mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
Installer upgrade
This commit is contained in:
@ -3,7 +3,7 @@
|
||||
# T-Pot Community Edition post install script #
|
||||
# Ubuntu server 14.04, x64 #
|
||||
# #
|
||||
# v0.21 by mo, DTAG, 2015-01-22 #
|
||||
# v0.30 by mo, DTAG, 2015-01-27 #
|
||||
########################################################
|
||||
|
||||
# Let's make sure there is a warning if running for a second time
|
||||
@ -55,15 +55,18 @@ adduser --system --no-create-home --uid 2000 --disabled-password --disabled-logi
|
||||
fuECHO "### Creating some files and folders."
|
||||
mkdir -p /data/ews/log /data/ews/conf /data/elk/data /data/elk/log
|
||||
|
||||
# Let's modify the ownership / access rights
|
||||
# Let's modify some ownership / access rights
|
||||
chmod 760 -R /data
|
||||
chown tpot:tpot -R /data
|
||||
|
||||
chmod 700 /home/tsec/*.sh
|
||||
chown tsec:tsec /home/tsec/*.sh
|
||||
|
||||
# Let's set the hostname
|
||||
fuECHO "### Setting a new hostname."
|
||||
myHOST=ce$(date +%s)$RANDOM
|
||||
hostnamectl set-hostname $myHOST
|
||||
sed -i 's/127.0.1.1.*/127.0.1.1\t'"$myHOST"'/g' /etc/hosts
|
||||
sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts
|
||||
|
||||
# Let's patch sshd_config
|
||||
fuECHO "### Patching sshd_config to listen on port 64295 and deny password authentication."
|
||||
@ -71,67 +74,7 @@ sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config
|
||||
sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config
|
||||
|
||||
# Let's disable ssh service
|
||||
mv /etc/init/ssh.conf /etc/init/ssh.conf.disable
|
||||
|
||||
# Let's create the 2FA enable script
|
||||
fuECHO "### Creating 2FA enable script."
|
||||
tee /home/tsec/2fa_enable.sh <<EOF
|
||||
#!/bin/bash
|
||||
echo "### This script will enable Two-Factor-Authentication based on Google Authenticator for SSH."
|
||||
while true
|
||||
do
|
||||
echo -n "### Do you want to continue (y/n)? "; read myANSWER;
|
||||
case \$myANSWER in
|
||||
n)
|
||||
echo "### Exiting."
|
||||
exit 0;
|
||||
;;
|
||||
y)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
if [ -f /etc/pam.d/sshd.bak ];
|
||||
then echo "### Already enabled. Exiting."
|
||||
exit 1;
|
||||
fi
|
||||
sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
|
||||
sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
|
||||
google-authenticator -t -d -f -r 3 -R 30 -w 21
|
||||
echo "### Please do not forget to run the ssh_enable script."
|
||||
EOF
|
||||
chmod 700 /home/tsec/2fa_enable.sh
|
||||
chown tsec:tsec /home/tsec/2fa_enable.sh
|
||||
|
||||
# Let's create the ssh enable script
|
||||
fuECHO "### Creating ssh enable script."
|
||||
tee /home/tsec/ssh_enable.sh <<EOF
|
||||
#!/bin/bash
|
||||
echo "### This script will enable the ssh service (default port tcp/64295)."
|
||||
echo "### Password authentication is disabled by default."
|
||||
while true
|
||||
do
|
||||
echo -n "### Do you want to continue (y/n)? "; read myANSWER;
|
||||
case \$myANSWER in
|
||||
n)
|
||||
echo "### Exiting."
|
||||
exit 0;
|
||||
;;
|
||||
y)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
if [ -f /etc/init/ssh.conf ];
|
||||
then echo "### Already enabled. Exiting."
|
||||
exit 1;
|
||||
fi
|
||||
sudo mv /etc/init/ssh.conf.disable /etc/init/ssh.conf
|
||||
sudo service ssh start
|
||||
EOF
|
||||
chmod 700 /home/tsec/ssh_enable.sh
|
||||
chown tsec:tsec /home/tsec/ssh_enable.sh
|
||||
|
||||
echo "manual" >> /etc/init/ssh.override
|
||||
|
||||
# Let's patch docker defaults, so we can run images as service
|
||||
fuECHO "### Patching docker defaults."
|
||||
@ -139,144 +82,6 @@ tee -a /etc/default/docker <<EOF
|
||||
DOCKER_OPTS="-r=false"
|
||||
EOF
|
||||
|
||||
# Let's create an upstart config for the dionaea docker image
|
||||
fuECHO "### Adding upstart config for the dionaea docker image."
|
||||
tee /etc/init/dionaea.conf <<EOF
|
||||
description "Dionaea"
|
||||
author "mo"
|
||||
start on started docker and filesystem
|
||||
stop on runlevel [!2345]
|
||||
respawn
|
||||
script
|
||||
sleep 1
|
||||
/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8080:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5061:5061 -p 5060:5060 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea dtagdevsec/dionaea
|
||||
end script
|
||||
post-stop script
|
||||
sleep 1
|
||||
/usr/bin/docker rm dionaea
|
||||
end script
|
||||
EOF
|
||||
|
||||
# Let's create an upstart config for the elk docker image
|
||||
fuECHO "### Adding upstart config for the elk docker image."
|
||||
tee /etc/init/elk.conf <<EOF
|
||||
description "ELK"
|
||||
author "mo"
|
||||
start on started docker and filesystem and started suricata and started ews
|
||||
stop on runlevel [!2345]
|
||||
respawn
|
||||
script
|
||||
sleep 1
|
||||
/usr/bin/docker run --name=elk --volumes-from ews --volumes-from suricata -v /data/elk/:/data/elk/ -p 127.0.0.1:64296:80 --rm=true dtagdevsec/elk
|
||||
end script
|
||||
post-stop script
|
||||
sleep 1
|
||||
/usr/bin/docker rm elk
|
||||
end script
|
||||
EOF
|
||||
|
||||
# Let's create an upstart config for the ews docker image
|
||||
fuECHO "### Adding upstart config for the ews docker image."
|
||||
tee /etc/init/ews.conf <<EOF
|
||||
description "EWS"
|
||||
author "mo"
|
||||
start on started docker and filesystem and started dionaea and started honeytrap and started kippo and started glastopf
|
||||
stop on runlevel [!2345]
|
||||
respawn
|
||||
script
|
||||
sleep 15
|
||||
/usr/bin/docker run --name ews --volumes-from dionaea --volumes-from glastopf --volumes-from honeytrap --volumes-from kippo --rm=true -v /data/ews/:/data/ews/ --link kippo:kippo dtagdevsec/ews
|
||||
end script
|
||||
post-stop script
|
||||
sleep 1
|
||||
/usr/bin/docker rm ews
|
||||
end script
|
||||
EOF
|
||||
|
||||
# Let's create an upstart config for the glastopf docker image
|
||||
fuECHO "### Adding upstart config for the glastopf docker image."
|
||||
tee /etc/init/glastopf.conf <<EOF
|
||||
description "Glastopf"
|
||||
author "mo"
|
||||
start on started docker and filesystem
|
||||
stop on runlevel [!2345]
|
||||
respawn
|
||||
script
|
||||
sleep 1
|
||||
/usr/bin/docker run --name glastopf --rm=true -p 80:80 -v /data/glastopf dtagdevsec/glastopf
|
||||
end script
|
||||
post-stop script
|
||||
sleep 1
|
||||
/usr/bin/docker rm glastopf
|
||||
end script
|
||||
EOF
|
||||
|
||||
# Let's create an upstart config for the honeytrap docker image
|
||||
fuECHO "### Adding upstart config for the honeytrap docker image."
|
||||
tee /etc/init/honeytrap.conf <<EOF
|
||||
description "Honeytrap"
|
||||
author "mo"
|
||||
start on started docker and filesystem
|
||||
stop on runlevel [!2345]
|
||||
respawn
|
||||
pre-start script
|
||||
sleep 1
|
||||
/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
|
||||
end script
|
||||
script
|
||||
sleep 1
|
||||
/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap dtagdevsec/honeytrap
|
||||
end script
|
||||
post-stop script
|
||||
sleep 1
|
||||
/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061,64295,64296 -j NFQUEUE
|
||||
/usr/bin/docker rm honeytrap
|
||||
end script
|
||||
EOF
|
||||
|
||||
# Let's create an upstart config for the kippo docker image
|
||||
fuECHO "### Adding upstart config for the kippo docker image."
|
||||
tee /etc/init/kippo.conf <<EOF
|
||||
description "Kippo"
|
||||
author "mo"
|
||||
start on started docker and filesystem
|
||||
stop on runlevel [!2345]
|
||||
respawn
|
||||
script
|
||||
sleep 1
|
||||
/usr/bin/docker run --name kippo --rm=true -p 22:2222 -v /data/kippo dtagdevsec/kippo
|
||||
end script
|
||||
post-stop script
|
||||
sleep 1
|
||||
/usr/bin/docker rm kippo
|
||||
end script
|
||||
EOF
|
||||
|
||||
# Let's create an upstart config for the suricata docker image
|
||||
fuECHO "### Adding upstart config for the suricata docker image."
|
||||
tee /etc/init/suricata.conf <<EOF
|
||||
description "Suricata"
|
||||
author "mo"
|
||||
start on started docker and filesystem
|
||||
stop on runlevel [!2345]
|
||||
respawn
|
||||
pre-start script
|
||||
sleep 1
|
||||
myIF=\$(route | grep default | awk '{ print \$8 }')
|
||||
/sbin/ethtool --offload \$myIF rx off tx off
|
||||
/sbin/ethtool -K \$myIF gso off gro off
|
||||
/sbin/ip link set \$myIF promisc on
|
||||
end script
|
||||
script
|
||||
sleep 1
|
||||
/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata/ dtagdevsec/suricata
|
||||
end script
|
||||
post-stop script
|
||||
sleep 1
|
||||
/usr/bin/docker rm suricata
|
||||
end script
|
||||
EOF
|
||||
|
||||
# Let's load docker images from remote
|
||||
fuECHO "### Downloading docker images from DockerHub. Please be patient, this may take a while."
|
||||
for name in dionaea elk ews glastopf honeytrap kippo suricata
|
||||
@ -292,39 +97,26 @@ APT::Periodic::Download-Upgradeable-Packages "0";
|
||||
APT::Periodic::AutocleanInterval "7";
|
||||
EOF
|
||||
|
||||
# Let's add "docker ps" output to /dev/tty2 every 60s
|
||||
fuECHO "### Adding useful docker output to tty2"
|
||||
# Let's add some conrjobs
|
||||
fuECHO "### Adding cronjobs."
|
||||
tee -a /etc/crontab <<EOF
|
||||
|
||||
# Show running containers every 60s via /dev/tty2
|
||||
*/1 * * * * root echo > /dev/tty2; date > /dev/tty2; docker ps > /dev/tty2; echo > /dev/tty2
|
||||
EOF
|
||||
|
||||
# Let's add a nice and useful issue text and update rc.local accordingly
|
||||
fuECHO "### Adding a nice and useful issue text and updating rc.local accordingly."
|
||||
tee /etc/issue <<EOF
|
||||
T-Pot Community Edition
|
||||
Hostname: \n
|
||||
IP:
|
||||
|
||||
|
||||
___________ _____________________________
|
||||
\\\__ ___/ \\\______ \\\_____ \\\__ ___/
|
||||
| | ______ | ___// | \\\| |
|
||||
| | /_____/ | | / | \\\ |
|
||||
|____| |____| \\\_______ /____|
|
||||
\\\/
|
||||
|
||||
|
||||
CTRL+ALT+F2 - Display current container status
|
||||
CTRL+ALT+F1 - Return to this screen
|
||||
|
||||
*/2 * * * * root /usr/bin/status.sh 2 > /dev/tty2
|
||||
|
||||
# Check if containers and services are up
|
||||
*/5 * * * * root /usr/bin/check.sh
|
||||
EOF
|
||||
|
||||
# Let's update rc.local
|
||||
fuECHO "### Updating rc.local."
|
||||
tee /etc/rc.local.new <<EOF
|
||||
#!/bin/sh -e
|
||||
# Let's add the first local ip to the /etc/issue file
|
||||
sed -i "s#IP:.*#IP: \$(hostname -I | awk '{ print \$1 }')#" /etc/issue
|
||||
if [ -f /var/run/check.lock ];
|
||||
then rm /var/run/check.lock
|
||||
fi
|
||||
setupcon
|
||||
exit 0
|
||||
EOF
|
||||
@ -333,4 +125,6 @@ chmod +x /etc/rc.local.new
|
||||
|
||||
# Final steps
|
||||
fuECHO "### Thanks for your patience. Now rebooting."
|
||||
mv /root/upstart/*.conf /etc/init/
|
||||
rm -rf /root/upstart/
|
||||
mv /etc/rc.local.new /etc/rc.local && chage -d 0 tsec && sleep 2 && reboot
|
||||
|
Reference in New Issue
Block a user