telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

tweaking

Browse Source 
random reboot times for crontab
remix compose files
some tweaking
This commit is contained in:
t3chn0m4g3
2020-06-28 20:03:14 +00:00
parent 4e6510b5c7
commit 3a418534d8
8 changed files with 105 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/clean.sh
View File

@ -116,8 +116,9 @@ fuCOWRIE () {
# Let's create a function to clean up and prepare dicompot data # Let's create a function to clean up and prepare dicompot data
fuDICOMPOT () { fuDICOMPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/*; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/log; fi
mkdir -p /data/dicompot/log mkdir -p /data/dicompot/log
mkdir -p /data/dicompot/images
chmod 770 /data/dicompot -R chmod 770 /data/dicompot -R
chown tpot:tpot /data/dicompot -R chown tpot:tpot /data/dicompot -R
} }

1
docker/dicompot/docker-compose.yml
View File

@ -19,3 +19,4 @@ services:
volumes: volumes:
- /data/dicompot/log:/var/log/dicompot - /data/dicompot/log:/var/log/dicompot
# - /path/to/dicom/images:/opt/dicompot/images # - /path/to/dicom/images:/opt/dicompot/images

31
etc/compose/industrial.yml
View File

@ -10,7 +10,9 @@ networks:
conpot_local_kamstrup_382: conpot_local_kamstrup_382:
cowrie_local: cowrie_local:
cyberchef_local: cyberchef_local:
dicompot_local:
heralding_local: heralding_local:
honeysap_local:
medpot_local: medpot_local:
rdpy_local: rdpy_local:
ewsposter_local: ewsposter_local:
@ -157,6 +159,23 @@ services:
- /data/cowrie/log:/home/cowrie/cowrie/log - /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dicompot service
# Get the Horos Client for testing: https://horosproject.org/
# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
dicompot:
container_name: dicompot
restart: always
networks:
- dicompot_local
ports:
- "11112:11112"
image: "dtagdevsec/dicompot:2006"
read_only: true
volumes:
- /data/dicompot/log:/var/log/dicompot
# - /data/dicompot/images:/opt/dicompot/images
# Heralding service # Heralding service
heralding: heralding:
container_name: heralding container_name: heralding
@ -185,6 +204,18 @@ services:
volumes: volumes:
- /data/heralding/log:/var/log/heralding - /data/heralding/log:/var/log/heralding
# HoneySAP service
honeysap:
container_name: honeysap
restart: always
networks:
- honeysap_local
ports:
- "3299:3299"
image: "dtagdevsec/honeysap:2006"
volumes:
- /data/honeysap/log:/opt/honeysap/log
# Honeytrap service # Honeytrap service
honeytrap: honeytrap:
container_name: honeytrap container_name: honeytrap

9
etc/compose/nextgen.yml
View File

@ -4,6 +4,7 @@ version: '2.3'
networks: networks:
adbhoney_local: adbhoney_local:
ciscoasa_local:
citrixhoneypot_local: citrixhoneypot_local:
conpot_local_IEC104: conpot_local_IEC104:
conpot_local_guardian_ast: conpot_local_guardian_ast:
@ -48,9 +49,10 @@ services:
ciscoasa: ciscoasa:
container_name: ciscoasa container_name: ciscoasa
restart: always restart: always
networks:
- ciscoasa_local
tmpfs: tmpfs:
- /tmp/ciscoasa:uid=2000,gid=2000 - /tmp/ciscoasa:uid=2000,gid=2000
network_mode: "host"
ports: ports:
- "5000:5000/udp" - "5000:5000/udp"
- "8443:8443" - "8443:8443"
@ -179,6 +181,9 @@ services:
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dicompot service # Dicompot service
# Get the Horos Client for testing: https://horosproject.org/
# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
dicompot: dicompot:
container_name: dicompot container_name: dicompot
restart: always restart: always
@ -190,7 +195,7 @@ services:
read_only: true read_only: true
volumes: volumes:
- /data/dicompot/log:/var/log/dicompot - /data/dicompot/log:/var/log/dicompot
# - /path/to/dicom/images:/opt/dicompot/images # - /data/dicompot/images:/opt/dicompot/images
# Dionaea service # Dionaea service
dionaea: dionaea:

45
etc/compose/standard.yml
View File

@ -4,15 +4,18 @@ version: '2.3'
networks: networks:
adbhoney_local: adbhoney_local:
citrixhoneypot_local:
conpot_local_IEC104: conpot_local_IEC104:
conpot_local_guardian_ast: conpot_local_guardian_ast:
conpot_local_ipmi: conpot_local_ipmi:
conpot_local_kamstrup_382: conpot_local_kamstrup_382:
cowrie_local: cowrie_local:
cyberchef_local: cyberchef_local:
dicompot_local:
dionaea_local: dionaea_local:
elasticpot_local: elasticpot_local:
heralding_local: heralding_local:
honeysap_local:
mailoney_local: mailoney_local:
medpot_local: medpot_local:
rdpy_local: rdpy_local:
@ -55,6 +58,19 @@ services:
volumes: volumes:
- /data/ciscoasa/log:/var/log/ciscoasa - /data/ciscoasa/log:/var/log/ciscoasa
# CitrixHoneypot service
citrixhoneypot:
container_name: citrixhoneypot
restart: always
networks:
- citrixhoneypot_local
ports:
- "443:443"
image: "dtagdevsec/citrixhoneypot:2006"
read_only: true
volumes:
- /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
# Conpot IEC104 service # Conpot IEC104 service
conpot_IEC104: conpot_IEC104:
container_name: conpot_iec104 container_name: conpot_iec104
@ -161,6 +177,23 @@ services:
- /data/cowrie/log:/home/cowrie/cowrie/log - /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dicompot service
# Get the Horos Client for testing: https://horosproject.org/
# Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
# Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
dicompot:
container_name: dicompot
restart: always
networks:
- dicompot_local
ports:
- "11112:11112"
image: "dtagdevsec/dicompot:2006"
read_only: true
volumes:
- /data/dicompot/log:/var/log/dicompot
# - /data/dicompot/images:/opt/dicompot/images
# Dionaea service # Dionaea service
dionaea: dionaea:
container_name: dionaea container_name: dionaea
@ -240,6 +273,18 @@ services:
volumes: volumes:
- /data/heralding/log:/var/log/heralding - /data/heralding/log:/var/log/heralding
# HoneySAP service
honeysap:
container_name: honeysap
restart: always
networks:
- honeysap_local
ports:
- "3299:3299"
image: "dtagdevsec/honeysap:2006"
volumes:
- /data/honeysap/log:/opt/honeysap/log
# Honeytrap service # Honeytrap service
honeytrap: honeytrap:
container_name: honeytrap container_name: honeytrap

2
etc/curator/actions.yml
View File

@ -23,4 +23,4 @@ actions:
direction: older direction: older
timestring: '%Y.%m.%d' timestring: '%Y.%m.%d'
unit: days unit: days
unit_count: 60 unit_count: 90

22
iso/installer/install.sh
View File

@ -1,6 +1,14 @@
#!/bin/bash #!/bin/bash
# T-Pot Universal Installer # T-Pot Universal Installer
# Installer can only be executed once.
myTPOT_INSTALL_LOG="/install.log"
if [ -s "$myTPOT_INSTALL_LOG" ];
then
echo "Aborting. Installer can only be executed once."
exit
fi
################## ##################
# I. Global vars # # I. Global vars #
################## ##################
@ -153,21 +161,25 @@ ListenStream=64294
mySSHPORT=" mySSHPORT="
Port 64295 Port 64295
" "
myRANDOM_HOUR=$(shuf -i 2-22 -n 1)
myRANDOM_MINUTE=$(shuf -i 0-59 -n 1)
myDEL_HOUR=$(($myRANDOM_HOUR+1))
myPULL_HOUR=$(($myRANDOM_HOUR-2))
myCRONJOBS=" myCRONJOBS="
# Check if updated images are available and download them # Check if updated images are available and download them
27 1 * * * root docker-compose -f /opt/tpot/etc/tpot.yml pull $myRANDOM_MINUTE $myPULL_HOUR * * root docker-compose -f /opt/tpot/etc/tpot.yml pull
# Delete elasticsearch logstash indices older than 90 days # Delete elasticsearch logstash indices older than 90 days
27 4 * * * root curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml $myRANDOM_MINUTE $myDEL_HOUR * * * root curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml
# Uploaded binaries are not supposed to be downloaded # Uploaded binaries are not supposed to be downloaded
*/1 * * * * root mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/ */1 * * * * root mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/
# Daily reboot # Daily reboot
27 3 * * * root systemctl stop tpot && docker stop \$(docker ps -aq) || docker rm \$(docker ps -aq) || reboot $myRANDOM_MINUTE $myRANDOM_HOUR * * 1-6 root systemctl stop tpot && docker stop \$(docker ps -aq) || docker rm \$(docker ps -aq) || reboot
# Check for updated packages every sunday, upgrade and reboot # Check for updated packages every sunday, upgrade and reboot
27 16 * * 0 root apt-fast autoclean -y && apt-fast autoremove -y && apt-fast update -y && apt-fast upgrade -y && sleep 10 && reboot $myRANDOM_MINUTE $myRANDOM_HOUR * * 0 root apt-fast autoclean -y && apt-fast autoremove -y && apt-fast update -y && apt-fast upgrade -y && sleep 10 && reboot
" "
mySHELLCHECK='[[ $- == *i* ]] || return' mySHELLCHECK='[[ $- == *i* ]] || return'
myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
@ -780,7 +792,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/conpot/log \ /data/conpot/log \
/data/citrixhoneypot/logs \ /data/citrixhoneypot/logs \
/data/cowrie/{downloads,keys,misc,log,log/tty} \ /data/cowrie/{downloads,keys,misc,log,log/tty} \
/data/dicompot/log \ /data/dicompot/{images,log} \
/data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
/data/elasticpot/log \ /data/elasticpot/log \
/data/elk/{data,log} \ /data/elk/{data,log} \

2
update.sh
View File

@ -228,7 +228,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/conpot/log \ /data/conpot/log \
/data/citrixhoneypot/logs \ /data/citrixhoneypot/logs \
/data/cowrie/{downloads,keys,misc,log,log/tty} \ /data/cowrie/{downloads,keys,misc,log,log/tty} \
/data/dicompot/log \ /data/dicompot/{images,log} \
/data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
/data/elasticpot/log \ /data/elasticpot/log \
/data/elk/{data,log} \ /data/elk/{data,log} \