mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-20 06:02:24 +00:00
97adcbeb1b
updating .env, env.example and compose files regarding sentrypeer ENVs make glutton image aware of payloads feature bump glutton to latest master, alpine 3.19, multi-stage build bump ipphoney to alpine 3.19 bump mailoney to alpine 3.19, adjust for py3 revert medpot to previous master, use multi stage build and alpine 3.19 bump cyberchef to latest master bump ngninx to alpine 3.19 bump p0f to alpine 3.19, use multi stage build bump redishoneypot to alpine 3.19, use multi stage build bump sentrypeer to latest master, fix bug for open ports in compose files, now all tcp/5060, udp/5060 traffic will be seen bump spiderfoot to latest master bump spiderfoot to alpine 3.19 bump suricata to 7.0.2, fix performance issue with capture-filter-bpf by reducing the rules update clean.sh to include glutton payloads folder
125 lines
6.2 KiB
Text
125 lines
6.2 KiB
Text
# T-Pot config file. Do not remove.
|
|
|
|
###############################################
|
|
# T-Pot Base Settings - Adjust to your needs. #
|
|
###############################################
|
|
|
|
# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
|
|
# <empty>: This is the default
|
|
# <base64 encoded htpasswd usernames / passwords>:
|
|
# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot
|
|
# Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
|
|
# Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
|
|
# Multiple users are possible:
|
|
# WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= dHNlYzokYXByMSR6VUFHVWdmOCRROXI3a09CTjFjY3lCeU1DTloyanEvCgo=
|
|
WEB_USER=
|
|
|
|
# Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd.
|
|
# The Lostsash Web usernames are used for T-Pot log ingestion via Logstash, each sensor should have its own user.
|
|
# <empty>: This is empty by default.
|
|
# <'htpasswd encoded usernames / passwords'>:
|
|
# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the LS_WEB_USER if you want to manually deploy the sensor.
|
|
# Example: 'htpasswd -n -b "sensor" "sensor" | base64 -w0' will print c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
|
|
# Copy the string and replace / add LS_WEB_USER=c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
|
|
# Multiple users are possible:
|
|
# LS_WEB_USER=c2Vuc29yMTokYXByMSQ5aXhNRk5yMCR6d3F2dGFwQ2x0cFBhU1pqMm9ZemYxCgo= c2Vuc29yMjokYXByMSRtYTlOS1J2NCQvU3dsVVBMeW5RaVIyM3pyWVAzOUkwCgo=
|
|
LS_WEB_USER=
|
|
|
|
# T-Pot Blackhole
|
|
# ENABLED: T-Pot will download a db of known mass scanners and nullroute them.
|
|
# Be aware, this will put T-Pot off the map for stealth reasons and
|
|
# you will get less traffic. Routes will be active until next reboot
|
|
# and will be re-added with every T-Pot start until disabled.
|
|
# DISABLED: This is the default and no stealth efforts are in place.
|
|
TPOT_BLACKHOLE=DISABLED
|
|
|
|
# T-Pot Persistence
|
|
# on: This is the default. T-Pot will keep the honeypot logfiles and rotate
|
|
# with logrotate for 30 days.
|
|
# off: This is recommended for Raspberry Pi or setups with weaker CPUs or
|
|
# if you just do not need any of the logfiles.
|
|
TPOT_PERSISTENCE=on
|
|
|
|
# T-Pot Type
|
|
# HIVE: This is the default and offers everything to connect T-Pot sensors.
|
|
# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
|
|
# settings as well.
|
|
# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
|
|
# 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to
|
|
# your SENSOR host to ~/tpotce/data/hive.crt
|
|
# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
|
|
# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
|
|
# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
|
|
# "echo -n 'username:password' | base64 -w0"
|
|
TPOT_TYPE=HIVE
|
|
|
|
# T-Pot Hive User (only relevant for SENSOR deployment)
|
|
# <empty>: This is empty by default.
|
|
# <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64 -w0"
|
|
# i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
|
|
TPOT_HIVE_USER=
|
|
|
|
# T-Pot Hive IP (only relevant for SENSOR deployment)
|
|
# <empty>: This is empty by default.
|
|
# <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
|
|
TPOT_HIVE_IP=
|
|
|
|
# T-Pot AttackMap Text Output
|
|
# ENABLED: This is the default and the docker container map_data will print events to the console.
|
|
# DISABLED: Printing events to the console is disabled.
|
|
TPOT_ATTACKMAP_TEXT=ENABLED
|
|
|
|
# T-Pot AttackMap Text Output Timezone
|
|
# UTC: (T-Pot default) This is usually the best option.
|
|
# Continent/City: In Linux you can check our timezone with `readlink` /etc/localtime or
|
|
# see the full list here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
|
|
# Examples: America/New_York, Asia/Taipei, Australia/Melbourne, Europe/Athens, Europe/Berlin
|
|
TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC
|
|
|
|
###################################################################################
|
|
# Honeypots / Tools settings
|
|
###################################################################################
|
|
# Some services / tools offer adjustments using ENVs which can be adjusted here.
|
|
###################################################################################
|
|
|
|
# Suricata ET Pro ruleset
|
|
# OPEN: This is the default and will the ET Open ruleset
|
|
# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
|
|
OINKCODE=OPEN
|
|
|
|
|
|
###################################################################################
|
|
# NEVER MAKE CHANGES TO THIS SECTION UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!!! #
|
|
###################################################################################
|
|
|
|
# docker.sock Path
|
|
TPOT_DOCKER_SOCK=/var/run/docker.sock
|
|
|
|
# docker compose .env
|
|
TPOT_DOCKER_ENV=./.env
|
|
|
|
# Docker-Compose file
|
|
TPOT_DOCKER_COMPOSE=./docker-compose.yml
|
|
|
|
# T-Pot Docker Repo
|
|
# Depending on where you are located you may choose between DockerHub and GHCR
|
|
# dtagdevsec: This will use the DockerHub image registry
|
|
# ghcr.io/telekom-security: This will use the GitHub container registry
|
|
TPOT_REPO=dtagdevsec
|
|
|
|
# T-Pot Version Tag
|
|
TPOT_VERSION=alpha
|
|
|
|
# T-Pot Pull Policy
|
|
# always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.
|
|
# never: Compose implementations SHOULD NOT pull the image from a registry and SHOULD rely on the platform cached image.
|
|
# missing: Compose implementations SHOULD pull the image only if it's not available in the platform cache.
|
|
# build: Compose implementations SHOULD build the image. Compose implementations SHOULD rebuild the image if already present.
|
|
TPOT_PULL_POLICY=always
|
|
|
|
# T-Pot Data Path
|
|
TPOT_DATA_PATH=./data
|
|
|
|
# OSType (linux, mac, win)
|
|
# Most docker features are available on linux
|
|
TPOT_OSTYPE=linux
|