Merge 50beeef63a into c556d02a30

update issue templates
fixes #1807 via 93048e724a
2025-10-30 03:52:54 +00:00 · 2025-07-02 19:55:34 +02:00 · 2025-07-02 19:41:32 +02:00 · 2025-07-02 15:04:37 +02:00 · 2025-06-30 16:06:45 +02:00 · 2025-03-15 10:26:32 +07:00
10 changed files with 167 additions and 90 deletions
--- a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md
+++ b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md
@ -10,10 +10,10 @@ assignees: ''
 # Successfully raise an issue
 Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.

- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions)
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
+- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first
+- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general.
+- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md).
+- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
 - **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>

 # ⚠️ Basic support information (commands are expected to run as `root`)
--- a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md
+++ b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md
@ -10,10 +10,10 @@ assignees: ''
 # Successfully raise an issue
 Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.

- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions)
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
+- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first
+- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general.
+- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md).
+- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
 - **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>

 # ⚠️ Basic support information (commands are expected to run as `root`)
--- a/docker/elk/docker-compose.yml
+++ b/docker/elk/docker-compose.yml
@ -22,7 +22,7 @@ services:
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:24.04"
+    image: "ghcr.io/telekom-security/elasticsearch:24.04.1"
    volumes:
     - $HOME/tpotce/data:/data

@ -38,7 +38,7 @@ services:
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:24.04"
+    image: "ghcr.io/telekom-security/kibana:24.04.1"

 ## Logstash service
  logstash:
@ -50,7 +50,7 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
-    image: "dtagdevsec/logstash:24.04"
+    image: "ghcr.io/telekom-security/logstash:24.04.1"
    volumes:
     - $HOME/tpotce/data:/data
 #     - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf
@ -63,7 +63,7 @@ services:
    tty: true
    ports:
      - "127.0.0.1:6379:6379"
-    image: "dtagdevsec/redis:24.04"
+    image: "ghcr.io/telekom-security/redis:24.04.1"
    read_only: true

 # Map Web Service
@ -77,7 +77,7 @@ services:
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
-    image: "dtagdevsec/map:24.04"
+    image: "ghcr.io/telekom-security/map:24.04.1"
    depends_on:
     - map_redis

@ -89,6 +89,6 @@ services:
     - MAP_COMMAND=DataServer_v2.py
    stop_signal: SIGKILL
    tty: true
-    image: "dtagdevsec/map:24.04"
+    image: "ghcr.io/telekom-security/map:24.04.1"
    depends_on:
     - map_redis
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
-ENV ES_VER=8.18.2
+ENV ES_VER=8.18.3
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@ -1,5 +1,5 @@
-FROM node:20.18.2-alpine3.20
-ENV KB_VER=8.18.2
+FROM node:20.19.2-alpine3.20
+ENV KB_VER=8.18.3
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
-ENV LS_VER=8.18.2
+ENV LS_VER=8.18.3
 #
 # Include dist
 COPY dist/ /root/dist/
@ -42,6 +42,7 @@ RUN apt-get update -y && \
    cp tpot-template.json /etc/logstash/ && \
    cd /usr/share/logstash && \
    bin/logstash-plugin update logstash-filter-translate && \
+	bin/logstash-plugin install logstash-output-syslog && \
    rm /etc/logstash/pipelines.yml && \
    rm /etc/logstash/logstash.yml && \
 #
--- a/docker/elk/logstash/dist/http_input.conf
+++ b/docker/elk/logstash/dist/http_input.conf
@ -17,5 +17,12 @@ output {
    template => "/etc/logstash/tpot-template.json"
    template_overwrite => "true"
  }
-
+  # Syslog Output Example
+  # syslog {
+  #   host => "192.168.1.1"
+  #   port => 514
+  #   protocol => tcp
+  #   appname => "logstash-logs"
+  #   severity => "6"
+  # }
 }
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -816,7 +816,14 @@ output {
    template => "/etc/logstash/tpot-template.json"
    template_overwrite => "true"
  }
-
+  # Syslog Output Example
+  # syslog {
+  #   host => "192.168.1.1"
+  #   port => 514
+  #   protocol => tcp
+  #   appname => "logstash-logs"
+  #   severity => "6"
+  # }
  #if [type] == "Suricata" {
  #    file {
  #      file_mode => 0770
--- a/docker/ewsposter/Dockerfile
+++ b/docker/ewsposter/Dockerfile
@ -33,8 +33,8 @@ RUN apk --no-cache -U upgrade && \
 			xmljson && \
 #
 # Setup ewsposter
-    git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \
-#    git clone https://github.com/telekom-security/ewsposter -b v1.32 /opt/ewsposter && \
+#    git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \
+    git clone https://github.com/telekom-security/ewsposter -b v1.33 /opt/ewsposter && \
    mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \
 #
 # Setup user and groups
--- a/install.sh
+++ b/install.sh
@ -1,5 +1,67 @@
 #!/usr/bin/env bash

+
+print_help() {
+  echo "Usage: $0 [-s y|n] [-t h|s|l|i|m|t] -u <webuser name> -p <password for web user>"
+  echo "  -s: yes or no (optional)"
+  echo "  -t: h (host),s (sensor), l (llm), i(mini),m(mobile),t(tarpit) (optional)"
+  echo "  -u: web username (optional)"
+  echo "  -p: password for web user (optional)"
+  exit 1
+}
+
+validate_s() {
+  if [[ -n "$myQST" ]]; then
+    if [[ "$myQST" =~ ^[yYnN]$ ]]; then
+      return 1 # Valid
+    else
+      print_help
+    fi
+  else
+    print_help
+  fi
+
+}
+
+validate_t() {
+  if [[ -n "$myTPOT_TYPE" ]]; then
+    if [[ "$myTPOT_TYPE" =~ ^[hslimtHSLIMT]$ ]]; then
+      return 1 # Valid
+    else
+      print_help
+    fi
+  else
+    print_help
+  fi
+
+}
+
+while getopts ":s:t:u:p:" opt; do
+  case "$opt" in
+  s)
+    myQST="${OPTARG}"
+    validate_s
+    ;;
+  t)
+    myTPOT_TYPE="${OPTARG}"
+    validate_t
+    ;;
+  u)
+    export myWEB_USER="${OPTARG}"
+    ;;
+  p)
+    export myWEB_PW="${OPTARG}"
+    ;;
+  :)
+    echo "Option -${OPTARG} requires an argument."
+    print_help
+    exit 1
+    ;;
+  \?)
+    print_help
+    ;;
+  esac
+done
 myINSTALL_NOTIFICATION="### Now installing required packages ..."
 myUSER=$(whoami)
 myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env"
@ -43,12 +105,13 @@ echo "$myINSTALLER"
 echo
 echo
 echo "### This script will now install T-Pot and all of its dependencies."
-while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ];
-  do
+if [[ -z "$myQST" ]]; then
+  while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ]; do
    echo
    read -p "### Install? (y/n) " myQST
    echo
  done
+fi
 if [ "${myQST}" = "n" ];
  then
    echo
@ -183,7 +246,10 @@ echo "###            Feed data endlessly to attackers, bots and scanners."
 echo "###            Also runs a Denial of Service Honeypot (ddospot)."
 echo
 while true; do
-  read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE
+  if [[ -z "$myTPOT_TYPE" ]]; then
+    read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE
+  fi  
+  
  case "${myTPOT_TYPE}" in
    h|H)
      echo
@ -234,75 +300,71 @@ done
 if [ "${myTPOT_TYPE}" == "HIVE" ];
  # If T-Pot Type is HIVE ask for WebUI username and password
  then
-	# Preparing web user for T-Pot
-	echo
-	echo "### T-Pot User Configuration ..."
-	echo
-	# Asking for web user name
-	myWEB_USER=""
-	while [ 1 != 2 ];
-	  do
-	    myOK=""
-	    read -rp "### Enter your web user name: " myWEB_USER
-	    myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-")
-	    echo "### Your username is: ${myWEB_USER}"
-	    while [[ ! "${myOK}" =~ [YyNn] ]];
-	      do
-	        read -rp "### Is this correct? (y/n) " myOK
-	      done
-	    if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ];
-	      then
-	        break
-	      else
-	        echo
-	    fi
-	  done
+  # Preparing web user for T-Pot
+  echo
+  echo "### T-Pot User Configuration ..."
+  echo
+  # Asking for web user name
+  if [[ -z "$myWEB_USER" ]]; then
+    myWEB_USER=""
+    while [ 1 != 2 ]; do
+      myOK=""
+      read -rp "### Enter your web user name: " myWEB_USER
+      myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-")
+      echo "### Your username is: ${myWEB_USER}"
+      while [[ ! "${myOK}" =~ [YyNn] ]]; do    
+        read -rp "### Is this correct? (y/n) " myOK
+      done
+      if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ]; then
+        break
+      else
+        echo
+      fi
+    done
+  fi

-	# Asking for web user password
-	myWEB_PW="pass1"
-	myWEB_PW2="pass2"
-	mySECURE=0
-	myOK=""
-	while [ "${myWEB_PW}" != "${myWEB_PW2}"  ] && [ "${mySECURE}" == "0" ]
-	  do
-	    echo
-	    while [ "${myWEB_PW}" == "pass1"  ] || [ "${myWEB_PW}" == "" ]
-	      do
-	        read -rsp "### Enter password for your web user: " myWEB_PW
-	        echo
-	      done
-	    read -rsp "### Repeat password you your web user: " myWEB_PW2
-	    echo
-	    if [ "${myWEB_PW}" != "${myWEB_PW2}" ];
-	      then
-	        echo "### Passwords do not match."
-	        myWEB_PW="pass1"
-	        myWEB_PW2="pass2"
-	    fi
-	    mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK")
-	    if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ];
-	      then
-	        while [[ ! "${myOK}" =~ [YyNn] ]];
-	          do
-	            read -rp "### Keep insecure password? (y/n) " myOK
-	          done
-	        if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ];
-	          then
-	            myWEB_PW="pass1"
-	            myWEB_PW2="pass2"
-	            mySECURE=0
-	            myOK=""
-	        fi
-	    fi
-	done
+  # Asking for web user password
+  if [[ -z "$myWEB_PW" ]]; then
+    myWEB_PW="pass1"
+    myWEB_PW2="pass2"
+    mySECURE=0
+    myOK=""
+    while [ "${myWEB_PW}" != "${myWEB_PW2}" ] && [ "${mySECURE}" == "0" ]; do
+      echo
+      while [ "${myWEB_PW}" == "pass1" ] || [ "${myWEB_PW}" == "" ]; do
+        read -rsp "### Enter password for your web user: " myWEB_PW
+        echo
+      done
+      read -rsp "### Repeat password you your web user: " myWEB_PW2
+      echo
+      if [ "${myWEB_PW}" != "${myWEB_PW2}" ]; then
+        echo "### Passwords do not match."
+        myWEB_PW="pass1"
+        myWEB_PW2="pass2"
+      fi
+      mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK")
+      if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ]; then
+        while [[ ! "${myOK}" =~ [YyNn] ]]; do
+          read -rp "### Keep insecure password? (y/n) " myOK
+        done
+        if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ]; then
+          myWEB_PW="pass1"
+          myWEB_PW2="pass2"
+          mySECURE=0
+          myOK=""
+        fi
+      fi
+    done
+  fi

-	# Write username and password to T-Pot config file
-	echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"
-	myWEB_USER_ENC=$(htpasswd -b -n "${myWEB_USER}" "${myWEB_PW}")
+
+  # Write username and password to T-Pot config file
+  echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"
+  myWEB_USER_ENC=$(htpasswd -b -n "${myWEB_USER}" "${myWEB_PW}")
    myWEB_USER_ENC_B64=$(echo -n "${myWEB_USER_ENC}" | base64 -w0)
    
-	echo
-	sed -i "s|^WEB_USER=.*|WEB_USER=${myWEB_USER_ENC_B64}|" ${myTPOT_CONF_FILE}
+  echo
+  sed -i "s|^WEB_USER=.*|WEB_USER=${myWEB_USER_ENC_B64}|" ${myTPOT_CONF_FILE}
 fi

 # Pull docker images
Author	SHA1	Message	Date
M Rizky Satrio	2b56cc3e1e	Merge `50beeef63a` into `c556d02a30`	2025-07-02 19:55:34 +02:00
t3chn0m4g3	c556d02a30	update issue templates	2025-07-02 19:41:32 +02:00
t3chn0m4g3	2f0a9f7f49	fixes #1807 via `93048e724a` thanks to @trixam 🚀❤️	2025-07-02 15:04:37 +02:00
t3chn0m4g3	175e1944c2	Bump Elastic Stack to 8.18.3 - Logstash: include syslog output plugin and config example	2025-06-30 16:06:45 +02:00
rsatrio	50beeef63a	feat: flags in install.sh for silent installation	2025-03-15 10:26:32 +07:00