re-implement distributed feature, without ssh

add sensor compose file add distributed option to tpot config housekeeping / cleanup
2025-07-02 01:27:27 -04:00 · 2024-01-05 20:19:50 +01:00
parent c634d294c7
commit 1da37b5f85
16 changed files with 726 additions and 235 deletions
--- a/docker/tpotinit/dist/bin/2fa.sh
+++ b/docker/tpotinit/dist/bin/2fa.sh
@ -1,77 +0,0 @@
-#!/bin/bash
-
-# Make sure script is started as non-root.
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" = "root" ]
-  then
-    echo "Need to run as non-root ..."
-    echo ""
-    exit
-fi
-
-# set vars, check deps
-myPAM_COCKPIT_FILE="/etc/pam.d/cockpit"
-if ! [ -s "$myPAM_COCKPIT_FILE" ];
-  then
-    echo "### Cockpit PAM module config does not exist. Something went wrong."
-    echo ""
-    exit 1
-fi
-myPAM_COCKPIT_GA="
-
-# google authenticator for two-factor
-auth required pam_google_authenticator.so
-"
-myAUTHENTICATOR=$(which google-authenticator)
-if [ "$myAUTHENTICATOR" == "" ];
-  then
-    echo "### Could not locate google-authenticator, trying to install (if asked provide root password)."
-    echo ""
-    sudo apt-get update
-    sudo apt-get install -y libpam-google-authenticator
-    exec "$1" "$2"    
-    exit 1
-fi
-
-
-# write PAM changes 
-function fuWRITE_PAM_CHANGES {
-  myCHECK=$(cat $myPAM_COCKPIT_FILE | grep -c "google")
-  if ! [ "$myCHECK" == "0" ];
-    then
-      echo "### PAM config already enabled. Skipped."
-      echo ""
-    else
-      echo "### Updating PAM config for Cockpit (if asked provide root password)."
-      echo "$myPAM_COCKPIT_GA" | sudo tee -a $myPAM_COCKPIT_FILE
-      sudo systemctl restart cockpit
-  fi
-}
-
-# create 2fa
-function fuGEN_TOKEN {
-  echo "### Now generating token for Google Authenticator."
-  echo ""
-  google-authenticator -t -d -r 3 -R 30 -w 17
-}
-
-
-# main
-echo "### This script will enable Two Factor Authentication for Cockpit."
-echo ""
-echo "### Please download one of the many authenticator apps from the appstore of your choice."
-echo ""
-while true;
-  do
-    read -p "### Ready to start (y/n)? " myANSWER
-    case $myANSWER in
-      [Yy]* ) echo "### OK. Starting ..."; break;;
-      [Nn]* ) echo "### Exiting."; exit;;
-    esac
-done
-
-fuWRITE_PAM_CHANGES
-fuGEN_TOKEN
-
-echo "Done. Re-run this script by every user who needs Cockpit access."
-echo ""
--- a/docker/tpotinit/dist/bin/deprecated/change_ews_config.sh
+++ b/docker/tpotinit/dist/bin/deprecated/change_ews_config.sh
--- a/docker/tpotinit/dist/bin/deprecated/deploy.sh
+++ b/docker/tpotinit/dist/bin/deprecated/deploy.sh
--- a/docker/tpotinit/dist/bin/deprecated/hpfeeds_optin.sh
+++ b/docker/tpotinit/dist/bin/deprecated/hpfeeds_optin.sh
--- a/docker/tpotinit/dist/bin/dps.sh
+++ b/docker/tpotinit/dist/bin/dps.sh
@ -1,73 +0,0 @@
-#!/bin/bash
-
-# Run as root only.
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
-  then
-    echo "Need to run as root ..."
-    exit
-fi
-
-myPARAM="$1"
-if [[ $myPARAM =~ ^([1-9]|[1-9][0-9]|[1-9][0-9][0-9])$ ]];
-  then
-    watch --color -n $myPARAM "$0"
-    exit
-fi
-
-# Show current status of T-Pot containers
-myCONTAINERS="$(cat /opt/tpot/etc/tpot.yml | grep -v '#' | grep container_name | cut -d: -f2 | sort | tr -d " ")"
-myRED="[1;31m"
-myGREEN="[1;32m"
-myBLUE="[1;34m"
-myWHITE="[0;0m"
-myMAGENTA="[1;35m"
-
-# Blackhole Status
-myBLACKHOLE_STATUS=$(ip r | grep "blackhole" -c)
-if [ "$myBLACKHOLE_STATUS" -gt "500" ];
-  then
-    myBLACKHOLE_STATUS="${myGREEN}ENABLED"
-  else
-    myBLACKHOLE_STATUS="${myRED}DISABLED"
-fi
-
-function fuGETTPOT_STATUS {
-# T-Pot Status
-myTPOT_STATUS=$(systemctl status tpot | grep "Active" | awk '{ print $2 }')
-if [ "$myTPOT_STATUS" == "active" ];
-  then
-    echo "${myGREEN}ACTIVE"
-  else
-    echo "${myRED}INACTIVE"
-fi
-}
-
-function fuGETSTATUS {
-grc --colour=on docker ps -f status=running -f status=exited --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep -v "NAME" | sort
-}
-
-function fuGETSYS {
-printf "[ ========| System |======== ]\n"
-printf "${myBLUE}%+11s ${myWHITE}%-20s\n" "DATE: " "$(date)"
-printf "${myBLUE}%+11s ${myWHITE}%-20s\n" "UPTIME: " "$(grc --colour=on uptime)"
-printf "${myMAGENTA}%+11s %-20s\n" "T-POT: " "$(fuGETTPOT_STATUS)"
-printf "${myMAGENTA}%+11s %-20s\n" "BLACKHOLE: " "$myBLACKHOLE_STATUS${myWHITE}"
-echo
-}
-
-    myDPS=$(fuGETSTATUS)
-    myDPSNAMES=$(echo "$myDPS" | awk '{ print $1 }' | sort)
-    fuGETSYS
-    printf "%-21s %-28s %s\n" "NAME" "STATUS" "PORTS"
-    if [ "$myDPS" != "" ];
-      then
-        echo "$myDPS"
-    fi
-    for i in $myCONTAINERS; do
-      myAVAIL=$(echo "$myDPSNAMES" | grep -o "$i" | uniq | wc -l)      	    
-      if [ "$myAVAIL" = "0" ];
-	then
-	  printf "%-28s %-28s\n" "$myRED$i" "DOWN$myWHITE"
-      fi
-    done
--- a/docker/tpotinit/dist/bin/deprecated/export_kibana-objects.sh
+++ b/docker/tpotinit/dist/bin/deprecated/export_kibana-objects.sh
--- a/docker/tpotinit/dist/bin/deprecated/import_kibana-objects.sh
+++ b/docker/tpotinit/dist/bin/deprecated/import_kibana-objects.sh
--- a/docker/tpotinit/dist/bin/setup_builder.sh
+++ b/docker/tpotinit/dist/bin/setup_builder.sh
@ -1,45 +0,0 @@
-#!/bin/bash
-
-# Got root?
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
-  then
-    echo "Need to run as root ..."
-    exit
-fi
-
-# Only run with command switch
-if [ "$1" != "-y" ]; then
-  echo "### Setting up docker for Multi Arch Builds."
-  echo "### Use on x64 only!"
-  echo "### Run with -y to install!"
-  echo
-  exit
-fi
-
-# Main
-mkdir -p /root/.docker/cli-plugins/
-cd /root/.docker/cli-plugins/
-wget https://github.com/docker/buildx/releases/download/v0.10.0/buildx-v0.10.0.linux-amd64 -O docker-buildx
-chmod +x docker-buildx
-
-docker buildx ls
-
-# We need to create a new builder as the default one cannot handle multi-arch builds
-# https://docs.docker.com/desktop/multi-arch/
-docker buildx create --name mybuilder
-
-# Set as default
-docker buildx use mybuilder
-
-# We need to install emulators, arm64 should be fine for now
-# https://github.com/tonistiigi/binfmt/
-docker run --privileged --rm tonistiigi/binfmt --install arm64
-
-# Check if everything is setup correctly
-docker buildx inspect --bootstrap
-echo
-echo "### Done."
-echo
-echo "Example: docker buildx build --platform linux/amd64,linux/arm64 -t username/demo:latest --push ."
-echo "Docs: https://docs.docker.com/desktop/multi-arch/"
--- a/docker/tpotinit/dist/bin/updateip.sh
+++ b/docker/tpotinit/dist/bin/updateip.sh
@ -1,7 +1,6 @@
 #!/bin/bash
 # Let's add the first local ip to the /tmp/etc/issue and external ip to ews.ip file
 # If the external IP cannot be detected, the internal IP will be inherited.
-#myCHECKIFSENSOR=$(head -n 1 /opt/tpot/etc/tpot.yml | grep "Sensor" | wc -l)
 myUUID=$(cat /data/uuid)
 myLOCALIP=$(ip address show | awk '/inet .*brd/{split($2,a,"/"); print a[1]; exit}')
 myEXTIP=$(/opt/tpot/bin/myip.sh)
@ -10,14 +9,6 @@ if [ "$myEXTIP" = "" ];
    myEXTIP=$myLOCALIP
 fi

-# Load Blackhole routes if enabled 
-#myBLACKHOLE_FILE1="/etc/blackhole/mass_scanner.txt"
-#myBLACKHOLE_FILE2="/etc/blackhole/mass_scanner_cidr.txt"
-#if [ -f "$myBLACKHOLE_FILE1" ] || [ -f "$myBLACKHOLE_FILE2" ];
-#  then
-#    /opt/tpot/bin/blackhole.sh add
-#fi
-
 myBLACKHOLE_STATUS=$(ip r | grep "blackhole" -c)
 if [ "$myBLACKHOLE_STATUS" -gt "500" ];
  then
@ -54,16 +45,5 @@ MY_INTIP=$myLOCALIP
 MY_HOSTNAME=$HOSTNAME
 EOF

-#if [ -s "/data/elk/logstash/ls_environment" ];
-#  then
-#    source /data/elk/logstash/ls_environment
-#    tee -a /data/tpot/etc/compose/elk_environment << EOF
-#MY_TPOT_TYPE=$MY_TPOT_TYPE
-#MY_SENSOR_PRIVATEKEYFILE=$MY_SENSOR_PRIVATEKEYFILE
-#MY_HIVE_USERNAME=$MY_HIVE_USERNAME
-#MY_HIVE_IP=$MY_HIVE_IP
-#EOF
-#fi
-
 chown tpot:tpot /data/ews/conf/ews.ip
 chmod 770 /data/ews/conf/ews.ip