mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-19 21:52:27 +00:00
118 lines
5.3 KiB
Text
118 lines
5.3 KiB
Text
# T-Pot config file. Do not remove.
|
|
|
|
###############################################
|
|
# T-Pot Base Settings - Adjust to your needs. #
|
|
###############################################
|
|
|
|
# Set Web username and password here, it will be used to create the Nginx password file nginxpasswd.
|
|
# Use 'htpasswd -n <username>' to create the WEB_USER if you want to manually deploy T-Pot
|
|
# Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
|
|
# Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
|
|
WEB_USER='change:me'
|
|
|
|
# T-Pot Blackhole
|
|
# ENABLED: T-Pot will download a db of known mass scanners and nullroute them
|
|
# Be aware, this will put T-Pot off the map for stealth reasons and
|
|
# you will get less traffic. Routes will active until reboot and will
|
|
# be re-added with every T-Pot start until disabled.
|
|
# DISABLED: This is the default and no stealth efforts are in place.
|
|
TPOT_BLACKHOLE=DISABLED
|
|
|
|
# T-Pot Persistence
|
|
# on: This is the default. T-Pot will keep the honeypot logfiles and rotate
|
|
# with logrotate for 30 days.
|
|
# off: This is recommended for Raspberry Pi or setups with weaker CPUs or
|
|
# if you just do not need any of the logfiles.
|
|
TPOT_PERSISTENCE=on
|
|
|
|
# T-Pot Type
|
|
# HIVE: This is the default and offers everything to connect T-Pot sensors.
|
|
# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
|
|
# settings as well.
|
|
# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
|
|
# 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to
|
|
# your SENSOR host to ~/tpotce/data/hive.crt
|
|
# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
|
|
# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
|
|
# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
|
|
# "echo -n 'username:password' | base64"
|
|
TPOT_TYPE=HIVE
|
|
|
|
# T-Pot Hive User (only relevant for SENSOR deployment)
|
|
# <empty>: This is empty by default.
|
|
# <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64"
|
|
# i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
|
|
TPOT_HIVE_USER=
|
|
|
|
# T-Pot Hive IP (only relevant for SENSOR deployment)
|
|
# <empty>: This is empty by default.
|
|
# <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
|
|
TPOT_HIVE_IP=
|
|
|
|
# T-Pot AttackMap Text Output
|
|
# ENABLED: This is the default and the docker container map_data will print events to the console.
|
|
# DISABLED: Printing events to the console is disabled.
|
|
TPOT_ATTACKMAP_TEXT=ENABLED
|
|
|
|
# T-Pot AttackMap Text Output Timezone
|
|
# UTC: (T-Pot default) This is usually the best option.
|
|
# Continent/City: In Linux you can check our timezone with `readlink` /etc/localtime or
|
|
# see the full list here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
|
|
# Examples: America/New_York, Asia/Taipei, Australia/Melbourne, Europe/Athens, Europe/Berlin
|
|
TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC
|
|
|
|
###################################################################################
|
|
# Honeypots / Tools settings
|
|
###################################################################################
|
|
# Some services / tools offer adjustments using ENVs which can be adjusted here.
|
|
###################################################################################
|
|
|
|
# SentryPeer P2P mode
|
|
# Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
|
|
# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
|
|
# the bad actors in its logs. Therefore this option is opt-in based.
|
|
# 0: This is the default, P2P mode is disabled.
|
|
# 1: Enable P2P mode.
|
|
SENTRYPEER_PEER_TO_PEER=0
|
|
|
|
# Suricata ET Pro ruleset
|
|
# OPEN: This is the default and will the ET Open ruleset
|
|
# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
|
|
OINKCODE=OPEN
|
|
|
|
|
|
###################################################################################
|
|
# NEVER MAKE CHANGES TO THIS SECTION UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!!! #
|
|
###################################################################################
|
|
|
|
# docker.sock Path
|
|
TPOT_DOCKER_SOCK=/var/run/docker.sock
|
|
|
|
# docker compose .env
|
|
TPOT_DOCKER_ENV=./.env
|
|
|
|
# Docker-Compose file
|
|
TPOT_DOCKER_COMPOSE=./docker-compose.yml
|
|
|
|
# T-Pot Repo
|
|
# Depending on where you are located you may choose between DockerHub and GHCR
|
|
# dtagdevsec: This will use the DockerHub image registry
|
|
# ghcr.io/telekom-security: This will use the GitHub container registry
|
|
TPOT_REPO=dtagdevsec
|
|
|
|
# T-Pot Version Tag
|
|
TPOT_VERSION=alpha
|
|
|
|
# T-Pot Pull Policy
|
|
# always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.
|
|
# never: Compose implementations SHOULD NOT pull the image from a registry and SHOULD rely on the platform cached image.
|
|
# missing: Compose implementations SHOULD pull the image only if it's not available in the platform cache.
|
|
# build: Compose implementations SHOULD build the image. Compose implementations SHOULD rebuild the image if already present.
|
|
TPOT_PULL_POLICY=always
|
|
|
|
# T-Pot Data Path
|
|
TPOT_DATA_PATH=./data
|
|
|
|
# OSType (linux, mac, win)
|
|
# Most docker features are available on linux
|
|
TPOT_OSTYPE=linux
|