mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
Move to subfolder & adapt paths
This commit is contained in:
10
cloud/open-telekom-cloud/ansible/custom_ews.yaml
Normal file
10
cloud/open-telekom-cloud/ansible/custom_ews.yaml
Normal file
@ -0,0 +1,10 @@
|
||||
# This playbook sets a custom EWS config on the T-Pot
|
||||
|
||||
- hosts: TPOT
|
||||
remote_user: linux
|
||||
become: yes
|
||||
become_user: root
|
||||
become_method: sudo
|
||||
|
||||
roles:
|
||||
- custom_ews
|
13
cloud/open-telekom-cloud/ansible/install.yaml
Normal file
13
cloud/open-telekom-cloud/ansible/install.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
# This playbook deploys a T-Pot
|
||||
|
||||
- hosts: TPOT
|
||||
remote_user: linux
|
||||
become: yes
|
||||
become_user: root
|
||||
become_method: sudo
|
||||
gather_facts: no
|
||||
|
||||
roles:
|
||||
- install
|
||||
|
||||
|
12
cloud/open-telekom-cloud/ansible/reboot.yaml
Normal file
12
cloud/open-telekom-cloud/ansible/reboot.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
# This playbook reboots a T-Pot
|
||||
|
||||
- hosts: TPOT
|
||||
remote_user: linux
|
||||
become: yes
|
||||
become_user: root
|
||||
become_method: sudo
|
||||
|
||||
tasks:
|
||||
- name: Finally rebooting t-pot in one minute - make sure your next login is on port 64295 or via https:// on port 64297
|
||||
shell: /sbin/shutdown -r -t 1
|
||||
become: true
|
@ -0,0 +1,40 @@
|
||||
- name: Copy ews configuration file
|
||||
template:
|
||||
src: ../templates/ews.cfg
|
||||
dest: /data/ews/conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Patching tpot.yml with custom ews configuration file
|
||||
lineinfile:
|
||||
path: /opt/tpot/etc/tpot.yml
|
||||
insertafter: '/opt/ewsposter/ews.ip'
|
||||
line: ' - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg'
|
||||
|
||||
- name: Lookup HPFEED environment variables
|
||||
set_fact:
|
||||
myENABLE: "{{ lookup('env', 'myENABLE') }}"
|
||||
myHOST: "{{ lookup('env', 'myHOST') }}"
|
||||
myPORT: "{{ lookup('env', 'myPORT') }}"
|
||||
myCHANNEL: "{{ lookup('env', 'myCHANNEL') }}"
|
||||
myIDENT: "{{ lookup('env', 'myIDENT') }}"
|
||||
mySECRET: "{{ lookup('env', 'mySECRET') }}"
|
||||
myCERT: "{{ lookup('env', 'myCERT') }}"
|
||||
myFORMAT: "{{ lookup('env', 'myFORMAT') }}"
|
||||
|
||||
- name: Apply HPFEED settings in tpot.yml
|
||||
lineinfile:
|
||||
path: /opt/tpot/etc/tpot.yml
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: "{{ item.line }}"
|
||||
with_items:
|
||||
- { regexp: 'EWS_HPFEEDS_ENABLE.*', line: ' - EWS_HPFEEDS_ENABLE={{ myENABLE | lower }}' }
|
||||
- { regexp: 'EWS_HPFEEDS_HOST.*', line: ' - EWS_HPFEEDS_HOST={{ myHOST }}' }
|
||||
- { regexp: 'EWS_HPFEEDS_PORT.*', line: ' - EWS_HPFEEDS_PORT={{ myPORT }}' }
|
||||
- { regexp: 'EWS_HPFEEDS_CHANNELS.*', line: ' - EWS_HPFEEDS_CHANNELS={{ myCHANNEL }}' }
|
||||
- { regexp: 'EWS_HPFEEDS_IDENT.*', line: ' - EWS_HPFEEDS_IDENT={{ myIDENT }}' }
|
||||
- { regexp: 'EWS_HPFEEDS_SECRET.*', line: ' - EWS_HPFEEDS_SECRET={{ mySECRET }}' }
|
||||
- { regexp: 'EWS_HPFEEDS_TLSCERT.*', line: ' - EWS_HPFEEDS_TLSCERT={{ myCERT }}' }
|
||||
- { regexp: 'EWS_HPFEEDS_TLSCERT.False', line: ' - EWS_HPFEEDS_TLSCERT={{ myCERT | lower }}' }
|
||||
- { regexp: 'EWS_HPFEEDS_FORMAT.*', line: ' - EWS_HPFEEDS_FORMAT={{ myFORMAT }}' }
|
@ -0,0 +1,137 @@
|
||||
[MAIN]
|
||||
homedir = /opt/ewsposter/
|
||||
spooldir = /opt/ewsposter/spool/
|
||||
logdir = /opt/ewsposter/log/
|
||||
del_malware_after_send = false
|
||||
send_malware = true
|
||||
sendlimit = 500
|
||||
contact = your_email_address
|
||||
proxy =
|
||||
ip =
|
||||
|
||||
[EWS]
|
||||
ews = true
|
||||
username = your_username
|
||||
token = your_token
|
||||
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
|
||||
rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
|
||||
ignorecert = false
|
||||
|
||||
[HPFEED]
|
||||
hpfeed = %(EWS_HPFEEDS_ENABLE)s
|
||||
host = %(EWS_HPFEEDS_HOST)s
|
||||
port = %(EWS_HPFEEDS_PORT)s
|
||||
channels = %(EWS_HPFEEDS_CHANNELS)s
|
||||
ident = %(EWS_HPFEEDS_IDENT)s
|
||||
secret= %(EWS_HPFEEDS_SECRET)s
|
||||
# path/to/certificate for tls broker - or "false" for non-tls broker
|
||||
tlscert = %(EWS_HPFEEDS_TLSCERT)s
|
||||
# hpfeeds submission format: "ews" (xml) or "json"
|
||||
hpfformat = %(EWS_HPFEEDS_FORMAT)s
|
||||
|
||||
[EWSJSON]
|
||||
json = false
|
||||
jsondir = /data/ews/json/
|
||||
|
||||
[GLASTOPFV3]
|
||||
glastopfv3 = true
|
||||
nodeid = glastopfv3-{{ HPNAME }}
|
||||
sqlitedb = /data/glastopf/db/glastopf.db
|
||||
malwaredir = /data/glastopf/data/files/
|
||||
|
||||
[GLASTOPFV2]
|
||||
glastopfv2 = false
|
||||
nodeid =
|
||||
mysqlhost =
|
||||
mysqldb =
|
||||
mysqluser =
|
||||
mysqlpw =
|
||||
malwaredir =
|
||||
|
||||
[KIPPO]
|
||||
kippo = false
|
||||
nodeid =
|
||||
mysqlhost =
|
||||
mysqldb =
|
||||
mysqluser =
|
||||
mysqlpw =
|
||||
malwaredir =
|
||||
|
||||
[COWRIE]
|
||||
cowrie = true
|
||||
nodeid = cowrie-{{ HPNAME }}
|
||||
logfile = /data/cowrie/log/cowrie.json
|
||||
|
||||
[DIONAEA]
|
||||
dionaea = true
|
||||
nodeid = dionaea-{{ HPNAME }}
|
||||
malwaredir = /data/dionaea/binaries/
|
||||
sqlitedb = /data/dionaea/log/dionaea.sqlite
|
||||
|
||||
[HONEYTRAP]
|
||||
honeytrap = true
|
||||
nodeid = honeytrap-{{ HPNAME }}
|
||||
newversion = true
|
||||
payloaddir = /data/honeytrap/attacks/
|
||||
attackerfile = /data/honeytrap/log/attacker.log
|
||||
|
||||
[RDPDETECT]
|
||||
rdpdetect = false
|
||||
nodeid =
|
||||
iptableslog =
|
||||
targetip =
|
||||
|
||||
[EMOBILITY]
|
||||
eMobility = false
|
||||
nodeid = emobility-{{ HPNAME }}
|
||||
logfile = /data/emobility/log/centralsystemEWS.log
|
||||
|
||||
[CONPOT]
|
||||
conpot = true
|
||||
nodeid = conpot-{{ HPNAME }}
|
||||
logfile = /data/conpot/log/conpot*.json
|
||||
|
||||
[ELASTICPOT]
|
||||
elasticpot = true
|
||||
nodeid = elasticpot-{{ HPNAME }}
|
||||
logfile = /data/elasticpot/log/elasticpot.log
|
||||
|
||||
[SURICATA]
|
||||
suricata = true
|
||||
nodeid = suricata-{{ HPNAME }}
|
||||
logfile = /data/suricata/log/eve.json
|
||||
|
||||
[MAILONEY]
|
||||
mailoney = true
|
||||
nodeid = mailoney-{{ HPNAME }}
|
||||
logfile = /data/mailoney/log/commands.log
|
||||
|
||||
[RDPY]
|
||||
rdpy = true
|
||||
nodeid = rdpy-{{ HPNAME }}
|
||||
logfile = /data/rdpy/log/rdpy.log
|
||||
|
||||
[VNCLOWPOT]
|
||||
vnclowpot = true
|
||||
nodeid = vnclowpot-{{ HPNAME }}
|
||||
logfile = /data/vnclowpot/log/vnclowpot.log
|
||||
|
||||
[HERALDING]
|
||||
heralding = true
|
||||
nodeid = heralding-{{ HPNAME }}
|
||||
logfile = /data/heralding/log/auth.csv
|
||||
|
||||
[CISCOASA]
|
||||
ciscoasa = true
|
||||
nodeid = ciscoasa-{{ HPNAME }}
|
||||
logfile = /data/ciscoasa/log/ciscoasa.log
|
||||
|
||||
[TANNER]
|
||||
tanner = true
|
||||
nodeid = tanner-{{ HPNAME }}
|
||||
logfile = /data/tanner/log/tanner_report.json
|
||||
|
||||
[GLUTTON]
|
||||
glutton = true
|
||||
nodeid = glutton-{{ HPNAME }}
|
||||
logfile = /data/glutton/log/glutton.log
|
@ -0,0 +1,50 @@
|
||||
- name: Waiting for SSH connection
|
||||
wait_for_connection:
|
||||
delay: 30
|
||||
timeout: 300
|
||||
|
||||
- name: Gathering Facts
|
||||
setup:
|
||||
|
||||
- name: Cloning t-pot install directory
|
||||
git:
|
||||
repo: 'https://github.com/dtag-dev-sec/tpotce.git'
|
||||
dest: /root/tpot
|
||||
|
||||
- name: Prepare to set user password
|
||||
set_fact:
|
||||
user_password: "{{ lookup('env', 'LINUX_PASS') }}"
|
||||
user_salt: 's0mew1ck3dTpoT'
|
||||
|
||||
- name: Changing password for user linux to {{ user_password }}
|
||||
user:
|
||||
name: "linux"
|
||||
password: "{{ user_password | password_hash('sha512', user_salt) }}"
|
||||
state: present
|
||||
shell: /bin/bash
|
||||
update_password: always
|
||||
|
||||
- name: Copy t-pot configuration file
|
||||
template:
|
||||
src: ../../../../../../iso/installer/tpot.conf.dist
|
||||
dest: /root/tpot.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Install t-pot on ECS - be patient, this might take 15 to 30 minutes depending on the connection speed. No further output is given.
|
||||
command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
|
||||
|
||||
- name: Delete t-pot configuration file
|
||||
file:
|
||||
path: /root/tpot.conf
|
||||
state: absent
|
||||
|
||||
- name: Change unattended-upgrades to take default action
|
||||
blockinfile:
|
||||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
block: |
|
||||
Dpkg::Options {
|
||||
"--force-confdef";
|
||||
"--force-confold";
|
||||
}
|
Reference in New Issue
Block a user