already, with an answer just a search away.
# Licenses
@@ -709,25 +698,22 @@ The software that T-Pot is built on uses the following licenses.
Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE)
MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [ddospot](https://github.com/aelth/ddospot/blob/master/LICENSE), [elasticvue](https://github.com/cars10/elasticvue/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE), [hellpot](https://github.com/yunginnanet/HellPot/blob/master/LICENSE), [maltrail](https://github.com/stamparm/maltrail/blob/master/LICENSE)
Unlicense: [endlessh](https://github.com/skeeto/endlessh/blob/master/UNLICENSE)
-
Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/cowrie/cowrie/blob/master/LICENSE.rst), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/), [Elastic License](https://www.elastic.co/licensing/elastic-license)
+
Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/cowrie/cowrie/blob/master/LICENSE.rst), [mailoney](https://github.com/awhitehatter/mailoney), [Elastic License](https://www.elastic.co/licensing/elastic-license), [Wordpot](https://github.com/gbrindisi/wordpot)
AGPL-3.0: [honeypots](https://github.com/qeeqbox/honeypots/blob/main/LICENSE)
+
[Public Domain (CC)](https://creativecommons.org/publicdomain/zero/1.0/): [Harvard Dataverse](https://dataverse.harvard.edu/dataverse/harvard/?q=dicom)
# Credits
-Without open source and the fruitful development community (we are proud to be a part of), T-Pot would not have been possible! Our thanks are extended but not limited to the following people and organizations:
+Without open source and the development community we are proud to be a part of, T-Pot would not have been possible! Our thanks are extended but not limited to the following people and organizations:
### The developers and development communities of
* [adbhoney](https://github.com/huuck/ADBHoney/graphs/contributors)
-* [apt-fast](https://github.com/ilikenwf/apt-fast/graphs/contributors)
-* [bento](https://github.com/migueravila/Bento/graphs/contributors)
* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/graphs/contributors)
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot/graphs/contributors)
-* [cockpit](https://github.com/cockpit-project/cockpit/graphs/contributors)
* [conpot](https://github.com/mushorg/conpot/graphs/contributors)
* [cowrie](https://github.com/cowrie/cowrie/graphs/contributors)
* [ddospot](https://github.com/aelth/ddospot/graphs/contributors)
-* [debian](http://www.debian.org/)
* [dicompot](https://github.com/nsmfoo/dicompot/graphs/contributors)
* [dionaea](https://github.com/DinoTools/dionaea/graphs/contributors)
* [docker](https://github.com/docker/docker/graphs/contributors)
@@ -751,22 +737,23 @@ Without open source and the fruitful development community (we are proud to be a
* [medpot](https://github.com/schmalle/medpot/graphs/contributors)
* [p0f](http://lcamtuf.coredump.cx/p0f3/)
* [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/graphs/contributors)
-* [sentrypeer](https://github.com/SentryPeer/SentryPeer/graphs/contributors),
+* [sentrypeer](https://github.com/SentryPeer/SentryPeer/graphs/contributors)
* [spiderfoot](https://github.com/smicallef/spiderfoot)
* [snare](https://github.com/mushorg/snare/graphs/contributors)
* [tanner](https://github.com/mushorg/tanner/graphs/contributors)
* [suricata](https://github.com/inliniac/suricata/graphs/contributors)
+* [wordpot](https://github.com/gbrindisi/wordpot)
**The following companies and organizations**
-* [debian](https://www.debian.org/)
* [docker](https://www.docker.com/)
* [elastic.io](https://www.elastic.co/)
* [honeynet project](https://www.honeynet.org/)
-* [intel](http://www.intel.com)
**... and of course ***you*** for joining the community!**
+Thank you for playing π
+
# Testimonials
One of the greatest feedback we have gotten so far is by one of the Conpot developers:
***"[...] I highly recommend T-Pot which is ... it's not exactly a swiss army knife .. it's more like a swiss army soldier, equipped with a swiss army knife. Inside a tank. A swiss tank. [...]"***
diff --git a/SECURITY.md b/SECURITY.md
index 3350e6cb..356ca46e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,18 +3,21 @@
## Supported Versions
| Version | Supported |
-|---------| ------------------ |
-| 23.12.x | :white_check_mark: |
+|---------|--------------------|
+| 24.04.x | :white_check_mark: |
## Reporting a Vulnerability
-We take security of T-Pot very seriously. If one of T-Pot's components is affected, it is most likely that a upstream component we rely on is involved, such as a honeypot, docker image, tool or package. Together we will find the best possible way to remedy the situation.
+We prioritize the security of T-Pot highly. Often, vulnerabilities in T-Pot components stem from upstream dependencies, including honeypots, Docker images, tools, or packages. We are committed to working together to resolve any issues effectively.
-Before you submit a possible vulnerability, please ensure you have done the following:
-1. You have checked the documentation, issues and discussions if the detected behavior is typical and does not revolve around other issues. I.e. Cowrie will be detected with outgoing conncection requests or T-Pot opening all possible TCP ports which Honeytrap enabled install flavors will do as a feature.
-2. You have identified the vulnerable component and isolated your finding (honeypot, docker image, tool, package, etc.).
-3. You have a detailed description including log files, possibly debug files, with all steps necessary for us to reproduce / trigger the behaviour or vulnerability. At best you already have a possible solution, hotfix, fix or patch to remedy the situation and want to submit a PR.
-4. You have checked if the possible vulnerability is known upstream. If a fix / patch is already available, please provide the necessary info.
+Please follow these steps before reporting a potential vulnerability:
-We will get back to you as fast as possible. In case you think this is an emergency for the whole T-Pot community feel free to speed things up by **responsibly** informing our [CERT](https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/introducing-deutsche-telekom-cert-358316).
+1. Verify that the behavior you've observed isn't already documented as a normal aspect or unrelated issue of T-Pot. For example, Cowrie may initiate outgoing connections, or T-Pot might open all possible TCP portsβa feature enabled by Honeytrap.
+2. Clearly identify which component is vulnerable (e.g., a specific honeypot, Docker image, tool, package) and isolate the issue.
+3. Provide a detailed description of the issue, including log and, if available, debug files. Include all steps necessary to reproduce the vulnerability. If you have a proposed solution, hotfix, or patch, please be prepared to submit a pull request (PR).
+4. Check whether the vulnerability is already known upstream. If there is an existing fix or patch, include that information in your report.
+
+This approach ensures a thorough and efficient resolution process.
+
+We aim to respond as quickly as possible. If you believe the issue poses an immediate threat to the entire T-Pot community, you can expedite the process by responsibly alerting our [CERT](https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/introducing-deutsche-telekom-cert-358316).
diff --git a/_deprecated/bin/2fa.sh b/_deprecated/bin/2fa.sh
deleted file mode 100755
index bbd82c8f..00000000
--- a/_deprecated/bin/2fa.sh
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-
-# Make sure script is started as non-root.
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" = "root" ]
- then
- echo "Need to run as non-root ..."
- echo ""
- exit
-fi
-
-# set vars, check deps
-myPAM_COCKPIT_FILE="/etc/pam.d/cockpit"
-if ! [ -s "$myPAM_COCKPIT_FILE" ];
- then
- echo "### Cockpit PAM module config does not exist. Something went wrong."
- echo ""
- exit 1
-fi
-myPAM_COCKPIT_GA="
-
-# google authenticator for two-factor
-auth required pam_google_authenticator.so
-"
-myAUTHENTICATOR=$(which google-authenticator)
-if [ "$myAUTHENTICATOR" == "" ];
- then
- echo "### Could not locate google-authenticator, trying to install (if asked provide root password)."
- echo ""
- sudo apt-get update
- sudo apt-get install -y libpam-google-authenticator
- exec "$1" "$2"
- exit 1
-fi
-
-
-# write PAM changes
-function fuWRITE_PAM_CHANGES {
- myCHECK=$(cat $myPAM_COCKPIT_FILE | grep -c "google")
- if ! [ "$myCHECK" == "0" ];
- then
- echo "### PAM config already enabled. Skipped."
- echo ""
- else
- echo "### Updating PAM config for Cockpit (if asked provide root password)."
- echo "$myPAM_COCKPIT_GA" | sudo tee -a $myPAM_COCKPIT_FILE
- sudo systemctl restart cockpit
- fi
-}
-
-# create 2fa
-function fuGEN_TOKEN {
- echo "### Now generating token for Google Authenticator."
- echo ""
- google-authenticator -t -d -r 3 -R 30 -w 17
-}
-
-
-# main
-echo "### This script will enable Two Factor Authentication for Cockpit."
-echo ""
-echo "### Please download one of the many authenticator apps from the appstore of your choice."
-echo ""
-while true;
- do
- read -p "### Ready to start (y/n)? " myANSWER
- case $myANSWER in
- [Yy]* ) echo "### OK. Starting ..."; break;;
- [Nn]* ) echo "### Exiting."; exit;;
- esac
-done
-
-fuWRITE_PAM_CHANGES
-fuGEN_TOKEN
-
-echo "Done. Re-run this script by every user who needs Cockpit access."
-echo ""
diff --git a/_deprecated/bin/backup_es_folders.sh b/_deprecated/bin/backup_es_folders.sh
deleted file mode 100755
index 3d15261b..00000000
--- a/_deprecated/bin/backup_es_folders.sh
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/bin/bash
-# Run as root only.
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ];
- then
- echo "Need to run as root ..."
- exit
-fi
-
-if [ "$1" == "" ] || [ "$1" != "all" ] && [ "$1" != "base" ];
- then
- echo "Usage: backup_es_folders [all, base]"
- echo " all = backup all ES folder"
- echo " base = backup only Kibana index".
- echo
- exit
-fi
-
-# Backup all ES relevant folders
-# Make sure ES is available
-myES="http://127.0.0.1:64298/"
-myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
-if ! [ "$myESSTATUS" = "1" ]
- then
- echo "### Elasticsearch is not available, try starting via 'systemctl start tpot'."
- exit
- else
- echo "### Elasticsearch is available, now continuing."
- echo
-fi
-
-# Set vars
-myCOUNT=1
-myDATE=$(date +%Y%m%d%H%M)
-myELKPATH="/data/elk/data"
-myKIBANAINDEXNAME=$(curl -s -XGET ''$myES'_cat/indices/.kibana' | awk '{ print $4 }')
-myKIBANAINDEXPATH=$myELKPATH/indices/$myKIBANAINDEXNAME
-
-# Let's ensure normal operation on exit or if interrupted ...
-function fuCLEANUP {
- ### Start ELK
- systemctl start tpot
- echo "### Now starting T-Pot ..."
-}
-trap fuCLEANUP EXIT
-
-# Stop T-Pot to lift db lock
-echo "### Now stopping T-Pot"
-systemctl stop tpot
-sleep 2
-
-# Backup DB in 2 flavors
-echo "### Now backing up Elasticsearch folders ..."
-if [ "$1" == "all" ];
- then
- tar cvfz "elkall_"$myDATE".tgz" $myELKPATH
-elif [ "$1" == "base" ];
- then
- tar cvfz "elkbase_"$myDATE".tgz" $myKIBANAINDEXPATH
-fi
-
diff --git a/_deprecated/bin/blackhole.sh b/_deprecated/bin/blackhole.sh
deleted file mode 100755
index e2a51af0..00000000
--- a/_deprecated/bin/blackhole.sh
+++ /dev/null
@@ -1,109 +0,0 @@
-#!/bin/bash
-
-# Run as root only.
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
- then
- echo "### Need to run as root ..."
- echo
- exit
-fi
-
-# Disclaimer
-if [ "$1" == "" ];
- then
- echo "### Warning!"
- echo "### This script will download and add blackhole routes for known mass scanners in an attempt to decrease the chance of detection."
- echo "### IPs are neither curated or verified, use at your own risk!"
- echo "###"
- echo "### As long as is not executed the routes will be re-added on T-Pot start through ."
- echo "### Check with or if blackhole is enabled."
- echo
- echo "Usage: blackhole.sh add (add blackhole routes)"
- echo " blackhole.sh del (delete blackhole routes)"
- echo
- exit
-fi
-
-# QnD paths, files
-mkdir -p /etc/blackhole
-cd /etc/blackhole
-myFILE="mass_scanner.txt"
-myURL="https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner.txt"
-myBASELINE="500"
-# Alternatively, using less routes, but blocking complete /24 networks
-#myFILE="mass_scanner_cidr.txt"
-#myURL="https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner_cidr.txt"
-
-# Calculate age of downloaded list, read IPs
-if [ -f "$myFILE" ];
- then
- myNOW=$(date +%s)
- myOLD=$(date +%s -r "$myFILE")
- myDAYS=$(( ($myNOW-$myOLD) / (60*60*24) ))
- echo "### Downloaded $myFILE list is $myDAYS days old."
- myBLACKHOLE_IPS=$(grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}\b" "$myFILE" | sort -u)
-fi
-
-# Let's load ip list
-if [[ ! -f "$myFILE" && "$1" == "add" || "$myDAYS" -gt 30 ]];
- then
- echo "### Downloading $myFILE list."
- aria2c --allow-overwrite -s16 -x 16 "$myURL" && \
- myBLACKHOLE_IPS=$(grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}\b" "$myFILE" | sort -u)
-fi
-
-myCOUNT=$(echo $myBLACKHOLE_IPS | wc -w)
-# Let's extract mass scanner IPs
-if [ "$myCOUNT" -lt "$myBASELINE" ] && [ "$1" == "add" ];
- then
- echo "### Something went wrong. Please check contents of /etc/blackhole/$myFILE."
- echo "### Aborting."
- echo
- exit
-elif [ "$(ip r | grep 'blackhole' -c)" -gt "$myBASELINE" ] && [ "$1" == "add" ];
- then
- echo "### Blackhole already enabled."
- echo "### Aborting."
- echo
- exit
-fi
-
-# Let's add blackhole routes for all mass scanner IPs
-if [ "$1" == "add" ];
- then
- echo
- echo -n "Now adding $myCOUNT IPs to blackhole."
- for i in $myBLACKHOLE_IPS;
- do
- ip route add blackhole "$i"
- echo -n "."
- done
- echo
- echo "Added $(ip r | grep "blackhole" -c) IPs to blackhole."
- echo
- echo "### Remember!"
- echo "### As long as is not executed the routes will be re-added on T-Pot start through ."
- echo "### Check with or if blackhole is enabled."
- echo
- exit
-fi
-
-# Let's delete blackhole routes for all mass scanner IPs
-if [ "$1" == "del" ] && [ "$myCOUNT" -gt "$myBASELINE" ];
- then
- echo
- echo -n "Now deleting $myCOUNT IPs from blackhole."
- for i in $myBLACKHOLE_IPS;
- do
- ip route del blackhole "$i"
- echo -n "."
- done
- echo
- echo "$(ip r | grep 'blackhole' -c) IPs remaining in blackhole."
- echo
- rm "$myFILE"
- else
- echo "### Blackhole already disabled."
- echo
-fi
diff --git a/_deprecated/bin/change_ews_config.sh b/_deprecated/bin/change_ews_config.sh
deleted file mode 100755
index 5b660656..00000000
--- a/_deprecated/bin/change_ews_config.sh
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/bin/bash
-
-echo """
-
-##############################
-# T-POT DTAG Data Submission #
-# Contact: #
-# cert@telekom.de #
-##############################
-"""
-
-# Got root?
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
- then
- echo "Need to run as root ..."
- sudo ./$0
- exit
-fi
-
-printf "[*] Enter your API UserID: "
-read apiUser
-printf "[*] Enter your API Token: "
-read apiToken
-printf "[*] If you have multiple T-Pots running, give them each a unique NUMBER, e.g. '2' for your second T-Pot installation. Enter unique number for THIS T-Pot: "
-read indexNumber
-if ! [[ "$indexNumber" =~ ^[0-9]+$ ]]
- then
- echo "Sorry integers only. You have to start over..."
- exit 1
-fi
-apiURL="https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage"
-printf "[*] Currently, your honeypot is configured to transmit data the default backend at 'https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage'. Do you want to change this API endpoint? Only do this if you run your own PEBA backend instance? (N/y): "
-read replyAPI
-if [[ $replyAPI =~ ^[Yy]$ ]]
-then
- printf "[*] Enter your API endpoint URL and make sure it contains the full path, e.g. 'https://myDomain.local:9922/ews-0.1/alert/postSimpleMessage': "
- read apiURL
-fi
-
-
-
-echo ""
-echo "[*] Recap! You defined: "
-echo "############################"
-echo "API User: " $apiUser
-echo "API Token: " $apiToken
-echo "API URL: " $apiURL
-echo "Unique numeric ID for your T-Pot Installation: " $indexNumber
-echo "Specific honeypot-IDs will look like : -"$apiUser"-"$indexNumber
-echo "############################"
-echo ""
-printf "[*] Is the above correct (y/N)? "
-read reply
-if [[ ! $reply =~ ^[Yy]$ ]]
-then
- echo "OK, then run this again..."
- exit 1
-fi
-echo ""
-echo "[+] Creating config file with API UserID '$apiUser' and API Token '$apiToken'."
-echo "[+] Fetching config file from github. Outgoing https requests must be enabled!"
-wget -q https://raw.githubusercontent.com/telekom-security/tpotce/master/docker/ews/dist/ews.cfg -O ews.cfg.dist
-if [[ -f "ews.cfg.dist" ]]; then
- echo "[+] Successfully downloaded ews.cfg from github."
-else
- echo "[+] Could not download ews.cfg from github."
- exit 1
-fi
-echo "[+] Patching ews.cfg API Credentials."
-sed 's/community-01-user/'$apiUser'/' ews.cfg.dist > ews.cfg
-sed -i 's/foth{a5maiCee8fineu7/'$apiToken'/' ews.cfg
-echo "[+] Patching ews.cfg API Url."
-apiURL=${apiURL////\\/};
-sed -i 's/https:\/\/community.sicherheitstacho.eu\/ews-0.1\/alert\/postSimpleMessage/'$apiURL'/' ews.cfg
-echo "[+] Patching ews.cfg honeypot IDs."
-sed -i 's/community-01/'$apiUser'-'$indexNumber'/' ews.cfg
-
-rm ews.cfg.dist
-
-echo "[+] Changing tpot.yml to include new ews.cfg."
-
-cp ews.cfg /data/ews/conf/ews.cfg
-cp /opt/tpot/etc/tpot.yml /opt/tpot/etc/tpot.yml.bak
-sed -i '/- \/data\/ews\/conf\/ews.ip:\/opt\/ewsposter\/ews.ip/a\ \ \ - \/data\/ews\/conf\/ews.cfg:\/opt\/ewsposter\/ews.cfg' /opt/tpot/etc/tpot.yml
-
-echo "[+] Restarting T-Pot."
-systemctl restart tpot
-echo "[+] Done."
diff --git a/_deprecated/bin/clean.sh b/_deprecated/bin/clean.sh
deleted file mode 100755
index c9e6cb44..00000000
--- a/_deprecated/bin/clean.sh
+++ /dev/null
@@ -1,372 +0,0 @@
-#!/bin/bash
-# T-Pot Container Data Cleaner & Log Rotator
-# Set colors
-myRED="�[0;31m"
-myGREEN="�[0;32m"
-myWHITE="�[0;0m"
-
-# Set pigz
-myPIGZ=$(which pigz)
-
-# Set persistence
-myPERSISTENCE=$1
-
-# Let's create a function to check if folder is empty
-fuEMPTY () {
- local myFOLDER=$1
-
-echo $(ls $myFOLDER | wc -l)
-}
-
-# Let's create a function to rotate and compress logs
-fuLOGROTATE () {
- local mySTATUS="/opt/tpot/etc/logrotate/status"
- local myCONF="/opt/tpot/etc/logrotate/logrotate.conf"
- local myADBHONEYTGZ="/data/adbhoney/downloads.tgz"
- local myADBHONEYDL="/data/adbhoney/downloads/"
- local myCOWRIETTYLOGS="/data/cowrie/log/tty/"
- local myCOWRIETTYTGZ="/data/cowrie/log/ttylogs.tgz"
- local myCOWRIEDL="/data/cowrie/downloads/"
- local myCOWRIEDLTGZ="/data/cowrie/downloads.tgz"
- local myDIONAEABI="/data/dionaea/bistreams/"
- local myDIONAEABITGZ="/data/dionaea/bistreams.tgz"
- local myDIONAEABIN="/data/dionaea/binaries/"
- local myDIONAEABINTGZ="/data/dionaea/binaries.tgz"
- local myHONEYTRAPATTACKS="/data/honeytrap/attacks/"
- local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
- local myHONEYTRAPDL="/data/honeytrap/downloads/"
- local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz"
- local myTANNERF="/data/tanner/files/"
- local myTANNERFTGZ="/data/tanner/files.tgz"
-
-# Ensure correct permissions and ownerships for logrotate to run without issues
-chmod 770 /data/ -R
-chown tpot:tpot /data -R
-chmod 644 /data/nginx/conf -R
-chmod 644 /data/nginx/cert -R
-
-# Run logrotate with force (-f) first, so the status file can be written and race conditions (with tar) be avoided
-logrotate -f -s $mySTATUS $myCONF
-
-# Compressing some folders first and rotate them later
-if [ "$(fuEMPTY $myADBHONEYDL)" != "0" ]; then tar -I $myPIGZ -cvf $myADBHONEYTGZ $myADBHONEYDL; fi
-if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIETTYTGZ $myCOWRIETTYLOGS; fi
-if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIEDLTGZ $myCOWRIEDL; fi
-if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABITGZ $myDIONAEABI; fi
-if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABINTGZ $myDIONAEABIN; fi
-if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
-if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
-if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar -I $myPIGZ -cvf $myTANNERFTGZ $myTANNERF; fi
-
-# Ensure correct permissions and ownership for previously created archives
-chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
-chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
-
-# Need to remove subfolders since too many files cause rm to exit with errors
-rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
-
-# Recreate subfolders with correct permissions and ownership
-mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
-chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
-chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
-
-# Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
-logrotate -s $mySTATUS $myCONF
-}
-
-# Let's create a function to clean up and prepare honeytrap data
-fuADBHONEY () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/adbhoney/*; fi
- mkdir -p /data/adbhoney/log/ /data/adbhoney/downloads/
- chmod 770 /data/adbhoney/ -R
- chown tpot:tpot /data/adbhoney/ -R
-}
-
-# Let's create a function to clean up and prepare ciscoasa data
-fuCISCOASA () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ciscoasa/*; fi
- mkdir -p /data/ciscoasa/log
- chmod 770 /data/ciscoasa -R
- chown tpot:tpot /data/ciscoasa -R
-}
-
-# Let's create a function to clean up and prepare citrixhoneypot data
-fuCITRIXHONEYPOT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/citrixhoneypot/*; fi
- mkdir -p /data/citrixhoneypot/logs/
- chmod 770 /data/citrixhoneypot/ -R
- chown tpot:tpot /data/citrixhoneypot/ -R
-}
-
-# Let's create a function to clean up and prepare conpot data
-fuCONPOT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi
- mkdir -p /data/conpot/log
- chmod 770 /data/conpot -R
- chown tpot:tpot /data/conpot -R
-}
-
-# Let's create a function to clean up and prepare cowrie data
-fuCOWRIE () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/cowrie/*; fi
- mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/
- chmod 770 /data/cowrie -R
- chown tpot:tpot /data/cowrie -R
-}
-
-# Let's create a function to clean up and prepare ddospot data
-fuDDOSPOT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ddospot/log; fi
- mkdir -p /data/ddospot/bl /data/ddospot/db /data/ddospot/log
- chmod 770 /data/ddospot -R
- chown tpot:tpot /data/ddospot -R
-}
-
-# Let's create a function to clean up and prepare dicompot data
-fuDICOMPOT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/log; fi
- mkdir -p /data/dicompot/log
- mkdir -p /data/dicompot/images
- chmod 770 /data/dicompot -R
- chown tpot:tpot /data/dicompot -R
-}
-
-# Let's create a function to clean up and prepare dionaea data
-fuDIONAEA () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dionaea/*; fi
- mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp
- chmod 770 /data/dionaea -R
- chown tpot:tpot /data/dionaea -R
-}
-
-# Let's create a function to clean up and prepare elasticpot data
-fuELASTICPOT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elasticpot/*; fi
- mkdir -p /data/elasticpot/log
- chmod 770 /data/elasticpot -R
- chown tpot:tpot /data/elasticpot -R
-}
-
-# Let's create a function to clean up and prepare elk data
-fuELK () {
- # ELK data will be kept for <= 90 days, check /etc/crontab for curator modification
- # ELK daemon log files will be removed
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elk/log/*; fi
- mkdir -p /data/elk
- chmod 770 /data/elk -R
- chown tpot:tpot /data/elk -R
-}
-
-# Let's create a function to clean up and prepare endlessh data
-fuENDLESSH () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/endlessh/log; fi
- mkdir -p /data/endlessh/log
- chmod 770 /data/endlessh -R
- chown tpot:tpot /data/endlessh -R
-}
-
-# Let's create a function to clean up and prepare fatt data
-fuFATT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/fatt/*; fi
- mkdir -p /data/fatt/log
- chmod 770 -R /data/fatt
- chown tpot:tpot -R /data/fatt
-}
-
-# Let's create a function to clean up and prepare glastopf data
-fuGLUTTON () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi
- mkdir -p /data/glutton/log
- chmod 770 /data/glutton -R
- chown tpot:tpot /data/glutton -R
-}
-
-# Let's create a function to clean up and prepare hellpot data
-fuHELLPOT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
- mkdir -p /data/hellpot/log
- chmod 770 /data/hellpot -R
- chown tpot:tpot /data/hellpot -R
-}
-
-# Let's create a function to clean up and prepare heralding data
-fuHERALDING () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/heralding/*; fi
- mkdir -p /data/heralding/log
- chmod 770 /data/heralding -R
- chown tpot:tpot /data/heralding -R
-}
-
-# Let's create a function to clean up and prepare honeypots data
-fuHONEYPOTS () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeypots/*; fi
- mkdir -p /data/honeypots/log
- chmod 770 /data/honeypots -R
- chown tpot:tpot /data/honeypots -R
-}
-
-# Let's create a function to clean up and prepare honeysap data
-fuHONEYSAP () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeysap/*; fi
- mkdir -p /data/honeysap/log
- chmod 770 /data/honeysap -R
- chown tpot:tpot /data/honeysap -R
-}
-
-# Let's create a function to clean up and prepare honeytrap data
-fuHONEYTRAP () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeytrap/*; fi
- mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
- chmod 770 /data/honeytrap/ -R
- chown tpot:tpot /data/honeytrap/ -R
-}
-
-# Let's create a function to clean up and prepare ipphoney data
-fuIPPHONEY () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ipphoney/*; fi
- mkdir -p /data/ipphoney/log
- chmod 770 /data/ipphoney -R
- chown tpot:tpot /data/ipphoney -R
-}
-
-# Let's create a function to clean up and prepare log4pot data
-fuLOG4POT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/log4pot/*; fi
- mkdir -p /data/log4pot/log
- chmod 770 /data/log4pot -R
- chown tpot:tpot /data/log4pot -R
-}
-
-# Let's create a function to clean up and prepare mailoney data
-fuMAILONEY () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/mailoney/*; fi
- mkdir -p /data/mailoney/log/
- chmod 770 /data/mailoney/ -R
- chown tpot:tpot /data/mailoney/ -R
-}
-
-# Let's create a function to clean up and prepare mailoney data
-fuMEDPOT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/medpot/*; fi
- mkdir -p /data/medpot/log/
- chmod 770 /data/medpot/ -R
- chown tpot:tpot /data/medpot/ -R
-}
-
-# Let's create a function to clean up nginx logs
-fuNGINX () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/nginx/log/*; fi
- touch /data/nginx/log/error.log
- chmod 644 /data/nginx/conf -R
- chmod 644 /data/nginx/cert -R
-}
-
-# Let's create a function to clean up and prepare rdpy data
-fuRDPY () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/rdpy/*; fi
- mkdir -p /data/rdpy/log/
- chmod 770 /data/rdpy/ -R
- chown tpot:tpot /data/rdpy/ -R
-}
-
-# Let's create a function to clean up and prepare redishoneypot data
-fuREDISHONEYPOT () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/redishoneypot/log; fi
- mkdir -p /data/redishoneypot/log
- chmod 770 /data/redishoneypot -R
- chown tpot:tpot /data/redishoneypot -R
-}
-
-# Let's create a function to clean up and prepare sentrypeer data
-fuSENTRYPEER () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/sentrypeer/log; fi
- mkdir -p /data/sentrypeer/log
- chmod 770 /data/sentrypeer -R
- chown tpot:tpot /data/sentrypeer -R
-}
-
-# Let's create a function to prepare spiderfoot db
-fuSPIDERFOOT () {
- mkdir -p /data/spiderfoot
- touch /data/spiderfoot/spiderfoot.db
- chmod 770 -R /data/spiderfoot
- chown tpot:tpot -R /data/spiderfoot
-}
-
-# Let's create a function to clean up and prepare suricata data
-fuSURICATA () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/suricata/*; fi
- mkdir -p /data/suricata/log
- chmod 770 -R /data/suricata
- chown tpot:tpot -R /data/suricata
-}
-
-# Let's create a function to clean up and prepare p0f data
-fuP0F () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/p0f/*; fi
- mkdir -p /data/p0f/log
- chmod 770 -R /data/p0f
- chown tpot:tpot -R /data/p0f
-}
-
-# Let's create a function to clean up and prepare p0f data
-fuTANNER () {
- if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/tanner/*; fi
- mkdir -p /data/tanner/log /data/tanner/files
- chmod 770 -R /data/tanner
- chown tpot:tpot -R /data/tanner
-}
-
-# Avoid unwanted cleaning
-if [ "$myPERSISTENCE" = "" ];
- then
- echo $myRED"!!! WARNING !!! - This will delete ALL honeypot logs. "$myWHITE
- while [ "$myQST" != "y" ] && [ "$myQST" != "n" ];
- do
- read -p "Continue? (y/n) " myQST
- done
- if [ "$myQST" = "n" ];
- then
- echo $myGREEN"Puuh! That was close! Aborting!"$myWHITE
- exit
- fi
-fi
-
-# Check persistence, if enabled compress and rotate logs
-if [ "$myPERSISTENCE" = "on" ];
- then
- echo "Persistence enabled, now rotating and compressing logs."
- fuLOGROTATE
- else
- echo "Cleaning up and preparing data folders."
- fuADBHONEY
- fuCISCOASA
- fuCITRIXHONEYPOT
- fuCONPOT
- fuCOWRIE
- fuDDOSPOT
- fuDICOMPOT
- fuDIONAEA
- fuELASTICPOT
- fuELK
- fuENDLESSH
- fuFATT
- fuGLUTTON
- fuHERALDING
- fuHELLPOT
- fuHONEYSAP
- fuHONEYPOTS
- fuHONEYTRAP
- fuIPPHONEY
- fuLOG4POT
- fuMAILONEY
- fuMEDPOT
- fuNGINX
- fuREDISHONEYPOT
- fuRDPY
- fuSENTRYPEER
- fuSPIDERFOOT
- fuSURICATA
- fuP0F
- fuTANNER
- fi
diff --git a/_deprecated/bin/deploy.sh b/_deprecated/bin/deploy.sh
deleted file mode 100755
index e1d5af4b..00000000
--- a/_deprecated/bin/deploy.sh
+++ /dev/null
@@ -1,182 +0,0 @@
-#!/bin/bash
-
-# Do we have root?
-function fuGOT_ROOT {
-echo
-echo -n "### Checking for root: "
-if [ "$(whoami)" != "root" ];
- then
- echo "[ NOT OK ]"
- echo "### Please run as root."
- echo "### Example: sudo $0"
- exit
- else
- echo "[ OK ]"
-fi
-}
-
-function fuDEPLOY_SENSOR () {
-echo
-echo "###############################"
-echo "# Deploying to T-Pot Hive ... #"
-echo "###############################"
-echo
-sshpass -e ssh -4 -t -T -l "$MY_TPOT_USERNAME" -p 64295 "$MY_HIVE_IP" << EOF
-echo "$SSHPASS" | sudo -S bash -c 'useradd -m -s /sbin/nologin -G tpotlogs "$MY_HIVE_USERNAME";
-mkdir -p /home/"$MY_HIVE_USERNAME"/.ssh;
-echo "$MY_SENSOR_PUBLICKEY" >> /home/"$MY_HIVE_USERNAME"/.ssh/authorized_keys;
-chmod 600 /home/"$MY_HIVE_USERNAME"/.ssh/authorized_keys;
-chmod 755 /home/"$MY_HIVE_USERNAME"/.ssh;
-chown "$MY_HIVE_USERNAME":"$MY_HIVE_USERNAME" -R /home/"$MY_HIVE_USERNAME"/.ssh'
-EOF
-
-echo
-echo "###########################"
-echo "# Done. Please reboot ... #"
-echo "###########################"
-echo
-
-exit 0
-}
-
-# Check Hive availability
-function fuCHECK_HIVE () {
-echo
-echo "############################################"
-echo "# Checking for T-Pot Hive availability ... #"
-echo "############################################"
-echo
-sshpass -e ssh -4 -t -l "$MY_TPOT_USERNAME" -p 64295 -f -N -L64305:127.0.0.1:64305 "$MY_HIVE_IP" -o "StrictHostKeyChecking=no"
-if [ $? -eq 0 ];
- then
- echo
- echo "#########################"
- echo "# T-Pot Hive available! #"
- echo "#########################"
- echo
- myHIVE_OK=$(curl -s http://127.0.0.1:64305)
- if [ "$myHIVE_OK" == "ok" ];
- then
- echo
- echo "##############################"
- echo "# T-Pot Hive tunnel test OK! #"
- echo "##############################"
- echo
- kill -9 $(pidof ssh)
- else
- echo
- echo "######################################################"
- echo "# T-Pot Hive tunnel test FAILED! #"
- echo "# Tunneled port tcp/64305 unreachable on T-Pot Hive. #"
- echo "# Aborting. #"
- echo "######################################################"
- echo
- kill -9 $(pidof ssh)
- rm $MY_SENSOR_PUBLICKEYFILE
- rm $MY_SENSOR_PRIVATEKEYFILE
- rm $MY_LS_ENVCONFIGFILE
- exit 1
- fi;
- else
- echo
- echo "#################################################################"
- echo "# Something went wrong, most likely T-Pot Hive was unreachable! #"
- echo "# Aborting. #"
- echo "#################################################################"
- echo
- rm $MY_SENSOR_PUBLICKEYFILE
- rm $MY_SENSOR_PRIVATEKEYFILE
- rm $MY_LS_ENVCONFIGFILE
- exit 1
-fi;
-}
-
-function fuGET_DEPLOY_DATA () {
-echo
-echo "### Please provide data from your T-Pot Hive installation."
-echo "### This usually is the one running the 'T-Pot Hive' type."
-echo "### You will be needing the OS user (typically 'tsec'), the users' password and the IP / FQDN."
-echo "### Do not worry, the password will not be persisted!"
-echo
-
-read -p "Username: " MY_TPOT_USERNAME
-read -s -p "Password: " SSHPASS
-echo
-export SSHPASS
-read -p "IP / FQDN: " MY_HIVE_IP
-MY_HIVE_USERNAME="$(hostname)"
-MY_TPOT_TYPE="SENSOR"
-MY_LS_ENVCONFIGFILE="/data/elk/logstash/ls_environment"
-
-MY_SENSOR_PUBLICKEYFILE="/data/elk/logstash/$MY_HIVE_USERNAME.pub"
-MY_SENSOR_PRIVATEKEYFILE="/data/elk/logstash/$MY_HIVE_USERNAME"
-if ! [ -s "$MY_SENSOR_PRIVATEKEYFILE" ] && ! [ -s "$MY_SENSOR_PUBLICKEYFILE" ];
- then
- echo
- echo "##############################"
- echo "# Generating ssh keyfile ... #"
- echo "##############################"
- echo
- mkdir -p /data/elk/logstash
- ssh-keygen -f "$MY_SENSOR_PRIVATEKEYFILE" -N "" -C "$MY_HIVE_USERNAME"
- MY_SENSOR_PUBLICKEY="$(cat "$MY_SENSOR_PUBLICKEYFILE")"
- else
- echo
- echo "#############################################"
- echo "# There is already a ssh keyfile. Aborting. #"
- echo "#############################################"
- echo
- exit 1
-fi
-echo
-echo "###########################################################"
-echo "# Writing config to /data/elk/logstash/ls_environment. #"
-echo "# If you make changes to this file, you need to reboot or #"
-echo "# run /opt/tpot/bin/updateip.sh. #"
-echo "###########################################################"
-echo
-tee $MY_LS_ENVCONFIGFILE << EOF
-MY_TPOT_TYPE=$MY_TPOT_TYPE
-MY_SENSOR_PRIVATEKEYFILE=$MY_SENSOR_PRIVATEKEYFILE
-MY_HIVE_USERNAME=$MY_HIVE_USERNAME
-MY_HIVE_IP=$MY_HIVE_IP
-EOF
-}
-
-# Deploy Pot to Hive
-fuGOT_ROOT
-echo
-echo "#################################"
-echo "# Ship T-Pot Logs to T-Pot Hive #"
-echo "#################################"
-echo
-echo "If you already have a T-Pot Hive installation running and"
-echo "this T-Pot installation is running the type \"Pot\" the"
-echo "script will automagically setup this T-Pot to ship and"
-echo "prepare the Hive to receive logs from this T-Pot."
-echo
-echo
-echo "###################################"
-echo "# Deploy T-Pot Logs to T-Pot Hive #"
-echo "###################################"
-echo
-echo "[c] - Continue deplyoment"
-echo "[q] - Abort and exit"
-echo
-while [ 1 != 2 ]
- do
- read -s -n 1 -p "Your choice: " mySELECT
- echo $mySELECT
- case "$mySELECT" in
- [c,C])
- fuGET_DEPLOY_DATA
- fuCHECK_HIVE
- fuDEPLOY_SENSOR
- break
- ;;
- [q,Q])
- echo "Aborted."
- exit 0
- ;;
- esac
-done
diff --git a/_deprecated/bin/deprecated/export_kibana-objects.sh b/_deprecated/bin/deprecated/export_kibana-objects.sh
deleted file mode 100755
index e5280dd4..00000000
--- a/_deprecated/bin/deprecated/export_kibana-objects.sh
+++ /dev/null
@@ -1,94 +0,0 @@
-#!/bin/bash
-# Export all Kibana objects through Kibana Saved Objects API
-# Make sure ES is available
-myES="http://127.0.0.1:64298/"
-myKIBANA="http://127.0.0.1:64296/"
-myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
-if ! [ "$myESSTATUS" = "1" ]
- then
- echo "### Elasticsearch is not available, try starting via 'systemctl start tpot'."
- exit
- else
- echo "### Elasticsearch is available, now continuing."
- echo
-fi
-
-# Set vars
-myDATE=$(date +%Y%m%d%H%M)
-myINDEXCOUNT=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=index-pattern' | jq '.saved_objects[].attributes' | tr '\\' '\n' | grep -E "scripted|url" | wc -w)
-myINDEXID=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=index-pattern' | jq '.saved_objects[].id' | tr -d '"')
-myDASHBOARDS=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=dashboard&per_page=500' | jq '.saved_objects[].id' | tr -d '"')
-myVISUALIZATIONS=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=visualization&per_page=500' | jq '.saved_objects[].id' | tr -d '"')
-mySEARCHES=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=search&per_page=500' | jq '.saved_objects[].id' | tr -d '"')
-myCONFIGS=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=config&per_page=500' | jq '.saved_objects[].id' | tr -d '"')
-myCOL1="�[0;34m"
-myCOL0="�[0;0m"
-
-# Let's ensure normal operation on exit or if interrupted ...
-function fuCLEANUP {
- rm -rf patterns/ dashboards/ visualizations/ searches/ configs/
-}
-trap fuCLEANUP EXIT
-
-# Export index patterns
-mkdir -p patterns
-echo $myCOL1"### Now exporting"$myCOL0 $myINDEXCOUNT $myCOL1"index pattern fields." $myCOL0
-curl -s -XGET ''$myKIBANA'api/saved_objects/index-pattern/'$myINDEXID'' | jq '. | {attributes, references}' > patterns/$myINDEXID.json &
-echo
-
-# Export dashboards
-mkdir -p dashboards
-echo $myCOL1"### Now exporting"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0
-for i in $myDASHBOARDS;
- do
- echo $myCOL1"###### "$i $myCOL0
- curl -s -XGET ''$myKIBANA'api/saved_objects/dashboard/'$i'' | jq '. | {attributes, references}' > dashboards/$i.json &
- done;
-echo
-
-# Export visualizations
-mkdir -p visualizations
-echo $myCOL1"### Now exporting"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0
-for i in $myVISUALIZATIONS;
- do
- echo $myCOL1"###### "$i $myCOL0
- curl -s -XGET ''$myKIBANA'api/saved_objects/visualization/'$i'' | jq '. | {attributes, references}' > visualizations/$i.json &
- done;
-echo
-
-# Export searches
-mkdir -p searches
-echo $myCOL1"### Now exporting"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0
-for i in $mySEARCHES;
- do
- echo $myCOL1"###### "$i $myCOL0
- curl -s -XGET ''$myKIBANA'api/saved_objects/search/'$i'' | jq '. | {attributes, references}' > searches/$i.json &
- done;
-echo
-
-# Export configs
-mkdir -p configs
-echo $myCOL1"### Now exporting"$myCOL0 $(echo $myCONFIGS | wc -w) $myCOL1"configs." $myCOL0
-for i in $myCONFIGS;
- do
- echo $myCOL1"###### "$i $myCOL0
- curl -s -XGET ''$myKIBANA'api/saved_objects/config/'$i'' | jq '. | {attributes, references}' > configs/$i.json &
- done;
-echo
-
-# Wait for background exports to finish
-wait
-
-# Building tar archive
-echo $myCOL1"### Now building archive"$myCOL0 "kibana-objects_"$myDATE".tgz"
-tar cvfz kibana-objects_$myDATE.tgz patterns dashboards visualizations searches configs > /dev/null
-
-# Stats
-echo
-echo $myCOL1"### Statistics"
-echo $myCOL1"###### Exported"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0
-echo $myCOL1"###### Exported"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0
-echo $myCOL1"###### Exported"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0
-echo $myCOL1"###### Exported"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0
-echo $myCOL1"###### Exported"$myCOL0 $(echo $myCONFIGS | wc -w) $myCOL1"configs." $myCOL0
-echo
diff --git a/_deprecated/bin/deprecated/hptest.sh b/_deprecated/bin/deprecated/hptest.sh
deleted file mode 100755
index 94806a71..00000000
--- a/_deprecated/bin/deprecated/hptest.sh
+++ /dev/null
@@ -1,122 +0,0 @@
-#!/bin/bash
-
-myHOST="$1"
-myPACKAGES="dcmtk netcat nmap"
-myMEDPOTPACKET="
-MSH|^~\&|ADT1|MCM|LABADT|MCM|198808181126|SECURITY|ADT^A01|MSG00001-|P|2.6
-EVN|A01|198808181123
-PID|||PATID1234^5^M11^^AN||JONES^WILLIAM^A^III||19610615|M||2106-3|677 DELAWARE AVENUE^^EVERETT^MA^02149|GL|(919)379-1212|(919)271-3434~(919)277-3114||S||PATID12345001^2^M10^^ACSN|123456789|9-87654^NC
-NK1|1|JONES^BARBARA^K|SPO|||||20011105
-NK1|1|JONES^MICHAEL^A|FTH
-PV1|1|I|2000^2012^01||||004777^LEBAUER^SIDNEY^J.|||SUR||-||ADM|A0
-AL1|1||^PENICILLIN||CODE16~CODE17~CODE18
-AL1|2||^CAT DANDER||CODE257
-DG1|001|I9|1550|MAL NEO LIVER, PRIMARY|19880501103005|F
-PR1|2234|M11|111^CODE151|COMMON PROCEDURES|198809081123
-ROL|45^RECORDER^ROLE MASTER LIST|AD|RO|KATE^SMITH^ELLEN|199505011201
-GT1|1122|1519|BILL^GATES^A
-IN1|001|A357|1234|BCMD|||||132987
-IN2|ID1551001|SSN12345678
-ROL|45^RECORDER^ROLE MASTER LIST|AD|RO|KATE^ELLEN|199505011201"
-
-function fuGOTROOT {
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
- then
- echo "Need to run as root ..."
- exit
-fi
-}
-
-function fuCHECKDEPS {
-myINST=""
-for myDEPS in $myPACKAGES;
-do
- myOK=$(dpkg -s $myDEPS | grep ok | awk '{ print $3 }');
- if [ "$myOK" != "ok" ]
- then
- myINST=$(echo $myINST $myDEPS)
- fi
-done
-if [ "$myINST" != "" ]
- then
- apt-get update -y
- for myDEPS in $myINST;
- do
- apt-get install $myDEPS -y
- done
-fi
-}
-
-function fuCHECKFORARGS {
-if [ "$myHOST" != "" ];
- then
- echo "All arguments met. Continuing."
- else
- echo "Usage: hp_test.sh <[host or ip]>"
- exit
-fi
-}
-
-function fuGETPORTS {
-myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ' | sed -e s/^:// | cut -f1 -d ':' | grep -v "6429\|6430" | sort -gu)
-myPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo "$i"; done)
-echo "Found these ports enabled:"
-echo "$myPORTS"
-exit
-}
-
-function fuSCAN {
-local myTIMEOUT="$1"
-local mySCANPORT="$2"
-local mySCANIP="$3"
-local mySCANOPTS="$4"
-
-timeout --foreground ${myTIMEOUT} nmap ${mySCANOPTS} -T4 -v -p ${mySCANPORT} ${mySCANIP} &
-}
-
-# Main
-fuGOTROOT
-fuCHECKDEPS
-fuCHECKFORARGS
-
-echo "Starting scans ..."
-echo "$myMEDPOTPACKET" | nc "$myHOST" 2575 &
-curl -XGET "http://$myHOST:9200/logstash-*/_search" &
-curl -XPOST -H "Content-Type: application/json" -d '{"name":"test","email":"test@test.com"}' "http://$myHOST:9200/test" &
-echo "�I20100" | timeout --foreground 3 nc "$myHOST" 10001 &
-findscu -P -k PatientName="*" $myHOST 11112 &
-getscu -P -k PatientName="*" $myHOST 11112 &
-telnet $myHOST 3299 &
-fuSCAN "180" "7,8,102,135,161,1025,1080,5000,9200" "$myHOST" "-sC -sS -sU -sV"
-fuSCAN "180" "2048,4096,5432" "$myHOST" "-sC -sS -sU -sV --version-light"
-fuSCAN "120" "20,21" "$myHOST" "--script=ftp* -sC -sS -sV"
-fuSCAN "120" "22" "$myHOST" "--script=ssh2-enum-algos,ssh-auth-methods,ssh-hostkey,ssh-publickey-acceptance,sshv1 -sC -sS -sV"
-fuSCAN "30" "22" "$myHOST" "--script=ssh-brute"
-fuSCAN "120" "23,2323,2324" "$myHOST" "--script=telnet-encryption,telnet-ntlm-info -sC -sS -sV --version-light"
-fuSCAN "120" "25" "$myHOST" "--script=smtp* -sC -sS -sV"
-fuSCAN "180" "42" "$myHOST" "-sC -sS -sV"
-fuSCAN "120" "69" "$myHOST" "--script=tftp-enum -sU"
-fuSCAN "120" "80,81,8080,8443" "$myHOST" "-sC -sS -sV"
-fuSCAN "120" "110,995" "$myHOST" "--script=pop3-capabilities,pop3-ntlm-info -sC -sS -sV --version-light"
-fuSCAN "30" "110,995" "$myHOST" "--script=pop3-brute -sS"
-fuSCAN "120" "143,993" "$myHOST" "--script=imap-capabilities,imap-ntlm-info -sC -sS -sV --version-light"
-fuSCAN "30" "143,993" "$myHOST" "--script=imap-brute -sS"
-fuSCAN "240" "445" "$myHOST" "--script=smb-vuln* -sS -sU"
-fuSCAN "120" "502" "$myHOST" "--script=modbus-discover -sS -sU"
-fuSCAN "120" "623" "$myHOST" "--script=ipmi-cipher-zero,ipmi-version,supermicro-ipmi -sS -sU"
-fuSCAN "30" "623" "$myHOST" "--script=ipmi-brute -sS -sU"
-fuSCAN "120" "1433" "$myHOST" "--script=ms-sql* -sS"
-fuSCAN "120" "1723" "$myHOST" "--script=pptp-version -sS"
-fuSCAN "120" "1883" "$myHOST" "--script=mqtt-subscribe -sS"
-fuSCAN "120" "2404" "$myHOST" "--script=iec-identify -sS"
-fuSCAN "120" "3306" "$myHOST" "--script=mysql-vuln* -sC -sS -sV"
-fuSCAN "120" "3389" "$myHOST" "--script=rdp* -sC -sS -sV"
-fuSCAN "120" "5000" "$myHOST" "--script=*upnp* -sS -sU"
-fuSCAN "120" "5060,5061" "$myHOST" "--script=sip-call-spoof,sip-enum-users,sip-methods -sS -sU"
-fuSCAN "120" "5900" "$myHOST" "--script=vnc-info,vnc-title,realvnc-auth-bypass -sS"
-fuSCAN "120" "27017" "$myHOST" "--script=mongo* -sS"
-fuSCAN "120" "47808" "$myHOST" "--script=bacnet* -sS"
-wait
-reset
-echo "Done."
diff --git a/_deprecated/bin/deprecated/import_kibana-objects.sh b/_deprecated/bin/deprecated/import_kibana-objects.sh
deleted file mode 100755
index cf5a6aa0..00000000
--- a/_deprecated/bin/deprecated/import_kibana-objects.sh
+++ /dev/null
@@ -1,126 +0,0 @@
-#!/bin/bash
-# Import Kibana objects
-# Make sure ES is available
-myES="http://127.0.0.1:64298/"
-myKIBANA="http://127.0.0.1:64296/"
-myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
-if ! [ "$myESSTATUS" = "1" ]
- then
- echo "### Elasticsearch is not available, try starting via 'systemctl start tpot'."
- exit
- else
- echo "### Elasticsearch is available, now continuing."
- echo
-fi
-
-# Set vars
-myDUMP=$1
-myCOL1="�[0;34m"
-myCOL0="�[0;0m"
-
-# Let's ensure normal operation on exit or if interrupted ...
-function fuCLEANUP {
- rm -rf patterns/ dashboards/ visualizations/ searches/ configs/
-}
-trap fuCLEANUP EXIT
-
-# Check if parameter is given and file exists
-if [ "$myDUMP" = "" ];
- then
- echo $myCOL1"### Please provide a backup file name."$myCOL0
- echo $myCOL1"### import_kibana-objects.sh "$myCOL0
- echo
- exit
-fi
-if ! [ -a $myDUMP ];
- then
- echo $myCOL1"### File not found."$myCOL0
- exit
-fi
-
-# Unpack tar
-tar xvfz $myDUMP > /dev/null
-
-# Restore index patterns
-myINDEXID=$(ls patterns/*.json | cut -c 10- | rev | cut -c 6- | rev)
-myINDEXCOUNT=$(cat patterns/$myINDEXID.json | tr '\\' '\n' | grep -E "scripted|url" | wc -w)
-echo $myCOL1"### Now importing"$myCOL0 $myINDEXCOUNT $myCOL1"index pattern fields." $myCOL0
-curl -s -XDELETE ''$myKIBANA'api/saved_objects/index-pattern/logstash-*' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null
-curl -s -XDELETE ''$myKIBANA'api/saved_objects/index-pattern/'$myINDEXID'' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null
-curl -s -XPOST ''$myKIBANA'api/saved_objects/index-pattern/'$myINDEXID'' -H "Content-Type: application/json" -H "kbn-xsrf: true" -d @patterns/$myINDEXID.json > /dev/null &
-echo
-
-# Restore dashboards
-myDASHBOARDS=$(ls dashboards/*.json | cut -c 12- | rev | cut -c 6- | rev)
-echo $myCOL1"### Now importing "$myCOL0$(echo $myDASHBOARDS | wc -w)$myCOL1 "dashboards." $myCOL0
-for i in $myDASHBOARDS;
- do
- curl -s -XDELETE ''$myKIBANA'api/saved_objects/dashboard/'$i'' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null &
- done;
-wait
-for i in $myDASHBOARDS;
- do
- echo $myCOL1"###### "$i $myCOL0
- curl -s -XPOST ''$myKIBANA'api/saved_objects/dashboard/'$i'' -H "Content-Type: application/json" -H "kbn-xsrf: true" -d @dashboards/$i.json > /dev/null &
- done;
-wait
-echo
-
-# Restore visualizations
-myVISUALIZATIONS=$(ls visualizations/*.json | cut -c 16- | rev | cut -c 6- | rev)
-echo $myCOL1"### Now importing "$myCOL0$(echo $myVISUALIZATIONS | wc -w)$myCOL1 "visualizations." $myCOL0
-for i in $myVISUALIZATIONS;
- do
- curl -s -XDELETE ''$myKIBANA'api/saved_objects/visualization/'$i'' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null &
- done;
-wait
-for i in $myVISUALIZATIONS;
- do
- echo $myCOL1"###### "$i $myCOL0
- curl -s -XPOST ''$myKIBANA'api/saved_objects/visualization/'$i'' -H "Content-Type: application/json" -H "kbn-xsrf: true" -d @visualizations/$i.json > /dev/null &
- done;
-wait
-echo
-
-# Restore searches
-mySEARCHES=$(ls searches/*.json | cut -c 10- | rev | cut -c 6- | rev)
-echo $myCOL1"### Now importing "$myCOL0$(echo $mySEARCHES | wc -w)$myCOL1 "searches." $myCOL0
-for i in $mySEARCHES;
- do
- curl -s -XDELETE ''$myKIBANA'api/saved_objects/search/'$i'' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null &
- done;
-wait
-for i in $mySEARCHES;
- do
- echo $myCOL1"###### "$i $myCOL0
- curl -s -XPOST ''$myKIBANA'api/saved_objects/search/'$i'' -H "Content-Type: application/json" -H "kbn-xsrf: true" -d @searches/$i.json > /dev/null &
- done;
-echo
-wait
-
-# Restore configs
-myCONFIGS=$(ls configs/*.json | cut -c 9- | rev | cut -c 6- | rev)
-echo $myCOL1"### Now importing "$myCOL0$(echo $myCONFIGS | wc -w)$myCOL1 "configs." $myCOL0
-for i in $myCONFIGS;
- do
- curl -s -XDELETE ''$myKIBANA'api/saved_objects/configs/'$i'' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null &
- done;
-wait
-for i in $myCONFIGS;
- do
- echo $myCOL1"###### "$i $myCOL0
- curl -s -XPOST ''$myKIBANA'api/saved_objects/configs/'$i'' -H "Content-Type: application/json" -H "kbn-xsrf: true" -d @configs/$i.json > /dev/null &
- done;
-echo
-wait
-
-# Stats
-echo
-echo $myCOL1"### Statistics"
-echo $myCOL1"###### Imported"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0
-echo $myCOL1"###### Imported"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0
-echo $myCOL1"###### Imported"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0
-echo $myCOL1"###### Imported"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0
-echo $myCOL1"###### Imported"$myCOL0 $(echo $myCONFIGS | wc -w) $myCOL1"configs." $myCOL0
-echo
-
diff --git a/_deprecated/bin/dps.sh b/_deprecated/bin/dps.sh
deleted file mode 100755
index b5969435..00000000
--- a/_deprecated/bin/dps.sh
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/bin/bash
-
-# Run as root only.
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
- then
- echo "Need to run as root ..."
- exit
-fi
-
-myPARAM="$1"
-if [[ $myPARAM =~ ^([1-9]|[1-9][0-9]|[1-9][0-9][0-9])$ ]];
- then
- watch --color -n $myPARAM "$0"
- exit
-fi
-
-# Show current status of T-Pot containers
-myCONTAINERS="$(cat /opt/tpot/etc/tpot.yml | grep -v '#' | grep container_name | cut -d: -f2 | sort | tr -d " ")"
-myRED="�[1;31m"
-myGREEN="�[1;32m"
-myBLUE="�[1;34m"
-myWHITE="�[0;0m"
-myMAGENTA="�[1;35m"
-
-# Blackhole Status
-myBLACKHOLE_STATUS=$(ip r | grep "blackhole" -c)
-if [ "$myBLACKHOLE_STATUS" -gt "500" ];
- then
- myBLACKHOLE_STATUS="${myGREEN}ENABLED"
- else
- myBLACKHOLE_STATUS="${myRED}DISABLED"
-fi
-
-function fuGETTPOT_STATUS {
-# T-Pot Status
-myTPOT_STATUS=$(systemctl status tpot | grep "Active" | awk '{ print $2 }')
-if [ "$myTPOT_STATUS" == "active" ];
- then
- echo "${myGREEN}ACTIVE"
- else
- echo "${myRED}INACTIVE"
-fi
-}
-
-function fuGETSTATUS {
-grc --colour=on docker ps -f status=running -f status=exited --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep -v "NAME" | sort
-}
-
-function fuGETSYS {
-printf "[ ========| System |======== ]\n"
-printf "${myBLUE}%+11s ${myWHITE}%-20s\n" "DATE: " "$(date)"
-printf "${myBLUE}%+11s ${myWHITE}%-20s\n" "UPTIME: " "$(grc --colour=on uptime)"
-printf "${myMAGENTA}%+11s %-20s\n" "T-POT: " "$(fuGETTPOT_STATUS)"
-printf "${myMAGENTA}%+11s %-20s\n" "BLACKHOLE: " "$myBLACKHOLE_STATUS${myWHITE}"
-echo
-}
-
- myDPS=$(fuGETSTATUS)
- myDPSNAMES=$(echo "$myDPS" | awk '{ print $1 }' | sort)
- fuGETSYS
- printf "%-21s %-28s %s\n" "NAME" "STATUS" "PORTS"
- if [ "$myDPS" != "" ];
- then
- echo "$myDPS"
- fi
- for i in $myCONTAINERS; do
- myAVAIL=$(echo "$myDPSNAMES" | grep -o "$i" | uniq | wc -l)
- if [ "$myAVAIL" = "0" ];
- then
- printf "%-28s %-28s\n" "$myRED$i" "DOWN$myWHITE"
- fi
- done
diff --git a/_deprecated/bin/dump_es.sh b/_deprecated/bin/dump_es.sh
deleted file mode 100755
index a6e17895..00000000
--- a/_deprecated/bin/dump_es.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#/bin/bash
-# Dump all ES data
-# Make sure ES is available
-myES="http://127.0.0.1:64298/"
-myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c "green\|yellow")
-if ! [ "$myESSTATUS" = "1" ]
- then
- echo "### Elasticsearch is not available, try starting via 'systemctl start tpot'."
- exit
- else
- echo "### Elasticsearch is available, now continuing."
- echo
-fi
-
-# Let's ensure normal operation on exit or if interrupted ...
-function fuCLEANUP {
- rm -rf tmp
-}
-trap fuCLEANUP EXIT
-
-# Set vars
-myDATE=$(date +%Y%m%d%H%M)
-myINDICES=$(curl -s -XGET ''$myES'_cat/indices/logstash-*' | awk '{ print $3 }' | sort | grep -v 1970)
-myINDICES+=" .kibana"
-myCOL1="�[0;34m"
-myCOL0="�[0;0m"
-
-# Dumping Kibana and Logstash data
-echo $myCOL1"### The following indices will be dumped: "$myCOL0
-echo $myINDICES
-echo
-
-mkdir tmp
-for i in $myINDICES;
- do
- echo $myCOL1"### Now dumping: "$i $myCOL0
- elasticdump --input=$myES$i --output="tmp/"$i --limit 7500
- echo $myCOL1"### Now compressing: tmp/$i" $myCOL0
- gzip -f "tmp/"$i
- done;
-
-# Build tar archive
-echo $myCOL1"### Now building tar archive: es_dump_"$myDATE".tgz" $myCOL0
-tar cvf es_dump_$myDATE.tar tmp/.
-echo $myCOL1"### Done."$myCOL0
diff --git a/_deprecated/bin/hpfeeds_optin.sh b/_deprecated/bin/hpfeeds_optin.sh
deleted file mode 100755
index b3821522..00000000
--- a/_deprecated/bin/hpfeeds_optin.sh
+++ /dev/null
@@ -1,134 +0,0 @@
-#!/bin/bash
-
-# Run as root only.
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
- then
- echo "Need to run as root ..."
- exit
-fi
-
-myTPOTYMLFILE="/opt/tpot/etc/tpot.yml"
-
-function fuGENERIC () {
-echo
-echo "You chose generic, please provide all the details of the broker"
-echo
-myENABLE="true"
-read -p "Host URL: " myHOST
-read -p "Port: " myPORT
-read -p "Channel: " myCHANNEL
-echo "For generic providers set this to 'false'"
-echo "If you received a CA certficate mount it into the ewsposter container by modifying $myTPOTYMLFILE"
-read -p "TLS - 'false' or path to CA in container: " myCERT
-read -p "Ident: " myIDENT
-read -p "Secret: " mySECRET
-read -p "Format ews (xml) or json: " myFORMAT
-}
-
-function fuOPTOUT () {
-echo
-while [ 1 != 2 ]
- do
- read -s -n 1 -p "You chose to opt out (y/n)? " mySELECT
- echo $mySELECT
- case "$mySELECT" in
- [y,Y])
- echo "Opt out."
- break
- ;;
- [n,N])
- echo "Aborted."
- exit
- ;;
- esac
-done
-myENABLE="false"
-myHOST="host"
-myPORT="port"
-myCHANNEL="channels"
-myCERT="false"
-myIDENT="user"
-mySECRET="secret"
-myFORMAT="json"
-}
-
-function fuWRITETOFILE () {
-if [ -f '/data/ews/conf/hpfeeds.cfg' ]; then
- echo "Creating backup of current config in /data/ews/conf/hpfeeds.cfg.old"
- mv /data/ews/conf/hpfeeds.cfg /data/ews/conf/hpfeeds.cfg.old
-fi
-echo "Storing new config in /data/ews/conf/hpfeeds.cfg"
-cat >> /data/ews/conf/hpfeeds.cfg <"
- echo
- exit
-fi
-}
-
-function fuGETPORTS {
-myDOCKERCOMPOSEUDPPORTS=$(cat $myDOCKERCOMPOSEYML | grep "udp" | tr -d '"\|#\-' | cut -d ":" -f2 | cut -d "/" -f1 | sort -gu)
-myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ' | sed -e s/^:// | cut -f1 -d ':' | grep -v "6429\|6430" | sort -gu)
-myUDPPORTS=$(for i in $myDOCKERCOMPOSEUDPPORTS; do echo -n "U:$i,"; done)
-myPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo -n "T:$i,"; done)
-}
-
-# Main
-fuGETPORTS
-fuGOTROOT
-fuCHECKDEPS
-fuCHECKFORARGS
-echo
-echo "Starting scan on all UDP / TCP ports defined in /opt/tpot/etc/tpot.yml ..."
-nmap -sV -sC -v -p $myPORTS $1 &
-nmap -sU -sV -sC -v -p $myUDPPORTS $1 &
-echo
-wait
-echo "Done."
-echo
-
diff --git a/_deprecated/bin/myip.sh b/_deprecated/bin/myip.sh
deleted file mode 100755
index e464b421..00000000
--- a/_deprecated/bin/myip.sh
+++ /dev/null
@@ -1,103 +0,0 @@
-#!/bin/bash
-
-## Get my external IP
-
-timeout=2 # seconds to wait for a reply before trying next server
-verbose=1 # prints which server was used to STDERR
-
-dnslist=(
- "dig +short myip.opendns.com @resolver1.opendns.com"
- "dig +short myip.opendns.com @resolver2.opendns.com"
- "dig +short myip.opendns.com @resolver3.opendns.com"
- "dig +short myip.opendns.com @resolver4.opendns.com"
- "dig +short -4 -t a whoami.akamai.net @ns1-1.akamaitech.net"
- "dig +short whoami.akamai.net @ns1-1.akamaitech.net"
-)
-
-httplist=(
- alma.ch/myip.cgi
- api.infoip.io/ip
- api.ipify.org
- bot.whatismyipaddress.com
- canhazip.com
- checkip.amazonaws.com
- eth0.me
- icanhazip.com
- ident.me
- ipecho.net/plain
- ipinfo.io/ip
- ipof.in/txt
- ip.tyk.nu
- l2.io/ip
- smart-ip.net/myip
- wgetip.com
- whatismyip.akamai.com
-)
-
-# function to check for valid ip
-function valid_ip()
-{
- local ip=$1
- local stat=1
-
- if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
- OIFS=$IFS
- IFS='.'
- ip=($ip)
- IFS=$OIFS
- [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
- && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
- stat=$?
- fi
- return $stat
-}
-
-# function to shuffle the global array "array"
-shuffle() {
- local i tmp size max rand
- size=${#array[*]}
- max=$(( 32768 / size * size ))
- for ((i=size-1; i>0; i--)); do
- while (( (rand=$RANDOM) >= max )); do :; done
- rand=$(( rand % (i+1) ))
- tmp=${array[i]} array[i]=${array[rand]} array[rand]=$tmp
- done
-}
-# if we have dig and a list of dns methods, try that first
-if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then
- eval array=( \"\${dnslist[@]}\" )
- shuffle
- for cmd in "${array[@]}"; do
- [ "$verbose" == 1 ] && echo Trying: $cmd 1>&2
- ip=$(timeout $timeout $cmd)
- if [ -n "$ip" ]; then
- if valid_ip $ip; then
- echo $ip
- exit
- fi
- fi
- done
-fi
-# if we haven't succeeded with DNS, try HTTP
-if [ ${#httplist[*]} == 0 ]; then
- echo "No hosts in httplist array!" >&2
- exit 1
-fi
-# use curl or wget, depending on which one we find
-curl_or_wget=$(if hash curl 2>/dev/null; then echo "curl -s"; elif hash wget 2>/dev/null; then echo "wget -qO-"; fi);
-if [ -z "$curl_or_wget" ]; then
- echo "Neither curl nor wget found. Cannot use http method." >&2
- exit 1
-fi
-eval array=( \"\${httplist[@]}\" )
-shuffle
-for url in "${array[@]}"; do
- [ "$verbose" == 1 ] && echo Trying: $curl_or_wget "$url" 1>&2
- ip=$(timeout $timeout $curl_or_wget "$url")
- if [ -n "$ip" ]; then
- if valid_ip $ip; then
- echo $ip
- exit
- fi
- fi
-done
diff --git a/_deprecated/bin/mytopips.sh b/_deprecated/bin/mytopips.sh
deleted file mode 100755
index e343ff02..00000000
--- a/_deprecated/bin/mytopips.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-# Make sure ES is available
-myES="http://127.0.0.1:64298/"
-myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
-if ! [ "$myESSTATUS" = "1" ]
- then
- echo "### Elasticsearch is not available, try starting via 'systemctl start elk'."
- exit 1
- else
- echo "### Elasticsearch is available, now continuing."
- echo
-fi
-
-function fuMYTOPIPS {
-curl -s -XGET $myES"_search" -H 'Content-Type: application/json' -d'
-{
- "aggs": {
- "ips": {
- "terms": { "field": "src_ip.keyword", "size": 100 }
- }
- },
- "size" : 0
-}'
-}
-
-echo "### Aggregating top 100 source IPs in ES"
-fuMYTOPIPS | jq '.aggregations.ips.buckets[].key' | tr -d '"'
diff --git a/_deprecated/bin/restore_es.sh b/_deprecated/bin/restore_es.sh
deleted file mode 100755
index ffc5f031..00000000
--- a/_deprecated/bin/restore_es.sh
+++ /dev/null
@@ -1,95 +0,0 @@
-#/bin/bash
-# Restore folder based ES backup
-# Make sure ES is available
-myES="http://127.0.0.1:64298/"
-myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c "green\|yellow")
-if ! [ "$myESSTATUS" = "1" ]
- then
- echo "### Elasticsearch is not available, try starting via 'systemctl start tpot'."
- exit
- else
- echo "### Elasticsearch is available, now continuing."
-fi
-
-# Let's ensure normal operation on exit or if interrupted ...
-function fuCLEANUP {
- rm -rf tmp
-}
-trap fuCLEANUP EXIT
-
-# Set vars
-myDUMP=$1
-myCOL1="�[0;34m"
-myCOL0="�[0;0m"
-
-# Check if parameter is given and file exists
-if [ "$myDUMP" = "" ];
- then
- echo $myCOL1"### Please provide a backup file name."$myCOL0
- echo $myCOL1"### restore-elk.sh "$myCOL0
- echo
- exit
-fi
-if ! [ -a $myDUMP ];
- then
- echo $myCOL1"### File not found."$myCOL0
- exit
-fi
-
-# Unpack tar archive
-echo $myCOL1"### Now unpacking tar archive: "$myDUMP $myCOL0
-tar xvf $myDUMP
-
-# Build indices list
-myINDICES="$(ls tmp/logstash*.gz | cut -c 5- | rev | cut -c 4- | rev)"
-myINDICES+=" .kibana"
-echo $myCOL1"### The following indices will be restored: "$myCOL0
-echo $myINDICES
-echo
-
-# Force single seat template for everything
-echo -n $myCOL1"### Forcing single seat template: "$myCOL0
-curl -s XPUT ''$myES'_template/.*' -H 'Content-Type: application/json' -d'
-{ "index_patterns": ".*",
- "order": 1,
- "settings":
- {
- "number_of_shards": 1,
- "number_of_replicas": 0
- }
-}'
-echo
-
-# Set logstash template
-echo -n $myCOL1"### Setting up logstash template: "$myCOL0
-curl -s XPUT ''$myES'_template/logstash' -H 'Content-Type: application/json' -d'
-{
- "index_patterns": "logstash-*",
- "settings" : {
- "index" : {
- "number_of_shards": 1,
- "number_of_replicas": 0,
- "mapping" : {
- "total_fields" : {
- "limit" : "2000"
- }
- }
- }
- }
-}'
-echo
-
-# Restore indices
-curl -s -X DELETE ''$myES'.kibana*' > /dev/null
-for i in $myINDICES;
- do
- # Delete index if it already exists
- curl -s -X DELETE $myES$i > /dev/null
- echo $myCOL1"### Now uncompressing: tmp/$i.gz" $myCOL0
- gunzip -f tmp/$i.gz
- # Restore index to ES
- echo $myCOL1"### Now restoring: "$i $myCOL0
- elasticdump --input=tmp/$i --output=$myES$i --limit 7500
- rm tmp/$i
- done;
-echo $myCOL1"### Done."$myCOL0
diff --git a/_deprecated/bin/rules.sh b/_deprecated/bin/rules.sh
deleted file mode 100755
index c4a964da..00000000
--- a/_deprecated/bin/rules.sh
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/bin/bash
-
-### Vars, Ports for Standard services
-myHOSTPORTS="7634 64294 64295 64297 64304"
-myDOCKERCOMPOSEYML="$1"
-myRULESFUNCTION="$2"
-
-function fuCHECKFORARGS {
-### Check if args are present, if not throw error
-
-if [ "$myDOCKERCOMPOSEYML" != "" ] && ([ "$myRULESFUNCTION" == "set" ] || [ "$myRULESFUNCTION" == "unset" ]);
- then
- echo "All arguments met. Continuing."
- else
- echo "Usage: rules.sh <[set, unset]>"
- exit
-fi
-}
-
-function fuNFQCHECK {
-### Check if honeytrap or glutton is actively enabled in docker-compose.yml
-
-myNFQCHECK=$(grep -e '^\s*honeytrap:\|^\s*glutton:' $myDOCKERCOMPOSEYML | tr -d ': ' | uniq)
-if [ "$myNFQCHECK" == "" ];
- then
- echo "No NFQ related honeypot detected, no iptables-legacy rules needed. Exiting."
- exit
- else
- echo "Detected $myNFQCHECK as NFQ based honeypot, iptables-legacy rules needed. Continuing."
-fi
-}
-
-function fuGETPORTS {
-### Get ports from docker-compose.yml
-
-myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ' | sed -e s/^:// | cut -f1 -d ':' )
-myDOCKERCOMPOSEPORTS+=" $myHOSTPORTS"
-myRULESPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo $i; done | sort -gu)
-echo "Setting up / removing these ports:"
-echo "$myRULESPORTS"
-}
-
-function fuSETRULES {
-### Setting up iptables-legacy rules for honeytrap
-if [ "$myNFQCHECK" == "honeytrap" ];
- then
- /usr/sbin/iptables-legacy -w -A INPUT -s 127.0.0.1 -j ACCEPT
- /usr/sbin/iptables-legacy -w -A INPUT -d 127.0.0.1 -j ACCEPT
-
- for myPORT in $myRULESPORTS; do
- /usr/sbin/iptables-legacy -w -A INPUT -p tcp --dport $myPORT -j ACCEPT
- done
-
- /usr/sbin/iptables-legacy -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
-fi
-
-### Setting up iptables-legacy rules for glutton
-if [ "$myNFQCHECK" == "glutton" ];
- then
- /usr/sbin/iptables-legacy -w -t raw -A PREROUTING -s 127.0.0.1 -j ACCEPT
- /usr/sbin/iptables-legacy -w -t raw -A PREROUTING -d 127.0.0.1 -j ACCEPT
-
- for myPORT in $myRULESPORTS; do
- /usr/sbin/iptables-legacy -w -t raw -A PREROUTING -p tcp --dport $myPORT -j ACCEPT
- done
- # No need for NFQ forwarding, such rules are set up by glutton
-fi
-}
-
-function fuUNSETRULES {
-### Removing iptables-legacy rules for honeytrap
-if [ "$myNFQCHECK" == "honeytrap" ];
- then
- /usr/sbin/iptables-legacy -w -D INPUT -s 127.0.0.1 -j ACCEPT
- /usr/sbin/iptables-legacy -w -D INPUT -d 127.0.0.1 -j ACCEPT
-
- for myPORT in $myRULESPORTS; do
- /usr/sbin/iptables-legacy -w -D INPUT -p tcp --dport $myPORT -j ACCEPT
- done
-
- /usr/sbin/iptables-legacy -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
-fi
-
-### Removing iptables-legacy rules for glutton
-if [ "$myNFQCHECK" == "glutton" ];
- then
- /usr/sbin/iptables-legacy -w -t raw -D PREROUTING -s 127.0.0.1 -j ACCEPT
- /usr/sbin/iptables-legacy -w -t raw -D PREROUTING -d 127.0.0.1 -j ACCEPT
-
- for myPORT in $myRULESPORTS; do
- /usr/sbin/iptables-legacy -w -t raw -D PREROUTING -p tcp --dport $myPORT -j ACCEPT
- done
- # No need for removing NFQ forwarding, such rules are removed by glutton
-fi
-}
-
-# Main
-fuCHECKFORARGS
-fuNFQCHECK
-fuGETPORTS
-
-if [ "$myRULESFUNCTION" == "set" ];
- then
- fuSETRULES
- else
- fuUNSETRULES
-fi
diff --git a/_deprecated/bin/tpdclean.sh b/_deprecated/bin/tpdclean.sh
deleted file mode 100755
index 7ae50398..00000000
--- a/_deprecated/bin/tpdclean.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-# T-Pot Compose and Container Cleaner
-# Set colors
-myRED="�[0;31m"
-myGREEN="�[0;32m"
-myWHITE="�[0;0m"
-
-# Only run with command switch
-if [ "$1" != "-y" ]; then
- echo $myRED"### WARNING"$myWHITE
- echo ""
- echo $myRED"###### This script is only intended for the tpot.service."$myWHITE
- echo $myRED"###### Run first and then ."$myWHITE
- echo $myRED"###### Be aware, all T-Pot container volumes and images will be removed."$myWHITE
- echo ""
- echo $myRED"### WARNING "$myWHITE
- echo
- exit
-fi
-
-# Remove old containers, images and volumes
-docker-compose -f /opt/tpot/etc/tpot.yml down -v >> /dev/null 2>&1
-docker-compose -f /opt/tpot/etc/tpot.yml rm -v >> /dev/null 2>&1
-docker network rm $(docker network ls -q) >> /dev/null 2>&1
-docker volume rm $(docker volume ls -q) >> /dev/null 2>&1
-docker rm -v $(docker ps -aq) >> /dev/null 2>&1
-docker rmi $(docker images | grep "" | awk '{print $3}') >> /dev/null 2>&1
-docker rmi $(docker images | grep "2203" | awk '{print $3}') >> /dev/null 2>&1
-exit 0
diff --git a/_deprecated/bin/tped.sh b/_deprecated/bin/tped.sh
deleted file mode 100755
index 1eadbdff..00000000
--- a/_deprecated/bin/tped.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-
-# Run as root only.
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
- then
- echo "Need to run as root ..."
- exit
-fi
-
-# set backtitle, get filename
-myBACKTITLE="T-Pot Edition Selection Tool"
-myYMLS=$(cd /opt/tpot/etc/compose/ && ls -1 *.yml)
-myLINK="/opt/tpot/etc/tpot.yml"
-
-# Let's load docker images in parallel
-function fuPULLIMAGES {
-local myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
-for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | uniq)
- do
- docker pull $name &
- done
-wait
-echo
-}
-
-# setup menu
-for i in $myYMLS;
- do
- myITEMS+="$i $(echo $i | cut -d "." -f1 | tr [:lower:] [:upper:]) "
-done
-myEDITION=$(dialog --backtitle "$myBACKTITLE" --menu "Select T-Pot Edition" 18 50 1 $myITEMS 3>&1 1>&2 2>&3 3>&-)
-if [ "$myEDITION" == "" ];
- then
- echo "Have a nice day!"
- exit
-fi
-dialog --backtitle "$myBACKTITLE" --title "[ Activate now? ]" --yesno "\n$myEDITION" 7 50
-myOK=$?
-if [ "$myOK" == "0" ];
- then
- echo "OK - Activating and downloading latest images."
- systemctl stop tpot
- if [ "$(docker ps -aq)" != "" ];
- then
- docker stop $(docker ps -aq)
- docker rm $(docker ps -aq)
- fi
- rm -f $myLINK
- ln -s /opt/tpot/etc/compose/$myEDITION $myLINK
- fuPULLIMAGES
- systemctl start tpot
- echo "Done. Use \"dps.sh\" for monitoring"
- else
- echo "Have a nice day!"
-fi
diff --git a/_deprecated/bin/unlock_es.sh b/_deprecated/bin/unlock_es.sh
deleted file mode 100755
index 606d85eb..00000000
--- a/_deprecated/bin/unlock_es.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#/bin/bash
-# Unlock all ES indices for read / write mode
-# Useful in cases where ES locked all indices after disk quota has been reached
-# Make sure ES is available
-myES="http://127.0.0.1:64298/"
-myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c "green\|yellow")
-if ! [ "$myESSTATUS" = "1" ]
- then
- echo "### Elasticsearch is not available, try starting via 'systemctl start tpot'."
- exit
- else
- echo "### Elasticsearch is available, now continuing."
- echo
-fi
-
-echo "### Trying to unlock all ES indices for read / write operation: "
-curl -XPUT -H "Content-Type: application/json" ''$myES'_all/_settings' -d '{"index.blocks.read_only_allow_delete": null}'
-echo
-
diff --git a/_deprecated/bin/updateip.sh b/_deprecated/bin/updateip.sh
deleted file mode 100755
index c63a3e64..00000000
--- a/_deprecated/bin/updateip.sh
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/bin/bash
-# Let's add the first local ip to the /etc/issue and external ip to ews.ip file
-# If the external IP cannot be detected, the internal IP will be inherited.
-source /etc/environment
-myCHECKIFSENSOR=$(head -n 1 /opt/tpot/etc/tpot.yml | grep "Sensor" | wc -l)
-myUUID=$(lsblk -o MOUNTPOINT,UUID | grep -e "^/ " | awk '{ print $2 }')
-myLOCALIP=$(hostname -I | awk '{ print $1 }')
-myEXTIP=$(/opt/tpot/bin/myip.sh)
-if [ "$myEXTIP" = "" ];
- then
- myEXTIP=$myLOCALIP
- myEXTIP_LAT="49.865835022498125"
- myEXTIP_LONG="8.62606472775735"
- else
- myEXTIP_LOC=$(curl -s ipinfo.io/$myEXTIP/loc)
- myEXTIP_LAT=$(echo "$myEXTIP_LOC" | cut -f1 -d",")
- myEXTIP_LONG=$(echo "$myEXTIP_LOC" | cut -f2 -d",")
-fi
-
-# Load Blackhole routes if enabled
-myBLACKHOLE_FILE1="/etc/blackhole/mass_scanner.txt"
-myBLACKHOLE_FILE2="/etc/blackhole/mass_scanner_cidr.txt"
-if [ -f "$myBLACKHOLE_FILE1" ] || [ -f "$myBLACKHOLE_FILE2" ];
- then
- /opt/tpot/bin/blackhole.sh add
-fi
-
-myBLACKHOLE_STATUS=$(ip r | grep "blackhole" -c)
-if [ "$myBLACKHOLE_STATUS" -gt "500" ];
- then
- myBLACKHOLE_STATUS="| �[1;34mBLACKHOLE: [ �[0;37mENABLED�[1;34m ]�[0m"
- else
- myBLACKHOLE_STATUS="| �[1;34mBLACKHOLE: [ �[1;30mDISABLED�[1;34m ]�[0m"
-fi
-
-mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1)
-
-# Export
-export myUUID
-export myLOCALIP
-export myEXTIP
-export myEXTIP_LAT
-export myEXTIP_LONG
-export myBLACKHOLE_STATUS
-export mySSHUSER
-
-# Build issue
-echo "�[H�[2J" > /etc/issue
-toilet -f ivrit -F metal --filter border:metal "T-Pot 22.04" | sed 's/\\/\\\\/g' >> /etc/issue
-echo >> /etc/issue
-echo ",---- [ �[1;34m\n�[0m ] [ �[0;34m\d�[0m ] [ �[1;30m\t�[0m ]" >> /etc/issue
-echo "|" >> /etc/issue
-echo "| �[1;34mIP: $myLOCALIP ($myEXTIP)�[0m" >> /etc/issue
-echo "| �[0;34mSSH: ssh -l tsec -p 64295 $myLOCALIP�[0m" >> /etc/issue
-if [ "$myCHECKIFSENSOR" == "0" ];
- then
- echo "| �[1;30mWEB: https://$myLOCALIP:64297�[0m" >> /etc/issue
-fi
-echo "| �[0;37mADMIN: https://$myLOCALIP:64294�[0m" >> /etc/issue
-echo "$myBLACKHOLE_STATUS" >> /etc/issue
-echo "|" >> /etc/issue
-echo "\`----" >> /etc/issue
-echo >> /etc/issue
-tee /data/ews/conf/ews.ip << EOF
-[MAIN]
-ip = $myEXTIP
-EOF
-tee /opt/tpot/etc/compose/elk_environment << EOF
-HONEY_UUID=$myUUID
-MY_EXTIP=$myEXTIP
-MY_EXTIP_LAT=$myEXTIP_LAT
-MY_EXTIP_LONG=$myEXTIP_LONG
-MY_INTIP=$myLOCALIP
-MY_HOSTNAME=$HOSTNAME
-EOF
-
-if [ -s "/data/elk/logstash/ls_environment" ];
- then
- source /data/elk/logstash/ls_environment
- tee -a /opt/tpot/etc/compose/elk_environment << EOF
-MY_TPOT_TYPE=$MY_TPOT_TYPE
-MY_SENSOR_PRIVATEKEYFILE=$MY_SENSOR_PRIVATEKEYFILE
-MY_HIVE_USERNAME=$MY_HIVE_USERNAME
-MY_HIVE_IP=$MY_HIVE_IP
-EOF
-fi
-
-chown tpot:tpot /data/ews/conf/ews.ip
-chmod 770 /data/ews/conf/ews.ip
diff --git a/_deprecated/cloud/.gitignore b/_deprecated/cloud/.gitignore
deleted file mode 100644
index f50f50f8..00000000
--- a/_deprecated/cloud/.gitignore
+++ /dev/null
@@ -1,10 +0,0 @@
-# Ansible
-*.retry
-
-# Terraform
-**/.terraform
-**/terraform.*
-
-# OpenStack clouds
-**/clouds.yaml
-**/secure.yaml
diff --git a/_deprecated/cloud/ansible/README.md b/_deprecated/cloud/ansible/README.md
deleted file mode 100644
index 5be6a912..00000000
--- a/_deprecated/cloud/ansible/README.md
+++ /dev/null
@@ -1,257 +0,0 @@
-# T-Pot Ansible
-
-Here you can find a ready-to-use solution for your automated T-Pot deployment using [Ansible](https://www.ansible.com/).
-It consists of an Ansible Playbook with multiple roles, which is reusable for all [OpenStack](https://www.openstack.org/) based clouds (e.g. Open Telekom Cloud, Orange Cloud, Telefonica Open Cloud, OVH) out of the box.
-Apart from that you can easily adapt the deploy role to use other [cloud providers](https://docs.ansible.com/ansible/latest/scenario_guides/cloud_guides.html). Check out [Ansible Galaxy](https://galaxy.ansible.com/search?keywords=&order_by=-relevance&page=1&deprecated=false&type=collection&tags=cloud) for more cloud collections.
-
-The Playbook first creates all resources (security group, network, subnet, router), deploys one (or more) new servers and then installs and configures T-Pot on them.
-
-This example showcases the deployment on our own OpenStack based Public Cloud Offering [Open Telekom Cloud](https://open-telekom-cloud.com/en).
-
-# Table of contents
-- [Preparation of Ansible Master](#ansible-master)
- - [Ansible Installation](#ansible)
- - [OpenStack Collection Installation](#collection)
- - [Agent Forwarding](#agent-forwarding)
-- [Preparations in Open Telekom Cloud Console](#preparation)
- - [Create new project](#project)
- - [Create API user](#api-user)
- - [Import Key Pair](#key-pair)
-- [Clone Git Repository](#clone-git)
-- [Settings and recommended values](#settings)
- - [clouds.yaml](#clouds-yaml)
- - [Ansible remote user](#remote-user)
- - [Number of instances to deploy](#number)
- - [Instance settings](#instance-settings)
- - [User password](#user-password)
- - [Configure `tpot.conf.dist`](#tpot-conf)
- - [Optional: Custom `ews.cfg`](#ews-cfg)
- - [Optional: Custom HPFEEDS](#hpfeeds)
-- [Deploying a T-Pot](#deploy)
-- [Further documentation](#documentation)
-
-
-# Preparation of Ansible Master
-You can either run the Ansible Playbook locally on your Linux or macOS machine or you can use an ECS (Elastic Cloud Server) on Open Telekom Cloud, which I did.
-I used Ubuntu 18.04 for my Ansible Master Server, but other OSes are fine too.
-Ansible works over the SSH Port, so you don't have to add any special rules to your Security Group.
-
-
-## Ansible Installation
-:warning: Ansible 2.10 or newer is required!
-
-Example for Ubuntu 18.04:
-
-At first we update the system:
-`sudo apt update`
-`sudo apt dist-upgrade`
-
-Then we need to add the repository and install Ansible:
-`sudo apt-add-repository --yes --update ppa:ansible/ansible`
-`sudo apt install ansible`
-
-For other OSes and Distros have a look at the official [Ansible Documentation](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html).
-
-If your OS does not offer a recent version of Ansible (>= 2.10) you should consider [installing Ansible with pip](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-with-pip).
-In short (if you already have Python3/pip3 installed):
-```
-pip3 install ansible
-```
-
-
-## OpenStack Collection Installation
-For interacting with OpenStack resources in Ansible, you need to install the collection from Ansible Galaxy:
-`ansible-galaxy collection install openstack.cloud`
-
-
-## Agent Forwarding
-If you run the Ansible Playbook remotely on your Ansible Master Server, Agent Forwarding must be enabled in order to let Ansible connect to newly created machines.
-- On Linux or macOS:
- - Create or edit `~/.ssh/config`
- ```
- Host ANSIBLE_MASTER_IP
- ForwardAgent yes
- ```
-- On Windows using Putty:
-
-
-
-# Preparations in Open Telekom Cloud Console
-(You can skip this if you have already set up a project and an API account with key pair)
-(Just make sure you know the naming for everything, as you need to configure the Ansible variables.)
-
-Before we can start deploying, we have to prepare the Open Telekom Cloud tenant.
-For that, go to the [Web Console](https://auth.otc.t-systems.com/authui/login) and log in with an admin user.
-
-
-## Create new project
-I strongly advise you to create a separate project for the T-Pots in your tenant.
-In my case I named it `tpot`.
-
-
-
-
-## Create API user
-The next step is to create a new user account, which is restricted to the project.
-This ensures that the API access is limited to that project.
-
-
-
-
-## Import Key Pair
-:warning: Now log in with the newly created API user account and select your project.
-
-
-
-Import your SSH public key.
-
-
-
-
-
-# Clone Git Repository
-Clone the `tpotce` repository to your Ansible Master:
-`git clone https://github.com/telekom-security/tpotce.git`
-All Ansible related files are located in the [`cloud/ansible/openstack`](openstack) folder.
-
-
-# Settings and recommended values
-You can configure all aspects of your Elastic Cloud Server and T-Pot before using the Playbook:
-
-
-## clouds.yaml
-Located at [`openstack/clouds.yaml`](openstack/clouds.yaml).
-Enter your Open Telekom Cloud API user credentials here (username, password, project name, user domain name):
-```
-clouds:
- open-telekom-cloud:
- profile: otc
- auth:
- project_name: eu-de_your_project
- username: your_api_user
- password: your_password
- user_domain_name: OTC-EU-DE-000000000010000XXXXX
-```
-You can also perform different authentication methods like sourcing OpenStack OS_* environment variables or providing an inline dictionary.
-For more information have a look in the [openstack.cloud.server](https://docs.ansible.com/ansible/latest/collections/openstack/cloud/server_module.html) Ansible module documentation.
-
-If you already have your own `clouds.yaml` file or have multiple clouds in there, you can specify which one to use in the `openstack/my_os_cloud.yaml` file:
-```
-# Enter the name of your cloud to use from clouds.yaml
-cloud: open-telekom-cloud
-```
-
-
-## Ansible remote user
-You may have to adjust the `remote_user` in the Ansible Playbook under [`openstack/deploy_tpot.yaml`](openstack/deploy_tpot.yaml) depending on your Debian base image (e.g. on Open Telekom Cloud the default Debian user is `linux`).
-
-
-## Number of instances to deploy
-You can adjust the number of VMs/T-Pots that you want to create in [`openstack/deploy_tpot.yaml`](openstack/deploy_tpot.yaml):
-```
-loop: "{{ range(0, 1) }}"
-```
-One instance is set as the default, increase to your liking.
-
-
-## Instance settings
-Located at [`openstack/roles/create_vm/vars/main.yaml`](openstack/roles/create_vm/vars/main.yaml).
-Here you can customize your virtual machine specifications:
- - Choose an availability zone. For Open Telekom Cloud reference see [here](https://docs.otc.t-systems.com/en-us/endpoint/index.html).
- - Change the OS image (For T-Pot we need Debian)
- - (Optional) Change the volume size
- - Specify your key pair (:warning: Mandatory)
- - (Optional) Change the instance type (flavor)
- `s3.medium.8` corresponds to 1 vCPU and 8GB of RAM and is the minimum required flavor.
- A full list of Open Telekom Cloud flavors can be found [here](https://docs.otc.t-systems.com/en-us/usermanual/ecs/en-us_topic_0177512565.html).
-
-```
-availability_zone: eu-de-03
-image: Standard_Debian_10_latest
-volume_size: 128
-key_name: your-KeyPair
-flavor: s3.medium.8
-```
-
-
-## User password
-Located at [`openstack/roles/install/vars/main.yaml`](openstack/roles/install/vars/main.yaml).
-Here you can set the password for your Debian user (**you should definitely change that**).
-```
-user_password: LiNuXuSeRPaSs#
-```
-
-
-## Configure `tpot.conf.dist`
-The file is located in [`iso/installer/tpot.conf.dist`](/iso/installer/tpot.conf.dist).
-Here you can choose:
- - between the various T-Pot editions
- - a username for the web interface
- - a password for the web interface (**you should definitely change that**)
-
-
-## Optional: Custom `ews.cfg`
-Enable this by uncommenting the role in the [deploy_tpot.yaml](openstack/deploy_tpot.yaml) playbook.
-```
-# - custom_ews
-```
-
-You can use a custom config file for `ewsposter`.
-e.g. when you have your own credentials for delivering data to our [Sicherheitstacho](https://sicherheitstacho.eu/start/main).
-You can find the `ews.cfg` template file here: [`openstack/roles/custom_ews/templates/ews.cfg`](openstack/roles/custom_ews/templates/ews.cfg) and adapt it for your needs.
-
-For setting custom credentials, these settings would be relevant for you (the rest of the file can stay as is):
-```
-[MAIN]
-...
-contact = your_email_address
-...
-
-[EWS]
-...
-username = your_username
-token = your_token
-...
-```
-
-
-## Optional: Custom HPFEEDS
-Enable this by uncommenting the role in the [deploy_tpot.yaml](openstack/deploy_tpot.yaml) playbook.
-```
-# - custom_hpfeeds
-```
-
-You can specify custom HPFEEDS in [`openstack/roles/custom_hpfeeds/files/hpfeeds.cfg`](openstack/roles/custom_hpfeeds/files/hpfeeds.cfg).
-That file contains the defaults (turned off) and you can adapt it for your needs, e.g. for SISSDEN:
-```
-myENABLE=true
-myHOST=hpfeeds.sissden.eu
-myPORT=10000
-myCHANNEL=t-pot.events
-myCERT=/opt/ewsposter/sissden.pem
-myIDENT=your_user
-mySECRET=your_secret
-myFORMAT=json
-```
-
-
-# Deploying a T-Pot :honey_pot::honeybee:
-Now, after configuring everything, we can finally start deploying T-Pots!
-
-Go to the [`openstack`](openstack) folder and run the Ansible Playbook with:
-`ansible-playbook deploy_tpot.yaml`
-(Yes, it is as easy as that :smile:)
-
-If you are running on a machine which asks for a sudo password, you can use:
-`ansible-playbook --ask-become-pass deploy_tpot.yaml`
-
-The Playbook will first install required packages on the Ansible Master and then deploy one (or more) new server instances.
-After that, T-Pot gets installed and configured on them, optionally custom configs are applied and finally it reboots.
-
-Once this is done, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/telekom-security/tpotce#ssh-and-web-access).
-
-
-# Further documentation
-- [Ansible Documentation](https://docs.ansible.com/ansible/latest/)
-- [openstack.cloud.server β Create/Delete Compute Instances from OpenStack](https://docs.ansible.com/ansible/latest/collections/openstack/cloud/server_module.html)
-- [Open Telekom Cloud Help Center](https://docs.otc.t-systems.com/)
diff --git a/_deprecated/cloud/ansible/doc/otc_1_project.gif b/_deprecated/cloud/ansible/doc/otc_1_project.gif
deleted file mode 100644
index 3c97d353..00000000
Binary files a/_deprecated/cloud/ansible/doc/otc_1_project.gif and /dev/null differ
diff --git a/_deprecated/cloud/ansible/doc/otc_2_user.gif b/_deprecated/cloud/ansible/doc/otc_2_user.gif
deleted file mode 100644
index 15bc12f7..00000000
Binary files a/_deprecated/cloud/ansible/doc/otc_2_user.gif and /dev/null differ
diff --git a/_deprecated/cloud/ansible/doc/otc_3_login.gif b/_deprecated/cloud/ansible/doc/otc_3_login.gif
deleted file mode 100644
index af4a871a..00000000
Binary files a/_deprecated/cloud/ansible/doc/otc_3_login.gif and /dev/null differ
diff --git a/_deprecated/cloud/ansible/doc/otc_4_import_key.gif b/_deprecated/cloud/ansible/doc/otc_4_import_key.gif
deleted file mode 100644
index 1c0050f3..00000000
Binary files a/_deprecated/cloud/ansible/doc/otc_4_import_key.gif and /dev/null differ
diff --git a/_deprecated/cloud/ansible/doc/putty_agent_forwarding.png b/_deprecated/cloud/ansible/doc/putty_agent_forwarding.png
deleted file mode 100644
index fdfff05c..00000000
Binary files a/_deprecated/cloud/ansible/doc/putty_agent_forwarding.png and /dev/null differ
diff --git a/_deprecated/cloud/ansible/openstack/ansible.cfg b/_deprecated/cloud/ansible/openstack/ansible.cfg
deleted file mode 100644
index eab457fb..00000000
--- a/_deprecated/cloud/ansible/openstack/ansible.cfg
+++ /dev/null
@@ -1,6 +0,0 @@
-[defaults]
-host_key_checking = false
-
-[ssh_connection]
-scp_if_ssh = true
-ssh_args = -o ServerAliveInterval=60
diff --git a/_deprecated/cloud/ansible/openstack/deploy_tpot.yaml b/_deprecated/cloud/ansible/openstack/deploy_tpot.yaml
deleted file mode 100644
index 5e3ee05a..00000000
--- a/_deprecated/cloud/ansible/openstack/deploy_tpot.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-- name: Check host prerequisites
- hosts: localhost
- become: yes
- roles:
- - check
-
-- name: Deploy instances
- hosts: localhost
- vars_files: my_os_cloud.yaml
- tasks:
- - name: Create security group and network
- ansible.builtin.include_role:
- name: create_net
- - name: Create one or more instances
- ansible.builtin.include_role:
- name: create_vm
- loop: "{{ range(0, 1) }}"
- loop_control:
- extended: yes
-
-- name: Install T-Pot
- hosts: tpot
- remote_user: linux
- become: yes
- gather_facts: no
- roles:
- - install
-# - custom_ews
-# - custom_hpfeeds
- - reboot
diff --git a/_deprecated/cloud/ansible/openstack/my_os_cloud.yaml b/_deprecated/cloud/ansible/openstack/my_os_cloud.yaml
deleted file mode 100644
index d3832f85..00000000
--- a/_deprecated/cloud/ansible/openstack/my_os_cloud.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-# Enter the name of your cloud to use from clouds.yaml
-cloud: open-telekom-cloud
diff --git a/_deprecated/cloud/ansible/openstack/requirements.yaml b/_deprecated/cloud/ansible/openstack/requirements.yaml
deleted file mode 100644
index 986ae0e5..00000000
--- a/_deprecated/cloud/ansible/openstack/requirements.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-collections:
-- name: openstack.cloud
diff --git a/_deprecated/cloud/ansible/openstack/roles/check/tasks/main.yaml b/_deprecated/cloud/ansible/openstack/roles/check/tasks/main.yaml
deleted file mode 100644
index 7242ee4c..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/check/tasks/main.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-- name: Install dependencies
- ansible.builtin.package:
- name:
- - gcc
- - python3-dev
- - python3-setuptools
- - python3-pip
- state: present
-
-- name: Install openstacksdk
- ansible.builtin.pip:
- name: openstacksdk
- executable: pip3
-
-- name: Check if agent forwarding is enabled
- ansible.builtin.fail:
- msg: Please enable agent forwarding to allow Ansible to connect to the remote host!
- ignore_errors: yes
- failed_when: lookup('env','SSH_AUTH_SOCK') == ""
diff --git a/_deprecated/cloud/ansible/openstack/roles/create_net/tasks/main.yaml b/_deprecated/cloud/ansible/openstack/roles/create_net/tasks/main.yaml
deleted file mode 100644
index 0d8b9449..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/create_net/tasks/main.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-- name: Create security group
- openstack.cloud.security_group:
- cloud: "{{ cloud }}"
- name: sg-tpot-ansible
- description: Security Group for T-Pot
-
-- name: Add rules to security group
- openstack.cloud.security_group_rule:
- cloud: "{{ cloud }}"
- security_group: sg-tpot-ansible
- remote_ip_prefix: 0.0.0.0/0
-
-- name: Create network
- openstack.cloud.network:
- cloud: "{{ cloud }}"
- name: network-tpot-ansible
-
-- name: Create subnet
- openstack.cloud.subnet:
- cloud: "{{ cloud }}"
- network_name: network-tpot-ansible
- name: subnet-tpot-ansible
- cidr: 192.168.0.0/24
- dns_nameservers:
- - 100.125.4.25
- - 100.125.129.199
-
-- name: Create router
- openstack.cloud.router:
- cloud: "{{ cloud }}"
- name: router-tpot-ansible
- interfaces:
- - subnet-tpot-ansible
diff --git a/_deprecated/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml b/_deprecated/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
deleted file mode 100644
index d7810a0d..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-- name: Generate T-Pot name
- ansible.builtin.set_fact:
- tpot_name: "t-pot-ansible-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=6') }}"
-
-- name: Create instance {{ ansible_loop.index }} of {{ ansible_loop.length }}
- openstack.cloud.server:
- cloud: "{{ cloud }}"
- name: "{{ tpot_name }}"
- availability_zone: "{{ availability_zone }}"
- image: "{{ image }}"
- boot_from_volume: yes
- volume_size: "{{ volume_size }}"
- key_name: "{{ key_name }}"
- auto_ip: yes
- flavor: "{{ flavor }}"
- security_groups: sg-tpot-ansible
- network: network-tpot-ansible
- register: tpot
-
-- name: Add instance to inventory
- ansible.builtin.add_host:
- hostname: "{{ tpot_name }}"
- ansible_host: "{{ tpot.server.public_v4 }}"
- groups: tpot
diff --git a/_deprecated/cloud/ansible/openstack/roles/create_vm/vars/main.yaml b/_deprecated/cloud/ansible/openstack/roles/create_vm/vars/main.yaml
deleted file mode 100644
index cd56d25f..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/create_vm/vars/main.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-availability_zone: eu-de-03
-image: Standard_Debian_10_latest
-volume_size: 128
-key_name: your-KeyPair
-flavor: s3.medium.8
diff --git a/_deprecated/cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml b/_deprecated/cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml
deleted file mode 100644
index fec93410..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-- name: Copy ews configuration file
- ansible.builtin.template:
- src: ews.cfg
- dest: /data/ews/conf
- owner: root
- group: root
- mode: 0644
-
-- name: Patching tpot.yml with custom ews configuration file
- ansible.builtin.lineinfile:
- path: /opt/tpot/etc/tpot.yml
- insertafter: "/opt/ewsposter/ews.ip"
- line: " - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg"
diff --git a/_deprecated/cloud/ansible/openstack/roles/custom_ews/templates/ews.cfg b/_deprecated/cloud/ansible/openstack/roles/custom_ews/templates/ews.cfg
deleted file mode 100644
index a775d04b..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/custom_ews/templates/ews.cfg
+++ /dev/null
@@ -1,137 +0,0 @@
-[MAIN]
-homedir = /opt/ewsposter/
-spooldir = /opt/ewsposter/spool/
-logdir = /opt/ewsposter/log/
-del_malware_after_send = false
-send_malware = true
-sendlimit = 500
-contact = your_email_address
-proxy =
-ip =
-
-[EWS]
-ews = true
-username = your_username
-token = your_token
-rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
-rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
-ignorecert = false
-
-[HPFEED]
-hpfeed = %(EWS_HPFEEDS_ENABLE)s
-host = %(EWS_HPFEEDS_HOST)s
-port = %(EWS_HPFEEDS_PORT)s
-channels = %(EWS_HPFEEDS_CHANNELS)s
-ident = %(EWS_HPFEEDS_IDENT)s
-secret= %(EWS_HPFEEDS_SECRET)s
-# path/to/certificate for tls broker - or "false" for non-tls broker
-tlscert = %(EWS_HPFEEDS_TLSCERT)s
-# hpfeeds submission format: "ews" (xml) or "json"
-hpfformat = %(EWS_HPFEEDS_FORMAT)s
-
-[EWSJSON]
-json = false
-jsondir = /data/ews/json/
-
-[GLASTOPFV3]
-glastopfv3 = true
-nodeid = glastopfv3-{{ ansible_hostname }}
-sqlitedb = /data/glastopf/db/glastopf.db
-malwaredir = /data/glastopf/data/files/
-
-[GLASTOPFV2]
-glastopfv2 = false
-nodeid =
-mysqlhost =
-mysqldb =
-mysqluser =
-mysqlpw =
-malwaredir =
-
-[KIPPO]
-kippo = false
-nodeid =
-mysqlhost =
-mysqldb =
-mysqluser =
-mysqlpw =
-malwaredir =
-
-[COWRIE]
-cowrie = true
-nodeid = cowrie-{{ ansible_hostname }}
-logfile = /data/cowrie/log/cowrie.json
-
-[DIONAEA]
-dionaea = true
-nodeid = dionaea-{{ ansible_hostname }}
-malwaredir = /data/dionaea/binaries/
-sqlitedb = /data/dionaea/log/dionaea.sqlite
-
-[HONEYTRAP]
-honeytrap = true
-nodeid = honeytrap-{{ ansible_hostname }}
-newversion = true
-payloaddir = /data/honeytrap/attacks/
-attackerfile = /data/honeytrap/log/attacker.log
-
-[RDPDETECT]
-rdpdetect = false
-nodeid =
-iptableslog =
-targetip =
-
-[EMOBILITY]
-eMobility = false
-nodeid = emobility-{{ ansible_hostname }}
-logfile = /data/emobility/log/centralsystemEWS.log
-
-[CONPOT]
-conpot = true
-nodeid = conpot-{{ ansible_hostname }}
-logfile = /data/conpot/log/conpot*.json
-
-[ELASTICPOT]
-elasticpot = true
-nodeid = elasticpot-{{ ansible_hostname }}
-logfile = /data/elasticpot/log/elasticpot.log
-
-[SURICATA]
-suricata = true
-nodeid = suricata-{{ ansible_hostname }}
-logfile = /data/suricata/log/eve.json
-
-[MAILONEY]
-mailoney = true
-nodeid = mailoney-{{ ansible_hostname }}
-logfile = /data/mailoney/log/commands.log
-
-[RDPY]
-rdpy = true
-nodeid = rdpy-{{ ansible_hostname }}
-logfile = /data/rdpy/log/rdpy.log
-
-[VNCLOWPOT]
-vnclowpot = true
-nodeid = vnclowpot-{{ ansible_hostname }}
-logfile = /data/vnclowpot/log/vnclowpot.log
-
-[HERALDING]
-heralding = true
-nodeid = heralding-{{ ansible_hostname }}
-logfile = /data/heralding/log/auth.csv
-
-[CISCOASA]
-ciscoasa = true
-nodeid = ciscoasa-{{ ansible_hostname }}
-logfile = /data/ciscoasa/log/ciscoasa.log
-
-[TANNER]
-tanner = true
-nodeid = tanner-{{ ansible_hostname }}
-logfile = /data/tanner/log/tanner_report.json
-
-[GLUTTON]
-glutton = true
-nodeid = glutton-{{ ansible_hostname }}
-logfile = /data/glutton/log/glutton.log
diff --git a/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/files/hpfeeds.cfg b/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/files/hpfeeds.cfg
deleted file mode 100644
index 1b981fdd..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/files/hpfeeds.cfg
+++ /dev/null
@@ -1,8 +0,0 @@
-myENABLE=false
-myHOST=host
-myPORT=port
-myCHANNEL=channels
-myCERT=false
-myIDENT=user
-mySECRET=secret
-myFORMAT=json
diff --git a/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml b/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml
deleted file mode 100644
index fa479137..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-- name: Copy hpfeeds configuration file
- ansible.builtin.copy:
- src: hpfeeds.cfg
- dest: /data/ews/conf
- owner: tpot
- group: tpot
- mode: 0770
- register: config
-
-- name: Applying hpfeeds settings
- ansible.builtin.command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
- when: config.changed == true
diff --git a/_deprecated/cloud/ansible/openstack/roles/install/tasks/main.yaml b/_deprecated/cloud/ansible/openstack/roles/install/tasks/main.yaml
deleted file mode 100644
index c525640c..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/install/tasks/main.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-- name: Waiting for SSH connection
- ansible.builtin.wait_for_connection:
-
-- name: Gathering facts
- ansible.builtin.setup:
-
-- name: Cloning T-Pot install directory
- ansible.builtin.git:
- repo: "https://github.com/telekom-security/tpotce.git"
- dest: /root/tpot
-
-- name: Prepare to set user password
- ansible.builtin.set_fact:
- user_name: "{{ ansible_user }}"
- user_salt: "s0mew1ck3dTpoT"
- no_log: true
-
-- name: Changing password for user {{ user_name }}
- ansible.builtin.user:
- name: "{{ ansible_user }}"
- password: "{{ user_password | password_hash('sha512', user_salt) }}"
- state: present
- shell: /bin/bash
-
-- name: Copy T-Pot configuration file
- ansible.builtin.copy:
- src: ../../../../../../iso/installer/tpot.conf.dist
- dest: /root/tpot.conf
- owner: root
- group: root
- mode: 0644
-
-- name: Install T-Pot on instance - be patient, this might take 15 to 30 minutes depending on the connection speed.
- ansible.builtin.command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
-
-- name: Delete T-Pot configuration file
- ansible.builtin.file:
- path: /root/tpot.conf
- state: absent
-
-- name: Change unattended-upgrades to take default action
- ansible.builtin.blockinfile:
- dest: /etc/apt/apt.conf.d/50unattended-upgrades
- block: |
- Dpkg::Options {
- "--force-confdef";
- "--force-confold";
- }
diff --git a/_deprecated/cloud/ansible/openstack/roles/install/vars/main.yaml b/_deprecated/cloud/ansible/openstack/roles/install/vars/main.yaml
deleted file mode 100644
index ce234a97..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/install/vars/main.yaml
+++ /dev/null
@@ -1 +0,0 @@
-user_password: LiNuXuSeRPaSs#
diff --git a/_deprecated/cloud/ansible/openstack/roles/reboot/tasks/main.yaml b/_deprecated/cloud/ansible/openstack/roles/reboot/tasks/main.yaml
deleted file mode 100644
index 1d5ce5d5..00000000
--- a/_deprecated/cloud/ansible/openstack/roles/reboot/tasks/main.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-- name: Finally rebooting T-Pot
- ansible.builtin.command: shutdown -r now
- async: 1
- poll: 0
-
-- name: Next login options
- ansible.builtin.debug:
- msg:
- - "***** SSH Access:"
- - "***** ssh {{ ansible_user }}@{{ ansible_host }} -p 64295"
- - ""
- - "***** Web UI:"
- - "***** https://{{ ansible_host }}:64297"
- - ""
- - "***** Admin UI:"
- - "***** https://{{ ansible_host }}:64294"
diff --git a/_deprecated/cloud/terraform/README.md b/_deprecated/cloud/terraform/README.md
deleted file mode 100644
index 8aaf2c5a..00000000
--- a/_deprecated/cloud/terraform/README.md
+++ /dev/null
@@ -1,129 +0,0 @@
-# T-Pot Terraform
-This [Terraform](https://www.terraform.io/) configuration can be used to launch a virtual machine, bootstrap any dependencies and install T-Pot in a single step.
-Configuration for Amazon Web Services (AWS) and Open Telekom Cloud (OTC) is currently included.
-This can easily be extended to support other [Terraform providers](https://registry.terraform.io/browse/providers?category=public-cloud%2Ccloud-automation%2Cinfrastructure).
-
-[Cloud-init](https://cloudinit.readthedocs.io/en/latest/) is used to bootstrap the instance and install T-Pot on startup.
-
-# Table of Contents
-- [What get's created](#what-created)
- - [Amazon Web Services (AWS)](#what-created-aws)
- - [Open Telekom Cloud (OTC)](#what-created-otc)
-- [Prerequisites](#pre)
- - [Amazon Web Services (AWS)](#pre-aws)
- - [Open Telekom Cloud (OTC)](#pre-otc)
-- [Terraform Variables](#variables)
- - [Common configuration items](#variables-common)
- - [Amazon Web Services (AWS)](#variables-aws)
- - [Open Telekom Cloud (OTC)](#variables-otc)
-- [Initialising](#initialising)
-- [Applying the Configuration](#applying)
-- [Connecting to the Instance](#connecting)
-
-
-## What get's created
-
-
-### Amazon Web Services (AWS)
-* EC2 instance:
- * t3.large (2 vCPUs, 8 GB RAM)
- * 128 GB disk
- * Debian 10
- * Public IP
-* Security Group:
- * TCP/UDP ports <= 64000 open to the Internet
- * TCP ports 64294, 64295 and 64297 open to a chosen administrative IP
-
-
-### Open Telekom Cloud (OTC)
-* ECS instance:
- * s3.medium.8 (1 vCPU, 8 GB RAM)
- * 128 GB disk
- * Debian 10
- * Public EIP
-* Security Group
- * All TCP/UDP ports are open to the Internet
-* Virtual Private Cloud (VPC) and Subnet
-
-
-## Prerequisites
-* [Terraform](https://www.terraform.io/) 0.13
-
-
-### Amazon Web Services (AWS)
-* AWS Account
- * Existing VPC: VPC ID needs to be specified in `aws/variables.tf`
- * Existing subnet: Subnet ID needs to be specified in `aws/variables.tf`
- * Existing SSH key pair: Key name needs to be specified in `aws/variables.tf`
-* AWS Authentication credentials should be [set using environment variables](https://www.terraform.io/docs/providers/aws/index.html#environment-variables)
-
-
-### Open Telekom Cloud (OTC)
-* OTC Account
- * Existing SSH key pair: Key name needs to be specified in `otc/variables.tf`
-* OTC Authentication credentials (Username, Password, Project Name, User Domain Name) can be set in the `otc/clouds.yaml` file
-
-
-## Terraform Variables
-
-
-### Common configuration items
-These variables exist in `aws/variables.tf` and `otc/variables.tf` respectively.
-Settings for cloud-init:
-* `timezone` - Set the Server's timezone
-* `linux_password`- Set a password for the Linux Operating System user (which is also used on the Admin UI)
-
-Settings for T-Pot:
-* `tpot_flavor` - Set the flavor of the T-Pot (Available flavors are listed in the variable's description)
-* `web_user` - Set a username for the T-Pot Kibana Dasboard
-* `web_password` - Set a password for the T-Pot Kibana Dashboard
-
-
-### Amazon Web Services (AWS)
-In `aws/variables.tf`, you can change the additional variables:
-* `admin_ip` - source IP address(es) that you will use to administer the system. Connections to TCP ports 64294, 64295 and 64297 will be allowed from this IP only. Multiple IPs or CIDR blocks can be specified in the format: `["127.0.0.1/32", "192.168.0.0/24"]`
-* `ec2_vpc_id` - Specify an existing VPC ID
-* `ec2_subnet_id` - Specify an existing Subnet ID
-* `ec2_region`
-* `ec2_ssh_key_name` - Specify an existing SSH key pair
-* `ec2_instance_type`
-
-
-### Open Telekom Cloud (OTC)
-In `otc/variables.tf`, you can change the additional variables:
-* `ecs_flavor`
-* `ecs_disk_size`
-* `availability_zone`
-* `key_pair` - Specify an existing SSH key pair
-* `eip_size`
-
-... and some more, but these are the most relevant.
-
-
-## Initialising
-The [`terraform init`](https://www.terraform.io/docs/commands/init.html) command is used to initialize a working directory containing Terraform configuration files.
-
-```
-$ cd aws
-$ terraform init
-```
-OR
-```
-$ cd otc
-$ terraform init
-```
-
-
-## Applying the Configuration
-The [`terraform apply`](https://www.terraform.io/docs/commands/apply.html) command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a [`terraform plan`](https://www.terraform.io/docs/commands/plan.html) execution plan.
-
-```
-$ terraform apply
-```
-This will create your infrastructure and start a Cloud Server. On startup, the Server gets bootstrapped with cloud-init and will install T-Pot. Once this is done, the server will reboot.
-
-If you want the remove the built infrastructure, you can run [`terraform destroy`](https://www.terraform.io/docs/commands/destroy.html) to delete it.
-
-
-## Connecting to the Instance
-When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/telekom-security/tpotce#ssh-and-web-access).
diff --git a/_deprecated/cloud/terraform/aws/.terraform.lock.hcl b/_deprecated/cloud/terraform/aws/.terraform.lock.hcl
deleted file mode 100644
index d2366cb2..00000000
--- a/_deprecated/cloud/terraform/aws/.terraform.lock.hcl
+++ /dev/null
@@ -1,20 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/aws" {
- version = "3.26.0"
- constraints = "3.26.0"
- hashes = [
- "h1:0i78FItlPeiomd+4ThZrtm56P5K33k7/6dnEe4ZePI0=",
- "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb",
- "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300",
- "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b",
- "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535",
- "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587",
- "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d",
- "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea",
- "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4",
- "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58",
- "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01",
- ]
-}
diff --git a/_deprecated/cloud/terraform/aws/main.tf b/_deprecated/cloud/terraform/aws/main.tf
deleted file mode 100644
index 44185446..00000000
--- a/_deprecated/cloud/terraform/aws/main.tf
+++ /dev/null
@@ -1,66 +0,0 @@
-provider "aws" {
- region = var.ec2_region
-}
-
-resource "aws_security_group" "tpot" {
- name = "T-Pot"
- description = "T-Pot Honeypot"
- vpc_id = var.ec2_vpc_id
- ingress {
- from_port = 0
- to_port = 64000
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- ingress {
- from_port = 0
- to_port = 64000
- protocol = "udp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- ingress {
- from_port = 64294
- to_port = 64294
- protocol = "tcp"
- cidr_blocks = var.admin_ip
- }
- ingress {
- from_port = 64295
- to_port = 64295
- protocol = "tcp"
- cidr_blocks = var.admin_ip
- }
- ingress {
- from_port = 64297
- to_port = 64297
- protocol = "tcp"
- cidr_blocks = var.admin_ip
- }
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
- tags = {
- Name = "T-Pot"
- }
-}
-
-resource "aws_instance" "tpot" {
- ami = var.ec2_ami[var.ec2_region]
- instance_type = var.ec2_instance_type
- key_name = var.ec2_ssh_key_name
- subnet_id = var.ec2_subnet_id
- tags = {
- Name = "T-Pot Honeypot"
- }
- root_block_device {
- volume_type = "gp2"
- volume_size = 128
- delete_on_termination = true
- }
- user_data = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
- vpc_security_group_ids = [aws_security_group.tpot.id]
- associate_public_ip_address = true
-}
diff --git a/_deprecated/cloud/terraform/aws/outputs.tf b/_deprecated/cloud/terraform/aws/outputs.tf
deleted file mode 100644
index 753a893b..00000000
--- a/_deprecated/cloud/terraform/aws/outputs.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-output "Admin_UI" {
- value = "https://${aws_instance.tpot.public_dns}:64294/"
-}
-
-output "SSH_Access" {
- value = "ssh -i {private_key_file} -p 64295 admin@${aws_instance.tpot.public_dns}"
-}
-
-output "Web_UI" {
- value = "https://${aws_instance.tpot.public_dns}:64297/"
-}
-
diff --git a/_deprecated/cloud/terraform/aws/variables.tf b/_deprecated/cloud/terraform/aws/variables.tf
deleted file mode 100644
index 6b4ff656..00000000
--- a/_deprecated/cloud/terraform/aws/variables.tf
+++ /dev/null
@@ -1,93 +0,0 @@
-variable "admin_ip" {
- default = ["127.0.0.1/32"]
- description = "admin IP addresses in CIDR format"
-}
-
-variable "ec2_vpc_id" {
- description = "ID of AWS VPC"
- default = "vpc-XXX"
-}
-
-variable "ec2_subnet_id" {
- description = "ID of AWS VPC subnet"
- default = "subnet-YYY"
-}
-
-variable "ec2_region" {
- description = "AWS region to launch servers"
- default = "eu-west-1"
-}
-
-variable "ec2_ssh_key_name" {
- default = "default"
-}
-
-# https://aws.amazon.com/ec2/instance-types/
-# t3.large = 2 vCPU, 8 GiB RAM
-variable "ec2_instance_type" {
- default = "t3.large"
-}
-
-# Refer to https://wiki.debian.org/Cloud/AmazonEC2Image/Bullseye
-variable "ec2_ami" {
- type = map(string)
- default = {
- "af-south-1" = "ami-0c372f041acae6d49"
- "ap-east-1" = "ami-079b8d011d4655385"
- "ap-northeast-1" = "ami-08dbbf1c0485a4aa8"
- "ap-northeast-2" = "ami-0269fe7d013b8e2dd"
- "ap-northeast-3" = "ami-0848d1e5fb6e3e3da"
- "ap-south-1" = "ami-020d429f17c9f1d0a"
- "ap-southeast-1" = "ami-09625a221230d9fe6"
- "ap-southeast-2" = "ami-03cbc6cddb06af2c2"
- "ca-central-1" = "ami-09125623b02302014"
- "eu-central-1" = "ami-00c36c60f07e21791"
- "eu-north-1" = "ami-052bea934e2d9dbfe"
- "eu-south-1" = "ami-04e2bb16d37324719"
- "eu-west-1" = "ami-0f87948fe2cf1b2a4"
- "eu-west-2" = "ami-02ed1bc837487d535"
- "eu-west-3" = "ami-080efd2add7e29430"
- "me-south-1" = "ami-0dbde382c834c4a72"
- "sa-east-1" = "ami-0a0792814cb068077"
- "us-east-1" = "ami-05dd1b6e7ef6f8378"
- "us-east-2" = "ami-04dd0542609808c50"
- "us-west-1" = "ami-07af5f877b3db9f73"
- "us-west-2" = "ami-0d0d8694ba492c02b"
- }
-}
-
-## cloud-init configuration ##
-variable "timezone" {
- default = "UTC"
-}
-
-variable "linux_password" {
- #default = "LiNuXuSeRPaSs#"
- description = "Set a password for the default user"
-
- validation {
- condition = length(var.linux_password) > 0
- error_message = "Please specify a password for the default user."
- }
-}
-
-## These will go in the generated tpot.conf file ##
-variable "tpot_flavor" {
- default = "STANDARD"
- description = "Specify your tpot flavor [STANDARD, HIVE, HIVE_SENSOR, INDUSTRIAL, LOG4J, MEDICAL, MINI, SENSOR]"
-}
-
-variable "web_user" {
- default = "webuser"
- description = "Set a username for the web user"
-}
-
-variable "web_password" {
- #default = "w3b$ecret"
- description = "Set a password for the web user"
-
- validation {
- condition = length(var.web_password) > 0
- error_message = "Please specify a password for the web user."
- }
-}
diff --git a/_deprecated/cloud/terraform/aws/versions.tf b/_deprecated/cloud/terraform/aws/versions.tf
deleted file mode 100644
index 9ae9023e..00000000
--- a/_deprecated/cloud/terraform/aws/versions.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-terraform {
- required_version = ">= 0.13"
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = "3.26.0"
- }
- }
-}
diff --git a/_deprecated/cloud/terraform/aws_multi_region/_provider.tf b/_deprecated/cloud/terraform/aws_multi_region/_provider.tf
deleted file mode 100644
index 53b015f6..00000000
--- a/_deprecated/cloud/terraform/aws_multi_region/_provider.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-provider "aws" {
- alias = "eu-west-2"
- region = "eu-west-2"
-}
-
-provider "aws" {
- alias = "us-west-1"
- region = "us-west-1"
-}
diff --git a/_deprecated/cloud/terraform/aws_multi_region/main.tf b/_deprecated/cloud/terraform/aws_multi_region/main.tf
deleted file mode 100644
index e3655383..00000000
--- a/_deprecated/cloud/terraform/aws_multi_region/main.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-module "eu-west-2" {
- source = "./modules/multi-region"
- ec2_vpc_id = "vpc-xxxxxxxx"
- ec2_subnet_id = "subnet-xxxxxxxx"
- ec2_region = "eu-west-2"
- tpot_name = "T-Pot Honeypot"
-
- linux_password = var.linux_password
- web_password = var.web_password
- providers = {
- aws = aws.eu-west-2
- }
-}
-
-module "us-west-1" {
- source = "./modules/multi-region"
- ec2_vpc_id = "vpc-xxxxxxxx"
- ec2_subnet_id = "subnet-xxxxxxxx"
- ec2_region = "us-west-1"
- tpot_name = "T-Pot Honeypot"
-
- linux_password = var.linux_password
- web_password = var.web_password
- providers = {
- aws = aws.us-west-1
- }
-}
diff --git a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/main.tf b/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/main.tf
deleted file mode 100644
index 18ad1f40..00000000
--- a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/main.tf
+++ /dev/null
@@ -1,69 +0,0 @@
-variable "ec2_vpc_id" {}
-variable "ec2_subnet_id" {}
-variable "ec2_region" {}
-variable "linux_password" {}
-variable "web_password" {}
-variable "tpot_name" {}
-
-resource "aws_security_group" "tpot" {
- name = "T-Pot"
- description = "T-Pot Honeypot"
- vpc_id = var.ec2_vpc_id
- ingress {
- from_port = 0
- to_port = 64000
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- ingress {
- from_port = 0
- to_port = 64000
- protocol = "udp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- ingress {
- from_port = 64294
- to_port = 64294
- protocol = "tcp"
- cidr_blocks = var.admin_ip
- }
- ingress {
- from_port = 64295
- to_port = 64295
- protocol = "tcp"
- cidr_blocks = var.admin_ip
- }
- ingress {
- from_port = 64297
- to_port = 64297
- protocol = "tcp"
- cidr_blocks = var.admin_ip
- }
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
- tags = {
- Name = "T-Pot"
- }
-}
-
-resource "aws_instance" "tpot" {
- ami = var.ec2_ami[var.ec2_region]
- instance_type = var.ec2_instance_type
- key_name = var.ec2_ssh_key_name
- subnet_id = var.ec2_subnet_id
- tags = {
- Name = var.tpot_name
- }
- root_block_device {
- volume_type = "gp2"
- volume_size = 128
- delete_on_termination = true
- }
- user_data = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
- vpc_security_group_ids = [aws_security_group.tpot.id]
- associate_public_ip_address = true
-}
diff --git a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/outputs.tf b/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/outputs.tf
deleted file mode 100644
index 753a893b..00000000
--- a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/outputs.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-output "Admin_UI" {
- value = "https://${aws_instance.tpot.public_dns}:64294/"
-}
-
-output "SSH_Access" {
- value = "ssh -i {private_key_file} -p 64295 admin@${aws_instance.tpot.public_dns}"
-}
-
-output "Web_UI" {
- value = "https://${aws_instance.tpot.public_dns}:64297/"
-}
-
diff --git a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/variables.tf b/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/variables.tf
deleted file mode 100644
index 26a31b66..00000000
--- a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/variables.tf
+++ /dev/null
@@ -1,57 +0,0 @@
-variable "admin_ip" {
- default = ["127.0.0.1/32"]
- description = "admin IP addresses in CIDR format"
-}
-
-variable "ec2_ssh_key_name" {
- default = "default"
-}
-
-# https://aws.amazon.com/ec2/instance-types/
-variable "ec2_instance_type" {
- default = "t3.xlarge"
-}
-
-# Refer to https://wiki.debian.org/Cloud/AmazonEC2Image/Bullseye
-variable "ec2_ami" {
- type = map(string)
- default = {
- "af-south-1" = "ami-0c372f041acae6d49"
- "ap-east-1" = "ami-079b8d011d4655385"
- "ap-northeast-1" = "ami-08dbbf1c0485a4aa8"
- "ap-northeast-2" = "ami-0269fe7d013b8e2dd"
- "ap-northeast-3" = "ami-0848d1e5fb6e3e3da"
- "ap-south-1" = "ami-020d429f17c9f1d0a"
- "ap-southeast-1" = "ami-09625a221230d9fe6"
- "ap-southeast-2" = "ami-03cbc6cddb06af2c2"
- "ca-central-1" = "ami-09125623b02302014"
- "eu-central-1" = "ami-00c36c60f07e21791"
- "eu-north-1" = "ami-052bea934e2d9dbfe"
- "eu-south-1" = "ami-04e2bb16d37324719"
- "eu-west-1" = "ami-0f87948fe2cf1b2a4"
- "eu-west-2" = "ami-02ed1bc837487d535"
- "eu-west-3" = "ami-080efd2add7e29430"
- "me-south-1" = "ami-0dbde382c834c4a72"
- "sa-east-1" = "ami-0a0792814cb068077"
- "us-east-1" = "ami-05dd1b6e7ef6f8378"
- "us-east-2" = "ami-04dd0542609808c50"
- "us-west-1" = "ami-07af5f877b3db9f73"
- "us-west-2" = "ami-0d0d8694ba492c02b"
- }
-}
-
-## cloud-init configuration ##
-variable "timezone" {
- default = "UTC"
-}
-
-## These will go in the generated tpot.conf file ##
-variable "tpot_flavor" {
- default = "STANDARD"
- description = "Specify your tpot flavor [STANDARD, HIVE, HIVE_SENSOR, INDUSTRIAL, LOG4J, MEDICAL, MINI, SENSOR]"
-}
-
-variable "web_user" {
- default = "webuser"
- description = "Set a username for the web user"
-}
diff --git a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/versions.tf b/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/versions.tf
deleted file mode 100644
index 5699714f..00000000
--- a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/versions.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-terraform {
- required_version = ">= 0.13"
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = "3.72.0"
- }
- }
-}
diff --git a/_deprecated/cloud/terraform/aws_multi_region/outputs.tf b/_deprecated/cloud/terraform/aws_multi_region/outputs.tf
deleted file mode 100644
index 845637d4..00000000
--- a/_deprecated/cloud/terraform/aws_multi_region/outputs.tf
+++ /dev/null
@@ -1,7 +0,0 @@
-output "eu-west-2_Web_UI" {
- value = module.eu-west-2.Web_UI
-}
-
-output "us-west-1_Web_UI" {
- value = module.us-west-1.Web_UI
-}
diff --git a/_deprecated/cloud/terraform/aws_multi_region/variables.tf b/_deprecated/cloud/terraform/aws_multi_region/variables.tf
deleted file mode 100644
index beb671a8..00000000
--- a/_deprecated/cloud/terraform/aws_multi_region/variables.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-variable "linux_password" {
- #default = "LiNuXuSeRP4Ss!"
- description = "Set a password for the default user"
-
- validation {
- condition = length(var.linux_password) > 0
- error_message = "Please specify a password for the default user."
- }
-}
-
-variable "web_password" {
- #default = "w3b$ecret20"
- description = "Set a password for the web user"
-
- validation {
- condition = length(var.web_password) > 0
- error_message = "Please specify a password for the web user."
- }
-}
diff --git a/_deprecated/cloud/terraform/cloud-init.yaml b/_deprecated/cloud/terraform/cloud-init.yaml
deleted file mode 100644
index cd0277db..00000000
--- a/_deprecated/cloud/terraform/cloud-init.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-#cloud-config
-timezone: ${timezone}
-
-packages:
- - git
-
-runcmd:
- - curl -sS --retry 5 https://github.com
- - git clone https://github.com/telekom-security/tpotce /root/tpot
- - /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
- - rm /root/tpot.conf
- - /sbin/shutdown -r now
-
-password: ${password}
-chpasswd:
- expire: false
-
-write_files:
- - content: |
- # tpot configuration file
- myCONF_TPOT_FLAVOR='${tpot_flavor}'
- myCONF_WEB_USER='${web_user}'
- myCONF_WEB_PW='${web_password}'
- owner: root:root
- path: /root/tpot.conf
- permissions: '0600'
diff --git a/_deprecated/cloud/terraform/otc/.terraform.lock.hcl b/_deprecated/cloud/terraform/otc/.terraform.lock.hcl
deleted file mode 100644
index ce0226cc..00000000
--- a/_deprecated/cloud/terraform/otc/.terraform.lock.hcl
+++ /dev/null
@@ -1,38 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/random" {
- version = "3.1.0"
- constraints = "~> 3.1.0"
- hashes = [
- "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
- "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
- "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
- "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
- "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
- "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
- "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
- "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
- "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
- "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
- "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
- "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
- ]
-}
-
-provider "registry.terraform.io/opentelekomcloud/opentelekomcloud" {
- version = "1.23.6"
- constraints = "~> 1.23.4"
- hashes = [
- "h1:B/1Md957jWaDgFqsJDzmJc75KwL0eC/PCVuZ8HV5xSc=",
- "zh:1aa79010869d082157fb44fc83c3bff4e40938ec0ca916f704d974c7f7ca39e4",
- "zh:3155b8366828ce50231f69962b55df1e2261ed63c44bb64e2c950dd68769df1b",
- "zh:4a909617aa96a6d8aead14f56996ad94e0a1cae9d28e8df1ddae19c2095ed337",
- "zh:4f71046719632b4b90f88d29d8ba88915ee6ad66cd9d7ebe84a7459013e5003a",
- "zh:67e4d10b2db79ad78ae2ec8d9dfac53c4721028f97f4436a7aa45e80b1beefd3",
- "zh:7f12541fc5a3513e5522ff2bd5fee17d1e67bfe64f9ef59d03863fc7389e12ce",
- "zh:86fadabfc8307cf6084a412ffc9c797ec94932d08bc663a3fcebf98101e951f6",
- "zh:98744b39c2bfe3e8e6f929f750a689971071b257f3f066f669f93c8e0b76d179",
- "zh:c363d41debb060804e2c6bd9cb50b4e8daa37362299e3ea74e187265cd85f2ca",
- ]
-}
diff --git a/_deprecated/cloud/terraform/otc/main.tf b/_deprecated/cloud/terraform/otc/main.tf
deleted file mode 100644
index f3508f7a..00000000
--- a/_deprecated/cloud/terraform/otc/main.tf
+++ /dev/null
@@ -1,68 +0,0 @@
-data "opentelekomcloud_images_image_v2" "debian" {
- name = "Standard_Debian_10_latest"
-}
-
-resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
- name = var.secgroup_name
- description = var.secgroup_desc
-}
-
-resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
- direction = "ingress"
- ethertype = "IPv4"
- remote_ip_prefix = "0.0.0.0/0"
- security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
-}
-
-resource "opentelekomcloud_vpc_v1" "vpc_1" {
- name = var.vpc_name
- cidr = var.vpc_cidr
-}
-
-resource "opentelekomcloud_vpc_subnet_v1" "subnet_1" {
- name = var.subnet_name
- cidr = var.subnet_cidr
- vpc_id = opentelekomcloud_vpc_v1.vpc_1.id
-
- gateway_ip = var.subnet_gateway_ip
- dns_list = ["100.125.4.25", "100.125.129.199"]
-}
-
-resource "random_id" "tpot" {
- byte_length = 6
- prefix = var.ecs_prefix
-}
-
-resource "opentelekomcloud_ecs_instance_v1" "ecs_1" {
- name = random_id.tpot.b64_url
- image_id = data.opentelekomcloud_images_image_v2.debian.id
- flavor = var.ecs_flavor
- vpc_id = opentelekomcloud_vpc_v1.vpc_1.id
-
- nics {
- network_id = opentelekomcloud_vpc_subnet_v1.subnet_1.id
- }
-
- system_disk_size = var.ecs_disk_size
- system_disk_type = "SAS"
- security_groups = [opentelekomcloud_networking_secgroup_v2.secgroup_1.id]
- availability_zone = var.availability_zone
- key_name = var.key_pair
- user_data = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
-}
-
-resource "opentelekomcloud_vpc_eip_v1" "eip_1" {
- publicip {
- type = "5_bgp"
- }
- bandwidth {
- name = "bandwidth-${random_id.tpot.b64_url}"
- size = var.eip_size
- share_type = "PER"
- }
-}
-
-resource "opentelekomcloud_compute_floatingip_associate_v2" "fip_1" {
- floating_ip = opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address
- instance_id = opentelekomcloud_ecs_instance_v1.ecs_1.id
-}
diff --git a/_deprecated/cloud/terraform/otc/outputs.tf b/_deprecated/cloud/terraform/otc/outputs.tf
deleted file mode 100644
index 96cc7922..00000000
--- a/_deprecated/cloud/terraform/otc/outputs.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-output "Admin_UI" {
- value = "https://${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}:64294"
-}
-
-output "SSH_Access" {
- value = "ssh -p 64295 linux@${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}"
-}
-
-output "Web_UI" {
- value = "https://${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}:64297"
-}
diff --git a/_deprecated/cloud/terraform/otc/provider.tf b/_deprecated/cloud/terraform/otc/provider.tf
deleted file mode 100644
index 462028fa..00000000
--- a/_deprecated/cloud/terraform/otc/provider.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-provider "opentelekomcloud" {
- cloud = "open-telekom-cloud"
-}
diff --git a/_deprecated/cloud/terraform/otc/variables.tf b/_deprecated/cloud/terraform/otc/variables.tf
deleted file mode 100644
index 384ea00e..00000000
--- a/_deprecated/cloud/terraform/otc/variables.tf
+++ /dev/null
@@ -1,98 +0,0 @@
-## cloud-init configuration ##
-variable "timezone" {
- default = "UTC"
-}
-
-variable "linux_password" {
- #default = "LiNuXuSeRPaSs#"
- description = "Set a password for the default user"
-
- validation {
- condition = length(var.linux_password) > 0
- error_message = "Please specify a password for the default user."
- }
-}
-
-## Security Group ##
-variable "secgroup_name" {
- default = "sg-tpot"
-}
-
-variable "secgroup_desc" {
- default = "Security Group for T-Pot"
-}
-
-## Virtual Private Cloud ##
-variable "vpc_name" {
- default = "vpc-tpot"
-}
-
-variable "vpc_cidr" {
- default = "192.168.0.0/16"
-}
-
-## Subnet ##
-variable "subnet_name" {
- default = "subnet-tpot"
-}
-
-variable "subnet_cidr" {
- default = "192.168.0.0/24"
-}
-
-variable "subnet_gateway_ip" {
- default = "192.168.0.1"
-}
-
-## Elastic Cloud Server ##
-variable "ecs_prefix" {
- default = "tpot-"
-}
-
-variable "ecs_flavor" {
- default = "s3.medium.8"
-}
-
-variable "ecs_disk_size" {
- default = "128"
-}
-
-variable "availability_zone" {
- default = "eu-de-03"
-}
-
-variable "key_pair" {
- #default = ""
- description = "Specify your SSH key pair"
-
- validation {
- condition = length(var.key_pair) > 0
- error_message = "Please specify a Key Pair."
- }
-}
-
-## Elastic IP ##
-variable "eip_size" {
- default = "100"
-}
-
-## These will go in the generated tpot.conf file ##
-variable "tpot_flavor" {
- default = "STANDARD"
- description = "Specify your tpot flavor [STANDARD, HIVE, HIVE_SENSOR, INDUSTRIAL, LOG4J, MEDICAL, MINI, SENSOR]"
-}
-
-variable "web_user" {
- default = "webuser"
- description = "Set a username for the web user"
-}
-
-variable "web_password" {
- #default = "w3b$ecret"
- description = "Set a password for the web user"
-
- validation {
- condition = length(var.web_password) > 0
- error_message = "Please specify a password for the web user."
- }
-}
diff --git a/_deprecated/cloud/terraform/otc/versions.tf b/_deprecated/cloud/terraform/otc/versions.tf
deleted file mode 100644
index d5a6ae2a..00000000
--- a/_deprecated/cloud/terraform/otc/versions.tf
+++ /dev/null
@@ -1,13 +0,0 @@
-terraform {
- required_version = ">= 0.13"
- required_providers {
- opentelekomcloud = {
- source = "opentelekomcloud/opentelekomcloud"
- version = "~> 1.23.4"
- }
- random = {
- source = "hashicorp/random"
- version = "~> 3.1.0"
- }
- }
-}
diff --git a/_deprecated/etc/compose/collector.yml b/_deprecated/etc/compose/collector.yml
deleted file mode 100644
index 9e72ef1a..00000000
--- a/_deprecated/etc/compose/collector.yml
+++ /dev/null
@@ -1,260 +0,0 @@
-# T-Pot (Collector)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- heralding_local:
- ewsposter_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# Heralding service
- heralding:
- container_name: heralding
- restart: always
- tmpfs:
- - /tmp/heralding:uid=2000,gid=2000
- networks:
- - heralding_local
- ports:
- - "21:21"
- - "22:22"
- - "23:23"
- - "25:25"
- - "80:80"
- - "110:110"
- - "143:143"
- - "443:443"
- - "465:465"
- - "993:993"
- - "995:995"
- - "1080:1080"
- - "3306:3306"
- - "3389:3389"
- - "5432:5432"
- - "5900:5900"
- image: "dtagdevsec/heralding:2204"
- read_only: true
- volumes:
- - /data/heralding/log:/var/log/heralding
-
-# Honeytrap service
- honeytrap:
- container_name: honeytrap
- restart: always
- tmpfs:
- - /tmp/honeytrap:uid=2000,gid=2000
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- image: "dtagdevsec/honeytrap:2204"
- read_only: true
- volumes:
- - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- - /data/honeytrap/log:/opt/honeytrap/var/log
-
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-#### ELK
-## Elasticsearch service
- elasticsearch:
- container_name: elasticsearch
- restart: always
- environment:
- - bootstrap.memory_lock=true
- - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- - ES_TMPDIR=/tmp
- cap_add:
- - IPC_LOCK
- ulimits:
- memlock:
- soft: -1
- hard: -1
- nofile:
- soft: 65536
- hard: 65536
- mem_limit: 4g
- ports:
- - "127.0.0.1:64298:9200"
- image: "dtagdevsec/elasticsearch:2204"
- volumes:
- - /data:/data
-
-## Kibana service
- kibana:
- container_name: kibana
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- mem_limit: 1g
- ports:
- - "127.0.0.1:64296:5601"
- image: "dtagdevsec/kibana:2204"
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
- depends_on:
- elasticsearch:
- condition: service_healthy
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-## Map Redis Service
- map_redis:
- container_name: map_redis
- restart: always
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## Map Web Service
- map_web:
- container_name: map_web
- restart: always
- environment:
- - MAP_COMMAND=AttackMapServer.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- ports:
- - "127.0.0.1:64299:64299"
- image: "dtagdevsec/map:2204"
-
-## Map Data Service
- map_data:
- container_name: map_data
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- environment:
- - MAP_COMMAND=DataServer_v2.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/map:2204"
-#### /ELK
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-
-# Nginx service
- nginx:
- container_name: nginx
- restart: always
- tmpfs:
- - /var/tmp/nginx/client_body
- - /var/tmp/nginx/proxy
- - /var/tmp/nginx/fastcgi
- - /var/tmp/nginx/uwsgi
- - /var/tmp/nginx/scgi
- - /run
- - /var/lib/nginx/tmp:uid=100,gid=82
- network_mode: "host"
- # ports:
- # - "64297:64297"
- # - "127.0.0.1:64304:64304"
- image: "dtagdevsec/nginx:2204"
- read_only: true
- volumes:
- - /data/nginx/cert/:/etc/nginx/cert/:ro
- - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- - /data/nginx/log/:/var/log/nginx/
-
-# Spiderfoot service
- spiderfoot:
- container_name: spiderfoot
- restart: always
- networks:
- - spiderfoot_local
- ports:
- - "127.0.0.1:64303:8080"
- image: "dtagdevsec/spiderfoot:2204"
- volumes:
- - /data/spiderfoot:/home/spiderfoot/.spiderfoot
diff --git a/_deprecated/etc/compose/hive.yml b/_deprecated/etc/compose/hive.yml
deleted file mode 100644
index 4ed8cedc..00000000
--- a/_deprecated/etc/compose/hive.yml
+++ /dev/null
@@ -1,141 +0,0 @@
-# T-Pot (Hive)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- spiderfoot_local:
-
-services:
-
-##################
-#### Tools
-##################
-
-#### ELK
-## Elasticsearch service
- elasticsearch:
- container_name: elasticsearch
- restart: always
- environment:
- - bootstrap.memory_lock=true
- - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- - ES_TMPDIR=/tmp
- cap_add:
- - IPC_LOCK
- ulimits:
- memlock:
- soft: -1
- hard: -1
- nofile:
- soft: 65536
- hard: 65536
-# mem_limit: 4g
- ports:
- - "127.0.0.1:64298:9200"
- image: "dtagdevsec/elasticsearch:2204"
- volumes:
- - /data:/data
-
-## Kibana service
- kibana:
- container_name: kibana
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
-# mem_limit: 1g
- ports:
- - "127.0.0.1:64296:5601"
- image: "dtagdevsec/kibana:2204"
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
- depends_on:
- elasticsearch:
- condition: service_healthy
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- ports:
- - "127.0.0.1:64305:64305"
-# mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-## Map Redis Service
- map_redis:
- container_name: map_redis
- restart: always
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## Map Web Service
- map_web:
- container_name: map_web
- restart: always
- environment:
- - MAP_COMMAND=AttackMapServer.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- ports:
- - "127.0.0.1:64299:64299"
- image: "dtagdevsec/map:2204"
-
-## Map Data Service
- map_data:
- container_name: map_data
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- environment:
- - MAP_COMMAND=DataServer_v2.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/map:2204"
-#### /ELK
-
-# Nginx service
- nginx:
- container_name: nginx
- restart: always
- tmpfs:
- - /var/tmp/nginx/client_body
- - /var/tmp/nginx/proxy
- - /var/tmp/nginx/fastcgi
- - /var/tmp/nginx/uwsgi
- - /var/tmp/nginx/scgi
- - /run
- - /var/lib/nginx/tmp:uid=100,gid=82
- network_mode: "host"
- # ports:
- # - "64297:64297"
- # - "127.0.0.1:64304:64304"
- image: "dtagdevsec/nginx:2204"
- read_only: true
- volumes:
- - /data/nginx/cert/:/etc/nginx/cert/:ro
- - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- - /data/nginx/log/:/var/log/nginx/
-
-# Spiderfoot service
- spiderfoot:
- container_name: spiderfoot
- restart: always
- networks:
- - spiderfoot_local
- ports:
- - "127.0.0.1:64303:8080"
- image: "dtagdevsec/spiderfoot:2204"
- volumes:
- - /data/spiderfoot:/home/spiderfoot/.spiderfoot
diff --git a/_deprecated/etc/compose/hive_sensor.yml b/_deprecated/etc/compose/hive_sensor.yml
deleted file mode 100644
index db16863d..00000000
--- a/_deprecated/etc/compose/hive_sensor.yml
+++ /dev/null
@@ -1,548 +0,0 @@
-# T-Pot (Hive_Sensor)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- adbhoney_local:
- ciscoasa_local:
- citrixhoneypot_local:
- conpot_local_IEC104:
- conpot_local_guardian_ast:
- conpot_local_ipmi:
- conpot_local_kamstrup_382:
- cowrie_local:
- ddospot_local:
- dicompot_local:
- dionaea_local:
- elasticpot_local:
- heralding_local:
- ipphoney_local:
- mailoney_local:
- medpot_local:
- redishoneypot_local:
- tanner_local:
- ewsposter_local:
- sentrypeer_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# Adbhoney service
- adbhoney:
- container_name: adbhoney
- restart: always
- networks:
- - adbhoney_local
- ports:
- - "5555:5555"
- image: "dtagdevsec/adbhoney:2204"
- read_only: true
- volumes:
- - /data/adbhoney/log:/opt/adbhoney/log
- - /data/adbhoney/downloads:/opt/adbhoney/dl
-
-# Ciscoasa service
- ciscoasa:
- container_name: ciscoasa
- restart: always
- tmpfs:
- - /tmp/ciscoasa:uid=2000,gid=2000
- networks:
- - ciscoasa_local
- ports:
- - "5000:5000/udp"
- - "8443:8443"
- image: "dtagdevsec/ciscoasa:2204"
- read_only: true
- volumes:
- - /data/ciscoasa/log:/var/log/ciscoasa
-
-# CitrixHoneypot service
- citrixhoneypot:
- container_name: citrixhoneypot
- restart: always
- networks:
- - citrixhoneypot_local
- ports:
- - "443:443"
- image: "dtagdevsec/citrixhoneypot:2204"
- read_only: true
- volumes:
- - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
-
-# Conpot IEC104 service
- conpot_IEC104:
- container_name: conpot_iec104
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
- - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
- - CONPOT_TEMPLATE=IEC104
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_IEC104
- ports:
- - "161:161/udp"
- - "2404:2404"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot guardian_ast service
- conpot_guardian_ast:
- container_name: conpot_guardian_ast
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
- - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
- - CONPOT_TEMPLATE=guardian_ast
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_guardian_ast
- ports:
- - "10001:10001"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot ipmi
- conpot_ipmi:
- container_name: conpot_ipmi
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
- - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
- - CONPOT_TEMPLATE=ipmi
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_ipmi
- ports:
- - "623:623/udp"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot kamstrup_382
- conpot_kamstrup_382:
- container_name: conpot_kamstrup_382
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
- - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
- - CONPOT_TEMPLATE=kamstrup_382
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_kamstrup_382
- ports:
- - "1025:1025"
- - "50100:50100"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Cowrie service
- cowrie:
- container_name: cowrie
- restart: always
- tmpfs:
- - /tmp/cowrie:uid=2000,gid=2000
- - /tmp/cowrie/data:uid=2000,gid=2000
- networks:
- - cowrie_local
- ports:
- - "22:22"
- - "23:23"
- image: "dtagdevsec/cowrie:2204"
- read_only: true
- volumes:
- - /data/cowrie/downloads:/home/cowrie/cowrie/dl
- - /data/cowrie/keys:/home/cowrie/cowrie/etc
- - /data/cowrie/log:/home/cowrie/cowrie/log
- - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
-
-# Ddospot service
- ddospot:
- container_name: ddospot
- restart: always
- networks:
- - ddospot_local
- ports:
- - "19:19/udp"
- - "53:53/udp"
- - "123:123/udp"
-# - "161:161/udp"
- - "1900:1900/udp"
- image: "dtagdevsec/ddospot:2204"
- read_only: true
- volumes:
- - /data/ddospot/log:/opt/ddospot/ddospot/logs
- - /data/ddospot/bl:/opt/ddospot/ddospot/bl
- - /data/ddospot/db:/opt/ddospot/ddospot/db
-
-# Dicompot service
-# Get the Horos Client for testing: https://horosproject.org/
-# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
-# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
- dicompot:
- container_name: dicompot
- restart: always
- networks:
- - dicompot_local
- ports:
- - "11112:11112"
- image: "dtagdevsec/dicompot:2204"
- read_only: true
- volumes:
- - /data/dicompot/log:/var/log/dicompot
-# - /data/dicompot/images:/opt/dicompot/images
-
-# Dionaea service
- dionaea:
- container_name: dionaea
- stdin_open: true
- tty: true
- restart: always
- networks:
- - dionaea_local
- ports:
- - "20:20"
- - "21:21"
- - "42:42"
- - "69:69/udp"
- - "81:81"
- - "135:135"
- # - "443:443"
- - "445:445"
- - "1433:1433"
- - "1723:1723"
- - "1883:1883"
- - "3306:3306"
- # - "5060:5060"
- # - "5060:5060/udp"
- # - "5061:5061"
- - "27017:27017"
- image: "dtagdevsec/dionaea:2204"
- read_only: true
- volumes:
- - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
- - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
- - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
- - /data/dionaea:/opt/dionaea/var/dionaea
- - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
- - /data/dionaea/log:/opt/dionaea/var/log
- - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
-
-# ElasticPot service
- elasticpot:
- container_name: elasticpot
- restart: always
- networks:
- - elasticpot_local
- ports:
- - "9200:9200"
- image: "dtagdevsec/elasticpot:2204"
- read_only: true
- volumes:
- - /data/elasticpot/log:/opt/elasticpot/log
-
-# Heralding service
- heralding:
- container_name: heralding
- restart: always
- tmpfs:
- - /tmp/heralding:uid=2000,gid=2000
- networks:
- - heralding_local
- ports:
- # - "21:21"
- # - "22:22"
- # - "23:23"
- # - "25:25"
- # - "80:80"
- - "110:110"
- - "143:143"
- # - "443:443"
- - "465:465"
- - "993:993"
- - "995:995"
- # - "3306:3306"
- # - "3389:3389"
- - "1080:1080"
- - "5432:5432"
- - "5900:5900"
- image: "dtagdevsec/heralding:2204"
- read_only: true
- volumes:
- - /data/heralding/log:/var/log/heralding
-
-# Honeytrap service
- honeytrap:
- container_name: honeytrap
- restart: always
- tmpfs:
- - /tmp/honeytrap:uid=2000,gid=2000
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- image: "dtagdevsec/honeytrap:2204"
- read_only: true
- volumes:
- - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- - /data/honeytrap/log:/opt/honeytrap/var/log
-
-# Ipphoney service
- ipphoney:
- container_name: ipphoney
- restart: always
- networks:
- - ipphoney_local
- ports:
- - "631:631"
- image: "dtagdevsec/ipphoney:2204"
- read_only: true
- volumes:
- - /data/ipphoney/log:/opt/ipphoney/log
-
-# Mailoney service
- mailoney:
- container_name: mailoney
- restart: always
- environment:
- - HPFEEDS_SERVER=
- - HPFEEDS_IDENT=user
- - HPFEEDS_SECRET=pass
- - HPFEEDS_PORT=20000
- - HPFEEDS_CHANNELPREFIX=prefix
- networks:
- - mailoney_local
- ports:
- - "25:25"
- image: "dtagdevsec/mailoney:2204"
- read_only: true
- volumes:
- - /data/mailoney/log:/opt/mailoney/logs
-
-# Medpot service
- medpot:
- container_name: medpot
- restart: always
- networks:
- - medpot_local
- ports:
- - "2575:2575"
- image: "dtagdevsec/medpot:2204"
- read_only: true
- volumes:
- - /data/medpot/log/:/var/log/medpot
-
-# Redishoneypot service
- redishoneypot:
- container_name: redishoneypot
- restart: always
- networks:
- - redishoneypot_local
- ports:
- - "6379:6379"
- image: "dtagdevsec/redishoneypot:2204"
- read_only: true
- volumes:
- - /data/redishoneypot/log:/var/log/redishoneypot
-
-# SentryPeer service
- sentrypeer:
- container_name: sentrypeer
- restart: always
-# SentryPeer offers to exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
-# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
-# the bad actors in its logs. Therefore this option is opt-in based.
-# environment:
-# - SENTRYPEER_PEER_TO_PEER=0
- networks:
- - sentrypeer_local
- ports:
-# - "4222:4222/udp"
- - "5060:5060/udp"
-# - "127.0.0.1:8082:8082"
- image: "dtagdevsec/sentrypeer:2204"
- read_only: true
- volumes:
- - /data/sentrypeer/log:/var/log/sentrypeer
-
-#### Snare / Tanner
-## Tanner Redis Service
- tanner_redis:
- container_name: tanner_redis
- restart: always
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## PHP Sandbox service
- tanner_phpox:
- container_name: tanner_phpox
- restart: always
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/phpox:2204"
- read_only: true
-
-## Tanner API Service
- tanner_api:
- container_name: tanner_api
- restart: always
- tmpfs:
- - /tmp/tanner:uid=2000,gid=2000
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/tanner:2204"
- read_only: true
- volumes:
- - /data/tanner/log:/var/log/tanner
- command: tannerapi
- depends_on:
- - tanner_redis
-
-## Tanner Service
- tanner:
- container_name: tanner
- restart: always
- tmpfs:
- - /tmp/tanner:uid=2000,gid=2000
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/tanner:2204"
- command: tanner
- read_only: true
- volumes:
- - /data/tanner/log:/var/log/tanner
- - /data/tanner/files:/opt/tanner/files
- depends_on:
- - tanner_api
-# - tanner_web
- - tanner_phpox
-
-## Snare Service
- snare:
- container_name: snare
- restart: always
- tty: true
- networks:
- - tanner_local
- ports:
- - "80:80"
- image: "dtagdevsec/snare:2204"
- depends_on:
- - tanner
-
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
diff --git a/_deprecated/etc/compose/industrial.yml b/_deprecated/etc/compose/industrial.yml
deleted file mode 100644
index ab9a6490..00000000
--- a/_deprecated/etc/compose/industrial.yml
+++ /dev/null
@@ -1,431 +0,0 @@
-# T-Pot (Industrial)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- conpot_local_default:
- conpot_local_IEC104:
- conpot_local_guardian_ast:
- conpot_local_ipmi:
- conpot_local_kamstrup_382:
- cowrie_local:
- dicompot_local:
- heralding_local:
- medpot_local:
- ewsposter_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# Conpot default service
- conpot_default:
- container_name: conpot_default
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_default.json
- - CONPOT_LOG=/var/log/conpot/conpot_default.log
- - CONPOT_TEMPLATE=default
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_default
- ports:
- - "69:69/udp"
- - "80:80"
- - "102:102"
- - "161:161/udp"
- - "502:502"
-# - "623:623/udp"
- - "21:21"
- - "44818:44818"
- - "47808:47808/udp"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot IEC104 service
- conpot_IEC104:
- container_name: conpot_iec104
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
- - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
- - CONPOT_TEMPLATE=IEC104
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_IEC104
- ports:
-# - "161:161/udp"
- - "2404:2404"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot guardian_ast service
- conpot_guardian_ast:
- container_name: conpot_guardian_ast
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
- - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
- - CONPOT_TEMPLATE=guardian_ast
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_guardian_ast
- ports:
- - "10001:10001"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot ipmi
- conpot_ipmi:
- container_name: conpot_ipmi
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
- - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
- - CONPOT_TEMPLATE=ipmi
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_ipmi
- ports:
- - "623:623/udp"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot kamstrup_382
- conpot_kamstrup_382:
- container_name: conpot_kamstrup_382
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
- - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
- - CONPOT_TEMPLATE=kamstrup_382
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_kamstrup_382
- ports:
- - "1025:1025"
- - "50100:50100"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Cowrie service
- cowrie:
- container_name: cowrie
- restart: always
- tmpfs:
- - /tmp/cowrie:uid=2000,gid=2000
- - /tmp/cowrie/data:uid=2000,gid=2000
- networks:
- - cowrie_local
- ports:
- - "22:22"
- - "23:23"
- image: "dtagdevsec/cowrie:2204"
- read_only: true
- volumes:
- - /data/cowrie/downloads:/home/cowrie/cowrie/dl
- - /data/cowrie/keys:/home/cowrie/cowrie/etc
- - /data/cowrie/log:/home/cowrie/cowrie/log
- - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
-
-# Dicompot service
-# Get the Horos Client for testing: https://horosproject.org/
-# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
-# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
- dicompot:
- container_name: dicompot
- restart: always
- networks:
- - dicompot_local
- ports:
- - "11112:11112"
- image: "dtagdevsec/dicompot:2204"
- read_only: true
- volumes:
- - /data/dicompot/log:/var/log/dicompot
-# - /data/dicompot/images:/opt/dicompot/images
-
-# Heralding service
- heralding:
- container_name: heralding
- restart: always
- tmpfs:
- - /tmp/heralding:uid=2000,gid=2000
- networks:
- - heralding_local
- ports:
- # - "21:21"
- # - "22:22"
- # - "23:23"
- # - "25:25"
- # - "80:80"
- # - "110:110"
- # - "143:143"
- # - "443:443"
- # - "465:465"
- # - "993:993"
- # - "995:995"
- # - "3306:3306"
- # - "3389:3389"
- # - "5432:5432"
- - "5900:5900"
- image: "dtagdevsec/heralding:2204"
- read_only: true
- volumes:
- - /data/heralding/log:/var/log/heralding
-
-# Honeytrap service
- honeytrap:
- container_name: honeytrap
- restart: always
- tmpfs:
- - /tmp/honeytrap:uid=2000,gid=2000
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- image: "dtagdevsec/honeytrap:2204"
- read_only: true
- volumes:
- - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- - /data/honeytrap/log:/opt/honeytrap/var/log
-
-# Medpot service
- medpot:
- container_name: medpot
- restart: always
- networks:
- - medpot_local
- ports:
- - "2575:2575"
- image: "dtagdevsec/medpot:2204"
- read_only: true
- volumes:
- - /data/medpot/log/:/var/log/medpot
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-#### ELK
-## Elasticsearch service
- elasticsearch:
- container_name: elasticsearch
- restart: always
- environment:
- - bootstrap.memory_lock=true
- - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- - ES_TMPDIR=/tmp
- cap_add:
- - IPC_LOCK
- ulimits:
- memlock:
- soft: -1
- hard: -1
- nofile:
- soft: 65536
- hard: 65536
- mem_limit: 4g
- ports:
- - "127.0.0.1:64298:9200"
- image: "dtagdevsec/elasticsearch:2204"
- volumes:
- - /data:/data
-
-## Kibana service
- kibana:
- container_name: kibana
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- mem_limit: 1g
- ports:
- - "127.0.0.1:64296:5601"
- image: "dtagdevsec/kibana:2204"
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
- depends_on:
- elasticsearch:
- condition: service_healthy
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-## Map Redis Service
- map_redis:
- container_name: map_redis
- restart: always
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## Map Web Service
- map_web:
- container_name: map_web
- restart: always
- environment:
- - MAP_COMMAND=AttackMapServer.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- ports:
- - "127.0.0.1:64299:64299"
- image: "dtagdevsec/map:2204"
-
-## Map Data Service
- map_data:
- container_name: map_data
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- environment:
- - MAP_COMMAND=DataServer_v2.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/map:2204"
-#### /ELK
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-
-# Nginx service
- nginx:
- container_name: nginx
- restart: always
- tmpfs:
- - /var/tmp/nginx/client_body
- - /var/tmp/nginx/proxy
- - /var/tmp/nginx/fastcgi
- - /var/tmp/nginx/uwsgi
- - /var/tmp/nginx/scgi
- - /run
- - /var/lib/nginx/tmp:uid=100,gid=82
- network_mode: "host"
- # ports:
- # - "64297:64297"
- # - "127.0.0.1:64304:64304"
- image: "dtagdevsec/nginx:2204"
- read_only: true
- volumes:
- - /data/nginx/cert/:/etc/nginx/cert/:ro
- - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- - /data/nginx/log/:/var/log/nginx/
-
-# Spiderfoot service
- spiderfoot:
- container_name: spiderfoot
- restart: always
- networks:
- - spiderfoot_local
- ports:
- - "127.0.0.1:64303:8080"
- image: "dtagdevsec/spiderfoot:2204"
- volumes:
- - /data/spiderfoot:/home/spiderfoot/.spiderfoot
diff --git a/_deprecated/etc/compose/log4j.yml b/_deprecated/etc/compose/log4j.yml
deleted file mode 100644
index 666716c7..00000000
--- a/_deprecated/etc/compose/log4j.yml
+++ /dev/null
@@ -1,250 +0,0 @@
-# T-Pot (Log4j)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- log4pot_local:
- ewsposter_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# Log4pot service
- log4pot:
- container_name: log4pot
- restart: always
- tmpfs:
- - /tmp:uid=2000,gid=2000
- networks:
- - log4pot_local
- ports:
- - "80:8080"
- - "443:8080"
- - "8080:8080"
- - "9200:8080"
- - "25565:8080"
- image: "dtagdevsec/log4pot:2204"
- read_only: true
- volumes:
- - /data/log4pot/log:/var/log/log4pot/log
- - /data/log4pot/payloads:/var/log/log4pot/payloads
-
-# Honeytrap service
- honeytrap:
- container_name: honeytrap
- restart: always
- tmpfs:
- - /tmp/honeytrap:uid=2000,gid=2000
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- image: "dtagdevsec/honeytrap:2204"
- read_only: true
- volumes:
- - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- - /data/honeytrap/log:/opt/honeytrap/var/log
-
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-#### ELK
-## Elasticsearch service
- elasticsearch:
- container_name: elasticsearch
- restart: always
- environment:
- - bootstrap.memory_lock=true
- - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- - ES_TMPDIR=/tmp
- cap_add:
- - IPC_LOCK
- ulimits:
- memlock:
- soft: -1
- hard: -1
- nofile:
- soft: 65536
- hard: 65536
- mem_limit: 4g
- ports:
- - "127.0.0.1:64298:9200"
- image: "dtagdevsec/elasticsearch:2204"
- volumes:
- - /data:/data
-
-## Kibana service
- kibana:
- container_name: kibana
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- mem_limit: 1g
- ports:
- - "127.0.0.1:64296:5601"
- image: "dtagdevsec/kibana:2204"
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
- depends_on:
- elasticsearch:
- condition: service_healthy
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-## Map Redis Service
- map_redis:
- container_name: map_redis
- restart: always
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## Map Web Service
- map_web:
- container_name: map_web
- restart: always
- environment:
- - MAP_COMMAND=AttackMapServer.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- ports:
- - "127.0.0.1:64299:64299"
- image: "dtagdevsec/map:2204"
-
-## Map Data Service
- map_data:
- container_name: map_data
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- environment:
- - MAP_COMMAND=DataServer_v2.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/map:2204"
-#### /ELK
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-
-# Nginx service
- nginx:
- container_name: nginx
- restart: always
- tmpfs:
- - /var/tmp/nginx/client_body
- - /var/tmp/nginx/proxy
- - /var/tmp/nginx/fastcgi
- - /var/tmp/nginx/uwsgi
- - /var/tmp/nginx/scgi
- - /run
- - /var/lib/nginx/tmp:uid=100,gid=82
- network_mode: "host"
- # ports:
- # - "64297:64297"
- # - "127.0.0.1:64304:64304"
- image: "dtagdevsec/nginx:2204"
- read_only: true
- volumes:
- - /data/nginx/cert/:/etc/nginx/cert/:ro
- - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- - /data/nginx/log/:/var/log/nginx/
-
-# Spiderfoot service
- spiderfoot:
- container_name: spiderfoot
- restart: always
- networks:
- - spiderfoot_local
- ports:
- - "127.0.0.1:64303:8080"
- image: "dtagdevsec/spiderfoot:2204"
- volumes:
- - /data/spiderfoot:/home/spiderfoot/.spiderfoot
diff --git a/_deprecated/etc/compose/medical.yml b/_deprecated/etc/compose/medical.yml
deleted file mode 100644
index 73c56ea7..00000000
--- a/_deprecated/etc/compose/medical.yml
+++ /dev/null
@@ -1,244 +0,0 @@
-# T-Pot (Medical)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- dicompot_local:
- medpot_local:
- ewsposter_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# Dicompot service
-# Get the Horos Client for testing: https://horosproject.org/
-# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
-# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
- dicompot:
- container_name: dicompot
- restart: always
- networks:
- - dicompot_local
- ports:
- - "11112:11112"
- image: "dtagdevsec/dicompot:2204"
- read_only: true
- volumes:
- - /data/dicompot/log:/var/log/dicompot
-# - /data/dicompot/images:/opt/dicompot/images
-
-# Medpot service
- medpot:
- container_name: medpot
- restart: always
- networks:
- - medpot_local
- ports:
- - "2575:2575"
- image: "dtagdevsec/medpot:2204"
- read_only: true
- volumes:
- - /data/medpot/log/:/var/log/medpot
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-#### ELK
-## Elasticsearch service
- elasticsearch:
- container_name: elasticsearch
- restart: always
- environment:
- - bootstrap.memory_lock=true
- - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- - ES_TMPDIR=/tmp
- cap_add:
- - IPC_LOCK
- ulimits:
- memlock:
- soft: -1
- hard: -1
- nofile:
- soft: 65536
- hard: 65536
- mem_limit: 4g
- ports:
- - "127.0.0.1:64298:9200"
- image: "dtagdevsec/elasticsearch:2204"
- volumes:
- - /data:/data
-
-## Kibana service
- kibana:
- container_name: kibana
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- mem_limit: 1g
- ports:
- - "127.0.0.1:64296:5601"
- image: "dtagdevsec/kibana:2204"
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
- depends_on:
- elasticsearch:
- condition: service_healthy
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-## Map Redis Service
- map_redis:
- container_name: map_redis
- restart: always
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## Map Web Service
- map_web:
- container_name: map_web
- restart: always
- environment:
- - MAP_COMMAND=AttackMapServer.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- ports:
- - "127.0.0.1:64299:64299"
- image: "dtagdevsec/map:2204"
-
-## Map Data Service
- map_data:
- container_name: map_data
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- environment:
- - MAP_COMMAND=DataServer_v2.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/map:2204"
-#### /ELK
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-
-# Nginx service
- nginx:
- container_name: nginx
- restart: always
- tmpfs:
- - /var/tmp/nginx/client_body
- - /var/tmp/nginx/proxy
- - /var/tmp/nginx/fastcgi
- - /var/tmp/nginx/uwsgi
- - /var/tmp/nginx/scgi
- - /run
- - /var/lib/nginx/tmp:uid=100,gid=82
- network_mode: "host"
- # ports:
- # - "64297:64297"
- # - "127.0.0.1:64304:64304"
- image: "dtagdevsec/nginx:2204"
- read_only: true
- volumes:
- - /data/nginx/cert/:/etc/nginx/cert/:ro
- - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- - /data/nginx/log/:/var/log/nginx/
-
-# Spiderfoot service
- spiderfoot:
- container_name: spiderfoot
- restart: always
- networks:
- - spiderfoot_local
- ports:
- - "127.0.0.1:64303:8080"
- image: "dtagdevsec/spiderfoot:2204"
- volumes:
- - /data/spiderfoot:/home/spiderfoot/.spiderfoot
diff --git a/_deprecated/etc/compose/mini.yml b/_deprecated/etc/compose/mini.yml
deleted file mode 100644
index 1c328af3..00000000
--- a/_deprecated/etc/compose/mini.yml
+++ /dev/null
@@ -1,271 +0,0 @@
-# T-Pot (Mini)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- honeypots_local:
- ewsposter_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# qHoneypots service
- honeypots:
- container_name: honeypots
- stdin_open: true
- tty: true
- restart: always
- tmpfs:
- - /tmp:uid=2000,gid=2000
- networks:
- - honeypots_local
- ports:
- - "21:21"
- - "22:22"
- - "23:23"
- - "25:25"
- - "53:53/udp"
- - "80:80"
- - "110:110"
- - "123:123"
- - "143:143"
- - "161:161"
- - "389:389"
- - "443:443"
- - "445:445"
- - "1080:1080"
- - "1433:1433"
- - "1521:1521"
- - "3306:3306"
- - "5060:5060"
- - "5432:5432"
- - "5900:5900"
- - "6379:6379"
- - "6667:6667"
- - "8080:8080"
- - "9200:9200"
- - "11211:11211"
- image: "dtagdevsec/honeypots:2204"
- read_only: true
- volumes:
- - /data/honeypots/log:/var/log/honeypots
-
-# Honeytrap service
- honeytrap:
- container_name: honeytrap
- restart: always
- tmpfs:
- - /tmp/honeytrap:uid=2000,gid=2000
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- image: "dtagdevsec/honeytrap:2204"
- read_only: true
- volumes:
- - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- - /data/honeytrap/log:/opt/honeytrap/var/log
-
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-#### ELK
-## Elasticsearch service
- elasticsearch:
- container_name: elasticsearch
- restart: always
- environment:
- - bootstrap.memory_lock=true
- - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- - ES_TMPDIR=/tmp
- cap_add:
- - IPC_LOCK
- ulimits:
- memlock:
- soft: -1
- hard: -1
- nofile:
- soft: 65536
- hard: 65536
- mem_limit: 4g
- ports:
- - "127.0.0.1:64298:9200"
- image: "dtagdevsec/elasticsearch:2204"
- volumes:
- - /data:/data
-
-## Kibana service
- kibana:
- container_name: kibana
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- mem_limit: 1g
- ports:
- - "127.0.0.1:64296:5601"
- image: "dtagdevsec/kibana:2204"
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
- depends_on:
- elasticsearch:
- condition: service_healthy
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-## Map Redis Service
- map_redis:
- container_name: map_redis
- restart: always
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## Map Web Service
- map_web:
- container_name: map_web
- restart: always
- environment:
- - MAP_COMMAND=AttackMapServer.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- ports:
- - "127.0.0.1:64299:64299"
- image: "dtagdevsec/map:2204"
-
-## Map Data Service
- map_data:
- container_name: map_data
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- environment:
- - MAP_COMMAND=DataServer_v2.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/map:2204"
-#### /ELK
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-
-# Nginx service
- nginx:
- container_name: nginx
- restart: always
- tmpfs:
- - /var/tmp/nginx/client_body
- - /var/tmp/nginx/proxy
- - /var/tmp/nginx/fastcgi
- - /var/tmp/nginx/uwsgi
- - /var/tmp/nginx/scgi
- - /run
- - /var/lib/nginx/tmp:uid=100,gid=82
- network_mode: "host"
- # ports:
- # - "64297:64297"
- # - "127.0.0.1:64304:64304"
- image: "dtagdevsec/nginx:2204"
- read_only: true
- volumes:
- - /data/nginx/cert/:/etc/nginx/cert/:ro
- - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- - /data/nginx/log/:/var/log/nginx/
-
-# Spiderfoot service
- spiderfoot:
- container_name: spiderfoot
- restart: always
- networks:
- - spiderfoot_local
- ports:
- - "127.0.0.1:64303:8080"
- image: "dtagdevsec/spiderfoot:2204"
- volumes:
- - /data/spiderfoot:/home/spiderfoot/.spiderfoot
diff --git a/_deprecated/etc/compose/nextgen.yml b/_deprecated/etc/compose/nextgen.yml
deleted file mode 100644
index 93ae1e4d..00000000
--- a/_deprecated/etc/compose/nextgen.yml
+++ /dev/null
@@ -1,575 +0,0 @@
-# T-Pot (NextGen)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- adbhoney_local:
- ciscoasa_local:
- citrixhoneypot_local:
- conpot_local_IEC104:
- conpot_local_guardian_ast:
- conpot_local_ipmi:
- conpot_local_kamstrup_382:
- ddospot_local:
- dicompot_local:
- dionaea_local:
- elasticpot_local:
- endlessh_local:
- hellpot_local:
- heralding_local:
- ipphoney_local:
- mailoney_local:
- medpot_local:
- redishoneypot_local:
- ewsposter_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# Adbhoney service
- adbhoney:
- container_name: adbhoney
- restart: always
- networks:
- - adbhoney_local
- ports:
- - "5555:5555"
- image: "dtagdevsec/adbhoney:2204"
- read_only: true
- volumes:
- - /data/adbhoney/log:/opt/adbhoney/log
- - /data/adbhoney/downloads:/opt/adbhoney/dl
-
-# Ciscoasa service
- ciscoasa:
- container_name: ciscoasa
- restart: always
- tmpfs:
- - /tmp/ciscoasa:uid=2000,gid=2000
- networks:
- - ciscoasa_local
- ports:
- - "5000:5000/udp"
- - "8443:8443"
- image: "dtagdevsec/ciscoasa:2204"
- read_only: true
- volumes:
- - /data/ciscoasa/log:/var/log/ciscoasa
-
-# CitrixHoneypot service
- citrixhoneypot:
- container_name: citrixhoneypot
- restart: always
- networks:
- - citrixhoneypot_local
- ports:
- - "443:443"
- image: "dtagdevsec/citrixhoneypot:2204"
- read_only: true
- volumes:
- - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
-
-# Conpot IEC104 service
- conpot_IEC104:
- container_name: conpot_iec104
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
- - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
- - CONPOT_TEMPLATE=IEC104
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_IEC104
- ports:
- - "161:161/udp"
- - "2404:2404"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot guardian_ast service
- conpot_guardian_ast:
- container_name: conpot_guardian_ast
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
- - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
- - CONPOT_TEMPLATE=guardian_ast
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_guardian_ast
- ports:
- - "10001:10001"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot ipmi
- conpot_ipmi:
- container_name: conpot_ipmi
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
- - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
- - CONPOT_TEMPLATE=ipmi
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_ipmi
- ports:
- - "623:623/udp"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot kamstrup_382
- conpot_kamstrup_382:
- container_name: conpot_kamstrup_382
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
- - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
- - CONPOT_TEMPLATE=kamstrup_382
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_kamstrup_382
- ports:
- - "1025:1025"
- - "50100:50100"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Ddospot service
- ddospot:
- container_name: ddospot
- restart: always
- networks:
- - ddospot_local
- ports:
- - "19:19/udp"
- - "53:53/udp"
- - "123:123/udp"
-# - "161:161/udp"
- - "1900:1900/udp"
- image: "dtagdevsec/ddospot:2204"
- read_only: true
- volumes:
- - /data/ddospot/log:/opt/ddospot/ddospot/logs
- - /data/ddospot/bl:/opt/ddospot/ddospot/bl
- - /data/ddospot/db:/opt/ddospot/ddospot/db
-
-# Dicompot service
-# Get the Horos Client for testing: https://horosproject.org/
-# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
-# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
- dicompot:
- container_name: dicompot
- restart: always
- networks:
- - dicompot_local
- ports:
- - "11112:11112"
- image: "dtagdevsec/dicompot:2204"
- read_only: true
- volumes:
- - /data/dicompot/log:/var/log/dicompot
-# - /data/dicompot/images:/opt/dicompot/images
-
-# Dionaea service
- dionaea:
- container_name: dionaea
- stdin_open: true
- tty: true
- restart: always
- networks:
- - dionaea_local
- ports:
- - "20:20"
- - "21:21"
- - "42:42"
- - "69:69/udp"
- - "81:81"
- - "135:135"
- # - "443:443"
- - "445:445"
- - "1433:1433"
- - "1723:1723"
- - "1883:1883"
- - "3306:3306"
- # - "5060:5060"
- # - "5060:5060/udp"
- # - "5061:5061"
- - "27017:27017"
- image: "dtagdevsec/dionaea:2204"
- read_only: true
- volumes:
- - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
- - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
- - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
- - /data/dionaea:/opt/dionaea/var/dionaea
- - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
- - /data/dionaea/log:/opt/dionaea/var/log
- - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
-
-# ElasticPot service
- elasticpot:
- container_name: elasticpot
- restart: always
- networks:
- - elasticpot_local
- ports:
- - "9200:9200"
- image: "dtagdevsec/elasticpot:2204"
- read_only: true
- volumes:
- - /data/elasticpot/log:/opt/elasticpot/log
-
-# Endlessh service
- endlessh:
- container_name: endlessh
- restart: always
- networks:
- - endlessh_local
- ports:
- - "22:2222"
- image: "dtagdevsec/endlessh:2204"
- read_only: true
- volumes:
- - /data/endlessh/log:/var/log/endlessh
-
-# Glutton service
- glutton:
- container_name: glutton
- restart: always
- tmpfs:
- - /var/lib/glutton:uid=2000,gid=2000
- - /run:uid=2000,gid=2000
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- image: "dtagdevsec/glutton:2204"
- read_only: true
- volumes:
- - /data/glutton/log:/var/log/glutton
-# - /root/tpotce/docker/glutton/dist/rules.yaml:/opt/glutton/rules/rules.yaml
-
-# Heralding service
- heralding:
- container_name: heralding
- restart: always
- tmpfs:
- - /tmp/heralding:uid=2000,gid=2000
- networks:
- - heralding_local
- ports:
- # - "21:21"
- # - "22:22"
- # - "23:23"
- # - "25:25"
- # - "80:80"
- - "110:110"
- - "143:143"
- # - "443:443"
- - "465:465"
- - "993:993"
- - "995:995"
- # - "3306:3306"
- # - "3389:3389"
- - "1080:1080"
- - "5432:5432"
- - "5900:5900"
- image: "dtagdevsec/heralding:2204"
- read_only: true
- volumes:
- - /data/heralding/log:/var/log/heralding
-
-# Ipphoney service
- ipphoney:
- container_name: ipphoney
- restart: always
- networks:
- - ipphoney_local
- ports:
- - "631:631"
- image: "dtagdevsec/ipphoney:2204"
- read_only: true
- volumes:
- - /data/ipphoney/log:/opt/ipphoney/log
-
-# Mailoney service
- mailoney:
- container_name: mailoney
- restart: always
- environment:
- - HPFEEDS_SERVER=
- - HPFEEDS_IDENT=user
- - HPFEEDS_SECRET=pass
- - HPFEEDS_PORT=20000
- - HPFEEDS_CHANNELPREFIX=prefix
- networks:
- - mailoney_local
- ports:
- - "25:25"
- image: "dtagdevsec/mailoney:2204"
- read_only: true
- volumes:
- - /data/mailoney/log:/opt/mailoney/logs
-
-# Medpot service
- medpot:
- container_name: medpot
- restart: always
- networks:
- - medpot_local
- ports:
- - "2575:2575"
- image: "dtagdevsec/medpot:2204"
- read_only: true
- volumes:
- - /data/medpot/log/:/var/log/medpot
-
-# Redishoneypot service
- redishoneypot:
- container_name: redishoneypot
- restart: always
- networks:
- - redishoneypot_local
- ports:
- - "6379:6379"
- image: "dtagdevsec/redishoneypot:2204"
- read_only: true
- volumes:
- - /data/redishoneypot/log:/var/log/redishoneypot
-
-# Hellpot service
- hellpot:
- container_name: hellpot
- restart: always
- networks:
- - hellpot_local
- ports:
- - "80:8080"
- image: "dtagdevsec/hellpot:2204"
- read_only: true
- volumes:
- - /data/hellpot/log:/var/log/hellpot
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-#### ELK
-## Elasticsearch service
- elasticsearch:
- container_name: elasticsearch
- restart: always
- environment:
- - bootstrap.memory_lock=true
- - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- - ES_TMPDIR=/tmp
- cap_add:
- - IPC_LOCK
- ulimits:
- memlock:
- soft: -1
- hard: -1
- nofile:
- soft: 65536
- hard: 65536
- mem_limit: 4g
- ports:
- - "127.0.0.1:64298:9200"
- image: "dtagdevsec/elasticsearch:2204"
- volumes:
- - /data:/data
-
-## Kibana service
- kibana:
- container_name: kibana
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- mem_limit: 1g
- ports:
- - "127.0.0.1:64296:5601"
- image: "dtagdevsec/kibana:2204"
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
- depends_on:
- elasticsearch:
- condition: service_healthy
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-## Map Redis Service
- map_redis:
- container_name: map_redis
- restart: always
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## Map Web Service
- map_web:
- container_name: map_web
- restart: always
- environment:
- - MAP_COMMAND=AttackMapServer.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- ports:
- - "127.0.0.1:64299:64299"
- image: "dtagdevsec/map:2204"
-
-## Map Data Service
- map_data:
- container_name: map_data
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- environment:
- - MAP_COMMAND=DataServer_v2.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/map:2204"
-#### /ELK
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-
-# Nginx service
- nginx:
- container_name: nginx
- restart: always
- tmpfs:
- - /var/tmp/nginx/client_body
- - /var/tmp/nginx/proxy
- - /var/tmp/nginx/fastcgi
- - /var/tmp/nginx/uwsgi
- - /var/tmp/nginx/scgi
- - /run
- - /var/lib/nginx/tmp:uid=100,gid=82
- network_mode: "host"
- # ports:
- # - "64297:64297"
- # - "127.0.0.1:64304:64304"
- image: "dtagdevsec/nginx:2204"
- read_only: true
- volumes:
- - /data/nginx/cert/:/etc/nginx/cert/:ro
- - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- - /data/nginx/log/:/var/log/nginx/
-
-# Spiderfoot service
- spiderfoot:
- container_name: spiderfoot
- restart: always
- networks:
- - spiderfoot_local
- ports:
- - "127.0.0.1:64303:8080"
- image: "dtagdevsec/spiderfoot:2204"
- volumes:
- - /data/spiderfoot:/home/spiderfoot/.spiderfoot
diff --git a/_deprecated/etc/compose/sensor.yml b/_deprecated/etc/compose/sensor.yml
deleted file mode 100644
index 15cd5613..00000000
--- a/_deprecated/etc/compose/sensor.yml
+++ /dev/null
@@ -1,535 +0,0 @@
-# T-Pot (Sensor)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- adbhoney_local:
- ciscoasa_local:
- citrixhoneypot_local:
- conpot_local_IEC104:
- conpot_local_guardian_ast:
- conpot_local_ipmi:
- conpot_local_kamstrup_382:
- cowrie_local:
- ddospot_local:
- dicompot_local:
- dionaea_local:
- elasticpot_local:
- heralding_local:
- ipphoney_local:
- mailoney_local:
- medpot_local:
- redishoneypot_local:
- tanner_local:
- ewsposter_local:
- sentrypeer_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# Adbhoney service
- adbhoney:
- container_name: adbhoney
- restart: always
- networks:
- - adbhoney_local
- ports:
- - "5555:5555"
- image: "dtagdevsec/adbhoney:2204"
- read_only: true
- volumes:
- - /data/adbhoney/log:/opt/adbhoney/log
- - /data/adbhoney/downloads:/opt/adbhoney/dl
-
-# Ciscoasa service
- ciscoasa:
- container_name: ciscoasa
- restart: always
- tmpfs:
- - /tmp/ciscoasa:uid=2000,gid=2000
- networks:
- - ciscoasa_local
- ports:
- - "5000:5000/udp"
- - "8443:8443"
- image: "dtagdevsec/ciscoasa:2204"
- read_only: true
- volumes:
- - /data/ciscoasa/log:/var/log/ciscoasa
-
-# CitrixHoneypot service
- citrixhoneypot:
- container_name: citrixhoneypot
- restart: always
- networks:
- - citrixhoneypot_local
- ports:
- - "443:443"
- image: "dtagdevsec/citrixhoneypot:2204"
- read_only: true
- volumes:
- - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
-
-# Conpot IEC104 service
- conpot_IEC104:
- container_name: conpot_iec104
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
- - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
- - CONPOT_TEMPLATE=IEC104
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_IEC104
- ports:
- - "161:161/udp"
- - "2404:2404"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot guardian_ast service
- conpot_guardian_ast:
- container_name: conpot_guardian_ast
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
- - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
- - CONPOT_TEMPLATE=guardian_ast
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_guardian_ast
- ports:
- - "10001:10001"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot ipmi
- conpot_ipmi:
- container_name: conpot_ipmi
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
- - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
- - CONPOT_TEMPLATE=ipmi
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_ipmi
- ports:
- - "623:623/udp"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot kamstrup_382
- conpot_kamstrup_382:
- container_name: conpot_kamstrup_382
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
- - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
- - CONPOT_TEMPLATE=kamstrup_382
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_kamstrup_382
- ports:
- - "1025:1025"
- - "50100:50100"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Cowrie service
- cowrie:
- container_name: cowrie
- restart: always
- tmpfs:
- - /tmp/cowrie:uid=2000,gid=2000
- - /tmp/cowrie/data:uid=2000,gid=2000
- networks:
- - cowrie_local
- ports:
- - "22:22"
- - "23:23"
- image: "dtagdevsec/cowrie:2204"
- read_only: true
- volumes:
- - /data/cowrie/downloads:/home/cowrie/cowrie/dl
- - /data/cowrie/keys:/home/cowrie/cowrie/etc
- - /data/cowrie/log:/home/cowrie/cowrie/log
- - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
-
-# Ddospot service
- ddospot:
- container_name: ddospot
- restart: always
- networks:
- - ddospot_local
- ports:
- - "19:19/udp"
- - "53:53/udp"
- - "123:123/udp"
-# - "161:161/udp"
- - "1900:1900/udp"
- image: "dtagdevsec/ddospot:2204"
- read_only: true
- volumes:
- - /data/ddospot/log:/opt/ddospot/ddospot/logs
- - /data/ddospot/bl:/opt/ddospot/ddospot/bl
- - /data/ddospot/db:/opt/ddospot/ddospot/db
-
-# Dicompot service
-# Get the Horos Client for testing: https://horosproject.org/
-# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
-# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
- dicompot:
- container_name: dicompot
- restart: always
- networks:
- - dicompot_local
- ports:
- - "11112:11112"
- image: "dtagdevsec/dicompot:2204"
- read_only: true
- volumes:
- - /data/dicompot/log:/var/log/dicompot
-# - /data/dicompot/images:/opt/dicompot/images
-
-# Dionaea service
- dionaea:
- container_name: dionaea
- stdin_open: true
- tty: true
- restart: always
- networks:
- - dionaea_local
- ports:
- - "20:20"
- - "21:21"
- - "42:42"
- - "69:69/udp"
- - "81:81"
- - "135:135"
- # - "443:443"
- - "445:445"
- - "1433:1433"
- - "1723:1723"
- - "1883:1883"
- - "3306:3306"
- # - "5060:5060"
- # - "5060:5060/udp"
- # - "5061:5061"
- - "27017:27017"
- image: "dtagdevsec/dionaea:2204"
- read_only: true
- volumes:
- - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
- - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
- - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
- - /data/dionaea:/opt/dionaea/var/dionaea
- - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
- - /data/dionaea/log:/opt/dionaea/var/log
- - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
-
-# ElasticPot service
- elasticpot:
- container_name: elasticpot
- restart: always
- networks:
- - elasticpot_local
- ports:
- - "9200:9200"
- image: "dtagdevsec/elasticpot:2204"
- read_only: true
- volumes:
- - /data/elasticpot/log:/opt/elasticpot/log
-
-# Heralding service
- heralding:
- container_name: heralding
- restart: always
- tmpfs:
- - /tmp/heralding:uid=2000,gid=2000
- networks:
- - heralding_local
- ports:
- # - "21:21"
- # - "22:22"
- # - "23:23"
- # - "25:25"
- # - "80:80"
- - "110:110"
- - "143:143"
- # - "443:443"
- - "465:465"
- - "993:993"
- - "995:995"
- # - "3306:3306"
- # - "3389:3389"
- - "1080:1080"
- - "5432:5432"
- - "5900:5900"
- image: "dtagdevsec/heralding:2204"
- read_only: true
- volumes:
- - /data/heralding/log:/var/log/heralding
-
-# Honeytrap service
- honeytrap:
- container_name: honeytrap
- restart: always
- tmpfs:
- - /tmp/honeytrap:uid=2000,gid=2000
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- image: "dtagdevsec/honeytrap:2204"
- read_only: true
- volumes:
- - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- - /data/honeytrap/log:/opt/honeytrap/var/log
-
-# Ipphoney service
- ipphoney:
- container_name: ipphoney
- restart: always
- networks:
- - ipphoney_local
- ports:
- - "631:631"
- image: "dtagdevsec/ipphoney:2204"
- read_only: true
- volumes:
- - /data/ipphoney/log:/opt/ipphoney/log
-
-# Mailoney service
- mailoney:
- container_name: mailoney
- restart: always
- environment:
- - HPFEEDS_SERVER=
- - HPFEEDS_IDENT=user
- - HPFEEDS_SECRET=pass
- - HPFEEDS_PORT=20000
- - HPFEEDS_CHANNELPREFIX=prefix
- networks:
- - mailoney_local
- ports:
- - "25:25"
- image: "dtagdevsec/mailoney:2204"
- read_only: true
- volumes:
- - /data/mailoney/log:/opt/mailoney/logs
-
-# Medpot service
- medpot:
- container_name: medpot
- restart: always
- networks:
- - medpot_local
- ports:
- - "2575:2575"
- image: "dtagdevsec/medpot:2204"
- read_only: true
- volumes:
- - /data/medpot/log/:/var/log/medpot
-
-# Redishoneypot service
- redishoneypot:
- container_name: redishoneypot
- restart: always
- networks:
- - redishoneypot_local
- ports:
- - "6379:6379"
- image: "dtagdevsec/redishoneypot:2204"
- read_only: true
- volumes:
- - /data/redishoneypot/log:/var/log/redishoneypot
-
-# SentryPeer service
- sentrypeer:
- container_name: sentrypeer
- restart: always
-# SentryPeer offers to exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
-# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
-# the bad actors in its logs. Therefore this option is opt-in based.
-# environment:
-# - SENTRYPEER_PEER_TO_PEER=0
- networks:
- - sentrypeer_local
- ports:
-# - "4222:4222/udp"
- - "5060:5060/udp"
-# - "127.0.0.1:8082:8082"
- image: "dtagdevsec/sentrypeer:2204"
- read_only: true
- volumes:
- - /data/sentrypeer/log:/var/log/sentrypeer
-
-#### Snare / Tanner
-## Tanner Redis Service
- tanner_redis:
- container_name: tanner_redis
- restart: always
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## PHP Sandbox service
- tanner_phpox:
- container_name: tanner_phpox
- restart: always
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/phpox:2204"
- read_only: true
-
-## Tanner API Service
- tanner_api:
- container_name: tanner_api
- restart: always
- tmpfs:
- - /tmp/tanner:uid=2000,gid=2000
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/tanner:2204"
- read_only: true
- volumes:
- - /data/tanner/log:/var/log/tanner
- command: tannerapi
- depends_on:
- - tanner_redis
-
-## Tanner Service
- tanner:
- container_name: tanner
- restart: always
- tmpfs:
- - /tmp/tanner:uid=2000,gid=2000
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/tanner:2204"
- command: tanner
- read_only: true
- volumes:
- - /data/tanner/log:/var/log/tanner
- - /data/tanner/files:/opt/tanner/files
- depends_on:
- - tanner_api
-# - tanner_web
- - tanner_phpox
-
-## Snare Service
- snare:
- container_name: snare
- restart: always
- tty: true
- networks:
- - tanner_local
- ports:
- - "80:80"
- image: "dtagdevsec/snare:2204"
- depends_on:
- - tanner
-
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
diff --git a/_deprecated/etc/compose/standard.yml b/_deprecated/etc/compose/standard.yml
deleted file mode 100644
index d5025e17..00000000
--- a/_deprecated/etc/compose/standard.yml
+++ /dev/null
@@ -1,662 +0,0 @@
-# T-Pot (Standard)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- adbhoney_local:
- ciscoasa_local:
- citrixhoneypot_local:
- conpot_local_IEC104:
- conpot_local_guardian_ast:
- conpot_local_ipmi:
- conpot_local_kamstrup_382:
- cowrie_local:
- ddospot_local:
- dicompot_local:
- dionaea_local:
- elasticpot_local:
- heralding_local:
- ipphoney_local:
- mailoney_local:
- medpot_local:
- redishoneypot_local:
- tanner_local:
- ewsposter_local:
- sentrypeer_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# Adbhoney service
- adbhoney:
- container_name: adbhoney
- restart: always
- networks:
- - adbhoney_local
- ports:
- - "5555:5555"
- image: "dtagdevsec/adbhoney:2204"
- read_only: true
- volumes:
- - /data/adbhoney/log:/opt/adbhoney/log
- - /data/adbhoney/downloads:/opt/adbhoney/dl
-
-# Ciscoasa service
- ciscoasa:
- container_name: ciscoasa
- restart: always
- tmpfs:
- - /tmp/ciscoasa:uid=2000,gid=2000
- networks:
- - ciscoasa_local
- ports:
- - "5000:5000/udp"
- - "8443:8443"
- image: "dtagdevsec/ciscoasa:2204"
- read_only: true
- volumes:
- - /data/ciscoasa/log:/var/log/ciscoasa
-
-# CitrixHoneypot service
- citrixhoneypot:
- container_name: citrixhoneypot
- restart: always
- networks:
- - citrixhoneypot_local
- ports:
- - "443:443"
- image: "dtagdevsec/citrixhoneypot:2204"
- read_only: true
- volumes:
- - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
-
-# Conpot IEC104 service
- conpot_IEC104:
- container_name: conpot_iec104
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
- - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
- - CONPOT_TEMPLATE=IEC104
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_IEC104
- ports:
- - "161:161/udp"
- - "2404:2404"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot guardian_ast service
- conpot_guardian_ast:
- container_name: conpot_guardian_ast
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
- - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
- - CONPOT_TEMPLATE=guardian_ast
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_guardian_ast
- ports:
- - "10001:10001"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot ipmi
- conpot_ipmi:
- container_name: conpot_ipmi
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
- - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
- - CONPOT_TEMPLATE=ipmi
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_ipmi
- ports:
- - "623:623/udp"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Conpot kamstrup_382
- conpot_kamstrup_382:
- container_name: conpot_kamstrup_382
- restart: always
- environment:
- - CONPOT_CONFIG=/etc/conpot/conpot.cfg
- - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
- - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
- - CONPOT_TEMPLATE=kamstrup_382
- - CONPOT_TMP=/tmp/conpot
- tmpfs:
- - /tmp/conpot:uid=2000,gid=2000
- networks:
- - conpot_local_kamstrup_382
- ports:
- - "1025:1025"
- - "50100:50100"
- image: "dtagdevsec/conpot:2204"
- read_only: true
- volumes:
- - /data/conpot/log:/var/log/conpot
-
-# Cowrie service
- cowrie:
- container_name: cowrie
- restart: always
- tmpfs:
- - /tmp/cowrie:uid=2000,gid=2000
- - /tmp/cowrie/data:uid=2000,gid=2000
- networks:
- - cowrie_local
- ports:
- - "22:22"
- - "23:23"
- image: "dtagdevsec/cowrie:2204"
- read_only: true
- volumes:
- - /data/cowrie/downloads:/home/cowrie/cowrie/dl
- - /data/cowrie/keys:/home/cowrie/cowrie/etc
- - /data/cowrie/log:/home/cowrie/cowrie/log
- - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
-
-# Ddospot service
- ddospot:
- container_name: ddospot
- restart: always
- networks:
- - ddospot_local
- ports:
- - "19:19/udp"
- - "53:53/udp"
- - "123:123/udp"
-# - "161:161/udp"
- - "1900:1900/udp"
- image: "dtagdevsec/ddospot:2204"
- read_only: true
- volumes:
- - /data/ddospot/log:/opt/ddospot/ddospot/logs
- - /data/ddospot/bl:/opt/ddospot/ddospot/bl
- - /data/ddospot/db:/opt/ddospot/ddospot/db
-
-# Dicompot service
-# Get the Horos Client for testing: https://horosproject.org/
-# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
-# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
- dicompot:
- container_name: dicompot
- restart: always
- networks:
- - dicompot_local
- ports:
- - "11112:11112"
- image: "dtagdevsec/dicompot:2204"
- read_only: true
- volumes:
- - /data/dicompot/log:/var/log/dicompot
-# - /data/dicompot/images:/opt/dicompot/images
-
-# Dionaea service
- dionaea:
- container_name: dionaea
- stdin_open: true
- tty: true
- restart: always
- networks:
- - dionaea_local
- ports:
- - "20:20"
- - "21:21"
- - "42:42"
- - "69:69/udp"
- - "81:81"
- - "135:135"
- # - "443:443"
- - "445:445"
- - "1433:1433"
- - "1723:1723"
- - "1883:1883"
- - "3306:3306"
- # - "5060:5060"
- # - "5060:5060/udp"
- # - "5061:5061"
- - "27017:27017"
- image: "dtagdevsec/dionaea:2204"
- read_only: true
- volumes:
- - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
- - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
- - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
- - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
- - /data/dionaea:/opt/dionaea/var/dionaea
- - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
- - /data/dionaea/log:/opt/dionaea/var/log
- - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
-
-# ElasticPot service
- elasticpot:
- container_name: elasticpot
- restart: always
- networks:
- - elasticpot_local
- ports:
- - "9200:9200"
- image: "dtagdevsec/elasticpot:2204"
- read_only: true
- volumes:
- - /data/elasticpot/log:/opt/elasticpot/log
-
-# Heralding service
- heralding:
- container_name: heralding
- restart: always
- tmpfs:
- - /tmp/heralding:uid=2000,gid=2000
- networks:
- - heralding_local
- ports:
- # - "21:21"
- # - "22:22"
- # - "23:23"
- # - "25:25"
- # - "80:80"
- - "110:110"
- - "143:143"
- # - "443:443"
- - "465:465"
- - "993:993"
- - "995:995"
- # - "3306:3306"
- # - "3389:3389"
- - "1080:1080"
- - "5432:5432"
- - "5900:5900"
- image: "dtagdevsec/heralding:2204"
- read_only: true
- volumes:
- - /data/heralding/log:/var/log/heralding
-
-# Honeytrap service
- honeytrap:
- container_name: honeytrap
- restart: always
- tmpfs:
- - /tmp/honeytrap:uid=2000,gid=2000
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- image: "dtagdevsec/honeytrap:2204"
- read_only: true
- volumes:
- - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- - /data/honeytrap/log:/opt/honeytrap/var/log
-
-# Ipphoney service
- ipphoney:
- container_name: ipphoney
- restart: always
- networks:
- - ipphoney_local
- ports:
- - "631:631"
- image: "dtagdevsec/ipphoney:2204"
- read_only: true
- volumes:
- - /data/ipphoney/log:/opt/ipphoney/log
-
-# Mailoney service
- mailoney:
- container_name: mailoney
- restart: always
- environment:
- - HPFEEDS_SERVER=
- - HPFEEDS_IDENT=user
- - HPFEEDS_SECRET=pass
- - HPFEEDS_PORT=20000
- - HPFEEDS_CHANNELPREFIX=prefix
- networks:
- - mailoney_local
- ports:
- - "25:25"
- image: "dtagdevsec/mailoney:2204"
- read_only: true
- volumes:
- - /data/mailoney/log:/opt/mailoney/logs
-
-# Medpot service
- medpot:
- container_name: medpot
- restart: always
- networks:
- - medpot_local
- ports:
- - "2575:2575"
- image: "dtagdevsec/medpot:2204"
- read_only: true
- volumes:
- - /data/medpot/log/:/var/log/medpot
-
-# Redishoneypot service
- redishoneypot:
- container_name: redishoneypot
- restart: always
- networks:
- - redishoneypot_local
- ports:
- - "6379:6379"
- image: "dtagdevsec/redishoneypot:2204"
- read_only: true
- volumes:
- - /data/redishoneypot/log:/var/log/redishoneypot
-
-# SentryPeer service
- sentrypeer:
- container_name: sentrypeer
- restart: always
-# SentryPeer offers to exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
-# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
-# the bad actors in its logs. Therefore this option is opt-in based.
-# environment:
-# - SENTRYPEER_PEER_TO_PEER=0
- networks:
- - sentrypeer_local
- ports:
-# - "4222:4222/udp"
- - "5060:5060/udp"
-# - "127.0.0.1:8082:8082"
- image: "dtagdevsec/sentrypeer:2204"
- read_only: true
- volumes:
- - /data/sentrypeer/log:/var/log/sentrypeer
-
-#### Snare / Tanner
-## Tanner Redis Service
- tanner_redis:
- container_name: tanner_redis
- restart: always
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## PHP Sandbox service
- tanner_phpox:
- container_name: tanner_phpox
- restart: always
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/phpox:2204"
- read_only: true
-
-## Tanner API Service
- tanner_api:
- container_name: tanner_api
- restart: always
- tmpfs:
- - /tmp/tanner:uid=2000,gid=2000
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/tanner:2204"
- read_only: true
- volumes:
- - /data/tanner/log:/var/log/tanner
- command: tannerapi
- depends_on:
- - tanner_redis
-
-## Tanner Service
- tanner:
- container_name: tanner
- restart: always
- tmpfs:
- - /tmp/tanner:uid=2000,gid=2000
- tty: true
- networks:
- - tanner_local
- image: "dtagdevsec/tanner:2204"
- command: tanner
- read_only: true
- volumes:
- - /data/tanner/log:/var/log/tanner
- - /data/tanner/files:/opt/tanner/files
- depends_on:
- - tanner_api
-# - tanner_web
- - tanner_phpox
-
-## Snare Service
- snare:
- container_name: snare
- restart: always
- tty: true
- networks:
- - tanner_local
- ports:
- - "80:80"
- image: "dtagdevsec/snare:2204"
- depends_on:
- - tanner
-
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-#### ELK
-## Elasticsearch service
- elasticsearch:
- container_name: elasticsearch
- restart: always
- environment:
- - bootstrap.memory_lock=true
- - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- - ES_TMPDIR=/tmp
- cap_add:
- - IPC_LOCK
- ulimits:
- memlock:
- soft: -1
- hard: -1
- nofile:
- soft: 65536
- hard: 65536
- mem_limit: 4g
- ports:
- - "127.0.0.1:64298:9200"
- image: "dtagdevsec/elasticsearch:2204"
- volumes:
- - /data:/data
-
-## Kibana service
- kibana:
- container_name: kibana
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- mem_limit: 1g
- ports:
- - "127.0.0.1:64296:5601"
- image: "dtagdevsec/kibana:2204"
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
- depends_on:
- elasticsearch:
- condition: service_healthy
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-## Map Redis Service
- map_redis:
- container_name: map_redis
- restart: always
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## Map Web Service
- map_web:
- container_name: map_web
- restart: always
- environment:
- - MAP_COMMAND=AttackMapServer.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- ports:
- - "127.0.0.1:64299:64299"
- image: "dtagdevsec/map:2204"
-
-## Map Data Service
- map_data:
- container_name: map_data
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- environment:
- - MAP_COMMAND=DataServer_v2.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/map:2204"
-#### /ELK
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-
-# Nginx service
- nginx:
- container_name: nginx
- restart: always
- tmpfs:
- - /var/tmp/nginx/client_body
- - /var/tmp/nginx/proxy
- - /var/tmp/nginx/fastcgi
- - /var/tmp/nginx/uwsgi
- - /var/tmp/nginx/scgi
- - /run
- - /var/lib/nginx/tmp:uid=100,gid=82
- network_mode: "host"
- # ports:
- # - "64297:64297"
- # - "127.0.0.1:64304:64304"
- image: "dtagdevsec/nginx:2204"
- read_only: true
- volumes:
- - /data/nginx/cert/:/etc/nginx/cert/:ro
- - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- - /data/nginx/log/:/var/log/nginx/
-
-# Spiderfoot service
- spiderfoot:
- container_name: spiderfoot
- restart: always
- networks:
- - spiderfoot_local
- ports:
- - "127.0.0.1:64303:8080"
- image: "dtagdevsec/spiderfoot:2204"
- volumes:
- - /data/spiderfoot:/home/spiderfoot/.spiderfoot
diff --git a/_deprecated/etc/compose/tarpit.yml b/_deprecated/etc/compose/tarpit.yml
deleted file mode 100644
index 377e94ec..00000000
--- a/_deprecated/etc/compose/tarpit.yml
+++ /dev/null
@@ -1,287 +0,0 @@
-# T-Pot (Tarpit)
-# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
-version: '2.3'
-
-networks:
- endlessh_local:
- hellpot_local:
- heralding_local:
- ewsposter_local:
- spiderfoot_local:
-
-services:
-
-##################
-#### Honeypots
-##################
-
-# Endlessh service
- endlessh:
- container_name: endlessh
- restart: always
- networks:
- - endlessh_local
- ports:
- - "22:2222"
- image: "dtagdevsec/endlessh:2204"
- read_only: true
- volumes:
- - /data/endlessh/log:/var/log/endlessh
-
-# Heralding service
- heralding:
- container_name: heralding
- restart: always
- tmpfs:
- - /tmp/heralding:uid=2000,gid=2000
- networks:
- - heralding_local
- ports:
- # - "21:21"
- # - "22:22"
- # - "23:23"
- # - "25:25"
- # - "80:80"
- - "110:110"
- - "143:143"
- # - "443:443"
- - "465:465"
- - "993:993"
- - "995:995"
- # - "3306:3306"
- # - "3389:3389"
- - "1080:1080"
- - "5432:5432"
- - "5900:5900"
- image: "dtagdevsec/heralding:2204"
- read_only: true
- volumes:
- - /data/heralding/log:/var/log/heralding
-
-# Honeytrap service
- honeytrap:
- container_name: honeytrap
- restart: always
- tmpfs:
- - /tmp/honeytrap:uid=2000,gid=2000
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- image: "dtagdevsec/honeytrap:2204"
- read_only: true
- volumes:
- - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- - /data/honeytrap/log:/opt/honeytrap/var/log
-
-# Hellpot service
- hellpot:
- container_name: hellpot
- restart: always
- networks:
- - hellpot_local
- ports:
- - "80:8080"
- image: "dtagdevsec/hellpot:2204"
- read_only: true
- volumes:
- - /data/hellpot/log:/var/log/hellpot
-
-##################
-#### NSM
-##################
-
-# Fatt service
- fatt:
- container_name: fatt
- restart: always
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/fatt:2204"
- volumes:
- - /data/fatt/log:/opt/fatt/log
-
-# P0f service
- p0f:
- container_name: p0f
- restart: always
- network_mode: "host"
- image: "dtagdevsec/p0f:2204"
- read_only: true
- volumes:
- - /data/p0f/log:/var/log/p0f
-
-# Suricata service
- suricata:
- container_name: suricata
- restart: always
- environment:
- # For ET Pro ruleset replace "OPEN" with your OINKCODE
- - OINKCODE=OPEN
- # Loading externel Rules from URL
- # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
- network_mode: "host"
- cap_add:
- - NET_ADMIN
- - SYS_NICE
- - NET_RAW
- image: "dtagdevsec/suricata:2204"
- volumes:
- - /data/suricata/log:/var/log/suricata
-
-
-##################
-#### Tools
-##################
-
-#### ELK
-## Elasticsearch service
- elasticsearch:
- container_name: elasticsearch
- restart: always
- environment:
- - bootstrap.memory_lock=true
- - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
- - ES_TMPDIR=/tmp
- cap_add:
- - IPC_LOCK
- ulimits:
- memlock:
- soft: -1
- hard: -1
- nofile:
- soft: 65536
- hard: 65536
- mem_limit: 4g
- ports:
- - "127.0.0.1:64298:9200"
- image: "dtagdevsec/elasticsearch:2204"
- volumes:
- - /data:/data
-
-## Kibana service
- kibana:
- container_name: kibana
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- mem_limit: 1g
- ports:
- - "127.0.0.1:64296:5601"
- image: "dtagdevsec/kibana:2204"
-
-## Logstash service
- logstash:
- container_name: logstash
- restart: always
- environment:
- - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
- depends_on:
- elasticsearch:
- condition: service_healthy
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- mem_limit: 2g
- image: "dtagdevsec/logstash:2204"
- volumes:
- - /data:/data
-
-## Map Redis Service
- map_redis:
- container_name: map_redis
- restart: always
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/redis:2204"
- read_only: true
-
-## Map Web Service
- map_web:
- container_name: map_web
- restart: always
- environment:
- - MAP_COMMAND=AttackMapServer.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- ports:
- - "127.0.0.1:64299:64299"
- image: "dtagdevsec/map:2204"
-
-## Map Data Service
- map_data:
- container_name: map_data
- restart: always
- depends_on:
- elasticsearch:
- condition: service_healthy
- environment:
- - MAP_COMMAND=DataServer_v2.py
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- stop_signal: SIGKILL
- tty: true
- image: "dtagdevsec/map:2204"
-#### /ELK
-
-# Ewsposter service
- ewsposter:
- container_name: ewsposter
- restart: always
- networks:
- - ewsposter_local
- environment:
- - EWS_HPFEEDS_ENABLE=false
- - EWS_HPFEEDS_HOST=host
- - EWS_HPFEEDS_PORT=port
- - EWS_HPFEEDS_CHANNELS=channels
- - EWS_HPFEEDS_IDENT=user
- - EWS_HPFEEDS_SECRET=secret
- - EWS_HPFEEDS_TLSCERT=false
- - EWS_HPFEEDS_FORMAT=json
- env_file:
- - /opt/tpot/etc/compose/elk_environment
- image: "dtagdevsec/ewsposter:2204"
- volumes:
- - /data:/data
- - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
-
-# Nginx service
- nginx:
- container_name: nginx
- restart: always
- tmpfs:
- - /var/tmp/nginx/client_body
- - /var/tmp/nginx/proxy
- - /var/tmp/nginx/fastcgi
- - /var/tmp/nginx/uwsgi
- - /var/tmp/nginx/scgi
- - /run
- - /var/lib/nginx/tmp:uid=100,gid=82
- network_mode: "host"
- # ports:
- # - "64297:64297"
- # - "127.0.0.1:64304:64304"
- image: "dtagdevsec/nginx:2204"
- read_only: true
- volumes:
- - /data/nginx/cert/:/etc/nginx/cert/:ro
- - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
- - /data/nginx/log/:/var/log/nginx/
-
-# Spiderfoot service
- spiderfoot:
- container_name: spiderfoot
- restart: always
- networks:
- - spiderfoot_local
- ports:
- - "127.0.0.1:64303:8080"
- image: "dtagdevsec/spiderfoot:2204"
- volumes:
- - /data/spiderfoot:/home/spiderfoot/.spiderfoot
diff --git a/_deprecated/etc/logrotate/logrotate.conf b/_deprecated/etc/logrotate/logrotate.conf
deleted file mode 100644
index 07223601..00000000
--- a/_deprecated/etc/logrotate/logrotate.conf
+++ /dev/null
@@ -1,69 +0,0 @@
-/data/adbhoney/log/*.json
-/data/adbhoney/log/*.log
-/data/ciscoasa/log/ciscoasa.log
-/data/citrixhoneypot/logs/server.log
-/data/conpot/log/conpot*.json
-/data/conpot/log/conpot*.log
-/data/cowrie/log/cowrie.json
-/data/cowrie/log/cowrie-textlog.log
-/data/cowrie/log/lastlog.txt
-/data/ddospot/log/*.log
-/data/dicompot/log/dicompot.log
-/data/dionaea/log/dionaea.json
-/data/dionaea/log/dionaea.sqlite
-/data/dionaea/dionaea-errors.log
-/data/elasticpot/log/elasticpot.log
-/data/elasticpot/log/elasticpot.json
-/data/elk/log/*.log
-/data/endlessh/log/*.log
-/data/fatt/log/fatt.log
-/data/glutton/log/*.log
-/data/glutton/log/*.err
-/data/hellpot/log/*.log
-/data/heralding/log/*.log
-/data/heralding/log/*.csv
-/data/heralding/log/*.json
-/data/honeypots/log/*.log
-/data/honeysap/log/*.log
-/data/honeytrap/log/*.log
-/data/honeytrap/log/*.json
-/data/ipphoney/log/*.json
-/data/log4pot/log/*.log
-/data/mailoney/log/*.log
-/data/medpot/log/*.log
-/data/nginx/log/*.log
-/data/p0f/log/p0f.json
-/data/rdpy/log/rdpy.log
-/data/redishoneypot/log/*.log
-/data/sentrypeer/log/*.json
-/data/suricata/log/*.log
-/data/suricata/log/*.json
-/data/tanner/log/*.json
-{
- su tpot tpot
- copytruncate
- create 770 tpot tpot
- daily
- missingok
- notifempty
- rotate 30
- compress
- compresscmd /usr/bin/pigz
-}
-
-/data/adbhoney/downloads.tgz
-/data/cowrie/log/ttylogs.tgz
-/data/cowrie/downloads.tgz
-/data/dionaea/bistreams.tgz
-/data/dionaea/binaries.tgz
-/data/honeytrap/attacks.tgz
-/data/honeytrap/downloads.tgz
-{
- su tpot tpot
- copytruncate
- create 770 tpot tpot
- daily
- missingok
- notifempty
- rotate 30
-}
diff --git a/_deprecated/etc/objects/elkbase.tgz b/_deprecated/etc/objects/elkbase.tgz
deleted file mode 100644
index 8370fec4..00000000
Binary files a/_deprecated/etc/objects/elkbase.tgz and /dev/null differ
diff --git a/_deprecated/etc/objects/kibana_export.ndjson.zip b/_deprecated/etc/objects/kibana_export.ndjson.zip
deleted file mode 100644
index 121d12d2..00000000
Binary files a/_deprecated/etc/objects/kibana_export.ndjson.zip and /dev/null differ
diff --git a/_deprecated/host/etc/rc.local b/_deprecated/host/etc/rc.local
deleted file mode 100755
index 68f6775a..00000000
--- a/_deprecated/host/etc/rc.local
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-/opt/tpot/bin/updateip.sh
-exit 0
diff --git a/_deprecated/host/etc/systemd/tpot.service b/_deprecated/host/etc/systemd/tpot.service
deleted file mode 100644
index 96241fa2..00000000
--- a/_deprecated/host/etc/systemd/tpot.service
+++ /dev/null
@@ -1,42 +0,0 @@
-[Unit]
-Description=tpot
-Requires=docker.service
-After=docker.service
-
-[Service]
-Restart=always
-RestartSec=5
-TimeoutSec=infinity
-
-# Get and set internal, external IP infos, but ignore errors
-ExecStartPre=-/opt/tpot/bin/updateip.sh
-
-# Clear state or if persistence is enabled rotate and compress logs from /data
-ExecStartPre=-/bin/bash -c '/opt/tpot/bin/clean.sh on'
-
-# Remove old containers, images and volumes
-ExecStartPre=/opt/tpot/bin/tpdclean.sh -y
-
-# Get IF, disable offloading, enable promiscious mode for p0f and suricata
-ExecStartPre=-/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) rx off tx off'
-ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off'
-ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on'
-
-# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
-# Forward all other connections to honeytrap / NFQUEUE
-ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set
-
-# Compose T-Pot up
-ExecStart=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color
-
-# We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
-ExecStartPost=/bin/bash -c '/usr/bin/sleep 30 && /usr/sbin/conntrack -D -p udp'
-
-# Compose T-Pot down, remove containers and volumes
-ExecStop=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v
-
-# Remove only previously set iptables rules
-ExecStopPost=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml unset
-
-[Install]
-WantedBy=multi-user.target
diff --git a/_deprecated/host/usr/share/dict/a.txt b/_deprecated/host/usr/share/dict/a.txt
deleted file mode 100644
index a663034c..00000000
--- a/_deprecated/host/usr/share/dict/a.txt
+++ /dev/null
@@ -1,1466 +0,0 @@
-average
-big
-colossal
-fat
-giant
-gigantic
-great
-huge
-immense
-large
-little
-long
-mammoth
-massive
-miniature
-petite
-puny
-short
-small
-tall
-tiny
-boiling
-breezy
-broken
-bumpy
-chilly
-cold
-cool
-creepy
-crooked
-cuddly
-curly
-damaged
-damp
-dirty
-dry
-dusty
-filthy
-flaky
-fluffy
-wet
-broad
-chubby
-crooked
-curved
-deep
-flat
-high
-hollow
-low
-narrow
-round
-shallow
-skinny
-square
-steep
-straight
-wide
-ancient
-brief
-early
-fast
-late
-long
-modern
-old
-oldfashioned
-quick
-rapid
-short
-slow
-swift
-young
-abundant
-empty
-few
-heavy
-light
-many
-numerous
-Sound
-cooing
-deafening
-faint
-harsh
-highpitched
-hissing
-hushed
-husky
-loud
-melodic
-moaning
-mute
-noisy
-purring
-quiet
-raspy
-resonant
-screeching
-shrill
-silent
-soft
-squealing
-thundering
-voiceless
-whispering
-bitter
-delicious
-fresh
-juicy
-ripe
-rotten
-salty
-sour
-spicy
-stale
-sticky
-strong
-sweet
-tasteless
-tasty
-thirsty
-fluttering
-fuzzy
-greasy
-grubby
-hard
-hot
-icy
-loose
-melted
-plastic
-prickly
-rainy
-rough
-scattered
-shaggy
-shaky
-sharp
-shivering
-silky
-slimy
-slippery
-smooth
-soft
-solid
-steady
-sticky
-tender
-tight
-uneven
-weak
-wet
-wooden
-afraid
-angry
-annoyed
-anxious
-arrogant
-ashamed
-awful
-bad
-bewildered
-bored
-combative
-condemned
-confused
-creepy
-cruel
-dangerous
-defeated
-defiant
-depressed
-disgusted
-disturbed
-eerie
-embarrassed
-envious
-evil
-fierce
-foolish
-frantic
-frightened
-grieving
-helpless
-homeless
-hungry
-hurt
-ill
-jealous
-lonely
-mysterious
-naughty
-nervous
-obnoxious
-outrageous
-panicky
-repulsive
-scary
-scornful
-selfish
-sore
-tense
-terrible
-thoughtless
-tired
-troubled
-upset
-uptight
-weary
-wicked
-worried
-agreeable
-amused
-brave
-calm
-charming
-cheerful
-comfortable
-cooperative
-courageous
-delightful
-determined
-eager
-elated
-enchanting
-encouraging
-energetic
-enthusiastic
-excited
-exuberant
-fair
-faithful
-fantastic
-fine
-friendly
-funny
-gentle
-glorious
-good
-happy
-healthy
-helpful
-hilarious
-jolly
-joyous
-kind
-lively
-lovely
-lucky
-obedient
-perfect
-pleasant
-proud
-relieved
-silly
-smiling
-splendid
-successful
-thoughtful
-victorious
-vivacious
-witty
-wonderful
-zealous
-zany
-other
-good
-new
-old
-great
-high
-small
-different
-large
-local
-social
-important
-long
-young
-national
-british
-right
-early
-possible
-big
-little
-political
-able
-late
-general
-full
-far
-low
-public
-available
-bad
-main
-sure
-clear
-major
-economic
-only
-likely
-real
-black
-particular
-international
-special
-difficult
-certain
-open
-whole
-white
-free
-short
-easy
-strong
-european
-central
-similar
-human
-common
-necessary
-single
-personal
-hard
-private
-poor
-financial
-wide
-foreign
-simple
-recent
-concerned
-american
-various
-close
-fine
-english
-wrong
-present
-royal
-natural
-individual
-nice
-french
-following
-current
-modern
-labour
-legal
-happy
-final
-red
-normal
-serious
-previous
-total
-prime
-significant
-industrial
-sorry
-dead
-specific
-appropriate
-top
-soviet
-basic
-military
-original
-successful
-aware
-hon
-popular
-heavy
-professional
-direct
-dark
-cold
-ready
-green
-useful
-effective
-western
-traditional
-scottish
-german
-independent
-deep
-interesting
-considerable
-involved
-physical
-left
-hot
-existing
-responsible
-complete
-medical
-blue
-extra
-past
-male
-interested
-fair
-essential
-beautiful
-civil
-primary
-obvious
-future
-environmental
-positive
-senior
-nuclear
-annual
-relevant
-huge
-rich
-commercial
-safe
-regional
-practical
-official
-separate
-key
-chief
-regular
-due
-additional
-active
-powerful
-complex
-standard
-impossible
-light
-warm
-middle
-fresh
-sexual
-front
-domestic
-actual
-united
-technical
-ordinary
-cheap
-strange
-internal
-excellent
-quiet
-soft
-potential
-northern
-religious
-quick
-very
-famous
-cultural
-proper
-broad
-joint
-formal
-limited
-conservative
-lovely
-usual
-ltd
-unable
-rural
-initial
-substantial
-christian
-bright
-average
-leading
-reasonable
-immediate
-suitable
-equal
-detailed
-working
-overall
-female
-afraid
-democratic
-growing
-sufficient
-scientific
-eastern
-correct
-inc
-irish
-expensive
-educational
-mental
-dangerous
-critical
-increased
-familiar
-unlikely
-double
-perfect
-slow
-tiny
-dry
-historical
-thin
-daily
-southern
-increasing
-wild
-alone
-urban
-empty
-married
-narrow
-liberal
-supposed
-upper
-apparent
-tall
-busy
-bloody
-prepared
-russian
-moral
-careful
-clean
-attractive
-japanese
-vital
-thick
-alternative
-fast
-ancient
-elderly
-rare
-external
-capable
-brief
-wonderful
-grand
-typical
-entire
-grey
-constant
-vast
-surprised
-ideal
-terrible
-academic
-funny
-minor
-pleased
-severe
-ill
-corporate
-negative
-permanent
-weak
-brown
-fundamental
-odd
-crucial
-inner
-used
-criminal
-contemporary
-sharp
-sick
-near
-roman
-massive
-unique
-secondary
-parliamentary
-african
-unknown
-subsequent
-angry
-alive
-guilty
-lucky
-enormous
-well
-communist
-yellow
-unusual
-net
-longterm
-tough
-dear
-extensive
-glad
-remaining
-agricultural
-alright
-healthy
-italian
-principal
-tired
-efficient
-comfortable
-chinese
-relative
-friendly
-conventional
-willing
-sudden
-proposed
-voluntary
-slight
-valuable
-dramatic
-golden
-temporary
-federal
-keen
-flat
-silent
-indian
-videotaped
-worried
-pale
-statutory
-welsh
-dependent
-firm
-wet
-competitive
-armed
-radical
-outside
-acceptable
-sensitive
-living
-pure
-global
-emotional
-sad
-secret
-rapid
-adequate
-fixed
-sweet
-administrative
-wooden
-remarkable
-comprehensive
-surprising
-solid
-rough
-mere
-mass
-brilliant
-maximum
-absolute
-tory
-electronic
-visual
-electric
-cool
-spanish
-literary
-continuing
-supreme
-chemical
-genuine
-exciting
-written
-stupid
-advanced
-extreme
-classical
-fit
-favourite
-socialist
-widespread
-confident
-straight
-catholic
-proud
-numerous
-opposite
-distinct
-mad
-helpful
-given
-disabled
-consistent
-anxious
-nervous
-awful
-stable
-constitutional
-satisfied
-conscious
-developing
-strategic
-holy
-smooth
-dominant
-remote
-theoretical
-outstanding
-pink
-pretty
-clinical
-minimum
-honest
-impressive
-related
-residential
-extraordinary
-plain
-visible
-accurate
-distant
-still
-greek
-complicated
-musical
-precise
-gentle
-broken
-live
-silly
-fat
-tight
-monetary
-round
-psychological
-violent
-unemployed
-inevitable
-junior
-sensible
-grateful
-pleasant
-dirty
-structural
-welcome
-socalled
-deaf
-above
-continuous
-blind
-overseas
-mean
-entitled
-delighted
-loose
-occasional
-evident
-desperate
-fellow
-universal
-square
-steady
-classic
-equivalent
-intellectual
-victorian
-level
-ultimate
-creative
-lost
-medieval
-clever
-linguistic
-convinced
-judicial
-raw
-sophisticated
-asleep
-vulnerable
-illegal
-outer
-revolutionary
-bitter
-changing
-australian
-native
-imperial
-strict
-wise
-informal
-flexible
-collective
-frequent
-experimental
-spiritual
-intense
-rational
-ethnic
-generous
-inadequate
-prominent
-logical
-bare
-historic
-modest
-dutch
-acute
-electrical
-valid
-weekly
-gross
-automatic
-loud
-reliable
-mutual
-liable
-multiple
-ruling
-curious
-arab
-sole
-jewish
-managing
-pregnant
-latin
-nearby
-exact
-underlying
-identical
-satisfactory
-marginal
-distinctive
-electoral
-urgent
-presidential
-controversial
-oral
-everyday
-encouraging
-organic
-continued
-expected
-statistical
-desirable
-innocent
-improved
-exclusive
-marked
-experienced
-unexpected
-superb
-sheer
-disappointed
-frightened
-fulltime
-gastric
-capitalist
-romantic
-naked
-reluctant
-magnificent
-convenient
-established
-closed
-uncertain
-artificial
-diplomatic
-tremendous
-marine
-mechanical
-retail
-institutional
-mixed
-required
-biological
-known
-functional
-straightforward
-superior
-digital
-parttime
-spectacular
-unhappy
-confused
-unfair
-aggressive
-spare
-painful
-abstract
-asian
-associated
-legislative
-monthly
-intelligent
-hungry
-explicit
-nasty
-just
-faint
-coloured
-ridiculous
-amazing
-comparable
-successive
-workingclass
-realistic
-back
-decent
-unnecessary
-flying
-fucking
-random
-influential
-dull
-genetic
-neat
-marvellous
-crazy
-damp
-giant
-secure
-bottom
-skilled
-subtle
-elegant
-brave
-lesser
-parallel
-steep
-intensive
-casual
-tropical
-lonely
-partial
-preliminary
-concrete
-alleged
-assistant
-vertical
-upset
-delicate
-mild
-occupational
-excessive
-progressive
-iraqi
-exceptional
-integrated
-striking
-continental
-okay
-harsh
-combined
-fierce
-handsome
-characteristic
-chronic
-compulsory
-interim
-objective
-splendid
-magic
-shortterm
-systematic
-obliged
-payable
-fun
-horrible
-primitive
-fascinating
-ideological
-metropolitan
-surrounding
-estimated
-peaceful
-premier
-operational
-technological
-kind
-advisory
-hostile
-precious
-gay
-accessible
-determined
-excited
-impressed
-provincial
-smart
-endless
-isolated
-postwar
-drunk
-geographical
-like
-dynamic
-boring
-forthcoming
-unfortunate
-definite
-super
-notable
-indirect
-stiff
-wealthy
-awkward
-lively
-neutral
-artistic
-content
-mature
-colonial
-ambitious
-evil
-magnetic
-verbal
-legitimate
-sympathetic
-wellknown
-empirical
-head
-shallow
-vague
-naval
-depressed
-shared
-added
-shocked
-mid
-worthwhile
-qualified
-missing
-blank
-absent
-favourable
-polish
-israeli
-developed
-profound
-representative
-enthusiastic
-dreadful
-rigid
-reduced
-cruel
-coastal
-peculiar
-racial
-ugly
-swiss
-crude
-extended
-selected
-eager
-feminist
-canadian
-bold
-relaxed
-corresponding
-running
-planned
-applicable
-immense
-allied
-comparative
-uncomfortable
-conservation
-productive
-beneficial
-bored
-charming
-minimal
-mobile
-turkish
-orange
-rear
-passive
-suspicious
-overwhelming
-fatal
-resulting
-symbolic
-registered
-neighbouring
-calm
-irrelevant
-patient
-compact
-profitable
-rival
-loyal
-moderate
-distinguished
-interior
-noble
-insufficient
-eligible
-mysterious
-varying
-middleclass
-managerial
-molecular
-olympic
-linear
-prospective
-printed
-parental
-diverse
-elaborate
-furious
-fiscal
-burning
-useless
-semantic
-embarrassed
-inherent
-philosophical
-deliberate
-awake
-variable
-promising
-unpleasant
-varied
-sacred
-selective
-inclined
-tender
-hidden
-worthy
-intermediate
-sound
-protective
-fortunate
-slim
-islamic
-defensive
-divine
-stuck
-driving
-invisible
-misleading
-circular
-mathematical
-inappropriate
-liquid
-persistent
-solar
-doubtful
-manual
-architectural
-intact
-incredible
-devoted
-prior
-tragic
-respectable
-optimistic
-convincing
-unacceptable
-decisive
-competent
-spatial
-respective
-binding
-relieved
-nursing
-toxic
-select
-redundant
-integral
-then
-probable
-amateur
-fond
-passing
-specified
-territorial
-horizontal
-oldfashioned
-inland
-cognitive
-regulatory
-miserable
-resident
-polite
-scared
-marxist
-gothic
-civilian
-instant
-lengthy
-adverse
-korean
-unconscious
-anonymous
-aesthetic
-orthodox
-static
-unaware
-costly
-fantastic
-foolish
-fashionable
-causal
-compatible
-wee
-implicit
-dual
-ok
-cheerful
-subjective
-forward
-surviving
-exotic
-purple
-cautious
-visiting
-aggregate
-ethical
-protestant
-teenage
-largescale
-dying
-disastrous
-delicious
-confidential
-underground
-thorough
-grim
-autonomous
-atomic
-frozen
-colourful
-injured
-uniform
-ashamed
-glorious
-wicked
-coherent
-rising
-shy
-novel
-balanced
-delightful
-arbitrary
-adjacent
-psychiatric
-worrying
-weird
-unchanged
-rolling
-evolutionary
-intimate
-sporting
-disciplinary
-formidable
-lexical
-noisy
-gradual
-accused
-homeless
-supporting
-coming
-renewed
-excess
-retired
-rubber
-chosen
-outdoor
-embarrassing
-preferred
-bizarre
-appalling
-agreed
-imaginative
-governing
-accepted
-vocational
-palestinian
-mighty
-puzzled
-worldwide
-handicapped
-organisational
-sunny
-eldest
-eventual
-spontaneous
-vivid
-rude
-nineteenthcentury
-faithful
-ministerial
-innovative
-controlled
-conceptual
-unwilling
-civic
-meaningful
-disturbing
-alive
-brainy
-breakable
-busy
-careful
-cautious
-clever
-concerned
-crazy
-curious
-dead
-different
-difficult
-doubtful
-easy
-famous
-fragile
-helpful
-helpless
-important
-impossible
-innocent
-inquisitive
-modern
-open
-outstanding
-poor
-powerful
-puzzled
-real
-rich
-shy
-sleepy
-stupid
-super
-tame
-uninterested
-wandering
-wild
-wrong
-adorable
-alert
-average
-beautiful
-blonde
-bloody
-blushing
-bright
-clean
-clear
-cloudy
-colorful
-crowded
-cute
-dark
-drab
-distinct
-dull
-elegant
-fancy
-filthy
-glamorous
-gleaming
-graceful
-grotesque
-homely
-light
-misty
-motionless
-muddy
-plain
-poised
-quaint
-shiny
-smoggy
-sparkling
-spotless
-stormy
-strange
-ugly
-unsightly
-unusual
-bad
-better
-beautiful
-big
-black
-blue
-bright
-clumsy
-crazy
-dizzy
-dull
-fat
-frail
-friendly
-funny
-great
-green
-gigantic
-gorgeous
-grumpy
-handsome
-happy
-horrible
-itchy
-jittery
-jolly
-kind
-long
-lazy
-magnificent
-magenta
-many
-mighty
-mushy
-nasty
-new
-nice
-nosy
-nutty
-nutritious
-odd
-orange
-ordinary
-pretty
-precious
-prickly
-purple
-quaint
-quiet
-quick
-quickest
-rainy
-rare
-ratty
-red
-roasted
-robust
-round
-sad
-scary
-scrawny
-short
-silly
-stingy
-strange
-striped
-spotty
-tart
-tall
-tame
-tan
-tender
-testy
-tricky
-tough
-ugly
-ugliest
-vast
-watery
-wasteful
-wideeyed
-wonderful
-yellow
-yummy
-zany
diff --git a/_deprecated/host/usr/share/dict/n.txt b/_deprecated/host/usr/share/dict/n.txt
deleted file mode 100644
index 0e5f2c37..00000000
--- a/_deprecated/host/usr/share/dict/n.txt
+++ /dev/null
@@ -1,4401 +0,0 @@
-aardvark
-abacus
-abbey
-abdomen
-ability
-abolishment
-abroad
-accelerant
-accelerator
-accident
-accompanist
-accordion
-account
-accountant
-achieve
-achiever
-acid
-acknowledgment
-acoustic
-acoustics
-acrylic
-act
-action
-active
-activity
-actor
-actress
-acupuncture
-ad
-adapter
-addiction
-addition
-address
-adjustment
-administration
-adrenalin
-adult
-advancement
-advantage
-advertisement
-advertising
-advice
-affair
-affect
-afghanistan
-africa
-aftermath
-afternoon
-aftershave
-aftershock
-afterthought
-age
-agency
-agenda
-agent
-aglet
-agreement
-air
-airbag
-airbus
-airfare
-airforce
-airline
-airmail
-airplane
-airport
-airship
-alarm
-alb
-albatross
-alcohol
-alcove
-alder
-algebra
-algeria
-alibi
-allergist
-alley
-alligator
-alloy
-almanac
-almond
-alpaca
-alpenglow
-alpenhorn
-alpha
-alphabet
-alternative
-altitude
-alto
-aluminium
-aluminum
-ambassador
-ambition
-ambulance
-amendment
-america
-amount
-amusement
-anagram
-analgesia
-analog
-analysis
-analyst
-anatomy
-anesthesiology
-anethesiologist
-anger
-angiosperm
-angle
-angora
-angstrom
-anguish
-animal
-anime
-ankle
-anklet
-annual
-anorak
-answer
-ant
-antarctica
-anteater
-antechamber
-antelope
-anthony
-anthropology
-antler
-anxiety
-anybody
-anything
-anywhere
-apartment
-ape
-aperitif
-apology
-apparatus
-apparel
-appeal
-appearance
-appendix
-apple
-applewood
-appliance
-application
-appointment
-approval
-april
-apron
-apse
-aquarius
-aquifer
-arch
-archaeology
-archeology
-archer
-architect
-architecture
-archrival
-area
-argentina
-argument
-aries
-arithmetic
-arm
-armadillo
-armament
-armchair
-armoire
-armor
-armrest
-army
-arrival
-arrow
-art
-artichoke
-article
-artificer
-ascot
-ash
-ashram
-ashtray
-asia
-asparagus
-aspect
-asphalt
-assignment
-assistance
-assistant
-associate
-association
-assumption
-asterisk
-astrakhan
-astrolabe
-astrologer
-astrology
-astronomy
-atelier
-athelete
-athlete
-atm
-atmosphere
-atom
-atrium
-attachment
-attack
-attempt
-attendant
-attention
-attenuation
-attic
-attitude
-attorney
-attraction
-audience
-auditorium
-august
-aunt
-australia
-author
-authorisation
-authority
-authorization
-automaton
-avalanche
-avenue
-average
-awareness
-azimuth
-babe
-babies
-baboon
-babushka
-baby
-back
-backbone
-backdrop
-backpack
-bacon
-bad
-badge
-badger
-bafflement
-bag
-bagel
-bagpipe
-bagpipes
-bail
-bait
-bake
-baker
-bakery
-bakeware
-balaclava
-balalaika
-balance
-balcony
-balinese
-ball
-balloon
-ballpark
-bamboo
-banana
-band
-bandana
-bandanna
-bandolier
-bangladesh
-bangle
-banjo
-bank
-bankbook
-banker
-banquette
-baobab
-bar
-barbara
-barbeque
-barber
-barbiturate
-barge
-baritone
-barium
-barn
-barometer
-barracks
-barstool
-base
-baseball
-basement
-basin
-basis
-basket
-basketball
-bass
-bassinet
-bassoon
-bat
-bath
-bather
-bathhouse
-bathrobe
-bathroom
-bathtub
-batter
-battery
-batting
-battle
-battleship
-bay
-bayou
-beach
-bead
-beak
-beam
-bean
-beanie
-beanstalk
-bear
-beard
-beast
-beat
-beautician
-beauty
-beaver
-bed
-bedroom
-bee
-beech
-beef
-beer
-beet
-beetle
-beggar
-beginner
-begonia
-behavior
-beheading
-behest
-belfry
-belief
-believe
-bell
-belligerency
-bellows
-belly
-belt
-bench
-bend
-beneficiary
-benefit
-bengal
-beret
-berry
-bestseller
-bestseller
-betty
-beverage
-beyond
-bibliography
-bicycle
-bid
-bidet
-bifocals
-big
-bigrig
-bijou
-bike
-bikini
-bill
-billboard
-bin
-biology
-biplane
-birch
-bird
-birdbath
-birdcage
-birdhouse
-birdwatcher
-birth
-birthday
-bit
-bite
-black
-blackberry
-blackboard
-blackfish
-bladder
-blade
-blame
-blank
-blanket
-blazer
-blight
-blinker
-blister
-blizzard
-block
-blocker
-blood
-bloodflow
-bloom
-bloomers
-blossom
-blouse
-blow
-blowgun
-blowhole
-blue
-blueberry
-boar
-board
-boat
-boatbuilding
-boatload
-boatyard
-bobcat
-body
-bog
-bolero
-bolt
-bomb
-bomber
-bondsman
-bone
-bongo
-bonnet
-bonsai
-bonus
-boogeyman
-book
-bookcase
-bookend
-booklet
-booster
-boot
-bootee
-bootie
-boots
-booty
-border
-bore
-bosom
-botany
-bottle
-bottling
-bottom
-bottomline
-boudoir
-bough
-boundary
-bow
-bower
-bowl
-bowler
-bowling
-bowtie
-box
-boxer
-boxspring
-boy
-boyfriend
-bra
-brace
-bracelet
-bracket
-brain
-brake
-branch
-brand
-brandy
-brass
-brassiere
-bratwurst
-brazil
-bread
-breadcrumb
-break
-breakfast
-breakpoint
-breast
-breastplate
-breath
-breeze
-bribery
-brick
-bricklaying
-bridge
-brief
-briefs
-brilliant
-british
-broccoli
-brochure
-broiler
-broker
-brome
-bronchitis
-bronco
-bronze
-brooch
-brood
-brook
-broom
-brother
-brotherinlaw
-brow
-brown
-brush
-brushfire
-brushing
-bubble
-bucket
-buckle
-bud
-budget
-buffer
-buffet
-bug
-buggy
-bugle
-building
-bulb
-bull
-bulldozer
-bullet
-bullfighter
-bumper
-bun
-bunch
-bungalow
-bunghole
-bunkhouse
-burglar
-burlesque
-burma
-burn
-burnout
-burst
-bus
-bush
-business
-bust
-bustle
-butane
-butcher
-butter
-button
-buy
-buyer
-buzzard
-cabana
-cabbage
-cabin
-cabinet
-cable
-caboose
-cacao
-cactus
-caddy
-cadet
-cafe
-caftan
-cake
-calcification
-calculation
-calculator
-calculus
-calendar
-calf
-calico
-call
-calm
-camel
-cameo
-camera
-camp
-campaign
-campanile
-can
-canada
-canal
-cancel
-cancer
-candelabra
-candidate
-candle
-candy
-cane
-cannon
-canoe
-canon
-canopy
-canteen
-canvas
-cap
-cape
-capital
-capitulation
-capon
-cappelletti
-cappuccino
-capricorn
-captain
-caption
-car
-caravan
-carbon
-card
-cardboard
-cardigan
-care
-cargo
-carload
-carnation
-carol
-carotene
-carp
-carpenter
-carpet
-carport
-carriage
-carrier
-carrot
-carry
-cart
-cartilage
-cartload
-cartoon
-cartridge
-cascade
-case
-casement
-cash
-cashier
-casino
-casserole
-cassock
-cast
-castanet
-castanets
-castle
-cat
-catacomb
-catamaran
-category
-caterpillar
-cathedral
-catsup
-cattle
-cauliflower
-cause
-caution
-cave
-cclamp
-cd
-ceiling
-celebration
-celeriac
-celery
-celeste
-cell
-cellar
-cello
-celsius
-cement
-cemetery
-cenotaph
-census
-cent
-centenarian
-center
-centimeter
-centurion
-century
-cephalopod
-ceramic
-cereal
-certification
-cesspool
-chador
-chafe
-chain
-chainstay
-chair
-chairlift
-chairman
-chairperson
-chairwoman
-chaise
-chalet
-chalice
-chalk
-champion
-championship
-chance
-chandelier
-change
-channel
-chap
-chapel
-chapter
-character
-chard
-charge
-charity
-charlatan
-charles
-charm
-chart
-chastity
-chasuble
-chateau
-chauffeur
-chauvinist
-check
-checkroom
-cheek
-cheese
-cheetah
-chef
-chemistry
-cheque
-cherries
-cherry
-chess
-chest
-chick
-chicken
-chicory
-chief
-chiffonier
-child
-childhood
-children
-chill
-chime
-chimpanzee
-chin
-china
-chinese
-chino
-chipmunk
-chitchat
-chivalry
-chive
-chocolate
-choice
-choker
-chop
-chopstick
-chord
-chowder
-christmas
-christopher
-chrome
-chromolithograph
-chronograph
-chronometer
-chub
-chug
-church
-churn
-cicada
-cigarette
-cinema
-circle
-circulation
-circumference
-cirrus
-citizenship
-city
-civilisation
-clam
-clank
-clapboard
-clarinet
-clasp
-class
-classroom
-claus
-clave
-clavicle
-clavier
-cleaner
-cleat
-cleavage
-clef
-cleric
-clerk
-click
-client
-cliff
-climate
-climb
-clip
-clipper
-cloak
-cloakroom
-clock
-clockwork
-clogs
-cloister
-close
-closet
-cloth
-clothes
-clothing
-cloud
-cloudburst
-cloudy
-clove
-clover
-club
-clutch
-coach
-coal
-coast
-coat
-cob
-cobweb
-cockpit
-cockroach
-cocktail
-cocoa
-cod
-codon
-codpiece
-coevolution
-coffee
-coffin
-coil
-coin
-coinsurance
-coke
-cold
-coliseum
-collar
-collection
-college
-collision
-colloquia
-colombia
-colon
-colonisation
-colony
-color
-colt
-column
-columnist
-comb
-combat
-combination
-comfort
-comfortable
-comic
-comma
-command
-commercial
-commission
-committee
-communicant
-communication
-community
-company
-comparison
-competition
-competitor
-complaint
-complement
-complex
-component
-comportment
-composer
-composition
-compost
-compulsion
-computer
-comradeship
-concept
-concert
-conclusion
-concrete
-condition
-condominium
-condor
-conductor
-cone
-confectionery
-conference
-confidence
-confirmation
-conflict
-confusion
-conga
-congo
-congressman
-congressperson
-congresswoman
-conifer
-connection
-consent
-consequence
-console
-consonant
-conspirator
-constant
-constellation
-construction
-consul
-consulate
-contactlens
-contagion
-contest
-context
-continent
-contract
-contrail
-contrary
-contribution
-control
-convection
-conversation
-convert
-convertible
-cook
-cookie
-cooking
-coonskin
-cope
-copout
-copper
-coproducer
-copy
-copyright
-copywriter
-cord
-corduroy
-cork
-cormorant
-corn
-cornerstone
-cornet
-corral
-correspondent
-corridor
-corsage
-cost
-costume
-cot
-cottage
-cotton
-couch
-cougar
-cough
-council
-councilman
-councilor
-councilperson
-councilwoman
-counter
-counterforce
-countess
-country
-county
-couple
-courage
-course
-court
-cousin
-covariate
-cover
-coverall
-cow
-cowbell
-cowboy
-crab
-crack
-cracker
-crackers
-cradle
-craftsman
-crash
-crate
-cravat
-craw
-crawdad
-crayfish
-crayon
-cream
-creative
-creator
-creature
-creche
-credenza
-credit
-creditor
-creek
-cremebrulee
-crest
-crew
-crib
-cribbage
-cricket
-cricketer
-crime
-criminal
-crinoline
-criteria
-criterion
-criticism
-crocodile
-crocus
-croissant
-crook
-crop
-cross
-crosscontamination
-crossstitch
-crotch
-croup
-crow
-crowd
-crown
-crude
-crush
-cry
-crystallography
-cub
-cuban
-cuckoo
-cucumber
-cufflinks
-cultivar
-cultivator
-culture
-culvert
-cummerbund
-cup
-cupboard
-cupcake
-cupola
-curio
-curl
-curler
-currency
-current
-cursor
-curtain
-curve
-cushion
-custard
-custodian
-customer
-cut
-cuticle
-cutlet
-cutover
-cutting
-cyclamen
-cycle
-cyclone
-cylinder
-cymbal
-cymbals
-cynic
-cyst
-cytoplasm
-dad
-daffodil
-dagger
-dahlia
-daisy
-damage
-dame
-dance
-dancer
-danger
-daniel
-dark
-dart
-dash
-dashboard
-data
-database
-date
-daughter
-david
-day
-daybed
-dead
-deadline
-deal
-dealer
-dear
-death
-deathwatch
-deborah
-debt
-debtor
-decade
-december
-decimal
-decision
-deck
-declination
-decongestant
-decrease
-decryption
-dedication
-deer
-defense
-deficit
-definition
-deformation
-degree
-delete
-delivery
-demand
-demur
-den
-denim
-dentist
-deodorant
-department
-departure
-dependent
-deployment
-deposit
-depression
-depressive
-depth
-deputy
-derby
-derrick
-description
-desert
-design
-designer
-desire
-desk
-dessert
-destiny
-destroyer
-destruction
-detail
-detainment
-detective
-detention
-determination
-development
-deviance
-device
-dew
-dhow
-diadem
-diamond
-diaphragm
-diarist
-dibble
-dickey
-dictaphone
-diction
-dictionary
-diet
-dietician
-difference
-differential
-difficulty
-digestion
-digger
-digital
-dilapidation
-dill
-dime
-dimension
-dimple
-diner
-dinghy
-dinner
-dinosaur
-diploma
-dipstick
-direction
-director
-dirndl
-dirt
-disadvantage
-disarmament
-disaster
-disco
-disconnection
-discount
-discovery
-discrepancy
-discussion
-disease
-disembodiment
-disengagement
-disguise
-disgust
-dish
-dishes
-dishwasher
-disk
-display
-disposer
-distance
-distribution
-distributor
-district
-divan
-diver
-divide
-divider
-diving
-division
-dock
-doctor
-document
-doe
-dog
-dogsled
-dogwood
-doll
-dollar
-dolman
-dolphin
-domain
-donald
-donkey
-donna
-door
-doorknob
-doorpost
-dorothy
-dory
-dot
-double
-doubling
-doubt
-doubter
-downforce
-downgrade
-downtown
-draft
-dragon
-dragonfly
-dragster
-drain
-drake
-drama
-dramaturge
-draw
-drawbridge
-drawer
-drawing
-dream
-dredger
-dress
-dresser
-dressing
-drill
-drink
-drive
-driver
-driveway
-driving
-drizzle
-dromedary
-drop
-drug
-drum
-drummer
-drunk
-dry
-dryer
-duck
-duckling
-dud
-duffel
-dugout
-dulcimer
-dumbwaiter
-dumptruck
-dunebuggy
-dungarees
-dungeon
-duplexer
-dust
-duststorm
-duster
-duty
-dwarf
-dwelling
-dynamo
-eagle
-ear
-eardrum
-earmuffs
-earplug
-earrings
-earth
-earthquake
-earthworm
-ease
-easel
-east
-eave
-eavesdropper
-ebook
-ecclesia
-eclipse
-ecliptic
-economics
-ecumenist
-eddy
-edge
-edger
-editor
-editorial
-education
-edward
-eel
-effacement
-effect
-effective
-efficacy
-efficiency
-effort
-egg
-egghead
-eggnog
-eggplant
-egypt
-eight
-ejector
-elbow
-election
-electrocardiogram
-element
-elephant
-elevator
-elixir
-elizabeth
-elk
-ellipse
-elm
-elongation
-embossing
-emergence
-emergent
-emery
-emotion
-emphasis
-employ
-employee
-employer
-employment
-empowerment
-emu
-encirclement
-encyclopedia
-end
-endothelium
-enemy
-energy
-engine
-engineer
-engineering
-english
-enigma
-enquiry
-entertainment
-enthusiasm
-entrance
-entry
-environment
-epauliere
-epee
-ephemera
-ephemeris
-epoch
-eponym
-epoxy
-equinox
-equipment
-era
-ereader
-error
-escape
-espadrille
-espalier
-establishment
-estate
-estimate
-estrogen
-estuary
-ethernet
-ethiopia
-euphonium
-eurocentrism
-europe
-evaluator
-evening
-eveningwear
-event
-eviction
-evidence
-evocation
-exam
-examination
-examiner
-example
-exchange
-excitement
-exclamation
-excuse
-executor
-exhaust
-exhusband
-exile
-existence
-exit
-expansion
-expansionism
-experience
-expert
-explanation
-exposition
-expression
-extension
-extent
-extreme
-exwife
-eye
-eyeball
-eyebrow
-eyebrows
-eyeglasses
-eyelash
-eyelashes
-eyelid
-eyelids
-eyeliner
-eyestrain
-face
-facelift
-facet
-facilities
-facsimile
-fact
-factor
-factory
-faculty
-fahrenheit
-failure
-fairies
-fairy
-fall
-fallingout
-familiar
-family
-fan
-fang
-fanlight
-fanny
-fannypack
-farm
-farmer
-fascia
-fat
-father
-fatherinlaw
-fatigues
-faucet
-fault
-fawn
-fax
-fear
-feast
-feather
-feature
-february
-fedelini
-fedora
-feed
-feedback
-feeling
-feet
-felony
-female
-fen
-fence
-fencing
-fender
-ferry
-ferryboat
-fertilizer
-few
-fiber
-fiberglass
-fibre
-fiction
-fiddle
-field
-fifth
-fight
-fighter
-figurine
-file
-fill
-filly
-filth
-final
-finance
-find
-finding
-fine
-finger
-fingernail
-finisher
-fir
-fire
-fireman
-fireplace
-firewall
-fish
-fishbone
-fisherman
-fishery
-fishing
-fishmonger
-fishnet
-fisting
-fix
-fixture
-flag
-flame
-flanker
-flare
-flash
-flat
-flatboat
-flavor
-flax
-fleck
-fleece
-flesh
-flight
-flintlock
-flipflops
-flock
-flood
-floor
-floozie
-flower
-flu
-flugelhorn
-fluke
-flute
-fly
-flytrap
-foam
-fob
-focus
-fog
-fold
-folder
-fondue
-font
-food
-foot
-football
-footnote
-footrest
-footrest
-footstool
-foray
-force
-forearm
-forebear
-forecast
-forehead
-forest
-forestry
-forgery
-fork
-form
-formal
-format
-former
-fort
-fortnight
-fortress
-fortune
-forum
-foundation
-fountain
-fowl
-fox
-foxglove
-fragrance
-frame
-france
-fratricide
-fraudster
-frazzle
-freckle
-freedom
-freeplay
-freeze
-freezer
-freight
-freighter
-french
-freon
-fresco
-friction
-friday
-fridge
-friend
-friendship
-frigate
-fringe
-frock
-frog
-front
-frost
-frown
-fruit
-frustration
-fuel
-fulfillment
-full
-function
-fundraising
-funeral
-funny
-fur
-furnace
-furniture
-fusarium
-futon
-future
-gaffer
-gaiters
-gale
-gallbladder
-galleon
-gallery
-galley
-gallon
-galoshes
-game
-gamebird
-gammaray
-gander
-gap
-garage
-garb
-garbage
-garden
-garlic
-garment
-garter
-gas
-gasoline
-gastropod
-gate
-gateway
-gather
-gauge
-gauntlet
-gazebo
-gazelle
-gear
-gearshift
-geese
-gelding
-gem
-gemini
-gemsbok
-gender
-gene
-general
-genetics
-geography
-geology
-geometry
-george
-geranium
-gerbil
-geriatrician
-german
-germany
-geyser
-ghana
-gherkin
-ghost
-giant
-gigantism
-ginseng
-giraffe
-girdle
-girl
-girlfriend
-git
-glad
-gladiolus
-gland
-glass
-glasses
-glen
-glider
-gliding
-glockenspiel
-glove
-gloves
-glue
-glut
-goal
-goat
-gobbler
-godmother
-goggles
-gokart
-gold
-goldfish
-golf
-gondola
-gong
-good
-goodbye
-goodbye
-goodie
-goose
-gopher
-goretex
-gorilla
-gosling
-governance
-government
-governor
-gown
-grabbag
-grade
-grain
-gram
-granddaughter
-grandfather
-grandmom
-grandmother
-grandson
-granny
-grape
-grapefruit
-graph
-graphic
-grass
-grasshopper
-grassland
-gray
-grease
-great
-greatgrandfather
-greatgrandmother
-greece
-greek
-green
-greenhouse
-grenade
-grey
-grief
-grill
-grip
-grit
-grocery
-ground
-group
-grouper
-grouse
-growth
-guarantee
-guatemalan
-guest
-guestbook
-guidance
-guide
-guilty
-guitar
-guitarist
-gum
-gumshoes
-gun
-gutter
-guy
-gym
-gymnast
-gynaecology
-gyro
-hacienda
-hacksaw
-hackwork
-hail
-hair
-haircut
-half
-halfbrother
-halfsister
-halibut
-hall
-hallway
-hamaki
-hamburger
-hammer
-hammock
-hamster
-hand
-handball
-handholding
-handicap
-handle
-handlebar
-handmaiden
-handsaw
-hang
-harbor
-harbour
-hardboard
-hardcover
-hardening
-hardhat
-hardhat
-hardware
-harm
-harmonica
-harmony
-harp
-harpooner
-harpsichord
-hassock
-hat
-hatbox
-hatchet
-hate
-haunt
-haversack
-hawk
-hay
-head
-headlight
-headline
-headrest
-health
-hearing
-heart
-heartache
-hearth
-hearthside
-heartthrob
-heartwood
-heat
-heater
-heaven
-heavy
-hedge
-hedgehog
-heel
-height
-heirloom
-helen
-helicopter
-helium
-hell
-hellcat
-helmet
-helo
-help
-hemp
-hen
-herb
-heron
-herring
-hexagon
-heyday
-hide
-high
-highlight
-highrise
-highway
-hill
-himalayan
-hip
-hippodrome
-hippopotamus
-historian
-history
-hit
-hive
-hobbies
-hobbit
-hobby
-hockey
-hoe
-hog
-hold
-hole
-holiday
-home
-homework
-homogenate
-homonym
-honey
-honeybee
-honoree
-hood
-hoof
-hook
-hope
-hops
-horn
-hornet
-horse
-hose
-hosiery
-hospice
-hospital
-host
-hostel
-hostess
-hot
-hotdog
-hotel
-hour
-hourglass
-house
-houseboat
-housing
-hovel
-hovercraft
-howitzer
-hub
-hubcap
-hugger
-human
-humidity
-humor
-hunger
-hurdler
-hurricane
-hurry
-hurt
-husband
-hut
-hutch
-hyacinth
-hybridisation
-hydrant
-hydraulics
-hydrofoil
-hydrogen
-hyena
-hygienic
-hyphenation
-hypochondria
-hypothermia
-ice
-icebreaker
-icecream
-icecream
-icicle
-icon
-idea
-ideal
-igloo
-ikebana
-illegal
-image
-imagination
-impact
-implement
-importance
-impress
-impression
-imprisonment
-improvement
-impudence
-impulse
-inbox
-incandescence
-inch
-income
-increase
-independence
-independent
-index
-india
-indication
-indigence
-indonesia
-industry
-infancy
-inflammation
-inflation
-information
-infusion
-inglenook
-ingrate
-initial
-initiative
-injoke
-injury
-ink
-inlaws
-inlay
-inn
-innervation
-innocent
-input
-inquiry
-inscription
-insect
-inside
-insolence
-inspection
-inspector
-instance
-instruction
-instrument
-instrumentalist
-instrumentation
-insulation
-insurance
-insurgence
-intelligence
-intention
-interaction
-interactive
-interest
-interferometer
-interior
-interloper
-internal
-internet
-interpreter
-intervenor
-interview
-interviewer
-intestine
-intestines
-introduction
-invention
-inventor
-inventory
-investment
-invite
-invoice
-iPad
-iran
-iraq
-iridescence
-iris
-iron
-ironclad
-island
-israel
-issue
-italy
-jackal
-jacket
-jaguar
-jail
-jailhouse
-jam
-james
-january
-japan
-japanese
-jar
-jasmine
-jason
-jaw
-jeans
-jeep
-jeff
-jelly
-jellyfish
-jennifer
-jet
-jewel
-jewelry
-jiffy
-job
-jockey
-jodhpurs
-joey
-jogging
-john
-join
-joke
-joseph
-jot
-journey
-judge
-judgment
-judo
-juggernaut
-juice
-july
-jumbo
-jump
-jumper
-jumpsuit
-june
-junior
-junk
-junker
-junket
-jury
-justice
-jute
-kale
-kamikaze
-kangaroo
-karate
-karen
-kayak
-kazoo
-kendo
-kenneth
-kenya
-ketch
-ketchup
-kettle
-kettledrum
-kevin
-key
-keyboard
-keyboarding
-keystone
-kick
-kickoff
-kid
-kidney
-kidneys
-kielbasa
-kill
-kilogram
-kilometer
-kilt
-kimberly
-kimono
-kind
-king
-kingfish
-kiosk
-kiss
-kitchen
-kite
-kitten
-kitty
-kleenex
-klomps
-knee
-kneejerk
-knickers
-knife
-knifeedge
-knight
-knitting
-knot
-knowledge
-knuckle
-koala
-kohlrabi
-korean
-lab
-laborer
-lace
-lacquerware
-ladder
-lady
-ladybug
-lake
-lamb
-lamp
-lan
-lanai
-land
-landform
-landmine
-language
-lantern
-lap
-laparoscope
-lapdog
-laptop
-larch
-larder
-lark
-laryngitis
-lasagna
-latency
-latex
-lathe
-latte
-laugh
-laundry
-laura
-law
-lawn
-lawsuit
-lawyer
-layer
-lead
-leader
-leadership
-leaf
-league
-leaker
-learning
-leash
-leather
-leaver
-lecture
-leek
-leg
-legal
-legging
-legume
-lei
-lemon
-lemonade
-lemur
-length
-lentil
-leo
-leopard
-leotard
-leprosy
-let
-letter
-lettuce
-level
-lever
-leverage
-libra
-librarian
-library
-license
-lier
-life
-lift
-light
-lighting
-lightning
-lilac
-lily
-limit
-limo
-line
-linen
-liner
-link
-linseed
-lion
-lip
-lipstick
-liquid
-liquor
-lisa
-list
-literature
-litigation
-litter
-liver
-living
-lizard
-llama
-loaf
-loafer
-loan
-lobotomy
-lobster
-location
-lock
-locker
-locket
-locomotive
-locust
-loft
-log
-loggia
-loincloth
-look
-loss
-lot
-lotion
-lounge
-lout
-love
-low
-loyalty
-luck
-luggage
-lumber
-lumberman
-lunch
-luncheonette
-lunchroom
-lung
-lunge
-lute
-luttuce
-lycra
-lye
-lymphocyte
-lynx
-lyocell
-lyre
-lyric
-macadamia
-macaroni
-machine
-macrame
-macrofauna
-maelstrom
-maestro
-magazine
-magic
-magician
-maid
-maiden
-mail
-mailbox
-mailman
-maintenance
-major
-majorleague
-makeup
-malaysia
-male
-mall
-mallet
-mambo
-mammoth
-man
-management
-manager
-mandarin
-mandolin
-mangrove
-manhunt
-maniac
-manicure
-manner
-manor
-mansard
-manservant
-mansion
-mantel
-mantle
-mantua
-manufacturer
-manx
-map
-maple
-maraca
-maracas
-marble
-march
-mare
-margaret
-margin
-maria
-mariachi
-marimba
-mark
-market
-marketing
-marksman
-marriage
-marsh
-marshland
-marxism
-mary
-mascara
-mask
-mass
-massage
-master
-mastication
-mastoid
-mat
-match
-material
-math
-mattock
-mattress
-maximum
-may
-maybe
-mayonnaise
-mayor
-meal
-meaning
-measure
-measurement
-meat
-mechanic
-media
-medicine
-medium
-meet
-meeting
-megalomaniac
-melody
-member
-membership
-memory
-men
-menorah
-mention
-menu
-mercury
-mess
-message
-metal
-metallurgist
-meteor
-meteorology
-meter
-methane
-method
-methodology
-metro
-metronome
-mexican
-mexico
-mezzanine
-mice
-michael
-michelle
-microlending
-microwave
-midcourse
-middle
-middleman
-midi
-midline
-midnight
-midwife
-might
-migrant
-mile
-milk
-milkshake
-millennium
-millimeter
-millisecond
-mime
-mimosa
-mind
-mine
-mini
-minibus
-minion
-miniskirt
-minister
-minor
-minorleague
-mint
-minute
-mirror
-miscarriage
-miscommunication
-misfit
-misogyny
-misplacement
-misreading
-missile
-mission
-mist
-mistake
-mister
-miter
-mitten
-mix
-mixer
-mixture
-moat
-mobile
-moccasins
-mocha
-mode
-model
-modem
-mole
-mom
-moment
-monastery
-monasticism
-monday
-money
-monger
-monitor
-monkey
-monocle
-monotheism
-monsoon
-monster
-month
-mood
-moon
-moonscape
-moonshine
-mop
-Mormon
-morning
-morocco
-morsel
-mortise
-mosque
-mosquito
-most
-motel
-moth
-mother
-motherinlaw
-motion
-motor
-motorboat
-motorcar
-motorcycle
-mound
-mountain
-mouse
-mouser
-mousse
-moustache
-mouth
-mouton
-move
-mover
-movie
-mower
-mud
-mug
-mukluk
-mule
-multimedia
-muscle
-musculature
-museum
-music
-musicbox
-musician
-musicmaking
-mustache
-mustard
-mutt
-myanmar
-mycoplasma
-nail
-name
-naming
-nancy
-nanoparticle
-napkin
-narcissus
-nation
-naturalisation
-nature
-neat
-neck
-necklace
-necktie
-necromancer
-need
-needle
-negligee
-negotiation
-neologism
-neon
-nepal
-nephew
-nerve
-nest
-net
-netball
-netbook
-netsuke
-network
-neurobiologist
-neuropathologist
-neuropsychiatry
-news
-newspaper
-newsprint
-newsstand
-nexus
-nic
-nicety
-niche
-nickel
-niece
-nigeria
-night
-nightclub
-nightgown
-nightingale
-nightlight
-nitrogen
-node
-noise
-nonbeliever
-nonconformist
-nondisclosure
-noodle
-normal
-norse
-north
-northamerica
-northkorea
-nose
-note
-notebook
-notice
-notify
-notoriety
-nougat
-novel
-november
-nudge
-number
-numeracy
-numeric
-numismatist
-nurse
-nursery
-nurture
-nut
-nylon
-oak
-oar
-oasis
-oatmeal
-obi
-objective
-obligation
-oboe
-observation
-observatory
-occasion
-occupation
-ocean
-ocelot
-octagon
-octave
-octavo
-octet
-october
-octopus
-odometer
-oeuvre
-offence
-offer
-office
-official
-offramp
-oil
-okra
-oldie
-olive
-omega
-omelet
-oncology
-one
-onion
-open
-opening
-opera
-operation
-ophthalmologist
-opinion
-opium
-opossum
-opportunist
-opportunity
-opposite
-option
-orange
-orangutan
-orator
-orchard
-orchestra
-orchid
-order
-ordinary
-ordination
-organ
-organisation
-organization
-original
-ornament
-osmosis
-osprey
-ostrich
-others
-otter
-ottoman
-ounce
-outback
-outcome
-outfit
-outhouse
-outlay
-output
-outrigger
-outset
-outside
-oval
-ovary
-oven
-overcharge
-overclocking
-overcoat
-overexertion
-overflight
-overnighter
-overshoot
-owl
-owner
-ox
-oxen
-oxford
-oxygen
-oyster
-pacemaker
-pack
-package
-packet
-pad
-paddle
-paddock
-page
-pagoda
-pail
-pain
-paint
-painter
-painting
-paintwork
-pair
-pajama
-pajamas
-pakistan
-paleontologist
-paleontology
-palm
-pamphlet
-pan
-pancake
-pancreas
-panda
-panic
-pannier
-panpipe
-pansy
-panther
-panties
-pantry
-pants
-pantsuit
-panty
-pantyhose
-paper
-paperback
-parable
-parachute
-parade
-parallelogram
-paramedic
-parcel
-parchment
-parent
-parentheses
-park
-parka
-parrot
-parsnip
-part
-participant
-particle
-particular
-partner
-partridge
-party
-passage
-passbook
-passenger
-passion
-passive
-pasta
-paste
-pastor
-pastoralist
-pastry
-patch
-path
-patience
-patient
-patina
-patio
-patriarch
-patricia
-patrimony
-patriot
-patrol
-pattern
-paul
-pavement
-pavilion
-paw
-pawnshop
-payee
-payment
-pea
-peace
-peach
-peacoat
-peacock
-peak
-peanut
-pear
-pearl
-pedal
-pedestrian
-pediatrician
-peen
-peer
-peertopeer
-pegboard
-pelican
-pelt
-pen
-penalty
-pencil
-pendant
-pendulum
-penicillin
-pension
-pentagon
-peony
-people
-pepper
-percentage
-perception
-perch
-performance
-perfume
-period
-periodical
-peripheral
-permafrost
-permission
-permit
-perp
-person
-personality
-perspective
-peru
-pest
-pet
-petal
-petticoat
-pew
-pharmacist
-pharmacopoeia
-phase
-pheasant
-philippines
-philosopher
-philosophy
-phone
-photo
-photographer
-phrase
-physical
-physician
-physics
-pianist
-piano
-piccolo
-pick
-pickax
-picket
-pickle
-picture
-pie
-piece
-pier
-piety
-pig
-pigeon
-pike
-pile
-pilgrimage
-pillbox
-pillow
-pilot
-pimp
-pimple
-pin
-pinafore
-pincenez
-pine
-pineapple
-pinecone
-ping
-pink
-pinkie
-pinstripe
-pint
-pinto
-pinworm
-pioneer
-pipe
-piracy
-piranha
-pisces
-piss
-pitch
-pitching
-pith
-pizza
-place
-plain
-plane
-planet
-plant
-plantation
-planter
-plaster
-plasterboard
-plastic
-plate
-platform
-platinum
-platypus
-play
-player
-playground
-playroom
-pleasure
-pleated
-plier
-plot
-plough
-plover
-plow
-plowman
-plume
-plunger
-plywood
-pneumonia
-pocket
-pocketbook
-pocketwatch
-poem
-poet
-poetry
-poignance
-point
-poison
-poisoning
-poland
-pole
-polenta
-police
-policeman
-policy
-polish
-politician
-politics
-pollution
-polo
-polyester
-pompom
-poncho
-pond
-pony
-poof
-pool
-popcorn
-poppy
-popsicle
-population
-populist
-porch
-porcupine
-port
-porter
-portfolio
-porthole
-position
-positive
-possession
-possibility
-postage
-postbox
-poster
-pot
-potato
-potential
-potty
-pouch
-poultry
-pound
-pounding
-powder
-power
-precedent
-precipitation
-preface
-preference
-prelude
-premeditation
-premier
-preoccupation
-preparation
-presence
-presentation
-president
-pressroom
-pressure
-pressurisation
-price
-pride
-priest
-priesthood
-primary
-primate
-prince
-princess
-principal
-print
-printer
-priority
-prison
-prize
-prizefight
-probation
-problem
-procedure
-process
-processing
-produce
-producer
-product
-production
-profession
-professional
-professor
-profit
-program
-project
-promotion
-prompt
-proofreader
-propane
-property
-proposal
-prose
-prosecution
-protection
-protest
-protocol
-prow
-pruner
-pseudoscience
-psychiatrist
-psychoanalyst
-psychologist
-psychology
-ptarmigan
-publisher
-pudding
-puddle
-puffin
-pull
-pulley
-puma
-pump
-pumpkin
-pumpkinseed
-punch
-punishment
-pupa
-pupil
-puppy
-purchase
-puritan
-purple
-purpose
-purse
-push
-pusher
-put
-pvc
-pyjama
-pyramid
-quadrant
-quail
-quality
-quantity
-quart
-quarter
-quartz
-queen
-question
-quicksand
-quiet
-quill
-quilt
-quince
-quit
-quiver
-quotation
-rabbi
-rabbit
-raccoon
-race
-racer
-racing
-racist
-rack
-radar
-radiator
-radio
-radiosonde
-radish
-raffle
-raft
-rag
-rage
-rail
-railway
-raiment
-rain
-rainbow
-raincoat
-rainmaker
-rainstorm
-raise
-rake
-ram
-rambler
-ramie
-ranch
-random
-randomisation
-range
-rank
-raspberry
-rat
-rate
-ratio
-raven
-ravioli
-raw
-rawhide
-ray
-rayon
-reactant
-reaction
-read
-reading
-reality
-reamer
-rear
-reason
-receipt
-reception
-recess
-recipe
-recliner
-recognition
-recommendation
-record
-recorder
-recording
-recover
-recruit
-rectangle
-red
-redesign
-rediscovery
-reduction
-reef
-refectory
-reflection
-refrigerator
-refund
-refuse
-region
-register
-regret
-regular
-regulation
-reindeer
-reinscription
-reject
-relation
-relationship
-relative
-religion
-relish
-reminder
-rent
-repair
-reparation
-repeat
-replace
-replacement
-replication
-reply
-report
-representative
-reprocessing
-republic
-reputation
-request
-requirement
-resale
-research
-resident
-resist
-resolution
-resource
-respect
-respite
-response
-responsibility
-rest
-restaurant
-result
-retailer
-rethinking
-retina
-retouch
-return
-reveal
-revenant
-revenue
-review
-revolution
-revolve
-revolver
-reward
-rheumatism
-rhinoceros
-rhyme
-rhythm
-rice
-richard
-riddle
-ride
-rider
-ridge
-rifle
-right
-rim
-ring
-ringworm
-ripple
-rise
-riser
-risk
-river
-riverbed
-rivulet
-road
-roadway
-roast
-robe
-robert
-robin
-rock
-rocker
-rocket
-rocketship
-rod
-role
-roll
-roller
-romania
-ronald
-roof
-room
-rooster
-root
-rope
-rose
-rostrum
-rotate
-roundabout
-route
-router
-routine
-row
-rowboat
-royal
-rub
-rubber
-rubric
-ruckus
-ruffle
-rugby
-rule
-run
-runaway
-runner
-russia
-rutabaga
-ruth
-sabre
-sack
-sad
-saddle
-safe
-safety
-sage
-sagittarius
-sail
-sailboat
-sailor
-salad
-salary
-sale
-salesman
-salmon
-salon
-saloon
-salt
-samovar
-sampan
-sample
-samurai
-sand
-sandals
-sandbar
-sandra
-sandwich
-santa
-sarah
-sardine
-sari
-sarong
-sash
-satellite
-satin
-satire
-satisfaction
-saturday
-sauce
-saudiarabia
-sausage
-save
-saving
-savior
-saviour
-saw
-saxophone
-scale
-scallion
-scanner
-scarecrow
-scarf
-scarification
-scene
-scent
-schedule
-scheme
-schizophrenic
-schnitzel
-school
-schoolhouse
-schooner
-science
-scimitar
-scissors
-scooter
-score
-scorn
-scorpio
-scorpion
-scow
-scraper
-screamer
-screen
-screenwriting
-screw
-screwdriver
-screwup
-scrim
-scrip
-sculpting
-sculpture
-sea
-seagull
-seal
-seaplane
-search
-seashore
-season
-seat
-second
-secretariat
-secretary
-section
-sectional
-sector
-secure
-security
-seed
-seeder
-segment
-select
-selection
-self
-sell
-semicircle
-semicolon
-senator
-sense
-sentence
-sepal
-september
-septicaemia
-series
-servant
-server
-service
-session
-set
-setting
-settler
-sewer
-sex
-shack
-shade
-shadow
-shadowbox
-shake
-shakedown
-shaker
-shallot
-shame
-shampoo
-shanty
-shape
-share
-shark
-sharon
-shawl
-shearling
-shears
-sheath
-shed
-sheep
-sheet
-shelf
-shell
-sherry
-shield
-shift
-shin
-shine
-shingle
-ship
-shirt
-shirtdress
-shoat
-shock
-shoe
-shoehorn
-shoehorn
-shoelace
-shoemaker
-shoes
-shoestring
-shofar
-shoot
-shootdown
-shop
-shopper
-shopping
-shore
-shortage
-shorts
-shortwave
-shot
-shoulder
-shovel
-show
-shower
-showstopper
-shred
-shrimp
-shrine
-siamese
-sibling
-sick
-side
-sideboard
-sideburns
-sidecar
-sidestream
-sidewalk
-siding
-sign
-signature
-signet
-significance
-signup
-silica
-silk
-silkworm
-sill
-silo
-silver
-simple
-sing
-singer
-single
-sink
-sir
-sister
-sisterinlaw
-sit
-sitar
-situation
-size
-skate
-skiing
-skill
-skin
-skirt
-skulduggery
-skull
-skullcap
-skullduggery
-skunk
-sky
-skylight
-skyscraper
-skywalk
-slapstick
-slash
-slave
-sled
-sledge
-sleep
-sleet
-sleuth
-slice
-slider
-slime
-slip
-slipper
-slippers
-slope
-sloth
-smash
-smell
-smelting
-smile
-smock
-smog
-smoke
-smuggling
-snail
-snake
-snakebite
-sneakers
-sneeze
-snob
-snorer
-snow
-snowboarding
-snowflake
-snowman
-snowmobiling
-snowplow
-snowstorm
-snowsuit
-snuggle
-soap
-soccer
-society
-sociology
-sock
-socks
-soda
-sofa
-softball
-softdrink
-softening
-software
-soil
-soldier
-solid
-solitaire
-solution
-sombrero
-somersault
-somewhere
-son
-song
-songbird
-sonnet
-soot
-soprano
-sorbet
-sort
-soulmate
-sound
-soup
-source
-sourwood
-sousaphone
-south
-southafrica
-southamerica
-southkorea
-sow
-soy
-soybean
-space
-spacing
-spade
-spaghetti
-spain
-spandex
-spank
-spark
-sparrow
-spasm
-speaker
-speakerphone
-spear
-special
-specialist
-specific
-spectacle
-spectacles
-spectrograph
-speech
-speedboat
-spend
-sphere
-sphynx
-spider
-spike
-spinach
-spine
-spiral
-spirit
-spiritual
-spite
-spleen
-split
-sponge
-spoon
-sport
-spot
-spotlight
-spray
-spread
-spring
-sprinter
-sprout
-spruce
-spume
-spur
-spy
-square
-squash
-squatter
-squeegee
-squid
-squirrel
-stable
-stack
-stacking
-stadium
-staff
-stag
-stage
-stain
-stair
-staircase
-stallion
-stamen
-stamina
-stamp
-stance
-standoff
-star
-start
-starter
-state
-statement
-station
-stationwagon
-statistic
-statistician
-steak
-steal
-steam
-steamroller
-steel
-steeple
-stem
-stencil
-step
-stepaunt
-stepbrother
-stepdaughter
-stepdaughter
-stepfather
-stepgrandfather
-stepgrandmother
-stepmother
-stepmother
-steppingstone
-steps
-stepsister
-stepson
-stepson
-stepuncle
-steven
-stew
-stick
-stiletto
-still
-stinger
-stitch
-stock
-stocking
-stockings
-stockintrade
-stole
-stomach
-stone
-stonework
-stool
-stop
-stopsign
-stopwatch
-storage
-store
-storey
-storm
-story
-storyboard
-storytelling
-stove
-strait
-stranger
-strap
-strategy
-straw
-strawberry
-stream
-street
-streetcar
-stress
-stretch
-strike
-string
-strip
-structure
-struggle
-stud
-student
-studio
-study
-stuff
-stumbling
-sturgeon
-style
-styling
-stylus
-subcomponent
-subconscious
-submarine
-subroutine
-subsidence
-substance
-suburb
-subway
-success
-suck
-sudan
-suede
-suffocation
-sugar
-suggestion
-suit
-suitcase
-sultan
-summer
-sun
-sunbeam
-sunbonnet
-sunday
-sundial
-sunflower
-sunglasses
-sunlamp
-sunroom
-sunshine
-supermarket
-supply
-support
-supporter
-suppression
-surface
-surfboard
-surgeon
-surgery
-surname
-surprise
-susan
-sushi
-suspect
-suspenders
-sustainment
-SUV
-swallow
-swamp
-swan
-swath
-sweat
-sweater
-sweats
-sweatshirt
-sweatshop
-sweatsuit
-swedish
-sweets
-swell
-swim
-swimming
-swimsuit
-swing
-swiss
-switch
-switchboard
-swivel
-sword
-swordfish
-sycamore
-sympathy
-syndicate
-synergy
-synod
-syria
-syrup
-system
-tabby
-tabernacle
-table
-tablecloth
-tabletop
-tachometer
-tackle
-tadpole
-tail
-tailor
-tailspin
-taiwan
-tale
-talk
-tam
-tambour
-tambourine
-tamo'shanter
-tandem
-tangerine
-tank
-tanker
-tankful
-tanktop
-tanzania
-tap
-target
-tassel
-taste
-tatami
-tattler
-tattoo
-taurus
-tavern
-tax
-taxi
-taxicab
-tea
-teacher
-teaching
-team
-tear
-technician
-technologist
-technology
-teen
-teeth
-telephone
-telescreen
-teletype
-television
-teller
-temp
-temper
-temperature
-temple
-tempo
-temporariness
-temptress
-tendency
-tenement
-tennis
-tenor
-tension
-tent
-tepee
-term
-terracotta
-terrapin
-territory
-test
-text
-textbook
-texture
-thailand
-thanks
-thaw
-theater
-theism
-theme
-theoretician
-theory
-therapist
-thermals
-thermometer
-thigh
-thing
-thinking
-thistle
-thomas
-thong
-thongs
-thorn
-thought
-thread
-thrill
-throat
-throne
-thrush
-thumb
-thunder
-thunderbolt
-thunderhead
-thunderstorm
-thursday
-tiara
-tic
-ticket
-tie
-tiger
-tight
-tights
-tile
-till
-timbale
-time
-timeline
-timeout
-timer
-timpani
-tin
-tinderbox
-tinkle
-tintype
-tip
-tire
-tissue
-titanium
-title
-toad
-toast
-toe
-toenail
-toga
-togs
-toilet
-tom
-tomato
-tomography
-tomorrow
-tomtom
-ton
-tongue
-toot
-tooth
-toothbrush
-toothpaste
-toothpick
-top
-tophat
-topic
-topsail
-toque
-torchiere
-toreador
-tornado
-torso
-tortellini
-tortoise
-tosser
-total
-tote
-touch
-tough
-toughguy
-tour
-tourist
-towel
-tower
-town
-townhouse
-towtruck
-toy
-trachoma
-track
-tracksuit
-tractor
-trade
-tradition
-traditionalism
-traffic
-trail
-trailer
-train
-trainer
-training
-tram
-tramp
-transaction
-translation
-transmission
-transom
-transport
-transportation
-trapdoor
-trapezium
-trapezoid
-trash
-travel
-tray
-treatment
-tree
-trellis
-tremor
-trench
-trial
-triangle
-tribe
-trick
-trigonometry
-trim
-trinket
-trip
-tripod
-trolley
-trombone
-trooper
-trouble
-trousers
-trout
-trove
-trowel
-truck
-truckit
-trumpet
-trunk
-trust
-truth
-try
-tshirt
-tsunami
-tub
-tuba
-tube
-tuesday
-tugboat
-tulip
-tummy
-tuna
-tune
-tuneup
-tunic
-tunnel
-turban
-turkey
-turkish
-turn
-turnip
-turnover
-turnstile
-turret
-turtle
-tussle
-tutu
-tuxedo
-tv
-twig
-twilight
-twine
-twist
-twister
-two
-typewriter
-typhoon
-tyvek
-uganda
-ukraine
-ukulele
-umbrella
-unblinking
-uncle
-underclothes
-underground
-underneath
-underpants
-underpass
-undershirt
-understanding
-underwear
-underwire
-unibody
-uniform
-union
-unit
-unitedkingdom
-university
-urn
-use
-user
-usher
-utensil
-uzbekistan
-vacation
-vacuum
-vagrant
-valance
-valley
-valuable
-value
-van
-vane
-vanity
-variation
-variety
-vase
-vast
-vault
-vaulting
-veal
-vegetable
-vegetarian
-vehicle
-veil
-vein
-veldt
-vellum
-velodrome
-velvet
-venezuela
-venezuelan
-venom
-veranda
-verdict
-vermicelli
-verse
-version
-vertigo
-verve
-vessel
-vest
-vestment
-vibe
-vibraphone
-vibration
-video
-vietnam
-view
-villa
-village
-vineyard
-vinyl
-viola
-violet
-violin
-virginal
-virgo
-virtue
-virus
-viscose
-vise
-vision
-visit
-visitor
-visor
-vixen
-voice
-volcano
-volleyball
-volume
-voyage
-vulture
-wad
-wafer
-waffle
-waist
-waistband
-waiter
-waitress
-walk
-walker
-walkway
-wall
-wallaby
-wallet
-walnut
-walrus
-wampum
-wannabe
-war
-warden
-warlock
-warmup
-warning
-wash
-washbasin
-washcloth
-washer
-washtub
-wasp
-waste
-wastebasket
-watch
-watchmaker
-water
-waterbed
-waterfall
-waterskiing
-waterspout
-wave
-wax
-way
-weakness
-wealth
-weapon
-weasel
-weather
-web
-wedding
-wedge
-wednesday
-weed
-weeder
-weedkiller
-week
-weekend
-weekender
-weight
-weird
-well
-west
-western
-wetbar
-wetsuit
-whale
-wharf
-wheel
-whip
-whirlpool
-whirlwind
-whisker
-whiskey
-whistle
-white
-whole
-wholesale
-wholesaler
-whorl
-wife
-wilderness
-will
-william
-willow
-wind
-windage
-windchime
-window
-windscreen
-windshield
-wine
-wing
-wingman
-wingtip
-winner
-winter
-wire
-wiseguy
-wish
-wisteria
-witch
-witchhunt
-withdrawal
-witness
-wolf
-woman
-wombat
-women
-wood
-woodland
-woodshed
-woodwind
-wool
-woolen
-word
-work
-workbench
-worker
-workhorse
-worklife
-workshop
-world
-worm
-worthy
-wound
-wrap
-wraparound
-wrecker
-wren
-wrench
-wrestler
-wrinkle
-wrist
-writer
-writing
-wrong
-xylophone
-yacht
-yak
-yam
-yard
-yarmulke
-yarn
-yawl
-year
-yellow
-yesterday
-yew
-yin
-yogurt
-yoke
-young
-youth
-yurt
-zampone
-zebra
-zebrafish
-zephyr
-ziggurat
-zinc
-zipper
-zither
-zone
-zoo
-zoologist
-zoology
-zootsuit
-zucchini
diff --git a/_deprecated/host/usr/share/dict/names b/_deprecated/host/usr/share/dict/names
deleted file mode 100644
index 9bd0182e..00000000
--- a/_deprecated/host/usr/share/dict/names
+++ /dev/null
@@ -1,3947 +0,0 @@
-charlestiger
-silvergore-tex
-changebutter
-bonsaiscrew
-pajamabuilding
-roosterrainbow
-dungeongender
-tempergrenade
-fronttadpole
-slavecarpenter
-schoolcreator
-mimosapayment
-heronmexico
-airportjudge
-cuticleemery
-rubberflute
-timbaleselection
-jellyfishforgery
-hyenarabbit
-revolveramie
-biologygasoline
-detailprofit
-increaseverdict
-hamsterguitar
-patiodiamond
-dugouthimalayan
-turkeypropane
-earthcollision
-fleshlyocell
-cablekilogram
-athletealgeria
-trombonethrill
-carpentercement
-bumperbrandy
-transportcover
-stockingdollar
-spainaddress
-whalegrade
-denimhalibut
-watchbritish
-custardberry
-penaltysecure
-beardpendulum
-activitycurtain
-octopustsunami
-ferrynumeric
-snowflakecomposer
-sentencemaraca
-patioelizabeth
-buttonblade
-dessertattack
-pansydetail
-trianglehandle
-gliderpound
-jameschristmas
-scannergalley
-pimpletrumpet
-governorfridge
-parcelcrime
-aluminiumfather
-epochrevolve
-hyacinthparent
-museumchina
-powertramp
-patiocapital
-frameeight
-buglemichael
-sharkowner
-chickmouth
-dressgiant
-glidingtitanium
-lotioncyclone
-swordfishspider
-bongobarometer
-hockeypants
-signaturevalley
-headlightalibi
-sundialattempt
-layerraven
-advantagefloor
-mexicokayak
-balineseoxygen
-goldfishrelation
-witnesstoilet
-anglefireman
-chequecomma
-offernotify
-margaretpolyester
-insurancemetal
-copperlinda
-metalselection
-pastekettle
-bomberdoubt
-canoegore-tex
-whaleturret
-frownpatio
-brownchime
-porchincome
-sailboatturnover
-kitchencheck
-shrimpairbus
-secondeagle
-pictureplayroom
-timerbroker
-libraroute
-copyrightaustralia
-patchwoolen
-rutabagavelvet
-cannonthought
-tsunamikeyboard
-africaprison
-airplaneexhaust
-bandanacover
-polandcandle
-trumpetscreen
-bufferdeadline
-asteriskdrink
-susancongo
-respectgliding
-enquiryhammer
-coughhacksaw
-malaysiahardhat
-kayaktendency
-peonydanger
-separatedgearshift
-desserteurope
-shovelalmanac
-lotioncabinet
-airshipseashore
-believeblinker
-tortoiseapparatus
-saturdayverse
-chimefebruary
-umbrellaquince
-mosquepuppy
-signaturecarnation
-pantyslice
-routercornet
-nephewpassenger
-georgefriday
-locustgerman
-screenfedelini
-expertscorpio
-trainswimming
-comfortsundial
-scarecrowradiator
-kilometerrayon
-poultrycreditor
-februaryproperty
-lungehacksaw
-grillfibre
-jumbosociology
-bonsairainbow
-equinoxfibre
-coffeeinput
-caravanshade
-communityporcupine
-sycamorelaugh
-browngender
-tradevacuum
-troubleairport
-pastepizza
-octobersugar
-reportmaraca
-routenitrogen
-helmetgemini
-rocketpayment
-ostrichknickers
-inputbankbook
-staircaseprofit
-wristcrayon
-blacksuede
-objectivepackage
-mailboxmailman
-printshrine
-octagonformat
-almanacrotate
-boardgeology
-alibicello
-willowmotion
-radioclaus
-wednesdayboard
-microwavewitness
-tuliptongue
-xylophoneequinox
-ronaldhearing
-teethtempo
-buttonattention
-eggplantcredit
-regretarcher
-scorpionolive
-crimecaptain
-joggingspade
-creamdeadline
-jasonmusician
-blacksparrow
-hobbiescancer
-aftermathpheasant
-quicksandmiddle
-brokerforce
-kevinspain
-cornetsidecar
-brickselect
-spherepillow
-sharkhelen
-pockettyvek
-repairfrench
-studycommunity
-bladderlawyer
-riverbedforecast
-continenttuesday
-laborerpressure
-arrowquiver
-larchcherry
-whorlradiator
-scarfboundary
-partnersidecar
-coloncloudy
-dipsticktramp
-vesselsandwich
-salesmanlawyer
-reductionmargin
-quotationgender
-mousewindow
-secretarydentist
-guidespandex
-batteryweasel
-banjorevolver
-glassdorothy
-elbowheron
-africasandwich
-kittynumber
-japansoftdrink
-bargecellar
-bricktreatment
-pyjamadrake
-eggplantcrocus
-templedoubt
-francenapkin
-wealthfactory
-titaniumjourney
-galleyclimb
-bettysoftball
-propanehardcover
-doubtsausage
-cupcakebowling
-fighterseason
-paymentquart
-eyelinerbrick
-manageracoustic
-michaelsoldier
-wristfriction
-currentteaching
-humorsociology
-sneezeapparatus
-underwearbirth
-spinachbookcase
-cattlespinach
-touchcopper
-octavehardware
-copyrightlinen
-processpantry
-birchnapkin
-downtownmacrame
-typhoonargument
-daisycello
-relishfootball
-disgustadvantage
-diaphragmmeasure
-doctorchildren
-offenceoutput
-meetingweapon
-spherestation
-portercylinder
-piscescougar
-dinnerfather
-foreheadtsunami
-optionnerve
-whitequarter
-marriedcough
-quivercanoe
-larchstomach
-woundspain
-forestwoolen
-ministerfreeze
-cookingkorean
-treatmentdamage
-shamecurrent
-gardenknife
-bladdergraphic
-tankershelf
-grapemechanic
-bombercarrot
-fedeliniwalrus
-holidaywhite
-supportriverbed
-businesseggnog
-captionevening
-rangelotion
-sparkvault
-sausagemexican
-colombiaorder
-oliveacoustic
-tadpoleslice
-footballgoldfish
-snowstormchinese
-saturdaybalance
-fairiessusan
-directioncloudy
-belieftreatment
-butcherspring
-marginsense
-activechurch
-clavesurname
-decadetrowel
-tempometal
-buildingattempt
-peacenight
-railwayjudge
-celerybrian
-footnoteagreement
-kettlegiraffe
-geometrysaturday
-lyocellbathtub
-francebuffet
-spearcattle
-relativeshrimp
-lycradigger
-creditorrevolve
-carrotpolice
-tulipmosquito
-kilometerdiploma
-scrapertrial
-cycleoctopus
-pasteprose
-printearth
-smellkevin
-flutemountain
-marchkidney
-typhoonstool
-salmonmemory
-statesurgeon
-bronzedirection
-handsawradar
-crushexpert
-trafficsturgeon
-grasscomic
-freezethought
-dragonflylobster
-luttucewrench
-notebookporch
-faucetbumper
-systemscience
-singerliquor
-swimmingenquiry
-tornadoteeth
-partybakery
-thronesquash
-bassoonnotify
-flavorpotato
-rainbowscent
-bookleteffect
-pantryitaly
-layerromanian
-graphicavenue
-meterslope
-riddleslime
-chineseshrine
-ganderfragrance
-teachingblack
-magazinecalendar
-servantorange
-graincurler
-carriageplaster
-reportblowgun
-sproutpeony
-creditorinnocent
-communityapparatus
-editorpaper
-featurereading
-gazelleindia
-routeattempt
-sprucepuppy
-equipmentglass
-sleetcrack
-cannonregret
-capricornnigeria
-surnamebench
-dentisthedge
-swedishaddition
-mouseexpansion
-firewallindustry
-librallama
-flaredecade
-prosesquash
-clippersubmarine
-witchturnip
-forecastlunge
-inventionlunge
-josephshallot
-mimosacable
-snowflakeharmonica
-rewardposition
-octavemedicine
-circleasphalt
-beechgymnast
-conditiontimer
-pantyhoseforehead
-skatebrush
-screenpromotion
-playroomswamp
-brasscannon
-clarinetmailman
-cameldiploma
-wheelsquare
-creammeter
-michellepackage
-noveldiploma
-malaysiabottom
-aluminumsingle
-plaincamel
-turkeyhimalayan
-inventorycharacter
-blowgunturnover
-lunchroommuseum
-vacuumathlete
-kamikazerifle
-clausweight
-visionvision
-networkplatinum
-chicorymother
-engineclarinet
-treatmentoffence
-bobcatturtle
-exhaustmicrowave
-snowplowprotest
-dipstickguarantee
-successrespect
-afternoonpurple
-smellknowledge
-gradeeyebrow
-leatherbarbara
-chimeweight
-eyelashrutabaga
-dinghyproperty
-postboxaccount
-squarebattery
-gore-texcomma
-marchquicksand
-brazilcucumber
-securerailway
-kenyaverse
-weederitalian
-frontbrian
-selectionhandicap
-squareweapon
-licenseasterisk
-flarecommunity
-step-sonbaseball
-toastmimosa
-ceramicstopsign
-heroncolon
-snailskirt
-congabreak
-dieticianbeginner
-cabinetrainbow
-tyvekceleste
-basketpoliceman
-spiderlimit
-chemistryfight
-buildingdredger
-benchplaster
-oysterattic
-networkpowder
-servantzipper
-saturdayflute
-laundrycrocus
-spoondryer
-otterguarantee
-livernoodle
-designpigeon
-cloudcraftsman
-protocolgallon
-britishpyjama
-ocelotcrocodile
-fendercartoon
-digitalbehavior
-limitsword
-bumperbasket
-americaexchange
-placecatsup
-cathedralalphabet
-incomeshorts
-wealthactivity
-forecastparsnip
-ministertortoise
-swisserror
-signaturesamurai
-stampspeedboat
-c-clampbulldozer
-peanutindia
-reductiondeborah
-rugbyeyelash
-euphoniumbrandy
-matchstove
-watchattention
-basementhandball
-commandapril
-hedgedetective
-separatedcolon
-smellswing
-currentflame
-clutchferry
-bloodcushion
-stockliquid
-odometerchristmas
-napkincough
-porcupineresult
-clutchsalad
-relativeskiing
-saxophonedresser
-readingdamage
-goslingbrush
-waterfallspoon
-glidingwallet
-cocoacotton
-shouldergovernor
-chillincrease
-supplymessage
-footballgrandson
-heightsudan
-collegestatistic
-pilotornament
-novembersusan
-clothgroup
-susanmaraca
-hardwarelimit
-treatmentlunge
-badgerrotate
-refundbandana
-ostrichlightning
-prefacepostage
-drakeauthority
-captionnigeria
-barberbumper
-radishskiing
-quietporter
-teethraincoat
-fedeliniactor
-jellybeaver
-frameshake
-employeehobbies
-asparagusbrick
-shearstreatment
-davidswimming
-herringpoint
-pleasuresalad
-breakdiscovery
-waiterthrill
-giantmilkshake
-daughteroxygen
-pendulumbirth
-clarinetchill
-novelcondor
-magazinealibi
-ouncedimple
-scentpressure
-skillspeedboat
-novelbagel
-umbrellariddle
-frenchcatsup
-riflevessel
-processskate
-sweetsvacuum
-shampoocreator
-passiverepair
-bubbleprofit
-rowboatdollar
-earthbonsai
-aluminiumcharacter
-racingsubway
-viscoseharmonica
-ministerbrush
-footnotefriday
-agreementforehead
-helenexpert
-professorsuccess
-mercurygeography
-deathfight
-chillvessel
-quarterwitch
-incomealcohol
-armchairfemale
-methanesleep
-octavedorothy
-pilotfeedback
-valuespoon
-lunchauthority
-revolveapology
-emerynewsprint
-rubberdesert
-floodlunchroom
-spooncapricorn
-islandrubber
-authoritycelery
-saturdaypenalty
-businesscouch
-cirrusorgan
-periodnotebook
-adviceshrine
-waterfallgrowth
-capricorntimpani
-wealthrelish
-brothercarbon
-macaronigliding
-powderleopard
-invoicewhiskey
-clockkarate
-goslingdeficit
-deadlinelatex
-nursecuban
-separatedjapanese
-cricketpenalty
-thingpotato
-swallowwomen
-glidingraven
-powderex-wife
-seederfedelini
-candlecowbell
-snailgazelle
-step-auntaccordion
-burstapparel
-cheetahcongo
-karenposition
-armenianrooster
-pencildancer
-employerchocolate
-burmaalbatross
-clockcarrot
-burglardomain
-forestargument
-tenorfaucet
-enemynylon
-nitrogendisgust
-christmassoftball
-mexicanscanner
-desiredatabase
-lentiltaurus
-pyramidstone
-effectswimming
-courseacoustic
-hourglassgrowth
-marketdiscovery
-cardiganyacht
-tyvekstinger
-graphicwhistle
-handballchance
-wristbeast
-ethiopiastomach
-croissanttaste
-cinemaplywood
-learningpuffin
-chesspruner
-backbonecattle
-batteryarmenian
-pricesurfboard
-carnationcopyright
-mittensuede
-dramacircle
-activedashboard
-scheduleathlete
-closedelete
-kittencabinet
-good-byemimosa
-insectsalesman
-bottledrama
-meterseptember
-hydrofoilrowboat
-slopesushi
-coastmarble
-robertorder
-cloudyjoseph
-zebramouth
-levelthought
-mechanicpumpkin
-kettlegrass
-scienceriddle
-radarjennifer
-basketchicken
-creamnickel
-shieldbucket
-michellefield
-radiatorchocolate
-revolvernylon
-shortsfreon
-bottomchance
-dreampancreas
-kendobanana
-handballtrapezoid
-euphoniumproperty
-crackhearing
-spinachbalance
-housetimer
-oysterjustice
-linenmaraca
-braceacrylic
-zebraknowledge
-needlepoint
-legalrevolve
-bathtubdress
-drainsearch
-balancecommand
-liquidbanker
-magicmaple
-supportsneeze
-marblecrocodile
-stingerorange
-accountdegree
-freongliding
-thailandfriend
-freezerwallet
-plasterronald
-policefriday
-garagetyphoon
-alarmcollege
-targetkamikaze
-larchnumber
-childrenpatio
-keyboardradish
-attentionpeony
-effectburglar
-castanetfeature
-heavenukrainian
-databasetwilight
-mountainsister
-postagecentury
-witchcollision
-knowledgemouth
-temperceleste
-prosebaseball
-waterfallmailman
-memoryankle
-clothapple
-exhaustwaste
-belgianmattock
-queenlipstick
-threadrefund
-mailboxmotorboat
-daffodilviola
-snailprocess
-gearshiftseaplane
-walrusfebruary
-featurerayon
-quarterelephant
-schoolpastor
-mimosaporter
-breadglider
-shamesanta
-turnipreading
-multi-hopintestine
-glassbarber
-preparedviolin
-kettlecrime
-fireplaceadapter
-inventorybuffet
-kittenbelief
-elizabethtyphoon
-postagepostbox
-raincoatfootnote
-softballmailbox
-stretchliquid
-francelevel
-impulsecurve
-innocentpumpkin
-puppymirror
-brandyillegal
-quotationchess
-climbschedule
-discoverysusan
-medicinediploma
-thailandhardcover
-cucumbernylon
-freonghana
-aardvarkdietician
-draindesire
-cloakroomprison
-romanianblade
-ashtrayshadow
-visioncinema
-nationprofit
-crocusspring
-kevinpants
-feedbackpatio
-popcornquartz
-twilightbanker
-storeagreement
-dahliabiology
-dieticianinsurance
-hygienicraincoat
-elizabethpizza
-microwavescent
-vaultbalance
-notifycolon
-epochpicture
-animalchannel
-deathcobweb
-sheepmaple
-semicolontanker
-sproutbranch
-edwardpaint
-earthshoemaker
-servergeometry
-journeywheel
-brazilarmenian
-deborahcarriage
-systempassbook
-routearmchair
-platecatsup
-budgetstinger
-bageleditorial
-lathepropane
-chainlumber
-lumbercroissant
-sausageshorts
-giantchain
-breakdistance
-eyebrowpanther
-babiescormorant
-plieraluminum
-curlerdaniel
-parsnipbritish
-septembersweater
-radarcloud
-ptarmiganturkey
-operationchive
-creditorbedroom
-bucketcourse
-clippermarble
-ariescracker
-velvetspeedboat
-purpledeficit
-ambulancehydrogen
-driversushi
-titlesatin
-dugoutoctober
-trouserscolumnist
-dahliaattic
-snowstormramie
-athletethread
-steeldigital
-silveraddition
-industryfender
-buzzarddipstick
-writerbroccoli
-snowflakecelsius
-denimnumber
-birthshoemaker
-beardmarch
-sushilyric
-sharkstation
-policegarage
-algebrahalibut
-frontconsonant
-languagewrecker
-softballbadger
-leatherbetty
-garlicgender
-giantlyric
-asparaguswater
-craftsmandistance
-croissantladybug
-scarecrownewsprint
-pencilteeth
-elbowstock
-edwardbrazil
-decademustard
-birchacrylic
-riddleporter
-badgechauffeur
-liquorghost
-roastathlete
-hydrantwrench
-salmonexpansion
-softdrinkkaren
-skirtpromotion
-cornetanthony
-kittydrain
-chinaapology
-birchseeder
-appliancesardine
-napkintaiwan
-priestquicksand
-avenuewaiter
-mimosatrunk
-sphynxchalk
-measurecolor
-thursdayptarmigan
-pollutionschool
-clientprose
-guitarhalibut
-plantafternoon
-dorothybrown
-journeyfactory
-viscosechain
-rhythmscience
-timerrefund
-congobacon
-squiddeficit
-skillswordfish
-skatesteel
-bangleinput
-orchestradorothy
-reactionmulti-hop
-rutabagafurniture
-flameronald
-actorcredit
-condorronald
-euphoniumsmash
-accordionafternoon
-seaplanenancy
-mailmanrevolver
-reindeerrailway
-tablepound
-pantsbronze
-michellepilot
-trampsugar
-footballlettuce
-circleground
-employerstreetcar
-numbercheese
-theorybabies
-australiaplane
-quotationplace
-ex-wifequiet
-shapeincrease
-handballcharles
-branchguide
-violincanvas
-familyaugust
-crayfishcompany
-laughmeasure
-perchliquid
-bedroomincome
-mittenvacation
-februaryscorpion
-japanpassenger
-employeeground
-judgetenor
-conditionchauffeur
-englishtwine
-birchbutter
-refundmistake
-phoneaccordion
-alloywrist
-valleygliding
-clockcourt
-tradesurname
-reductioncaution
-pimpleclarinet
-equipmenttexture
-geesediamond
-elementsemicolon
-trafficporter
-deficitfired
-letterfortnight
-burstcolony
-novelchange
-saucecracker
-marketwasher
-selectionbracket
-shoulderdeborah
-ellipsecopyright
-denimastronomy
-surprisecrown
-locustturkish
-zipperbrick
-partridgesemicolon
-stormsemicolon
-secretaryjennifer
-intestinecornet
-fedelinisupport
-writercough
-divingblack
-growthtrick
-deficitrepair
-wrinklegauge
-classcomma
-divorcedspade
-trailfront
-networkcream
-frownbrochure
-garlicdrawer
-trumpetstock
-beavertrouble
-exchangemichelle
-farmercover
-adaptergoose
-latexapparel
-edgerstretch
-thoughtquality
-firemansession
-berrycomfort
-cancercolon
-pastrystructure
-marbleblanket
-dentistcocktail
-scenelicense
-kenyabengal
-questiondebtor
-actionplant
-jeansbassoon
-damageoption
-frameattack
-mouthselect
-bicyclediaphragm
-divingsquirrel
-switchjapan
-recessillegal
-comichurricane
-turnipsoftware
-hygienicjaguar
-kennethvietnam
-brianpamphlet
-latencyclave
-collarcymbal
-rainboworgan
-yellowcaravan
-equipmentedger
-fairiesbegonia
-illegalappliance
-routersurgeon
-handlestation
-badgelipstick
-reportframe
-soldiertexture
-knowledgesandra
-addressalphabet
-harmonicaaftermath
-gaugebrand
-georgegosling
-editorsupport
-custardattic
-reasonantelope
-drakeshrimp
-tradeappeal
-driveoffice
-morningmyanmar
-cylinderpoison
-fedelinizoology
-vegetablevelvet
-graphicchair
-surgeongeranium
-antelopeshoemaker
-cupboardbassoon
-handsawbudget
-knifegymnast
-mouthvalley
-guiltyhydrofoil
-heavenblack
-startlathe
-edwardterritory
-odometerlobster
-magiciannumeric
-nylonobjective
-smashdowntown
-perchgateway
-pendulumaccount
-chemistrytreatment
-bloodpollution
-turkishbrian
-ladybugsalary
-authorsoprano
-familyadapter
-seagullalarm
-periodtrunk
-companygrass
-jumperrouter
-halibutbronze
-optionelbow
-reporttenor
-airplaneblinker
-kenyagrape
-jewelclick
-lentillevel
-sweatshopkimberly
-eagledimple
-jamessampan
-mexicansundial
-partnerbrazil
-romaniahelium
-thrillharmony
-mirrororchestra
-subwayschool
-mailboxravioli
-secretarycloth
-frownconifer
-cicadapeanut
-tankersword
-sleepniece
-recessschedule
-healthdashboard
-plywoodmagic
-captionbasket
-cucumbertraffic
-pimpleairport
-limitadult
-customerbooklet
-flowercement
-diamondcandle
-monkeyfender
-romanianstinger
-leopardlanguage
-pajamaknowledge
-arrowcricket
-coverbomber
-cartoonclass
-fieldpiano
-stevenwhite
-badgesecurity
-galleystamp
-hexagonfisherman
-timerchinese
-dragonminute
-slicereaction
-hardboardnoise
-dinnermosque
-peanutopera
-propanestation
-diggerwinter
-eggnoggirdle
-milkshakearmenian
-italiancooking
-revolvetrain
-languagefactory
-textbookpreface
-blinkerblock
-pepperbeauty
-eggplantheadlight
-daffodilbeach
-pantherwitch
-michaelsword
-alleycousin
-indiachina
-softballfrench
-agreementcough
-moustachehumor
-forecastcloth
-rocketprison
-actresssilver
-libradugout
-beautyocean
-sweatshopswitch
-celsiusfeast
-pepperskill
-curlerreligion
-cymbalbangle
-mustardethiopia
-ankleclimb
-coughtower
-sturgeonjelly
-cautionchina
-aquariusbankbook
-stopsignperch
-slicecreek
-sprucezephyr
-utensilcarbon
-creatorsmash
-tableprison
-operationdeadline
-rewardpantyhose
-decreasehydrant
-cookingairmail
-frecklepurple
-castanetellipse
-shinglecamel
-hurricanecousin
-feastshingle
-planetaccount
-steeldolphin
-ballooncheek
-glidingshears
-sheepchest
-platinumrepair
-bronzesundial
-entrancecopyright
-snowstormclock
-gorillanylon
-sunshinedivision
-tortoiseharbor
-tailordecision
-dahliadowntown
-thoughtintestine
-cyclecolumn
-bridgedahlia
-cautionspinach
-tabletopbrake
-refundkeyboard
-subwaybarge
-carnationbladder
-rabbirutabaga
-cemeteryrussian
-sparkthomas
-bamboohardcover
-michaelproduct
-downtownsiberian
-professorwasher
-uncleshoemaker
-colorbucket
-wrenchbrake
-decisionviola
-climbgoldfish
-closetplanet
-elementbillboard
-windowwrinkle
-groundpoliceman
-butanemattock
-frictionvoice
-dredgersurfboard
-accordionbadge
-canoebillboard
-fridayslipper
-middlecalendar
-bombersilver
-answerisrael
-daviddrake
-enquiryaluminium
-scissorsstage
-davidstatement
-butchersmoke
-aprilemployer
-hardboardpheasant
-downtownchime
-kenyapigeon
-hospitalcotton
-offencequail
-fatherclave
-salmonamerica
-dipstickwinter
-bookcasedeposit
-clipperdredger
-defensepurpose
-lentilceramic
-rutabagaviolet
-alibidefense
-paintsilica
-backboneclimb
-saturdayanime
-passivebasin
-yachtwrecker
-ferrycommittee
-musicianspinach
-asparaguspyramid
-feathercheetah
-vesseltanker
-prosebrass
-rocketyogurt
-propertysoybean
-collarplaster
-startshovel
-messagecello
-thumboctave
-diggerrecord
-shapeargentina
-chequevessel
-peacebarometer
-laughsuede
-committeestamp
-skiingshrine
-crookcartoon
-swallowcousin
-apparatusinventory
-successcougar
-alarmantelope
-nitrogenmanicure
-typhoonbeggar
-radarraven
-nationdietician
-trainheight
-aquariusbutcher
-angorasunflower
-baseballstarter
-ketchupmichael
-structureostrich
-crackskate
-shellbadge
-mistakepocket
-stormmustard
-bonsaistreetcar
-aardvarkcommunity
-packageorchid
-directioneyebrow
-whorlperch
-systemcurtain
-wednesdaymailbox
-pumpkinreminder
-requestbrochure
-plastercroissant
-refundbudget
-fathernumeric
-effectcardigan
-canoecapricorn
-wedgecandle
-epochpepper
-popcorndivision
-turnoversubstance
-headlinegallon
-edwardsnowstorm
-thingkilogram
-childrensauce
-middlestudy
-aardvarkshark
-cornetstatement
-dieticianmouse
-kilogrammallet
-platescissors
-courtshingle
-lilacdistance
-newsprintsegment
-pyramidmustard
-badgeskill
-weederillegal
-benchdenim
-sweaterplier
-innocentcontrol
-budgetchristmas
-jasonchristmas
-sheetrutabaga
-bomberpancreas
-creaturedisease
-ceilingcreature
-securebamboo
-chickcolumnist
-tankerclipper
-ramiechalk
-libratyphoon
-vaultshampoo
-prefaceformat
-serverminister
-childanswer
-museumukrainian
-sharontheater
-swingequinox
-nancycatamaran
-metalbankbook
-marimbacentury
-piccolomotion
-clockdigger
-buffereurope
-successshark
-reductioncustomer
-vacuumdomain
-sidecarmotion
-englishbasement
-salarysweatshop
-sandrakilogram
-commandbaker
-appleoctagon
-gaugecloakroom
-glassbalinese
-actorfired
-gradeemery
-olivesoprano
-jumbolawyer
-narcissusutensil
-producenovember
-secretaryairplane
-discoverystore
-inputproperty
-trapezoidpropane
-decisioncongo
-fightscene
-sweatshopcobweb
-cupcakescrew
-grapelilac
-chiefnovember
-receipttoenail
-chesshydrant
-parrotlaundry
-signaturefrown
-cirruscatsup
-dresserblanket
-trombonecrime
-asphaltwhiskey
-weightmagician
-shellfeedback
-throneprinter
-flowerastronomy
-storyrobert
-josephcement
-geesemarimba
-yogurtclave
-sopranodessert
-germanwaitress
-cottonweeder
-shirtbathroom
-narcissusstick
-groupcathedral
-dreamstranger
-pastortrial
-davidpaperback
-cougarvirgo
-recordturkish
-rangetooth
-vacuumoxygen
-mirrorlinen
-soybeanlibra
-softwareradar
-emerycrack
-capitaldebtor
-catamaranpolice
-scallionsecurity
-hallwayexpansion
-cousinclaus
-cylinderreason
-harbordavid
-shearsstomach
-airportfather
-kitchennight
-doubtapparatus
-ferryarrow
-dibblesegment
-tanzaniamissile
-pancreasvision
-beggarpriest
-calculuscucumber
-suedechicken
-diggerriver
-signaturemosquito
-joggingdamage
-effectbarbara
-limitthrill
-manicurecrown
-centuryjelly
-seaplanestaircase
-penaltycooking
-policemanegypt
-beastrefund
-attentioncushion
-collisionsampan
-humorvalley
-skiingmargin
-backbonegorilla
-jameshistory
-chickberry
-titledesert
-hamsterdredger
-prefaceattic
-relativeeditor
-sweetschannel
-crayonimpulse
-frenchhumor
-violetbritish
-carolchurch
-hardhatshorts
-cockroachspark
-whalespeedboat
-pollutioncherry
-brothercrown
-raincoatdecision
-septembertendency
-willowdesire
-lobstervinyl
-carbonstep-son
-sweatersoftball
-shrinecelsius
-cloversturgeon
-passivelocket
-daviddesign
-selectionoperation
-utensilairplane
-accounttower
-moustacheturtle
-coveranger
-northcemetery
-glidingantelope
-kittydivision
-maracashrimp
-herondrawer
-goslingroute
-stingershame
-postboxvietnam
-smokecrayon
-cloudground
-middlealcohol
-continentgazelle
-applecustard
-goldfishattic
-handballhexagon
-chessmistake
-grainmorocco
-orchidpencil
-pyramiddetective
-diplomaegypt
-brakemercury
-guiltybehavior
-mandolinnovel
-eggnogfireman
-shovelwitch
-ounceaccordion
-mercuryburglar
-gymnastmother
-harboranime
-bakerysinger
-blackbrain
-kevinskill
-yellowsilver
-marbleflame
-polanddaffodil
-bronzespring
-womanproperty
-sidecarsprout
-radiatorestimate
-pakistanoxygen
-quillsaturday
-featherhelen
-orchestraniece
-kayaktoast
-birthdaybronze
-nephewhistory
-condorjanuary
-creditorchannel
-almanacdesire
-cirrusbiplane
-brickcello
-willowshare
-quartzronald
-cheeseglider
-pandasnowflake
-coursechick
-domainarmenian
-planebacon
-marginoyster
-currentcroissant
-footballargentina
-swimmingstraw
-dressingbrother
-vacuumhyena
-americabeaver
-porchpackage
-blowgunvisitor
-writercello
-bladderroute
-radiounderwear
-potatohistory
-titaniummagic
-brazilweapon
-dressflare
-clothdigger
-middletemple
-crayonwinter
-factoryattempt
-hallwaybranch
-giantptarmigan
-troubletaste
-sweatshoptyphoon
-customerrespect
-singledigger
-authorrespect
-siberianpriest
-countrydecrease
-nervegauge
-handleerror
-chickendigger
-canadiandelivery
-shapechalk
-litterxylophone
-seaplanesword
-barbaraseaplane
-mercuryhimalayan
-algebramirror
-clockwhite
-ploughguilty
-honeythistle
-receiptwilliam
-feastfootnote
-grapeparent
-waitereight
-zoologyvinyl
-frenchbomber
-sudantrail
-donnaacrylic
-wedgecarrot
-mechaniccomic
-geographyfeather
-noisefield
-motherblouse
-februarygender
-visioncommittee
-selectioncello
-sailoreight
-fatherappendix
-frictionblinker
-septemberwhiskey
-routesphere
-helenapartment
-rubberreason
-separatedcamel
-sphynxbackbone
-sheetdrink
-jellydress
-inventorythrone
-lathemichael
-pendulumblizzard
-birthdayexchange
-emerynancy
-banglecattle
-decisionbanker
-voyagepuppy
-rowboathardware
-ornamentforehead
-truckthumb
-enquirycheese
-turnipblowgun
-arieswhite
-nephewquiet
-numericoption
-napkinmicrowave
-characterbaboon
-uncleorder
-moustachewater
-thursdayinvention
-angletarget
-stationshovel
-activeangora
-fleshconga
-sudanpheasant
-musicianschedule
-actorrotate
-appealpakistan
-purposesideboard
-bathroomrevolve
-insuranceeyebrow
-tellerraincoat
-powdercircle
-collegegoose
-drainmarble
-commandhamster
-thursdayfisherman
-malletteaching
-deliverymethane
-mimosacarol
-nursecloakroom
-grousepantyhose
-rewardcoast
-commanddrizzle
-kittydashboard
-heavenbutter
-diseasepromotion
-drivercrocodile
-ticketgarden
-lyocellpickle
-wreckerleopard
-lasagnadonald
-aprilarmchair
-sugarsearch
-cougaraustralia
-moroccofridge
-startquart
-pantrysalary
-badgerchauffeur
-hamburgerlaugh
-lunchapparatus
-indexchain
-congoavenue
-phonegarden
-butcherbugle
-decisionslime
-locustcoast
-retailermanager
-statevoice
-sistercousin
-roastpopcorn
-mouthlotion
-locustmacaroni
-climbadvice
-turretcrate
-cyclehedge
-soccertemper
-donaldrichard
-cautioncomma
-softwarechina
-clausraven
-diaphragmbladder
-digitalsneeze
-canadianreading
-locketspade
-sunflowerapproval
-sweatshopdefense
-skatestory
-thistlejapan
-litterramie
-herringwindow
-missileminute
-structurestep-son
-revolverhydrogen
-heavencrate
-jumperdrake
-sweaterpentagon
-soybeancreature
-crayfishdonna
-washerchicory
-haircutscarecrow
-luttucebrake
-dungeontwine
-estimatebrother
-broccoliravioli
-angoraalcohol
-camelwrecker
-custardtenor
-twilightconga
-frictionnephew
-chairgoldfish
-hacksawsubmarine
-sarahrichard
-japanknowledge
-latencyrhythm
-chivepyramid
-oxygenhobbies
-bakeryspark
-laundrysampan
-ownertyphoon
-croissantdredger
-turtleladybug
-thoughtmandolin
-troublequilt
-raincoatmailbox
-kittystocking
-damageflame
-gardenbulldozer
-printercrown
-calculusepoch
-wallabycontrol
-bowlingticket
-armeniantrapezoid
-interestbeast
-fibrewhorl
-eventlocust
-odometersunshine
-blizzardpropane
-ceramicgirdle
-gondolatitanium
-cloverprice
-ghanabicycle
-liquorjellyfish
-eyebrowcreek
-bandanapilot
-volcanoclimb
-shampoosardine
-screwdrain
-chocolatecolor
-poppyaries
-animalmarble
-stickhedge
-balancejogging
-cockroachopinion
-seederverdict
-separatedshelf
-grassglider
-dungeonpeanut
-toenailoutrigger
-hospitalkimberly
-turkeyfather
-operaengine
-mattockaccordion
-baseballadult
-birchtitanium
-baseballnoise
-grapeswallow
-vegetablechest
-landminebubble
-satinsquare
-familybrian
-skiingcoast
-squidsoprano
-buzzardpassbook
-deathlinda
-quietmiddle
-smokeoctagon
-secondimpulse
-skiingintestine
-messageoctober
-babiestextbook
-snailmachine
-workshopasterisk
-cemeteryquestion
-macaronisleet
-uncleagreement
-reindeershelf
-pyjamaparent
-decreasegerman
-crawdadwasher
-supplyrichard
-ouncesarah
-pigeonapple
-drillselection
-bicycleramie
-chessjourney
-eventclover
-hygieniccamel
-prunercemetery
-cricketsteam
-physicianhexagon
-celeryindia
-expertcontrol
-argentinapaper
-bladegasoline
-cardboardtexture
-floorgasoline
-asphaltlight
-botanycarnation
-bomberswiss
-friendhalibut
-diamondhydrofoil
-octopussidecar
-franceclient
-octopushockey
-pastoremployer
-saucepencil
-comicinvoice
-nigeriarange
-guiltyankle
-pricefelony
-authorrichard
-scalebattery
-skirtpolice
-romaniadaniel
-pointwrinkle
-animalimpulse
-ukrainiannephew
-scarecrowtrombone
-chimecicada
-romanialunge
-ornamenttrout
-partyfortnight
-eggnogquestion
-peacefaucet
-nightwednesday
-cherrysneeze
-ravendeborah
-coachradar
-hedgebattery
-cheesetreatment
-ikebanajeans
-ladybugeuphonium
-badgerliver
-pansysingle
-lizardbabies
-postboxplatinum
-eyelinerberry
-antelopeleopard
-screwmanicure
-priestjellyfish
-tightsmonth
-lightningperfume
-liquorscorpio
-hubcappyramid
-squidmorning
-enemyreminder
-ministerturret
-nationroadway
-ravenpickle
-racingstate
-foresteffect
-turnipcuban
-lathemanager
-churchhandball
-groupcondor
-lyocellsweatshop
-fighterbranch
-threadsteven
-humidityvolcano
-karenspandex
-bathtubdamage
-barberforgery
-drinkceramic
-faucettimpani
-oliveapartment
-heavenvault
-checkequipment
-hardwareinterest
-separatedgasoline
-attemptblanket
-indextrumpet
-controlsecure
-georgerooster
-textbookslave
-greenwinter
-randomthumb
-violetmilkshake
-eggplantpurpose
-shellpeanut
-flowersecure
-middlebarge
-numberdollar
-layerpackage
-gymnastwaitress
-canoewaitress
-oxygenperson
-thrillflame
-zephyrstate
-washerseaplane
-chequedigger
-kayakbelgian
-tanzaniapartridge
-swedishcable
-notebookdrizzle
-lasagnapromotion
-parcelforgery
-needleslime
-stitchbagel
-knickersantelope
-footballanthony
-liquidtimer
-ethernetgrease
-zebraskill
-jellyfishopera
-valuemascara
-camelbelgian
-strangerbooklet
-snakefeedback
-stingerformat
-englishegypt
-cactuslyocell
-clockalbatross
-cocktailbabies
-bangledrill
-jellyfishswordfish
-internetmicrowave
-quillyellow
-organdinghy
-thunderplane
-couchaugust
-tom-tomanime
-hydrantattic
-greenblock
-gazellesoftware
-plastermalaysia
-geologycartoon
-statementbumper
-woolenconsonant
-velvetchemistry
-successviolet
-signatureaction
-wallabygrandson
-lizardrussian
-coughhardware
-womanadapter
-objectiveinventory
-stopsignearth
-framevalley
-karatehoney
-canoeaddress
-harmonicacheese
-ticketpatch
-engineerdavid
-eightbucket
-hamburgerhexagon
-alleyairmail
-selectionaugust
-judgejames
-quartzcrack
-spandextwist
-weederliver
-successex-wife
-illegalhimalayan
-hardcovervinyl
-sushicouch
-witchdiscovery
-pancreaslatex
-bamboobattle
-magicianskill
-armadillobritish
-cymbaleagle
-buzzardtom-tom
-behaviorsystem
-turtlemilkshake
-lemonadepamphlet
-donalddefense
-flowerteacher
-mistakeslice
-objectiveattempt
-capitaldatabase
-stateprotest
-jennifergrowth
-handlebritish
-jeanshobbies
-slopemethane
-professoruncle
-silverlyocell
-crayonneedle
-francekendo
-heronairplane
-pounddimple
-fridgesoftball
-tsunamiactivity
-troutharmony
-purchasebutane
-stagecolumnist
-skateberry
-romanianbagel
-storerange
-croissantcrate
-protestgateway
-detectivekangaroo
-polyesterchick
-fleshkohlrabi
-riverpancake
-questionbench
-argentinachicory
-flaresupply
-norwegianpartner
-mexicanbarbara
-checkbrochure
-coachpantyhose
-larchdungeon
-toothhexagon
-passivearmadillo
-dentistindex
-reasonoctopus
-secondadvantage
-sweaterswallow
-porchbiplane
-heightswitch
-brassniece
-femaledream
-notifypilot
-statementjudge
-fieldfather
-diaphragmgrandson
-bonsaiscanner
-bufferjumbo
-myanmarfifth
-circlecurtain
-toastcopyright
-woolencherries
-pocketbakery
-shadowpromotion
-vacuumlaugh
-nightstreetcar
-recordnotebook
-magicianobjective
-chardexpansion
-crackflare
-blousealuminium
-capricornwhiskey
-mirrorpatch
-apartmentbrace
-bottomaluminium
-substancepressure
-apparatussecretary
-ukrainiansecure
-roadwaynepal
-answerhubcap
-juicewheel
-spaghettiethernet
-gladiolushardboard
-ukrainiansentence
-donkeyemployer
-beggarparrot
-zoologyalphabet
-policemanoctopus
-leathertemper
-basementclient
-postageviolet
-ladybugfreon
-sentenceparty
-batteryptarmigan
-memoryfiber
-shaperussian
-amusementparent
-japanesesiamese
-elementvacation
-aftermathaftermath
-columnistgoose
-transportstove
-networkbronze
-butterlatex
-lunchgemini
-apartmentspark
-trafficequinox
-employeecanadian
-tugboatcontrol
-cancerpantry
-sciencethistle
-letterbanana
-fatherhedge
-lyocellasparagus
-ugandasheet
-employersecure
-patientcouch
-workshopparticle
-femaledatabase
-willowgreen
-whalecrocodile
-quivertrumpet
-thoughtwillow
-airbusjapanese
-kamikazealphabet
-edwarddiscovery
-courtclaus
-meetingenquiry
-beretplanet
-pepperreceipt
-theorysalary
-pointmarimba
-missilenotebook
-spikepentagon
-gorillaex-wife
-williamchief
-scissorsdaisy
-noisemissile
-cherryburglar
-skatefield
-searchborder
-womandance
-dinghybranch
-swingwriter
-argentinamichelle
-causeweather
-radishbiology
-linensquash
-vinyloutrigger
-outputsurfboard
-anteaterumbrella
-captainpakistan
-bankerspark
-quicksandepoch
-consonantground
-networktrombone
-pantrypartridge
-objectivepolice
-fighthospital
-roastsardine
-gazelleviscose
-debtorairship
-bangleplayroom
-wedgestate
-dungeonarcher
-washerdonkey
-versesquirrel
-bookcasepiccolo
-templelocket
-crooktraffic
-nephewchord
-coniferstore
-pricebuilding
-beginnerspleen
-stormtsunami
-weaponcoach
-airshipcactus
-hospitalpound
-quailvirgo
-brotherprose
-effecttimpani
-asphaltroadway
-crackbanjo
-spongeweapon
-visitorelizabeth
-belgianmarket
-dragontitanium
-spainsquid
-insectchina
-walrustanker
-divisionrabbit
-ashtraystart
-margaretbandana
-oxygenbattery
-velvetumbrella
-tom-tommandolin
-radiosidewalk
-strawsurfboard
-oceaneditor
-rubberoffence
-smokeblowgun
-chairshingle
-bumperhygienic
-robertbrochure
-partyutensil
-croissantvacuum
-timerrugby
-karenhalibut
-blackoctopus
-sprucegorilla
-chestdiploma
-hexagongeorge
-poisonbasin
-buildingplate
-ketchupskill
-humorzipper
-drizzleenquiry
-planecocktail
-shallotspinach
-crackerstove
-spoonraincoat
-sweatertractor
-moneylipstick
-thronec-clamp
-seagullflame
-fridaycommand
-mirrorshield
-beastrobert
-towersaxophone
-halibutgrape
-statementbrush
-boardcrowd
-appendixchalk
-bracedinner
-lilacturnip
-thoughtperson
-poundsteel
-chancethrone
-mailboxemery
-rainstormbugle
-climbquail
-step-sonevening
-swedishoctober
-modemhedge
-airshipcredit
-scissorsalmanac
-digitalaccordion
-jaguarsyria
-houseramie
-radarwilliam
-creaturesunshine
-preparedrotate
-relationbumper
-baboonframe
-passivegemini
-wedgebiplane
-roosterhaircut
-liquidwasher
-bufferhaircut
-cablenylon
-asparagusdress
-euphoniumflight
-stampbroker
-equinoxghost
-pilotmatch
-octobershoulder
-pakistansponge
-ashtraydefense
-lunchroomwindchime
-signaturescooter
-witnessprison
-knickersdelete
-soldierniece
-resultsinger
-shapecloud
-rhythmcurrency
-fruitdiploma
-trowelcrush
-crocuspants
-partridgeclipper
-fedeliniknowledge
-daffodiltrombone
-narcissuscycle
-geometryjuice
-paintgoose
-successappliance
-marchopera
-desiredanger
-edwardbakery
-bargelarch
-faucetcrook
-weederlinen
-apparatusrobin
-velvetclipper
-prosetoilet
-postboxswedish
-replacemistake
-fragranceweasel
-syriadrive
-pantiesapartment
-theorydoctor
-saxophonepilot
-nitrogenquince
-swallowpastor
-prosematch
-bubblepamphlet
-novelgrease
-appendixbandana
-tom-tomregret
-berrynurse
-nursememory
-soybeancatsup
-sharonpenalty
-smellcapital
-step-auntarmadillo
-alcoholpreface
-israeldorothy
-bengalaftermath
-memoryfridge
-computerlaundry
-timbaleapology
-germanysound
-nitrogenstranger
-ronaldairport
-thunderrainstorm
-streamparade
-denimpanty
-freighterforehead
-beardbench
-weaponsurgeon
-nickeltheater
-strangertaste
-cobwebcurler
-musclehandicap
-cushionspark
-cymbalscene
-donaldchalk
-shelfghost
-bathroompuppy
-educationpickle
-creaturespear
-continentorange
-cylindersociety
-transportketchup
-lindapopcorn
-mirroraluminum
-turretcardboard
-brainniece
-quaildrake
-haircutslipper
-packagekitchen
-lotionnoise
-freighteremployer
-minibusstart
-attentionmattock
-thailandpatio
-parsnipamerica
-kevinchain
-spherequart
-educationporter
-riveryellow
-geometryindustry
-sweatshopreminder
-karenalbatross
-raincoatwaiter
-hexagonglass
-skirtscrew
-canadianweasel
-libraryquality
-tulippanther
-piscesemployee
-gradepressure
-amusementcocoa
-accountwallaby
-drivingsemicolon
-crossclose
-networkstool
-exhaustparade
-forcekevin
-luttucedigger
-cirrusbotany
-propertylathe
-basketcloakroom
-armchairdinghy
-bladehumor
-hyacinthpaste
-dinosaurmacaroni
-greenfloor
-stretchbrand
-sparrowfebruary
-reminderinternet
-snailbeast
-trousersshelf
-algeriajacket
-printerdaughter
-capitalaustralia
-creamhyena
-voyageweight
-timbalehurricane
-spearpanties
-frametexture
-herringbeach
-jenniferstep-aunt
-saxophonenancy
-agendajudge
-fedelinipolish
-giantfreeze
-zoologydomain
-cyclealloy
-ptarmigansleep
-printpuffin
-voicetrade
-dahliacheque
-cockroachlaugh
-currentgirdle
-bettyplastic
-mexicancirrus
-williamhouse
-arrowappendix
-quartmercury
-octoberbedroom
-rainstormantelope
-streamblock
-cormorantyogurt
-channelbaboon
-orangepiano
-balinesequotation
-romanianromanian
-bufferscorpion
-indonesiaradiator
-buildingvolcano
-cucumberrouter
-consonantbotany
-seagulljuice
-rocketjoseph
-anteatertortoise
-oatmealrecess
-celerytrial
-thingwrecker
-underweardiaphragm
-step-sonanthony
-celestecousin
-purpleequinox
-chimespruce
-taxicabshame
-jenniferitalian
-separatedmeter
-bagelhalibut
-butanepollution
-grandsonkevin
-timermulti-hop
-quailsquare
-haircutrussian
-zephyrmakeup
-baseballcheque
-sugartanzania
-potatoathlete
-ceilingsardine
-croissantsquash
-offerswiss
-borderpakistan
-bettypolish
-educationsharon
-bumperbeard
-pajamaoctave
-messagebadger
-healthglove
-goldfishbowling
-spruceagreement
-witnesspostage
-housewitness
-pansystitch
-armchairblade
-replacequince
-kidneyracing
-childsubstance
-gymnastdrink
-chestherring
-kennethmessage
-thundersycamore
-gianttruck
-chauffeurfrost
-tongueopinion
-alloytemper
-turnoverdaughter
-controldigestion
-musclepiano
-chardreligion
-securefight
-clothbladder
-quincetrial
-melodyrequest
-internetmakeup
-epoxymitten
-featureethernet
-airmailbabies
-peonycyclone
-mirrorpassenger
-rotatemosquito
-checksupport
-degreesphere
-mexicolentil
-whaleminute
-beasttights
-timerblanket
-ceilingslice
-computerdavid
-singlebeetle
-blockanimal
-ronaldtoast
-educationraincoat
-partnerbudget
-forestromanian
-illegalfortnight
-draineditor
-ariescrayon
-spoonrussia
-coniferphone
-interestcapital
-shellsanta
-toenailharbor
-numerictsunami
-bracetsunami
-bettysociology
-sphynxnorwegian
-hobbiesformat
-formatobjective
-marimbatouch
-magicblowgun
-adapterprofessor
-carriagebrandy
-apparatusservant
-plantsinger
-collarpyramid
-patchsoldier
-propertyshingle
-scorpioncurtain
-januaryquarter
-porcupinephysician
-criminalcheque
-debtorcactus
-indiainternet
-invoicepatricia
-fightertrail
-kendovenezuela
-medicinecircle
-streetcarnigeria
-mistakethrone
-comfortsearch
-cirrusnickel
-agendaamerica
-turkeyevent
-woundnoodle
-scorpiongondola
-greasechime
-galleyvenezuela
-frienddinghy
-scorpioheaven
-breadlegal
-missiletheory
-queencucumber
-snowplowegypt
-stretchdragonfly
-beetlepurchase
-teachingscanner
-tendencymotorboat
-wastecactus
-zebraroute
-boundaryamerica
-bugleisland
-cushionaftermath
-algeriasquid
-alcoholikebana
-oniontrial
-williamquestion
-templegreen
-saucebagel
-dryerriver
-tomatochild
-sundialscorpion
-animetextbook
-processhardcover
-firemansardine
-ukraineadvice
-dorothytooth
-dressingquince
-bookcasehistory
-hacksawarmadillo
-cuticlesilica
-condorgender
-eventtreatment
-animewatch
-floodbrass
-rubberfibre
-ghanafamily
-inputpassbook
-pyjamascooter
-partyriver
-chalkimpulse
-tornadonewsstand
-historygallon
-carnationpastry
-davidwound
-forecasttuesday
-actionsmell
-backbonebladder
-canadacancer
-targetjapan
-meterradiator
-flightslave
-offencereceipt
-incomeairport
-squirrelenergy
-trialbrake
-davidmachine
-insectchurch
-gliderturnover
-airplaneorchid
-colonvalue
-motorboatinput
-cherrypoison
-stickmascara
-pastorsparrow
-alphabetcello
-digitalnickel
-hallwayflight
-carolpimple
-glovebutane
-printoutput
-salarybread
-timpaniparsnip
-changeburst
-licensecougar
-timpanilunch
-cartoonbreak
-brackethacksaw
-searchtitle
-driveprofessor
-georgetaxicab
-israelavenue
-recordblock
-hammertrunk
-cottonraven
-notifybeech
-pancakequotation
-chalkheadline
-washerlentil
-actionverdict
-christmascreature
-sarahpizza
-chalkhoney
-sturgeonwedge
-cementmacrame
-bracketorchid
-harbordelivery
-singlesurfboard
-innocentunderwear
-chainviolin
-keyboarddream
-typhoonmarket
-zephyramount
-davidsemicolon
-algebraclick
-profitvolcano
-saturdaycanada
-pendulummusic
-sharksaxophone
-orchiderror
-recordprotocol
-foxgloveaugust
-cougargermany
-spiderspinach
-rutabagaspark
-roadwaycrayfish
-zephyrwhale
-hubcaprussian
-trialavenue
-kayakaries
-studymarket
-blockfamily
-chequeoutrigger
-divorcedalphabet
-blockdirection
-potatospinach
-basintornado
-graphicgosling
-numericdeficit
-temperscreen
-englishmustard
-sopranohoney
-airportbranch
-oceanspoon
-seashoresuede
-inputcable
-fairiesappliance
-drizzleenglish
-mexicoschool
-turnipduckling
-propertysideboard
-bargefountain
-bobcatbarometer
-baritonecrowd
-creatoractivity
-porcupinelimit
-breathfreezer
-leopardbanana
-breakdaisy
-engineerhealth
-forgerylibrary
-treatmentobjective
-dinghyikebana
-ticketpromotion
-systemchair
-brokervision
-liquidbutcher
-russiashrine
-siameseperson
-drizzleincome
-snowflakeceleste
-ministerriver
-picklemarble
-dungeonbedroom
-americatrial
-tastehumidity
-recesskenneth
-trickaccount
-newsstandfeather
-brownswamp
-crushhouse
-pyjamaopinion
-equipmentbookcase
-musicianguilty
-sugarquestion
-englishswedish
-closetcolumn
-notifyotter
-rainbowmarimba
-healthbanjo
-tsunamistomach
-freighteraquarius
-clockinvoice
-reportankle
-weaponsunshine
-linenfeedback
-coastpocket
-distancedecrease
-packethyena
-companysurgeon
-bargepeony
-debtorbongo
-jellyfishhearing
-believemother
-butchercuban
-advantagemexico
-friendstone
-brazilearth
-burglarwhite
-kangaroocurtain
-saucedrain
-lyocellsidewalk
-ownerwedge
-crayonjewel
-buffetwealth
-pantrycemetery
-threadclipper
-orangejason
-pastryplaster
-algeriaagenda
-cylinderarcher
-monthbillboard
-partyshears
-fortnightharmonica
-lightdeadline
-lungepatient
-burstapartment
-companyknight
-patchsalesman
-securitywhite
-spaghetticrook
-storyvolcano
-armenianbicycle
-peacebroker
-grouprepair
-customerstocking
-landminesurfboard
-consonantrevolver
-halibutcolor
-officedessert
-swordfishequinox
-sailorsidecar
-industryapparel
-gore-texchinese
-couchdorothy
-englishanger
-shoemakergemini
-walletpayment
-donnaapartment
-chestpoint
-brandtractor
-answerbasket
-cricketshrine
-trunkcathedral
-drawercarpenter
-plasticknight
-dinghysushi
-subwayoatmeal
-cartoonbudget
-streetcaropera
-studycomic
-submarinebasement
-elizabethwednesday
-luttucechildren
-squashinsurance
-tastecontinent
-patientteacher
-jacketaftermath
-japaneseexistence
-plasticclaus
-bedroomtrumpet
-resultsanta
-powersidecar
-spaghettivalley
-cyclefrench
-bedroommiddle
-tendencytrain
-seagullravioli
-latexpackage
-streamselection
-washerrelish
-zoologyemployee
-pantyhosedesign
-managercentury
-mascarahumor
-edgerrhythm
-trumpetcousin
-romaniansoybean
-microwavemoustache
-ghostmaria
-cricketdance
-freoncondor
-pentagontouch
-magazineeight
-cardboardwitness
-optionjapanese
-aprilbrake
-mondayblouse
-attackpickle
-thoughtguide
-harmonicatruck
-shallotcarol
-repairsmash
-crosswalrus
-streetclose
-zoologyorchestra
-cirruskitten
-kilogrambaseball
-shortstoenail
-acrylicbooklet
-cloudyblock
-waitresscurrency
-africaeyelash
-jenniferalcohol
-diaphragmslipper
-pencilsprout
-harborstreetcar
-magicgarden
-monkeybeggar
-stockingbabies
-novelgearshift
-wastegemini
-ministerpajama
-egyptgazelle
-armadilloplant
-powderlizard
-forcecougar
-hallwayhydrofoil
-clarinetswallow
-womenpyjama
-ariesbrand
-kayakcollar
-viscoseliquid
-buzzarddouble
-melodyschedule
-outputyogurt
-dipstickasparagus
-hyenaneedle
-cupcakebulldozer
-messageorchestra
-beachfisherman
-clothexistence
-recorderlunge
-dorothycoast
-propertyplough
-karatemargaret
-hallwaylearning
-asteriskreindeer
-mariabreakfast
-creditsister
-airbusholiday
-trunkexhaust
-aftermathgrenade
-officesurprise
-accordionthistle
-moustacheanteater
-eggplantbuffet
-myanmarchord
-spaghettisaturday
-dahliahobbies
-stingernight
-stationwitness
-interestburst
-britishasparagus
-snakegroup
-gooseexample
-step-sonpackage
-cardigandorothy
-printergeology
-brokercellar
-jewelbuzzard
-jasoncaption
-benchtoast
-lightcellar
-windowjelly
-successtanker
-insuranceicicle
-sleepswiss
-carolfrench
-produceonion
-pocketsnail
-schedulelotion
-brushkamikaze
-guaranteemexico
-cerealunderwear
-sweatercourt
-bottomcaption
-crossepoch
-wastelasagna
-dogsledbranch
-skilleffect
-passivelemonade
-congotiger
-newsstandclass
-tastethread
-spaindetail
-sandwichfather
-statisticitalian
-turtleolive
-greekstring
-ferryboattwilight
-cheesealgeria
-lobsterbeach
-spinachlettuce
-sentencewrench
-ravioliquartz
-mimosawriter
-motherliver
-felonywilliam
-croissantchinese
-inventoryex-wife
-honeyperson
-germanytrail
-zipperracing
-touchdrive
-angoravault
-offencecriminal
-chinesedollar
-bugleapril
-celloplant
-dinosaurshock
-beliefvault
-cupcakeberet
-shadowbadger
-educationorange
-camelodometer
-riverprofit
-lindaburglar
-dimplebladder
-biplanemoney
-periodrouter
-japanindex
-squirrelsheep
-ariessmell
-celsiuskorean
-recordbirch
-tailorbabies
-barberkevin
-baboonalarm
-disgustfemale
-packageshallot
-halibutoxygen
-norwegiannarcissus
-sistercouch
-kittenreport
-dancercurler
-stovefrance
-islandsunflower
-fluteinventory
-decadeverse
-heliumbarometer
-creatorfrance
-depositplate
-richardunderwear
-ferryboatcymbal
-broccolialbatross
-sentencebreakfast
-saturdayleopard
-barometergateway
-cymbalsecure
-hacksawswordfish
-orchestratiger
-accountporcupine
-shearsaftermath
-vinyljennifer
-gallonparticle
-pressurestart
-handballplant
-chalkmicrowave
-inventorymallet
-skillmexican
-digestionpollution
-garagenewsstand
-sproutcelery
-octopusaddition
-raviolibugle
-edwardperfume
-violetprice
-prunerhallway
-apparatuscause
-wreckerhyena
-aprilrainbow
-desiredivorced
-anatomycannon
-chairmarch
-bargegarden
-scalliongrandson
-footnoteharmony
-hurricanedragon
-debtorsunflower
-governorblanket
-coastchurch
-activebutcher
-parsnipjoseph
-fluteniece
-priceafrica
-tromboneheight
-lobsterstick
-discoverytrick
-slopemustard
-footnotequestion
-stevensnowplow
-bathtubvolcano
-raviolilicense
-chauffeurbubble
-crayongeese
-comictrial
-patiotom-tom
-europechick
-snowstormfamily
-anthonyregret
-seashorecurrency
-enquirygiant
-dinosaurhamburger
-cougarcricket
-internetukraine
-spandexcanadian
-jeansgladiolus
-asphaltedger
-storyagenda
-equinoxactive
-spearrelative
-columnistsoybean
-vulturefisherman
-scentastronomy
-bufferbrace
-treatmentplier
-sunshineblizzard
-collegeamount
-breakfastspear
-gasolineaddition
-throneactivity
-lightheart
-stepsonbrass
-williambuffet
-thingsociety
-bathtubcornet
-nursewoolen
-organstep-son
-cinemapassbook
-womenchill
-newsprintethiopia
-tendencytugboat
-cactusepoch
-tanzaniadoctor
-spherepayment
-cobwebmusic
-postboxdollar
-creaturemexico
-disgustfountain
-spadepajama
-paperbackwaiter
-italiantanzania
-myanmardoubt
-trialpoppy
-slashrowboat
-hacksawdeodorant
-blizzardsweatshop
-physicianpoland
-nightriddle
-sweetsmonday
-vegetabledisgust
-oniontoilet
-strawgrandson
-cowbellthursday
-dibblemelody
-stockingfactory
-c-clampharmony
-advantageknowledge
-crawdadfireman
-drivechicory
-woundparsnip
-yachtengine
-venezuelanickel
-chickjeans
-enquirystopsign
-rutabagashrimp
-geminisuede
-pancreaslatex
-ikebanapatio
-turtlecaptain
-shellpassbook
-glidingspoon
-whorlmaraca
-japanesescraper
-kohlrabieggnog
-marriedsharon
-sweatshopsnowman
-streamthrill
-targethydrofoil
-blizzardrooster
-saxophonedollar
-laborerpanty
-purchaseyogurt
-cyclonepromotion
-sociologysnowflake
-armchairprofit
-whistlequeen
-schoolstick
-arrowuganda
-creatureaddition
-freonutensil
-buildingflight
-tenorroadway
-poppysociology
-chickenhorse
-bearddorothy
-crayonplatinum
-susanmonday
-trouserslumber
-goosedrizzle
-octavenigeria
-kevinmachine
-clipperclerk
-disgustbelieve
-pamphletsnowman
-ex-wifeforehead
-toiletscent
-crackercuban
-swordfishbritish
-fishermancomposer
-foxglovenephew
-soybeangrandson
-depositbobcat
-sturgeoncaravan
-waterfallcheese
-potatoblood
-broccoliforce
-productseashore
-treatmentshell
-cricketaluminium
-chickensponge
-territorygondola
-reportferry
-chordchest
-consonantniece
-juicelentil
-cherriesitaly
-calendarpelican
-throatporch
-gore-texfeedback
-outputclass
-calendarlyocell
-spaghettipants
-bloodliquor
-mustardspider
-twistthing
-libramosque
-firewallkilogram
-continentsheep
-tradequeen
-ploughcockroach
-smokeheadlight
-searchwhale
-zebramotion
-handicapcover
-willowjames
-apologylaborer
-grousexylophone
-cousindonkey
-timbalesneeze
-mosquitolatency
-leopardseagull
-criminalpersian
-whiskeywalrus
-multi-hopstep-aunt
-radiatorgorilla
-handledrizzle
-coastdeborah
-softwarestory
-crossdryer
-streetketchup
-stoollipstick
-silversaxophone
-angledigger
-angoraaugust
-mandolindress
-stoolactive
-afternoonocelot
-skillwheel
-ladybugshape
-centurysturgeon
-girdleindonesia
-walruslatex
-discoverysheep
-snowmanshark
-williamengine
-energyguilty
-canvaswillow
-cinemacherries
-throneornament
-shoemakerplayroom
-giantalibi
-formathandball
-tuesdaynitrogen
-moneypoint
-ceramicpostage
-timbaleskiing
-scissorsamusement
-glidertom-tom
-ukrainianbuffer
-borderlimit
-lycradrama
-additionhimalayan
-eventagenda
-barometerliquid
-slipperrocket
-bracketagreement
-aquariusmichael
-octavemacaroni
-effectsignature
-copperenemy
-melodydirection
-lizardflower
-sandwichladybug
-spinachcaution
-turretvision
-motherspoon
-mistakeeggnog
-jumpersnail
-professordamage
-pickletsunami
-pyjamabelieve
-decreaseronald
-weaponfifth
-theaterfirewall
-belgiandugout
-scorpionrubber
-searchodometer
-marketresult
-sweetssalary
-minibusketchup
-mailboxbench
-spleeneurope
-geraniumhouse
-dramamakeup
-banglecrime
-gondolacaption
-dahliaparent
-violettoenail
-peppereducation
-japanesefeeling
-onionquotation
-furnituretongue
-surgeonselect
-angercrate
-knifecarrot
-marginsearch
-luttucesense
-sessionforce
-plainbongo
-custardburglar
-thursdayfreezer
-historyscanner
-mascarafelony
-paperexample
-recorderglider
-marginbillboard
-fluteavenue
-collarvoyage
-prosepantyhose
-drilllyric
-hexagonpancreas
-sudanjellyfish
-syrupforest
-cubancaution
-throatconifer
-cemeterycornet
-donnawaitress
-clipperappeal
-lentilestimate
-jumperreduction
-wastelatex
-approvalplanet
-dieticianshark
-pencilsyrup
-communitygoldfish
-strangersubway
-governormelody
-thailandheron
-georgetennis
-springtimbale
-cloverrabbit
-chinesefemale
-banjoswimming
-shovelsalary
-waterfallplier
-calculusmaple
-syrupbeard
-babiestoast
-step-auntgraphic
-step-sonclaus
-smokecoffee
-skirtcactus
-ferrybathroom
-driverex-wife
-pelicanconifer
-riverbedmarket
-actressbakery
-trailretailer
-mechaniccontrol
-magicdeadline
-epochkenya
-broccolimulti-hop
-alloyshield
-drainspeedboat
-geologymacrame
-violetstorm
-cicadarabbit
-forecastheadline
-companyaddition
-featherstore
-illegalheadlight
-baboonoffice
-herringaluminium
-blanketdenim
-tenorkettle
-freightermailbox
-furnitureeducation
-pointsurprise
-weaponflood
-farmercanvas
-chineseattention
-versequiet
-centurystudy
-goldfishdungeon
-slopesquirrel
-canvasclaus
-yogurtcanvas
-lilacfaucet
-bottlethumb
-harmonicacereal
-pantrycapricorn
-tortoisenotify
-toenailfloor
-middletheater
-calendarswallow
-celestecopyright
-monthcountry
-zebraspace
-alloyasphalt
-propanewound
-knickerssurfboard
-deficitsmile
-matchtriangle
-paperdinner
-teachingbrick
-stopwatchthomas
-authorbridge
-readinggrade
-minibusknowledge
-armadilloformat
-kittyminute
-relativeindia
-feelingaftermath
-mustardquartz
-gatewaybranch
-prosechief
-statisticthread
-towerhaircut
-processwalrus
-temperreason
-drilltoilet
-karatefriction
-summerpersian
-tsunamibeard
-pancreashelmet
-separatedtugboat
-shadowrespect
-brakemotion
-step-soncalendar
-printerror
-femalecomposer
-chocolatesmash
-taiwanvoice
-formatrubber
-apparatushourglass
-shelfdugout
-positionpollution
-clothmuscle
-visitorshrine
-enquirykayak
-anglepasta
-kohlrabibronze
-pansyequinox
-susanpastor
-liquormelody
-canadianstraw
-popcornpassenger
-deadlinebamboo
-bankbooksquare
-pastordaniel
-cuticlefarmer
-bookcaseparsnip
-ikebanabathroom
-catsupjason
-papergoose
-syriawinter
-scraperrainbow
-exchangewinter
-segmentwound
-flavorjuice
-clausquartz
-chocolateminibus
-layergermany
-successsunflower
-stepsonhealth
-gallontyvek
-nervebengal
-pamphletspace
-soccershorts
-kevinparcel
-timbalearies
-paraderocket
-yogurtcathedral
-candlecreature
-mountaincontinent
-juiceradio
-passbooksoccer
-juiceknight
-priestpurpose
-shieldapartment
-lizardangle
-snowflakeclient
-religionfireman
-multi-hopbottle
-februarysmell
-zephyrrutabaga
-effectnigeria
-nickelbalance
-apartmentquiet
-impulsesidewalk
-beavercrush
-titlehistory
-congojacket
-aftermathgander
-woundbamboo
-mondayjaguar
-titaniumbladder
-beechwealth
-ramieoxygen
-blacktaiwan
-tendencyclimb
-lizardmoney
-minutecylinder
-carpenterinventory
-richardperiod
-operationpayment
-bumpersharon
-bargehammer
-onionbutcher
-ferrystore
-surfboardviscose
-numericpiccolo
-successdogsled
-quincemarket
-softwarerelish
-canadageese
-cubannovember
-liverbracket
-babiesbulldozer
-fightercarnation
-sessionjewel
-anteaterminibus
-mondaypaper
-gearshiftfelony
-adaptertornado
-shrimpcactus
-valleygauge
-lyocellpilot
-applesparrow
-atticdrink
-step-sonsweatshop
-elephantstocking
-producefireman
-macaroniwomen
-decimaldresser
-doctorrhythm
-channelphysician
-camerapyjama
-cirruschicory
-mandolinpurchase
-pandacoast
-laborerpolice
-fridgemusician
-decadehoney
-summersycamore
-stationlemonade
-communityswimming
-collisiongliding
-educationbookcase
-formatpersian
-aluminumrhythm
-colorweather
-boardscarecrow
-bumpersnowstorm
-meetinggeese
-couchbuffer
-chancesoftdrink
-airplanemeasure
-muscletongue
-adaptervirgo
-mimosaalloy
-bladderhamburger
-childcolor
-stopwatchtrial
-middleletter
-wallabyjeans
-musicdenim
-broccolination
-slopecatsup
-waterchick
-currentnarcissus
-quivermailman
-selectiondanger
-angerslime
-avenueparrot
-ukrainiansarah
-davidradar
-pelicanmascara
-hurricanetimbale
-liquorriver
-drawerberry
-replacehobbies
-underwearseason
-firewallbreak
-sproutlarch
-bracecarol
-bottompolyester
-hockeyheight
-peonyseeder
-clientmeter
-wastetwilight
-peppergarlic
-gymnasthearing
-drivingbutton
-sliceikebana
-zephyrviolet
-badgerambulance
-asteriskenglish
-pantyhoseplanet
-karatemodem
-scalechildren
-baseballpastor
-crateoutput
-recorderpanda
-broccolitrumpet
-brochureporcupine
-passivehurricane
-vulturevacation
-pyjamaforgery
-bubblecopyright
-octavecloudy
-grousestream
-supplycannon
-bagelbench
-punchairplane
-copperwhale
-polandshears
-canvasseptember
-friendlight
-lipstickrevolver
-shrimpjewel
-scorpionairship
-bagpipeturkish
-timpanivessel
-airbustyvek
-makeupbeetle
-egyptriverbed
-clutchpencil
-equinoxbobcat
-bronzesyria
-brokersecure
-astronomylilac
-wrenchsponge
-flightapproval
-bucketmorning
-lemonadestudy
-condoreagle
-diaphragmmanager
-melodyheadline
-decimaldrill
-carolgoldfish
-illegalferryboat
-faucetfeather
-mountaindebtor
-trickgosling
-knifejason
-personreindeer
-postboxknowledge
-backbonesnowman
-capricorncattle
-shoemakerbirthday
-shamecrawdad
-pheasantsidecar
-christmasburst
-rainbowexhaust
-monthholiday
-hacksawradio
-machinethailand
-letterchildren
-bracetoenail
-edwardbudget
-screenstation
-giraffedeficit
-eyelashpiccolo
-workshopbrain
-swordferryboat
-quiverswing
-animeturret
-yellowsecure
-pantsselection
-edgeremery
-donnadinosaur
-fedelinielephant
-latheposition
-calculussushi
-alligatorlicense
-divingorchestra
-custardankle
-apparatusglass
-librablanket
-cheekdesign
-dugouttwist
-kangarooitalian
-strawbarometer
-friendappliance
-cocoacoast
-relationgirdle
-kayakevent
-tenorsauce
-streamcurtain
-ugandabuffet
-questionappendix
-rangesardine
-mistakeliquor
-italyoatmeal
-bandanastep-son
-swallowbrian
-libraryrooster
-guitarcormorant
-alligatorarmadillo
-olivediploma
-mandolinvietnam
-chequeonion
-moustachestaircase
-tugboatpepper
-babiesmandolin
-chickenbobcat
-sleeptrade
-ticketfeature
-governortanker
-priestsubstance
-squarelegal
-badgemacaroni
-hospitalcream
-chieffriction
-birthdaycloudy
-sandrapancreas
-licensepimple
-chauffeurstraw
-sandrabalinese
-sailboatboard
-eyelinergreece
-ceramicvulture
-wasteturtle
-dragonflybiplane
-squareglass
-doubleplywood
-aluminumeyelash
-cougarlearning
-swordcanvas
-digestioncloset
-kittycuban
-cratebarge
-timbaleepoxy
-mosquitocolor
-stoolsurname
-brushlocust
-noisestatement
-blockcrocus
-weedermusic
-ounceedward
-preparedrabbi
-umbrellatimbale
-eveningpuffin
-mondayoffence
-ferrydrain
-multi-hopfriday
-clerkcollege
-yogurtpatio
-coastlotion
-elizabethepoxy
-denimlanguage
-estimatelaugh
-blackeffect
-bugleheight
-jasonrectangle
-sneezebusiness
-drainsarah
-countryattack
-fifthnephew
-blacklaura
-parcelbangle
-russiaforce
-australiavoice
-linenviola
-shelfcicada
-sidewalkbusiness
-slashhospital
-saxophonereceipt
-dressingmeasure
-heavendressing
-spinachsweets
-marriedspeedboat
-tendencyhobbies
-barbarafront
-doublemirror
-pantiesnumeric
-shademailman
-hobbiesgarage
-tradepyjama
-engineerashtray
-thunderlizard
-targetbench
-hydrantspleen
-trunkfisherman
-africapastry
-violintrain
-spoonstep-son
-managereducation
-brickalibi
-kangaroofirewall
-stovehydrogen
-internetpassbook
-expansioncupcake
-operationsecretary
-methanesmash
-skillopera
-prefacebulldozer
-scorpionsaxophone
-valleyangora
-twistacrylic
-puppymaria
-acousticniece
-nephewemployee
-turretrelish
-potatosleet
-cupboardthistle
-apartmentpunch
-smelljaguar
-sociologyquilt
-modemfelony
-otterlizard
-guiltyharmony
-spandexfridge
-groundferryboat
-onionwillow
-cocoascience
-pizzaentrance
-mouthbattery
-soccerviolet
-tortoiseenemy
-radiatorceiling
-boardblood
-grandsonwhite
-fieldcushion
-chequeelbow
-freondriving
-birthalbatross
-armeniangirdle
-davidbulldozer
-applelipstick
-policemanlatex
-wristbranch
-gendershare
-yachtchest
-macramefeeling
-adaptercoach
-successtennis
-teacherfeeling
-innocentsubmarine
-furnituregalley
-biplanetexture
-coverwrinkle
-cucumberspider
-hobbiespriest
-womenmichael
-harmonicaskirt
-valleypatch
-agreementdungeon
-quivermirror
-crickethygienic
-humorpoultry
-fleshdolphin
-broccolibrand
-cylindermarried
-noodlecanadian
-leopardcowbell
-chestglove
-singlejames
-cocktailsundial
-inventoryconifer
-nationnerve
-swisspostage
-hyacinthsociety
-surgeonsidecar
-otterswamp
-pocketperson
-cousinnoise
-epoxyllama
-teacherzipper
-asphaltalarm
-aluminiumdouble
-submarinekarate
-singerenquiry
-airmailgermany
-coppersquash
-quicksandquartz
-cucumbermotorboat
-ostrichcurrent
-numericparrot
-pancakecolor
-bracketflower
-requestcicada
-seaplanerouter
-softballtoilet
-segmentlibrary
-lemonadeyacht
-vacationmuseum
-yellowtheater
-officemagician
-mechaniccheck
-randomswallow
-bargearcher
-cricketbrother
-guitarronald
-fedeliniinnocent
-spongecreek
-firemandebtor
-discoverytimpani
-tigerbelgian
-camelworkshop
-yogurtmilkshake
-himalayanferryboat
-ceilingwhale
-kidneyfortnight
-japandancer
-questionflight
-chiveleopard
-woolenanthony
-indonesiatennis
-greecehimalayan
-jellydatabase
-orchidsoybean
-pelicanferryboat
-luttucepancake
-featuregander
-spacebanjo
-spherefoxglove
-cormorantpaste
-housebladder
-dancercraftsman
-pyramidjanuary
-cicadachime
-singlesweatshop
-pancreasdebtor
-kittyprice
-cubansalad
-prunergeorge
-doubtbanjo
-blowgunsquash
-syriageranium
-sentencebagel
-substancekenya
-ukrainianplatinum
-camelitalian
-kittytheory
-relativeconga
-alleypoland
-wastebeast
-dahliaflood
-cannongeranium
-objectiveappendix
-parsnipspace
-humorsmash
-kimberlytractor
-cookingbrand
-paintnitrogen
-asterisklyocell
-calendarrainbow
-lindadinner
-interestbanana
-richardmercury
-algeriadragon
-featuremarch
-offencepackage
-entrancesession
-donkeyglove
-messagehyacinth
-slashsugar
-invoicebiology
-slavestock
-fightfeather
-wallabyhacksaw
-bucketalloy
-methaneliver
-carolhalibut
-pricecolony
-staircasesoftdrink
-insectcolor
-telleremery
-siberianrooster
-messagerussian
-gatewaymuseum
-columnistpajama
-adapterinterest
-chemistrygeorge
-flightporch
-c-clampbeginner
-egyptwalrus
-honeyvessel
-spherelentil
-brandyjasmine
-shadowshovel
-ellipseshoulder
diff --git a/_deprecated/install.sh b/_deprecated/install.sh
deleted file mode 100755
index 417cc9c7..00000000
--- a/_deprecated/install.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-cd iso/installer
-./install.sh "$@"
diff --git a/_deprecated/installer/debian/install.sh b/_deprecated/installer/debian/install.sh
deleted file mode 100755
index a15f68ee..00000000
--- a/_deprecated/installer/debian/install.sh
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-
-# Needs to run as non-root
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" == "root" ]
- then
- echo "Need to run as user ..."
- exit
-fi
-
-# Check if running on Debian
-if ! grep -q 'ID=debian' /etc/os-release; then
- echo "This script is designed to run on Debian. Aborting."
- exit 1
-fi
-
-if [ -f /var/log/debian-install-lock ]; then
- echo "Error: The installer has already been run on this system. If you wish to run it again, please run the uninstall.sh first."
- exit 1
-fi
-
-# Create installer lock file
-sudo touch /var/log/debian-install-lock
-
-# Update SSH config
-echo "Updating SSH config..."
-sudo bash -c 'echo "Port 64295" >> /etc/ssh/sshd_config'
-
-# Install recommended packages
-echo "Installing recommended packages..."
-sudo apt-get -y update
-sudo apt-get -y install bash-completion git grc neovim net-tools
-
-# Remove old Docker
-echo "Removing old docker packages..."
-sudo apt-get -y remove docker docker-engine docker.io containerd runc
-
-# Add Docker to repositories, install latest docker
-echo "Adding Docker to repositories and installing..."
-sudo apt-get -y update
-sudo apt-get -y install ca-certificates curl gnupg
-sudo install -m 0755 -d /etc/apt/keyrings
-curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-sudo chmod a+r /etc/apt/keyrings/docker.gpg
-echo \
- "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
- "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
- sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-sudo apt-get -y update
-sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-sudo systemctl enable docker
-sudo systemctl stop docker
-sudo systemctl start docker
-
-# Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
-echo "Creating T-Pot group and user ..."
-addgroup --gid 2000 tpot
-adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
-# Add user to Docker, T-Pot group
-echo "Adding $(whoami) to Docker group..."
-sudo usermod -aG docker $(whoami)
-echo "Adding $(whoami) to T-Pot group..."
-sudo usermod -aG tpot $(whoami)
-
-# Add aliases
-echo "Adding aliases..."
-echo "alias dps='grc docker ps -a'" >> ~/.bashrc
-echo "alias dpsw='watch -c \"grc --colour=on docker ps -a\"'" >> ~/.bashrc
-
-# Show running services
-sudo grc netstat -tulpen
-echo "Please review for possible honeypot port conflicts."
-echo "While SSH is taken care of, other services such as"
-echo "SMTP, HTTP, etc. might prevent T-Pot from starting."
-
-echo "Done. Please reboot and re-connect via SSH on tcp/64295."
-
diff --git a/_deprecated/installer/debian/sudo-install.sh b/_deprecated/installer/debian/sudo-install.sh
deleted file mode 100755
index 86fcfa80..00000000
--- a/_deprecated/installer/debian/sudo-install.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-if ! command -v sudo &> /dev/null
-then
- echo "sudo is not installed. Installing now..."
- su -c "apt-get -y update && apt-get -y install sudo"
- su -c "/usr/sbin/usermod -aG sudo $(whoami)"
-else
- echo "sudo is already installed."
-fi
diff --git a/_deprecated/installer/debian/uninstall.sh b/_deprecated/installer/debian/uninstall.sh
deleted file mode 100755
index 66435b07..00000000
--- a/_deprecated/installer/debian/uninstall.sh
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/bin/bash
-
-# Needs to run as non-root
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" == "root" ]
- then
- echo "Need to run as user ..."
- exit
-fi
-
-# Check if running on Debian
-if ! grep -q 'ID=debian' /etc/os-release; then
- echo "This script is designed to run on Debian. Aborting."
- exit 1
-fi
-
-# Check if installer lock file exists
-if [ ! -f /var/log/debian-install-lock ]; then
- echo "Error: The installer has not been run on this system. Aborting."
- exit 1
-fi
-
-# Remove SSH config changes
-echo "Removing SSH config changes..."
-sudo sed -i '/Port 64295/d' /etc/ssh/sshd_config
-
-# Uninstall Docker
-echo "Stopping and removing all containers ..."
-docker stop $(docker ps -aq)
-docker rm $(docker ps -aq)
-echo "Uninstalling Docker..."
-sudo systemctl stop docker
-sudo systemctl disable docker
-sudo apt-get -y remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-sudo apt-get -y autoremove
-sudo rm -rf /etc/apt/sources.list.d/docker.list
-sudo rm -rf /etc/apt/keyrings/docker.gpg
-
-# Remove user from Docker, T-Pot group
-echo "Removing $(whoami) from T-Pot group..."
-sudo deluser $(whoami) tpot
-echo "Removing $(whoami) from Docker group..."
-sudo deluser $(whoami) docker
-# Remove T-Pot user and group
-echo "Removing T-Pot user..."
-sudo deluser tpot
-echo "Removing T-Pot group..."
-sudo delgroup tpot
-
-# Remove aliases
-echo "Removing aliases..."
-sed -i '/alias dps=/d' ~/.bashrc
-sed -i '/alias dpsw=/d' ~/.bashrc
-
-# Remove installer lock file
-sudo rm -f /var/log/debian-install-lock
-
-echo "Done. Please reboot and re-connect via SSH on tcp/22"
-
diff --git a/_deprecated/installer/fedora/install.sh b/_deprecated/installer/fedora/install.sh
deleted file mode 100755
index 5a22f56a..00000000
--- a/_deprecated/installer/fedora/install.sh
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/bash
-
-# Needs to run as non-root
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" == "root" ]
- then
- echo "Need to run as user ..."
- exit
-fi
-
-# Check if running on Fedora
-if ! grep -q 'ID=fedora' /etc/os-release; then
- echo "This script is designed to run on Fedora. Aborting."
- exit 1
-fi
-
-if [ -f /var/log/fedora-install-lock ]; then
- echo "Error: The installer has already been run on this system. If you wish to run it again, please run the uninstall.sh first."
- exit 1
-fi
-
-# Create installer lock file
-sudo touch /var/log/fedora-install-lock
-
-# Update SSH config
-echo "Updating SSH config..."
-sudo bash -c 'echo "Port 64295" >> /etc/ssh/sshd_config'
-
-# Update DNS config
-echo "Updating DNS config..."
-sudo bash -c "sed -i 's/^.*DNSStubListener=.*/DNSStubListener=no/' /etc/systemd/resolved.conf"
-sudo systemctl restart systemd-resolved.service
-
-# Update SELinux config
-echo "Updating SELinux config..."
-sudo sed -i s/SELINUX=enforcing/SELINUX=permissive/g /etc/selinux/config
-
-# Update Firewall rules
-echo "Updating Firewall rules..."
-sudo firewall-cmd --permanent --add-port=64295/tcp
-sudo firewall-cmd --permanent --zone=public --set-target=ACCEPT
-#sudo firewall-cmd --reload
-sudo firewall-cmd --list-all
-
-# Load kernel modules
-echo "Loading kernel modules..."
-sudo modprobe -v iptable_filter
-echo "iptable_filter" | sudo tee /etc/modules-load.d/iptables.conf
-
-# Add Docker to repositories, install latest docker
-echo "Adding Docker to repositories and installing..."
-sudo dnf -y update
-sudo dnf -y install dnf-plugins-core
-sudo dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
-sudo dnf -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-sudo systemctl enable docker
-sudo systemctl start docker
-
-# Install recommended packages
-echo "Installing recommended packages..."
-sudo dnf -y install bash-completion git grc net-tools
-
-# Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
-echo "Creating T-Pot group and user..."
-sudo groupadd -g 2000 tpot
-sudo useradd -r -u 2000 -g 2000 -M -s /sbin/nologin tpot
-# Add user to Docker, T-Pot group
-echo "Adding $(whoami) to Docker group..."
-sudo usermod -aG docker $(whoami)
-echo "Adding $(whoami) to T-Pot group..."
-sudo usermod -aG tpot $(whoami)
-
-# Add aliases
-echo "Adding aliases..."
-echo "alias dps='grc docker ps -a'" >> ~/.bashrc
-echo "alias dpsw='watch -c \"grc --colour=on docker ps -a\"'" >> ~/.bashrc
-
-# Show running services
-sudo grc netstat -tulpen
-echo "Please review for possible honeypot port conflicts."
-echo "While SSH is taken care of, other services such as"
-echo "SMTP, HTTP, etc. might prevent T-Pot from starting."
-
-echo "Done. Please reboot and re-connect via SSH on tcp/64295."
-
diff --git a/_deprecated/installer/fedora/uninstall.sh b/_deprecated/installer/fedora/uninstall.sh
deleted file mode 100755
index 8726647e..00000000
--- a/_deprecated/installer/fedora/uninstall.sh
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/bash
-
-# Needs to run as non-root
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" == "root" ]
- then
- echo "Need to run as user ..."
- exit
-fi
-
-# Check if running on Fedora
-if ! grep -q 'ID=fedora' /etc/os-release; then
- echo "This script is designed to run on Fedora. Aborting."
- exit 1
-fi
-
-if [ ! -f /var/log/fedora-install-lock ]; then
- echo "Error: The installer has not been run on this system. Aborting uninstallation."
- exit 1
-fi
-
-# Remove SSH config changes
-echo "Removing SSH config changes..."
-sudo sed -i '/Port 64295/d' /etc/ssh/sshd_config
-
-# Remove DNS config changes
-echo "Updating DNS config..."
-sudo bash -c "sed -i 's/^.*DNSStubListener=.*/#DNSStubListener=yes/' /etc/systemd/resolved.conf"
-sudo systemctl restart systemd-resolved.service
-
-# Restore SELinux config
-echo "Restoring SELinux config..."
-sudo sed -i s/SELINUX=permissive/SELINUX=enforcing/g /etc/selinux/config
-
-# Remove Firewall rules
-echo "Removing Firewall rules..."
-sudo firewall-cmd --permanent --remove-port=64295/tcp
-sudo firewall-cmd --permanent --zone=public --set-target=default
-#sudo firewall-cmd --reload
-sudo firewall-cmd --list-all
-
-# Unload kernel modules
-echo "Unloading kernel modules..."
-sudo modprobe -rv iptable_filter
-sudo rm /etc/modules-load.d/iptables.conf
-
-# Uninstall Docker
-echo "Stopping and removing all containers ..."
-docker stop $(docker ps -aq)
-docker rm $(docker ps -aq)
-echo "Uninstalling Docker..."
-sudo systemctl stop docker
-sudo systemctl disable docker
-sudo dnf -y remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-sudo dnf config-manager --disable docker-ce-stable
-sudo rm /etc/yum.repos.d/docker-ce.repo
-
-# Remove user from Docker, T-Pot group
-echo "Removing $(whoami) from T-Pot group..."
-sudo gpasswd -d $(whoami) tpot
-echo "Removing $(whoami) from Docker group..."
-sudo gpasswd -d $(whoami) docker
-# Remove T-Pot user and group
-echo "Removing T-Pot user..."
-sudo userdel tpot
-echo "Removing T-Pot group..."
-sudo groupdel tpot
-
-# Remove aliases
-echo "Removing aliases..."
-sed -i '/alias dps=/d' ~/.bashrc
-sed -i '/alias dpsw=/d' ~/.bashrc
-
-# Remove installer lock file
-sudo rm /var/log/fedora-install-lock
-
-echo "Done. Please reboot and re-connect via SSH on tcp/22"
-
diff --git a/_deprecated/installer/suse/install.sh b/_deprecated/installer/suse/install.sh
deleted file mode 100755
index 121c71fd..00000000
--- a/_deprecated/installer/suse/install.sh
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/bash
-
-# Needs to run as non-root
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" == "root" ]
- then
- echo "Need to run as user ..."
- exit
-fi
-
-# Check if running on OpenSuse Tumbleweed
-if ! grep -q 'ID="opensuse-tumbleweed"' /etc/os-release; then
- echo "This script is designed to run on OpenSuse Tumbleweed. Aborting."
- exit 1
-fi
-
-if [ -f /var/log/suse-install-lock ]; then
- echo "Error: The installer has already been run on this system. If you wish to run it again, please run the uninstall.sh first."
- exit 1
-fi
-
-# Create installer lock file
-sudo touch /var/log/suse-install-lock
-
-# Update SSH config
-echo "Updating SSH config..."
-sudo bash -c 'echo "Port 64295" >> /etc/ssh/sshd_config.d/port.conf'
-
-# Update Firewall rules
-echo "Updating Firewall rules..."
-sudo firewall-cmd --permanent --add-port=64295/tcp
-sudo firewall-cmd --permanent --zone=public --set-target=ACCEPT
-#sudo firewall-cmd --reload
-sudo firewall-cmd --list-all
-
-# Install docker and recommended packages
-echo "Installing recommended packages..."
-sudo zypper -n update
-sudo zypper -n remove cups net-tools postfix yast2-auth-client yast2-auth-server
-sudo zypper -n install bash-completion docker docker-compose git grc busybox-net-tools
-
-# Enable and start docker
-echo "Enabling and starting docker..."
-systemctl enable docker
-systemctl start docker
-
-# Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
-echo "Creating T-Pot group and user ..."
-sudo groupadd -g 2000 tpot
-sudo useradd -r -u 2000 -g 2000 -s /sbin/nologin tpot
-
-# Add user to Docker, T-Pot group
-echo "Adding $(whoami) to Docker group..."
-sudo usermod -a -G docker $(whoami)
-echo "Adding $(whoami) to T-Pot group..."
-sudo usermod -a -G tpot $(whoami)
-
-# Add aliases
-echo "Adding aliases..."
-echo "alias dps='grc docker ps -a'" >> ~/.bashrc
-echo "alias dpsw='watch -c \"grc --colour=on docker ps -a\"'" >> ~/.bashrc
-
-# Show running services
-sudo grc netstat -tulpen
-echo "Please review for possible honeypot port conflicts."
-echo "While SSH is taken care of, other services such as"
-echo "SMTP, HTTP, etc. might prevent T-Pot from starting."
-
-echo "Done. Please reboot and re-connect via SSH on tcp/64295."
-
diff --git a/_deprecated/installer/suse/uninstall.sh b/_deprecated/installer/suse/uninstall.sh
deleted file mode 100755
index b794a43c..00000000
--- a/_deprecated/installer/suse/uninstall.sh
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/bin/bash
-
-# Needs to run as non-root
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" == "root" ]
- then
- echo "Need to run as user ..."
- exit
-fi
-
-# Check if running on OpenSuse Tumbleweed
-if ! grep -q 'ID="opensuse-tumbleweed"' /etc/os-release; then
- echo "This script is designed to run on OpenSuse Tumbleweed. Aborting."
- exit 1
-fi
-
-if [ ! -f /var/log/suse-install-lock ]; then
- echo "Error: The installer has not been run on this system. Aborting uninstallation."
- exit 1
-fi
-
-# Remove SSH config changes
-echo "Removing SSH config changes..."
-sudo sed -i '/Port 64295/d' /etc/ssh/sshd_config.d/port.conf
-
-# Remove Firewall rules
-echo "Removing Firewall rules..."
-sudo firewall-cmd --permanent --remove-port=64295/tcp
-sudo firewall-cmd --permanent --zone=public --set-target=default
-#sudo firewall-cmd --reload
-sudo firewall-cmd --list-all
-
-# Uninstall Docker
-echo "Stopping and removing all containers ..."
-docker stop $(docker ps -aq)
-docker rm $(docker ps -aq)
-echo "Uninstalling Docker..."
-sudo systemctl stop docker
-sudo systemctl disable docker
-sudo zypper -n remove docker docker-compose
-sudo zypper -n install cups postfix
-
-# Remove user from Docker, T-Pot group
-echo "Removing $(whoami) from T-Pot group..."
-sudo gpasswd -d $(whoami) tpot
-echo "Removing $(whoami) from Docker group..."
-sudo gpasswd -d $(whoami) docker
-# Remove T-Pot user and group
-echo "Removing T-Pot user..."
-sudo userdel tpot
-echo "Removing T-Pot group..."
-sudo groupdel tpot
-
-# Remove aliases
-echo "Removing aliases..."
-sed -i '/alias dps=/d' ~/.bashrc
-sed -i '/alias dpsw=/d' ~/.bashrc
-
-# Remove installer lock file
-sudo rm /var/log/suse-install-lock
-
-echo "Done. Please reboot and re-connect via SSH on tcp/22"
-
diff --git a/_deprecated/installer/ubuntu/install.sh b/_deprecated/installer/ubuntu/install.sh
deleted file mode 100755
index 4061c751..00000000
--- a/_deprecated/installer/ubuntu/install.sh
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/bash
-
-# Needs to run as non-root
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" == "root" ]
- then
- echo "Need to run as user ..."
- exit
-fi
-
-# Check if running on Ubuntu
-if ! grep -q 'ID=ubuntu' /etc/os-release; then
- echo "This script is designed to run on Ubuntu. Aborting."
- exit 1
-fi
-
-if [ -f /var/log/ubuntu-install-lock ]; then
- echo "Error: The installer has already been run on this system. If you wish to run it again, please run the uninstall.sh first."
- exit 1
-fi
-
-# Create installer lock file
-sudo touch /var/log/ubuntu-install-lock
-
-# Update SSH config
-echo "Updating SSH config..."
-sudo bash -c 'echo "Port 64295" >> /etc/ssh/sshd_config'
-sudo systemctl disable ssh.socket
-sudo rm /etc/systemd/system/ssh.service.d/00-socket.conf
-sudo systemctl enable ssh.service
-
-# Update DNS config
-echo "Updating DNS config..."
-sudo bash -c "sed -i 's/^.*DNSStubListener=.*/DNSStubListener=no/' /etc/systemd/resolved.conf"
-sudo systemctl restart systemd-resolved.service
-
-# Install recommended packages
-echo "Installing recommended packages..."
-sudo apt-get -y update
-sudo apt-get -y install bash-completion git grc net-tools vim
-
-# Remove old Docker
-echo "Removing old docker packages..."
-sudo apt-get -y remove docker docker-engine docker.io containerd runc
-
-# Add Docker to repositories, install latest docker
-echo "Adding Docker to repositories and installing..."
-sudo apt-get -y update
-sudo apt-get -y install ca-certificates curl gnupg
-sudo install -m 0755 -d /etc/apt/keyrings
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-sudo chmod a+r /etc/apt/keyrings/docker.gpg
-echo \
- "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
- "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
- sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-sudo apt-get -y update
-sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-sudo systemctl enable docker
-sudo systemctl stop docker
-sudo systemctl start docker
-
-# Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
-echo "Creating T-Pot group and user ..."
-addgroup --gid 2000 tpot
-adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
-# Add user to Docker, T-Pot group
-echo "Adding $(whoami) to Docker group..."
-sudo usermod -aG docker $(whoami)
-echo "Adding $(whoami) to T-Pot group..."
-sudo usermod -aG tpot $(whoami)
-
-# Add aliases
-echo "Adding aliases..."
-echo "alias dps='grc docker ps -a'" >> ~/.bashrc
-echo "alias dpsw='watch -c \"grc --colour=on docker ps -a\"'" >> ~/.bashrc
-
-# Show running services
-sudo grc netstat -tulpen
-echo "Please review for possible honeypot port conflicts."
-echo "While SSH is taken care of, other services such as"
-echo "SMTP, HTTP, etc. might prevent T-Pot from starting."
-
-echo "Done. Please reboot and re-connect via SSH on tcp/64295."
-
diff --git a/_deprecated/installer/ubuntu/uninstall.sh b/_deprecated/installer/ubuntu/uninstall.sh
deleted file mode 100755
index 82b9939b..00000000
--- a/_deprecated/installer/ubuntu/uninstall.sh
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/bash
-
-# Needs to run as non-root
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" == "root" ]
- then
- echo "Need to run as user ..."
- exit
-fi
-
-# Check if running on Ubuntu
-if ! grep -q 'ID=ubuntu' /etc/os-release; then
- echo "This script is designed to run on Ubuntu. Aborting."
- exit 1
-fi
-
-# Check if installer lock file exists
-if [ ! -f /var/log/ubuntu-install-lock ]; then
- echo "Error: The installer has not been run on this system. Aborting."
- exit 1
-fi
-
-# Remove SSH config changes
-echo "Removing SSH config changes..."
-sudo sed -i '/Port 64295/d' /etc/ssh/sshd_config
-sudo systemctl disable ssh.service
-sudo systemctl enable ssh.socket
-
-# Remove DNS config changes
-echo "Updating DNS config..."
-sudo bash -c "sed -i 's/^.*DNSStubListener=.*/#DNSStubListener=yes/' /etc/systemd/resolved.conf"
-sudo systemctl restart systemd-resolved.service
-
-# Uninstall Docker
-echo "Stopping and removing all containers ..."
-docker stop $(docker ps -aq)
-docker rm $(docker ps -aq)
-echo "Uninstalling Docker..."
-sudo systemctl stop docker
-sudo systemctl disable docker
-sudo apt-get -y remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-sudo apt-get -y autoremove
-sudo rm -rf /etc/apt/sources.list.d/docker.list
-sudo rm -rf /etc/apt/keyrings/docker.gpg
-
-# Remove user from Docker, T-Pot group
-echo "Removing $(whoami) from T-Pot group..."
-sudo deluser $(whoami) tpot
-echo "Removing $(whoami) from Docker group..."
-sudo deluser $(whoami) docker
-# Remove T-Pot user and group
-echo "Removing T-Pot user..."
-sudo deluser tpot
-echo "Removing T-Pot group..."
-sudo delgroup tpot
-
-# Remove aliases
-echo "Removing aliases..."
-sed -i '/alias dps=/d' ~/.bashrc
-sed -i '/alias dpsw=/d' ~/.bashrc
-
-# Remove installer lock file
-sudo rm -f /var/log/ubuntu-install-lock
-
-echo "Done. Please reboot and re-connect via SSH on tcp/22"
-
diff --git a/_deprecated/iso/installer/install.sh b/_deprecated/iso/installer/install.sh
deleted file mode 100755
index 72d921a8..00000000
--- a/_deprecated/iso/installer/install.sh
+++ /dev/null
@@ -1,922 +0,0 @@
-#!/bin/bash
-# T-Pot Universal Installer
-
-# Installer can only be executed once.
-myTPOT_INSTALL_LOG="/install.log"
-if [ -s "$myTPOT_INSTALL_LOG" ];
- then
- echo "Aborting. Installer can only be executed once."
- exit
-fi
-
-##################
-# I. Global vars #
-##################
-
-myBACKTITLE="T-Pot-Installer"
-myCONF_FILE="/root/installer/iso.conf"
-myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80"
-mySITES="https://ghcr.io https://github.com https://pypi.python.org https://debian.org"
-myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
-myLSB_STABLE_SUPPORTED="bullseye"
-myLSB_TESTING_SUPPORTED="stable"
-myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org https://listbot.sicherheitstacho.eu"
-myPREINSTALLPACKAGES="aria2 apache2-utils cracklib-runtime curl dialog figlet fuse grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet"
-if [ -f "../../packages.txt" ];
- then myINSTALLPACKAGESFILE="../../packages.txt"
-elif [ -f "/opt/tpot/packages.txt" ];
- then myINSTALLPACKAGESFILE="/opt/tpot/packages.txt"
-elif [ -f "/root/tpot/packages.txt" ];
- then myINSTALLPACKAGESFILE="/root/tpot/packages.txt"
-else
- echo "packages.txt NOT FOUND."
- exit 1
-fi
-myINSTALLPACKAGES=$(cat $myINSTALLPACKAGESFILE)
-myINFO="\
-###########################################
-### T-Pot Installer for Debian (Stable) ###
-###########################################
-
-Disclaimer:
-This script will install T-Pot on this system.
-By running the script you know what you are doing:
-1. SSH will be reconfigured to tcp/64295.
-2. Please ensure other means of access to this system in case something goes wrong.
-3. At best this script will be executed on the console instead through a SSH session.
-
-########################################
-
-Usage:
- $0 --help - Help.
-
-Example:
- $0 --type=user - Best option for most users."
-myNETWORK_INTERFACES="
-wpa-driver wired
-wpa-conf /etc/wpa_supplicant/wired8021x.conf
-
-### Example wireless config for 802.1x
-### This configuration was tested with the IntelNUC series
-### If problems occur you can try and change wpa-driver to \"iwlwifi\"
-### Do not forget to enter a ssid in /etc/wpa_supplicant/wireless8021x.conf
-### The Intel NUC uses wlpXsY notation instead of wlanX
-#
-#auto wlp2s0
-#iface wlp2s0 inet dhcp
-# wpa-driver wext
-# wpa-conf /etc/wpa_supplicant/wireless8021x.conf
-"
-myNETWORK_WIRED8021x="ctrl_interface=/var/run/wpa_supplicant
-ctrl_interface_group=root
-eapol_version=1
-ap_scan=1
-network={
- key_mgmt=IEEE8021X
- eap=TLS
- identity=\"host/$myCONF_PFX_HOST_ID\"
- private_key=\"/etc/wpa_supplicant/8021x.pfx\"
- private_key_passwd=\"$myCONF_PFX_PW\"
-}
-"
-myNETWORK_WLAN8021x="ctrl_interface=/var/run/wpa_supplicant
-ctrl_interface_group=root
-eapol_version=1
-ap_scan=1
-network={
- ssid=\"\"
- key_mgmt=WPA-EAP
- pairwise=CCMP
- group=CCMP
- eap=TLS
- identity=\"host/$myCONF_PFX_HOST_ID\"
- private_key=\"/etc/wpa_supplicant/8021x.pfx\"
- private_key_passwd=\"$myCONF_PFX_PW\"
-}
-"
-myNETWORK_WLANEXAMPLE="
-### Example static ip config
-### Replace with the name of your physical interface name
-#
-#auto eth0
-#iface eth0 inet static
-# address 192.168.1.1
-# netmask 255.255.255.0
-# network 192.168.1.0
-# broadcast 192.168.1.255
-# gateway 192.168.1.1
-# dns-nameservers 192.168.1.1
-
-### Example wireless config without 802.1x
-### This configuration was tested with the IntelNUC series
-### If problems occur you can try and change wpa-driver to \"iwlwifi\"
-#
-#auto wlan0
-#iface wlan0 inet dhcp
-# wpa-driver wext
-# wpa-ssid
-# wpa-ap-scan 1
-# wpa-proto RSN
-# wpa-pairwise CCMP
-# wpa-group CCMP
-# wpa-key-mgmt WPA-PSK
-# wpa-psk \"\"
-"
-myUPDATECHECK="APT::Periodic::Update-Package-Lists \"1\";
-APT::Periodic::Download-Upgradeable-Packages \"0\";
-APT::Periodic::AutocleanInterval \"7\";
-"
-mySYSCTLCONF="
-# Reboot after kernel panic, check via /proc/sys/kernel/panic[_on_oops]
-# Set required map count for ELK
-kernel.panic = 1
-kernel.panic_on_oops = 1
-vm.max_map_count = 262144
-"
-myFAIL2BANCONF="[DEFAULT]
-ignoreip = 127.0.0.1/8
-bantime = 3600
-findtime = 600
-maxretry = 5
-
-[nginx-http-auth]
-enabled = true
-filter = nginx-http-auth
-port = 64297
-logpath = /data/nginx/log/error.log
-
-[pam-generic]
-enabled = true
-port = 64294
-filter = pam-generic
-logpath = /var/log/auth.log
-
-[sshd]
-enabled = true
-port = 64295
-filter = sshd
-logpath = /var/log/auth.log
-"
-mySYSTEMDFIX="[Link]
-NamePolicy=kernel database onboard slot path
-MACAddressPolicy=none
-"
-myCOCKPIT_SOCKET="[Socket]
-ListenStream=
-ListenStream=64294
-"
-mySSHSETTINGS="
-Port 64295
-Match Group tpotlogs
- PermitOpen 127.0.0.1:64305
- ForceCommand /usr/bin/false
-"
-myRANDOM_HOUR=$(shuf -i 2-22 -n 1)
-myRANDOM_MINUTE=$(shuf -i 0-59 -n 1)
-myDEL_HOUR=$(($myRANDOM_HOUR+1))
-myPULL_HOUR=$(($myRANDOM_HOUR-2))
-myCRONJOBS="
-# Check if updated images are available and download them
-$myRANDOM_MINUTE $myPULL_HOUR * * * root docker-compose -f /opt/tpot/etc/tpot.yml pull
-
-# Uploaded binaries are not supposed to be downloaded
-*/1 * * * * root mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/
-
-# Daily reboot
-$myRANDOM_MINUTE $myRANDOM_HOUR * * 1-6 root systemctl stop tpot && docker stop \$(docker ps -aq) && docker rm \$(docker ps -aq); reboot
-
-# Check for updated packages every sunday, upgrade and reboot
-$myRANDOM_MINUTE $myRANDOM_HOUR * * 0 root apt-fast autoclean -y && apt-fast autoremove -y && apt-fast update -y && apt-fast upgrade -y && sleep 10 && reboot
-"
-mySHELLCHECK='[[ $- == *i* ]] || return'
-myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
-myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
-myROOTCOLORS="export LS_OPTIONS='--color=auto'
-eval \"\`dircolors\`\"
-alias ls='ls \$LS_OPTIONS'
-alias ll='ls \$LS_OPTIONS -l'
-alias l='ls \$LS_OPTIONS -lA'"
-
-
-#################
-# II. Functions #
-#################
-
-# Create banners
-function fuBANNER {
- toilet -f ivrit "$1"
-}
-
-# Create funny words for hostnames
-function fuRANDOMWORD {
- local myWORDFILE="$1"
- local myLINES=$(cat $myWORDFILE | wc -l)
- local myRANDOM=$((RANDOM % $myLINES))
- local myNUM=$((myRANDOM * myRANDOM % $myLINES + 1))
- echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z)
-}
-
-# Do we have root?
-function fuGOT_ROOT {
-echo
-echo -n "### Checking for root: "
-if [ "$(whoami)" != "root" ];
- then
- echo "[ NOT OK ]"
- echo "### Please run as root."
- echo "### Example: sudo $0"
- exit
- else
- echo "[ OK ]"
-fi
-}
-
-# Check for pre-installer package requirements.
-# If not present install them
-function fuCHECKPACKAGES {
- export DEBIAN_FRONTEND=noninteractive
- # Make sure dependencies for apt-fast are installed
- myCURL=$(which curl)
- myWGET=$(which wget)
- mySUDO=$(which sudo)
- if [ "$myCURL" == "" ] || [ "$myWGET" == "" ] || [ "$mySUDO" == "" ]
- then
- echo "### Installing deps for apt-fast"
- apt-get -y update
- apt-get -y install curl wget sudo
- fi
- echo "### Installing apt-fast"
- /bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)"
- echo -n "### Checking for installer dependencies: "
- local myPACKAGES="$1"
- for myDEPS in $myPACKAGES;
- do
- myOK=$(dpkg -s $myDEPS 2>&1 | grep -w ok | awk '{ print $3 }' | head -n 1)
- if [ "$myOK" != "ok" ];
- then
- echo "[ NOW INSTALLING ]"
- apt-fast update -y
- apt-fast install -y $myPACKAGES
- break
- fi
- done
- if [ "$myOK" = "ok" ];
- then
- echo "[ OK ]"
- fi
-}
-
-# Check if remote sites are available
-function fuCHECKNET {
- if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
- then
- local mySITES="$1"
- mySITESCOUNT=$(echo $mySITES | wc -w)
- j=0
- for i in $mySITES;
- do
- echo $(expr 100 \* $j / $mySITESCOUNT) | dialog --title "[ Availability check ]" --backtitle "$myBACKTITLE" --gauge "\n Now checking: $i\n" 8 80
- curl --connect-timeout 30 -IsS $i 2>&1>/dev/null
- if [ $? -ne 0 ];
- then
- dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nAvailability check failed. You can continue, but the installation might fail." 10 50
- if [ $? = 1 ];
- then
- dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Abort ]" --msgbox "\nInstallation aborted. Exiting the installer." 7 50
- exit
- else
- break;
- fi;
- fi;
- let j+=1
- echo $(expr 100 \* $j / $mySITESCOUNT) | dialog --keep-window --title "[ Availability check ]" --backtitle "$myBACKTITLE" --gauge "\n Now checking: $i\n" 8 80
- done;
- fi
-}
-
-# Install T-Pot dependencies
-function fuGET_DEPS {
- export DEBIAN_FRONTEND=noninteractive
- echo
- echo "### Getting update information."
- echo
- apt-fast -y update
- echo
- echo "### Upgrading packages."
- echo
- # Downlaod and upgrade packages, but silently keep existing configs
- echo "docker.io docker.io/restart boolean true" | debconf-set-selections -v
- echo "debconf debconf/frontend select noninteractive" | debconf-set-selections -v
- apt-fast -y dist-upgrade -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
- echo
- echo "### Installing T-Pot dependencies."
- echo
- apt-fast -y install $myINSTALLPACKAGES
- # Remove exim4
- echo "### Removing and holding back problematic packages ..."
- apt-fast -y purge exim4-base mailutils pcp cockpit-pcp elasticsearch-curator
- apt-fast -y autoremove
- apt-mark hold exim4-base mailutils pcp cockpit-pcp
-}
-
-# Check for other services
-function fuCHECK_PORTS {
-if [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
- then
- echo
- echo "### Checking for active services."
- echo
- grc netstat -tulpen
- echo
- echo "### Please review your running services."
- echo "### We will take care of SSH (22), but other services i.e. FTP (21), TELNET (23), SMTP (25), HTTP (80), HTTPS (443), etc."
- echo "### might collide with T-Pot's honeypots and prevent T-Pot from starting successfully."
- echo
- while [ 1 != 2 ]
- do
- read -s -n 1 -p "Continue [y/n]? " mySELECT
- echo
- case "$mySELECT" in
- [y,Y])
- break
- ;;
- [n,N])
- exit
- ;;
- esac
- done
-fi
-}
-
-############################
-# III. Pre-Installer phase #
-############################
-fuGOT_ROOT
-fuCHECKPACKAGES "$myPREINSTALLPACKAGES"
-
-#####################################
-# IV. Prepare installer environment #
-#####################################
-
-# Check for Debian release and extract command line arguments
-myLSB=$(lsb_release -c | awk '{ print $2 }')
-myVERSIONS="$myLSB_STABLE_SUPPORTED $myLSB_TESTING_SUPPORTED"
-mySUPPORT="FALSE"
-for i in $myVERSIONS
- do
- if [ "$myLSB" = "$i" ];
- then
- mySUPPORT="TRUE"
- fi
-done
-if [ "$mySUPPORT" = "FALSE" ];
- then
- echo "Aborting. Debian $myLSB is not supported."
- exit
-fi
-if [ "$1" == "" ];
- then
- echo "$myINFO"
- exit
-fi
-for i in "$@"
- do
- case $i in
- --conf=*)
- myTPOT_CONF_FILE="${i#*=}"
- shift
- ;;
- --type=user)
- myTPOT_DEPLOYMENT_TYPE="${i#*=}"
- shift
- ;;
- --type=auto)
- myTPOT_DEPLOYMENT_TYPE="${i#*=}"
- shift
- ;;
- --type=iso)
- myTPOT_DEPLOYMENT_TYPE="${i#*=}"
- shift
- ;;
- --help)
- echo "Usage: $0 "
- echo
- echo "--conf="
- echo " Use this if you want to automatically deploy a T-Pot instance (--type=auto implied)."
- echo " A configuration example is available in \"tpotce/iso/installer/tpot.conf.dist\"."
- echo
- echo "--type=<[user, auto, iso]>"
- echo " user, use this if you want to manually install a T-Pot on a Debian (Stable) machine."
- echo " auto, implied if a configuration file is passed as an argument for automatic deployment."
- echo " iso, use this if you are a T-Pot developer and want to install a T-Pot from a pre-compiled iso."
- echo
- exit
- ;;
- *)
- echo "$myINFO"
- exit
- ;;
- esac
- done
-
-# Validate command line arguments and load config
-# If a valid config file exists, set deployment type to "auto" and load the configuration
-if [ "$myTPOT_DEPLOYMENT_TYPE" == "auto" ] && [ "$myTPOT_CONF_FILE" == "" ];
- then
- echo "Aborting. No configuration file given."
- exit
-fi
-if [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ];
- then
- myTPOT_DEPLOYMENT_TYPE="auto"
- if [ "$(head -n 1 $myTPOT_CONF_FILE | grep -c "# tpot")" == "1" ];
- then
- source "$myTPOT_CONF_FILE"
- else
- echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not a T-Pot configuration file."
- exit
- fi
- elif ! [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ];
- then
- echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not found."
- exit
-fi
-
-# Prepare running the installer
-myUSERCHECK=$(grep "tpot" /etc/passwd | wc -l)
-if [ "$myUSERCHECK" -gt "0" ];
- then
- echo "### The user name \"tpot\" already exists. The tpot username and group may not previously exist or T-Pot will not work."
- echo "### We recommend a fresh install according to the T-Pot Readme Post-Install method."
- echo
- echo "Aborting."
- echo
- exit 0
-fi
-echo "$myINFO" | head -n 3
-fuCHECK_PORTS
-
-
-#######################################
-# V. Installer user interaction phase #
-#######################################
-
-# Set TERM
-export TERM=linux
-
-# If this is a ISO installation we need to wait a few seconds to avoid interference with service messages
-if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
- then
- sleep 5
- dialog --keep-window --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 7 80 7
-fi
-
-# Check if remote sites are available
-fuCHECKNET "$myREMOTESITES"
-
-# Let' s load the iso config file if there is one
-if [ -f $myCONF_FILE ];
- then
- dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Found personalized iso.config ]" --msgbox "\nYour personalized settings will be applied!" 7 47
- source $myCONF_FILE
- else
- # dialog logic considers 1=false, 0=true
- myCONF_PROXY_USE="1"
- myCONF_PFX_USE="1"
- myCONF_NTP_USE="1"
-fi
-
-### <--- Begin proxy setup
-# If a proxy is set in iso.conf it needs to be setup.
-# However, none of the other installation types will automatically take care of a proxy.
-# Please open a feature request if you think this is something worth considering.
-myPROXY="http://$myCONF_PROXY_IP:$myCONF_PROXY_PORT"
-myPROXY_ENV="export http_proxy=$myPROXY
-export https_proxy=$myPROXY
-export HTTP_PROXY=$myPROXY
-export HTTPS_PROXY=$myPROXY
-export no_proxy=localhost,127.0.0.1,.sock
-"
-myPROXY_APT="Acquire::http::Proxy \"$myPROXY\";
-Acquire::https::Proxy \"$myPROXY\";
-"
-myPROXY_DOCKER="http_proxy=$myPROXY
-https_proxy=$myPROXY
-HTTP_PROXY=$myPROXY
-HTTPS_PROXY=$myPROXY
-no_proxy=localhost,127.0.0.1,.sock
-"
-
-if [ "$myCONF_PROXY_USE" == "0" ];
- then
- # Let's setup proxy for the environment
- echo "$myPROXY_ENV" 2>&1 | tee -a /etc/environment | dialog --keep-window --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF
- source /etc/environment
-
- # Let's setup the proxy for apt
- echo "$myPROXY_APT" 2>&1 | tee /etc/apt/apt.conf | dialog --keep-window --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF
-
- # Let's add proxy settings to docker defaults
- echo "$myPROXY_DOCKER" 2>&1 | tee -a /etc/default/docker | dialog --keep-window --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF
-
- # Let's restart docker for proxy changes to take effect
- systemctl stop docker 2>&1 | dialog --keep-window --title "[ Stop docker service ]" $myPROGRESSBOXCONF
- systemctl start docker 2>&1 | dialog --keep-window --title "[ Start docker service ]" $myPROGRESSBOXCONF
-fi
-### ---> End proxy setup
-
-# Let's ask the user for install flavor
-if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
- then
- myCONF_TPOT_FLAVOR=$(dialog --keep-window --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose Your T-Pot Edition ]" --menu \
- "\nRequired: 8-16GB RAM, 128GB SSD\nRecommended: 16GB RAM, 256GB SSD" 17 70 1 \
- "STANDARD" "T-Pot Standalone with everything you need" \
- "HIVE" "T-Pot Hive: ELK & Tools" \
- "HIVE_SENSOR" "T-Pot Hive Sensor: Honeypots & NSM" \
- "INDUSTRIAL" "Same as Standard with focus on Conpot" \
- "LOG4J" "Log4Pot, ELK, NSM & Tools" \
- "MEDICAL" "Dicompot, Medpot, ELK, NSM & Tools" \
- "MINI" "Same as Standard with focus on qHoneypots" \
- "SENSOR" "Just Honeypots & NSM" 3>&1 1>&2 2>&3 3>&-)
-fi
-
-# Let's ask for a secure tsec password if installation type is iso
-if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
- then
- myCONF_TPOT_USER="tsec"
- myPASS1="pass1"
- myPASS2="pass2"
- mySECURE="0"
- while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ]
- do
- while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ]
- do
- myPASS1=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \
- --title "[ Enter password for console user (tsec) ]" \
- --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-)
- done
- myPASS2=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \
- --title "[ Repeat password for console user (tsec) ]" \
- --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-)
- if [ "$myPASS1" != "$myPASS2" ];
- then
- dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \
- --msgbox "\nPlease re-enter your password." 7 60
- myPASS1="pass1"
- myPASS2="pass2"
- fi
- mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK")
- if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ];
- then
- dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50
- myOK=$?
- if [ "$myOK" == "1" ];
- then
- myPASS1="pass1"
- myPASS2="pass2"
- fi
- fi
- done
- printf "%s" "$myCONF_TPOT_USER:$myPASS1" | chpasswd
-fi
-
-# Let's ask for web user credentials if deployment type is iso or user
-# In case of auto, credentials are created from config values
-# Skip this step entirely if SENSOR flavor
-if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
- then
- myOK="1"
- myCONF_WEB_USER="webuser"
- myCONF_WEB_PW="pass1"
- myCONF_WEB_PW2="pass2"
- mySECURE="0"
- while [ 1 != 2 ]
- do
- myCONF_WEB_USER=$(dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Enter your web user name ]" --inputbox "\nUsername (tsec not allowed)" 9 50 3>&1 1>&2 2>&3 3>&-)
- myCONF_WEB_USER=$(echo $myCONF_WEB_USER | tr -cd "[:alnum:]_.-")
- dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myCONF_WEB_USER" 7 50
- myOK=$?
- if [ "$myOK" = "0" ] && [ "$myCONF_WEB_USER" != "tsec" ] && [ "$myCONF_WEB_USER" != "" ];
- then
- break
- fi
- done
- while [ "$myCONF_WEB_PW" != "$myCONF_WEB_PW2" ] && [ "$mySECURE" == "0" ]
- do
- while [ "$myCONF_WEB_PW" == "pass1" ] || [ "$myCONF_WEB_PW" == "" ]
- do
- myCONF_WEB_PW=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \
- --title "[ Enter password for your web user ]" \
- --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-)
- done
- myCONF_WEB_PW2=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \
- --title "[ Repeat password for your web user ]" \
- --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-)
- if [ "$myCONF_WEB_PW" != "$myCONF_WEB_PW2" ];
- then
- dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \
- --msgbox "\nPlease re-enter your password." 7 60
- myCONF_WEB_PW="pass1"
- myCONF_WEB_PW2="pass2"
- fi
- mySECURE=$(printf "%s" "$myCONF_WEB_PW" | cracklib-check | grep -c "OK")
- if [ "$mySECURE" == "0" ] && [ "$myCONF_WEB_PW" == "$myCONF_WEB_PW2" ];
- then
- dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50
- myOK=$?
- if [ "$myOK" == "1" ];
- then
- myCONF_WEB_PW="pass1"
- myCONF_WEB_PW2="pass2"
- fi
- fi
- done
-fi
-
-dialog --clear
-
-##########################
-# VI. Installation phase #
-##########################
-
-exec 2> >(tee "/install.err")
-exec > >(tee "/install.log")
-
-fuBANNER "Installing ..."
-
-fuGET_DEPS
-
-# If flavor is SENSOR do not write credentials
-if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ];
- then
- fuBANNER "Webuser creds"
- mkdir -p /data/nginx/conf
- htpasswd -b -c /data/nginx/conf/nginxpasswd "$myCONF_WEB_USER" "$myCONF_WEB_PW"
- echo
-fi
-
-# Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway)
-if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ];
-then
- fuBANNER "NGINX Certificate"
- myINTIP=$(hostname -I | awk '{ print $1 }')
- mkdir -p /data/nginx/cert
- openssl req \
- -nodes \
- -x509 \
- -sha512 \
- -newkey rsa:8192 \
- -keyout "/data/nginx/cert/nginx.key" \
- -out "/data/nginx/cert/nginx.crt" \
- -days 3650 \
- -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' \
- -addext "subjectAltName = IP:$myINTIP"
-fi
-
-# Let's setup the ntp server
-if [ "$myCONF_NTP_USE" == "0" ];
- then
- fuBANNER "Setup NTP"
- cp $myCONF_NTP_CONF_FILE /etc/systemd/timesyncd.conf
-fi
-
-# Let's setup 802.1x networking
-if [ "myCONF_PFX_USE" == "0" ];
- then
- fuBANNER "Setup 802.1x"
- cp $myCONF_PFX_FILE /etc/wpa_supplicant/
- echo "$myNETWORK_INTERFACES" | tee -a /etc/network/interfaces
- echo "$myNETWORK_WIRED8021x" | tee /etc/wpa_supplicant/wired8021x.conf
- echo "$myNETWORK_WLAN8021x" | tee /etc/wpa_supplicant/wireless8021x.conf
-fi
-
-# Let's provide a wireless example config ...
-fuBANNER "Example config"
-echo "$myNETWORK_WLANEXAMPLE" | tee -a /etc/network/interfaces
-
-# Let's make sure SSH roaming is turned off (CVE-2016-0777, CVE-2016-0778)
-fuBANNER "SSH roaming off"
-echo "UseRoaming no" | tee -a /etc/ssh/ssh_config
-
-# Installing elasticdump, yq
-fuBANNER "Installing pkgs"
-npm install elasticdump -g
-pip3 install glances[docker] yq
-hash -r
-
-# Cloning T-Pot from GitHub
-if ! [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
- then
- fuBANNER "Cloning T-Pot"
- ### DEV
- git clone https://github.com/telekom-security/tpotce /opt/tpot
-fi
-
-# Let's create the T-Pot user
-fuBANNER "Create groups"
-addgroup --gid 2000 tpot
-addgroup tpotlogs
-fuBANNER "Create user"
-adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
-
-# Let's set the hostname
-a=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/a.txt)
-n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt)
-myHOST=$a$n
-fuBANNER "Set hostname"
-hostnamectl set-hostname $myHOST
-sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts
-
-# Prevent cloud-init from overwriting our new hostname
-if [ -f '/etc/cloud/cloud.cfg' ]; then
- sed -i 's/preserve_hostname.*/preserve_hostname: true/g' /etc/cloud/cloud.cfg
-fi
-
-# Let's patch cockpit.socket, sshd_config
-fuBANNER "Adjust ports"
-mkdir -p /etc/systemd/system/cockpit.socket.d
-echo "$myCOCKPIT_SOCKET" | tee /etc/systemd/system/cockpit.socket.d/listen.conf
-sed -i '/^port/Id' /etc/ssh/sshd_config
-echo "$mySSHSETTINGS" | tee -a /etc/ssh/sshd_config
-
-# Do not allow root login for cockpit
-sed -i '2i\auth requisite pam_succeed_if.so uid >= 1000' /etc/pam.d/cockpit
-
-# Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started
-case $myCONF_TPOT_FLAVOR in
- STANDARD)
- fuBANNER "STANDARD"
- ln -s /opt/tpot/etc/compose/standard.yml $myTPOTCOMPOSE
- ;;
- HIVE)
- fuBANNER "HIVE"
- ln -s /opt/tpot/etc/compose/hive.yml $myTPOTCOMPOSE
- ;;
- HIVE_SENSOR)
- fuBANNER "HIVE_SENSOR"
- ln -s /opt/tpot/etc/compose/hive_sensor.yml $myTPOTCOMPOSE
- ;;
- INDUSTRIAL)
- fuBANNER "INDUSTRIAL"
- ln -s /opt/tpot/etc/compose/industrial.yml $myTPOTCOMPOSE
- ;;
- LOG4J)
- fuBANNER "LOG4J"
- ln -s /opt/tpot/etc/compose/log4j.yml $myTPOTCOMPOSE
- ;;
- MEDICAL)
- fuBANNER "MEDICAL"
- ln -s /opt/tpot/etc/compose/medical.yml $myTPOTCOMPOSE
- ;;
- MINI)
- fuBANNER "MINI"
- ln -s /opt/tpot/etc/compose/mini.yml $myTPOTCOMPOSE
- ;;
- SENSOR)
- fuBANNER "SENSOR"
- ln -s /opt/tpot/etc/compose/sensor.yml $myTPOTCOMPOSE
- ;;
-esac
-
-# Let's load docker images
-function fuPULLIMAGES {
-for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | uniq)
- do
- docker pull $name
-done
-}
-fuBANNER "Pull images"
-fuPULLIMAGES
-
-# Let's add the daily update check with a weekly clean interval
-fuBANNER "Modify checks"
-echo "$myUPDATECHECK" | tee /etc/apt/apt.conf.d/10periodic
-
-# Let's make sure to reboot the system after a kernel panic
-fuBANNER "Tweak sysctl"
-echo "$mySYSCTLCONF" | tee -a /etc/sysctl.conf
-
-# Let's setup fail2ban config
-fuBANNER "Setup fail2ban"
-echo "$myFAIL2BANCONF" | tee /etc/fail2ban/jail.d/tpot.conf
-
-# Fix systemd error https://github.com/systemd/systemd/issues/3374
-fuBANNER "Systemd fix"
-echo "$mySYSTEMDFIX" | tee /etc/systemd/network/99-default.link
-
-# Let's add some cronjobs
-fuBANNER "Add cronjobs"
-echo "$myCRONJOBS" | tee -a /etc/crontab
-
-# Let's create some files and folders
-fuBANNER "Files & folders"
-mkdir -vp /data/adbhoney/{downloads,log} \
- /data/ciscoasa/log \
- /data/conpot/log \
- /data/citrixhoneypot/logs \
- /data/cowrie/{downloads,keys,misc,log,log/tty} \
- /data/ddospot/{bl,db,log} \
- /data/dicompot/{images,log} \
- /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
- /data/elasticpot/log \
- /data/elk/{data,log} \
- /data/endlessh/log \
- /data/ews/conf \
- /data/fatt/log \
- /data/glutton/log \
- /data/hellpot/log \
- /data/heralding/log \
- /data/honeypots/log \
- /data/honeysap/log \
- /data/honeytrap/{log,attacks,downloads} \
- /data/ipphoney/log \
- /data/log4pot/{log,payloads} \
- /data/mailoney/log \
- /data/medpot/log \
- /data/nginx/{log,heimdall} \
- /data/p0f/log \
- /data/redishoneypot/log \
- /data/sentrypeer/log \
- /data/spiderfoot \
- /data/suricata/log \
- /data/tanner/{log,files} \
- /home/tsec/.ssh/
-touch /data/nginx/log/error.log
-
-# Let's copy some files
-fuBANNER "Copy configs"
-tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C /
-cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/
-systemctl enable tpot
-
-# Let's take care of some files and permissions
-fuBANNER "Permissions"
-chmod 770 -R /data
-if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
- then
- usermod -a -G tpot tsec
- chown tsec:tsec -R /home/tsec/.ssh
- else
- usermod -a -G tpot $(who am i | awk '{ print $1 }')
-fi
-chown tpot:tpot -R /data
-chmod 644 -R /data/nginx/conf
-chmod 644 -R /data/nginx/cert
-
-# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub
-fuBANNER "Options"
-sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet"#GRUB_CMDLINE_LINUX_DEFAULT="quiet consoleblank=0"#' /etc/default/grub
-sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub
-update-grub
-
-fuBANNER "Setup console"
-cp /usr/share/consolefonts/Uni2-Terminus12x6.psf.gz /etc/console-setup/
-gunzip /etc/console-setup/Uni2-Terminus12x6.psf.gz
-sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup
-sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup
-update-initramfs -u
-sed -i 's#After=.*#After=systemd-tmpfiles-setup.service console-screen.service kbd.service local-fs.target#' /etc/systemd/system/multi-user.target.wants/console-setup.service
-
-# Let's enable a color prompt and add /opt/tpot/bin to path
-fuBANNER "Setup prompt"
-tee -a /root/.bashrc <&1 1>&2 2>&3 3>&-)
-if [ "$myARCH" == "" ];
- then
- exit
-fi
-myMINIISOLINK="http://ftp.debian.org/debian/dists/bullseye/main/installer-$myARCH/current/images/netboot/mini.iso"
-myMINIISO="mini_$myARCH.iso"
-myTPOTISO="tpot_$myARCH.iso"
-
-# Let's load the default config file
-if [ -f $myCONF_DEFAULT_FILE ];
- then
- source $myCONF_DEFAULT_FILE
-fi
-
-# Let's ask the user for a proxy ...
-while true;
-do
- dialog --backtitle "$myBACKTITLE" --title "[ Proxy Settings ]" --yesno "\nDo you want to configure a proxy?" 7 50
- myCONF_PROXY_USE=$?
- if [ "$myCONF_PROXY_USE" = "0" ]
- then
- myIPRESULT="false"
- while [ "$myIPRESULT" = "false" ];
- do
- myCONF_PROXY_IP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy IP?" --inputbox "" 7 50 "$myCONF_PROXY_IP" 3>&1 1>&2 2>&3 3>&-)
- if valid_ip $myCONF_PROXY_IP; then myIPRESULT="true"; fi
- done
- myPORTRESULT="false"
- while [ "$myPORTRESULT" = "false" ];
- do
- myCONF_PROXY_PORT=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy Port (i.e. 3128)?" --inputbox "" 7 50 "$myCONF_PROXY_PORT" 3>&1 1>&2 2>&3 3>&-)
- if [[ $myCONF_PROXY_PORT =~ ^-?[0-9]+$ ]] && [ $myCONF_PROXY_PORT -gt 0 ] && [ $myCONF_PROXY_PORT -lt 65536 ]; then myPORTRESULT="true"; fi
- done
- sed -i.bak 's#d-i mirror/http/proxy.*#d-i mirror/http/proxy string http://'$myCONF_PROXY_IP':'$myCONF_PROXY_PORT'/#' $myTPOTSEED
- break
- else
- myCONF_PROXY_IP=""
- myCONF_PROXY_PORT=""
- break
- fi
-done
-
-# Let's ask the user for 802.1x data ...
-while true;
-do
- dialog --backtitle "$myBACKTITLE" --title "[ Need 802.1x auth? ]" --yesno "\nDo you want to add a 802.1x host certificate?" 7 50
- myCONF_PFX_USE=$?
- if [ "$myCONF_PFX_USE" = "0" ]
- then
- myCONF_PFX_FILE=$(dialog --backtitle "$myBACKTITLE" --fselect "$myCONF_PFX_FILE" 15 50 3>&1 1>&2 2>&3 3>&-)
- if [ -f "$myCONF_PFX_FILE" ]
- then
- cp $myCONF_PFX_FILE $myPFXFILE
- dialog --backtitle "$myBACKTITLE" --title "[ Password protected? ]" --yesno "\nDoes the certificate need your password?" 7 50
- myCONF_PFX_PW_USE=$?
- if [ "$myCONF_PFX_PW_USE" = "0" ]
- then
- myCONF_PFX_PW=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Password?" 7 50 3>&1 1>&2 2>&3 3>&-)
- else
- myCONF_PFX_PW=""
- fi
- myCONF_PFX_HOST_ID=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Host ID?" 7 50 "$myCONF_PFX_HOST_ID" 3>&1 1>&2 2>&3 3>&-)
- break
- else
- dialog --backtitle "$myBACKTITLE" --title "[ Try again! ]" --msgbox "\nThis is no regular file." 7 50;
- fi
- else
- myCONF_PFX_FILE=""
- myCONF_PFX_HOST_ID=""
- myCONF_PFX_PW=""
- break
- fi
-done
-
-# Let's ask the user for a ntp server ...
-while true;
-do
- dialog --backtitle "$myBACKTITLE" --title "[ NTP server? ]" --yesno "\nDo you want to configure a ntp server?" 7 50
- myCONF_NTP_USE=$?
- if [ "$myCONF_NTP_USE" = "0" ]
- then
- myIPRESULT="false"
- while [ "$myIPRESULT" = "false" ];
- do
- myCONF_NTP_IP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "NTP IP?" --inputbox "" 7 50 "$myCONF_NTP_IP" 3>&1 1>&2 2>&3 3>&-)
- if valid_ip $myCONF_NTP_IP; then myIPRESULT="true"; fi
- done
-tee $myNTPCONFFILE < $myCONF_FILE
- echo "myCONF_PROXY_USE=\"$myCONF_PROXY_USE\"" >> $myCONF_FILE
- echo "myCONF_PROXY_IP=\"$myCONF_PROXY_IP\"" >> $myCONF_FILE
- echo "myCONF_PROXY_PORT=\"$myCONF_PROXY_PORT\"" >> $myCONF_FILE
- echo "myCONF_PFX_USE=\"$myCONF_PFX_USE\"" >> $myCONF_FILE
- echo "myCONF_PFX_FILE=\"/root/installer/keys/8021x.pfx\"" >> $myCONF_FILE
- echo "myCONF_PFX_PW_USE=\"$myCONF_PFX_PW_USE\"" >> $myCONF_FILE
- echo "myCONF_PFX_PW=\"$myCONF_PFX_PW\"" >> $myCONF_FILE
- echo "myCONF_PFX_HOST_ID=\"$myCONF_PFX_HOST_ID\"" >> $myCONF_FILE
- echo "myCONF_NTP_USE=\"$myCONF_NTP_USE\"" >> $myCONF_FILE
- echo "myCONF_NTP_IP=\"$myCONF_NTP_IP\"" >> $myCONF_FILE
- echo "myCONF_NTP_CONF_FILE=\"/root/installer/timesyncd.conf\"" >> $myCONF_FILE
-fi
-
-# Let's download Debian Minimal ISO
-if [ ! -f $myMINIISO ]
- then
- wget $myMINIISOLINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian for $myARCH ]" --gauge "" 5 70;
- echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian for $myARCH ... Done! ]" --gauge "" 5 70;
- # Need to rename after download or progresss bar does not work.
- mv mini.iso $myMINIISO
- else
- dialog --infobox "Using previously downloaded .iso ..." 3 50;
-fi
-
-# Let's extract ISO contents (using / to extract all from ISO root)
-xorriso -osirrox on -indev $myMINIISO -extract / $myTPOTDIR
-
-# Let's modify initrd and create a tmp for the initrd filesystem we need to modify
-gunzip $myTPOTDIR/initrd.gz
-mkdir $myTPOTDIR/tmp
-cd $myTPOTDIR/tmp
-cpio --extract --make-directories --no-absolute-filenames < ../initrd
-cd ..
-rm initrd
-cd ..
-
-# Let's add the files for the automated install
-mkdir -p $myTPOTDIR/tmp/opt/
-cp iso/installer -R $myTPOTDIR/tmp/opt/
-# Isolinux is only necessary for AMD64
-if [ "$myARCH" = "amd64" ];
- then
- cp iso/isolinux/* $myTPOTDIR/
- else
- sed -i "s#menuentry 'Install'#menuentry 'Install T-Pot 22.04.0 (ARM64)'#g" $myTPOTDIR/boot/grub/grub.cfg
-fi
-# For now we need architecture based preseeds
-cp iso/preseed/tpot_$myARCH.seed $myTPOTDIR/tmp/preseed.cfg
-
-# Let's create the new initrd
-cd $myTPOTDIR/tmp
-find . | cpio -H newc --create > ../initrd
-cd ..
-gzip initrd
-rm -rf tmp
-cd ..
-
-# Since ARM64 needs EFI we need different methods to build the ISO
-cd $myTPOTDIR
-if [ "$myARCH" == "amd64" ];
- then
- # Create AMD64 .iso
- xorrisofs -gui -D -r -V "T-Pot $myARCH" \
- -cache-inodes -J -l -b isolinux.bin \
- -c boot.cat -no-emul-boot -boot-load-size 4 \
- -boot-info-table \
- -o ../"$myTPOTISO" ../"$myTPOTDIR" 2>&1 | awk '{print $1+0} fflush()' | cut -f1 -d"." | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot $myARCH .iso ... ]" --gauge "" 5 70 0
- echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot $myARCH .iso ... Done! ]" --gauge "" 5 70
- cd ..
- isohybrid $myTPOTISO
- else
- # Create ARM64 .iso
- xorriso -as mkisofs -r -V "T-Pot $myARCH" \
- -J -joliet-long -cache-inodes \
- -e boot/grub/efi.img \
- -no-emul-boot \
- -append_partition 2 0xef boot/grub/efi.img \
- -partition_cyl_align all \
- -o ../"$myTPOTISO" \
- ../"$myTPOTDIR"
- echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot $myARCH .iso ... Done! ]" --gauge "" 5 70
- cd ..
-fi
-sha256sum $myTPOTISO > "tpot_$myARCH.sha256"
-
-# Let's write the image
-while true;
-do
- dialog --backtitle "$myBACKTITLE" --yesno "\nWrite .iso to USB drive?" 7 50
- myUSBCOPY=$?
- if [ "$myUSBCOPY" = "0" ]
- then
- myTARGET=$(dialog --backtitle "$myBACKTITLE" --title "[ Select target device ... ]" --menu "" 16 40 10 $(lsblk -io NAME,SIZE -dnp) 3>&1 1>&2 2>&3 3>&-)
- if [ "$myTARGET" != "" ]
- then
- dialog --backtitle "$myBACKTITLE" --yesno "\nWrite .iso to "$myTARGET"?" 7 50
- myWRITE=$?
- if [ "$myWRITE" = "0" ]
- then
- umount $myTARGET? 2>&1 || true
- (pv -n "$myTPOTISO" | dd of="$myTARGET") 2>&1 | dialog --backtitle "$myBACKTITLE" --title "[ Writing .iso to target ... ]" --gauge "" 5 70 0
- echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Writing .iso to target ... Done! ]" --gauge "" 5 70
- udisksctl power-off -b $myTARGET 2>&1
- break
- fi
- fi
- else
- break;
- fi
-done
-
-dialog --clear
-
-exit 0
diff --git a/_deprecated/packages.txt b/_deprecated/packages.txt
deleted file mode 100644
index 78c6795a..00000000
--- a/_deprecated/packages.txt
+++ /dev/null
@@ -1,61 +0,0 @@
-aria2
-apache2-utils
-apparmor
-apt-transport-https
-bash-completion
-bat
-build-essential
-ca-certificates
-cgroupfs-mount
-cockpit conntrack
-console-setup
-console-setup-linux
-cracklib-runtime
-curl
-debconf-utils
-dialog
-dnsutils
-docker.io
-docker-compose
-ethtool
-fail2ban
-figlet
-fuse
-genisoimage
-git
-grc
-haveged
-html2text
-htop
-iptables
-iw
-jq
-kbd
-libcrack2
-libltdl7
-libpam-google-authenticator
-libpq-dev
-lsb-release
-man
-mosh
-multitail
-net-tools
-neovim
-npm
-openssh-server
-openssl
-pass
-pigz
-prips
-software-properties-common
-sshpass
-psmisc
-pv
-python3-pip
-systemd-timesyncd
-toilet
-unattended-upgrades
-unzip
-wget
-wireless-tools
-wpasupplicant
diff --git a/_deprecated/update.sh b/_deprecated/update.sh
deleted file mode 100755
index 877d38fd..00000000
--- a/_deprecated/update.sh
+++ /dev/null
@@ -1,392 +0,0 @@
-#!/bin/bash
-
-# Some global vars
-myCONFIGFILE="/opt/tpot/etc/tpot.yml"
-myCOMPOSEPATH="/opt/tpot/etc/compose"
-myLSB_RELEASE=("bullseye" "bookworm")
-myRED="�[0;31m"
-myGREEN="�[0;32m"
-myWHITE="�[0;0m"
-myBLUE="�[0;34m"
-
-# Check for existing tpot.yml
-function fuCONFIGCHECK () {
- echo
- echo "### Checking for T-Pot configuration file ..."
- if ! [ -L $myCONFIGFILE ];
- then
- echo -n "###### $myBLUE$myCONFIGFILE$myWHITE "
- myFILE=$(head -n 1 $myCONFIGFILE | tr -d "()" | tr [:upper:] [:lower:] | awk '{ print $3 }')
- myFILE+=".yml"
- echo "[ $myRED""NOT OK""$myWHITE ] - Broken symlink, trying to reset to '$myFILE'."
- rm -rf $myCONFIGFILE
- ln -s $myCOMPOSEPATH/$myFILE $myCONFIGFILE
- fi
- if [ -L $myCONFIGFILE ];
- then
- echo "###### $myBLUE$myCONFIGFILE$myWHITE [ $myGREEN""OK""$myWHITE ]"
- else
- echo "[ $myRED""NOT OK""$myWHITE ] - Broken symlink and / or restore failed."
- echo "Please create a link to your desired config i.e. 'ln -s /opt/tpot/etc/compose/standard.yml /opt/tpot/etc/tpot.yml'."
- exit
- fi
-echo
-}
-
-# Let's test the internet connection
-function fuCHECKINET () {
-mySITES=$1
- echo
- echo "### Now checking availability of ..."
- for i in $mySITES;
- do
- echo -n "###### $myBLUE$i$myWHITE "
- curl --connect-timeout 5 -IsS $i 2>&1>/dev/null
- if [ $? -ne 0 ];
- then
- echo
- echo "###### $myBLUE""Error - Internet connection test failed.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
- echo "Exiting.""$myWHITE"
- echo
- exit 1
- else
- echo "[ $myGREEN"OK"$myWHITE ]"
- fi
- done;
-echo
-}
-
-# Update
-function fuSELFUPDATE () {
- echo
- echo "### Now checking for newer files in repository ..."
- git fetch --all
- myREMOTESTAT=$(git status | grep -c "up-to-date")
- if [ "$myREMOTESTAT" != "0" ];
- then
- echo "###### $myBLUE""No updates found in repository.""$myWHITE"
- return
- fi
- ### DEV
- myRESULT=$(git diff --name-only origin/master | grep "^update.sh")
- if [ "$myRESULT" == "update.sh" ];
- then
- echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE"
- git reset --hard
- git pull --force
- exec ./update.sh -y
- exit 1
- else
- echo "###### $myBLUE""Pulling updates from repository.""$myWHITE"
- git reset --hard
- git pull --force
- fi
-echo
-}
-
-# Let's check for version, upgrade to Debian 11
-function fuCHECK_VERSION () {
-local myMINVERSION="22.04.0"
-local myMASTERVERSION="22.04.0"
-echo
-echo "### Checking for Release ID"
-myRELEASE=$(lsb_release -c | awk '{ print $2 }')
-if [[ ! " ${myLSB_RELEASE[@]} " =~ " ${myRELEASE} " ]];
- then
- echo "###### Need to upgrade to Debian 11 (Bullseye) first:$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
- echo "###### Upgrade may result in complete data loss and should not be run via SSH."
- echo "###### If you installed T-Pot using the post-install method instead of the ISO it is recommended you upgrade manually to Debian 11 (Bullseye) and then re-run update.sh."
- echo "###### Do you want to upgrade to Debian 11 (Bullseye) now?"
- while [ "$myQST" != "y" ] && [ "$myQST" != "n" ];
- do
- read -p "Upgrade? (y/n) " myQST
- done
- if [ "$myQST" = "n" ];
- then
- echo
- echo $myGREEN"Aborting!"$myWHITE
- echo
- exit
- else
- echo "###### Stopping and disabling T-Pot services ... "
- echo
- systemctl stop tpot
- systemctl disable tpot
- systemctl stop docker
- systemctl start docker
- docker stop $(docker ps -aq)
- docker rm -v $(docker ps -aq)
- echo "###### Switching /etc/apt/sources.list from buster to bullseye ... "
- echo
- sed -i 's/buster/bullseye/g' /etc/apt/sources.list
- echo "###### Updating repositories ... "
- echo
- apt-fast update
- export DEBIAN_FRONTEND=noninteractive
- echo "###### Running full upgrade ... "
- echo
- echo "docker.io docker.io/restart boolean true" | debconf-set-selections -v
- echo "ssh ssh/restart boolean true" | debconf-set-selections -v
- echo "cron cron/restart boolean true" | debconf-set-selections -v
- echo "debconf debconf/frontend select noninteractive" | debconf-set-selections -v
- apt-fast full-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
- dpkg --configure -a
- echo "###### $myBLUE""Finished with upgrading. Now restarting update.sh and to continue with T-Pot related updates.""$myWHITE"
- exec ./update.sh -y
- exit 1
- fi
-fi
-echo
-echo "### Checking for version tag ..."
-if [ -f "version" ];
- then
- myVERSION=$(cat version)
- if [[ "$myVERSION" > "$myMINVERSION" || "$myVERSION" == "$myMINVERSION" ]] && [[ "$myVERSION" < "$myMASTERVERSION" || "$myVERSION" == "$myMASTERVERSION" ]]
- then
- echo "###### $myBLUE$myVERSION is eligible for the update procedure.$myWHITE"" [ $myGREEN""OK""$myWHITE ]"
- else
- echo "###### $myBLUE $myVERSION cannot be upgraded automatically. Please run a fresh install.$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
- exit
- fi
- else
- echo "###### $myBLUE""Unable to determine version. Please run 'update.sh' from within '/opt/tpot'.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
- exit
- fi
-echo
-}
-
-# Stop T-Pot to avoid race conditions with running containers with regard to the current T-Pot config
-function fuSTOP_TPOT () {
-echo
-echo "### Need to stop T-Pot ..."
-echo -n "###### $myBLUE Now stopping T-Pot.$myWHITE "
-systemctl stop tpot
-if [ $? -ne 0 ];
- then
- echo " [ $myRED""NOT OK""$myWHITE ]"
- echo "###### $myBLUE""Could not stop T-Pot.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
- echo "Exiting.""$myWHITE"
- echo
- exit 1
- else
- echo "[ $myGREEN"OK"$myWHITE ]"
- echo "###### $myBLUE Now disabling T-Pot service.$myWHITE "
- systemctl disable tpot
- echo "###### $myBLUE Now cleaning up containers.$myWHITE "
- if [ "$(docker ps -aq)" != "" ];
- then
- docker stop $(docker ps -aq)
- docker rm $(docker ps -aq)
- fi
-fi
-echo
-}
-
-# Backup
-function fuBACKUP () {
-local myARCHIVE="/root/$(date +%Y%m%d%H%M)_tpot_backup.tgz"
-local myPATH=$PWD
-echo
-echo "### Create a backup, just in case ... "
-echo -n "###### $myBLUE Building archive in $myARCHIVE $myWHITE"
-cd /opt/tpot
-tar cvfz $myARCHIVE * 2>&1>/dev/null
-if [ $? -ne 0 ];
- then
- echo " [ $myRED""NOT OK""$myWHITE ]"
- echo "###### $myBLUE""Something went wrong.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
- echo "Exiting.""$myWHITE"
- echo
- cd $myPATH
- exit 1
- else
- echo "[ $myGREEN"OK"$myWHITE ]"
- cd $myPATH
-fi
-echo
-}
-
-# Remove old images for specific tag
-function fuREMOVEOLDIMAGES () {
-local myOLDTAG=$1
-local myOLDIMAGES=$(docker images | grep -c "$myOLDTAG")
-if [ "$myOLDIMAGES" -gt "0" ];
- then
- echo
- echo "### Removing old docker images."
- docker rmi $(docker images | grep "$myOLDTAG" | awk '{print $3}')
-fi
-}
-
-# Let's load docker images in parallel
-function fuPULLIMAGES {
-local myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
-for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | uniq)
- do
- docker pull $name &
- done
-wait
-echo
-}
-
-function fuUPDATER () {
-export DEBIAN_FRONTEND=noninteractive
-echo
-echo "### Installing apt-fast"
-/bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)"
-local myPACKAGES=$(cat /opt/tpot/packages.txt)
-echo
-echo "### Removing and holding back problematic packages ..."
-apt-fast -y --allow-change-held-packages purge cockpit-pcp elasticsearch-curator exim4-base mailutils ntp pcp
-apt-mark hold exim4-base mailutils ntp pcp cockpit-pcp
-hash -r
-echo
-echo "### Now upgrading packages ..."
-dpkg --configure -a
-apt-fast -y autoclean
-apt-fast -y autoremove
-apt-fast update
-apt-fast -y install $myPACKAGES
-
-# Some updates require interactive attention, and the following settings will override that.
-echo "docker.io docker.io/restart boolean true" | debconf-set-selections -v
-echo "debconf debconf/frontend select noninteractive" | debconf-set-selections -v
-apt-fast -y dist-upgrade -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
-dpkg --configure -a
-npm cache clean --force
-npm install elasticdump -g
-pip3 install --upgrade glances[docker] yq
-hash -r
-echo
-echo "### Now replacing T-Pot related config files on host"
-cp host/etc/systemd/* /etc/systemd/system/
-systemctl daemon-reload
-
-# Ensure some defaults
-echo
-echo "### Ensure some T-Pot defaults with regard to some folders, permissions and configs."
-sed -i '/^port/I,$d' /etc/ssh/sshd_config
-tee -a /etc/ssh/sshd_config << EOF
-Port 64295
-Match Group tpotlogs
- PermitOpen 127.0.0.1:64305
- ForceCommand /usr/bin/false
-EOF
-
-### Ensure creation of T-Pot related folders, just in case
-mkdir -vp /data/adbhoney/{downloads,log} \
- /data/ciscoasa/log \
- /data/conpot/log \
- /data/citrixhoneypot/logs \
- /data/cowrie/{downloads,keys,misc,log,log/tty} \
- /data/ddospot/{bl,db,log} \
- /data/dicompot/{images,log} \
- /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
- /data/elasticpot/log \
- /data/elk/{data,log} \
- /data/endlessh/log \
- /data/ews/conf \
- /data/fatt/log \
- /data/glutton/log \
- /data/hellpot/log \
- /data/heralding/log \
- /data/honeypots/log \
- /data/honeysap/log \
- /data/honeytrap/{log,attacks,downloads} \
- /data/ipphoney/log \
- /data/log4pot/{log,payloads} \
- /data/mailoney/log \
- /data/medpot/log \
- /data/nginx/{log,heimdall} \
- /data/p0f/log \
- /data/redishoneypot/log \
- /data/sentrypeer/log \
- /data/spiderfoot \
- /data/suricata/log \
- /data/tanner/{log,files} \
- /home/tsec/.ssh/
-
-### Let's take care of some files and permissions
-chmod 770 -R /data
-chown tpot:tpot -R /data
-chmod 644 -R /data/nginx/conf
-chmod 644 -R /data/nginx/cert
-
-echo
-echo "### Now pulling latest docker images ..."
-echo "######$myBLUE This might take a while, please be patient!$myWHITE"
-fuPULLIMAGES 2>&1>/dev/null
-
-fuREMOVEOLDIMAGES "2006"
-
-echo
-echo "### Copying T-Pot service to systemd."
-cp /opt/tpot/host/etc/systemd/tpot.service /etc/systemd/system/
-systemctl enable tpot
-
-echo
-echo "### If you made changes to tpot.yml please ensure to add them again."
-echo "### We stored the previous version as backup in /root/."
-echo "### Some updates may need an import of the latest Kibana objects as well."
-echo "### Download the latest objects here if they recently changed:"
-echo "### https://raw.githubusercontent.com/telekom-security/tpotce/master/etc/objects/kibana_export.ndjson.zip"
-echo "### Export and import the objects easily through the Kibana WebUI:"
-echo "### Go to Kibana > Management > Saved Objects > Export / Import"
-echo
-}
-
-function fuRESTORE_EWSCFG () {
-if [ -f '/data/ews/conf/ews.cfg' ] && ! grep 'ews.cfg' $myCONFIGFILE > /dev/null; then
- echo
- echo "### Restoring volume mount for ews.cfg in tpot.yml"
- sed -i --follow-symlinks '/\/opt\/ewsposter\/ews.ip/a\\ \ \ \ \ - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg' $myCONFIGFILE
-fi
-}
-
-function fuRESTORE_HPFEEDS () {
-if [ -f '/data/ews/conf/hpfeeds.cfg' ]; then
- echo
- echo "### Restoring HPFEEDS in tpot.yml"
- ./bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
-fi
-}
-
-
-################
-# Main section #
-################
-
-# Got root?
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
- then
- echo
- echo "Need to run as root ..."
- echo
- exit
-fi
-
-# Only run with command switch
-if [ "$1" != "-y" ]; then
- echo
- echo "This script will update / upgrade all T-Pot related scripts, tools and packages to the latest versions."
- echo "A backup of /opt/tpot will be written to /root. If you are unsure, you should save your work."
- echo "This is a beta feature and only recommended for experienced users."
- echo "If you understand the involved risks feel free to run this script with the '-y' switch."
- echo
- exit
-fi
-
-fuCHECK_VERSION
-fuCONFIGCHECK
-fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://debian.org"
-fuSTOP_TPOT
-fuBACKUP
-fuSELFUPDATE "$0" "$@"
-fuUPDATER
-fuRESTORE_EWSCFG
-fuRESTORE_HPFEEDS
-
-echo
-echo "### Done. Please reboot."
-echo
diff --git a/compose/README b/compose/README
deleted file mode 100644
index 4dd3a21a..00000000
--- a/compose/README
+++ /dev/null
@@ -1,9 +0,0 @@
-This folder contains docker-compose.yml files, basically referring to installation types.
-
-Just copy the .yml file you want to use over the on in the parent folder, but unload docker compose first:
-> $ docker compose down -v
-> $ cd compose
-> $ cp standard.yml ../docker-compose.yml
-
-For Docker Desktop on macOS and Windows machines is only one .yml available "mac_win.yml" which is a stripped down
-version of T-Pot able to run with the constraints of Docker Desktop.
diff --git a/compose/customizer.py b/compose/customizer.py
index c5f7e42e..b56985f0 100644
--- a/compose/customizer.py
+++ b/compose/customizer.py
@@ -2,7 +2,7 @@ from datetime import datetime
import yaml
version = \
- """# T-Pot Service Builder v0.2
+ """# T-Pot Service Builder v0.21
This script is intended as a kickstarter for users who want to build a customized docker-compose.yml for use with T-Pot.
@@ -14,9 +14,9 @@ version = \
"""
header = \
- """# T-Pot: CUSTOM EDITION
- # Generated on: {current_date}
- """
+"""# T-Pot: CUSTOM EDITION
+# Generated on: {current_date}
+"""
config_filename = "tpot_services.yml"
service_filename = "docker-compose-custom.yml"