Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-10-14 04:19:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Compare commits

base: Alex-Devera:663b509e903dfb4c6f1fdcf3d97e917b5ff796c7
Branches Tags
Alex-Devera:master
Alex-Devera:dependabot/github_actions/dot-github/workflows/lycheeverse/lychee-action-2.0.2
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10
..
compare: Alex-Devera:4c4056c4898f38b133e856cd9265419cac39dd86
Branches Tags
Alex-Devera:master
Alex-Devera:dependabot/github_actions/dot-github/workflows/lycheeverse/lychee-action-2.0.2
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10

8 commits
663b509e90 ... 4c4056c489

Author SHA1 Message Date
t3chn0m4g3
4c4056c489 add 24.04 tag for removal 2024-12-10 17:50:29 +01:00
t3chn0m4g3
99aae57e59 correct rocky version 2024-12-10 16:00:00 +01:00
t3chn0m4g3
da151150e5 add more installation types 2024-12-10 15:50:42 +01:00
t3chn0m4g3
743dcdae95 Update ISO download links 2024-12-10 15:50:03 +01:00
t3chn0m4g3
e8dc0c9c3d set vm.max_map_count, fixes #1618 2024-12-10 15:48:17 +01:00
t3chn0m4g3
1d3cc7cd4a set .env to 24.04.1 2024-12-10 14:11:52 +01:00
t3chn0m4g3
d7c26b49ed update elk objects 2024-12-10 14:05:00 +01:00
t3chn0m4g3
ca40bab5ee update version tag to 24.04.1 2024-12-10 10:37:24 +01:00
10 changed files with 76 additions and 13 deletions
Show stats Expand all files Collapse all files

4
.env
View file

@ -126,7 +126,7 @@ BEELZEBUB_OLLAMA_MODEL: "openchat"
# GALAH_LLM_CLOUD_PROJECT: "" # GALAH_LLM_CLOUD_PROJECT: ""
GALAH_LLM_PROVIDER: "ollama" GALAH_LLM_PROVIDER: "ollama"
GALAH_LLM_SERVER_URL: "http://ollama.local:11434" GALAH_LLM_SERVER_URL: "http://ollama.local:11434"
GALAH_LLM_MODEL: "llama3" GALAH_LLM_MODEL: "llama3.1"
################################################################################### ###################################################################################
@ -149,7 +149,7 @@ TPOT_DOCKER_COMPOSE=./docker-compose.yml
TPOT_REPO=dtagdevsec TPOT_REPO=dtagdevsec
# T-Pot Version Tag # T-Pot Version Tag
TPOT_VERSION=24.04 TPOT_VERSION=24.04.1
# T-Pot Pull Policy # T-Pot Pull Policy
# always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry. # always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.

16
README.md
View file

@ -323,14 +323,14 @@ Once you are familiar with how things work you should choose a network you suspe
4. Make sure to install SSH, so you can connect to the machine remotely. 4. Make sure to install SSH, so you can connect to the machine remotely.
| Distribution Name | x64 | arm64 | | Distribution Name | x64 | arm64 |
| :--------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------- | | :--------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------- |
| [Alma Linux OS 9.4 Boot ISO](https://almalinux.org) | [download](https://repo.almalinux.org/almalinux/9.4/isos/x86_64/AlmaLinux-9.4-x86_64-boot.iso) | [download](https://repo.almalinux.org/almalinux/9.4/isos/aarch64/AlmaLinux-9.4-aarch64-boot.iso) | | [Alma Linux OS 9.5 Boot ISO](https://almalinux.org) | [download](https://repo.almalinux.org/almalinux/9.5/isos/x86_64/AlmaLinux-9.5-x86_64-boot.iso) | [download](https://repo.almalinux.org/almalinux/9.5/isos/aarch64/AlmaLinux-9.5-aarch64-boot.iso) |
| [Debian 12 Network Install](https://www.debian.org/CD/netinst/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.8.0-amd64-netinst.iso) | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.8.0-arm64-netinst.iso) | | [Debian 12 Network Install](https://www.debian.org/CD/netinst/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.8.0-amd64-netinst.iso) | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.8.0-arm64-netinst.iso) |
| [Fedora Server 40 Network Install](https://fedoraproject.org/server/download) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/40/Server/x86_64/iso/Fedora-Server-netinst-x86_64-40-1.14.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/40/Server/aarch64/iso/Fedora-Server-netinst-aarch64-40-1.14.iso) | | [Fedora Server 41 Network Install](https://fedoraproject.org/server/download) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/iso/Fedora-Server-netinst-x86_64-41-1.4.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/41/Server/aarch64/iso/Fedora-Server-netinst-aarch64-41-1.4.iso) |
| [OpenSuse Tumbleweed Network Image](https://get.opensuse.org/tumbleweed/#download) | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso) | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso) | | [OpenSuse Tumbleweed Network Image](https://get.opensuse.org/tumbleweed/#download) | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso) | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso) |
| [Rocky Linux OS 9.4 Boot ISO](https://rockylinux.org/download) | [download](https://download.rockylinux.org/pub/rocky/9.4/isos/x86_64/Rocky-9.4-x86_64-boot.iso) | [download](https://download.rockylinux.org/pub/rocky/9.4/isos/aarch64/Rocky-9.4-aarch64-boot.iso) | | [Rocky Linux OS 9.5 Boot ISO](https://rockylinux.org/download) | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.5-x86_64-minimal.iso) | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.5-aarch64-minimal.iso) |
| [Ubuntu 24.04.1 Live Server](https://ubuntu.com/download/server) | [download](https://releases.ubuntu.com/24.04/ubuntu-24.04.1-live-server-amd64.iso) | [download](https://cdimage.ubuntu.com/releases/24.04/release/ubuntu-24.04.1-live-server-arm64.iso) | | [Ubuntu 24.04.1 Live Server](https://ubuntu.com/download/server) | [download](https://releases.ubuntu.com/24.04/ubuntu-24.04.1-live-server-amd64.iso) | [download](https://cdimage.ubuntu.com/releases/24.04/release/ubuntu-24.04.1-live-server-arm64.iso) |
<br> <br>

2
docker/_builder/.env
View file

@ -15,7 +15,7 @@ TPOT_DOCKER_REPO=dtagdevsec
TPOT_GHCR_REPO=ghcr.io/telekom-security TPOT_GHCR_REPO=ghcr.io/telekom-security
# T-Pot Version Tag # T-Pot Version Tag
TPOT_VERSION=testing TPOT_VERSION=24.04.1
# T-Pot platforms (architectures) # T-Pot platforms (architectures)
# Most docker features are available on linux # Most docker features are available on linux

BIN
docker/tpotinit/dist/etc/objects/elkbase.tgz vendored
View file

Binary file not shown.

BIN
docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip vendored
View file

Binary file not shown.

2
env.example
View file

@ -149,7 +149,7 @@ TPOT_DOCKER_COMPOSE=./docker-compose.yml
TPOT_REPO=dtagdevsec TPOT_REPO=dtagdevsec
# T-Pot Version Tag # T-Pot Version Tag
TPOT_VERSION=24.04 TPOT_VERSION=24.04.1
# T-Pot Pull Policy # T-Pot Pull Policy
# always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry. # always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.

32
install.sh
View file

@ -171,10 +171,19 @@ echo "### (H)ive - T-Pot Standard / HIVE installation."
echo "### Includes also everything you need for a distributed setup with sensors." echo "### Includes also everything you need for a distributed setup with sensors."
echo "### (S)ensor - T-Pot Sensor installation." echo "### (S)ensor - T-Pot Sensor installation."
echo "### Optimized for a distributed installation, without WebUI, Elasticsearch and Kibana." echo "### Optimized for a distributed installation, without WebUI, Elasticsearch and Kibana."
echo "### (L)LM - T-Pot LLM installation."
echo "### Uses LLM based honeypots Beelzebub & Galah."
echo "### Requires Ollama (recommended) or ChatGPT subscription."
echo "### M(i)ni - T-Pot Mini installation."
echo "### Run 30+ honeypots with just a couple of honeypot daemons."
echo "### (M)obile - T-Pot Mobile installation." echo "### (M)obile - T-Pot Mobile installation."
echo "### Includes everything to run T-Pot Mobile (available separately)." echo "### Includes everything to run T-Pot Mobile (available separately)."
echo "### (T)arpit - T-Pot Tarpit installation."
echo "### Feed data endlessly to attackers, bots and scanners."
echo "### Also runs a Denial of Service Honeypot (ddospot)."
echo
while true; do while true; do
read -p "### Install Type? (h/s/m) " myTPOT_TYPE read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE
case "${myTPOT_TYPE}" in case "${myTPOT_TYPE}" in
h|H) h|H)
echo echo
@ -191,6 +200,20 @@ while true; do
myINFO="### Make sure to deploy SSH keys to this SENSOR and disable SSH password authentication. myINFO="### Make sure to deploy SSH keys to this SENSOR and disable SSH password authentication.
### On HIVE run the tpotce/deploy.sh script to join this SENSOR to the HIVE." ### On HIVE run the tpotce/deploy.sh script to join this SENSOR to the HIVE."
break ;; break ;;
l|L)
echo
echo "### Installing T-Pot LLM."
myTPOT_TYPE="HIVE"
cp ${HOME}/tpotce/compose/llm.yml ${HOME}/tpotce/docker-compose.yml
myINFO="Make sure to adjust the T-Pot config file (.env) for Ollama / ChatGPT settings."
break ;;
i|I)
echo
echo "### Installing T-Pot Mini."
myTPOT_TYPE="HIVE"
cp ${HOME}/tpotce/compose/mini.yml ${HOME}/tpotce/docker-compose.yml
myINFO=""
break ;;
m|M) m|M)
echo echo
echo "### Installing T-Pot Mobile." echo "### Installing T-Pot Mobile."
@ -198,6 +221,13 @@ while true; do
cp ${HOME}/tpotce/compose/mobile.yml ${HOME}/tpotce/docker-compose.yml cp ${HOME}/tpotce/compose/mobile.yml ${HOME}/tpotce/docker-compose.yml
myINFO="" myINFO=""
break ;; break ;;
t|T)
echo
echo "### Installing T-Pot Tarpit."
myTPOT_TYPE="HIVE"
cp ${HOME}/tpotce/compose/tarpit.yml ${HOME}/tpotce/docker-compose.yml
myINFO=""
break ;;
esac esac
done done

16
installer/install/tpot.yml
View file

@ -477,6 +477,22 @@
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
- name: Ensure vm.max_map_count is set (All)
lineinfile:
path: /etc/sysctl.conf
line: "vm.max_map_count=262144"
state: present
create: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "Rocky"
- "Ubuntu"
- name: Disable ssh.socket unit (Ubuntu) - name: Disable ssh.socket unit (Ubuntu)
systemd: systemd:
name: ssh.socket name: ssh.socket

15
installer/remove/tpot.yml
View file

@ -215,6 +215,21 @@
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
- name: Remove vm.max_map_count setting (All)
lineinfile:
path: /etc/sysctl.conf
line: "vm.max_map_count=262144"
state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "Rocky"
- "Ubuntu"
- name: Remove T-Pot user (All) - name: Remove T-Pot user (All)
user: user:
name: tpot name: tpot

2
update.sh
View file

@ -167,6 +167,8 @@ function fuUPDATER () {
fuPULLIMAGES fuPULLIMAGES
fuREMOVEOLDIMAGES "dtagdevsec/*:dev" fuREMOVEOLDIMAGES "dtagdevsec/*:dev"
fuREMOVEOLDIMAGES "ghcr.io/telekom-security/*:dev" fuREMOVEOLDIMAGES "ghcr.io/telekom-security/*:dev"
fuREMOVEOLDIMAGES "dtagdevsec/*:24.04"
fuREMOVEOLDIMAGES "ghcr.io/telekom-security/*:24.04"
echo echo
echo "### If you made changes to docker-compose.yml please ensure to add them again." echo "### If you made changes to docker-compose.yml please ensure to add them again."
echo "### We stored the previous version as backup in $myARCHIVE." echo "### We stored the previous version as backup in $myARCHIVE."