Merge cbcf7871ec into 39193ecd98

docker/elk/elasticsearch/Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
-ENV ES_VER=8.19.2
+ENV ES_VER=9.2.3
 #
 # Include dist
 COPY dist/ /root/dist/

docker/elk/kibana/Dockerfile

@@ -1,5 +1,5 @@
-FROM node:22.17.1-alpine3.22
-ENV KB_VER=8.19.2
+FROM node:22.21.1-alpine3.23
+ENV KB_VER=9.2.3
 #
 # Include dist
 COPY dist/ /root/dist/

docker/elk/logstash/Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
-ENV LS_VER=8.19.2
+ENV LS_VER=9.2.3
 #
 # Include dist
 COPY dist/ /root/dist/

docker/nginx/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.23
 #
 # Include dist
 COPY dist/ /root/dist/

docker/nginx/builder/cyberchef/Dockerfile

@@ -1,4 +1,3 @@
-#FROM node:17.9.0-alpine3.15 as builder
 FROM node:18-alpine as builder
 #
 # Prep and build Cyberchef

docker/nginx/builder/esvue/Dockerfile

@@ -1,24 +1,22 @@
 ### elasticvue build is currently broken, issue has been opened https://github.com/cars10/elasticvue/issues/215
 ### in the meantime we are using the older dist, if not resolved we need to find a different solution
-FROM node:22.5.1-alpine AS builder
+FROM node:22.21.1-alpine AS builder
 #
 # Prep and build Elasticvue 
 RUN apk -U --no-cache add git && \
-    git clone https://github.com/cars10/elasticvue -b v1.7.0 /opt/src && \
+    git clone https://github.com/cars10/elasticvue -b v1.11.1 /opt/src && \
 # We need to adjust consts.ts so the user has connection suggestion for reverse proxied ES
     sed -i "s#export const DEFAULT_CLUSTER_URI = 'http://localhost:9200'#export const DEFAULT_CLUSTER_URI = window.location.origin + '/es'#g" /opt/src/src/consts.ts && \
     sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/index.html && \
     mkdir /opt/app && \
     cd /opt/app && \
-    corepack enable && \
     cp /opt/src/package.json . && \
-    cp /opt/src/yarn.lock . && \
-    cp /opt/src/.yarnrc.yml . && \
-    yarn install && \
+    cp /opt/src/package-lock.json . && \
+    npm install && \
     cp -R /opt/src/* . && \
     export VITE_APP_BUILD_MODE=docker && \
     export VITE_APP_PUBLIC_PATH="/elasticvue/" && \
-    yarn build && \
+    npm run build && \
     cd dist && \
     tar cvfz esvue.tgz *
 #    

docker/tpotinit/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.23
 #
 # Include dist
 COPY dist/ /opt/tpot/

docker/tpotinit/dist/bin/backup_es_folders.sh

@@ -1,48 +1,14 @@
 #!/bin/bash
 
-if [ "$1" == "" ] || [ "$1" != "all" ] && [ "$1" != "base" ];
-  then
-    echo "Usage: backup_es_folders [all, base]"
-    echo "       all  = backup all ES folder"
-    echo "       base = backup only Kibana index".
-    echo
-    exit
-fi
-
-# Backup all ES relevant folders
-# Make sure ES is available
-myES="http://127.0.0.1:64298/"
-myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
-if ! [ "$myESSTATUS" = "1" ]
-  then
-    echo "### Elasticsearch is not available."
-    exit
-  else
-    echo "### Elasticsearch is available, now continuing."
-    echo
-fi
-
 # Set vars
 myDATE=$(date +%Y%m%d%H%M)
 myPATH=$PWD
 myELKPATH="data/elk/data"
-myKIBANAINDEXNAMES=$(curl -s -XGET ''$myES'_cat/indices/.kibana_*?v&s=index&h=uuid' | tail -n +2)
-#echo $myKIBANAINDEXNAMES
-for i in $myKIBANAINDEXNAMES;
-  do
-    myKIBANAINDEXPATHS="$myKIBANAINDEXPATHS $myELKPATH/indices/$i"
-done
 
-# Backup DB in 2 flavors
+# Backup ES
 cd $HOME/tpotce
 
 echo "### Now backing up Elasticsearch folders ..."
-if [ "$1" == "all" ];
-  then
-    tar cvfz $myPATH"/elkall_"$myDATE".tgz" $myELKPATH
-elif [ "$1" == "base" ];
-  then
-    tar cvfz $myPATH"/elkbase_"$myDATE".tgz" $myKIBANAINDEXPATHS
-fi
+tar cvfz $myPATH"/elkall_"$myDATE".tgz" $myELKPATH
 
 cd $myPATH

docker/tpotinit/dist/bin/backup_kibana_config.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Backup all Kibana objects
+# Make sure Kibana is available
+myKIBANA="http://127.0.0.1:64296"
+myKIBANASTATUS=$(curl -s -f -o /dev/null "${myKIBANA}/api/status")
+if ! [ "$?" = "0" ]
+  then
+    echo "### Kibana is not available."
+    exit
+  else
+    echo "### Kibana is available, now continuing."
+    echo
+fi
+
+# Export Kibana config
+myDATE=$(date +%Y%m%d%H%M)
+echo "### Exporting Kibana config."
+curl -X POST "${myKIBANA}/api/saved_objects/_export" \
+  -H "kbn-xsrf: true" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "type": "*",
+    "excludeExportDetails": true
+  }' \
+  -o kibana_export.ndjson
+
+echo
+echo "### Zipping Kibana config."
+zip kibana_export.ndjson.zip kibana_export.ndjson
+
+echo
+echo "### Moving Kibana config and zip to ../etc/objects/"
+mv kibana_export.* ../etc/objects

docker/tpotinit/dist/entrypoint.sh

@@ -264,6 +264,7 @@ if [ -f "/data/uuid" ];
   else
     figlet "Setting up ..."
     figlet "T-Pot: ${TPOT_VERSION}"
+    myFIRSTRUN="true"
     echo
     echo "# Setting up data folder structure ..."
     echo
@@ -285,9 +286,8 @@ if [ -f "/data/uuid" ];
     echo
     create_web_users
     echo
-    echo "# Extracting objects, final touches and permissions ..."
+    echo "# Final touches and permissions ..."
     echo
-    tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C /
     uuidgen > /data/uuid
 fi
 
@@ -370,6 +370,26 @@ figlet "T-Pot: ${TPOT_VERSION}"
 echo
 touch /tmp/success
 
+# We need to push objects to Kibana if this is a Hive and a fresh install
+if [ "${myFIRSTRUN}" == "true" ] && [ "${TPOT_TYPE}" == "HIVE" ];
+  then
+    myKIBANA_URL="http://127.0.0.1:64296"
+    myKIBANA_CONFIG="/opt/tpot/etc/objects/export.ndjson"
+
+    # Wait for Kibana to be available
+    until curl -s -f -o /dev/null "{$myKIBANA_URL}/api/status"; do
+      echo "# Waiting for Kibana to upload config..."
+      sleep 2
+    done
+
+    # Upload Kibana config
+    echo "# Now uploading config to Kibana."
+    curl -X POST "http://127.0.0.1:64296/api/saved_objects/_import?overwrite=true" \
+      -H "kbn-xsrf: true" \
+      --form file=@/opt/tpot/etc/objects/kibana_export.ndjson
+    echo "# Kibana config has been uploaded."
+fi
+
 # We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
 # Start autoheal if running on a supported os
 if [ "${TPOT_OSTYPE}" == "linux" ];

update.sh

@@ -53,6 +53,7 @@ function fuCHECKINET () {
 function fuSELFUPDATE () {
 	echo
 	echo "### Now checking for newer files in repository ..."
+	echo "### T-Pot... TPOT_TYPE is set to: $myTPOT_TYPE"
 	git fetch --all
 	myREMOTESTAT=$(git status | grep -c "up-to-date")
 	if [ "$myREMOTESTAT" != "0" ];
@@ -67,13 +68,31 @@ function fuSELFUPDATE () {
 	    echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE"
 	    git reset --hard
 	    git pull --force
-	    exec ./update.sh -y
-	    exit 1
-	  else
+		# check if myTPOT_TYPE is set
+		if [ -z "$myTPOT_TYPE" ]; then
+			exec ./update.sh
+		else
+        	exec ./update.sh -y $myTPOT_TYPE
+		fi
+	else
 	    echo "###### $myBLUE""Pulling updates from repository.""$myWHITE"
 	    git reset --hard
 	    git pull --force
 	fi
+	if [ -z "$myTPOT_TYPE" ]; then
+		echo
+	else
+		grep -q "^TPOT_TYPE=" .env && sed -i "s/^TPOT_TYPE=.*/TPOT_TYPE=${myTPOT_TYPE}/" .env
+		echo "### T-Pot type set to: $myTPOT_TYPE in .env"
+		if [ "$myTPOT_TYPE" == "SENSOR" ]; then
+			echo "### Copying compose/sensor.yml to docker-compose.yml"
+			cp compose/sensor.yml docker-compose.yml
+		else
+			echo
+		fi
+	fi
+	exit 1
+
 	echo
 }
 
@@ -194,6 +213,19 @@ function fuRESTORE () {
 	sed -i "s/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/" $HOME/tpotce/.env
 }
 
+function fuREADTPOT_TYPE () {
+	if [ -f .env ]; then
+		# reads the TPOT_TYPE from the .env file
+		myTPOT_TYPE=$(grep -E '^TPOT_TYPE=' .env | cut -d '=' -f2)
+		# Verify if TPOT_TYPE is set
+		if [ -z "$myTPOT_TYPE" ]; then
+			myTPOT_TYPE="HIVE"
+		fi
+	else
+		myTPOT_TYPE="HIVE"
+	fi
+}
+
 ################
 # Main section #
 ################
@@ -211,11 +243,23 @@ if [ "$1" != "-y" ]; then
   exit
 fi
 
+# if exists second argument, use it as T-Pot type, only if SENSOR or HIVE
+if [ -n "$2" ]; then
+  if [[ "$2" == "SENSOR" || "$2" == "HIVE" ]]; then
+	myTPOT_TYPE="$2"
+  else
+	myTPOT_TYPE="HIVE"
+  fi
+else
+  myTPOT_TYPE="HIVE"
+fi
+
+fuREADTPOT_TYPE
 fuCHECK_VERSION
 fuCHECKINET "https://index.docker.io https://github.com"
 fuSTOP_TPOT
 fuBACKUP
-fuSELFUPDATE "$0" "$@"
+fuSELFUPDATE "$0" "$@" "$myTPOT_TYPE"
 fuUPDATER
 fuRESTORE