Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-11-03 05:52:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
tpotce/docker/tpotinit/dist/bin/clean.sh
t3chn0m4g3 9455877fa3 add TPOT_PERSISTENCE_CYCLES setting 
- makes logrotate cycles configurable, instead of static 30 days
- adjust .env / env.example for setting cycles
- adjust tpotinit dockerfile to include envsubst
- add logrotate.template
- add checks / validations
2025-05-13 15:32:00 +02:00

468 lines
15 KiB
Bash
Executable file
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# T-Pot Container Data Cleaner & Log Rotator
# Set colors
myRED=""
myGREEN=""
myWHITE=""
# Set pigz
myPIGZ=$(which pigz)
# Set persistence
myPERSISTENCE=$1
myPERSISTENCE_CYCLES=$2
myPERSISTENCE_CYCLES="${myPERSISTENCE_CYCLES:=30}"
export myPERSISTENCE_CYCLES
# Let's create a function to check if folder is empty
fuEMPTY () {
local myFOLDER=$1
echo $(ls $myFOLDER | wc -l)
}
# Let's create a function to setup logrotate config
fuLOGROTATECONF () {
local myLOGROTATECONF="/opt/tpot/etc/logrotate/logrotate.conf"
local myLOGROTATETEMP="/opt/tpot/etc/logrotate/logrotate.template"
envsubst < $myLOGROTATETEMP > $myLOGROTATECONF
chown root:root $myLOGROTATECONF
chmod 0600 $myLOGROTATECONF
}
# Let's create a function to rotate and compress logs
fuLOGROTATE () {
local mySTATUS="/data/tpot/etc/logrotate/status"
local myCONF="/opt/tpot/etc/logrotate/logrotate.conf"
local myADBHONEYTGZ="/data/adbhoney/downloads.tgz"
local myADBHONEYDL="/data/adbhoney/downloads/"
local myCOWRIETTYLOGS="/data/cowrie/log/tty/"
local myCOWRIETTYTGZ="/data/cowrie/log/ttylogs.tgz"
local myCOWRIEDL="/data/cowrie/downloads/"
local myCOWRIEDLTGZ="/data/cowrie/downloads.tgz"
local myDIONAEABI="/data/dionaea/bistreams/"
local myDIONAEABITGZ="/data/dionaea/bistreams.tgz"
local myDIONAEABIN="/data/dionaea/binaries/"
local myDIONAEABINTGZ="/data/dionaea/binaries.tgz"
local myH0NEYTR4PP="/data/h0neytr4p/payloads/"
local myH0NEYTR4PTGZ="/data/h0neytr4p/payloads.tgz"
local myHONEYTRAPATTACKS="/data/honeytrap/attacks/"
local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
local myHONEYTRAPDL="/data/honeytrap/downloads/"
local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz"
local myMINIPRINTU="/data/miniprint/uploads/"
local myMINIPRINTTGZ="/data/miniprint/uploads.tgz"
local myTANNERF="/data/tanner/files/"
local myTANNERFTGZ="/data/tanner/files.tgz"
# Setup logrotate config
fuLOGROTATECONF
# Ensure correct permissions and ownerships for logrotate to run without issues
chmod 770 /data/ -R
chown tpot:tpot /data -R
chmod 774 /data/nginx/conf -R
chmod 774 /data/nginx/cert -R
# Run logrotate with force (-f) first, so the status file can be written and race conditions (with tar) be avoided
logrotate -f -s $mySTATUS $myCONF
# Compressing some folders first and rotate them later
if [ "$(fuEMPTY $myADBHONEYDL)" != "0" ]; then tar -I $myPIGZ -cvf $myADBHONEYTGZ $myADBHONEYDL; fi
if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIETTYTGZ $myCOWRIETTYLOGS; fi
if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIEDLTGZ $myCOWRIEDL; fi
if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABITGZ $myDIONAEABI; fi
if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABINTGZ $myDIONAEABIN; fi
if [ "$(fuEMPTY $myH0NEYTR4PP)" != "0" ]; then tar -I $myPIGZ -cvf $myH0NEYTR4PTGZ $myH0NEYTR4PP; fi
if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
if [ "$(fuEMPTY $myMINIPRINTU)" != "0" ]; then tar -I $myPIGZ -cvf $myMINIPRINTTGZ $myMINIPRINTU; fi
if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar -I $myPIGZ -cvf $myTANNERFTGZ $myTANNERF; fi
# Ensure correct permissions and ownership for previously created archives
chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
# Need to remove subfolders since too many files cause rm to exit with errors
rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
# Recreate subfolders with correct permissions and ownership
mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
# Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
logrotate -s $mySTATUS $myCONF
}
# Let's create a function to clean up and prepare tpotinit data
fuTPOTINIT () {
mkdir -vp /data/ews/conf \
/data/tpot/etc/{compose,logrotate} \
/tmp/etc/
chmod 770 /data/ews/ -R
chmod 770 /data/tpot/ -R
chmod 770 /tmp/etc/ -R
chown tpot:tpot /data/ews/ -R
chown tpot:tpot /data/tpot/ -R
chown tpot:tpot /tmp/etc/ -R
}
# Let's create a function to clean up and prepare adbhoney data
fuADBHONEY () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/adbhoney/*; fi
mkdir -vp /data/adbhoney/{downloads,log}
chmod 770 /data/adbhoney/ -R
chown tpot:tpot /data/adbhoney/ -R
}
# Let's create a function to clean up and prepare beelzebub data
fuBEELZEBUB () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/beelzebub/*; fi
mkdir -vp /data/beelzebub/{key,log}
chmod 770 /data/beelzebub/ -R
chown tpot:tpot /data/beelzebub/ -R
}
# Let's create a function to clean up and prepare ciscoasa data
fuCISCOASA () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ciscoasa/*; fi
mkdir -vp /data/ciscoasa/log
chmod 770 /data/ciscoasa -R
chown tpot:tpot /data/ciscoasa -R
}
# Let's create a function to clean up and prepare citrixhoneypot data
fuCITRIXHONEYPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/citrixhoneypot/*; fi
mkdir -vp /data/citrixhoneypot/log/
chmod 770 /data/citrixhoneypot/ -R
chown tpot:tpot /data/citrixhoneypot/ -R
}
# Let's create a function to clean up and prepare conpot data
fuCONPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi
mkdir -vp /data/conpot/log
chmod 770 /data/conpot -R
chown tpot:tpot /data/conpot -R
}
# Let's create a function to clean up and prepare cowrie data
fuCOWRIE () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/cowrie/*; fi
mkdir -vp /data/cowrie/{downloads,keys,misc,log,log/tty}
chmod 770 /data/cowrie -R
chown tpot:tpot /data/cowrie -R
}
# Let's create a function to clean up and prepare ddospot data
fuDDOSPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ddospot/log; fi
mkdir -vp /data/ddospot/{bl,db,log}
chmod 770 /data/ddospot -R
chown tpot:tpot /data/ddospot -R
}
# Let's create a function to clean up and prepare dicompot data
fuDICOMPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/log; fi
mkdir -vp /data/dicompot/{images,log}
chmod 770 /data/dicompot -R
chown tpot:tpot /data/dicompot -R
}
# Let's create a function to clean up and prepare dionaea data
fuDIONAEA () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dionaea/*; fi
mkdir -vp /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp}
touch /data/dionaea/dionaea-errors.log
touch /data/dionaea/sipaccounts.sqlite
touch /data/dionaea/sipaccounts.sqlite-journal
touch /data/dionaea/log/dionaea.json
touch /data/dionaea/log/dionaea.sqlite
chmod 770 /data/dionaea -R
chown tpot:tpot /data/dionaea -R
}
# Let's create a function to clean up and prepare elasticpot data
fuELASTICPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elasticpot/*; fi
mkdir -vp /data/elasticpot/log
chmod 770 /data/elasticpot -R
chown tpot:tpot /data/elasticpot -R
}
# Let's create a function to clean up and prepare elk data
fuELK () {
# ELK data will be kept for <= 90 days, check /etc/crontab for curator modification
# ELK daemon log files will be removed
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elk/log/*; fi
mkdir -vp /data/elk/{data,log}
chmod 770 /data/elk -R
chown tpot:tpot /data/elk -R
}
# Let's create a function to clean up and prepare endlessh data
fuENDLESSH () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/endlessh/log; fi
mkdir -vp /data/endlessh/log
chmod 770 /data/endlessh -R
chown tpot:tpot /data/endlessh -R
}
# Let's create a function to clean up and prepare fatt data
fuFATT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/fatt/*; fi
mkdir -vp /data/fatt/log
chmod 770 -R /data/fatt
chown tpot:tpot -R /data/fatt
}
# Let's create a function to clean up and prepare galah data
fuGALAH () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/galah/*; fi
mkdir -vp /data/galah/{cache,cert,log}
chmod 770 /data/galah/ -R
chown tpot:tpot /data/galah/ -R
}
# Let's create a function to clean up and prepare glutton data
fuGLUTTON () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi
mkdir -vp /data/glutton/{log,payloads}
chmod 770 /data/glutton -R
chown tpot:tpot /data/glutton -R
}
# Let's create a function to clean up and prepare go-pot data
fuGOPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/go-pot/*; fi
mkdir -vp /data/go-pot/log
chmod 770 /data/go-pot -R
chown tpot:tpot /data/go-pot -R
}
# Let's create a function to clean up and prepare h0neytr4p data
fuH0NEYTR4P () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/h0neytr4p/*; fi
mkdir -vp /data/h0neytr4p/{log,payloads}
chmod 770 /data/h0neytr4p/ -R
chown tpot:tpot /data/h0neytr4p/ -R
}
# Let's create a function to clean up and prepare hellpot data
fuHELLPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
mkdir -vp /data/hellpot/log
chmod 770 /data/hellpot -R
chown tpot:tpot /data/hellpot -R
}
# Let's create a function to clean up and prepare heralding data
fuHERALDING () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/heralding/*; fi
mkdir -vp /data/heralding/log
chmod 770 /data/heralding -R
chown tpot:tpot /data/heralding -R
}
# Let's create a function to clean up and prepare honeyaml data
fuHONEYAML () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeyaml/*; fi
mkdir -vp /data/honeyaml/log
chmod 770 -R /data/honeyaml
chown tpot:tpot -R /data/honeyaml
}
# Let's create a function to clean up and prepare honeypots data
fuHONEYPOTS () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeypots/*; fi
mkdir -vp /data/honeypots/log
chmod 770 /data/honeypots -R
chown tpot:tpot /data/honeypots -R
}
# Let's create a function to clean up and prepare honeysap data
fuHONEYSAP () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeysap/*; fi
mkdir -vp /data/honeysap/log
chmod 770 /data/honeysap -R
chown tpot:tpot /data/honeysap -R
}
# Let's create a function to clean up and prepare honeytrap data
fuHONEYTRAP () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeytrap/*; fi
mkdir -vp /data/honeytrap/{log,attacks,downloads}
chmod 770 /data/honeytrap/ -R
chown tpot:tpot /data/honeytrap/ -R
}
# Let's create a function to clean up and prepare ipphoney data
fuIPPHONEY () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ipphoney/*; fi
mkdir -vp /data/ipphoney/log
chmod 770 /data/ipphoney -R
chown tpot:tpot /data/ipphoney -R
}
# Let's create a function to clean up and prepare log4pot data
fuLOG4POT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/log4pot/*; fi
mkdir -vp /data/log4pot/{log,payloads}
chmod 770 /data/log4pot -R
chown tpot:tpot /data/log4pot -R
}
# Let's create a function to clean up and prepare mailoney data
fuMAILONEY () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/mailoney/*; fi
mkdir -vp /data/mailoney/log/
chmod 770 /data/mailoney/ -R
chown tpot:tpot /data/mailoney/ -R
}
# Let's create a function to clean up and prepare mailoney data
fuMEDPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/medpot/*; fi
mkdir -vp /data/medpot/log/
chmod 770 /data/medpot/ -R
chown tpot:tpot /data/medpot/ -R
}
# Let's create a function to clean up and prepare miniprint data
fuMINIPRINT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/miniprint/*; fi
mkdir -vp /data/miniprint/{log,uploads}
chmod 770 /data/miniprint/ -R
chown tpot:tpot /data/miniprint/ -R
}
# Let's create a function to clean up nginx logs
fuNGINX () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/nginx/log/*; fi
mkdir -vp /data/nginx/{cert,conf,log}
touch /data/nginx/log/error.log
chmod 774 /data/nginx/conf -R
chmod 774 /data/nginx/cert -R
chown tpot:tpot /data/nginx -R
}
# Let's create a function to clean up and prepare redishoneypot data
fuREDISHONEYPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/redishoneypot/log; fi
mkdir -vp /data/redishoneypot/log
chmod 770 /data/redishoneypot -R
chown tpot:tpot /data/redishoneypot -R
}
# Let's create a function to clean up and prepare sentrypeer data
fuSENTRYPEER () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/sentrypeer/log; fi
mkdir -vp /data/sentrypeer/log
chmod 770 /data/sentrypeer -R
chown tpot:tpot /data/sentrypeer -R
}
# Let's create a function to prepare spiderfoot db
fuSPIDERFOOT () {
mkdir -vp /data/spiderfoot
touch /data/spiderfoot/spiderfoot.db
chmod 770 -R /data/spiderfoot
chown tpot:tpot -R /data/spiderfoot
}
# Let's create a function to clean up and prepare suricata data
fuSURICATA () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/suricata/*; fi
mkdir -vp /data/suricata/log
chmod 770 -R /data/suricata
chown tpot:tpot -R /data/suricata
}
# Let's create a function to clean up and prepare p0f data
fuP0F () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/p0f/*; fi
mkdir -vp /data/p0f/log
chmod 770 -R /data/p0f
chown tpot:tpot -R /data/p0f
}
# Let's create a function to clean up and prepare p0f data
fuTANNER () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/tanner/*; fi
mkdir -vp /data/tanner/{log,files}
chmod 770 -R /data/tanner
chown tpot:tpot -R /data/tanner
}
# Let's create a function to clean up and prepare wordpot data
fuWORDPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/wordpot/log; fi
mkdir -vp /data/wordpot/log
chmod 770 /data/wordpot -R
chown tpot:tpot /data/wordpot -R
}
# Avoid unwanted cleaning
if [ "$myPERSISTENCE" = "" ];
then
echo $myRED"!!! WARNING !!! - This will delete ALL honeypot logs. "$myWHITE
while [ "$myQST" != "y" ] && [ "$myQST" != "n" ];
do
read -p "Continue? (y/n) " myQST
done
if [ "$myQST" = "n" ];
then
echo $myGREEN"Puuh! That was close! Aborting!"$myWHITE
exit
fi
fi
# Check persistence, if enabled compress and rotate logs
if [ "$myPERSISTENCE" = "on" ];
then
echo "Persistence enabled for $myPERSISTENCE_CYCLES cycles, now rotating and compressing logs."
fuLOGROTATE
fi
echo
echo "Checking and preparing data folders."
fuTPOTINIT
fuADBHONEY
fuBEELZEBUB
fuCISCOASA
fuCITRIXHONEYPOT
fuCONPOT
fuCOWRIE
fuDDOSPOT
fuDICOMPOT
fuDIONAEA
fuELASTICPOT
fuELK
fuENDLESSH
fuFATT
fuGALAH
fuGLUTTON
fuGOPOT
fuH0NEYTR4P
fuHERALDING
fuHELLPOT
fuHONEYAML
fuHONEYSAP
fuHONEYPOTS
fuHONEYTRAP
fuIPPHONEY
fuLOG4POT
fuMAILONEY
fuMEDPOT
fuMINIPRINT
fuNGINX
fuREDISHONEYPOT
fuSENTRYPEER
fuSPIDERFOOT
fuSURICATA
fuP0F
fuTANNER
fuWORDPOT
Reference in a new issue View git blame Copy permalink