Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2026-03-11 10:53:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Compare commits

base: Alex-Devera:9857363c909a9e33c428e0155cdd5e6220c2459e
Branches Tags
Alex-Devera:master
Alex-Devera:dependabot/github_actions/dot-github/workflows/lycheeverse/lychee-action-2.0.2
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10
...
compare: Alex-Devera:758932efe33e29c165ae09f42c3e85acdfb26332
Branches Tags
Alex-Devera:master
Alex-Devera:dependabot/github_actions/dot-github/workflows/lycheeverse/lychee-action-2.0.2
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10

17 commits
9857363c90 ... 758932efe3

Author SHA1 Message Date
dz
758932efe3
Merge cbcf7871ec into 39193ecd98 2026-01-06 23:55:56 +01:00
t3chn0m4g3
39193ecd98 Refresh nginx container (i.e. esvue) for ELK 9.2.3 support 2026-01-06 13:41:54 +01:00
t3chn0m4g3
fdf9be3e6f Prepare for Elastic Stack 9.2.3 2026-01-05 20:14:57 +01:00
Daniel Ortiz
cbcf7871ec update, refactory to master 2025-07-12 21:23:12 -04:00
Daniel Ortiz
c38fab7670 update, refactory to master 2025-07-12 21:22:27 -04:00
Daniel Ortiz
444b181075 update, refactory to master 2025-07-12 21:21:44 -04:00
Daniel Ortiz
59c6672df7 update, refactory to master 2025-07-12 21:03:48 -04:00
Daniel Ortiz
87733c6b65 update 2025-07-12 21:00:06 -04:00
Daniel Ortiz
f609e20567 update 2025-07-12 20:58:46 -04:00
Daniel Ortiz
78acb5f5c0 update 2025-07-12 20:52:11 -04:00
Daniel Ortiz
99abefe98e update 2025-07-12 20:51:47 -04:00
Daniel Ortiz
82147ba4bd update 2025-07-12 20:44:57 -04:00
Daniel Ortiz
a7af16f69a momentarily changes the fork branch 2025-07-12 20:41:20 -04:00
Daniel Ortiz
5e333eba59 momentarily changes the fork branch 2025-07-12 20:39:02 -04:00
Daniel Ortiz
c2748f9904 momentarily changes the fork branch 2025-07-12 20:37:00 -04:00
Daniel Ortiz
d94207e56e update update.sh, discriminate whether it is SENSOR or HIVE 2025-07-12 20:33:09 -04:00
Daniel Ortiz
cb8933cddb update update.sh, discriminate whether it is SENSOR or HIVE 2025-07-12 20:31:18 -04:00
16 changed files with 420 additions and 56 deletions
Show stats Expand all files Collapse all files

2
docker/elk/elasticsearch/Dockerfile
View file

@ -1,6 +1,6 @@
FROM ubuntu:24.04 FROM ubuntu:24.04
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
ENV ES_VER=8.19.2 ENV ES_VER=9.2.3
# #
# Include dist # Include dist
COPY dist/ /root/dist/ COPY dist/ /root/dist/

4
docker/elk/kibana/Dockerfile
View file

@ -1,5 +1,5 @@
FROM node:22.17.1-alpine3.22 FROM node:22.21.1-alpine3.23
ENV KB_VER=8.19.2 ENV KB_VER=9.2.3
# #
# Include dist # Include dist
COPY dist/ /root/dist/ COPY dist/ /root/dist/

2
docker/elk/logstash/Dockerfile
View file

@ -1,6 +1,6 @@
FROM ubuntu:24.04 FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive ENV DEBIAN_FRONTEND=noninteractive
ENV LS_VER=8.19.2 ENV LS_VER=9.2.3
# #
# Include dist # Include dist
COPY dist/ /root/dist/ COPY dist/ /root/dist/

2
docker/nginx/Dockerfile
View file

@ -1,4 +1,4 @@
FROM alpine:3.20 FROM alpine:3.23
# #
# Include dist # Include dist
COPY dist/ /root/dist/ COPY dist/ /root/dist/

1
docker/nginx/builder/cyberchef/Dockerfile
View file

@ -1,4 +1,3 @@
#FROM node:17.9.0-alpine3.15 as builder
FROM node:18-alpine as builder FROM node:18-alpine as builder
# #
# Prep and build Cyberchef # Prep and build Cyberchef

12
docker/nginx/builder/esvue/Dockerfile
View file

@ -1,24 +1,22 @@
### elasticvue build is currently broken, issue has been opened https://github.com/cars10/elasticvue/issues/215 ### elasticvue build is currently broken, issue has been opened https://github.com/cars10/elasticvue/issues/215
### in the meantime we are using the older dist, if not resolved we need to find a different solution ### in the meantime we are using the older dist, if not resolved we need to find a different solution
FROM node:22.5.1-alpine AS builder FROM node:22.21.1-alpine AS builder
# #
# Prep and build Elasticvue # Prep and build Elasticvue
RUN apk -U --no-cache add git && \ RUN apk -U --no-cache add git && \
git clone https://github.com/cars10/elasticvue -b v1.7.0 /opt/src && \ git clone https://github.com/cars10/elasticvue -b v1.11.1 /opt/src && \
# We need to adjust consts.ts so the user has connection suggestion for reverse proxied ES # We need to adjust consts.ts so the user has connection suggestion for reverse proxied ES
sed -i "s#export const DEFAULT_CLUSTER_URI = 'http://localhost:9200'#export const DEFAULT_CLUSTER_URI = window.location.origin + '/es'#g" /opt/src/src/consts.ts && \ sed -i "s#export const DEFAULT_CLUSTER_URI = 'http://localhost:9200'#export const DEFAULT_CLUSTER_URI = window.location.origin + '/es'#g" /opt/src/src/consts.ts && \
sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/index.html && \ sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/index.html && \
mkdir /opt/app && \ mkdir /opt/app && \
cd /opt/app && \ cd /opt/app && \
corepack enable && \
cp /opt/src/package.json . && \ cp /opt/src/package.json . && \
cp /opt/src/yarn.lock . && \ cp /opt/src/package-lock.json . && \
cp /opt/src/.yarnrc.yml . && \ npm install && \
yarn install && \
cp -R /opt/src/* . && \ cp -R /opt/src/* . && \
export VITE_APP_BUILD_MODE=docker && \ export VITE_APP_BUILD_MODE=docker && \
export VITE_APP_PUBLIC_PATH="/elasticvue/" && \ export VITE_APP_PUBLIC_PATH="/elasticvue/" && \
yarn build && \ npm run build && \
cd dist && \ cd dist && \
tar cvfz esvue.tgz * tar cvfz esvue.tgz *
# #

BIN
docker/nginx/dist/html/cyberchef/cyberchef.tgz vendored
View file

Binary file not shown.

BIN
docker/nginx/dist/html/esvue/esvue.tgz vendored
View file

Binary file not shown.

2
docker/tpotinit/Dockerfile
View file

@ -1,4 +1,4 @@
FROM alpine:3.20 FROM alpine:3.23
# #
# Include dist # Include dist
COPY dist/ /opt/tpot/ COPY dist/ /opt/tpot/

38
docker/tpotinit/dist/bin/backup_es_folders.sh vendored
View file

@ -1,48 +1,14 @@
#!/bin/bash #!/bin/bash
if [ "$1" == "" ] || [ "$1" != "all" ] && [ "$1" != "base" ];
then
echo "Usage: backup_es_folders [all, base]"
echo " all = backup all ES folder"
echo " base = backup only Kibana index".
echo
exit
fi
# Backup all ES relevant folders
# Make sure ES is available
myES="http://127.0.0.1:64298/"
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
if ! [ "$myESSTATUS" = "1" ]
then
echo "### Elasticsearch is not available."
exit
else
echo "### Elasticsearch is available, now continuing."
echo
fi
# Set vars # Set vars
myDATE=$(date +%Y%m%d%H%M) myDATE=$(date +%Y%m%d%H%M)
myPATH=$PWD myPATH=$PWD
myELKPATH="data/elk/data" myELKPATH="data/elk/data"
myKIBANAINDEXNAMES=$(curl -s -XGET ''$myES'_cat/indices/.kibana_*?v&s=index&h=uuid' | tail -n +2)
#echo $myKIBANAINDEXNAMES
for i in $myKIBANAINDEXNAMES;
do
myKIBANAINDEXPATHS="$myKIBANAINDEXPATHS $myELKPATH/indices/$i"
done
# Backup DB in 2 flavors # Backup ES
cd $HOME/tpotce cd $HOME/tpotce
echo "### Now backing up Elasticsearch folders ..." echo "### Now backing up Elasticsearch folders ..."
if [ "$1" == "all" ]; tar cvfz $myPATH"/elkall_"$myDATE".tgz" $myELKPATH
then
tar cvfz $myPATH"/elkall_"$myDATE".tgz" $myELKPATH
elif [ "$1" == "base" ];
then
tar cvfz $myPATH"/elkbase_"$myDATE".tgz" $myKIBANAINDEXPATHS
fi
cd $myPATH cd $myPATH

34
docker/tpotinit/dist/bin/backup_kibana_config.sh vendored Executable file
View file

@ -0,0 +1,34 @@
#!/usr/bin/env bash
# Backup all Kibana objects
# Make sure Kibana is available
myKIBANA="http://127.0.0.1:64296"
myKIBANASTATUS=$(curl -s -f -o /dev/null "${myKIBANA}/api/status")
if ! [ "$?" = "0" ]
then
echo "### Kibana is not available."
exit
else
echo "### Kibana is available, now continuing."
echo
fi
# Export Kibana config
myDATE=$(date +%Y%m%d%H%M)
echo "### Exporting Kibana config."
curl -X POST "${myKIBANA}/api/saved_objects/_export" \
-H "kbn-xsrf: true" \
-H "Content-Type: application/json" \
-d '{
"type": "*",
"excludeExportDetails": true
}' \
-o kibana_export.ndjson
echo
echo "### Zipping Kibana config."
zip kibana_export.ndjson.zip kibana_export.ndjson
echo
echo "### Moving Kibana config and zip to ../etc/objects/"
mv kibana_export.* ../etc/objects

24
docker/tpotinit/dist/entrypoint.sh vendored
View file

@ -264,6 +264,7 @@ if [ -f "/data/uuid" ];
else else
figlet "Setting up ..." figlet "Setting up ..."
figlet "T-Pot: ${TPOT_VERSION}" figlet "T-Pot: ${TPOT_VERSION}"
myFIRSTRUN="true"
echo echo
echo "# Setting up data folder structure ..." echo "# Setting up data folder structure ..."
echo echo
@ -285,9 +286,8 @@ if [ -f "/data/uuid" ];
echo echo
create_web_users create_web_users
echo echo
echo "# Extracting objects, final touches and permissions ..." echo "# Final touches and permissions ..."
echo echo
tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C /
uuidgen > /data/uuid uuidgen > /data/uuid
fi fi
@ -370,6 +370,26 @@ figlet "T-Pot: ${TPOT_VERSION}"
echo echo
touch /tmp/success touch /tmp/success
# We need to push objects to Kibana if this is a Hive and a fresh install
if [ "${myFIRSTRUN}" == "true" ] && [ "${TPOT_TYPE}" == "HIVE" ];
then
myKIBANA_URL="http://127.0.0.1:64296"
myKIBANA_CONFIG="/opt/tpot/etc/objects/export.ndjson"
# Wait for Kibana to be available
until curl -s -f -o /dev/null "{$myKIBANA_URL}/api/status"; do
echo "# Waiting for Kibana to upload config..."
sleep 2
done
# Upload Kibana config
echo "# Now uploading config to Kibana."
curl -X POST "http://127.0.0.1:64296/api/saved_objects/_import?overwrite=true" \
-H "kbn-xsrf: true" \
--form file=@/opt/tpot/etc/objects/kibana_export.ndjson
echo "# Kibana config has been uploaded."
fi
# We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994) # We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
# Start autoheal if running on a supported os # Start autoheal if running on a supported os
if [ "${TPOT_OSTYPE}" == "linux" ]; if [ "${TPOT_OSTYPE}" == "linux" ];

BIN
docker/tpotinit/dist/etc/objects/elkbase.tgz vendored
View file

Binary file not shown.

303
docker/tpotinit/dist/etc/objects/kibana_export.ndjson vendored Normal file
View file

File diff suppressed because one or more lines are too long

BIN
docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip vendored
View file

Binary file not shown.

50
update.sh
View file

@ -53,6 +53,7 @@ function fuCHECKINET () {
function fuSELFUPDATE () { function fuSELFUPDATE () {
echo echo
echo "### Now checking for newer files in repository ..." echo "### Now checking for newer files in repository ..."
echo "### T-Pot... TPOT_TYPE is set to: $myTPOT_TYPE"
git fetch --all git fetch --all
myREMOTESTAT=$(git status | grep -c "up-to-date") myREMOTESTAT=$(git status | grep -c "up-to-date")
if [ "$myREMOTESTAT" != "0" ]; if [ "$myREMOTESTAT" != "0" ];
@ -67,13 +68,31 @@ function fuSELFUPDATE () {
echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE" echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE"
git reset --hard git reset --hard
git pull --force git pull --force
exec ./update.sh -y # check if myTPOT_TYPE is set
exit 1 if [ -z "$myTPOT_TYPE" ]; then
exec ./update.sh
else
exec ./update.sh -y $myTPOT_TYPE
fi
else else
echo "###### $myBLUE""Pulling updates from repository.""$myWHITE" echo "###### $myBLUE""Pulling updates from repository.""$myWHITE"
git reset --hard git reset --hard
git pull --force git pull --force
fi fi
if [ -z "$myTPOT_TYPE" ]; then
echo
else
grep -q "^TPOT_TYPE=" .env && sed -i "s/^TPOT_TYPE=.*/TPOT_TYPE=${myTPOT_TYPE}/" .env
echo "### T-Pot type set to: $myTPOT_TYPE in .env"
if [ "$myTPOT_TYPE" == "SENSOR" ]; then
echo "### Copying compose/sensor.yml to docker-compose.yml"
cp compose/sensor.yml docker-compose.yml
else
echo
fi
fi
exit 1
echo echo
} }
@ -194,6 +213,19 @@ function fuRESTORE () {
sed -i "s/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/" $HOME/tpotce/.env sed -i "s/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/" $HOME/tpotce/.env
} }
function fuREADTPOT_TYPE () {
if [ -f .env ]; then
# reads the TPOT_TYPE from the .env file
myTPOT_TYPE=$(grep -E '^TPOT_TYPE=' .env | cut -d '=' -f2)
# Verify if TPOT_TYPE is set
if [ -z "$myTPOT_TYPE" ]; then
myTPOT_TYPE="HIVE"
fi
else
myTPOT_TYPE="HIVE"
fi
}
################ ################
# Main section # # Main section #
################ ################
@ -211,11 +243,23 @@ if [ "$1" != "-y" ]; then
exit exit
fi fi
# if exists second argument, use it as T-Pot type, only if SENSOR or HIVE
if [ -n "$2" ]; then
if [[ "$2" == "SENSOR" || "$2" == "HIVE" ]]; then
myTPOT_TYPE="$2"
else
myTPOT_TYPE="HIVE"
fi
else
myTPOT_TYPE="HIVE"
fi
fuREADTPOT_TYPE
fuCHECK_VERSION fuCHECK_VERSION
fuCHECKINET "https://index.docker.io https://github.com" fuCHECKINET "https://index.docker.io https://github.com"
fuSTOP_TPOT fuSTOP_TPOT
fuBACKUP fuBACKUP
fuSELFUPDATE "$0" "$@" fuSELFUPDATE "$0" "$@" "$myTPOT_TYPE"
fuUPDATER fuUPDATER
fuRESTORE fuRESTORE