Merge 50beeef63a into cc9c1d95ce

README.md

@@ -326,8 +326,8 @@ Once you are familiar with how things work you should choose a network you suspe
 | Distribution Name                                                                  | x64                                                                                                                                   | arm64                                                                                                                                   |
 | :--------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------- |
 | [Alma Linux OS 9.5 Boot ISO](https://almalinux.org)                                | [download](https://repo.almalinux.org/almalinux/9.5/isos/x86_64/AlmaLinux-9.5-x86_64-boot.iso)                                        | [download](https://repo.almalinux.org/almalinux/9.5/isos/aarch64/AlmaLinux-9.5-aarch64-boot.iso)                                        |
-| [Debian 12 Network Install](https://www.debian.org/CD/netinst/index.en.html)       | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.9.0-amd64-netinst.iso)                                 | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.9.0-arm64-netinst.iso)                                   |
-| [Fedora Server 41 Network Install](https://fedoraproject.org/server/download)      | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/iso/Fedora-Server-netinst-x86_64-41-1.4.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/41/Server/aarch64/iso/Fedora-Server-netinst-aarch64-41-1.4.iso) |
+| [Debian 12 Network Install](https://www.debian.org/CD/netinst/index.en.html)       | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.10.0-amd64-netinst.iso)                                 | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.10.0-arm64-netinst.iso)                                   |
+| [Fedora Server 42 Network Install](https://fedoraproject.org/server/download)      | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/iso/Fedora-Server-netinst-x86_64-42-1.1.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/aarch64/iso/Fedora-Server-netinst-aarch64-42-1.1.iso) |
 | [OpenSuse Tumbleweed Network Image](https://get.opensuse.org/tumbleweed/#download) | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso)                                   | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso)                      |
 | [Rocky Linux OS 9.5 Boot ISO](https://rockylinux.org/download)                     | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.5-x86_64-minimal.iso)                                      | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.5-aarch64-minimal.iso)                                      |
 | [Ubuntu 24.04.1 Live Server](https://ubuntu.com/download/server)                   | [download](https://releases.ubuntu.com/24.04/ubuntu-24.04.1-live-server-amd64.iso)                                                    | [download](https://cdimage.ubuntu.com/releases/24.04/release/ubuntu-24.04.1-live-server-arm64.iso)                                      |

docker/elk/elasticsearch/Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
-ENV ES_VER=8.17.3
+ENV ES_VER=8.17.5
 #
 # Include dist
 COPY dist/ /root/dist/

docker/elk/kibana/Dockerfile

@@ -1,5 +1,5 @@
 FROM node:20.18.2-alpine3.20
-ENV KB_VER=8.17.3
+ENV KB_VER=8.17.5
 #
 # Include dist
 COPY dist/ /root/dist/

docker/elk/logstash/Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
-ENV LS_VER=8.17.3
+ENV LS_VER=8.17.5
 #
 # Include dist
 COPY dist/ /root/dist/

docker/ewsposter/Dockerfile

@@ -33,8 +33,8 @@ RUN apk --no-cache -U upgrade && \
 			xmljson && \
 #
 # Setup ewsposter
-#    git clone https://github.com/telekom-security/ewsposter -b V1.30.0 /opt/ewsposter && \
-	git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \
+    git clone https://github.com/telekom-security/ewsposter /opt/ewsposter && \
+#    git clone https://github.com/telekom-security/ewsposter -b v1.32 /opt/ewsposter && \
     mkdir -p /opt/ewsposter/spool /opt/ewsposter/log && \
 #
 # Setup user and groups

docker/ewsposter/dist/ews.cfg

@@ -51,7 +51,7 @@ logfile = /data/adbhoney/log/adbhoney.json
 malwaredir = /data/adbhoney/downloads
 
 [BEELZEBUB]
-beelzebub = false
+beelzebub = true
 nodeid = beelzebub-community-01
 logfile = /data/beelzebub/log/beelzebub.json
 
@@ -101,11 +101,6 @@ endlessh = true
 nodeid = endlessh-community-01
 logfile = /data/endlessh/log/endlessh.log
 
-[FATT]
-fatt = false
-nodeid = fatt-community-01
-logfile = /data/fatt/log/fatt.log
-
 [GALAH]
 galah = true
 nodeid = galah-community-01
@@ -122,7 +117,7 @@ nodeid = gopot-community-01
 logfile = /data/go-pot/log/go-pot.json
 
 [H0NEYTR4P]
-h0neytr4p = false
+h0neytr4p = true
 nodeid = h0neytr4p-community-01
 logfile = /data/h0neytr4p/log/log.json
 payloaddir = /data/h04neytr4p/payload
@@ -189,11 +184,6 @@ sentrypeer = true
 nodeid = sentrypeer-community-01
 logfile = /data/sentrypeer/log/sentrypeer.json
 
-[SURICATA]
-suricata = false
-nodeid = suricata-community-01
-logfile = /data/suricata/log/eve.json
-
 [TANNER]
 tanner = true
 nodeid = tanner-community-01
@@ -202,4 +192,4 @@ logfile = /data/tanner/log/tanner_report.json
 [WORDPOT]
 wordpot = true
 nodeid = wordpot-community-01
-logfile = /data/wordpot/log/wordpot.log
+logfile = /data/wordpot/log/wordpot.log

docker/ewsposter/dist/ews.cfg.backup

@@ -0,0 +1,205 @@
+[MAIN]
+homedir = /opt/ewsposter/
+spooldir = /opt/ewsposter/spool/
+logdir = /opt/ewsposter/log/
+del_malware_after_send = false
+send_malware = false
+sendlimit = 5000
+contact = your_email_address
+proxy = None
+ip_int = None
+ip_ext = None
+
+[EWS]
+ews = true
+username = community-01-user
+token = foth{a5maiCee8fineu7
+rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
+rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
+ignorecert = false
+
+[HPFEED]
+hpfeed = %(EWS_HPFEEDS_ENABLE)s
+host = %(EWS_HPFEEDS_HOST)s
+port = %(EWS_HPFEEDS_PORT)s
+channels = %(EWS_HPFEEDS_CHANNELS)s
+ident = %(EWS_HPFEEDS_IDENT)s
+secret= %(EWS_HPFEEDS_SECRET)s
+# path/to/certificate for tls broker - or "false" for non-tls broker
+tlscert = %(EWS_HPFEEDS_TLSCERT)s
+# hpfeeds submission format: "ews" (xml) or "json"
+hpfformat = %(EWS_HPFEEDS_FORMAT)s
+
+[EWSJSON]
+json = false
+jsondir = /data/ews/json/
+
+[INFLUXDB]
+influxdb = false
+host = http://localhost
+port = 8086
+username = <your username for influx 1.8>
+password = <your password for influx 1.8>
+token = <your token for influx 2.0>
+bucket = <your bucket/database for 2.0/1.8>
+org = <your org for influx 2.0>
+
+[ADBHONEY]
+adbhoney = true
+nodeid = adbhoney-community-01
+logfile = /data/adbhoney/log/adbhoney.json
+malwaredir = /data/adbhoney/downloads
+
+[BEELZEBUB]
+beelzebub = true
+nodeid = beelzebub-community-01
+logfile = /data/beelzebub/log/beelzebub.json
+
+[CISCOASA]
+ciscoasa = true
+nodeid = ciscoasa-community-01
+logfile = /data/ciscoasa/log/ciscoasa.log
+
+[CITRIX]
+citrix = true
+nodeid = citrix-community-01
+logfile = /data/citrixhoneypot/logs/server.log
+
+[CONPOT]
+conpot = true
+nodeid = conpot-community-01
+logdir = /data/conpot/log
+
+[COWRIE]
+cowrie = true
+nodeid = cowrie-community-01
+logfile = /data/cowrie/log/cowrie.json
+
+[DDOSPOT]
+ddospot = true
+nodeid = ddospot-community-01
+logdir = /data/ddospot/log
+
+[DICOMPOT]
+dicompot = true
+nodeid = dicompot-community-01
+logfile = /data/dicompot/log/dicompot.log
+
+[DIONAEA]
+dionaea = true
+nodeid = dionaea-community-01
+malwaredir = /data/dionaea/binaries/
+sqlitedb = /data/dionaea/log/dionaea.sqlite
+
+[ELASTICPOT]
+elasticpot = true
+nodeid = elasticpot-community-01
+logfile = /data/elasticpot/log/elasticpot.json
+
+[ENDLESSH]
+endlessh = true
+nodeid = endlessh-community-01
+logfile = /data/endlessh/log/endlessh.log
+
+[FATT]
+fatt = false
+nodeid = fatt-community-01
+logfile = /data/fatt/log/fatt.log
+
+[GALAH]
+galah = true
+nodeid = galah-community-01
+logfile = /data/galah/log/galah.json
+
+[GLUTTON]
+glutton = true
+nodeid = glutton-community-01
+logfile = /data/glutton/log/glutton.log
+
+[GOPOT]
+gopot = true
+nodeid = gopot-community-01
+logfile = /data/go-pot/log/go-pot.json
+
+[H0NEYTR4P]
+h0neytr4p = true
+nodeid = h0neytr4p-community-01
+logfile = /data/h0neytr4p/log/log.json
+payloaddir = /data/h04neytr4p/payload
+
+[HELLPOT]
+hellpot = true
+nodeid = hellpot-community-01
+logfile = /data/hellpot/log/hellpot.log
+
+[HERALDING]
+heralding = true
+nodeid = heralding-community-01
+logfile = /data/heralding/log/auth.csv
+
+[HONEYAML]
+honeyaml = true
+nodeid = honeyaml-community-01
+logfile = /data/honeyaml/log/honeyaml.log
+
+[HONEYPOTS]
+honeypots = true
+nodeid = honeypots-community-01
+logdir = /data/honeypots/log
+
+[HONEYTRAP]
+honeytrap = true
+nodeid = honeytrap-community-01
+newversion = true
+payloaddir = /data/honeytrap/attacks/
+attackerfile = /data/honeytrap/log/attacker.log
+
+[IPPHONEY]
+ipphoney = true
+nodeid = ipphoney-community-01
+logfile = /data/ipphoney/log/ipphoney.json
+
+[LOG4POT]
+log4pot = true
+nodeid = log4pot-community-01
+logfile = /data/log4pot/log/log4pot.log
+
+[MAILONEY]
+mailoney = true
+nodeid = mailoney-community-01
+logfile = /data/mailoney/log/commands.log
+
+[MEDPOT]
+medpot = true
+nodeid = medpot-community-01
+logfile = /data/medpot/log/medpot.log
+
+[MINIPRINT]
+miniprint = true
+nodeid = miniprint-community-01
+logfile = /data/miniprint/log/miniprint.json
+
+[REDISHONEYPOT]
+redishoneypot = true
+nodeid = redishoneypot-community-01
+logfile = /data/redishoneypot/log/redishoneypot.log
+
+[SENTRYPEER]
+sentrypeer = true
+nodeid = sentrypeer-community-01
+logfile = /data/sentrypeer/log/sentrypeer.json
+
+[SURICATA]
+suricata = false
+nodeid = suricata-community-01
+logfile = /data/suricata/log/eve.json
+
+[TANNER]
+tanner = true
+nodeid = tanner-community-01
+logfile = /data/tanner/log/tanner_report.json
+
+[WORDPOT]
+wordpot = true
+nodeid = wordpot-community-01
+logfile = /data/wordpot/log/wordpot.log

install.sh

@@ -1,5 +1,67 @@
 #!/usr/bin/env bash
 
+
+print_help() {
+  echo "Usage: $0 [-s y|n] [-t h|s|l|i|m|t] -u <webuser name> -p <password for web user>"
+  echo "  -s: yes or no (optional)"
+  echo "  -t: h (host),s (sensor), l (llm), i(mini),m(mobile),t(tarpit) (optional)"
+  echo "  -u: web username (optional)"
+  echo "  -p: password for web user (optional)"
+  exit 1
+}
+
+validate_s() {
+  if [[ -n "$myQST" ]]; then
+    if [[ "$myQST" =~ ^[yYnN]$ ]]; then
+      return 1 # Valid
+    else
+      print_help
+    fi
+  else
+    print_help
+  fi
+
+}
+
+validate_t() {
+  if [[ -n "$myTPOT_TYPE" ]]; then
+    if [[ "$myTPOT_TYPE" =~ ^[hslimtHSLIMT]$ ]]; then
+      return 1 # Valid
+    else
+      print_help
+    fi
+  else
+    print_help
+  fi
+
+}
+
+while getopts ":s:t:u:p:" opt; do
+  case "$opt" in
+  s)
+    myQST="${OPTARG}"
+    validate_s
+    ;;
+  t)
+    myTPOT_TYPE="${OPTARG}"
+    validate_t
+    ;;
+  u)
+    export myWEB_USER="${OPTARG}"
+    ;;
+  p)
+    export myWEB_PW="${OPTARG}"
+    ;;
+  :)
+    echo "Option -${OPTARG} requires an argument."
+    print_help
+    exit 1
+    ;;
+  \?)
+    print_help
+    ;;
+  esac
+done
 myINSTALL_NOTIFICATION="### Now installing required packages ..."
 myUSER=$(whoami)
 myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env"
@@ -43,12 +105,13 @@ echo "$myINSTALLER"
 echo
 echo
 echo "### This script will now install T-Pot and all of its dependencies."
-while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ];
-  do
+if [[ -z "$myQST" ]]; then
+  while [ "${myQST}" != "y" ] && [ "${myQST}" != "n" ]; do
     echo
     read -p "### Install? (y/n) " myQST
     echo
   done
+fi
 if [ "${myQST}" = "n" ];
   then
     echo
@@ -183,7 +246,10 @@ echo "###            Feed data endlessly to attackers, bots and scanners."
 echo "###            Also runs a Denial of Service Honeypot (ddospot)."
 echo
 while true; do
-  read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE
+  if [[ -z "$myTPOT_TYPE" ]]; then
+    read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE
+  fi  
+  
   case "${myTPOT_TYPE}" in
     h|H)
       echo
@@ -234,75 +300,71 @@ done
 if [ "${myTPOT_TYPE}" == "HIVE" ];
   # If T-Pot Type is HIVE ask for WebUI username and password
   then
-	# Preparing web user for T-Pot
-	echo
-	echo "### T-Pot User Configuration ..."
-	echo
-	# Asking for web user name
-	myWEB_USER=""
-	while [ 1 != 2 ];
-	  do
-	    myOK=""
-	    read -rp "### Enter your web user name: " myWEB_USER
-	    myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-")
-	    echo "### Your username is: ${myWEB_USER}"
-	    while [[ ! "${myOK}" =~ [YyNn] ]];
-	      do
-	        read -rp "### Is this correct? (y/n) " myOK
-	      done
-	    if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ];
-	      then
-	        break
-	      else
-	        echo
-	    fi
-	  done
+  # Preparing web user for T-Pot
+  echo
+  echo "### T-Pot User Configuration ..."
+  echo
+  # Asking for web user name
+  if [[ -z "$myWEB_USER" ]]; then
+    myWEB_USER=""
+    while [ 1 != 2 ]; do
+      myOK=""
+      read -rp "### Enter your web user name: " myWEB_USER
+      myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-")
+      echo "### Your username is: ${myWEB_USER}"
+      while [[ ! "${myOK}" =~ [YyNn] ]]; do    
+        read -rp "### Is this correct? (y/n) " myOK
+      done
+      if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ]; then
+        break
+      else
+        echo
+      fi
+    done
+  fi
 
-	# Asking for web user password
-	myWEB_PW="pass1"
-	myWEB_PW2="pass2"
-	mySECURE=0
-	myOK=""
-	while [ "${myWEB_PW}" != "${myWEB_PW2}"  ] && [ "${mySECURE}" == "0" ]
-	  do
-	    echo
-	    while [ "${myWEB_PW}" == "pass1"  ] || [ "${myWEB_PW}" == "" ]
-	      do
-	        read -rsp "### Enter password for your web user: " myWEB_PW
-	        echo
-	      done
-	    read -rsp "### Repeat password you your web user: " myWEB_PW2
-	    echo
-	    if [ "${myWEB_PW}" != "${myWEB_PW2}" ];
-	      then
-	        echo "### Passwords do not match."
-	        myWEB_PW="pass1"
-	        myWEB_PW2="pass2"
-	    fi
-	    mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK")
-	    if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ];
-	      then
-	        while [[ ! "${myOK}" =~ [YyNn] ]];
-	          do
-	            read -rp "### Keep insecure password? (y/n) " myOK
-	          done
-	        if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ];
-	          then
-	            myWEB_PW="pass1"
-	            myWEB_PW2="pass2"
-	            mySECURE=0
-	            myOK=""
-	        fi
-	    fi
-	done
+  # Asking for web user password
+  if [[ -z "$myWEB_PW" ]]; then
+    myWEB_PW="pass1"
+    myWEB_PW2="pass2"
+    mySECURE=0
+    myOK=""
+    while [ "${myWEB_PW}" != "${myWEB_PW2}" ] && [ "${mySECURE}" == "0" ]; do
+      echo
+      while [ "${myWEB_PW}" == "pass1" ] || [ "${myWEB_PW}" == "" ]; do
+        read -rsp "### Enter password for your web user: " myWEB_PW
+        echo
+      done
+      read -rsp "### Repeat password you your web user: " myWEB_PW2
+      echo
+      if [ "${myWEB_PW}" != "${myWEB_PW2}" ]; then
+        echo "### Passwords do not match."
+        myWEB_PW="pass1"
+        myWEB_PW2="pass2"
+      fi
+      mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK")
+      if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ]; then
+        while [[ ! "${myOK}" =~ [YyNn] ]]; do
+          read -rp "### Keep insecure password? (y/n) " myOK
+        done
+        if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ]; then
+          myWEB_PW="pass1"
+          myWEB_PW2="pass2"
+          mySECURE=0
+          myOK=""
+        fi
+      fi
+    done
+  fi
 
-	# Write username and password to T-Pot config file
-	echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"
-	myWEB_USER_ENC=$(htpasswd -b -n "${myWEB_USER}" "${myWEB_PW}")
+
+  # Write username and password to T-Pot config file
+  echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}"
+  myWEB_USER_ENC=$(htpasswd -b -n "${myWEB_USER}" "${myWEB_PW}")
     myWEB_USER_ENC_B64=$(echo -n "${myWEB_USER_ENC}" | base64 -w0)
     
-	echo
-	sed -i "s|^WEB_USER=.*|WEB_USER=${myWEB_USER_ENC_B64}|" ${myTPOT_CONF_FILE}
+  echo
+  sed -i "s|^WEB_USER=.*|WEB_USER=${myWEB_USER_ENC_B64}|" ${myTPOT_CONF_FILE}
 fi
 
 # Pull docker images