Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-11-01 21:12:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Compare commits

base: Alex-Devera:a40be1e021da97bfd797ce2158fa66e014498792
Branches Tags
Alex-Devera:master
Alex-Devera:dependabot/github_actions/dot-github/workflows/lycheeverse/lychee-action-2.0.2
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10
...
compare: Alex-Devera:5675cd9e1cf1f5bfa64db1522ece490afc897ad5
Branches Tags
Alex-Devera:master
Alex-Devera:dependabot/github_actions/dot-github/workflows/lycheeverse/lychee-action-2.0.2
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10

6 commits
a40be1e021 ... 5675cd9e1c

Author SHA1 Message Date
M Rizky Satrio
5675cd9e1c
Merge 50beeef63a into 6933ee0065 2025-06-18 12:50:43 -04:00
t3chn0m4g3
6933ee0065 bump elastic stack to 8.18.2 2025-06-14 13:03:27 +02:00
t3chn0m4g3
8fd23d7796 setup multiarch builder 2025-06-14 12:22:04 +02:00
t3chn0m4g3
8a59696a5c prep sentrypeer for v4.0.4 2025-06-13 20:28:27 +02:00
t3chn0m4g3
1d2592bb30 prep for rebuild, bump map to 2.2.7 2025-06-13 19:46:29 +02:00
rsatrio
50beeef63a feat: flags in install.sh for silent installation 2025-03-15 10:26:32 +07:00
10 changed files with 149 additions and 79 deletions
Show stats Expand all files Collapse all files

2
docker/_builder/builder.sh
View file

@ -132,7 +132,7 @@ fi
# Ensure QEMU is set up for cross-platform builds # Ensure QEMU is set up for cross-platform builds
echo -n "Ensuring QEMU is configured for cross-platform builds..." echo -n "Ensuring QEMU is configured for cross-platform builds..."
if docker run --rm --privileged multiarch/qemu-user-static --reset -p yes > /dev/null 2>&1; then if docker run --rm --privileged tonistiigi/binfmt --install all > /dev/null 2>&1; then
echo -e " [${GREEN}OK${NC}]" echo -e " [${GREEN}OK${NC}]"
else else
echo -e " [${RED}FAIL${NC}]" echo -e " [${RED}FAIL${NC}]"

7
docker/_builder/setup_builder.sh
View file

@ -19,8 +19,7 @@ fi
if [ "$1" != "-y" ]; then if [ "$1" != "-y" ]; then
echo "### Setting up Docker for Multi-Arch Builds." echo "### Setting up Docker for Multi-Arch Builds."
echo "### Requires Docker packages from https://get.docker.com/" echo "### Requires Docker packages from https://get.docker.com/"
echo "### Use on x64 only!" echo "### Run with -y if you meet the requirements!"
echo "### Run with -y if you fit the requirements!"
exit 0 exit 0
fi fi
@ -42,7 +41,7 @@ fi
# Ensure QEMU is set up for cross-platform builds # Ensure QEMU is set up for cross-platform builds
echo -n "Ensuring QEMU is configured for cross-platform builds..." echo -n "Ensuring QEMU is configured for cross-platform builds..."
if docker run --rm --privileged multiarch/qemu-user-static --reset -p yes >/dev/null 2>&1; then if docker run --rm --privileged tonistiigi/binfmt --install all >/dev/null 2>&1; then
echo -e " [${GREEN}OK${NC}]" echo -e " [${GREEN}OK${NC}]"
else else
echo -e " [${RED}FAIL${NC}]" echo -e " [${RED}FAIL${NC}]"
@ -95,5 +94,5 @@ echo " docker login -u <username>"
echo " docker login ghcr.io -u <username>" echo " docker login ghcr.io -u <username>"
echo echo
echo -e "${BLUE}Fix segmentation faults when building arm64 images:${NC}" echo -e "${BLUE}Fix segmentation faults when building arm64 images:${NC}"
echo " docker run --rm --privileged multiarch/qemu-user-static --reset -p yes" echo " docker buildx rm mybuilder && docker run --rm --privileged tonistiigi/binfmt --install all"
echo echo

2
docker/elk/elasticsearch/Dockerfile
View file

@ -1,6 +1,6 @@
FROM ubuntu:24.04 FROM ubuntu:24.04
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
ENV ES_VER=8.18.1 ENV ES_VER=8.18.2
# #
# Include dist # Include dist
COPY dist/ /root/dist/ COPY dist/ /root/dist/

2
docker/elk/kibana/Dockerfile
View file

@ -1,5 +1,5 @@
FROM node:20.18.2-alpine3.20 FROM node:20.18.2-alpine3.20
ENV KB_VER=8.18.1 ENV KB_VER=8.18.2
# #
# Include dist # Include dist
COPY dist/ /root/dist/ COPY dist/ /root/dist/

2
docker/elk/logstash/Dockerfile
View file

@ -1,6 +1,6 @@
FROM ubuntu:24.04 FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive ENV DEBIAN_FRONTEND=noninteractive
ENV LS_VER=8.18.1 ENV LS_VER=8.18.2
# #
# Include dist # Include dist
COPY dist/ /root/dist/ COPY dist/ /root/dist/

2
docker/elk/map/Dockerfile
View file

@ -14,7 +14,7 @@ RUN apk --no-cache -U upgrade && \
# Install from GitHub and setup # Install from GitHub and setup
mkdir -p /opt && \ mkdir -p /opt && \
cd /opt/ && \ cd /opt/ && \
git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.6 && \ git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.7 && \
cd t-pot-attack-map && \ cd t-pot-attack-map && \
pip3 install --break-system-packages --upgrade pip && \ pip3 install --break-system-packages --upgrade pip && \
pip3 install --break-system-packages -r requirements.txt && \ pip3 install --break-system-packages -r requirements.txt && \

8
docker/sentrypeer/Dockerfile
View file

@ -1,5 +1,8 @@
FROM alpine:edge FROM alpine:edge
# #
# Include dist
COPY dist/ /root/dist/
#
# Install packages # Install packages
RUN apk -U upgrade --no-cache && \ RUN apk -U upgrade --no-cache && \
apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \ apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
@ -8,7 +11,9 @@ RUN apk -U upgrade --no-cache && \
# Setup user, groups and configs # Setup user, groups and configs
mkdir -p /var/log/sentrypeer && \ mkdir -p /var/log/sentrypeer && \
addgroup -g 2000 sentrypeer && \ addgroup -g 2000 sentrypeer && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 sentrypeer && \ adduser -S -s /bin/ash -u 2000 -D -g 2000 sentrypeer && \
mkdir -p /home/sentrypeer/.config/sentrypeer && \
cp /root/dist/default-config.toml /home/sentrypeer/.config/sentrypeer && \
chown -R sentrypeer:sentrypeer /usr/bin/sentrypeer && \ chown -R sentrypeer:sentrypeer /usr/bin/sentrypeer && \
# #
# Clean up # Clean up
@ -18,4 +23,5 @@ RUN apk -U upgrade --no-cache && \
# Set workdir and start sentrypeer # Set workdir and start sentrypeer
STOPSIGNAL SIGKILL STOPSIGNAL SIGKILL
USER sentrypeer:sentrypeer USER sentrypeer:sentrypeer
WORKDIR /var/log/sentrypeer/
CMD /usr/bin/sentrypeer -jar -f /var/log/sentrypeer/sentrypeer.db -l /var/log/sentrypeer/sentrypeer.json CMD /usr/bin/sentrypeer -jar -f /var/log/sentrypeer/sentrypeer.db -l /var/log/sentrypeer/sentrypeer.json

3
docker/sentrypeer/dist/default-config.toml vendored Normal file
View file

@ -0,0 +1,3 @@
cert = "cert.pem"
key = "key.pem"
tls_listen_address = "0.0.0.0:5061"

2
docker/sentrypeer/docker-compose.yml
View file

@ -22,7 +22,7 @@ services:
- "5060:5060/udp" - "5060:5060/udp"
- "5060:5060/tcp" - "5060:5060/tcp"
# - "127.0.0.1:8082:8082" # - "127.0.0.1:8082:8082"
image: "dtagdevsec/sentrypeer:24.04" image: "ghcr.io/telekom-security/sentrypeer:testing"
read_only: true read_only: true
volumes: volumes:
- $HOME/tpotce/data/sentrypeer/log:/var/log/sentrypeer - $HOME/tpotce/data/sentrypeer/log:/var/log/sentrypeer

102
install.sh
View file

@ -1,5 +1,67 @@
#!/usr/bin/env bash #!/usr/bin/env bash
print_help() {
echo "Usage: $0 [-s y|n] [-t h|s|l|i|m|t] -u <webuser name> -p <password for web user>"
echo " -s: yes or no (optional)"
echo " -t: h (host),s (sensor), l (llm), i(mini),m(mobile),t(tarpit) (optional)"
echo " -u: web username (optional)"
echo " -p: password for web user (optional)"
exit 1
}
validate_s() {
if [[ -n "$myQST" ]]; then
if [[ "$myQST" =~ ^[yYnN]$ ]]; then
return 1 # Valid
else
print_help
fi
else
print_help
fi
}
validate_t() {
if [[ -n "$myTPOT_TYPE" ]]; then
if [[ "$myTPOT_TYPE" =~ ^[hslimtHSLIMT]$ ]]; then
return 1 # Valid
else
print_help
fi
else
print_help
fi
}
while getopts ":s:t:u:p:" opt; do
case "$opt" in
s)
myQST="${OPTARG}"
validate_s
;;
t)
myTPOT_TYPE="${OPTARG}"
validate_t
;;
u)
export myWEB_USER="${OPTARG}"
;;
p)
export myWEB_PW="${OPTARG}"
;;
:)
echo "Option -${OPTARG} requires an argument."
print_help
exit 1
;;
\?)
print_help
;;
esac
done
myINSTALL_NOTIFICATION="### Now installing required packages ..." myINSTALL_NOTIFICATION="### Now installing required packages ..."
myUSER=$(whoami) myUSER=$(whoami)
myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env" myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env"
@ -43,12 +105,13 @@ echo "$myINSTALLER"
echo echo
echo echo
echo "### This script will now install T-Pot and all of its dependencies." echo "### This script will now install T-Pot and all of its dependencies."
while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ]; if [[ -z "$myQST" ]]; then
do while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ]; do
echo echo
read -p "### Install? (y/n) " myQST read -p "### Install? (y/n) " myQST
echo echo
done done
fi
if [ "${myQST}" = "n" ]; if [ "${myQST}" = "n" ];
then then
echo echo
@ -183,7 +246,10 @@ echo "### Feed data endlessly to attackers, bots and scanners."
echo "### Also runs a Denial of Service Honeypot (ddospot)." echo "### Also runs a Denial of Service Honeypot (ddospot)."
echo echo
while true; do while true; do
if [[ -z "$myTPOT_TYPE" ]]; then
read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE
fi
case "${myTPOT_TYPE}" in case "${myTPOT_TYPE}" in
h|H) h|H)
echo echo
@ -239,55 +305,49 @@ if [ "${myTPOT_TYPE}" == "HIVE" ];
echo "### T-Pot User Configuration ..." echo "### T-Pot User Configuration ..."
echo echo
# Asking for web user name # Asking for web user name
if [[ -z "$myWEB_USER" ]]; then
myWEB_USER="" myWEB_USER=""
while [ 1 != 2 ]; while [ 1 != 2 ]; do
do
myOK="" myOK=""
read -rp "### Enter your web user name: " myWEB_USER read -rp "### Enter your web user name: " myWEB_USER
myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-") myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-")
echo "### Your username is: ${myWEB_USER}" echo "### Your username is: ${myWEB_USER}"
while [[ ! "${myOK}" =~ [YyNn] ]]; while [[ ! "${myOK}" =~ [YyNn] ]]; do
do
read -rp "### Is this correct? (y/n) " myOK read -rp "### Is this correct? (y/n) " myOK
done done
if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ]; if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ]; then
then
break break
else else
echo echo
fi fi
done done
fi
# Asking for web user password # Asking for web user password
if [[ -z "$myWEB_PW" ]]; then
myWEB_PW="pass1" myWEB_PW="pass1"
myWEB_PW2="pass2" myWEB_PW2="pass2"
mySECURE=0 mySECURE=0
myOK="" myOK=""
while [ "${myWEB_PW}" != "${myWEB_PW2}" ] && [ "${mySECURE}" == "0" ] while [ "${myWEB_PW}" != "${myWEB_PW2}" ] && [ "${mySECURE}" == "0" ]; do
do
echo echo
while [ "${myWEB_PW}" == "pass1" ] || [ "${myWEB_PW}" == "" ] while [ "${myWEB_PW}" == "pass1" ] || [ "${myWEB_PW}" == "" ]; do
do
read -rsp "### Enter password for your web user: " myWEB_PW read -rsp "### Enter password for your web user: " myWEB_PW
echo echo
done done
read -rsp "### Repeat password you your web user: " myWEB_PW2 read -rsp "### Repeat password you your web user: " myWEB_PW2
echo echo
if [ "${myWEB_PW}" != "${myWEB_PW2}" ]; if [ "${myWEB_PW}" != "${myWEB_PW2}" ]; then
then
echo "### Passwords do not match." echo "### Passwords do not match."
myWEB_PW="pass1" myWEB_PW="pass1"
myWEB_PW2="pass2" myWEB_PW2="pass2"
fi fi
mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK") mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK")
if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ]; if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ]; then
then while [[ ! "${myOK}" =~ [YyNn] ]]; do
while [[ ! "${myOK}" =~ [YyNn] ]];
do
read -rp "### Keep insecure password? (y/n) " myOK read -rp "### Keep insecure password? (y/n) " myOK
done done
if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ]; if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ]; then
then
myWEB_PW="pass1" myWEB_PW="pass1"
myWEB_PW2="pass2" myWEB_PW2="pass2"
mySECURE=0 mySECURE=0
@ -295,6 +355,8 @@ if [ "${myTPOT_TYPE}" == "HIVE" ];
fi fi
fi fi
done done
fi
# Write username and password to T-Pot config file # Write username and password to T-Pot config file
echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}" echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"