Begin of restructuring ...

- deprecate old release
- set virtual version
- we need tpot user / group, adding to installer
- tweaking
- do not use the dev branch, it will break stuff

_deprecated/cloud/ansible/openstack/ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+host_key_checking = false
+
+[ssh_connection]
+scp_if_ssh = true
+ssh_args = -o ServerAliveInterval=60

_deprecated/cloud/ansible/openstack/deploy_tpot.yaml

@@ -0,0 +1,30 @@
+- name: Check host prerequisites
+  hosts: localhost
+  become: yes
+  roles:
+    - check
+
+- name: Deploy instances
+  hosts: localhost
+  vars_files: my_os_cloud.yaml
+  tasks:
+    - name: Create security group and network
+      ansible.builtin.include_role:
+        name: create_net
+    - name: Create one or more instances
+      ansible.builtin.include_role:
+        name: create_vm
+      loop: "{{ range(0, 1) }}"
+      loop_control:
+        extended: yes
+
+- name: Install T-Pot
+  hosts: tpot
+  remote_user: linux
+  become: yes
+  gather_facts: no
+  roles:
+    - install
+#    - custom_ews
+#    - custom_hpfeeds
+    - reboot

_deprecated/cloud/ansible/openstack/my_os_cloud.yaml

@@ -0,0 +1,2 @@
+# Enter the name of your cloud to use from clouds.yaml
+cloud: open-telekom-cloud

_deprecated/cloud/ansible/openstack/requirements.yaml

@@ -0,0 +1,2 @@
+collections:
+- name: openstack.cloud

_deprecated/cloud/ansible/openstack/roles/check/tasks/main.yaml

@@ -0,0 +1,19 @@
+- name: Install dependencies
+  ansible.builtin.package:
+    name:
+      - gcc
+      - python3-dev
+      - python3-setuptools
+      - python3-pip
+    state: present
+
+- name: Install openstacksdk
+  ansible.builtin.pip:
+    name: openstacksdk
+    executable: pip3
+
+- name: Check if agent forwarding is enabled
+  ansible.builtin.fail:
+    msg: Please enable agent forwarding to allow Ansible to connect to the remote host!
+  ignore_errors: yes
+  failed_when: lookup('env','SSH_AUTH_SOCK') == ""

_deprecated/cloud/ansible/openstack/roles/create_net/tasks/main.yaml

@@ -0,0 +1,33 @@
+- name: Create security group
+  openstack.cloud.security_group:
+    cloud: "{{ cloud }}"
+    name: sg-tpot-ansible
+    description: Security Group for T-Pot
+
+- name: Add rules to security group
+  openstack.cloud.security_group_rule:
+    cloud: "{{ cloud }}"
+    security_group: sg-tpot-ansible
+    remote_ip_prefix: 0.0.0.0/0
+
+- name: Create network
+  openstack.cloud.network:
+    cloud: "{{ cloud }}"
+    name: network-tpot-ansible
+
+- name: Create subnet
+  openstack.cloud.subnet:
+    cloud: "{{ cloud }}"
+    network_name: network-tpot-ansible
+    name: subnet-tpot-ansible
+    cidr: 192.168.0.0/24
+    dns_nameservers:
+      - 100.125.4.25
+      - 100.125.129.199
+
+- name: Create router
+  openstack.cloud.router:
+    cloud: "{{ cloud }}"
+    name: router-tpot-ansible
+    interfaces:
+      - subnet-tpot-ansible

_deprecated/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml

@@ -0,0 +1,24 @@
+- name: Generate T-Pot name
+  ansible.builtin.set_fact:
+    tpot_name: "t-pot-ansible-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=6') }}"
+
+- name: Create instance {{ ansible_loop.index }} of {{ ansible_loop.length }}
+  openstack.cloud.server:
+    cloud: "{{ cloud }}"
+    name: "{{ tpot_name }}"
+    availability_zone: "{{ availability_zone }}"
+    image: "{{ image }}"
+    boot_from_volume: yes
+    volume_size: "{{ volume_size }}"
+    key_name: "{{ key_name }}"
+    auto_ip: yes
+    flavor: "{{ flavor }}"
+    security_groups: sg-tpot-ansible
+    network: network-tpot-ansible
+  register: tpot
+
+- name: Add instance to inventory
+  ansible.builtin.add_host:
+    hostname: "{{ tpot_name }}"
+    ansible_host: "{{ tpot.server.public_v4 }}"
+    groups: tpot

_deprecated/cloud/ansible/openstack/roles/create_vm/vars/main.yaml

@@ -0,0 +1,5 @@
+availability_zone: eu-de-03
+image: Standard_Debian_10_latest
+volume_size: 128
+key_name: your-KeyPair
+flavor: s3.medium.8

_deprecated/cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml

@@ -0,0 +1,13 @@
+- name: Copy ews configuration file
+  ansible.builtin.template:
+    src: ews.cfg
+    dest: /data/ews/conf
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Patching tpot.yml with custom ews configuration file
+  ansible.builtin.lineinfile:
+    path: /opt/tpot/etc/tpot.yml
+    insertafter: "/opt/ewsposter/ews.ip"
+    line: "     - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg"

_deprecated/cloud/ansible/openstack/roles/custom_ews/templates/ews.cfg

@@ -0,0 +1,137 @@
+[MAIN]
+homedir = /opt/ewsposter/
+spooldir = /opt/ewsposter/spool/
+logdir = /opt/ewsposter/log/
+del_malware_after_send = false
+send_malware = true
+sendlimit = 500
+contact = your_email_address
+proxy =
+ip =
+
+[EWS]
+ews = true
+username = your_username
+token = your_token
+rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
+rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
+ignorecert = false
+
+[HPFEED]
+hpfeed = %(EWS_HPFEEDS_ENABLE)s
+host = %(EWS_HPFEEDS_HOST)s
+port = %(EWS_HPFEEDS_PORT)s
+channels = %(EWS_HPFEEDS_CHANNELS)s
+ident = %(EWS_HPFEEDS_IDENT)s
+secret= %(EWS_HPFEEDS_SECRET)s
+# path/to/certificate for tls broker - or "false" for non-tls broker
+tlscert = %(EWS_HPFEEDS_TLSCERT)s
+# hpfeeds submission format: "ews" (xml) or "json"
+hpfformat = %(EWS_HPFEEDS_FORMAT)s
+
+[EWSJSON]
+json = false
+jsondir = /data/ews/json/
+
+[GLASTOPFV3]
+glastopfv3 = true
+nodeid = glastopfv3-{{ ansible_hostname }}
+sqlitedb = /data/glastopf/db/glastopf.db
+malwaredir = /data/glastopf/data/files/
+
+[GLASTOPFV2]
+glastopfv2 = false
+nodeid =
+mysqlhost =
+mysqldb =
+mysqluser =
+mysqlpw =
+malwaredir =
+
+[KIPPO]
+kippo = false
+nodeid =
+mysqlhost =
+mysqldb =
+mysqluser =
+mysqlpw =
+malwaredir =
+
+[COWRIE]
+cowrie = true
+nodeid = cowrie-{{ ansible_hostname }}
+logfile = /data/cowrie/log/cowrie.json
+
+[DIONAEA]
+dionaea = true
+nodeid = dionaea-{{ ansible_hostname }}
+malwaredir = /data/dionaea/binaries/
+sqlitedb = /data/dionaea/log/dionaea.sqlite
+
+[HONEYTRAP]
+honeytrap = true
+nodeid = honeytrap-{{ ansible_hostname }}
+newversion = true
+payloaddir = /data/honeytrap/attacks/
+attackerfile = /data/honeytrap/log/attacker.log
+
+[RDPDETECT]
+rdpdetect = false
+nodeid =
+iptableslog =
+targetip =
+
+[EMOBILITY]
+eMobility = false
+nodeid = emobility-{{ ansible_hostname }}
+logfile = /data/emobility/log/centralsystemEWS.log
+
+[CONPOT]
+conpot = true
+nodeid = conpot-{{ ansible_hostname }}
+logfile = /data/conpot/log/conpot*.json
+
+[ELASTICPOT]
+elasticpot = true
+nodeid = elasticpot-{{ ansible_hostname }}
+logfile = /data/elasticpot/log/elasticpot.log
+
+[SURICATA]
+suricata = true
+nodeid = suricata-{{ ansible_hostname }}
+logfile = /data/suricata/log/eve.json
+
+[MAILONEY]
+mailoney = true
+nodeid = mailoney-{{ ansible_hostname }}
+logfile = /data/mailoney/log/commands.log
+
+[RDPY]
+rdpy = true
+nodeid = rdpy-{{ ansible_hostname }}
+logfile = /data/rdpy/log/rdpy.log
+
+[VNCLOWPOT]
+vnclowpot = true
+nodeid = vnclowpot-{{ ansible_hostname }}
+logfile = /data/vnclowpot/log/vnclowpot.log
+
+[HERALDING]
+heralding = true
+nodeid = heralding-{{ ansible_hostname }}
+logfile = /data/heralding/log/auth.csv
+
+[CISCOASA]
+ciscoasa = true
+nodeid = ciscoasa-{{ ansible_hostname }}
+logfile = /data/ciscoasa/log/ciscoasa.log
+
+[TANNER]
+tanner = true
+nodeid = tanner-{{ ansible_hostname }}
+logfile = /data/tanner/log/tanner_report.json
+
+[GLUTTON]
+glutton = true
+nodeid = glutton-{{ ansible_hostname }}
+logfile = /data/glutton/log/glutton.log

_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/files/hpfeeds.cfg

@@ -0,0 +1,8 @@
+myENABLE=false
+myHOST=host
+myPORT=port
+myCHANNEL=channels
+myCERT=false
+myIDENT=user
+mySECRET=secret
+myFORMAT=json

_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml

@@ -0,0 +1,12 @@
+- name: Copy hpfeeds configuration file
+  ansible.builtin.copy:
+    src: hpfeeds.cfg
+    dest: /data/ews/conf
+    owner: tpot
+    group: tpot
+    mode: 0770
+  register: config
+
+- name: Applying hpfeeds settings
+  ansible.builtin.command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
+  when: config.changed == true

_deprecated/cloud/ansible/openstack/roles/install/tasks/main.yaml

@@ -0,0 +1,48 @@
+- name: Waiting for SSH connection
+  ansible.builtin.wait_for_connection:
+
+- name: Gathering facts
+  ansible.builtin.setup:
+
+- name: Cloning T-Pot install directory
+  ansible.builtin.git:
+    repo: "https://github.com/telekom-security/tpotce.git"
+    dest: /root/tpot
+
+- name: Prepare to set user password
+  ansible.builtin.set_fact:
+    user_name: "{{ ansible_user }}"
+    user_salt: "s0mew1ck3dTpoT"
+  no_log: true
+
+- name: Changing password for user {{ user_name }}
+  ansible.builtin.user:
+   name: "{{ ansible_user }}"
+   password: "{{ user_password | password_hash('sha512', user_salt) }}"
+   state: present
+   shell: /bin/bash
+
+- name: Copy T-Pot configuration file
+  ansible.builtin.copy:
+    src: ../../../../../../iso/installer/tpot.conf.dist
+    dest: /root/tpot.conf
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Install T-Pot on instance -  be patient, this might take 15 to 30 minutes depending on the connection speed.
+  ansible.builtin.command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
+
+- name: Delete T-Pot configuration file
+  ansible.builtin.file:
+    path: /root/tpot.conf
+    state: absent
+
+- name: Change unattended-upgrades to take default action
+  ansible.builtin.blockinfile:
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
+    block: |
+      Dpkg::Options {
+        "--force-confdef";
+        "--force-confold";
+      }

_deprecated/cloud/ansible/openstack/roles/install/vars/main.yaml

@@ -0,0 +1 @@
+user_password: LiNuXuSeRPaSs#

_deprecated/cloud/ansible/openstack/roles/reboot/tasks/main.yaml

@@ -0,0 +1,16 @@
+- name: Finally rebooting T-Pot
+  ansible.builtin.command: shutdown -r now
+  async: 1
+  poll: 0
+
+- name: Next login options
+  ansible.builtin.debug:
+    msg:
+    - "*****    SSH Access:"
+    - "*****    ssh {{ ansible_user }}@{{ ansible_host }} -p 64295"
+    - ""
+    - "*****    Web UI:"
+    - "*****    https://{{ ansible_host }}:64297"
+    - ""
+    - "*****    Admin UI:"
+    - "*****    https://{{ ansible_host }}:64294"