Move to subfolder & adapt paths

This commit is contained in:
Sebastian Haderecker
2019-05-09 21:40:32 +00:00
parent 0dcd0b6dc5
commit 3d55d16f8d
19 changed files with 3 additions and 3 deletions

View File

@ -0,0 +1,10 @@
# This playbook sets a custom EWS config on the T-Pot
- hosts: TPOT
remote_user: linux
become: yes
become_user: root
become_method: sudo
roles:
- custom_ews

View File

@ -0,0 +1,13 @@
# This playbook deploys a T-Pot
- hosts: TPOT
remote_user: linux
become: yes
become_user: root
become_method: sudo
gather_facts: no
roles:
- install

View File

@ -0,0 +1,12 @@
# This playbook reboots a T-Pot
- hosts: TPOT
remote_user: linux
become: yes
become_user: root
become_method: sudo
tasks:
- name: Finally rebooting t-pot in one minute - make sure your next login is on port 64295 or via https:// on port 64297
shell: /sbin/shutdown -r -t 1
become: true

View File

@ -0,0 +1,40 @@
- name: Copy ews configuration file
template:
src: ../templates/ews.cfg
dest: /data/ews/conf
owner: root
group: root
mode: 0644
- name: Patching tpot.yml with custom ews configuration file
lineinfile:
path: /opt/tpot/etc/tpot.yml
insertafter: '/opt/ewsposter/ews.ip'
line: ' - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg'
- name: Lookup HPFEED environment variables
set_fact:
myENABLE: "{{ lookup('env', 'myENABLE') }}"
myHOST: "{{ lookup('env', 'myHOST') }}"
myPORT: "{{ lookup('env', 'myPORT') }}"
myCHANNEL: "{{ lookup('env', 'myCHANNEL') }}"
myIDENT: "{{ lookup('env', 'myIDENT') }}"
mySECRET: "{{ lookup('env', 'mySECRET') }}"
myCERT: "{{ lookup('env', 'myCERT') }}"
myFORMAT: "{{ lookup('env', 'myFORMAT') }}"
- name: Apply HPFEED settings in tpot.yml
lineinfile:
path: /opt/tpot/etc/tpot.yml
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: 'EWS_HPFEEDS_ENABLE.*', line: ' - EWS_HPFEEDS_ENABLE={{ myENABLE | lower }}' }
- { regexp: 'EWS_HPFEEDS_HOST.*', line: ' - EWS_HPFEEDS_HOST={{ myHOST }}' }
- { regexp: 'EWS_HPFEEDS_PORT.*', line: ' - EWS_HPFEEDS_PORT={{ myPORT }}' }
- { regexp: 'EWS_HPFEEDS_CHANNELS.*', line: ' - EWS_HPFEEDS_CHANNELS={{ myCHANNEL }}' }
- { regexp: 'EWS_HPFEEDS_IDENT.*', line: ' - EWS_HPFEEDS_IDENT={{ myIDENT }}' }
- { regexp: 'EWS_HPFEEDS_SECRET.*', line: ' - EWS_HPFEEDS_SECRET={{ mySECRET }}' }
- { regexp: 'EWS_HPFEEDS_TLSCERT.*', line: ' - EWS_HPFEEDS_TLSCERT={{ myCERT }}' }
- { regexp: 'EWS_HPFEEDS_TLSCERT.False', line: ' - EWS_HPFEEDS_TLSCERT={{ myCERT | lower }}' }
- { regexp: 'EWS_HPFEEDS_FORMAT.*', line: ' - EWS_HPFEEDS_FORMAT={{ myFORMAT }}' }

View File

@ -0,0 +1,137 @@
[MAIN]
homedir = /opt/ewsposter/
spooldir = /opt/ewsposter/spool/
logdir = /opt/ewsposter/log/
del_malware_after_send = false
send_malware = true
sendlimit = 500
contact = your_email_address
proxy =
ip =
[EWS]
ews = true
username = your_username
token = your_token
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
ignorecert = false
[HPFEED]
hpfeed = %(EWS_HPFEEDS_ENABLE)s
host = %(EWS_HPFEEDS_HOST)s
port = %(EWS_HPFEEDS_PORT)s
channels = %(EWS_HPFEEDS_CHANNELS)s
ident = %(EWS_HPFEEDS_IDENT)s
secret= %(EWS_HPFEEDS_SECRET)s
# path/to/certificate for tls broker - or "false" for non-tls broker
tlscert = %(EWS_HPFEEDS_TLSCERT)s
# hpfeeds submission format: "ews" (xml) or "json"
hpfformat = %(EWS_HPFEEDS_FORMAT)s
[EWSJSON]
json = false
jsondir = /data/ews/json/
[GLASTOPFV3]
glastopfv3 = true
nodeid = glastopfv3-{{ HPNAME }}
sqlitedb = /data/glastopf/db/glastopf.db
malwaredir = /data/glastopf/data/files/
[GLASTOPFV2]
glastopfv2 = false
nodeid =
mysqlhost =
mysqldb =
mysqluser =
mysqlpw =
malwaredir =
[KIPPO]
kippo = false
nodeid =
mysqlhost =
mysqldb =
mysqluser =
mysqlpw =
malwaredir =
[COWRIE]
cowrie = true
nodeid = cowrie-{{ HPNAME }}
logfile = /data/cowrie/log/cowrie.json
[DIONAEA]
dionaea = true
nodeid = dionaea-{{ HPNAME }}
malwaredir = /data/dionaea/binaries/
sqlitedb = /data/dionaea/log/dionaea.sqlite
[HONEYTRAP]
honeytrap = true
nodeid = honeytrap-{{ HPNAME }}
newversion = true
payloaddir = /data/honeytrap/attacks/
attackerfile = /data/honeytrap/log/attacker.log
[RDPDETECT]
rdpdetect = false
nodeid =
iptableslog =
targetip =
[EMOBILITY]
eMobility = false
nodeid = emobility-{{ HPNAME }}
logfile = /data/emobility/log/centralsystemEWS.log
[CONPOT]
conpot = true
nodeid = conpot-{{ HPNAME }}
logfile = /data/conpot/log/conpot*.json
[ELASTICPOT]
elasticpot = true
nodeid = elasticpot-{{ HPNAME }}
logfile = /data/elasticpot/log/elasticpot.log
[SURICATA]
suricata = true
nodeid = suricata-{{ HPNAME }}
logfile = /data/suricata/log/eve.json
[MAILONEY]
mailoney = true
nodeid = mailoney-{{ HPNAME }}
logfile = /data/mailoney/log/commands.log
[RDPY]
rdpy = true
nodeid = rdpy-{{ HPNAME }}
logfile = /data/rdpy/log/rdpy.log
[VNCLOWPOT]
vnclowpot = true
nodeid = vnclowpot-{{ HPNAME }}
logfile = /data/vnclowpot/log/vnclowpot.log
[HERALDING]
heralding = true
nodeid = heralding-{{ HPNAME }}
logfile = /data/heralding/log/auth.csv
[CISCOASA]
ciscoasa = true
nodeid = ciscoasa-{{ HPNAME }}
logfile = /data/ciscoasa/log/ciscoasa.log
[TANNER]
tanner = true
nodeid = tanner-{{ HPNAME }}
logfile = /data/tanner/log/tanner_report.json
[GLUTTON]
glutton = true
nodeid = glutton-{{ HPNAME }}
logfile = /data/glutton/log/glutton.log

View File

@ -0,0 +1,50 @@
- name: Waiting for SSH connection
wait_for_connection:
delay: 30
timeout: 300
- name: Gathering Facts
setup:
- name: Cloning t-pot install directory
git:
repo: 'https://github.com/dtag-dev-sec/tpotce.git'
dest: /root/tpot
- name: Prepare to set user password
set_fact:
user_password: "{{ lookup('env', 'LINUX_PASS') }}"
user_salt: 's0mew1ck3dTpoT'
- name: Changing password for user linux to {{ user_password }}
user:
name: "linux"
password: "{{ user_password | password_hash('sha512', user_salt) }}"
state: present
shell: /bin/bash
update_password: always
- name: Copy t-pot configuration file
template:
src: ../../../../../../iso/installer/tpot.conf.dist
dest: /root/tpot.conf
owner: root
group: root
mode: 0644
- name: Install t-pot on ECS - be patient, this might take 15 to 30 minutes depending on the connection speed. No further output is given.
command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
- name: Delete t-pot configuration file
file:
path: /root/tpot.conf
state: absent
- name: Change unattended-upgrades to take default action
blockinfile:
dest: /etc/apt/apt.conf.d/50unattended-upgrades
block: |
Dpkg::Options {
"--force-confdef";
"--force-confold";
}