mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
Update folder naming
This commit is contained in:
5
cloud/ansible/openstack/ansible.cfg
Normal file
5
cloud/ansible/openstack/ansible.cfg
Normal file
@ -0,0 +1,5 @@
|
||||
[defaults]
|
||||
host_key_checking = false
|
||||
|
||||
[ssh_connection]
|
||||
scp_if_ssh = true
|
25
cloud/ansible/openstack/deploy_tpot.yaml
Normal file
25
cloud/ansible/openstack/deploy_tpot.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
- name: Check host prerequisites
|
||||
hosts: localhost
|
||||
become: yes
|
||||
become_user: root
|
||||
become_method: sudo
|
||||
roles:
|
||||
- check
|
||||
|
||||
- name: Deploy instance
|
||||
hosts: localhost
|
||||
roles:
|
||||
- deploy
|
||||
|
||||
- name: Install T-Pot on new instance
|
||||
hosts: TPOT
|
||||
remote_user: linux
|
||||
become: yes
|
||||
become_user: root
|
||||
become_method: sudo
|
||||
gather_facts: no
|
||||
roles:
|
||||
- install
|
||||
# - custom_ews
|
||||
# - custom_hpfeeds
|
||||
- reboot
|
25
cloud/ansible/openstack/roles/check/tasks/main.yaml
Normal file
25
cloud/ansible/openstack/roles/check/tasks/main.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
- name: Install pwgen
|
||||
apt:
|
||||
name: pwgen
|
||||
|
||||
- name: Install setuptools
|
||||
apt:
|
||||
name: python-setuptools
|
||||
|
||||
- name: Install pip
|
||||
apt:
|
||||
name: python-pip
|
||||
|
||||
- name: Install openstacksdk
|
||||
pip:
|
||||
name: openstacksdk
|
||||
|
||||
- name: Set fact for agent forwarding
|
||||
set_fact:
|
||||
agent_forwarding: "{{ lookup('env','SSH_AUTH_SOCK') }}"
|
||||
|
||||
- name: Check if agent forwarding is enabled
|
||||
fail:
|
||||
msg: Please enable agent forwarding to allow Ansible to connect to the remote host!
|
||||
ignore_errors: yes
|
||||
when: agent_forwarding == ""
|
13
cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml
Normal file
13
cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
- name: Copy ews configuration file
|
||||
template:
|
||||
src: ../templates/ews.cfg
|
||||
dest: /data/ews/conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Patching tpot.yml with custom ews configuration file
|
||||
lineinfile:
|
||||
path: /opt/tpot/etc/tpot.yml
|
||||
insertafter: '/opt/ewsposter/ews.ip'
|
||||
line: ' - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg'
|
137
cloud/ansible/openstack/roles/custom_ews/templates/ews.cfg
Normal file
137
cloud/ansible/openstack/roles/custom_ews/templates/ews.cfg
Normal file
@ -0,0 +1,137 @@
|
||||
[MAIN]
|
||||
homedir = /opt/ewsposter/
|
||||
spooldir = /opt/ewsposter/spool/
|
||||
logdir = /opt/ewsposter/log/
|
||||
del_malware_after_send = false
|
||||
send_malware = true
|
||||
sendlimit = 500
|
||||
contact = your_email_address
|
||||
proxy =
|
||||
ip =
|
||||
|
||||
[EWS]
|
||||
ews = true
|
||||
username = your_username
|
||||
token = your_token
|
||||
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
|
||||
rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
|
||||
ignorecert = false
|
||||
|
||||
[HPFEED]
|
||||
hpfeed = %(EWS_HPFEEDS_ENABLE)s
|
||||
host = %(EWS_HPFEEDS_HOST)s
|
||||
port = %(EWS_HPFEEDS_PORT)s
|
||||
channels = %(EWS_HPFEEDS_CHANNELS)s
|
||||
ident = %(EWS_HPFEEDS_IDENT)s
|
||||
secret= %(EWS_HPFEEDS_SECRET)s
|
||||
# path/to/certificate for tls broker - or "false" for non-tls broker
|
||||
tlscert = %(EWS_HPFEEDS_TLSCERT)s
|
||||
# hpfeeds submission format: "ews" (xml) or "json"
|
||||
hpfformat = %(EWS_HPFEEDS_FORMAT)s
|
||||
|
||||
[EWSJSON]
|
||||
json = false
|
||||
jsondir = /data/ews/json/
|
||||
|
||||
[GLASTOPFV3]
|
||||
glastopfv3 = true
|
||||
nodeid = glastopfv3-{{ ansible_hostname }}
|
||||
sqlitedb = /data/glastopf/db/glastopf.db
|
||||
malwaredir = /data/glastopf/data/files/
|
||||
|
||||
[GLASTOPFV2]
|
||||
glastopfv2 = false
|
||||
nodeid =
|
||||
mysqlhost =
|
||||
mysqldb =
|
||||
mysqluser =
|
||||
mysqlpw =
|
||||
malwaredir =
|
||||
|
||||
[KIPPO]
|
||||
kippo = false
|
||||
nodeid =
|
||||
mysqlhost =
|
||||
mysqldb =
|
||||
mysqluser =
|
||||
mysqlpw =
|
||||
malwaredir =
|
||||
|
||||
[COWRIE]
|
||||
cowrie = true
|
||||
nodeid = cowrie-{{ ansible_hostname }}
|
||||
logfile = /data/cowrie/log/cowrie.json
|
||||
|
||||
[DIONAEA]
|
||||
dionaea = true
|
||||
nodeid = dionaea-{{ ansible_hostname }}
|
||||
malwaredir = /data/dionaea/binaries/
|
||||
sqlitedb = /data/dionaea/log/dionaea.sqlite
|
||||
|
||||
[HONEYTRAP]
|
||||
honeytrap = true
|
||||
nodeid = honeytrap-{{ ansible_hostname }}
|
||||
newversion = true
|
||||
payloaddir = /data/honeytrap/attacks/
|
||||
attackerfile = /data/honeytrap/log/attacker.log
|
||||
|
||||
[RDPDETECT]
|
||||
rdpdetect = false
|
||||
nodeid =
|
||||
iptableslog =
|
||||
targetip =
|
||||
|
||||
[EMOBILITY]
|
||||
eMobility = false
|
||||
nodeid = emobility-{{ ansible_hostname }}
|
||||
logfile = /data/emobility/log/centralsystemEWS.log
|
||||
|
||||
[CONPOT]
|
||||
conpot = true
|
||||
nodeid = conpot-{{ ansible_hostname }}
|
||||
logfile = /data/conpot/log/conpot*.json
|
||||
|
||||
[ELASTICPOT]
|
||||
elasticpot = true
|
||||
nodeid = elasticpot-{{ ansible_hostname }}
|
||||
logfile = /data/elasticpot/log/elasticpot.log
|
||||
|
||||
[SURICATA]
|
||||
suricata = true
|
||||
nodeid = suricata-{{ ansible_hostname }}
|
||||
logfile = /data/suricata/log/eve.json
|
||||
|
||||
[MAILONEY]
|
||||
mailoney = true
|
||||
nodeid = mailoney-{{ ansible_hostname }}
|
||||
logfile = /data/mailoney/log/commands.log
|
||||
|
||||
[RDPY]
|
||||
rdpy = true
|
||||
nodeid = rdpy-{{ ansible_hostname }}
|
||||
logfile = /data/rdpy/log/rdpy.log
|
||||
|
||||
[VNCLOWPOT]
|
||||
vnclowpot = true
|
||||
nodeid = vnclowpot-{{ ansible_hostname }}
|
||||
logfile = /data/vnclowpot/log/vnclowpot.log
|
||||
|
||||
[HERALDING]
|
||||
heralding = true
|
||||
nodeid = heralding-{{ ansible_hostname }}
|
||||
logfile = /data/heralding/log/auth.csv
|
||||
|
||||
[CISCOASA]
|
||||
ciscoasa = true
|
||||
nodeid = ciscoasa-{{ ansible_hostname }}
|
||||
logfile = /data/ciscoasa/log/ciscoasa.log
|
||||
|
||||
[TANNER]
|
||||
tanner = true
|
||||
nodeid = tanner-{{ ansible_hostname }}
|
||||
logfile = /data/tanner/log/tanner_report.json
|
||||
|
||||
[GLUTTON]
|
||||
glutton = true
|
||||
nodeid = glutton-{{ ansible_hostname }}
|
||||
logfile = /data/glutton/log/glutton.log
|
10
cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml
Normal file
10
cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml
Normal file
@ -0,0 +1,10 @@
|
||||
- name: Copy hpfeeds configuration file
|
||||
template:
|
||||
src: ../templates/hpfeeds.cfg
|
||||
dest: /data/ews/conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Applying hpfeeds settings
|
||||
command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
|
@ -0,0 +1,8 @@
|
||||
myENABLE=false
|
||||
myHOST=host
|
||||
myPORT=port
|
||||
myCHANNEL=channels
|
||||
myCERT=false
|
||||
myIDENT=user
|
||||
mySECRET=secret
|
||||
myFORMAT=json
|
34
cloud/ansible/openstack/roles/deploy/tasks/main.yaml
Normal file
34
cloud/ansible/openstack/roles/deploy/tasks/main.yaml
Normal file
@ -0,0 +1,34 @@
|
||||
- name: Create T-Pot name
|
||||
shell: echo t-pot-otc-$(pwgen -ns 6 -1)
|
||||
register: tpot_name
|
||||
|
||||
- name: Import OpenStack authentication variables
|
||||
include_vars:
|
||||
file: roles/deploy/vars/os_auth.yaml
|
||||
|
||||
- name: Launch an instance
|
||||
os_server:
|
||||
auth:
|
||||
auth_url: "{{ auth_url }}"
|
||||
username: "{{ username }}"
|
||||
password: "{{ password }}"
|
||||
project_name: "{{ project_name }}"
|
||||
os_user_domain_name: "{{ os_user_domain_name }}"
|
||||
name: "{{ tpot_name.stdout }}"
|
||||
region_name: "{{ region_name }}"
|
||||
availability_zone: "{{ availability_zone }}"
|
||||
image: "{{ image }}"
|
||||
boot_from_volume: yes
|
||||
volume_size: "{{ volume_size }}"
|
||||
key_name: "{{ key_name }}"
|
||||
timeout: 200
|
||||
flavor: "{{ flavor }}"
|
||||
security_groups: "{{ security_groups }}"
|
||||
network: "{{ network }}"
|
||||
register: tpot
|
||||
|
||||
- name: Add instance to inventory
|
||||
add_host:
|
||||
hostname: "{{ tpot_name.stdout }}"
|
||||
ansible_host: "{{ tpot.server.public_v4 }}"
|
||||
groups: TPOT
|
8
cloud/ansible/openstack/roles/deploy/vars/main.yaml
Normal file
8
cloud/ansible/openstack/roles/deploy/vars/main.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
region_name: eu-de
|
||||
availability_zone: eu-de-03
|
||||
image: Standard_Debian_9_latest
|
||||
volume_size: 128
|
||||
key_name: your-KeyPair
|
||||
flavor: s2.medium.8
|
||||
security_groups: your-sg
|
||||
network: your-network-id
|
5
cloud/ansible/openstack/roles/deploy/vars/os_auth.yaml
Normal file
5
cloud/ansible/openstack/roles/deploy/vars/os_auth.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
auth_url: https://iam.eu-de.otc.t-systems.com/v3
|
||||
username: your_api_user
|
||||
password: your_password
|
||||
project_name: eu-de_your_project
|
||||
os_user_domain_name: OTC-EU-DE-000000000010000XXXXX
|
50
cloud/ansible/openstack/roles/install/tasks/main.yaml
Normal file
50
cloud/ansible/openstack/roles/install/tasks/main.yaml
Normal file
@ -0,0 +1,50 @@
|
||||
- name: Waiting for SSH connection
|
||||
wait_for_connection:
|
||||
delay: 30
|
||||
timeout: 300
|
||||
|
||||
- name: Gathering Facts
|
||||
setup:
|
||||
|
||||
- name: Cloning t-pot install directory
|
||||
git:
|
||||
repo: "https://github.com/dtag-dev-sec/tpotce.git"
|
||||
dest: /root/tpot
|
||||
|
||||
- name: Prepare to set user password
|
||||
set_fact:
|
||||
user_password: "{{ linux_pass }}"
|
||||
user_salt: "s0mew1ck3dTpoT"
|
||||
|
||||
- name: Changing password for user linux to {{ user_password }}
|
||||
user:
|
||||
name: "linux"
|
||||
password: "{{ user_password | password_hash('sha512', user_salt) }}"
|
||||
state: present
|
||||
shell: /bin/bash
|
||||
update_password: always
|
||||
|
||||
- name: Copy t-pot configuration file
|
||||
template:
|
||||
src: ../../../../../../iso/installer/tpot.conf.dist
|
||||
dest: /root/tpot.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Install t-pot on ECS - be patient, this might take 15 to 30 minutes depending on the connection speed. No further output is given.
|
||||
command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
|
||||
|
||||
- name: Delete t-pot configuration file
|
||||
file:
|
||||
path: /root/tpot.conf
|
||||
state: absent
|
||||
|
||||
- name: Change unattended-upgrades to take default action
|
||||
blockinfile:
|
||||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
block: |
|
||||
Dpkg::Options {
|
||||
"--force-confdef";
|
||||
"--force-confold";
|
||||
}
|
1
cloud/ansible/openstack/roles/install/vars/main.yaml
Normal file
1
cloud/ansible/openstack/roles/install/vars/main.yaml
Normal file
@ -0,0 +1 @@
|
||||
linux_pass: LiNuXuSeRPaSs#
|
3
cloud/ansible/openstack/roles/reboot/tasks/main.yaml
Normal file
3
cloud/ansible/openstack/roles/reboot/tasks/main.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
- name: Finally rebooting t-pot in one minute - make sure your next login is on port 64295 or via https:// on port 64297
|
||||
shell: /sbin/shutdown -r -t 1
|
||||
become: true
|
Reference in New Issue
Block a user