Merge 50beeef63a into 3372a23eb2

- adding support for latest Elastic Stack

docker/elk/elasticsearch/Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
-ENV ES_VER=8.17.5
+ENV ES_VER=8.18.1
 #
 # Include dist
 COPY dist/ /root/dist/

docker/elk/elasticsearch/dist/elasticsearch.yml

@@ -11,5 +11,5 @@ http.host: 0.0.0.0
 http.cors.enabled: true
 http.cors.allow-origin: "*"
 indices.query.bool.max_clause_count: 2000
-cluster.routing.allocation.disk.watermark.enable_for_single_data_node: true
+#cluster.routing.allocation.disk.watermark.enable_for_single_data_node: true
 discovery.type: single-node

docker/elk/kibana/Dockerfile

@@ -1,5 +1,5 @@
 FROM node:20.18.2-alpine3.20
-ENV KB_VER=8.17.5
+ENV KB_VER=8.18.1
 #
 # Include dist
 COPY dist/ /root/dist/

docker/elk/logstash/Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
-ENV LS_VER=8.17.5
+ENV LS_VER=8.18.1
 #
 # Include dist
 COPY dist/ /root/dist/

docker/nginx/builder/esvue/Dockerfile

@@ -1,17 +1,19 @@
 ### elasticvue build is currently broken, issue has been opened https://github.com/cars10/elasticvue/issues/215
 ### in the meantime we are using the older dist, if not resolved we need to find a different solution
-FROM node:20-alpine AS builder
+FROM node:22.5.1-alpine AS builder
 #
 # Prep and build Elasticvue 
 RUN apk -U --no-cache add git && \
-    git clone https://github.com/cars10/elasticvue -b v1.1.0 /opt/src && \
+    git clone https://github.com/cars10/elasticvue -b v1.7.0 /opt/src && \
 # We need to adjust consts.ts so the user has connection suggestion for reverse proxied ES
     sed -i "s#export const DEFAULT_CLUSTER_URI = 'http://localhost:9200'#export const DEFAULT_CLUSTER_URI = window.location.origin + '/es'#g" /opt/src/src/consts.ts && \
     sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/index.html && \
     mkdir /opt/app && \
     cd /opt/app && \
+    corepack enable && \
     cp /opt/src/package.json . && \
     cp /opt/src/yarn.lock . && \
+    cp /opt/src/.yarnrc.yml . && \
     yarn install && \
     cp -R /opt/src/* . && \
     export VITE_APP_BUILD_MODE=docker && \

docker/nginx/docker-compose.yml

@@ -20,7 +20,7 @@ services:
       #    ports:
       #     - "64297:64297"
       #     - "127.0.0.1:64304:64304"
-    image: "dtagdevsec/nginx:24.04"
+    image: "ghcr.io/telekom-security/nginx:24.04.1"
     read_only: true
     volumes:
      - $HOME/tpotce/data/nginx/cert/:/etc/nginx/cert/:ro

docker/tpotinit/dist/bin/genuser.sh

@@ -13,6 +13,9 @@ __        __   _     _   _  [ T-Pot ]
 EOF
 )
 
+# Add trap to ensure SIGINT, SIGTERM works
+trap 'echo; echo; echo "# User interrupt. Exiting."; exit 1' SIGINT
+
 # Generate T-Pot WebUser
 echo "$myPW"
 echo

genuser.sh

@@ -1,2 +1,13 @@
 #!/usr/bin/env bash
-docker run -v $HOME/tpotce:/data --entrypoint bash -it -u $(id -u):$(id -g) dtagdevsec/tpotinit:24.04.1 "/opt/tpot/bin/genuser.sh"
+TPOT_REPO=$(grep -E "^TPOT_REPO" .env | cut -d "=" -f2-)
+TPOT_VERSION=$(grep -E "^TPOT_VERSION" .env | cut -d "=" -f2-)
+USER=$(id -u)
+USERNAME=$(id -un)
+GROUP=$(id -g)
+echo "### Repository:        ${TPOT_REPO}"
+echo "### Version Tag:       ${TPOT_VERSION}"
+echo "### Your User Name:    ${USERNAME}"
+echo "### Your User ID:      ${USER}"
+echo "### Your Group ID:     ${GROUP}"
+echo
+docker run -v $HOME/tpotce:/data --entrypoint "bash" -it -u "${USER}":"${GROUP}" "${TPOT_REPO}"/tpotinit:"${TPOT_VERSION}" "/opt/tpot/bin/genuser.sh"

install.sh

@@ -1,5 +1,67 @@
 #!/usr/bin/env bash
 
+
+print_help() {
+  echo "Usage: $0 [-s y|n] [-t h|s|l|i|m|t] -u <webuser name> -p <password for web user>"
+  echo "  -s: yes or no (optional)"
+  echo "  -t: h (host),s (sensor), l (llm), i(mini),m(mobile),t(tarpit) (optional)"
+  echo "  -u: web username (optional)"
+  echo "  -p: password for web user (optional)"
+  exit 1
+}
+
+validate_s() {
+  if [[ -n "$myQST" ]]; then
+    if [[ "$myQST" =~ ^[yYnN]$ ]]; then
+      return 1 # Valid
+    else
+      print_help
+    fi
+  else
+    print_help
+  fi
+
+}
+
+validate_t() {
+  if [[ -n "$myTPOT_TYPE" ]]; then
+    if [[ "$myTPOT_TYPE" =~ ^[hslimtHSLIMT]$ ]]; then
+      return 1 # Valid
+    else
+      print_help
+    fi
+  else
+    print_help
+  fi
+
+}
+
+while getopts ":s:t:u:p:" opt; do
+  case "$opt" in
+  s)
+    myQST="${OPTARG}"
+    validate_s
+    ;;
+  t)
+    myTPOT_TYPE="${OPTARG}"
+    validate_t
+    ;;
+  u)
+    export myWEB_USER="${OPTARG}"
+    ;;
+  p)
+    export myWEB_PW="${OPTARG}"
+    ;;
+  :)
+    echo "Option -${OPTARG} requires an argument."
+    print_help
+    exit 1
+    ;;
+  \?)
+    print_help
+    ;;
+  esac
+done
 myINSTALL_NOTIFICATION="### Now installing required packages ..."
 myUSER=$(whoami)
 myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env"
@@ -43,12 +105,13 @@ echo "$myINSTALLER"
 echo
 echo
 echo "### This script will now install T-Pot and all of its dependencies."
-while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ];
-  do
+if [[ -z "$myQST" ]]; then
+  while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ]; do
     echo
     read -p "### Install? (y/n) " myQST
     echo
   done
+fi
 if [ "${myQST}" = "n" ];
   then
     echo
@@ -183,7 +246,10 @@ echo "###            Feed data endlessly to attackers, bots and scanners."
 echo "###            Also runs a Denial of Service Honeypot (ddospot)."
 echo
 while true; do
-  read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE
+  if [[ -z "$myTPOT_TYPE" ]]; then
+    read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE
+  fi  
+  
   case "${myTPOT_TYPE}" in
     h|H)
       echo
@@ -234,75 +300,71 @@ done
 if [ "${myTPOT_TYPE}" == "HIVE" ];
   # If T-Pot Type is HIVE ask for WebUI username and password
   then
-	# Preparing web user for T-Pot
-	echo
-	echo "### T-Pot User Configuration ..."
-	echo
-	# Asking for web user name
-	myWEB_USER=""
-	while [ 1 != 2 ];
-	  do
-	    myOK=""
-	    read -rp "### Enter your web user name: " myWEB_USER
-	    myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-")
-	    echo "### Your username is: ${myWEB_USER}"
-	    while [[ ! "${myOK}" =~ [YyNn] ]];
-	      do
-	        read -rp "### Is this correct? (y/n) " myOK
-	      done
-	    if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ];
-	      then
-	        break
-	      else
-	        echo
-	    fi
-	  done
+  # Preparing web user for T-Pot
+  echo
+  echo "### T-Pot User Configuration ..."
+  echo
+  # Asking for web user name
+  if [[ -z "$myWEB_USER" ]]; then
+    myWEB_USER=""
+    while [ 1 != 2 ]; do
+      myOK=""
+      read -rp "### Enter your web user name: " myWEB_USER
+      myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-")
+      echo "### Your username is: ${myWEB_USER}"
+      while [[ ! "${myOK}" =~ [YyNn] ]]; do    
+        read -rp "### Is this correct? (y/n) " myOK
+      done
+      if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ]; then
+        break
+      else
+        echo
+      fi
+    done
+  fi
 
-	# Asking for web user password
-	myWEB_PW="pass1"
-	myWEB_PW2="pass2"
-	mySECURE=0
-	myOK=""
-	while [ "${myWEB_PW}" != "${myWEB_PW2}"  ] && [ "${mySECURE}" == "0" ]
-	  do
-	    echo
-	    while [ "${myWEB_PW}" == "pass1"  ] || [ "${myWEB_PW}" == "" ]
-	      do
-	        read -rsp "### Enter password for your web user: " myWEB_PW
-	        echo
-	      done
-	    read -rsp "### Repeat password you your web user: " myWEB_PW2
-	    echo
-	    if [ "${myWEB_PW}" != "${myWEB_PW2}" ];
-	      then
-	        echo "### Passwords do not match."
-	        myWEB_PW="pass1"
-	        myWEB_PW2="pass2"
-	    fi
-	    mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK")
-	    if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ];
-	      then
-	        while [[ ! "${myOK}" =~ [YyNn] ]];
-	          do
-	            read -rp "### Keep insecure password? (y/n) " myOK
-	          done
-	        if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ];
-	          then
-	            myWEB_PW="pass1"
-	            myWEB_PW2="pass2"
-	            mySECURE=0
-	            myOK=""
-	        fi
-	    fi
-	done
+  # Asking for web user password
+  if [[ -z "$myWEB_PW" ]]; then
+    myWEB_PW="pass1"
+    myWEB_PW2="pass2"
+    mySECURE=0
+    myOK=""
+    while [ "${myWEB_PW}" != "${myWEB_PW2}" ] && [ "${mySECURE}" == "0" ]; do
+      echo
+      while [ "${myWEB_PW}" == "pass1" ] || [ "${myWEB_PW}" == "" ]; do
+        read -rsp "### Enter password for your web user: " myWEB_PW
+        echo
+      done
+      read -rsp "### Repeat password you your web user: " myWEB_PW2
+      echo
+      if [ "${myWEB_PW}" != "${myWEB_PW2}" ]; then
+        echo "### Passwords do not match."
+        myWEB_PW="pass1"
+        myWEB_PW2="pass2"
+      fi
+      mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK")
+      if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ]; then
+        while [[ ! "${myOK}" =~ [YyNn] ]]; do
+          read -rp "### Keep insecure password? (y/n) " myOK
+        done
+        if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ]; then
+          myWEB_PW="pass1"
+          myWEB_PW2="pass2"
+          mySECURE=0
+          myOK=""
+        fi
+      fi
+    done
+  fi
 
-	# Write username and password to T-Pot config file
-	echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"
-	myWEB_USER_ENC=$(htpasswd -b -n "${myWEB_USER}" "${myWEB_PW}")
+
+  # Write username and password to T-Pot config file
+  echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"
+  myWEB_USER_ENC=$(htpasswd -b -n "${myWEB_USER}" "${myWEB_PW}")
     myWEB_USER_ENC_B64=$(echo -n "${myWEB_USER_ENC}" | base64 -w0)
     
-	echo
-	sed -i "s|^WEB_USER=.*|WEB_USER=${myWEB_USER_ENC_B64}|" ${myTPOT_CONF_FILE}
+  echo
+  sed -i "s|^WEB_USER=.*|WEB_USER=${myWEB_USER_ENC_B64}|" ${myTPOT_CONF_FILE}
 fi
 
 # Pull docker images