diff --git a/installer/bin/check.sh b/installer/bin/check.sh index ddb46217..0ea3423c 100755 --- a/installer/bin/check.sh +++ b/installer/bin/check.sh @@ -12,14 +12,14 @@ if [ -a /var/run/check.lock ]; exit fi -myIMAGES=$(cat /data/images.conf) +myIMAGES=$(cat /etc/tpot/images.conf) touch /var/run/check.lock myUPTIME=$(awk '{print int($1/60)}' /proc/uptime) for i in $myIMAGES do - if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ]; + if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ] && [ "$i" != "spiderfoot" ]; then myCIDSTATUS=$(docker exec $i supervisorctl status) if [ $? -ne 0 ]; diff --git a/installer/bin/dcres.sh b/installer/bin/dcres.sh index 93bce3b5..26e1f884 100755 --- a/installer/bin/dcres.sh +++ b/installer/bin/dcres.sh @@ -29,7 +29,7 @@ do myCOUNT=$[$myCOUNT +1] done -myIMAGES=$(cat /data/images.conf) +myIMAGES=$(cat /etc/tpot/images.conf) touch /var/run/check.lock diff --git a/installer/bin/dps.sh b/installer/bin/dps.sh index 1b0e9748..3a12913f 100755 --- a/installer/bin/dps.sh +++ b/installer/bin/dps.sh @@ -1,6 +1,13 @@ #/bin/bash + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + stty sane +} +trap fuCLEANUP EXIT + stty -echo -icanon time 0 min 0 -myIMAGES=$(cat /data/images.conf) +myIMAGES=$(cat /etc/tpot/images.conf) while true do clear @@ -11,7 +18,14 @@ while true echo echo "NAME CREATED PORTS" for i in $myIMAGES; do - /usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1 + mySTATUS=$(/usr/bin/docker ps -f name=$i --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' /bin/egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' /bin/egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' /bin/egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$" | tail -n 1) + myDOWN=$(echo "$mySTATUS" | grep -c "NAMES") + if [ "$myDOWN" = "1" ]; + then + printf "%-19s Down\n" $i + else + printf "$mySTATUS\n" + fi if [ "$1" = "vv" ]; then /usr/bin/docker exec -t $i /bin/ps -awfuwfxwf | egrep -v -E "awfuwfxwf|/bin/ps" @@ -23,10 +37,4 @@ while true else break fi - read myKEY - if [ "$myKEY" == "q" ]; - then - break; - fi done -stty sane diff --git a/installer/bin/status.sh b/installer/bin/status.sh index e39280cf..a37900c1 100755 --- a/installer/bin/status.sh +++ b/installer/bin/status.sh @@ -10,7 +10,7 @@ myCOUNT=1 if [[ $1 == "" ]] then - myIMAGES=$(cat /data/images.conf) + myIMAGES=$(cat /etc/tpot/images.conf) else myIMAGES=$1 fi @@ -42,7 +42,7 @@ echo CPU temp: $(sensors | grep "Physical" | awk '{ print $4 }') echo for i in $myIMAGES do - if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ]; + if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ] && [ "$i" != "spiderfoot" ]; then echo "======| Container:" $i "|======" docker exec $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$" diff --git a/installer/bin/update-images.sh b/installer/bin/update-images.sh index 52814057..d9484217 100755 --- a/installer/bin/update-images.sh +++ b/installer/bin/update-images.sh @@ -34,7 +34,7 @@ touch /var/run/check.lock # Stop T-Pot services and disable all T-Pot services echo "### Stopping T-Pot services and cleaning up." -for i in $(cat /data/imgcfg/all_images.conf); +for i in $(cat /etc/tpot/imgcfg/all_images.conf); do systemctl stop $i sleep 2 @@ -58,7 +58,7 @@ systemctl start docker sleep 1 # Enable only T-Pot systemd scripts from images.conf and pull the images -for i in $(cat /data/images.conf); +for i in $(cat /etc/tpot/images.conf); do echo echo "### Now pulling "$i diff --git a/installer/data/elkbase.tgz b/installer/data/elkbase.tgz index 02c4ff86..1de642ff 100644 Binary files a/installer/data/elkbase.tgz and b/installer/data/elkbase.tgz differ diff --git a/installer/data/imgcfg/all_images.conf b/installer/data/imgcfg/all_images.conf index 34a4d78d..0662fa64 100644 --- a/installer/data/imgcfg/all_images.conf +++ b/installer/data/imgcfg/all_images.conf @@ -10,3 +10,4 @@ honeytrap suricata netdata ui-for-docker +spiderfoot diff --git a/installer/data/imgcfg/industrial_images.conf b/installer/data/imgcfg/industrial_images.conf index 0ca45fbc..a3885f19 100644 --- a/installer/data/imgcfg/industrial_images.conf +++ b/installer/data/imgcfg/industrial_images.conf @@ -5,3 +5,4 @@ ewsposter suricata netdata ui-for-docker +spiderfoot diff --git a/installer/data/imgcfg/tpot_images.conf b/installer/data/imgcfg/tpot_images.conf index b5cf2271..d292acf4 100644 --- a/installer/data/imgcfg/tpot_images.conf +++ b/installer/data/imgcfg/tpot_images.conf @@ -8,3 +8,4 @@ honeytrap suricata netdata ui-for-docker +spiderfoot diff --git a/installer/data/kibana-objects.tgz b/installer/data/kibana-objects.tgz index cb05b060..3791d58e 100644 Binary files a/installer/data/kibana-objects.tgz and b/installer/data/kibana-objects.tgz differ diff --git a/installer/data/systemd/conpot.service b/installer/data/systemd/conpot.service index d36c7555..a60d6b04 100644 --- a/installer/data/systemd/conpot.service +++ b/installer/data/systemd/conpot.service @@ -7,7 +7,7 @@ After=docker.service Restart=always ExecStartPre=-/usr/bin/docker stop conpot ExecStartPre=-/usr/bin/docker rm -v conpot -ExecStartPre=/bin/bash -c '/usr/bin/clean.sh conpot off' +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh conpot off' ExecStart=/usr/bin/docker run --name conpot --rm=true -v /data/conpot:/data/conpot -v /data/ews:/data/ews -p 1025:1025 -p 50100:50100 dtagdevsec/conpot:1706 ExecStop=/usr/bin/docker stop conpot diff --git a/installer/data/systemd/cowrie.service b/installer/data/systemd/cowrie.service index ad70ab42..a52633ce 100644 --- a/installer/data/systemd/cowrie.service +++ b/installer/data/systemd/cowrie.service @@ -7,7 +7,7 @@ After=docker.service Restart=always ExecStartPre=-/usr/bin/docker stop cowrie ExecStartPre=-/usr/bin/docker rm -v cowrie -ExecStartPre=/bin/bash -c '/usr/bin/clean.sh cowrie off' +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh cowrie off' ExecStart=/usr/bin/docker run --name cowrie --rm=true -p 22:2222 -p 23:2223 -v /data/cowrie:/data/cowrie -v /data/ews:/data/ews dtagdevsec/cowrie:1706 ExecStop=/usr/bin/docker stop cowrie diff --git a/installer/data/systemd/dionaea.service b/installer/data/systemd/dionaea.service index b2e13578..87385f7f 100644 --- a/installer/data/systemd/dionaea.service +++ b/installer/data/systemd/dionaea.service @@ -7,7 +7,7 @@ After=docker.service Restart=always ExecStartPre=-/usr/bin/docker stop dionaea ExecStartPre=-/usr/bin/docker rm -v dionaea -ExecStartPre=/bin/bash -c '/usr/bin/clean.sh dionaea off' +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh dionaea off' ExecStart=/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 69:69/udp -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 1723:1723 -p 1883:1883 -p 1900:1900 -p 3306:3306 -p 5060:5060 -p 5061:5061 -p 5060:5060/udp -p 11211:11211 -v /data/dionaea:/data/dionaea dtagdevsec/dionaea:1706 ExecStop=/usr/bin/docker stop dionaea diff --git a/installer/data/systemd/elasticpot.service b/installer/data/systemd/elasticpot.service index 5cd8bc9e..3b0ed484 100644 --- a/installer/data/systemd/elasticpot.service +++ b/installer/data/systemd/elasticpot.service @@ -7,7 +7,7 @@ After=docker.service Restart=always ExecStartPre=-/usr/bin/docker stop elasticpot ExecStartPre=-/usr/bin/docker rm -v elasticpot -ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elasticpot off' +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elasticpot off' ExecStart=/usr/bin/docker run --name elasticpot --rm=true -v /data/elasticpot:/data/elasticpot -p 9200:9200 dtagdevsec/elasticpot:1706 ExecStop=/usr/bin/docker stop elasticpot diff --git a/installer/data/systemd/elk.service b/installer/data/systemd/elk.service index 2102f5d9..3fe38e38 100644 --- a/installer/data/systemd/elk.service +++ b/installer/data/systemd/elk.service @@ -7,8 +7,8 @@ After=docker.service Restart=always ExecStartPre=-/usr/bin/docker stop elk ExecStartPre=-/usr/bin/docker rm -v elk -ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk' -ExecStart=/usr/bin/docker run --name=elk --env-file /data/elk/environment --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64302:9100 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:1706 +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh elk' +ExecStart=/usr/bin/docker run --name=elk --env-file /etc/tpot/elk/environment --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64302:9100 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:1706 ExecStop=/usr/bin/docker stop elk [Install] diff --git a/installer/data/systemd/emobility.service b/installer/data/systemd/emobility.service index 465a639d..cc96e0b8 100644 --- a/installer/data/systemd/emobility.service +++ b/installer/data/systemd/emobility.service @@ -7,7 +7,7 @@ After=docker.service Restart=always ExecStartPre=-/usr/bin/docker stop emobility ExecStartPre=-/usr/bin/docker rm -v emobility -ExecStartPre=/bin/bash -c '/usr/bin/clean.sh emobility off' +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh emobility off' ExecStart=/usr/bin/docker run --name emobility --cap-add=NET_ADMIN -p 8080:8080 -v /data/emobility:/data/eMobility -v /data/ews:/data/ews --rm=true dtagdevsec/emobility:1706 ExecStop=/usr/bin/docker stop emobility diff --git a/installer/data/systemd/glastopf.service b/installer/data/systemd/glastopf.service index 2f256fe6..1ac6f39b 100644 --- a/installer/data/systemd/glastopf.service +++ b/installer/data/systemd/glastopf.service @@ -7,7 +7,7 @@ After=docker.service Restart=always ExecStartPre=-/usr/bin/docker stop glastopf ExecStartPre=-/usr/bin/docker rm -v glastopf -ExecStartPre=/bin/bash -c '/usr/bin/clean.sh glastopf off' +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh glastopf off' ExecStart=/usr/bin/docker run --name glastopf --rm=true -v /data/glastopf:/data/glastopf -v /data/ews:/data/ews -p 80:80 dtagdevsec/glastopf:1706 ExecStop=/usr/bin/docker stop glastopf diff --git a/installer/data/systemd/honeytrap.service b/installer/data/systemd/honeytrap.service index 5747ed98..a3b2f5f2 100644 --- a/installer/data/systemd/honeytrap.service +++ b/installer/data/systemd/honeytrap.service @@ -7,15 +7,15 @@ After=docker.service Restart=always ExecStartPre=-/usr/bin/docker stop honeytrap ExecStartPre=-/usr/bin/docker rm -v honeytrap -ExecStartPre=/bin/bash -c '/usr/bin/clean.sh honeytrap off' +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh honeytrap off' ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:1706 ExecStop=/usr/bin/docker stop honeytrap ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301,64302,64303 -j NFQUEUE ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE diff --git a/installer/data/systemd/spiderfoot.service b/installer/data/systemd/spiderfoot.service new file mode 100644 index 00000000..acae2287 --- /dev/null +++ b/installer/data/systemd/spiderfoot.service @@ -0,0 +1,14 @@ +[Unit] +Description=spiderfoot +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker stop spiderfoot +ExecStartPre=-/usr/bin/docker rm -v spiderfoot +ExecStart=/usr/bin/docker run --name spiderfoot --rm=true -p 127.0.0.1:64303:8080 dtagdevsec/spiderfoot:1706 +ExecStop=/usr/bin/docker stop spiderfoot + +[Install] +WantedBy=multi-user.target diff --git a/installer/data/systemd/suricata.service b/installer/data/systemd/suricata.service index 99a9cff6..d062895f 100644 --- a/installer/data/systemd/suricata.service +++ b/installer/data/systemd/suricata.service @@ -11,7 +11,7 @@ ExecStartPre=-/usr/bin/docker rm -v suricata ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') rx off tx off' ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') gso off gro off' ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip route | /bin/grep $(/bin/hostname -I | /usr/bin/awk \'{print $1 }\') | /usr/bin/awk \'{print $3 }\') promisc on' -ExecStartPre=/bin/bash -c '/usr/bin/clean.sh suricata off' +ExecStartPre=/bin/bash -c '/usr/share/tpot/bin/clean.sh suricata off' ExecStart=/usr/bin/docker run --name suricata --cap-add=NET_ADMIN --net=host --rm=true -v /data/suricata:/data/suricata dtagdevsec/suricata:1706 ExecStop=/usr/bin/docker stop suricata diff --git a/installer/etc/nginx/tpotweb.conf b/installer/etc/nginx/tpotweb.conf index e24cffde..00eb95ee 100644 --- a/installer/etc/nginx/tpotweb.conf +++ b/installer/etc/nginx/tpotweb.conf @@ -104,42 +104,22 @@ server { ### Kibana location /kibana/ { proxy_pass http://localhost:64296; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; rewrite /kibana/(.*)$ /$1 break; } ### ES location /es/ { proxy_pass http://localhost:64298/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_redirect off; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-NginX-Proxy true; rewrite /es/(.*)$ /$1 break; } - ### Head standalone + ### head standalone location /myhead/ { proxy_pass http://localhost:64302/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_redirect off; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-NginX-Proxy true; rewrite /myhead/(.*)$ /$1 break; } - ### ui-for-docker + ### portainer location /ui { proxy_pass http://127.0.0.1:64299; proxy_http_version 1.1; @@ -152,28 +132,24 @@ server { ### web tty location /wetty { proxy_pass http://127.0.0.1:64300/wetty; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 43200000; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; } ### netdata location /netdata/ { - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:64301; - proxy_http_version 1.1; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; rewrite /netdata/(.*)$ /$1 break; } -} + ### spiderfoot + location /spiderfoot { + proxy_pass http://127.0.0.1:64303; + } + location /static { + proxy_pass http://127.0.0.1:64303/spiderfoot/static; + } + + location /scanviz { + proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz; + } +} diff --git a/installer/etc/rc.local b/installer/etc/rc.local index 44bbab5c..8e5ade55 100755 --- a/installer/etc/rc.local +++ b/installer/etc/rc.local @@ -2,7 +2,7 @@ # Let's add the first local ip to the /etc/issue and external ip to ews.ip file source /etc/environment myLOCALIP=$(hostname -I | awk '{ print $1 }') -myEXTIP=$(/usr/bin/myip.sh) +myEXTIP=$(/usr/share/tpot/bin/myip.sh) sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue @@ -10,7 +10,7 @@ tee /data/ews/conf/ews.ip << EOF [MAIN] ip = $myEXTIP EOF -tee /data/elk/environment << EOF +tee /etc/tpot/elk/environment << EOF MY_EXTIP=$myEXTIP MY_HOSTNAME=$HOSTNAME EOF diff --git a/installer/install.sh b/installer/install.sh index 0722a794..d53a0144 100755 --- a/installer/install.sh +++ b/installer/install.sh @@ -39,12 +39,6 @@ fuRANDOMWORD () { echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z) } -# Let's make sure there is a warning if running for a second time -#if [ -f install.log ]; -# then fuECHO "### Running more than once may complicate things. Erase install.log if you are really sure." -# exit 1; -#fi - # Let's setup the proxy for env if [ -f $myPROXYFILEPATH ]; then fuECHO "### Setting up the proxy." @@ -102,7 +96,7 @@ myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose your "INDUSTRIAL" "Conpot, eMobility, Suricata & ELK" \ "EVERYTHING" "Everything" 3>&1 1>&2 2>&3 3>&-) -# Let's ask user for a web user and password +# Let's ask user for a web username and password myOK="1" myUSER="tsec" while [ 1 != 2 ] @@ -303,12 +297,6 @@ Match address 127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 PasswordAuthentication yes EOF -# Let's patch docker defaults, so we can run images as service -#fuECHO "### Patching docker defaults." -#tee -a /etc/default/docker < /dev/tty2 - # Check if containers and services are up */5 * * * * root check.sh @@ -373,7 +358,7 @@ tee -a /etc/crontab <:/api delete --filters resource= && alerta --endpoint-url http://:/api send -e IP -r -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open # Check if updated images are available and download them -27 1 * * * root for i in \$(cat /data/images.conf); do docker pull dtagdevsec/\$i:1706; done +27 1 * * * root for i in \$(cat /etc/tpot/images.conf); do docker pull dtagdevsec/\$i:1706; done # Restart docker service and containers 27 3 * * * root dcres.sh @@ -401,7 +386,9 @@ mkdir -p /data/conpot/log \ /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \ /data/emobility/log \ /data/ews/conf \ - /data/suricata/log /home/tsec/.ssh/ + /data/suricata/log /home/tsec/.ssh/ \ + /etc/tpot/elk /etc/tpot/imgcfg /etc/tpot/systemd \ + /usr/share/tpot/bin # Let's take care of some files and permissions before copying chmod 500 /root/tpot/bin/* @@ -412,9 +399,8 @@ chmod 644 /root/tpot/data/systemd/* # Let's copy some files tar xvfz /root/tpot/data/elkbase.tgz -C / -cp /root/tpot/data/elkbase.tgz /data/ -cp -R /root/tpot/bin/* /usr/bin/ -cp -R /root/tpot/data/* /data/ +cp -R /root/tpot/bin/* /usr/share/tpot/bin/ +cp -R /root/tpot/data/* /etc/tpot/ cp /root/tpot/data/systemd/* /etc/systemd/system/ cp /root/tpot/etc/issue /etc/ cp -R /root/tpot/etc/nginx/ssl /etc/nginx/ @@ -453,20 +439,22 @@ sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup update-initramfs -u -# Let's enable a color prompt +# Let's enable a color prompt and add /usr/share/tpot/bin to path myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' tee -a /root/.bashrc << EOF $myROOTPROMPT +PATH="$PATH:/usr/share/tpot/bin" EOF tee -a /home/tsec/.bashrc << EOF $myUSERPROMPT +PATH="$PATH:/usr/share/tpot/bin" EOF # Let's create ews.ip before reboot and prevent race condition for first start source /etc/environment myLOCALIP=$(hostname -I | awk '{ print $1 }') -myEXTIP=$(/usr/bin/myip.sh) +myEXTIP=$(/usr/share/tpot/bin/myip.sh) sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue @@ -474,6 +462,10 @@ tee /data/ews/conf/ews.ip << EOF [MAIN] ip = $myEXTIP EOF +tee /etc/tpot/elk/environment << EOF +MY_EXTIP=$myEXTIP +MY_HOSTNAME=$HOSTNAME +EOF echo $myLOCALIP > /data/elk/logstash/mylocal.ip chown tpot:tpot /data/ews/conf/ews.ip diff --git a/installer/usr/share/nginx/html/navbar.html b/installer/usr/share/nginx/html/navbar.html index 5b89dfbe..21dce9d6 100644 --- a/installer/usr/share/nginx/html/navbar.html +++ b/installer/usr/share/nginx/html/navbar.html @@ -12,9 +12,10 @@ Home Kibana ES Head + Netdata + Spiderfoot Portainer WebSSH - Netdata