mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-26 18:24:45 +00:00 
			
		
		
		
	Compare commits
	
		
			17 commits
		
	
	
		
			23d09e441d
			...
			c8cdd59d61
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | c8cdd59d61 | ||
|   | b5a1c0bdf1 | ||
|   | 780e2245c7 | ||
|   | cbcf7871ec | ||
|   | c38fab7670 | ||
|   | 444b181075 | ||
|   | 59c6672df7 | ||
|   | 87733c6b65 | ||
|   | f609e20567 | ||
|   | 78acb5f5c0 | ||
|   | 99abefe98e | ||
|   | 82147ba4bd | ||
|   | a7af16f69a | ||
|   | 5e333eba59 | ||
|   | c2748f9904 | ||
|   | d94207e56e | ||
|   | cb8933cddb | 
					 6 changed files with 267 additions and 99 deletions
				
			
		
							
								
								
									
										24
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										24
									
								
								README.md
									
									
									
									
									
								
							|  | @ -39,6 +39,7 @@ env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/in | ||||||
|   - [Raspberry Pi 4 (8GB) Support](#raspberry-pi-4-8gb-support) |   - [Raspberry Pi 4 (8GB) Support](#raspberry-pi-4-8gb-support) | ||||||
|   - [Get and install T-Pot](#get-and-install-t-pot) |   - [Get and install T-Pot](#get-and-install-t-pot) | ||||||
|   - [macOS \& Windows](#macos--windows) |   - [macOS \& Windows](#macos--windows) | ||||||
|  |   - [Red Hat Enterprise Linux](#red-hat-enterprise-linux) | ||||||
|   - [Installation Types](#installation-types) |   - [Installation Types](#installation-types) | ||||||
|     - [Standard / Hive](#standard--hive) |     - [Standard / Hive](#standard--hive) | ||||||
|     - [Distributed](#distributed) |     - [Distributed](#distributed) | ||||||
|  | @ -190,7 +191,7 @@ T-Pot offers a number of services which are basically divided into five groups: | ||||||
| During the installation and during the usage of T-Pot there are two different types of accounts you will be working with. Make sure you know the differences of the different account types, since it is **by far** the most common reason for authentication errors. | During the installation and during the usage of T-Pot there are two different types of accounts you will be working with. Make sure you know the differences of the different account types, since it is **by far** the most common reason for authentication errors. | ||||||
| 
 | 
 | ||||||
| | Service          | Account Type | Username / Group | Description                                                        | | | Service          | Account Type | Username / Group | Description                                                        | | ||||||
| | :--------------- | :----------- | :--------------- | :----------------------------------------------------------------- | | |:-----------------|:-------------|:-----------------|:-------------------------------------------------------------------| | ||||||
| | SSH              | OS           | `<OS_USERNAME>`  | The user you chose during the installation of the OS.              | | | SSH              | OS           | `<OS_USERNAME>`  | The user you chose during the installation of the OS.              | | ||||||
| | Nginx            | BasicAuth    | `<WEB_USER>`     | `<web_user>` you chose during the installation of T-Pot.           | | | Nginx            | BasicAuth    | `<WEB_USER>`     | `<web_user>` you chose during the installation of T-Pot.           | | ||||||
| | CyberChef        | BasicAuth    | `<WEB_USER>`     | `<web_user>` you chose during the installation of T-Pot.           | | | CyberChef        | BasicAuth    | `<WEB_USER>`     | `<web_user>` you chose during the installation of T-Pot.           | | ||||||
|  | @ -209,7 +210,7 @@ Depending on the [supported Linux distro images](#choose-your-distro), hive / se | ||||||
| <br><br> | <br><br> | ||||||
| 
 | 
 | ||||||
| | T-Pot Type | RAM  | Storage   | Description                                                                                      | | | T-Pot Type | RAM  | Storage   | Description                                                                                      | | ||||||
| | :--------- | :--- | :-------- | :----------------------------------------------------------------------------------------------- | | |:-----------|:-----|:----------|:-------------------------------------------------------------------------------------------------| | ||||||
| | Hive       | 16GB | 256GB SSD | As a rule of thumb, the more honeypots, sensors & data, the more RAM and storage is needed.      | | | Hive       | 16GB | 256GB SSD | As a rule of thumb, the more honeypots, sensors & data, the more RAM and storage is needed.      | | ||||||
| | Sensor     | 8GB  | 128GB SSD | Since honeypot logs are persisted (~/tpotce/data) for 30 days, storage depends on attack volume. | | | Sensor     | 8GB  | 128GB SSD | Since honeypot logs are persisted (~/tpotce/data) for 30 days, storage depends on attack volume. | | ||||||
| 
 | 
 | ||||||
|  | @ -250,7 +251,7 @@ Some users report working installations on other clouds and hosters, i.e. Azure | ||||||
| Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the [T-Pot Architecture](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions. | Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the [T-Pot Architecture](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions. | ||||||
| 
 | 
 | ||||||
| | Port                                                                                                                                  | Protocol | Direction | Description                                                                                         | | | Port                                                                                                                                  | Protocol | Direction | Description                                                                                         | | ||||||
| | :------------------------------------------------------------------------------------------------------------------------------------ | :------- | :-------- | :-------------------------------------------------------------------------------------------------- | | |:--------------------------------------------------------------------------------------------------------------------------------------|:---------|:----------|:----------------------------------------------------------------------------------------------------| | ||||||
| | 80, 443                                                                                                                               | tcp      | outgoing  | T-Pot Management: Install, Updates, Logs (i.e. OS, GitHub, DockerHub, Sicherheitstacho, etc.        | | | 80, 443                                                                                                                               | tcp      | outgoing  | T-Pot Management: Install, Updates, Logs (i.e. OS, GitHub, DockerHub, Sicherheitstacho, etc.        | | ||||||
| | 11434                                                                                                                                 | tcp      | outgoing  | LLM based honeypots: Access your Ollama installation                                                | | | 11434                                                                                                                                 | tcp      | outgoing  | LLM based honeypots: Access your Ollama installation                                                | | ||||||
| | 64294                                                                                                                                 | tcp      | incoming  | T-Pot Management: Sensor data transmission to hive (through NGINX reverse proxy) to 127.0.0.1:64305 | | | 64294                                                                                                                                 | tcp      | incoming  | T-Pot Management: Sensor data transmission to hive (through NGINX reverse proxy) to 127.0.0.1:64305 | | ||||||
|  | @ -317,16 +318,16 @@ Once you are familiar with how things work you should choose a network you suspe | ||||||
| ## Choose your distro | ## Choose your distro | ||||||
| **Steps to Follow:** | **Steps to Follow:** | ||||||
| 
 | 
 | ||||||
| 1. Download a supported Linux distribution from the list below. | 1. Download a supported Linux distribution from the list below. (NOTE: Red Hat Enterprise Linux >= 8 is supported, but omitted from the list below due to its subscription-based nature. See [Red Hat Enterprise Linux](#red-hat-enterprise-linux) for details). | ||||||
| 2. During installation choose a **minimum**, **netinstall** or **server** version that will only install essential packages. | 2. During installation choose a **minimum**, **netinstall** or **server** version that will only install essential packages. | ||||||
| 3. **Never** install a graphical desktop environment such as Gnome or KDE. T-Pot will fail to work with it due to port conflicts.  | 3. **Never** install a graphical desktop environment such as Gnome or KDE. T-Pot will fail to work with it due to port conflicts.  | ||||||
| 4. Make sure to install SSH, so you can connect to the machine remotely. | 4. Make sure to install SSH, so you can connect to the machine remotely. | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| | Distribution Name                                                                  | x64                                                                                                                                   | arm64                                                                                                                                   | | | Distribution Name                                                                  | x64                                                                                                                                   | arm64                                                                                                                                   | | ||||||
| | :--------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------- | | |:-----------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------| | ||||||
| | [Alma Linux OS 9.6 Boot ISO](https://almalinux.org)                                | [download](https://repo.almalinux.org/almalinux/9.6/isos/x86_64/AlmaLinux-9.6-x86_64-boot.iso)                                        | [download](https://repo.almalinux.org/almalinux/9.6/isos/aarch64/AlmaLinux-9.6-aarch64-boot.iso)                                        | | | [Alma Linux OS 9.6 Boot ISO](https://almalinux.org)                                | [download](https://repo.almalinux.org/almalinux/9.6/isos/x86_64/AlmaLinux-9.6-x86_64-boot.iso)                                        | [download](https://repo.almalinux.org/almalinux/9.6/isos/aarch64/AlmaLinux-9.6-aarch64-boot.iso)                                        | | ||||||
| | [Debian 13 Network Install](https://www.debian.org/CD/netinst/index.en.html)       | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.0.0-amd64-netinst.iso)                                 | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-13.0.0-arm64-netinst.iso)                                   | | | [Debian 13 Network Install](https://www.debian.org/CD/netinst/index.en.html)       | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.1.0-amd64-netinst.iso)                                 | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-13.1.0-arm64-netinst.iso)                                   | | ||||||
| | [Fedora Server 42 Network Install](https://fedoraproject.org/server/download)      | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/iso/Fedora-Server-netinst-x86_64-42-1.1.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/aarch64/iso/Fedora-Server-netinst-aarch64-42-1.1.iso) | | | [Fedora Server 42 Network Install](https://fedoraproject.org/server/download)      | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/iso/Fedora-Server-netinst-x86_64-42-1.1.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/aarch64/iso/Fedora-Server-netinst-aarch64-42-1.1.iso) | | ||||||
| | [OpenSuse Tumbleweed Network Image](https://get.opensuse.org/tumbleweed/#download) | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso)                                   | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso)                      | | | [OpenSuse Tumbleweed Network Image](https://get.opensuse.org/tumbleweed/#download) | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso)                                   | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso)                      | | ||||||
| | [Rocky Linux OS 9.6 Boot ISO](https://rockylinux.org/download)                     | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.6-x86_64-minimal.iso)                                      | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.6-aarch64-minimal.iso)                                      | | | [Rocky Linux OS 9.6 Boot ISO](https://rockylinux.org/download)                     | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.6-x86_64-minimal.iso)                                      | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.6-aarch64-minimal.iso)                                      | | ||||||
|  | @ -336,7 +337,7 @@ Once you are familiar with how things work you should choose a network you suspe | ||||||
| 
 | 
 | ||||||
| ## Raspberry Pi 4 (8GB) Support | ## Raspberry Pi 4 (8GB) Support | ||||||
| | Distribution Name                                                | arm64                                                                                                                                               | | | Distribution Name                                                | arm64                                                                                                                                               | | ||||||
| | :--------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- | | |:-----------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------| | ||||||
| | [Raspberry Pi OS (**64Bit, Lite**)](https://www.raspberrypi.com) | [download](https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz) | | | [Raspberry Pi OS (**64Bit, Lite**)](https://www.raspberrypi.com) | [download](https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz) | | ||||||
| 
 | 
 | ||||||
| <br><br>  | <br><br>  | ||||||
|  | @ -381,6 +382,15 @@ To get things up and running just follow these steps: | ||||||
| 8. Start T-Pot: `docker compose up` or `docker compose up -d` if you want T-Pot to run in the background. | 8. Start T-Pot: `docker compose up` or `docker compose up -d` if you want T-Pot to run in the background. | ||||||
| 9. Stop T-Pot: `CTRL-C` (it if was running in the foreground) and / or `docker compose down -v` to stop T-Pot entirely. | 9. Stop T-Pot: `CTRL-C` (it if was running in the foreground) and / or `docker compose down -v` to stop T-Pot entirely. | ||||||
| 
 | 
 | ||||||
|  | ## Red Hat Enterprise Linux | ||||||
|  | 
 | ||||||
|  | Red Hat Enterprise Linux (RHEL) is a somewhat unique case in that: | ||||||
|  | 
 | ||||||
|  | 1. Connections to Red Hat repositories depend on a Red Hat subscription. You will not be able to update the OS or install new packages if the targeted machine is not subscribed. **If your server is not attached to a Red Hat subscription, installation will fail!**  | ||||||
|  | 2. Ansible is installed from a RHEL-specific repository by the installer. Do not attempt to install it from the upstream repositories.  | ||||||
|  | 3. Docker is installed from EPEL, which is installed by the installer script. Do not attempt to install it from the community installer script. | ||||||
|  | 2. T-Pot will only install successfully on RHEL >= 8. One of the convenience dependencies (`grc`) depends on Python 2, which was removed after RHEL 7. It is omitted from the RHEL installation of T-Pot. | ||||||
|  | 
 | ||||||
| ## Installation Types | ## Installation Types | ||||||
| 
 | 
 | ||||||
| ### Standard / Hive | ### Standard / Hive | ||||||
|  |  | ||||||
							
								
								
									
										55
									
								
								install.sh
									
									
									
									
									
								
							
							
						
						
									
										55
									
								
								install.sh
									
									
									
									
									
								
							|  | @ -27,6 +27,30 @@ validate_type() { | ||||||
|   } |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | rhel_version() { | ||||||
|  |   # special case for RHEL due to its complicated repo infrastructure | ||||||
|  |   # primarily used for EPEL repo selection | ||||||
|  |   # supports RHEL 7-10 | ||||||
|  |   myRHEL_VERSION=$(grep PLATFORM_ID /etc/os-release | cut -d ':' -f2 | grep -Eo '([0-9]{1,2})') | ||||||
|  |   if [ "$myRHEL_VERSION" -lt 7 ]; then | ||||||
|  |     echo "Error: RHEL < 7 not supported!" >&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  |   echo "$myRHEL_VERSION" | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | rhel_ansible_repo() { | ||||||
|  |   # rhel uses a dedicated repo for ansible that we need to enable through subscription-manager | ||||||
|  |   myRHEL_ANSIBLE_REPO=$(sudo subscription-manager repos --list \ | ||||||
|  |     | grep -E "ansible-automation-platform-[0-9]{1}\.[0-9]{1}-for-rhel-$(rhel_version)-x86_64-rpms" \ | ||||||
|  |     | awk -F':' '{print $2}' \ | ||||||
|  |     | tr -d ' ' \ | ||||||
|  |     | sort -nr \ | ||||||
|  |     | head -n 1 | ||||||
|  | ) | ||||||
|  |   echo "$myRHEL_ANSIBLE_REPO" | ||||||
|  | } | ||||||
|  | 
 | ||||||
| # Defaults | # Defaults | ||||||
| myQST="" | myQST="" | ||||||
| myTPOT_TYPE="" | myTPOT_TYPE="" | ||||||
|  | @ -78,6 +102,7 @@ myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env" | ||||||
| myPACKAGES_DEBIAN="ansible apache2-utils cracklib-runtime wget" | myPACKAGES_DEBIAN="ansible apache2-utils cracklib-runtime wget" | ||||||
| myPACKAGES_FEDORA="ansible cracklib httpd-tools wget" | myPACKAGES_FEDORA="ansible cracklib httpd-tools wget" | ||||||
| myPACKAGES_ROCKY="ansible-core ansible-collection-redhat-rhel_mgmt epel-release cracklib httpd-tools wget" | myPACKAGES_ROCKY="ansible-core ansible-collection-redhat-rhel_mgmt epel-release cracklib httpd-tools wget" | ||||||
|  | myPACKAGES_RHEL="ansible-core ansible-collection-redhat-rhel_mgmt cracklib httpd-tools wget"     | ||||||
| myPACKAGES_OPENSUSE="ansible apache2-utils cracklib wget" | myPACKAGES_OPENSUSE="ansible apache2-utils cracklib wget" | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | @ -99,12 +124,12 @@ if [ ${EUID} -eq 0 ]; | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| # Check if running on a supported distribution | # Check if running on a supported distribution | ||||||
| mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu") | mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Red Hat Enterprise Linux" "Rocky Linux" "Ubuntu") | ||||||
| myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"') | myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"') | ||||||
| 
 | 
 | ||||||
| if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; | if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; | ||||||
|   then |   then | ||||||
|     echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu." |     echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, RHEL, Rocky Linux and Ubuntu." | ||||||
|     echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms." |     echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms." | ||||||
|     echo |     echo | ||||||
|     exit 1 |     exit 1 | ||||||
|  | @ -122,8 +147,7 @@ if [[ -z "$myQST" ]]; then | ||||||
|     echo |     echo | ||||||
|   done |   done | ||||||
| fi | fi | ||||||
| if [ "${myQST}" = "n" ]; | if [ "${myQST}" = "n" ]; then | ||||||
|   then |  | ||||||
|     echo |     echo | ||||||
|     echo "### Aborting!" |     echo "### Aborting!" | ||||||
|     echo |     echo | ||||||
|  | @ -176,14 +200,35 @@ case ${myCURRENT_DISTRIBUTION} in | ||||||
|     sudo dnf -y --refresh install ${myPACKAGES_ROCKY} |     sudo dnf -y --refresh install ${myPACKAGES_ROCKY} | ||||||
|     ansible-galaxy collection install ansible.posix |     ansible-galaxy collection install ansible.posix | ||||||
|     ;; |     ;; | ||||||
|  |   "Red Hat Enterprise Linux") | ||||||
|  |     echo | ||||||
|  |     echo ${myINSTALL_NOTIFICATION} | ||||||
|  |     echo | ||||||
|  |     echo "RHEL detected - configuring version and Ansible repo strings" | ||||||
|  |     rhel_version | ||||||
|  |     rhel_ansible_repo | ||||||
|  |     sudo yum update | ||||||
|  |     # extra repo required for EPEL on RHEL | ||||||
|  |     sudo subscription-manager repos --enable codeready-builder-for-rhel-"$myRHEL_VERSION"-$(arch)-rpms | ||||||
|  |     # epel installer is not standard on RHEL | ||||||
|  |     sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-"$myRHEL_VERSION".noarch.rpm | ||||||
|  |     # ansible comes from rhel subscription manager | ||||||
|  |     sudo subscription-manager repos --enable "$myRHEL_ANSIBLE_REPO" | ||||||
|  |     sudo dnf -y --refresh install ${myPACKAGES_RHEL} | ||||||
|  |     ansible-galaxy collection install ansible.posix | ||||||
| esac | esac | ||||||
| echo | echo | ||||||
| 
 | 
 | ||||||
| # Define tag for Ansible | # Define tag for Ansible | ||||||
| myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux") | myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux" "Red Hat Enterprise Linux") | ||||||
| if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]]; | if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]]; | ||||||
|   then |   then | ||||||
|  |     # special case AGAIN, /etc/os-release doesn't match Ansible's tagging conventions | ||||||
|  |     if [[ "${myCURRENT_DISTRIBUTION}" == "Red Hat Enterprise Linux" ]]; then | ||||||
|  |       myANSIBLE_TAG="RedHat" | ||||||
|  |     else | ||||||
|       myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) |       myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) | ||||||
|  |     fi | ||||||
|   else |   else | ||||||
|     myANSIBLE_TAG=${myCURRENT_DISTRIBUTION} |     myANSIBLE_TAG=${myCURRENT_DISTRIBUTION} | ||||||
| fi | fi | ||||||
|  |  | ||||||
|  | @ -19,6 +19,7 @@ | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -31,6 +32,7 @@ | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -44,13 +46,14 @@ | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|     - name: Add python package (Alma, Fedora, Rocky) |     - name: Add python package (Alma, Fedora, RHEL, Rocky) | ||||||
|       raw: | |       raw: | | ||||||
|         dnf -y --refresh install python3 |         dnf -y --refresh install python3 | ||||||
|       when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "Rocky"] and my_python3.stdout | trim == "" |       when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] and my_python3.stdout | trim == "" | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Add python package (openSUSE Tumbleweed) |     - name: Add python package (openSUSE Tumbleweed) | ||||||
|  | @ -75,6 +78,7 @@ | ||||||
|     - "Fedora" |     - "Fedora" | ||||||
|     - "openSUSE Tumbleweed" |     - "openSUSE Tumbleweed" | ||||||
|     - "Raspbian" |     - "Raspbian" | ||||||
|  |     - "RedHat" | ||||||
|     - "Rocky" |     - "Rocky" | ||||||
|     - "Ubuntu" |     - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -93,8 +97,8 @@ | ||||||
| 
 | 
 | ||||||
|     - name: Check if supported distribution (All) |     - name: Check if supported distribution (All) | ||||||
|       assert: |       assert: | ||||||
|         that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |         that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|         fail_msg: "T-Pot is not supported on this plattform: {{ ansible_distribution }}." |         fail_msg: "T-Pot is not supported on this platform: {{ ansible_distribution }}." | ||||||
|         success_msg: "T-Pot will now install on {{ ansible_distribution }}." |         success_msg: "T-Pot will now install on {{ ansible_distribution }}." | ||||||
| 
 | 
 | ||||||
| ############################################################ | ############################################################ | ||||||
|  | @ -109,7 +113,7 @@ | ||||||
|   tasks: |   tasks: | ||||||
|     - name: Syncing clocks (All) |     - name: Syncing clocks (All) | ||||||
|       shell: "hwclock --hctosys" |       shell: "hwclock --hctosys" | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       ignore_errors: true |       ignore_errors: true | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|  | @ -117,6 +121,7 @@ | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -178,14 +183,15 @@ | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Download and install micro editor (AlmaLinux, openSUSE Tumbleweed, Rocky) |     - name: Download and install micro editor (AlmaLinux, openSUSE Tumbleweed, RHEL, Rocky) | ||||||
|       shell: "curl https://getmic.ro | bash && mv micro /usr/bin" |       shell: "curl https://getmic.ro | bash && mv micro /usr/bin" | ||||||
|       args: |       args: | ||||||
|         executable: /bin/bash |         executable: /bin/bash | ||||||
|       when: ansible_distribution in ["AlmaLinux", "openSUSE Tumbleweed", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "openSUSE Tumbleweed", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Install recommended packages (Fedora) |     - name: Install recommended packages (Fedora) | ||||||
|  | @ -255,7 +261,7 @@ | ||||||
|   become: true |   become: true | ||||||
| 
 | 
 | ||||||
|   tasks: |   tasks: | ||||||
|     - name: Remove distribution based Docker packages and podman-docker (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) |     - name: Remove distribution based Docker packages and podman-docker (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) | ||||||
|       package: |       package: | ||||||
|         name: |         name: | ||||||
|           - docker |           - docker | ||||||
|  | @ -267,12 +273,13 @@ | ||||||
|           - podman |           - podman | ||||||
|         state: absent |         state: absent | ||||||
|         update_cache: yes |         update_cache: yes | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -330,6 +337,16 @@ | ||||||
|       tags: |       tags: | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|      |      | ||||||
|  |     - name: Add Docker repository (RHEL) | ||||||
|  |       shell: | | ||||||
|  |         if [ "$(dnf repolist docker-ce-stable)" == "" ]; | ||||||
|  |           then | ||||||
|  |             dnf -y config-manager addrepo --from-repofile=https://download.docker.com/linux/rhel/docker-ce.repo | ||||||
|  |         fi | ||||||
|  |       when: ansible_distribution in ["RedHat"] | ||||||
|  |       tags: | ||||||
|  |         - "RedHat" | ||||||
|  | 
 | ||||||
|     - name: Add Docker repository (AlmaLinux, Rocky) |     - name: Add Docker repository (AlmaLinux, Rocky) | ||||||
|       shell: | |       shell: | | ||||||
|         if [ "$(dnf repolist docker-ce-stable)" == "" ]; |         if [ "$(dnf repolist docker-ce-stable)" == "" ]; | ||||||
|  | @ -368,7 +385,7 @@ | ||||||
|       tags: |       tags: | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
| 
 | 
 | ||||||
|     - name: Install Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) |     - name: Install Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) | ||||||
|       package: |       package: | ||||||
|         name: |         name: | ||||||
|           - docker-ce  |           - docker-ce  | ||||||
|  | @ -378,12 +395,13 @@ | ||||||
|           - docker-compose-plugin  |           - docker-compose-plugin  | ||||||
|         state: latest |         state: latest | ||||||
|         update_cache: yes |         update_cache: yes | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -392,13 +410,14 @@ | ||||||
|         name: docker |         name: docker | ||||||
|         state: stopped |         state: stopped | ||||||
|         enabled: false |         enabled: false | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -417,13 +436,14 @@ | ||||||
|         name: tpot |         name: tpot | ||||||
|         gid: 2000 |         gid: 2000 | ||||||
|         state: present |         state: present | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -435,13 +455,14 @@ | ||||||
|         shell: /bin/false |         shell: /bin/false | ||||||
|         home: /nonexistent |         home: /nonexistent | ||||||
|         group: tpot |         group: tpot | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -451,13 +472,14 @@ | ||||||
|         line: "vm.max_map_count=262144" |         line: "vm.max_map_count=262144" | ||||||
|         state: present |         state: present | ||||||
|         create: yes |         create: yes | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -478,32 +500,34 @@ | ||||||
|       tags: |       tags: | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|     - name: Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu) |     - name: Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, RHEL, Rocky, Ubuntu) | ||||||
|       ansible.builtin.replace: |       ansible.builtin.replace: | ||||||
|         path: /etc/ssh/sshd_config |         path: /etc/ssh/sshd_config | ||||||
|         regexp: '^(Port (?!64295$)[0-9]+)' |         regexp: '^(Port (?!64295$)[0-9]+)' | ||||||
|         replace: '# \1' |         replace: '# \1' | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|     - name: Change SSH Port to 64295 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) |     - name: Change SSH Port to 64295 (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) | ||||||
|       lineinfile: |       lineinfile: | ||||||
|         path: /etc/ssh/sshd_config |         path: /etc/ssh/sshd_config | ||||||
|         line: "Port 64295" |         line: "Port 64295" | ||||||
|         insertafter: EOF |         insertafter: EOF | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -516,76 +540,83 @@ | ||||||
|       tags: |       tags: | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
| 
 | 
 | ||||||
|     - name: Add T-Pot SSH port to Firewall (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) |     - name: Add T-Pot SSH port to Firewall (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) | ||||||
|       firewalld: |       firewalld: | ||||||
|         port: 64295/tcp |         port: 64295/tcp | ||||||
|         permanent: yes |         permanent: yes | ||||||
|         state: enabled |         state: enabled | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Set T-Pot default target to ACCEPT (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) |     - name: Set T-Pot default target to ACCEPT (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) | ||||||
|       firewalld: |       firewalld: | ||||||
|         zone: public |         zone: public | ||||||
|         target: ACCEPT |         target: ACCEPT | ||||||
|         permanent: yes |         permanent: yes | ||||||
|         state: enabled |         state: enabled | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Load kernel modules (AlmaLinux, Fedora, Rocky) |     - name: Load kernel modules (AlmaLinux, Fedora, RHEL, Rocky) | ||||||
|       command: modprobe -v iptable_filter |       command: modprobe -v iptable_filter | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Update iptables.conf (AlmaLinux, Fedora, Rocky) |     - name: Update iptables.conf (AlmaLinux, Fedora, RHEL, Rocky) | ||||||
|       lineinfile: |       lineinfile: | ||||||
|         path: /etc/modules-load.d/iptables.conf |         path: /etc/modules-load.d/iptables.conf | ||||||
|         line: iptable_filter |         line: iptable_filter | ||||||
|         create: yes |         create: yes | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Set SELinux config to permissive (AlmaLinux, Fedora, Rocky) |     - name: Set SELinux config to permissive (AlmaLinux, Fedora, RHEL, Rocky) | ||||||
|       lineinfile: |       lineinfile: | ||||||
|         path: /etc/selinux/config |         path: /etc/selinux/config | ||||||
|         regexp: '^SELINUX=' |         regexp: '^SELINUX=' | ||||||
|         line: 'SELINUX=permissive' |         line: 'SELINUX=permissive' | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Set SELinux to permissive (AlmaLinux, Fedora, Rocky) |     - name: Set SELinux to permissive (AlmaLinux, Fedora, RHEL, Rocky) | ||||||
|       command: "setenforce Permissive" |       command: "setenforce Permissive" | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Stop Resolved (Fedora, Ubuntu) |     - name: Stop Resolved (Fedora, RHEL, Ubuntu) | ||||||
|       service: |       service: | ||||||
|         name: systemd-resolved |         name: systemd-resolved | ||||||
|         state: stopped |         state: stopped | ||||||
|       when: ansible_distribution in ["Fedora", "Ubuntu"] |       when: ansible_distribution in ["Fedora", "RedHat", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|  |         - "RedHat" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|     - name: Copy resolved.conf to /etc/systemd (Fedora) |     - name: Copy resolved.conf to /etc/systemd (Fedora) | ||||||
|  | @ -597,6 +628,15 @@ | ||||||
|       tags: |       tags: | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
| 
 | 
 | ||||||
|  |     - name: Copy resolv.conf to /etc/systemd (RHEL) | ||||||
|  |       copy: | ||||||
|  |         src: /usr/lib/systemd/resolv.conf | ||||||
|  |         dest: /etc/systemd/resolv.conf | ||||||
|  |       when: ansible_distribution in ["RedHat"] | ||||||
|  |       ignore_errors: true | ||||||
|  |       tags: | ||||||
|  |         - "RedHat" | ||||||
|  | 
 | ||||||
|     - name: Modify DNSStubListener in resolved.conf (Fedora, Ubuntu) |     - name: Modify DNSStubListener in resolved.conf (Fedora, Ubuntu) | ||||||
|       lineinfile: |       lineinfile: | ||||||
|         path: /etc/systemd/resolved.conf |         path: /etc/systemd/resolved.conf | ||||||
|  | @ -618,44 +658,48 @@ | ||||||
|   become: true |   become: true | ||||||
| 
 | 
 | ||||||
|   tasks: |   tasks: | ||||||
|     - name: Start Resolved (Fedora, Ubuntu) |     - name: Start Resolved (Fedora, RHEL, Ubuntu) | ||||||
|       service: |       service: | ||||||
|         name: systemd-resolved |         name: systemd-resolved | ||||||
|         state: restarted |         state: restarted | ||||||
|       when: ansible_distribution in ["Fedora", "Ubuntu"] |       when: ansible_distribution in ["Fedora", "RedHat", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|  |         - "RedHat" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|     - name: Restart Firewalld (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) |     - name: Restart Firewalld (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) | ||||||
|       service: |       service: | ||||||
|         name: firewalld |         name: firewalld | ||||||
|         state: restarted |         state: restarted | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "Rocky" |  | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|  |         - "RedHat" | ||||||
|  |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Get Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) |     - name: Get Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) | ||||||
|       command: "firewall-cmd --list-all" |       command: "firewall-cmd --list-all" | ||||||
|       register: firewall_output |       register: firewall_output | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "Rocky" |  | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|  |         - "RedHat" | ||||||
|  |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Print Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) |     - name: Print Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) | ||||||
|       debug: |       debug: | ||||||
|         var: firewall_output.stdout_lines |         var: firewall_output.stdout_lines | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Enable Docker Engine upon boot (All) |     - name: Enable Docker Engine upon boot (All) | ||||||
|  | @ -663,13 +707,14 @@ | ||||||
|         name: docker |         name: docker | ||||||
|         state: restarted |         state: restarted | ||||||
|         enabled: true |         enabled: true | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -678,13 +723,14 @@ | ||||||
|         name: "{{ 'ssh' if ansible_distribution in ['Ubuntu'] else 'sshd' }}" |         name: "{{ 'ssh' if ansible_distribution in ['Ubuntu'] else 'sshd' }}" | ||||||
|         state: restarted |         state: restarted | ||||||
|         enabled: true |         enabled: true | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -702,6 +748,7 @@ | ||||||
|     - "Fedora" |     - "Fedora" | ||||||
|     - "openSUSE Tumbleweed" |     - "openSUSE Tumbleweed" | ||||||
|     - "Raspbian" |     - "Raspbian" | ||||||
|  |     - "RedHat" | ||||||
|     - "Rocky" |     - "Rocky" | ||||||
|     - "Ubuntu" |     - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -709,27 +756,28 @@ | ||||||
|     - name: Check for non-root user id (All) |     - name: Check for non-root user id (All) | ||||||
|       debug: |       debug: | ||||||
|         msg: "Detected user: '{{ ansible_user_id }}'" |         msg: "Detected user: '{{ ansible_user_id }}'" | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       failed_when: ansible_user_id == "root" |       failed_when: ansible_user_id == "root" | ||||||
| 
 | 
 | ||||||
|     - name: Add aliases (All) |     - name: Add aliases | ||||||
|       blockinfile: |       blockinfile: | ||||||
|         path: ~/.bashrc |         path: ~/.bashrc | ||||||
|         block: | |         block: | | ||||||
|           alias dps='grc --colour=on docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\\t{{'{{'}}.Status{{'}}'}}\\t{{'{{'}}.Ports{{'}}'}}" | sort' |           alias dps='{{ "grc --colour=on " if ansible_distribution != "RedHat" else "" }}docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\\t{{'{{'}}.Status{{'}}'}}\\t{{'{{'}}.Ports{{'}}'}}" | sort' | ||||||
|           alias dpsw='watch -c bash -ic dps' |           alias dpsw='watch -c bash -ic dps' | ||||||
|           alias mi='micro' |           alias mi='micro' | ||||||
|           alias sudo='sudo ' |           alias sudo='sudo ' | ||||||
|         marker: "# {mark} ANSIBLE MANAGED BLOCK" |         marker: "# {mark} ANSIBLE MANAGED BLOCK" | ||||||
|         insertafter: EOF |         insertafter: EOF | ||||||
|         state: present |         state: present | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -740,7 +788,7 @@ | ||||||
|         version: master |         version: master | ||||||
|         clone: yes |         clone: yes | ||||||
|         update: no |         update: no | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
| 
 | 
 | ||||||
|     - name: Add current user to Docker, T-Pot group (All) |     - name: Add current user to Docker, T-Pot group (All) | ||||||
|       become: true |       become: true | ||||||
|  | @ -750,7 +798,7 @@ | ||||||
|           - docker |           - docker | ||||||
|           - tpot |           - tpot | ||||||
|         append: yes |         append: yes | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
| 
 | 
 | ||||||
| ######################################## | ######################################## | ||||||
| # T-Pot - Install service and cron job # | # T-Pot - Install service and cron job # | ||||||
|  | @ -766,6 +814,7 @@ | ||||||
|     - "Fedora" |     - "Fedora" | ||||||
|     - "openSUSE Tumbleweed" |     - "openSUSE Tumbleweed" | ||||||
|     - "Raspbian" |     - "Raspbian" | ||||||
|  |     - "RedHat" | ||||||
|     - "Rocky" |     - "Rocky" | ||||||
|     - "Ubuntu" |     - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -779,7 +828,7 @@ | ||||||
|         group: root |         group: root | ||||||
|         mode: '0755' |         mode: '0755' | ||||||
|       notify: Reload systemd and enable service |       notify: Reload systemd and enable service | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
| 
 | 
 | ||||||
|   handlers: |   handlers: | ||||||
|     - name: Reload systemd and enable service |     - name: Reload systemd and enable service | ||||||
|  | @ -789,7 +838,7 @@ | ||||||
|         daemon_reload: yes |         daemon_reload: yes | ||||||
|         state: stopped |         state: stopped | ||||||
|         enabled: yes |         enabled: yes | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
| 
 | 
 | ||||||
| - name: T-Pot - Setup a randomized daily reboot | - name: T-Pot - Setup a randomized daily reboot | ||||||
|   hosts: all |   hosts: all | ||||||
|  | @ -801,6 +850,7 @@ | ||||||
|     - "Fedora" |     - "Fedora" | ||||||
|     - "openSUSE Tumbleweed" |     - "openSUSE Tumbleweed" | ||||||
|     - "Raspbian" |     - "Raspbian" | ||||||
|  |     - "RedHat" | ||||||
|     - "Rocky" |     - "Rocky" | ||||||
|     - "Ubuntu" |     - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -817,4 +867,4 @@ | ||||||
|         hour: "{{ random_hour }}" |         hour: "{{ random_hour }}" | ||||||
|         job: "bash -c 'systemctl stop tpot.service && docker container prune -f; docker image prune -f; docker volume prune -f; /usr/sbin/shutdown -r +1 \"T-Pot Daily Reboot\"'" |         job: "bash -c 'systemctl stop tpot.service && docker container prune -f; docker image prune -f; docker volume prune -f; /usr/sbin/shutdown -r +1 \"T-Pot Daily Reboot\"'" | ||||||
|         state: present |         state: present | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|  |  | ||||||
|  | @ -17,6 +17,7 @@ | ||||||
|     - "Fedora" |     - "Fedora" | ||||||
|     - "openSUSE Tumbleweed" |     - "openSUSE Tumbleweed" | ||||||
|     - "Raspbian" |     - "Raspbian" | ||||||
|  |     - "RedHat" | ||||||
|     - "Rocky" |     - "Rocky" | ||||||
|     - "Ubuntu" |     - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -35,7 +36,7 @@ | ||||||
| 
 | 
 | ||||||
|     - name: Check if supported distribution (All) |     - name: Check if supported distribution (All) | ||||||
|       assert: |       assert: | ||||||
|         that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |         that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|         fail_msg: "T-Pot uninstall is not supported on this plattform: {{ ansible_distribution }}." |         fail_msg: "T-Pot uninstall is not supported on this plattform: {{ ansible_distribution }}." | ||||||
|         success_msg: "T-Pot will now be removed from {{ ansible_distribution }}." |         success_msg: "T-Pot will now be removed from {{ ansible_distribution }}." | ||||||
| 
 | 
 | ||||||
|  | @ -53,6 +54,7 @@ | ||||||
|     - "Fedora" |     - "Fedora" | ||||||
|     - "openSUSE Tumbleweed" |     - "openSUSE Tumbleweed" | ||||||
|     - "Raspbian" |     - "Raspbian" | ||||||
|  |     - "RedHat" | ||||||
|     - "Rocky" |     - "Rocky" | ||||||
|     - "Ubuntu" |     - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -62,7 +64,7 @@ | ||||||
|         name: "T-Pot Daily Reboot" |         name: "T-Pot Daily Reboot" | ||||||
|         user: root |         user: root | ||||||
|         state: absent |         state: absent | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
| 
 | 
 | ||||||
| - name: Remove T-Pot systemd service | - name: Remove T-Pot systemd service | ||||||
|   hosts: all |   hosts: all | ||||||
|  | @ -74,6 +76,7 @@ | ||||||
|     - "Fedora" |     - "Fedora" | ||||||
|     - "openSUSE Tumbleweed" |     - "openSUSE Tumbleweed" | ||||||
|     - "Raspbian" |     - "Raspbian" | ||||||
|  |     - "RedHat" | ||||||
|     - "Rocky" |     - "Rocky" | ||||||
|     - "Ubuntu" |     - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -84,14 +87,14 @@ | ||||||
|         state: stopped |         state: stopped | ||||||
|         enabled: no |         enabled: no | ||||||
|       ignore_errors: yes |       ignore_errors: yes | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
| 
 | 
 | ||||||
|     - name: Remove systemd service file for tpot |     - name: Remove systemd service file for tpot | ||||||
|       ansible.builtin.file: |       ansible.builtin.file: | ||||||
|         path: '/etc/systemd/system/tpot.service' |         path: '/etc/systemd/system/tpot.service' | ||||||
|         state: absent |         state: absent | ||||||
|       notify: Reload systemd |       notify: Reload systemd | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
| 
 | 
 | ||||||
|   handlers: |   handlers: | ||||||
|     - name: Reload systemd |     - name: Reload systemd | ||||||
|  | @ -113,6 +116,7 @@ | ||||||
|     - "Fedora" |     - "Fedora" | ||||||
|     - "openSUSE Tumbleweed" |     - "openSUSE Tumbleweed" | ||||||
|     - "Raspbian" |     - "Raspbian" | ||||||
|  |     - "RedHat" | ||||||
|     - "Rocky" |     - "Rocky" | ||||||
|     - "Ubuntu" |     - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -124,7 +128,7 @@ | ||||||
|         marker: "# {mark} ANSIBLE MANAGED BLOCK" |         marker: "# {mark} ANSIBLE MANAGED BLOCK" | ||||||
|         state: absent |         state: absent | ||||||
|       become: false |       become: false | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
| 
 | 
 | ||||||
| ########################################################## | ########################################################## | ||||||
| # T-Pot - Restore configs, remove users and groups, etc. # | # T-Pot - Restore configs, remove users and groups, etc. # | ||||||
|  | @ -147,50 +151,53 @@ | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|     - name: Revert SELinux config to enforcing (AlmaLinux, Fedora, Rocky) |     - name: Revert SELinux config to enforcing (AlmaLinux, Fedora, RHEL, Rocky) | ||||||
|       lineinfile: |       lineinfile: | ||||||
|         path: /etc/selinux/config |         path: /etc/selinux/config | ||||||
|         regexp: '^SELINUX=' |         regexp: '^SELINUX=' | ||||||
|         line: 'SELINUX=enforcing' |         line: 'SELINUX=enforcing' | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Remove iptables.conf file (AlmaLinux, Fedora, Rocky) |     - name: Remove iptables.conf file (AlmaLinux, Fedora, RHEL, Rocky) | ||||||
|       file: |       file: | ||||||
|         path: /etc/modules-load.d/iptables.conf |         path: /etc/modules-load.d/iptables.conf | ||||||
|         state: absent |         state: absent | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) |     - name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) | ||||||
|       firewalld: |       firewalld: | ||||||
|         zone: public |         zone: public | ||||||
|         target: DROP |         target: DROP | ||||||
|         permanent: yes |         permanent: yes | ||||||
|         state: enabled |         state: enabled | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) |     - name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) | ||||||
|       firewalld: |       firewalld: | ||||||
|         port: 22/tcp |         port: 22/tcp | ||||||
|         permanent: yes |         permanent: yes | ||||||
|         state: enabled |         state: enabled | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] |       when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
| 
 | 
 | ||||||
|     - name: Remove port.conf file to revert SSH to default port (openSUSE Tumbleweed) |     - name: Remove port.conf file to revert SSH to default port (openSUSE Tumbleweed) | ||||||
|  | @ -201,32 +208,34 @@ | ||||||
|       tags: |       tags: | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
| 
 | 
 | ||||||
|     - name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) |     - name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) | ||||||
|       lineinfile: |       lineinfile: | ||||||
|         path: /etc/ssh/sshd_config |         path: /etc/ssh/sshd_config | ||||||
|         line: "Port 64295" |         line: "Port 64295" | ||||||
|         state: absent |         state: absent | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "RedHat", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|     - name: Revert Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu) |     - name: Revert Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, RHEL, Rocky, Ubuntu) | ||||||
|       ansible.builtin.replace: |       ansible.builtin.replace: | ||||||
|         path: /etc/ssh/sshd_config |         path: /etc/ssh/sshd_config | ||||||
|         regexp: '^# (Port (?!22$)[0-9]+)' |         regexp: '^# (Port (?!22$)[0-9]+)' | ||||||
|         replace: '\1' |         replace: '\1' | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -235,13 +244,14 @@ | ||||||
|         path: /etc/sysctl.conf |         path: /etc/sysctl.conf | ||||||
|         line: "vm.max_map_count=262144" |         line: "vm.max_map_count=262144" | ||||||
|         state: absent |         state: absent | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -249,13 +259,14 @@ | ||||||
|       user: |       user: | ||||||
|         name: tpot |         name: tpot | ||||||
|         state: absent |         state: absent | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -263,13 +274,14 @@ | ||||||
|       group: |       group: | ||||||
|         name: tpot |         name: tpot | ||||||
|         state: absent |         state: absent | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|  | @ -298,7 +310,7 @@ | ||||||
|       tags: |       tags: | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
| 
 | 
 | ||||||
|     - name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) |     - name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) | ||||||
|       package: |       package: | ||||||
|         name: |         name: | ||||||
|           - docker-ce |           - docker-ce | ||||||
|  | @ -307,7 +319,7 @@ | ||||||
|           - docker-buildx-plugin |           - docker-buildx-plugin | ||||||
|           - docker-compose-plugin |           - docker-compose-plugin | ||||||
|         state: absent |         state: absent | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|  | @ -320,12 +332,13 @@ | ||||||
|       file: |       file: | ||||||
|         path: /var/lib/docker |         path: /var/lib/docker | ||||||
|         state: absent |         state: absent | ||||||
|       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] |       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Debian" |         - "Debian" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|         - "openSUSE Tumbleweed" |         - "openSUSE Tumbleweed" | ||||||
|  |         - "RedHat" | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
|  | @ -350,7 +363,7 @@ | ||||||
|         - "Raspbian" |         - "Raspbian" | ||||||
|         - "Ubuntu" |         - "Ubuntu" | ||||||
| 
 | 
 | ||||||
|     - name: Remove Docker repository (AlmaLinux, Rocky) |     - name: Remove Docker repository (AlmaLinux, RHEL, Rocky) | ||||||
|       file: |       file: | ||||||
|         path: /etc/yum.repos.d/docker-ce.repo |         path: /etc/yum.repos.d/docker-ce.repo | ||||||
|         state: absent |         state: absent | ||||||
|  | @ -358,4 +371,5 @@ | ||||||
|       tags: |       tags: | ||||||
|         - "AlmaLinux" |         - "AlmaLinux" | ||||||
|         - "Fedora" |         - "Fedora" | ||||||
|  |         - "RedHat" | ||||||
|         - "Rocky" |         - "Rocky" | ||||||
|  |  | ||||||
							
								
								
									
										13
									
								
								uninstall.sh
									
									
									
									
									
								
							
							
						
						
									
										13
									
								
								uninstall.sh
									
									
									
									
									
								
							|  | @ -23,12 +23,12 @@ if [ ${EUID} -eq 0 ]; | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| # Check if running on a supported distribution | # Check if running on a supported distribution | ||||||
| mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu") | mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Red Hat Enterprise Linux" "Rocky Linux" "Ubuntu") | ||||||
| myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"') | myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"') | ||||||
| 
 | 
 | ||||||
| if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; | if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; | ||||||
|   then |   then | ||||||
|     echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu." |     echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, RHEL, Rocky Linux and Ubuntu." | ||||||
|     echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms." |     echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms." | ||||||
|     echo |     echo | ||||||
|     exit 1 |     exit 1 | ||||||
|  | @ -54,13 +54,18 @@ if [ "${myQST}" = "n" ]; | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| # Define tag for Ansible | # Define tag for Ansible | ||||||
| myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux") | myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux" "Red Hat Enterprise Linux") | ||||||
| if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]]; | if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]]; | ||||||
|   then |   then | ||||||
|  |     # special case AGAIN, /etc/os-release doesn't match Ansible's tagging conventions | ||||||
|  |     if [[ "${myCURRENT_DISTRIBUTION}" == "Red Hat Enterprise Linux" ]]; then | ||||||
|  |       myANSIBLE_TAG="RedHat" | ||||||
|  |     else | ||||||
|       myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) |       myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) | ||||||
|  |     fi | ||||||
|   else |   else | ||||||
|     myANSIBLE_TAG=${myCURRENT_DISTRIBUTION} |     myANSIBLE_TAG=${myCURRENT_DISTRIBUTION} | ||||||
| fi |   fi | ||||||
| 
 | 
 | ||||||
| # Check type of sudo access | # Check type of sudo access | ||||||
| if myANSIBLE_TAG="Debian"; | if myANSIBLE_TAG="Debian"; | ||||||
|  |  | ||||||
							
								
								
									
										50
									
								
								update.sh
									
									
									
									
									
								
							
							
						
						
									
										50
									
								
								update.sh
									
									
									
									
									
								
							|  | @ -53,6 +53,7 @@ function fuCHECKINET () { | ||||||
| function fuSELFUPDATE () { | function fuSELFUPDATE () { | ||||||
| 	echo | 	echo | ||||||
| 	echo "### Now checking for newer files in repository ..." | 	echo "### Now checking for newer files in repository ..." | ||||||
|  | 	echo "### T-Pot... TPOT_TYPE is set to: $myTPOT_TYPE" | ||||||
| 	git fetch --all | 	git fetch --all | ||||||
| 	myREMOTESTAT=$(git status | grep -c "up-to-date") | 	myREMOTESTAT=$(git status | grep -c "up-to-date") | ||||||
| 	if [ "$myREMOTESTAT" != "0" ]; | 	if [ "$myREMOTESTAT" != "0" ]; | ||||||
|  | @ -67,13 +68,31 @@ function fuSELFUPDATE () { | ||||||
| 	    echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE" | 	    echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE" | ||||||
| 	    git reset --hard | 	    git reset --hard | ||||||
| 	    git pull --force | 	    git pull --force | ||||||
| 	    exec ./update.sh -y | 		# check if myTPOT_TYPE is set | ||||||
| 	    exit 1 | 		if [ -z "$myTPOT_TYPE" ]; then | ||||||
|  | 			exec ./update.sh | ||||||
|  | 		else | ||||||
|  |         	exec ./update.sh -y $myTPOT_TYPE | ||||||
|  | 		fi | ||||||
| 	else | 	else | ||||||
| 	    echo "###### $myBLUE""Pulling updates from repository.""$myWHITE" | 	    echo "###### $myBLUE""Pulling updates from repository.""$myWHITE" | ||||||
| 	    git reset --hard | 	    git reset --hard | ||||||
| 	    git pull --force | 	    git pull --force | ||||||
| 	fi | 	fi | ||||||
|  | 	if [ -z "$myTPOT_TYPE" ]; then | ||||||
|  | 		echo | ||||||
|  | 	else | ||||||
|  | 		grep -q "^TPOT_TYPE=" .env && sed -i "s/^TPOT_TYPE=.*/TPOT_TYPE=${myTPOT_TYPE}/" .env | ||||||
|  | 		echo "### T-Pot type set to: $myTPOT_TYPE in .env" | ||||||
|  | 		if [ "$myTPOT_TYPE" == "SENSOR" ]; then | ||||||
|  | 			echo "### Copying compose/sensor.yml to docker-compose.yml" | ||||||
|  | 			cp compose/sensor.yml docker-compose.yml | ||||||
|  | 		else | ||||||
|  | 			echo | ||||||
|  | 		fi | ||||||
|  | 	fi | ||||||
|  | 	exit 1 | ||||||
|  | 
 | ||||||
| 	echo | 	echo | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -194,6 +213,19 @@ function fuRESTORE () { | ||||||
| 	sed -i "s/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/" $HOME/tpotce/.env | 	sed -i "s/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/" $HOME/tpotce/.env | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | function fuREADTPOT_TYPE () { | ||||||
|  | 	if [ -f .env ]; then | ||||||
|  | 		# reads the TPOT_TYPE from the .env file | ||||||
|  | 		myTPOT_TYPE=$(grep -E '^TPOT_TYPE=' .env | cut -d '=' -f2) | ||||||
|  | 		# Verify if TPOT_TYPE is set | ||||||
|  | 		if [ -z "$myTPOT_TYPE" ]; then | ||||||
|  | 			myTPOT_TYPE="HIVE" | ||||||
|  | 		fi | ||||||
|  | 	else | ||||||
|  | 		myTPOT_TYPE="HIVE" | ||||||
|  | 	fi | ||||||
|  | } | ||||||
|  | 
 | ||||||
| ################ | ################ | ||||||
| # Main section # | # Main section # | ||||||
| ################ | ################ | ||||||
|  | @ -211,11 +243,23 @@ if [ "$1" != "-y" ]; then | ||||||
|   exit |   exit | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
|  | # if exists second argument, use it as T-Pot type, only if SENSOR or HIVE | ||||||
|  | if [ -n "$2" ]; then | ||||||
|  |   if [[ "$2" == "SENSOR" || "$2" == "HIVE" ]]; then | ||||||
|  | 	myTPOT_TYPE="$2" | ||||||
|  |   else | ||||||
|  | 	myTPOT_TYPE="HIVE" | ||||||
|  |   fi | ||||||
|  | else | ||||||
|  |   myTPOT_TYPE="HIVE" | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | fuREADTPOT_TYPE | ||||||
| fuCHECK_VERSION | fuCHECK_VERSION | ||||||
| fuCHECKINET "https://index.docker.io https://github.com" | fuCHECKINET "https://index.docker.io https://github.com" | ||||||
| fuSTOP_TPOT | fuSTOP_TPOT | ||||||
| fuBACKUP | fuBACKUP | ||||||
| fuSELFUPDATE "$0" "$@" | fuSELFUPDATE "$0" "$@" "$myTPOT_TYPE" | ||||||
| fuUPDATER | fuUPDATER | ||||||
| fuRESTORE | fuRESTORE | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue