Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-05 22:58:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions1

add genuser.sh, fix errors

Browse source 
macOS and Windows might not have htpasswd tools available, so adding this to the tpotinit image. users can run genuser.sh which simply contains a docker command to run tpotinit to create a user and add it to the T-Pot config (.env).
Fix an issue where WEB_USER was added with hyphens
Fix issues where shebang was incorrect
Update .env / env.example
This commit is contained in:
t3chn0m4g3 2024-03-13 16:30:17 +01:00
parent 1e5e57a52b
commit fe5eac0104
7 changed files with 123 additions and 5 deletions

2
.env
View file

@ -7,7 +7,7 @@
# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd. # Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
# <empty>: This is the default # <empty>: This is the default
# <base64 encoded htpasswd usernames / passwords>: # <base64 encoded htpasswd usernames / passwords>:
# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot # Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot, run 'install.sh' or 'genuser.sh' if you just want to add a web user.
# Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= # Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
# Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= # Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
# Multiple users are possible: # Multiple users are possible:

1
docker/tpotinit/Dockerfile
View file

@ -10,6 +10,7 @@ RUN apk --no-cache -U add \
bash \ bash \
bind-tools \ bind-tools \
conntrack-tools \ conntrack-tools \
cracklib \
curl \ curl \
ethtool \ ethtool \
figlet \ figlet \

115
docker/tpotinit/dist/bin/genuser.sh vendored Executable file
View file

@ -0,0 +1,115 @@
#!/usr/bin/env bash
myTPOT_CONF_FILE=/data/.env
# Read WEB_USER from file
WEB_USER=$(grep "^WEB_USER=" "${myTPOT_CONF_FILE}" | sed 's/^WEB_USER=//g' | tr -d "\"'")
myPW=$(cat << "EOF"
__ __ _ _ _ [ T-Pot ]
\ \ / /__| |__ | | | |___ ___ _ __
\ \ /\ / / _ \ '_ \| | | / __|/ _ \ '__|
\ V V / __/ |_) | |_| \__ \ __/ |
\_/\_/ \___|_.__/ \___/|___/\___|_|
EOF
)
# Generate T-Pot WebUser
echo "$myPW"
echo
echo "### This script will ask for and create T-Pot web users."
echo
# Preparing web user for T-Pot
echo
echo "### T-Pot User Configuration ..."
echo
# Asking for web user name
myWEB_USER=""
while [ 1 != 2 ];
do
myOK=""
read -rp "### Enter your web user name: " myWEB_USER
myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-")
echo "### Your username is: ${myWEB_USER}"
while [[ ! "${myOK}" =~ [YyNn] ]];
do
read -rp "### Is this correct? (y/n) " myOK
done
if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ];
then
break
else
echo
fi
done
# Asking for web user password
myWEB_PW="pass1"
myWEB_PW2="pass2"
mySECURE=0
myOK=""
while [ "${myWEB_PW}" != "${myWEB_PW2}" ] && [ "${mySECURE}" == "0" ]
do
echo
while [ "${myWEB_PW}" == "pass1" ] || [ "${myWEB_PW}" == "" ]
do
read -rsp "### Enter password for your web user: " myWEB_PW
echo
done
read -rsp "### Repeat password you your web user: " myWEB_PW2
echo
if [ "${myWEB_PW}" != "${myWEB_PW2}" ];
then
echo "### Passwords do not match."
myWEB_PW="pass1"
myWEB_PW2="pass2"
fi
mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK")
if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ];
then
while [[ ! "${myOK}" =~ [YyNn] ]];
do
read -rp "### Keep insecure password? (y/n) " myOK
done
if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ];
then
myWEB_PW="pass1"
myWEB_PW2="pass2"
mySECURE=0
myOK=""
fi
fi
done
# Write username and password to T-Pot config file
echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"
myWEB_USER_ENC=$(htpasswd -b -n "${myWEB_USER}" "${myWEB_PW}")
myWEB_USER_ENC_B64=$(echo -n "${myWEB_USER_ENC}" | base64 -w0)
# Add the new web user
if [ "${WEB_USER}" == "" ];
then
WEB_USER="${myWEB_USER_ENC_B64}"
else
WEB_USER="${WEB_USER} ${myWEB_USER_ENC_B64}"
fi
sed -i "s|^WEB_USER=.*|WEB_USER=${WEB_USER}|" ${myTPOT_CONF_FILE}
# Done
echo
echo "### The following users are now configured in the .env:"
echo
for i in ${WEB_USER};
do
if [[ -n $i ]];
then
# Need to control newlines as they kept coming up for some reason
echo -n "$i" | base64 -d -w0 | tr -d '\n'; echo -n " => [$i]";
echo
fi
done
echo
echo "### You can remove them by opening the .env and adjust the WEB_USER entry."
echo
echo "### Done."
echo

2
docker/tpotinit/dist/entrypoint.sh vendored
View file

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
COMPOSE="/tmp/tpot/docker-compose.yml" COMPOSE="/tmp/tpot/docker-compose.yml"
exec > >(tee /data/tpotinit.log) 2>&1 exec > >(tee /data/tpotinit.log) 2>&1

2
env.example
View file

@ -7,7 +7,7 @@
# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd. # Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
# <empty>: This is the default # <empty>: This is the default
# <base64 encoded htpasswd usernames / passwords>: # <base64 encoded htpasswd usernames / passwords>:
# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot # Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot, run 'install.sh' or 'genuser.sh' if you just want to add a web user.
# Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= # Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
# Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= # Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
# Multiple users are possible: # Multiple users are possible:

2
genuser.sh Executable file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
docker run -v $PWD:/data --entrypoint bash -it -u $(id -u):$(id -g) dtagdevsec/tpotinit:alpha "/opt/tpot/bin/genuser.sh"

4
install.sh
View file

@ -1,4 +1,4 @@
#/usr/bin/env bash #!/usr/bin/env bash
myINSTALL_NOTIFICATION="### Now installing required packages ..." myINSTALL_NOTIFICATION="### Now installing required packages ..."
myUSER=$(whoami) myUSER=$(whoami)
@ -257,7 +257,7 @@ if [ "${myTPOT_TYPE}" == "HIVE" ];
myWEB_USER_ENC_B64=$(echo -n "${myWEB_USER_ENC}" | base64 -w0) myWEB_USER_ENC_B64=$(echo -n "${myWEB_USER_ENC}" | base64 -w0)
echo echo
sed -i "s|^WEB_USER=.*|WEB_USER='${myWEB_USER_ENC_B64}'|" ${myTPOT_CONF_FILE} sed -i "s|^WEB_USER=.*|WEB_USER=${myWEB_USER_ENC_B64}|" ${myTPOT_CONF_FILE}
# Install T-Pot Type HIVE and use standard.yml for installation # Install T-Pot Type HIVE and use standard.yml for installation
cp ${HOME}/tpotce/compose/standard.yml ${HOME}/tpotce/docker-compose.yml cp ${HOME}/tpotce/compose/standard.yml ${HOME}/tpotce/docker-compose.yml