Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-10-27 02:34:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Compare commits

base: Alex-Devera:c8cdd59d61306b23cc69b803f2cdd1932315d0f2
Branches Tags
Alex-Devera:master
Alex-Devera:dependabot/github_actions/dot-github/workflows/lycheeverse/lychee-action-2.0.2
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10
..
compare: Alex-Devera:23d09e441df82acc0fb6ac13b7a398a2bcd094d2
Branches Tags
Alex-Devera:master
Alex-Devera:dependabot/github_actions/dot-github/workflows/lycheeverse/lychee-action-2.0.2
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10

1 commit
c8cdd59d61 ... 23d09e441d

Author SHA1 Message Date
dz
23d09e441d
Merge cbcf7871ec into f676f82ed0 2025-09-21 00:02:01 +10:00
5 changed files with 95 additions and 219 deletions
Show stats Expand all files Collapse all files

24
README.md
View file

@ -39,7 +39,6 @@ env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/in
- [Raspberry Pi 4 (8GB) Support](#raspberry-pi-4-8gb-support) - [Raspberry Pi 4 (8GB) Support](#raspberry-pi-4-8gb-support)
- [Get and install T-Pot](#get-and-install-t-pot) - [Get and install T-Pot](#get-and-install-t-pot)
- [macOS \& Windows](#macos--windows) - [macOS \& Windows](#macos--windows)
- [Red Hat Enterprise Linux](#red-hat-enterprise-linux)
- [Installation Types](#installation-types) - [Installation Types](#installation-types)
- [Standard / Hive](#standard--hive) - [Standard / Hive](#standard--hive)
- [Distributed](#distributed) - [Distributed](#distributed)
@ -191,7 +190,7 @@ T-Pot offers a number of services which are basically divided into five groups:
During the installation and during the usage of T-Pot there are two different types of accounts you will be working with. Make sure you know the differences of the different account types, since it is **by far** the most common reason for authentication errors. During the installation and during the usage of T-Pot there are two different types of accounts you will be working with. Make sure you know the differences of the different account types, since it is **by far** the most common reason for authentication errors.
| Service | Account Type | Username / Group | Description | | Service | Account Type | Username / Group | Description |
|:-----------------|:-------------|:-----------------|:-------------------------------------------------------------------| | :--------------- | :----------- | :--------------- | :----------------------------------------------------------------- |
| SSH | OS | `<OS_USERNAME>` | The user you chose during the installation of the OS. | | SSH | OS | `<OS_USERNAME>` | The user you chose during the installation of the OS. |
| Nginx | BasicAuth | `<WEB_USER>` | `<web_user>` you chose during the installation of T-Pot. | | Nginx | BasicAuth | `<WEB_USER>` | `<web_user>` you chose during the installation of T-Pot. |
| CyberChef | BasicAuth | `<WEB_USER>` | `<web_user>` you chose during the installation of T-Pot. | | CyberChef | BasicAuth | `<WEB_USER>` | `<web_user>` you chose during the installation of T-Pot. |
@ -210,7 +209,7 @@ Depending on the [supported Linux distro images](#choose-your-distro), hive / se
<br><br> <br><br>
| T-Pot Type | RAM | Storage | Description | | T-Pot Type | RAM | Storage | Description |
|:-----------|:-----|:----------|:-------------------------------------------------------------------------------------------------| | :--------- | :--- | :-------- | :----------------------------------------------------------------------------------------------- |
| Hive | 16GB | 256GB SSD | As a rule of thumb, the more honeypots, sensors & data, the more RAM and storage is needed. | | Hive | 16GB | 256GB SSD | As a rule of thumb, the more honeypots, sensors & data, the more RAM and storage is needed. |
| Sensor | 8GB | 128GB SSD | Since honeypot logs are persisted (~/tpotce/data) for 30 days, storage depends on attack volume. | | Sensor | 8GB | 128GB SSD | Since honeypot logs are persisted (~/tpotce/data) for 30 days, storage depends on attack volume. |
@ -251,7 +250,7 @@ Some users report working installations on other clouds and hosters, i.e. Azure
Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the [T-Pot Architecture](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions. Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the [T-Pot Architecture](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions.
| Port | Protocol | Direction | Description | | Port | Protocol | Direction | Description |
|:--------------------------------------------------------------------------------------------------------------------------------------|:---------|:----------|:----------------------------------------------------------------------------------------------------| | :------------------------------------------------------------------------------------------------------------------------------------ | :------- | :-------- | :-------------------------------------------------------------------------------------------------- |
| 80, 443 | tcp | outgoing | T-Pot Management: Install, Updates, Logs (i.e. OS, GitHub, DockerHub, Sicherheitstacho, etc. | | 80, 443 | tcp | outgoing | T-Pot Management: Install, Updates, Logs (i.e. OS, GitHub, DockerHub, Sicherheitstacho, etc. |
| 11434 | tcp | outgoing | LLM based honeypots: Access your Ollama installation | | 11434 | tcp | outgoing | LLM based honeypots: Access your Ollama installation |
| 64294 | tcp | incoming | T-Pot Management: Sensor data transmission to hive (through NGINX reverse proxy) to 127.0.0.1:64305 | | 64294 | tcp | incoming | T-Pot Management: Sensor data transmission to hive (through NGINX reverse proxy) to 127.0.0.1:64305 |
@ -318,16 +317,16 @@ Once you are familiar with how things work you should choose a network you suspe
## Choose your distro ## Choose your distro
**Steps to Follow:** **Steps to Follow:**
1. Download a supported Linux distribution from the list below. (NOTE: Red Hat Enterprise Linux >= 8 is supported, but omitted from the list below due to its subscription-based nature. See [Red Hat Enterprise Linux](#red-hat-enterprise-linux) for details). 1. Download a supported Linux distribution from the list below.
2. During installation choose a **minimum**, **netinstall** or **server** version that will only install essential packages. 2. During installation choose a **minimum**, **netinstall** or **server** version that will only install essential packages.
3. **Never** install a graphical desktop environment such as Gnome or KDE. T-Pot will fail to work with it due to port conflicts. 3. **Never** install a graphical desktop environment such as Gnome or KDE. T-Pot will fail to work with it due to port conflicts.
4. Make sure to install SSH, so you can connect to the machine remotely. 4. Make sure to install SSH, so you can connect to the machine remotely.
| Distribution Name | x64 | arm64 | | Distribution Name | x64 | arm64 |
|:-----------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------| | :--------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------- |
| [Alma Linux OS 9.6 Boot ISO](https://almalinux.org) | [download](https://repo.almalinux.org/almalinux/9.6/isos/x86_64/AlmaLinux-9.6-x86_64-boot.iso) | [download](https://repo.almalinux.org/almalinux/9.6/isos/aarch64/AlmaLinux-9.6-aarch64-boot.iso) | | [Alma Linux OS 9.6 Boot ISO](https://almalinux.org) | [download](https://repo.almalinux.org/almalinux/9.6/isos/x86_64/AlmaLinux-9.6-x86_64-boot.iso) | [download](https://repo.almalinux.org/almalinux/9.6/isos/aarch64/AlmaLinux-9.6-aarch64-boot.iso) |
| [Debian 13 Network Install](https://www.debian.org/CD/netinst/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.1.0-amd64-netinst.iso) | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-13.1.0-arm64-netinst.iso) | | [Debian 13 Network Install](https://www.debian.org/CD/netinst/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.0.0-amd64-netinst.iso) | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-13.0.0-arm64-netinst.iso) |
| [Fedora Server 42 Network Install](https://fedoraproject.org/server/download) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/iso/Fedora-Server-netinst-x86_64-42-1.1.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/aarch64/iso/Fedora-Server-netinst-aarch64-42-1.1.iso) | | [Fedora Server 42 Network Install](https://fedoraproject.org/server/download) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/iso/Fedora-Server-netinst-x86_64-42-1.1.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/aarch64/iso/Fedora-Server-netinst-aarch64-42-1.1.iso) |
| [OpenSuse Tumbleweed Network Image](https://get.opensuse.org/tumbleweed/#download) | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso) | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso) | | [OpenSuse Tumbleweed Network Image](https://get.opensuse.org/tumbleweed/#download) | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso) | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso) |
| [Rocky Linux OS 9.6 Boot ISO](https://rockylinux.org/download) | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.6-x86_64-minimal.iso) | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.6-aarch64-minimal.iso) | | [Rocky Linux OS 9.6 Boot ISO](https://rockylinux.org/download) | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.6-x86_64-minimal.iso) | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.6-aarch64-minimal.iso) |
@ -337,7 +336,7 @@ Once you are familiar with how things work you should choose a network you suspe
## Raspberry Pi 4 (8GB) Support ## Raspberry Pi 4 (8GB) Support
| Distribution Name | arm64 | | Distribution Name | arm64 |
|:-----------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------| | :--------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Raspberry Pi OS (**64Bit, Lite**)](https://www.raspberrypi.com) | [download](https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz) | | [Raspberry Pi OS (**64Bit, Lite**)](https://www.raspberrypi.com) | [download](https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz) |
<br><br> <br><br>
@ -382,15 +381,6 @@ To get things up and running just follow these steps:
8. Start T-Pot: `docker compose up` or `docker compose up -d` if you want T-Pot to run in the background. 8. Start T-Pot: `docker compose up` or `docker compose up -d` if you want T-Pot to run in the background.
9. Stop T-Pot: `CTRL-C` (it if was running in the foreground) and / or `docker compose down -v` to stop T-Pot entirely. 9. Stop T-Pot: `CTRL-C` (it if was running in the foreground) and / or `docker compose down -v` to stop T-Pot entirely.
## Red Hat Enterprise Linux
Red Hat Enterprise Linux (RHEL) is a somewhat unique case in that:
1. Connections to Red Hat repositories depend on a Red Hat subscription. You will not be able to update the OS or install new packages if the targeted machine is not subscribed. **If your server is not attached to a Red Hat subscription, installation will fail!**
2. Ansible is installed from a RHEL-specific repository by the installer. Do not attempt to install it from the upstream repositories.
3. Docker is installed from EPEL, which is installed by the installer script. Do not attempt to install it from the community installer script.
2. T-Pot will only install successfully on RHEL >= 8. One of the convenience dependencies (`grc`) depends on Python 2, which was removed after RHEL 7. It is omitted from the RHEL installation of T-Pot.
## Installation Types ## Installation Types
### Standard / Hive ### Standard / Hive

55
install.sh
View file

@ -27,30 +27,6 @@ validate_type() {
} }
} }
rhel_version() {
# special case for RHEL due to its complicated repo infrastructure
# primarily used for EPEL repo selection
# supports RHEL 7-10
myRHEL_VERSION=$(grep PLATFORM_ID /etc/os-release | cut -d ':' -f2 | grep -Eo '([0-9]{1,2})')
if [ "$myRHEL_VERSION" -lt 7 ]; then
echo "Error: RHEL < 7 not supported!" >&2
exit 1
fi
echo "$myRHEL_VERSION"
}
rhel_ansible_repo() {
# rhel uses a dedicated repo for ansible that we need to enable through subscription-manager
myRHEL_ANSIBLE_REPO=$(sudo subscription-manager repos --list \
| grep -E "ansible-automation-platform-[0-9]{1}\.[0-9]{1}-for-rhel-$(rhel_version)-x86_64-rpms" \
| awk -F':' '{print $2}' \
| tr -d ' ' \
| sort -nr \
| head -n 1
)
echo "$myRHEL_ANSIBLE_REPO"
}
# Defaults # Defaults
myQST="" myQST=""
myTPOT_TYPE="" myTPOT_TYPE=""
@ -102,7 +78,6 @@ myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env"
myPACKAGES_DEBIAN="ansible apache2-utils cracklib-runtime wget" myPACKAGES_DEBIAN="ansible apache2-utils cracklib-runtime wget"
myPACKAGES_FEDORA="ansible cracklib httpd-tools wget" myPACKAGES_FEDORA="ansible cracklib httpd-tools wget"
myPACKAGES_ROCKY="ansible-core ansible-collection-redhat-rhel_mgmt epel-release cracklib httpd-tools wget" myPACKAGES_ROCKY="ansible-core ansible-collection-redhat-rhel_mgmt epel-release cracklib httpd-tools wget"
myPACKAGES_RHEL="ansible-core ansible-collection-redhat-rhel_mgmt cracklib httpd-tools wget"
myPACKAGES_OPENSUSE="ansible apache2-utils cracklib wget" myPACKAGES_OPENSUSE="ansible apache2-utils cracklib wget"
@ -124,12 +99,12 @@ if [ ${EUID} -eq 0 ];
fi fi
# Check if running on a supported distribution # Check if running on a supported distribution
mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Red Hat Enterprise Linux" "Rocky Linux" "Ubuntu") mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu")
myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"') myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"')
if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]];
then then
echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, RHEL, Rocky Linux and Ubuntu." echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu."
echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms." echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms."
echo echo
exit 1 exit 1
@ -147,7 +122,8 @@ if [[ -z "$myQST" ]]; then
echo echo
done done
fi fi
if [ "${myQST}" = "n" ]; then if [ "${myQST}" = "n" ];
then
echo echo
echo "### Aborting!" echo "### Aborting!"
echo echo
@ -200,35 +176,14 @@ case ${myCURRENT_DISTRIBUTION} in
sudo dnf -y --refresh install ${myPACKAGES_ROCKY} sudo dnf -y --refresh install ${myPACKAGES_ROCKY}
ansible-galaxy collection install ansible.posix ansible-galaxy collection install ansible.posix
;; ;;
"Red Hat Enterprise Linux")
echo
echo ${myINSTALL_NOTIFICATION}
echo
echo "RHEL detected - configuring version and Ansible repo strings"
rhel_version
rhel_ansible_repo
sudo yum update
# extra repo required for EPEL on RHEL
sudo subscription-manager repos --enable codeready-builder-for-rhel-"$myRHEL_VERSION"-$(arch)-rpms
# epel installer is not standard on RHEL
sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-"$myRHEL_VERSION".noarch.rpm
# ansible comes from rhel subscription manager
sudo subscription-manager repos --enable "$myRHEL_ANSIBLE_REPO"
sudo dnf -y --refresh install ${myPACKAGES_RHEL}
ansible-galaxy collection install ansible.posix
esac esac
echo echo
# Define tag for Ansible # Define tag for Ansible
myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux" "Red Hat Enterprise Linux") myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux")
if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]]; if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]];
then then
# special case AGAIN, /etc/os-release doesn't match Ansible's tagging conventions
if [[ "${myCURRENT_DISTRIBUTION}" == "Red Hat Enterprise Linux" ]]; then
myANSIBLE_TAG="RedHat"
else
myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1)
fi
else else
myANSIBLE_TAG=${myCURRENT_DISTRIBUTION} myANSIBLE_TAG=${myCURRENT_DISTRIBUTION}
fi fi

156
installer/install/tpot.yml
View file

@ -19,7 +19,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -32,7 +31,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -46,14 +44,13 @@
- "Raspbian" - "Raspbian"
- "Ubuntu" - "Ubuntu"
- name: Add python package (Alma, Fedora, RHEL, Rocky) - name: Add python package (Alma, Fedora, Rocky)
raw: | raw: |
dnf -y --refresh install python3 dnf -y --refresh install python3
when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] and my_python3.stdout | trim == "" when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "Rocky"] and my_python3.stdout | trim == ""
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "RedHat"
- "Rocky" - "Rocky"
- name: Add python package (openSUSE Tumbleweed) - name: Add python package (openSUSE Tumbleweed)
@ -78,7 +75,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -97,8 +93,8 @@
- name: Check if supported distribution (All) - name: Check if supported distribution (All)
assert: assert:
that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
fail_msg: "T-Pot is not supported on this platform: {{ ansible_distribution }}." fail_msg: "T-Pot is not supported on this plattform: {{ ansible_distribution }}."
success_msg: "T-Pot will now install on {{ ansible_distribution }}." success_msg: "T-Pot will now install on {{ ansible_distribution }}."
############################################################ ############################################################
@ -113,7 +109,7 @@
tasks: tasks:
- name: Syncing clocks (All) - name: Syncing clocks (All)
shell: "hwclock --hctosys" shell: "hwclock --hctosys"
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
ignore_errors: true ignore_errors: true
tags: tags:
- "AlmaLinux" - "AlmaLinux"
@ -121,7 +117,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -183,15 +178,14 @@
- "AlmaLinux" - "AlmaLinux"
- "Rocky" - "Rocky"
- name: Download and install micro editor (AlmaLinux, openSUSE Tumbleweed, RHEL, Rocky) - name: Download and install micro editor (AlmaLinux, openSUSE Tumbleweed, Rocky)
shell: "curl https://getmic.ro | bash && mv micro /usr/bin" shell: "curl https://getmic.ro | bash && mv micro /usr/bin"
args: args:
executable: /bin/bash executable: /bin/bash
when: ansible_distribution in ["AlmaLinux", "openSUSE Tumbleweed", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "openSUSE Tumbleweed", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "RedHat"
- "Rocky" - "Rocky"
- name: Install recommended packages (Fedora) - name: Install recommended packages (Fedora)
@ -261,7 +255,7 @@
become: true become: true
tasks: tasks:
- name: Remove distribution based Docker packages and podman-docker (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) - name: Remove distribution based Docker packages and podman-docker (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
package: package:
name: name:
- docker - docker
@ -273,13 +267,12 @@
- podman - podman
state: absent state: absent
update_cache: yes update_cache: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -337,16 +330,6 @@
tags: tags:
- "Fedora" - "Fedora"
- name: Add Docker repository (RHEL)
shell: |
if [ "$(dnf repolist docker-ce-stable)" == "" ];
then
dnf -y config-manager addrepo --from-repofile=https://download.docker.com/linux/rhel/docker-ce.repo
fi
when: ansible_distribution in ["RedHat"]
tags:
- "RedHat"
- name: Add Docker repository (AlmaLinux, Rocky) - name: Add Docker repository (AlmaLinux, Rocky)
shell: | shell: |
if [ "$(dnf repolist docker-ce-stable)" == "" ]; if [ "$(dnf repolist docker-ce-stable)" == "" ];
@ -385,7 +368,7 @@
tags: tags:
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- name: Install Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) - name: Install Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
package: package:
name: name:
- docker-ce - docker-ce
@ -395,13 +378,12 @@
- docker-compose-plugin - docker-compose-plugin
state: latest state: latest
update_cache: yes update_cache: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -410,14 +392,13 @@
name: docker name: docker
state: stopped state: stopped
enabled: false enabled: false
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -436,14 +417,13 @@
name: tpot name: tpot
gid: 2000 gid: 2000
state: present state: present
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -455,14 +435,13 @@
shell: /bin/false shell: /bin/false
home: /nonexistent home: /nonexistent
group: tpot group: tpot
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -472,14 +451,13 @@
line: "vm.max_map_count=262144" line: "vm.max_map_count=262144"
state: present state: present
create: yes create: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -500,34 +478,32 @@
tags: tags:
- "Ubuntu" - "Ubuntu"
- name: Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, RHEL, Rocky, Ubuntu) - name: Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu)
ansible.builtin.replace: ansible.builtin.replace:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: '^(Port (?!64295$)[0-9]+)' regexp: '^(Port (?!64295$)[0-9]+)'
replace: '# \1' replace: '# \1'
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
- name: Change SSH Port to 64295 (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) - name: Change SSH Port to 64295 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
line: "Port 64295" line: "Port 64295"
insertafter: EOF insertafter: EOF
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -540,83 +516,76 @@
tags: tags:
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- name: Add T-Pot SSH port to Firewall (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) - name: Add T-Pot SSH port to Firewall (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
firewalld: firewalld:
port: 64295/tcp port: 64295/tcp
permanent: yes permanent: yes
state: enabled state: enabled
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "RedHat"
- "Rocky" - "Rocky"
- name: Set T-Pot default target to ACCEPT (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) - name: Set T-Pot default target to ACCEPT (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
firewalld: firewalld:
zone: public zone: public
target: ACCEPT target: ACCEPT
permanent: yes permanent: yes
state: enabled state: enabled
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "RedHat"
- "Rocky" - "Rocky"
- name: Load kernel modules (AlmaLinux, Fedora, RHEL, Rocky) - name: Load kernel modules (AlmaLinux, Fedora, Rocky)
command: modprobe -v iptable_filter command: modprobe -v iptable_filter
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "RedHat"
- "Rocky" - "Rocky"
- name: Update iptables.conf (AlmaLinux, Fedora, RHEL, Rocky) - name: Update iptables.conf (AlmaLinux, Fedora, Rocky)
lineinfile: lineinfile:
path: /etc/modules-load.d/iptables.conf path: /etc/modules-load.d/iptables.conf
line: iptable_filter line: iptable_filter
create: yes create: yes
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "RedHat"
- "Rocky" - "Rocky"
- name: Set SELinux config to permissive (AlmaLinux, Fedora, RHEL, Rocky) - name: Set SELinux config to permissive (AlmaLinux, Fedora, Rocky)
lineinfile: lineinfile:
path: /etc/selinux/config path: /etc/selinux/config
regexp: '^SELINUX=' regexp: '^SELINUX='
line: 'SELINUX=permissive' line: 'SELINUX=permissive'
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "RedHat"
- "Rocky" - "Rocky"
- name: Set SELinux to permissive (AlmaLinux, Fedora, RHEL, Rocky) - name: Set SELinux to permissive (AlmaLinux, Fedora, Rocky)
command: "setenforce Permissive" command: "setenforce Permissive"
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "RedHat"
- "Rocky" - "Rocky"
- name: Stop Resolved (Fedora, RHEL, Ubuntu) - name: Stop Resolved (Fedora, Ubuntu)
service: service:
name: systemd-resolved name: systemd-resolved
state: stopped state: stopped
when: ansible_distribution in ["Fedora", "RedHat", "Ubuntu"] when: ansible_distribution in ["Fedora", "Ubuntu"]
tags: tags:
- "Fedora" - "Fedora"
- "RedHat"
- "Ubuntu" - "Ubuntu"
- name: Copy resolved.conf to /etc/systemd (Fedora) - name: Copy resolved.conf to /etc/systemd (Fedora)
@ -628,15 +597,6 @@
tags: tags:
- "Fedora" - "Fedora"
- name: Copy resolv.conf to /etc/systemd (RHEL)
copy:
src: /usr/lib/systemd/resolv.conf
dest: /etc/systemd/resolv.conf
when: ansible_distribution in ["RedHat"]
ignore_errors: true
tags:
- "RedHat"
- name: Modify DNSStubListener in resolved.conf (Fedora, Ubuntu) - name: Modify DNSStubListener in resolved.conf (Fedora, Ubuntu)
lineinfile: lineinfile:
path: /etc/systemd/resolved.conf path: /etc/systemd/resolved.conf
@ -658,48 +618,44 @@
become: true become: true
tasks: tasks:
- name: Start Resolved (Fedora, RHEL, Ubuntu) - name: Start Resolved (Fedora, Ubuntu)
service: service:
name: systemd-resolved name: systemd-resolved
state: restarted state: restarted
when: ansible_distribution in ["Fedora", "RedHat", "Ubuntu"] when: ansible_distribution in ["Fedora", "Ubuntu"]
tags: tags:
- "Fedora" - "Fedora"
- "RedHat"
- "Ubuntu" - "Ubuntu"
- name: Restart Firewalld (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) - name: Restart Firewalld (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
service: service:
name: firewalld name: firewalld
state: restarted state: restarted
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky" - "Rocky"
- "openSUSE Tumbleweed"
- name: Get Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) - name: Get Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
command: "firewall-cmd --list-all" command: "firewall-cmd --list-all"
register: firewall_output register: firewall_output
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky" - "Rocky"
- "openSUSE Tumbleweed"
- name: Print Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) - name: Print Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
debug: debug:
var: firewall_output.stdout_lines var: firewall_output.stdout_lines
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "RedHat"
- "Rocky" - "Rocky"
- name: Enable Docker Engine upon boot (All) - name: Enable Docker Engine upon boot (All)
@ -707,14 +663,13 @@
name: docker name: docker
state: restarted state: restarted
enabled: true enabled: true
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -723,14 +678,13 @@
name: "{{ 'ssh' if ansible_distribution in ['Ubuntu'] else 'sshd' }}" name: "{{ 'ssh' if ansible_distribution in ['Ubuntu'] else 'sshd' }}"
state: restarted state: restarted
enabled: true enabled: true
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -748,7 +702,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -756,28 +709,27 @@
- name: Check for non-root user id (All) - name: Check for non-root user id (All)
debug: debug:
msg: "Detected user: '{{ ansible_user_id }}'" msg: "Detected user: '{{ ansible_user_id }}'"
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
failed_when: ansible_user_id == "root" failed_when: ansible_user_id == "root"
- name: Add aliases - name: Add aliases (All)
blockinfile: blockinfile:
path: ~/.bashrc path: ~/.bashrc
block: | block: |
alias dps='{{ "grc --colour=on " if ansible_distribution != "RedHat" else "" }}docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\\t{{'{{'}}.Status{{'}}'}}\\t{{'{{'}}.Ports{{'}}'}}" | sort' alias dps='grc --colour=on docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\\t{{'{{'}}.Status{{'}}'}}\\t{{'{{'}}.Ports{{'}}'}}" | sort'
alias dpsw='watch -c bash -ic dps' alias dpsw='watch -c bash -ic dps'
alias mi='micro' alias mi='micro'
alias sudo='sudo ' alias sudo='sudo '
marker: "# {mark} ANSIBLE MANAGED BLOCK" marker: "# {mark} ANSIBLE MANAGED BLOCK"
insertafter: EOF insertafter: EOF
state: present state: present
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -788,7 +740,7 @@
version: master version: master
clone: yes clone: yes
update: no update: no
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- name: Add current user to Docker, T-Pot group (All) - name: Add current user to Docker, T-Pot group (All)
become: true become: true
@ -798,7 +750,7 @@
- docker - docker
- tpot - tpot
append: yes append: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
######################################## ########################################
# T-Pot - Install service and cron job # # T-Pot - Install service and cron job #
@ -814,7 +766,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -828,7 +779,7 @@
group: root group: root
mode: '0755' mode: '0755'
notify: Reload systemd and enable service notify: Reload systemd and enable service
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
handlers: handlers:
- name: Reload systemd and enable service - name: Reload systemd and enable service
@ -838,7 +789,7 @@
daemon_reload: yes daemon_reload: yes
state: stopped state: stopped
enabled: yes enabled: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- name: T-Pot - Setup a randomized daily reboot - name: T-Pot - Setup a randomized daily reboot
hosts: all hosts: all
@ -850,7 +801,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -867,4 +817,4 @@
hour: "{{ random_hour }}" hour: "{{ random_hour }}"
job: "bash -c 'systemctl stop tpot.service && docker container prune -f; docker image prune -f; docker volume prune -f; /usr/sbin/shutdown -r +1 \"T-Pot Daily Reboot\"'" job: "bash -c 'systemctl stop tpot.service && docker container prune -f; docker image prune -f; docker volume prune -f; /usr/sbin/shutdown -r +1 \"T-Pot Daily Reboot\"'"
state: present state: present
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]

62
installer/remove/tpot.yml
View file

@ -17,7 +17,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -36,7 +35,7 @@
- name: Check if supported distribution (All) - name: Check if supported distribution (All)
assert: assert:
that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
fail_msg: "T-Pot uninstall is not supported on this plattform: {{ ansible_distribution }}." fail_msg: "T-Pot uninstall is not supported on this plattform: {{ ansible_distribution }}."
success_msg: "T-Pot will now be removed from {{ ansible_distribution }}." success_msg: "T-Pot will now be removed from {{ ansible_distribution }}."
@ -54,7 +53,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -64,7 +62,7 @@
name: "T-Pot Daily Reboot" name: "T-Pot Daily Reboot"
user: root user: root
state: absent state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- name: Remove T-Pot systemd service - name: Remove T-Pot systemd service
hosts: all hosts: all
@ -76,7 +74,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -87,14 +84,14 @@
state: stopped state: stopped
enabled: no enabled: no
ignore_errors: yes ignore_errors: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
- name: Remove systemd service file for tpot - name: Remove systemd service file for tpot
ansible.builtin.file: ansible.builtin.file:
path: '/etc/systemd/system/tpot.service' path: '/etc/systemd/system/tpot.service'
state: absent state: absent
notify: Reload systemd notify: Reload systemd
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
handlers: handlers:
- name: Reload systemd - name: Reload systemd
@ -116,7 +113,6 @@
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -128,7 +124,7 @@
marker: "# {mark} ANSIBLE MANAGED BLOCK" marker: "# {mark} ANSIBLE MANAGED BLOCK"
state: absent state: absent
become: false become: false
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
########################################################## ##########################################################
# T-Pot - Restore configs, remove users and groups, etc. # # T-Pot - Restore configs, remove users and groups, etc. #
@ -151,53 +147,50 @@
- "Fedora" - "Fedora"
- "Ubuntu" - "Ubuntu"
- name: Revert SELinux config to enforcing (AlmaLinux, Fedora, RHEL, Rocky) - name: Revert SELinux config to enforcing (AlmaLinux, Fedora, Rocky)
lineinfile: lineinfile:
path: /etc/selinux/config path: /etc/selinux/config
regexp: '^SELINUX=' regexp: '^SELINUX='
line: 'SELINUX=enforcing' line: 'SELINUX=enforcing'
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "Rocky" - "Rocky"
- name: Remove iptables.conf file (AlmaLinux, Fedora, RHEL, Rocky) - name: Remove iptables.conf file (AlmaLinux, Fedora, Rocky)
file: file:
path: /etc/modules-load.d/iptables.conf path: /etc/modules-load.d/iptables.conf
state: absent state: absent
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "RedHat"
- "Rocky" - "Rocky"
- name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) - name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
firewalld: firewalld:
zone: public zone: public
target: DROP target: DROP
permanent: yes permanent: yes
state: enabled state: enabled
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "RedHat"
- "Rocky" - "Rocky"
- name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) - name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
firewalld: firewalld:
port: 22/tcp port: 22/tcp
permanent: yes permanent: yes
state: enabled state: enabled
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "RedHat"
- "Rocky" - "Rocky"
- name: Remove port.conf file to revert SSH to default port (openSUSE Tumbleweed) - name: Remove port.conf file to revert SSH to default port (openSUSE Tumbleweed)
@ -208,34 +201,32 @@
tags: tags:
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) - name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
line: "Port 64295" line: "Port 64295"
state: absent state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "RedHat", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
- name: Revert Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, RHEL, Rocky, Ubuntu) - name: Revert Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu)
ansible.builtin.replace: ansible.builtin.replace:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: '^# (Port (?!22$)[0-9]+)' regexp: '^# (Port (?!22$)[0-9]+)'
replace: '\1' replace: '\1'
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -244,14 +235,13 @@
path: /etc/sysctl.conf path: /etc/sysctl.conf
line: "vm.max_map_count=262144" line: "vm.max_map_count=262144"
state: absent state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -259,14 +249,13 @@
user: user:
name: tpot name: tpot
state: absent state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -274,14 +263,13 @@
group: group:
name: tpot name: tpot
state: absent state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "Raspbian" - "Raspbian"
- "RedHat"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -310,7 +298,7 @@
tags: tags:
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) - name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
package: package:
name: name:
- docker-ce - docker-ce
@ -319,7 +307,7 @@
- docker-buildx-plugin - docker-buildx-plugin
- docker-compose-plugin - docker-compose-plugin
state: absent state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
@ -332,13 +320,12 @@
file: file:
path: /var/lib/docker path: /var/lib/docker
state: absent state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Debian" - "Debian"
- "Fedora" - "Fedora"
- "openSUSE Tumbleweed" - "openSUSE Tumbleweed"
- "RedHat"
- "Raspbian" - "Raspbian"
- "Rocky" - "Rocky"
- "Ubuntu" - "Ubuntu"
@ -363,7 +350,7 @@
- "Raspbian" - "Raspbian"
- "Ubuntu" - "Ubuntu"
- name: Remove Docker repository (AlmaLinux, RHEL, Rocky) - name: Remove Docker repository (AlmaLinux, Rocky)
file: file:
path: /etc/yum.repos.d/docker-ce.repo path: /etc/yum.repos.d/docker-ce.repo
state: absent state: absent
@ -371,5 +358,4 @@
tags: tags:
- "AlmaLinux" - "AlmaLinux"
- "Fedora" - "Fedora"
- "RedHat"
- "Rocky" - "Rocky"

11
uninstall.sh
View file

@ -23,12 +23,12 @@ if [ ${EUID} -eq 0 ];
fi fi
# Check if running on a supported distribution # Check if running on a supported distribution
mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Red Hat Enterprise Linux" "Rocky Linux" "Ubuntu") mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu")
myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"') myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"')
if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]];
then then
echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, RHEL, Rocky Linux and Ubuntu." echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu."
echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms." echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms."
echo echo
exit 1 exit 1
@ -54,15 +54,10 @@ if [ "${myQST}" = "n" ];
fi fi
# Define tag for Ansible # Define tag for Ansible
myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux" "Red Hat Enterprise Linux") myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux")
if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]]; if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]];
then then
# special case AGAIN, /etc/os-release doesn't match Ansible's tagging conventions
if [[ "${myCURRENT_DISTRIBUTION}" == "Red Hat Enterprise Linux" ]]; then
myANSIBLE_TAG="RedHat"
else
myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1)
fi
else else
myANSIBLE_TAG=${myCURRENT_DISTRIBUTION} myANSIBLE_TAG=${myCURRENT_DISTRIBUTION}
fi fi