From 95fdaebe15b7156d5c7a8b47a8ee60446dc03a47 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Fri, 15 Jun 2018 16:24:20 +0000 Subject: [PATCH 01/11] add config file for makeiso rework makeiso.sh / installer.sh to acommodate for the changes --- iso/installer/install.sh | 51 ++++++------ iso/installer/iso.conf.dist | 13 ++++ makeiso.sh | 151 ++++++++++++++++++++++-------------- 3 files changed, 133 insertions(+), 82 deletions(-) create mode 100644 iso/installer/iso.conf.dist diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 837c3487..da1ab1d1 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -9,15 +9,14 @@ export DIALOGRC=/etc/dialogrc cp /root/installer/dialogrc /etc/ # Some global vars -myPROXYFILEPATH="/root/installer/proxy" -myNTPCONFPATH="/root/installer/ntp" -myPFXPATH="/root/installer/keys/8021x.pfx" -myPFXPWPATH="/root/installer/keys/8021x.pw" -myPFXHOSTIDPATH="/root/installer/keys/8021x.id" +myNTPCONFFILE="/root/installer/ntp.conf" +myPFXFILE="/root/installer/keys/8021x.pfx" myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" myBACKTITLE="T-Pot-Installer" mySITES="https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com" myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" +myCONF_FILE="/root/installer/iso.conf" +myTPOT_CONF_FILE="/root/installer/tpot.conf" fuRANDOMWORD () { local myWORDFILE="$1" @@ -32,12 +31,25 @@ sleep 3 tput civis dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7 +# Let's load the iso config file +if [ -f $myCONF_FILE ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Found personalized iso.config ]" --msgbox "\nYour personalized settings will be applied!" 7 47 + source $myCONF_FILE + else + # dialog logic considers 1=false, 0=true + myCONF_PROXY_USE="1" + myCONF_SSH_PUBKEY_USE="1" + myCONF_PFX_USE="1" + myCONF_NTP_USE="1" +fi + # Let's setup the proxy for env -if [ -f $myPROXYFILEPATH ]; +if [ "$myCONF_PROXY_USE" == "0" ]; then dialog --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF <&1>/dev/null <&1>/dev/null <&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; # Let's setup the ntp server -if [ -f $myNTPCONFPATH ]; +if [ "$myCONF_NTP_USE" == "0" ]; then dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF + cp $myNTPCONFFILE /etc/ntp.conf 2>&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF fi # Let's setup 802.1x networking -if [ -f $myPFXPATH ]; +if [ "myCONF_PFX_USE" == "0" ]; then dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF - if [ -f $myPFXPWPATH ]; - then -dialog --title "[ Setting up 802.1x password ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF tee -a /etc/network/interfaces 2>&1>/dev/null < $myAUTHKEYSPATH +rm -rf $myTMP $myTPOTDIR $myPFXFILE $myNTPCONFFILE $myCONF_FILE +echo > $myAUTHKEYSFILE if [ -f $myTPOTSEED.bak ]; then mv $myTPOTSEED.bak $myTPOTSEED @@ -64,25 +82,6 @@ function valid_ip() return $stat } -# Let's check if all dependencies are met -myINST="" -for myDEPS in $myPACKAGES; -do - myOK=$(dpkg -s $myDEPS | grep ok | awk '{ print $3 }'); - if [ "$myOK" != "ok" ] - then - myINST=$(echo $myINST $myDEPS) - fi -done -if [ "$myINST" != "" ] - then - apt-get update -y - for myDEPS in $myINST; - do - apt-get install $myDEPS -y - done -fi - # Let's ask if the user wants to run the script ... dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Ubuntu Mini ISO and build the T-Pot Install Image." 8 50 mySTART=$? @@ -91,29 +90,39 @@ if [ "$mySTART" = "1" ]; exit fi +# Let's load the default config file +if [ -f $myCONF_DEFAULT_FILE ]; + then + source $myCONF_DEFAULT_FILE +fi + # Let's ask the user for a proxy ... while true; do dialog --backtitle "$myBACKTITLE" --title "[ Proxy Settings ]" --yesno "\nDo you want to configure a proxy?" 7 50 - myADDPROXY=$? - if [ "$myADDPROXY" = "0" ] + myCONF_PROXY_USE=$? + if [ "$myCONF_PROXY_USE" = "0" ] then myIPRESULT="false" while [ "$myIPRESULT" = "false" ]; do - myPROXYIP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy IP?" --inputbox "" 7 50 "1.2.3.4" 3>&1 1>&2 2>&3 3>&-) - if valid_ip $myPROXYIP; then myIPRESULT="true"; fi + myCONF_PROXY_IP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy IP?" --inputbox "" 7 50 "$myCONF_PROXY_IP" 3>&1 1>&2 2>&3 3>&-) + if valid_ip $myCONF_PROXY_IP; then myIPRESULT="true"; fi done myPORTRESULT="false" while [ "$myPORTRESULT" = "false" ]; do - myPROXYPORT=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy Port (i.e. 3128)?" --inputbox "" 7 50 "3128" 3>&1 1>&2 2>&3 3>&-) - if [[ $myPROXYPORT =~ ^-?[0-9]+$ ]] && [ $myPROXYPORT -gt 0 ] && [ $myPROXYPORT -lt 65536 ]; then myPORTRESULT="true"; fi + myCONF_PROXY_PORT=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy Port (i.e. 3128)?" --inputbox "" 7 50 "$myCONF_PROXY_PORT" 3>&1 1>&2 2>&3 3>&-) + if [[ $myCONF_PROXY_PORT =~ ^-?[0-9]+$ ]] && [ $myCONF_PROXY_PORT -gt 0 ] && [ $myCONF_PROXY_PORT -lt 65536 ]; then myPORTRESULT="true"; fi done - echo http://$myPROXYIP:$myPROXYPORT > $myPROXYCONFIG - sed -i.bak 's#d-i mirror/http/proxy.*#d-i mirror/http/proxy string http://'$myPROXYIP':'$myPROXYPORT'/#' $myTPOTSEED + ################################################################# + #echo http://$myCONF_PROXY_IP:$myCONF_PROXY_PORT > $myPROXYCONFIG + ################################################################# + sed -i.bak 's#d-i mirror/http/proxy.*#d-i mirror/http/proxy string http://'$myCONF_PROXY_IP':'$myCONF_PROXY_PORT'/#' $myTPOTSEED break else + myCONF_PROXY_IP="" + myCONF_PROXY_PORT="" break fi done @@ -122,19 +131,20 @@ done while true; do dialog --backtitle "$myBACKTITLE" --title "[ Add ssh keys? ]" --yesno "\nDo you want to add public key(s) to authorized_keys file?" 8 50 - myADDKEYS=$? - if [ "$myADDKEYS" = "0" ] + myCONF_SSH_PUBKEY_USE=$? + if [ "$myCONF_SSH_PUBKEY_USE" = "0" ] then - myKEYS=$(dialog --backtitle "$myBACKTITLE" --fselect "/" 15 50 3>&1 1>&2 2>&3 3>&-) - if [ -f "$myKEYS" ] + myCONF_SSH_PUBKEY_FILE=$(dialog --backtitle "$myBACKTITLE" --fselect "$myCONF_SSH_PUBKEY_FILE" 15 50 3>&1 1>&2 2>&3 3>&-) + if [ -f "$myCONF_SSH_PUBKEY_FILE" ] then - cat $myKEYS > $myAUTHKEYSPATH + cp $myCONF_SSH_PUBKEY_FILE $myAUTHKEYSFILE break else dialog --backtitle "$myBACKTITLE" --title "[ Try again! ]" --msgbox "\nThis is no regular file." 7 50; fi else - echo > $myAUTHKEYSPATH + echo > $myAUTHKEYSFILE + myCONF_SSH_PUBKEY_FILE="" break fi done @@ -143,27 +153,36 @@ done while true; do dialog --backtitle "$myBACKTITLE" --title "[ Need 802.1x auth? ]" --yesno "\nDo you want to add a 802.1x host certificate?" 7 50 - myADDPFX=$? - if [ "$myADDPFX" = "0" ] + myCONF_PFX_USE=$? + if [ "$myCONF_PFX_USE" = "0" ] then - myPFX=$(dialog --backtitle "$myBACKTITLE" --fselect "/" 15 50 3>&1 1>&2 2>&3 3>&-) - if [ -f "$myPFX" ] + myCONF_PFX_FILE=$(dialog --backtitle "$myBACKTITLE" --fselect "$myCONF_PFX_FILE" 15 50 3>&1 1>&2 2>&3 3>&-) + if [ -f "$myCONF_PFX_FILE" ] then - cp $myPFX $myPFXPATH + cp $myCONF_PFX_FILE $myPFXFILE dialog --backtitle "$myBACKTITLE" --title "[ Password protected? ]" --yesno "\nDoes the certificate need your password?" 7 50 - myADDPFXPW=$? - if [ "$myADDPFXPW" = "0" ] + myCONF_PFX_PW_USE=$? + if [ "$myCONF_PFX_PW_USE" = "0" ] then - myPFXPW=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Password?" 7 50 3>&1 1>&2 2>&3 3>&-) - echo $myPFXPW > $myPFXPWPATH + myCONF_PFX_PW=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Password?" 7 50 3>&1 1>&2 2>&3 3>&-) + ################################### + #echo $myCONF_PFX_PW > $myPFXPWPATH + ################################### + else + myCONF_PFX_PW="" fi - myPFXHOSTID=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Host ID?" 7 50 "." 3>&1 1>&2 2>&3 3>&-) - echo $myPFXHOSTID > $myPFXHOSTIDPATH + myCONF_PFX_HOST_ID=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Host ID?" 7 50 "$myCONF_PFX_HOST_ID" 3>&1 1>&2 2>&3 3>&-) + ############################################ + #echo $myCONF_PFX_HOST_ID > $myPFXHOSTIDPATH + ############################################ break else dialog --backtitle "$myBACKTITLE" --title "[ Try again! ]" --msgbox "\nThis is no regular file." 7 50; fi else + myCONF_PFX_FILE="" + myCONF_PFX_HOST_ID="" + myCONF_PFX_PW="" break fi done @@ -172,16 +191,16 @@ done while true; do dialog --backtitle "$myBACKTITLE" --title "[ NTP server? ]" --yesno "\nDo you want to configure a ntp server?" 7 50 - myADDNTP=$? - if [ "$myADDNTP" = "0" ] + myCONF_NTP_USE=$? + if [ "$myCONF_NTP_USE" = "0" ] then myIPRESULT="false" while [ "$myIPRESULT" = "false" ]; do - myNTPIP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "NTP IP?" --inputbox "" 7 50 "1.2.3.4" 3>&1 1>&2 2>&3 3>&-) - if valid_ip $myNTPIP; then myIPRESULT="true"; fi + myCONF_NTP_IP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "NTP IP?" --inputbox "" 7 50 "$myCONF_NTP_IP" 3>&1 1>&2 2>&3 3>&-) + if valid_ip $myCONF_NTP_IP; then myIPRESULT="true"; fi done -tee $myNTPCONFPATH < $myCONF_FILE +echo "myCONF_PROXY_USE=\"$myCONF_PROXY_USE\"" >> $myCONF_FILE +echo "myCONF_PROXY_IP=\"$myCONF_PROXY_IP\"" >> $myCONF_FILE +echo "myCONF_PROXY_PORT=\"$myCONF_PROXY_PORT\"" >> $myCONF_FILE +echo "myCONF_SSH_PUBKEY_USE=\"$myCONF_SSH_PUBKEY_USE\"" >> $myCONF_FILE +echo "myCONF_SSH_PUBKEY_FILE=\"$myCONF_SSH_PUBKEY_FILE\"" >> $myCONF_FILE +echo "myCONF_PFX_USE=\"$myCONF_PFX_USE\"" >> $myCONF_FILE +echo "myCONF_PFX_FILE=\"$myCONF_PFX_FILE\"" >> $myCONF_FILE +echo "myCONF_PFX_PW_USE=\"$myCONF_PFX_PW_USE\"" >> $myCONF_FILE +echo "myCONF_PFX_PW=\"$myCONF_PFX_PW\"" >> $myCONF_FILE +echo "myCONF_PFX_HOST_ID=\"$myCONF_PFX_HOST_ID\"" >> $myCONF_FILE +echo "myCONF_NTP_USE=\"$myCONF_NTP_USE\"" >> $myCONF_FILE +echo "myCONF_NTP_IP=\"$myCONF_NTP_IP\"" >> $myCONF_FILE + # Let's download Ubuntu Minimal ISO if [ ! -f $myUBUNTUISO ] then From cc187bfe0f769f0ab5877412f708eb9cfbf50824 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Sun, 17 Jun 2018 22:22:56 +0200 Subject: [PATCH 02/11] fix --- makeiso.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makeiso.sh b/makeiso.sh index 4def3f18..619bf994 100755 --- a/makeiso.sh +++ b/makeiso.sh @@ -1,8 +1,8 @@ #!/bin/bash # Set TERM, DIALOGRC -export DIALOGRC=/etc/dialogrc export TERM=linux +export DIALOGRC=/etc/dialogrc # Let's define some global vars myBACKTITLE="T-Pot - ISO Creator" From d0b22aa38fd0a6daf88694adc761dfef56d72e4b Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Sun, 17 Jun 2018 22:30:50 +0200 Subject: [PATCH 03/11] some fixes 1. sometimes dialog does not render the correct theme, copying the theme first and setting the var afterwards improves the siutation 2. index.docker.io moved to hub.docker.com 3. sometimes it takes longer than 5 seconds for curl, increasing timeout to 30 should avoid confusion --- iso/installer/install.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index da1ab1d1..cd236433 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -1,19 +1,19 @@ #!/bin/bash # T-Pot post install script +# Let's load dialog color theme +cp /root/installer/dialogrc /etc/ + # Set TERM, DIALOGRC export TERM=linux export DIALOGRC=/etc/dialogrc -# Let's load dialog color theme -cp /root/installer/dialogrc /etc/ - # Some global vars myNTPCONFFILE="/root/installer/ntp.conf" myPFXFILE="/root/installer/keys/8021x.pfx" myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" myBACKTITLE="T-Pot-Installer" -mySITES="https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com" +mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://ubuntu.com" myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" myCONF_FILE="/root/installer/iso.conf" myTPOT_CONF_FILE="/root/installer/tpot.conf" @@ -87,7 +87,7 @@ for i in $mySITES; dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1>/dev/null + curl --connect-timeout 30 -IsS $i 2>&1>/dev/null if [ $? -ne 0 ]; then dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nInternet connection test failed. This might indicate some problems with your connection. You can continue, but the installation might fail." 10 50 From b9fd390601cf5b63a997e312874e8a3f433ab7f8 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Mon, 18 Jun 2018 11:19:37 +0200 Subject: [PATCH 04/11] Include multitail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit if you have a large screen (3440 x 1440), just try: `multitail -C -s 3 $(find /data -type f -name "*.json" -o -name "*.log" | grep -v -e "20\|tpot")` ​ --- iso/preseed/tpot.seed | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iso/preseed/tpot.seed b/iso/preseed/tpot.seed index d2064ee3..ade230aa 100755 --- a/iso/preseed/tpot.seed +++ b/iso/preseed/tpot.seed @@ -101,7 +101,7 @@ tasksel tasksel/first multiselect ubuntu-server ######################## ### Package Installation ######################## -d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant +d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant ################# ### Update Policy From aaf3859b1c7c64f27fca8a4eb00896903d594450 Mon Sep 17 00:00:00 2001 From: marco Date: Tue, 19 Jun 2018 08:58:20 +0000 Subject: [PATCH 05/11] start work on universal installer --- iso/installer/install.sh | 162 ++++++++++++++++++++++++++++++++++- iso/installer/tpot.conf.dist | 13 +++ 2 files changed, 172 insertions(+), 3 deletions(-) create mode 100644 iso/installer/tpot.conf.dist diff --git a/iso/installer/install.sh b/iso/installer/install.sh index cd236433..6c0c220e 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -1,8 +1,165 @@ #!/bin/bash -# T-Pot post install script +# T-Pot Universal Installer + +################################## +# Extract command line arguments # +################################## + +myLSB=$(lsb_release -r | awk '{ print $2 }') +myLSB_SUPPORTED="18.04" +myINFO="\ +############################################ +### T-Pot Installer for Ubuntu $myLSB_SUPPORTED LTS ### +############################################ + +Disclaimer: +This script will install T-Pot on this system, by running the script you know what you are doing: +1. SSH will be reconfigured to tcp/64295 +2. Some packages will be installed, some will be upgraded +3. Please ensure other means of access to this system in case something goes wrong. +4. At best this script well be executed on the console instead through a SSH session. + +########################################### + +Usage: + $0 --help - Help. + +Example: + $0 --type=user - Best option for most users." + +if [ "$myLSB" != "$myLSB_SUPPORTED" ]; + then + echo "Aborting. Ubuntu $myLSB is not supported." + exit +fi +if [ "$1" == "" ]; + then + echo "$myINFO" + exit +fi +for i in "$@" + do + case $i in + --conf=*) + myTPOT_CONF_FILE="${i#*=}" + shift + ;; + --type=user) + myTPOT_DEPLOYMENT_TYPE="${i#*=}" + shift + ;; + --type=auto) + myTPOT_DEPLOYMENT_TYPE="${i#*=}" + shift + ;; + --type=iso) + myTPOT_DEPLOYMENT_TYPE="${i#*=}" + shift + ;; + --help) + echo "Usage: $0 " + echo + echo "--conf=" + echo " Use this if you want to automatically deploy a T-Pot instance (--type=automatic implied)." + echo " A configuration example is available in \"tpotce/iso/installer/tpot.conf.dist\"." + echo + echo "--type=<[user, auto, iso]>" + echo " user, use this if you want to manually install a T-Pot on a Ubuntu 18.04 LTS machine." + echo " iso, use this if you are a T-Pot developer and want to install a T-Pot from a pre-compiled iso." + echo + exit + ;; + *) + echo "$myINFO" + exit + ;; + esac + done + + +################################################### +# Validate command line arguments and load config # +################################################### + +# If a valid config file exists, set deployment type to "auto" and load the configuration +if [ "$myTPOT_DEPLOYMENT_TYPE" == "auto" ] && [ "$myTPOT_CONF_FILE" == "" ]; + then + echo "Aborting. No configuration file given." + exit +fi +if [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ]; + then + myTPOT_DEPLOYMENT_TYPE="auto" + if [ "$(head -n 1 $myTPOT_CONF_FILE | grep -c "# tpot")" == "1" ]; + then + source "$myTPOT_CONF_FILE" + echo "$myCONF_PROXY_IP" + else + echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not a T-Pot configuration file." + exit + fi + elif ! [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ]; + then + echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not found." + exit +fi + + +####################### +# Prepare environment # +####################### + +# Got root? +function fuGOT_ROOT { +echo +echo -n "### Checking for root: " +if [ "$(whoami)" != "root" ]; + then + echo "[ NOT OK ]" + echo "### Please run as root. Exiting." + exit + else + echo "[ OK ]" +fi +} + +# Let's check if all dependencies are met +function fuGET_DEPS { +local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant" +echo +echo "### Getting update information." +echo +apt-get -y update +echo +echo "### Upgrading packages." +echo +apt-get -y dist-upgrade +echo +echo "### Installing T-Pot dependencies." +echo +apt-get -y install $myPACKAGES +} # Let's load dialog color theme -cp /root/installer/dialogrc /etc/ +function fuDIALOG_SETUP { +echo +echo -n "### Checking for dialogrc: " +if [ -f "dialogrc" ]; + then + echo "[ OK ]" + cp dialogrc /etc/ + else + echo "[ NOT OK ]" + echo "### 'dialogrc' is missing. Please run 'install.sh' from within the setup folder." + fi +} + +# Prepare running the installer +fuGOT_ROOT +fuGET_DEPS +fuDIALOG_SETUP + +exit # Set TERM, DIALOGRC export TERM=linux @@ -16,7 +173,6 @@ myBACKTITLE="T-Pot-Installer" mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://ubuntu.com" myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" myCONF_FILE="/root/installer/iso.conf" -myTPOT_CONF_FILE="/root/installer/tpot.conf" fuRANDOMWORD () { local myWORDFILE="$1" diff --git a/iso/installer/tpot.conf.dist b/iso/installer/tpot.conf.dist new file mode 100644 index 00000000..19e5f1a0 --- /dev/null +++ b/iso/installer/tpot.conf.dist @@ -0,0 +1,13 @@ +# tpot configuration file +myCONF_PROXY_USE="0" +myCONF_PROXY_IP="1.2.3.4" +myCONF_PROXY_PORT="3128" +myCONF_SSH_PUBKEY_USE="0" +myCONF_SSH_PUBKEY_FILE="/" +myCONF_PFX_USE="0" +myCONF_PFX_FILE="/" +myCONF_PFX_PW_USE="0" +myCONF_PFX_PW="" +myCONF_PFX_HOST_ID="." +myCONF_NTP_USE="0" +myCONF_NTP_IP="1.2.3.4" From ab5d2bdc065f89b0312d8c06f28e98e7e43fc5be Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Wed, 20 Jun 2018 16:29:18 +0000 Subject: [PATCH 06/11] ... continue working on installer --- iso/installer/install.sh | 99 +++++++++++++++++++++++++----------- iso/installer/iso.conf.dist | 1 + iso/installer/tpot.conf.dist | 16 ++---- makeiso.sh | 5 +- 4 files changed, 78 insertions(+), 43 deletions(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 6c0c220e..6823c18b 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -1,6 +1,9 @@ #!/bin/bash # T-Pot Universal Installer +#### to do +#### 1. use authorized keys config + ################################## # Extract command line arguments # ################################## @@ -159,20 +162,27 @@ fuGOT_ROOT fuGET_DEPS fuDIALOG_SETUP -exit +############# +# Installer # +############# # Set TERM, DIALOGRC export TERM=linux export DIALOGRC=/etc/dialogrc -# Some global vars -myNTPCONFFILE="/root/installer/ntp.conf" -myPFXFILE="/root/installer/keys/8021x.pfx" -myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" +####################### +# Global vars section # +####################### + myBACKTITLE="T-Pot-Installer" -mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://ubuntu.com" -myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" myCONF_FILE="/root/installer/iso.conf" +myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" +mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://ubuntu.com" +myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" + +##################### +# Functions section # +##################### fuRANDOMWORD () { local myWORDFILE="$1" @@ -182,12 +192,15 @@ fuRANDOMWORD () { echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z) } -# Let's wait a few seconds to avoid interference with service messages -sleep 3 -tput civis -dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7 +# If this is a ISO installation we need to wait a few seconds to avoid interference with service messages +if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ]; + then + sleep 5 + tput civis + dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7 +fi -# Let's load the iso config file +# Let's load the iso config file if there is one if [ -f $myCONF_FILE ]; then dialog --backtitle "$myBACKTITLE" --title "[ Found personalized iso.config ]" --msgbox "\nYour personalized settings will be applied!" 7 47 @@ -200,7 +213,10 @@ if [ -f $myCONF_FILE ]; myCONF_NTP_USE="1" fi -# Let's setup the proxy for env +### <--- Begin proxy setup +# If a proxy is set in iso.conf it needs to be setup. +# However, none of the other installation types will automatically take care of a proxy. +# Please open a feature request if you think this is something worth considering. if [ "$myCONF_PROXY_USE" == "0" ]; then dialog --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Stop docker service ]" $myPROGRESSBOXCONF systemctl start docker 2>&1 | dialog --title "[ Start docker service ]" $myPROGRESSBOXCONF fi +### ---> End proxy setup # Let's test the internet connection mySITESCOUNT=$(echo $mySITES | wc -w) @@ -261,16 +278,40 @@ EOF EOF done; -# Let's ask user for install flavor +# Let's put cursor back in standard form tput cnorm -myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose Your T-Pot NG Edition ]" --menu \ -"\nRequired: 6GB RAM, 128GB SSD\nRecommended: 8GB RAM, 256GB SSD" 15 70 7 \ -"STANDARD" "Honeypots, ELK, NSM & Tools" \ -"SENSOR" "Just Honeypots, EWS Poster & NSM" \ -"INDUSTRIAL" "Conpot, RDPY, Vnclowpot, ELK, NSM & Tools" \ -"COLLECTOR" "Heralding, ELK, NSM & Tools" \ -"EXPERIMENTAL" "Experimental (Glutton instead of Honeytrap)" \ -"LEGACY" "Standard Edition from previous release" 3>&1 1>&2 2>&3 3>&-) + +# Let's ask the user for install flavor +if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; + then + myCONF_TPOT_FLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose Your T-Pot NG Edition ]" --menu \ + "\nRequired: 6GB RAM, 128GB SSD\nRecommended: 8GB RAM, 256GB SSD" 15 70 7 \ + "STANDARD" "Honeypots, ELK, NSM & Tools" \ + "SENSOR" "Just Honeypots, EWS Poster & NSM" \ + "INDUSTRIAL" "Conpot, RDPY, Vnclowpot, ELK, NSM & Tools" \ + "COLLECTOR" "Heralding, ELK, NSM & Tools" \ + "EXPERIMENTAL" "Experimental (Glutton instead of Honeytrap)" \ + "LEGACY" "Standard Edition from previous release" 3>&1 1>&2 2>&3 3>&-) +fi + +# Let's ask for a username if installation type is user +if [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; + then + while [ 1 != 2 ] + do + myCONF_TPOT_USER=$(dialog --backtitle "$myBACKTITLE" --title "[ Existing linux user name ]" --inputbox "\nUsername (root is not allowed)" 9 50 "$(who am i | awk '{ print $1 }')" 3>&1 1>&2 2>&3 3>&-) + myCONF_TPOT_USER=$(echo $myUSER | tr -cd "[:alnum:]_.-") + dialog --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myUSER" 7 50 + myOK=$? + if [ "$myOK" = "0" ] && [ "$myUSER" != "root" ] && [ "$myUSER" != "" ]; + then + break + fi + done +fi + +##### exit ##### +exit # Let's ask for a secure tsec password myUSER="tsec" @@ -377,7 +418,7 @@ if [ "$myCONF_NTP_USE" == "0" ]; then dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF + cp $myCONF_NTP_CONF_FILE /etc/ntp.conf 2>&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF fi # Let's setup 802.1x networking @@ -385,7 +426,7 @@ if [ "myCONF_PFX_USE" == "0" ]; then dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF tee -a /etc/network/interfaces 2>&1>/dev/null <&1>/dev/null @@ -626,9 +667,9 @@ touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some file # Let's copy some files tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF -cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp /opt/tpot/host/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp /root/installer/keys/authorized_keys /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp $myCONF_SSH_PUBKEY_FILE /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF systemctl enable tpot 2>&1 | dialog --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF # Let's take care of some files and permissions diff --git a/iso/installer/iso.conf.dist b/iso/installer/iso.conf.dist index 133b0bbd..5ae115e4 100644 --- a/iso/installer/iso.conf.dist +++ b/iso/installer/iso.conf.dist @@ -11,3 +11,4 @@ myCONF_PFX_PW="" myCONF_PFX_HOST_ID="." myCONF_NTP_USE="0" myCONF_NTP_IP="1.2.3.4" +myCONF_NTP_CONF_FILE="/" diff --git a/iso/installer/tpot.conf.dist b/iso/installer/tpot.conf.dist index 19e5f1a0..5fabd62b 100644 --- a/iso/installer/tpot.conf.dist +++ b/iso/installer/tpot.conf.dist @@ -1,13 +1,5 @@ # tpot configuration file -myCONF_PROXY_USE="0" -myCONF_PROXY_IP="1.2.3.4" -myCONF_PROXY_PORT="3128" -myCONF_SSH_PUBKEY_USE="0" -myCONF_SSH_PUBKEY_FILE="/" -myCONF_PFX_USE="0" -myCONF_PFX_FILE="/" -myCONF_PFX_PW_USE="0" -myCONF_PFX_PW="" -myCONF_PFX_HOST_ID="." -myCONF_NTP_USE="0" -myCONF_NTP_IP="1.2.3.4" +# myCONF_TPOT_FLAVOR=[STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, EXPERIMENTAL, LEGACY] +myCONF_TPOT_FLAVOR="STANDARD" +myCONF_TPOT_USER="tsec" +myCONF_TPOT_PW="$ecret123" diff --git a/makeiso.sh b/makeiso.sh index 619bf994..12e1df73 100755 --- a/makeiso.sh +++ b/makeiso.sh @@ -229,14 +229,15 @@ echo "myCONF_PROXY_USE=\"$myCONF_PROXY_USE\"" >> $myCONF_FILE echo "myCONF_PROXY_IP=\"$myCONF_PROXY_IP\"" >> $myCONF_FILE echo "myCONF_PROXY_PORT=\"$myCONF_PROXY_PORT\"" >> $myCONF_FILE echo "myCONF_SSH_PUBKEY_USE=\"$myCONF_SSH_PUBKEY_USE\"" >> $myCONF_FILE -echo "myCONF_SSH_PUBKEY_FILE=\"$myCONF_SSH_PUBKEY_FILE\"" >> $myCONF_FILE +echo "myCONF_SSH_PUBKEY_FILE=\"/root/installer/keys/authorized_keys\"" >> $myCONF_FILE echo "myCONF_PFX_USE=\"$myCONF_PFX_USE\"" >> $myCONF_FILE -echo "myCONF_PFX_FILE=\"$myCONF_PFX_FILE\"" >> $myCONF_FILE +echo "myCONF_PFX_FILE=\"/root/installer/keys/8021x.pfx\"" >> $myCONF_FILE echo "myCONF_PFX_PW_USE=\"$myCONF_PFX_PW_USE\"" >> $myCONF_FILE echo "myCONF_PFX_PW=\"$myCONF_PFX_PW\"" >> $myCONF_FILE echo "myCONF_PFX_HOST_ID=\"$myCONF_PFX_HOST_ID\"" >> $myCONF_FILE echo "myCONF_NTP_USE=\"$myCONF_NTP_USE\"" >> $myCONF_FILE echo "myCONF_NTP_IP=\"$myCONF_NTP_IP\"" >> $myCONF_FILE +echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE # Let's download Ubuntu Minimal ISO if [ ! -f $myUBUNTUISO ] From b500c8aace4e7e706a0ac1f6f86a506e6273c3ed Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Thu, 21 Jun 2018 15:16:33 +0000 Subject: [PATCH 07/11] continue working on installer --- iso/installer/install.sh | 317 +++++++++++++++++++---------------- iso/installer/iso.conf.dist | 26 +-- iso/installer/tpot.conf.dist | 8 +- makeiso.sh | 26 +-- 4 files changed, 205 insertions(+), 172 deletions(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 6823c18b..6042c370 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -2,7 +2,8 @@ # T-Pot Universal Installer #### to do -#### 1. use authorized keys config +#### 1. ditch authorized keys config, use fail2ban +#### 2. check for other services that might collide with the honeypots, if found abort install ################################## # Extract command line arguments # @@ -63,11 +64,12 @@ for i in "$@" echo "Usage: $0 " echo echo "--conf=" - echo " Use this if you want to automatically deploy a T-Pot instance (--type=automatic implied)." + echo " Use this if you want to automatically deploy a T-Pot instance (--type=auto implied)." echo " A configuration example is available in \"tpotce/iso/installer/tpot.conf.dist\"." echo echo "--type=<[user, auto, iso]>" echo " user, use this if you want to manually install a T-Pot on a Ubuntu 18.04 LTS machine." + echo " auto, implied if a configuration file is passed as an argument for automatic deployment." echo " iso, use this if you are a T-Pot developer and want to install a T-Pot from a pre-compiled iso." echo exit @@ -119,7 +121,8 @@ echo -n "### Checking for root: " if [ "$(whoami)" != "root" ]; then echo "[ NOT OK ]" - echo "### Please run as root. Exiting." + echo "### Please run as root." + echo "### Example: sudo $0" exit else echo "[ OK ]" @@ -253,30 +256,33 @@ fi ### ---> End proxy setup # Let's test the internet connection -mySITESCOUNT=$(echo $mySITES | wc -w) -j=0 -for i in $mySITES; - do - dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ - --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1>/dev/null - if [ $? -ne 0 ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nInternet connection test failed. This might indicate some problems with your connection. You can continue, but the installation might fail." 10 50 - if [ $? = 1 ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Abort ]" --msgbox "\nInstallation aborted. Exiting the installer." 7 50 - exit - else - break; - fi; - fi; - let j+=1 - dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ - --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1>/dev/null + if [ $? -ne 0 ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nInternet connection test failed. This might indicate some problems with your connection. You can continue, but the installation might fail." 10 50 + if [ $? = 1 ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Abort ]" --msgbox "\nInstallation aborted. Exiting the installer." 7 50 + exit + else + break; + fi; + fi; + let j+=1 + dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1 1>&2 2>&3 3>&-) - myCONF_TPOT_USER=$(echo $myUSER | tr -cd "[:alnum:]_.-") - dialog --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myUSER" 7 50 + myCONF_TPOT_USER=$(dialog --backtitle "$myBACKTITLE" --title "[ Existing console user name ]" --inputbox "\nUsername (root is not allowed)" 9 50 "$(who am i | awk '{ print $1 }')" 3>&1 1>&2 2>&3 3>&-) + myCONF_TPOT_USER=$(echo $myCONF_TPOT_USER | tr -cd "[:alnum:]_.-") + dialog --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myCONF_TPOT_USER" 7 50 myOK=$? - if [ "$myOK" = "0" ] && [ "$myUSER" != "root" ] && [ "$myUSER" != "" ]; + if [ "$myOK" = "0" ] && [ "$myCONF_TPOT_USER" != "root" ] && [ "$myCONF_TPOT_USER" != "" ] && [ "$(cat /etc/passwd | grep -wc $myCONF_TPOT_USER)" == "1" ]; then break fi done fi +# Let's ask for a secure tsec password if installation type is iso +if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ]; + then + myCONF_TPOT_USER="tsec" + myPASS1="pass1" + myPASS2="pass2" + mySECURE="0" + while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] + do + while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] + do + myPASS1=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Enter password for console user (tsec) ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + done + myPASS2=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Repeat password for console user (tsec) ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + if [ "$myPASS1" != "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ + --msgbox "\nPlease re-enter your password." 7 60 + myPASS1="pass1" + myPASS2="pass2" + fi + mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") + if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 + myOK=$? + if [ "$myOK" == "1" ]; + then + myPASS1="pass1" + myPASS2="pass2" + fi + fi + done + printf "%s" "$myCONF_TPOT_USER:$myPASS1" | chpasswd +fi + +# Let's ask for a web user credentials if deployment type is iso or user +# In case of auto, credentials are created from config values +# Skip this step entirely if SENSOR flavor +if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; + then + myOK="1" + myCONF_WEB_USER="webuser" + myCONF_WEB_PW="pass1" + myCONF_WEB_PW2="pass2" + mySECURE="0" + while [ 1 != 2 ] + do + myCONF_WEB_USER=$(dialog --backtitle "$myBACKTITLE" --title "[ Enter your web user name ]" --inputbox "\nUsername (tsec not allowed)" 9 50 3>&1 1>&2 2>&3 3>&-) + myCONF_WEB_USER=$(echo $myCONF_WEB_USER | tr -cd "[:alnum:]_.-") + dialog --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myCONF_WEB_USER" 7 50 + myOK=$? + if [ "$myOK" = "0" ] && [ "$myCONF_WEB_USER" != "tsec" ] && [ "$myCONF_WEB_USER" != "" ]; + then + break + fi + done + while [ "$myCONF_WEB_PW" != "$myCONF_WEB_PW2" ] && [ "$mySECURE" == "0" ] + do + while [ "$myCONF_WEB_PW" == "pass1" ] || [ "$myCONF_WEB_PW" == "" ] + do + myCONF_WEB_PW=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Enter password for your web user ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + done + myCONF_WEB_PW2=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Repeat password for your web user ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + if [ "$myCONF_WEB_PW" != "$myCONF_WEB_PW2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ + --msgbox "\nPlease re-enter your password." 7 60 + myCONF_WEB_PW="pass1" + myCONF_WEB_PW2="pass2" + fi + mySECURE=$(printf "%s" "$myCONF_WEB_PW" | cracklib-check | grep -c "OK") + if [ "$mySECURE" == "0" ] && [ "$myCONF_WEB_PW" == "$myCONF_WEB_PW2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 + myOK=$? + if [ "$myOK" == "1" ]; + then + myCONF_WEB_PW="pass1" + myCONF_WEB_PW2="pass2" + fi + fi + done +fi +# If flavor is SENSOR do not write credentials +if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; + then + mkdir -p /data/nginx/conf 2>&1 + htpasswd -b -c /data/nginx/conf/nginxpasswd "$myCONF_WEB_USER" "$myCONF_WEB_PW" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; +fi + +################ +echo $myCONF_TPOT_FLAVOR +echo $myCONF_TPOT_USER +echo $myCONF_TPOT_PW +echo $myCONF_WEB_USER +echo $myCONF_WEB_PW + + ##### exit ##### exit -# Let's ask for a secure tsec password -myUSER="tsec" -myPASS1="pass1" -myPASS2="pass2" -mySECURE="0" -while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] - do - while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] - do - myPASS1=$(dialog --insecure --backtitle "$myBACKTITLE" \ - --title "[ Enter password for console user (tsec) ]" \ - --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) - done - myPASS2=$(dialog --insecure --backtitle "$myBACKTITLE" \ - --title "[ Repeat password for console user (tsec) ]" \ - --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) - if [ "$myPASS1" != "$myPASS2" ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ - --msgbox "\nPlease re-enter your password." 7 60 - myPASS1="pass1" - myPASS2="pass2" - fi - mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") - if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 - myOK=$? - if [ "$myOK" == "1" ]; - then - myPASS1="pass1" - myPASS2="pass2" - fi - fi - done -printf "%s" "$myUSER:$myPASS1" | chpasswd - -# Let's ask for a web username with secure password -myOK="1" -myUSER="tsec" -myPASS1="pass1" -myPASS2="pass2" -mySECURE="0" -while [ 1 != 2 ] - do - myUSER=$(dialog --backtitle "$myBACKTITLE" --title "[ Enter your web user name ]" --inputbox "\nUsername (tsec not allowed)" 9 50 3>&1 1>&2 2>&3 3>&-) - myUSER=$(echo $myUSER | tr -cd "[:alnum:]_.-") - dialog --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myUSER" 7 50 - myOK=$? - if [ "$myOK" = "0" ] && [ "$myUSER" != "tsec" ] && [ "$myUSER" != "" ]; - then - break - fi - done -while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] - do - while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] - do - myPASS1=$(dialog --insecure --backtitle "$myBACKTITLE" \ - --title "[ Enter password for your web user ]" \ - --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) - done - myPASS2=$(dialog --insecure --backtitle "$myBACKTITLE" \ - --title "[ Repeat password for your web user ]" \ - --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) - if [ "$myPASS1" != "$myPASS2" ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ - --msgbox "\nPlease re-enter your password." 7 60 - myPASS1="pass1" - myPASS2="pass2" - fi - mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") - if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 - myOK=$? - if [ "$myOK" == "1" ]; - then - myPASS1="pass1" - myPASS2="pass2" - fi - fi - done -mkdir -p /data/nginx/conf 2>&1 -htpasswd -b -c /data/nginx/conf/nginxpasswd "$myUSER" "$myPASS1" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; +# Put cursor in invisible mode +tput civis # Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway) -tput civis -mkdir -p /data/nginx/cert 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; -openssl req \ - -nodes \ - -x509 \ - -sha512 \ - -newkey rsa:8192 \ - -keyout "/data/nginx/cert/nginx.key" \ - -out "/data/nginx/cert/nginx.crt" \ - -days 3650 \ - -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; +if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; + then + mkdir -p /data/nginx/cert 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; + openssl req \ + -nodes \ + -x509 \ + -sha512 \ + -newkey rsa:8192 \ + -keyout "/data/nginx/cert/nginx.key" \ + -out "/data/nginx/cert/nginx.crt" \ + -days 3650 \ + -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; +fi # Let's setup the ntp server if [ "$myCONF_NTP_USE" == "0" ]; then -dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF fi @@ -424,10 +455,10 @@ fi # Let's setup 802.1x networking if [ "myCONF_PFX_USE" == "0" ]; then -dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF -tee -a /etc/network/interfaces 2>&1>/dev/null <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF -apt-get upgrade -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF - -# Let's clean up apt -apt-get autoclean -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF -apt-get autoremove -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF - # Installing ctop, elasticdump, tpot +if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; + then + npm install https://github.com/taskrabbit/elasticsearch-dump#9fcc8cc -g 2>&1 | dialog --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF +fi pip install --upgrade pip 2>&1 | dialog --title "[ Installing pip ]" $myPROGRESSBOXCONF +hash -r 2>&1 | dialog --title "[ Installing pip ]" $myPROGRESSBOXCONF pip install elasticsearch-curator==5.4.1 2>&1 | dialog --title "[ Installing elasticsearch-curator ]" $myPROGRESSBOXCONF pip install yq==2.4.1 2>&1 | dialog --title "[ Installing yq ]" $myPROGRESSBOXCONF -npm install https://github.com/taskrabbit/elasticsearch-dump#9fcc8cc -g 2>&1 | dialog --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF wget https://github.com/bcicen/ctop/releases/download/v0.7/ctop-0.7-linux-amd64 -O ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF mv ctop /usr/bin/ 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF chmod +x /usr/bin/ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF git clone https://github.com/dtag-dev-sec/tpotce -b 18.04 /opt/tpot 2>&1 | dialog --title "[ Cloning T-Pot ]" $myPROGRESSBOXCONF -# Let's add a new user -addgroup --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF -adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF +# Let's create the T-Pot user +addgroup --gid 2000 tpot 2>&1 | dialog --title "[ Adding T-Pot user ]" $myPROGRESSBOXCONF +adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot 2>&1 | dialog --title "[ Adding T-Pot user ]" $myPROGRESSBOXCONF # Let's set the hostname a=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/a.txt) @@ -705,6 +732,10 @@ EOF # Let's create ews.ip before reboot and prevent race condition for first start /opt/tpot/bin/updateip.sh 2>&1>/dev/null +# Let's clean up apt +apt-get autoclean -y 2>&1 | dialog --title "[ Cleaning up ]" $myPROGRESSBOXCONF +apt-get autoremove -y 2>&1 | dialog --title "[ Cleaning up ]" $myPROGRESSBOXCONF + # Final steps cp /opt/tpot/host/etc/rc.local /etc/rc.local 2>&1>/dev/null && \ rm -rf /root/installer 2>&1>/dev/null && \ diff --git a/iso/installer/iso.conf.dist b/iso/installer/iso.conf.dist index 5ae115e4..5aba0b92 100644 --- a/iso/installer/iso.conf.dist +++ b/iso/installer/iso.conf.dist @@ -1,14 +1,14 @@ # makeiso configuration file -myCONF_PROXY_USE="0" -myCONF_PROXY_IP="1.2.3.4" -myCONF_PROXY_PORT="3128" -myCONF_SSH_PUBKEY_USE="0" -myCONF_SSH_PUBKEY_FILE="/" -myCONF_PFX_USE="0" -myCONF_PFX_FILE="/" -myCONF_PFX_PW_USE="0" -myCONF_PFX_PW="" -myCONF_PFX_HOST_ID="." -myCONF_NTP_USE="0" -myCONF_NTP_IP="1.2.3.4" -myCONF_NTP_CONF_FILE="/" +myCONF_PROXY_USE='0' +myCONF_PROXY_IP='1.2.3.4' +myCONF_PROXY_PORT='3128' +myCONF_SSH_PUBKEY_USE='0' +myCONF_SSH_PUBKEY_FILE='/' +myCONF_PFX_USE='0' +myCONF_PFX_FILE='/' +myCONF_PFX_PW_USE='0' +myCONF_PFX_PW='' +myCONF_PFX_HOST_ID='.' +myCONF_NTP_USE='0' +myCONF_NTP_IP='1.2.3.4' +myCONF_NTP_CONF_FILE='/' diff --git a/iso/installer/tpot.conf.dist b/iso/installer/tpot.conf.dist index 5fabd62b..d8c14459 100644 --- a/iso/installer/tpot.conf.dist +++ b/iso/installer/tpot.conf.dist @@ -1,5 +1,7 @@ # tpot configuration file # myCONF_TPOT_FLAVOR=[STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, EXPERIMENTAL, LEGACY] -myCONF_TPOT_FLAVOR="STANDARD" -myCONF_TPOT_USER="tsec" -myCONF_TPOT_PW="$ecret123" +myCONF_TPOT_FLAVOR='STANDARD' +myCONF_TPOT_USER='tsec' +myCONF_TPOT_PW='$ecret123' +myCONF_WEB_USER='webuser' +myCONF_WEB_PW='w3b$ecret' diff --git a/makeiso.sh b/makeiso.sh index 12e1df73..f6995267 100755 --- a/makeiso.sh +++ b/makeiso.sh @@ -225,19 +225,19 @@ done # Let's write the config file echo "# makeiso configuration file" > $myCONF_FILE -echo "myCONF_PROXY_USE=\"$myCONF_PROXY_USE\"" >> $myCONF_FILE -echo "myCONF_PROXY_IP=\"$myCONF_PROXY_IP\"" >> $myCONF_FILE -echo "myCONF_PROXY_PORT=\"$myCONF_PROXY_PORT\"" >> $myCONF_FILE -echo "myCONF_SSH_PUBKEY_USE=\"$myCONF_SSH_PUBKEY_USE\"" >> $myCONF_FILE -echo "myCONF_SSH_PUBKEY_FILE=\"/root/installer/keys/authorized_keys\"" >> $myCONF_FILE -echo "myCONF_PFX_USE=\"$myCONF_PFX_USE\"" >> $myCONF_FILE -echo "myCONF_PFX_FILE=\"/root/installer/keys/8021x.pfx\"" >> $myCONF_FILE -echo "myCONF_PFX_PW_USE=\"$myCONF_PFX_PW_USE\"" >> $myCONF_FILE -echo "myCONF_PFX_PW=\"$myCONF_PFX_PW\"" >> $myCONF_FILE -echo "myCONF_PFX_HOST_ID=\"$myCONF_PFX_HOST_ID\"" >> $myCONF_FILE -echo "myCONF_NTP_USE=\"$myCONF_NTP_USE\"" >> $myCONF_FILE -echo "myCONF_NTP_IP=\"$myCONF_NTP_IP\"" >> $myCONF_FILE -echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE +echo "myCONF_PROXY_USE=\'$myCONF_PROXY_USE\'" >> $myCONF_FILE +echo "myCONF_PROXY_IP=\'$myCONF_PROXY_IP\'" >> $myCONF_FILE +echo "myCONF_PROXY_PORT=\'$myCONF_PROXY_PORT\'" >> $myCONF_FILE +echo "myCONF_SSH_PUBKEY_USE=\'$myCONF_SSH_PUBKEY_USE\'" >> $myCONF_FILE +echo "myCONF_SSH_PUBKEY_FILE=\'/root/installer/keys/authorized_keys\'" >> $myCONF_FILE +echo "myCONF_PFX_USE=\'$myCONF_PFX_USE\'" >> $myCONF_FILE +echo "myCONF_PFX_FILE=\'/root/installer/keys/8021x.pfx\'" >> $myCONF_FILE +echo "myCONF_PFX_PW_USE=\'$myCONF_PFX_PW_USE\'" >> $myCONF_FILE +echo "myCONF_PFX_PW=\'$myCONF_PFX_PW\'" >> $myCONF_FILE +echo "myCONF_PFX_HOST_ID=\'$myCONF_PFX_HOST_ID\'" >> $myCONF_FILE +echo "myCONF_NTP_USE=\'$myCONF_NTP_USE\'" >> $myCONF_FILE +echo "myCONF_NTP_IP=\'$myCONF_NTP_IP\'" >> $myCONF_FILE +echo "myCONF_NTP_CONF_FILE=\'/root/installer/ntp.conf\'" >> $myCONF_FILE # Let's download Ubuntu Minimal ISO if [ ! -f $myUBUNTUISO ] From 1705f3d1db85f1eaebeac558c134553e3ebb9f8f Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Fri, 22 Jun 2018 14:57:38 +0000 Subject: [PATCH 08/11] Continue working on installer --- iso/installer/install.sh | 60 +++++++++++++++++++++++++++---------- iso/installer/iso.conf.dist | 2 -- makeiso.sh | 55 +++++++--------------------------- 3 files changed, 55 insertions(+), 62 deletions(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 6042c370..0196dd37 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -2,8 +2,8 @@ # T-Pot Universal Installer #### to do -#### 1. ditch authorized keys config, use fail2ban -#### 2. check for other services that might collide with the honeypots, if found abort install +#### 1. use fail2ban +#### 2. use cockpit ################################## # Extract command line arguments # @@ -160,9 +160,41 @@ if [ -f "dialogrc" ]; fi } +# Let's check for other services +function fuCHECK_PORTS { +if [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; + then + echo + echo "### Checking for active services." + echo + grc netstat -tulpen + echo + echo "### Please review your running services." + echo "### We will take care of SSH (22), but other services i.e. FTP (21), TELNET (23), SMTP (25), HTTP (80), HTTPS (443), etc." + echo "### might collide with T-Pot's honeypots and prevent T-Pot from starting successfully." + echo + while [ 1 != 2 ] + do + read -s -n 1 -p "Continue [y/n]? " mySELECT + echo + case "$mySELECT" in + [y,Y]) + break + ;; + [n,N]) + exit + ;; + esac + done +fi +} + + # Prepare running the installer +echo "$myINFO" | head -n 3 fuGOT_ROOT fuGET_DEPS +fuCHECK_PORTS fuDIALOG_SETUP ############# @@ -211,7 +243,6 @@ if [ -f $myCONF_FILE ]; else # dialog logic considers 1=false, 0=true myCONF_PROXY_USE="1" - myCONF_SSH_PUBKEY_USE="1" myCONF_PFX_USE="1" myCONF_NTP_USE="1" fi @@ -287,6 +318,10 @@ fi # Let's put cursor back in standard form tput cnorm +#################### +# User interaction # +#################### + # Let's ask the user for install flavor if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; then @@ -426,6 +461,10 @@ echo $myCONF_WEB_PW ##### exit ##### exit +######################## +# Installation section # +######################## + # Put cursor in invisible mode tput civis @@ -547,7 +586,7 @@ tee -a /etc/ssh/ssh_config 2>&1>/dev/null <&1 | dialog --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF @@ -556,8 +595,7 @@ pip install --upgrade pip 2>&1 | dialog --title "[ Installing pip ]" $myPROGRESS hash -r 2>&1 | dialog --title "[ Installing pip ]" $myPROGRESSBOXCONF pip install elasticsearch-curator==5.4.1 2>&1 | dialog --title "[ Installing elasticsearch-curator ]" $myPROGRESSBOXCONF pip install yq==2.4.1 2>&1 | dialog --title "[ Installing yq ]" $myPROGRESSBOXCONF -wget https://github.com/bcicen/ctop/releases/download/v0.7/ctop-0.7-linux-amd64 -O ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF -mv ctop /usr/bin/ 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF +wget https://github.com/bcicen/ctop/releases/download/v0.7/ctop-0.7-linux-amd64 -O /usr/bin/ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF chmod +x /usr/bin/ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF git clone https://github.com/dtag-dev-sec/tpotce -b 18.04 /opt/tpot 2>&1 | dialog --title "[ Cloning T-Pot ]" $myPROGRESSBOXCONF @@ -574,13 +612,6 @@ sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title # Let's patch sshd_config sed -i 's#\#Port 22#Port 64295#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF -sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH password authentication only from RFC1918 networks ]" $myPROGRESSBOXCONF -tee -a /etc/ssh/sshd_config 2>&1>/dev/null <&1 | dialog --title "[ Creating some file tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF cp /opt/tpot/host/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp $myCONF_SSH_PUBKEY_FILE /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF systemctl enable tpot 2>&1 | dialog --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF # Let's take care of some files and permissions @@ -704,8 +734,6 @@ chmod 760 -R /data 2>&1 | dialog --title "[ Set permissions and ownerships ]" $m chown tpot:tpot -R /data 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF chmod 644 -R /data/nginx/conf 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF chmod 644 -R /data/nginx/cert 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF -chmod 600 /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF -chown tsec:tsec /home/tsec/.ssh /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF # Let's replace "quiet splash" options, set a console font for more screen canvas and update grub sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub 2>&1>/dev/null diff --git a/iso/installer/iso.conf.dist b/iso/installer/iso.conf.dist index 5aba0b92..f695f381 100644 --- a/iso/installer/iso.conf.dist +++ b/iso/installer/iso.conf.dist @@ -2,8 +2,6 @@ myCONF_PROXY_USE='0' myCONF_PROXY_IP='1.2.3.4' myCONF_PROXY_PORT='3128' -myCONF_SSH_PUBKEY_USE='0' -myCONF_SSH_PUBKEY_FILE='/' myCONF_PFX_USE='0' myCONF_PFX_FILE='/' myCONF_PFX_PW_USE='0' diff --git a/makeiso.sh b/makeiso.sh index f6995267..a33c665b 100755 --- a/makeiso.sh +++ b/makeiso.sh @@ -115,9 +115,6 @@ do myCONF_PROXY_PORT=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy Port (i.e. 3128)?" --inputbox "" 7 50 "$myCONF_PROXY_PORT" 3>&1 1>&2 2>&3 3>&-) if [[ $myCONF_PROXY_PORT =~ ^-?[0-9]+$ ]] && [ $myCONF_PROXY_PORT -gt 0 ] && [ $myCONF_PROXY_PORT -lt 65536 ]; then myPORTRESULT="true"; fi done - ################################################################# - #echo http://$myCONF_PROXY_IP:$myCONF_PROXY_PORT > $myPROXYCONFIG - ################################################################# sed -i.bak 's#d-i mirror/http/proxy.*#d-i mirror/http/proxy string http://'$myCONF_PROXY_IP':'$myCONF_PROXY_PORT'/#' $myTPOTSEED break else @@ -127,28 +124,6 @@ do fi done -# Let's ask the user for ssh keys ... -while true; -do - dialog --backtitle "$myBACKTITLE" --title "[ Add ssh keys? ]" --yesno "\nDo you want to add public key(s) to authorized_keys file?" 8 50 - myCONF_SSH_PUBKEY_USE=$? - if [ "$myCONF_SSH_PUBKEY_USE" = "0" ] - then - myCONF_SSH_PUBKEY_FILE=$(dialog --backtitle "$myBACKTITLE" --fselect "$myCONF_SSH_PUBKEY_FILE" 15 50 3>&1 1>&2 2>&3 3>&-) - if [ -f "$myCONF_SSH_PUBKEY_FILE" ] - then - cp $myCONF_SSH_PUBKEY_FILE $myAUTHKEYSFILE - break - else - dialog --backtitle "$myBACKTITLE" --title "[ Try again! ]" --msgbox "\nThis is no regular file." 7 50; - fi - else - echo > $myAUTHKEYSFILE - myCONF_SSH_PUBKEY_FILE="" - break - fi -done - # Let's ask the user for 802.1x data ... while true; do @@ -165,16 +140,10 @@ do if [ "$myCONF_PFX_PW_USE" = "0" ] then myCONF_PFX_PW=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Password?" 7 50 3>&1 1>&2 2>&3 3>&-) - ################################### - #echo $myCONF_PFX_PW > $myPFXPWPATH - ################################### else myCONF_PFX_PW="" fi myCONF_PFX_HOST_ID=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Host ID?" 7 50 "$myCONF_PFX_HOST_ID" 3>&1 1>&2 2>&3 3>&-) - ############################################ - #echo $myCONF_PFX_HOST_ID > $myPFXHOSTIDPATH - ############################################ break else dialog --backtitle "$myBACKTITLE" --title "[ Try again! ]" --msgbox "\nThis is no regular file." 7 50; @@ -225,19 +194,17 @@ done # Let's write the config file echo "# makeiso configuration file" > $myCONF_FILE -echo "myCONF_PROXY_USE=\'$myCONF_PROXY_USE\'" >> $myCONF_FILE -echo "myCONF_PROXY_IP=\'$myCONF_PROXY_IP\'" >> $myCONF_FILE -echo "myCONF_PROXY_PORT=\'$myCONF_PROXY_PORT\'" >> $myCONF_FILE -echo "myCONF_SSH_PUBKEY_USE=\'$myCONF_SSH_PUBKEY_USE\'" >> $myCONF_FILE -echo "myCONF_SSH_PUBKEY_FILE=\'/root/installer/keys/authorized_keys\'" >> $myCONF_FILE -echo "myCONF_PFX_USE=\'$myCONF_PFX_USE\'" >> $myCONF_FILE -echo "myCONF_PFX_FILE=\'/root/installer/keys/8021x.pfx\'" >> $myCONF_FILE -echo "myCONF_PFX_PW_USE=\'$myCONF_PFX_PW_USE\'" >> $myCONF_FILE -echo "myCONF_PFX_PW=\'$myCONF_PFX_PW\'" >> $myCONF_FILE -echo "myCONF_PFX_HOST_ID=\'$myCONF_PFX_HOST_ID\'" >> $myCONF_FILE -echo "myCONF_NTP_USE=\'$myCONF_NTP_USE\'" >> $myCONF_FILE -echo "myCONF_NTP_IP=\'$myCONF_NTP_IP\'" >> $myCONF_FILE -echo "myCONF_NTP_CONF_FILE=\'/root/installer/ntp.conf\'" >> $myCONF_FILE +echo "myCONF_PROXY_USE=\"$myCONF_PROXY_USE\"" >> $myCONF_FILE +echo "myCONF_PROXY_IP=\"$myCONF_PROXY_IP\"" >> $myCONF_FILE +echo "myCONF_PROXY_PORT=\"$myCONF_PROXY_PORT\"" >> $myCONF_FILE +echo "myCONF_PFX_USE=\"$myCONF_PFX_USE\"" >> $myCONF_FILE +echo "myCONF_PFX_FILE=\"/root/installer/keys/8021x.pfx\"" >> $myCONF_FILE +echo "myCONF_PFX_PW_USE=\"$myCONF_PFX_PW_USE\"" >> $myCONF_FILE +echo "myCONF_PFX_PW=\"$myCONF_PFX_PW\"" >> $myCONF_FILE +echo "myCONF_PFX_HOST_ID=\"$myCONF_PFX_HOST_ID\"" >> $myCONF_FILE +echo "myCONF_NTP_USE=\"$myCONF_NTP_USE\"" >> $myCONF_FILE +echo "myCONF_NTP_IP=\"$myCONF_NTP_IP\"" >> $myCONF_FILE +echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE # Let's download Ubuntu Minimal ISO if [ ! -f $myUBUNTUISO ] From 96e02eeb10012b8a131dffc34efb2bc205ed6eb4 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Fri, 22 Jun 2018 16:14:39 +0000 Subject: [PATCH 09/11] add fail2ban to installer --- iso/installer/install.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 0196dd37..fa562225 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -131,7 +131,7 @@ fi # Let's check if all dependencies are met function fuGET_DEPS { -local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant" +local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant" echo echo "### Getting update information." echo @@ -680,6 +680,23 @@ net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 EOF +# Let's setup fail2ban config +dialog --title "[ Setup fail2ban config ]" $myPROGRESSBOXCONF <&1>/dev/null < Date: Sat, 23 Jun 2018 21:23:33 +0000 Subject: [PATCH 10/11] continue working on installer remove portainer remove wetty remove netdata add cockpit tweak fail2ban for cockpit, sshd, nginx update logo to 18.10 remove configs with regard to portainer, wetty, netdata adjust packages for install.sh, preseed --- bin/updateip.sh | 4 +-- docker/nginx/dist/conf/tpotweb.conf | 41 +++---------------------- docker/nginx/dist/html/navbar.html | 9 +++--- etc/compose/collector.yml | 46 ---------------------------- etc/compose/experimental.yml | 46 ---------------------------- etc/compose/industrial.yml | 47 ----------------------------- etc/compose/legacy.yml | 46 ---------------------------- etc/compose/standard.yml | 47 ----------------------------- host/etc/issue | 17 ++++++----- iso/installer/install.sh | 19 ++++++++++-- iso/preseed/tpot.seed | 2 +- 11 files changed, 36 insertions(+), 288 deletions(-) diff --git a/bin/updateip.sh b/bin/updateip.sh index b7d8080d..a0eecba1 100755 --- a/bin/updateip.sh +++ b/bin/updateip.sh @@ -12,6 +12,7 @@ mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1) sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue +sed -i "s#ADMIN:.*#ADMIN: https://$myLOCALIP:64294#" /etc/issue tee /data/ews/conf/ews.ip << EOF [MAIN] ip = $myEXTIP @@ -21,8 +22,5 @@ MY_EXTIP=$myEXTIP MY_INTIP=$myLOCALIP MY_HOSTNAME=$HOSTNAME EOF -tee /opt/tpot/etc/compose/wetty_environment << EOF -MY_SSHUSER=$mySSHUSER -EOF chown tpot:tpot /data/ews/conf/ews.ip chmod 760 /data/ews/conf/ews.ip diff --git a/docker/nginx/dist/conf/tpotweb.conf b/docker/nginx/dist/conf/tpotweb.conf index 67cf9208..5dc71ec5 100644 --- a/docker/nginx/dist/conf/tpotweb.conf +++ b/docker/nginx/dist/conf/tpotweb.conf @@ -2,11 +2,6 @@ ### NGINX T-Pot configuration file by mo ### ############################################ -################################### -### Allow for 60 reloads per minute -################################### -limit_req_zone $binary_remote_addr zone=base:1m rate=1r/s; - server { ######################### @@ -39,16 +34,16 @@ server { ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; - + #################################### ### OWASP recommendations / settings #################################### ### Size Limits & Buffer Overflows ### the size may be configured based on the needs. - client_body_buffer_size 100K; + client_body_buffer_size 128k; client_header_buffer_size 1k; - client_max_body_size 100k; + client_max_body_size 256k; large_client_header_buffers 2 1k; ### Mitigate Slow HHTP DoS Attack @@ -89,14 +84,6 @@ server { auth_basic_user_file /etc/nginx/nginxpasswd; - ############################## - ### Limit brute-force attempts - ############################## - location = / { - limit_req zone=base burst=1 nodelay; - } - - ################# ### Proxied sites ################# @@ -119,27 +106,6 @@ server { rewrite /myhead/(.*)$ /$1 break; } - ### portainer - location /ui { - proxy_pass http://127.0.0.1:64299; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_set_header Host $host; - proxy_redirect off; - rewrite /ui/(.*)$ /$1 break; - } - ### web tty - location /wetty { - proxy_pass http://127.0.0.1:64300/wetty; - } - - ### netdata - location /netdata/ { - proxy_pass http://localhost:64301; - rewrite /netdata/(.*)$ /$1 break; - } - ### spiderfoot location /spiderfoot { proxy_pass http://127.0.0.1:64303; @@ -156,4 +122,5 @@ server { location /scandelete { proxy_pass http://127.0.0.1:64303/spiderfoot/scandelete; } + } diff --git a/docker/nginx/dist/html/navbar.html b/docker/nginx/dist/html/navbar.html index e3954f74..0069a138 100644 --- a/docker/nginx/dist/html/navbar.html +++ b/docker/nginx/dist/html/navbar.html @@ -10,12 +10,13 @@
Home - Kibana + ES Head - Netdata + Kibana Spiderfoot - Portainer - WebTTY
+ diff --git a/etc/compose/collector.yml b/etc/compose/collector.yml index 1586fc39..36619a18 100644 --- a/etc/compose/collector.yml +++ b/etc/compose/collector.yml @@ -171,26 +171,6 @@ services: - /data:/data - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip -# Netdata service - netdata: - container_name: netdata - restart: always - network_mode: "host" - depends_on: - elasticsearch: - condition: service_healthy - cap_add: - - SYS_PTRACE - security_opt: - - apparmor=unconfined - ports: - - "64301:64301" - image: "dtagdevsec/netdata:1804" - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - # Nginx service nginx: container_name: nginx @@ -212,20 +192,6 @@ services: - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - /data/nginx/log/:/var/log/nginx/ -# Portainer service - portainer: - container_name: portainer - command: -H unix:///var/run/docker.sock --no-auth - restart: always - networks: - - portainer_local - ports: - - "127.0.0.1:64299:9000" - image: "dtagdevsec/portainer:1804" - read_only: true - volumes: - - /var/run/docker.sock:/var/run/docker.sock - # Spiderfoot service spiderfoot: container_name: spiderfoot @@ -238,15 +204,3 @@ services: volumes: - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db -# Wetty service - wetty: - container_name: wetty - restart: always - stop_signal: SIGKILL - network_mode: "host" - env_file: - - /opt/tpot/etc/compose/wetty_environment - tmpfs: - - /home/wetty/.ssh/:uid=2000,gid=2000 - image: "dtagdevsec/wetty:1804" - read_only: true diff --git a/etc/compose/experimental.yml b/etc/compose/experimental.yml index 39f928cb..b20d1f26 100644 --- a/etc/compose/experimental.yml +++ b/etc/compose/experimental.yml @@ -505,26 +505,6 @@ services: - /data:/data - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip -# Netdata service - netdata: - container_name: netdata - restart: always - network_mode: "host" - depends_on: - elasticsearch: - condition: service_healthy - cap_add: - - SYS_PTRACE - security_opt: - - apparmor=unconfined - ports: - - "64301:64301" - image: "dtagdevsec/netdata:1804" - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - # Nginx service nginx: container_name: nginx @@ -546,20 +526,6 @@ services: - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - /data/nginx/log/:/var/log/nginx/ -# Portainer service - portainer: - container_name: portainer - command: -H unix:///var/run/docker.sock --no-auth - restart: always - networks: - - portainer_local - ports: - - "127.0.0.1:64299:9000" - image: "dtagdevsec/portainer:1804" - read_only: true - volumes: - - /var/run/docker.sock:/var/run/docker.sock - # Spiderfoot service spiderfoot: container_name: spiderfoot @@ -572,15 +538,3 @@ services: volumes: - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db -# Wetty service - wetty: - container_name: wetty - restart: always - stop_signal: SIGKILL - network_mode: "host" - env_file: - - /opt/tpot/etc/compose/wetty_environment - tmpfs: - - /home/wetty/.ssh/:uid=2000,gid=2000 - image: "dtagdevsec/wetty:1804" - read_only: true diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml index 04330c77..c653e6af 100644 --- a/etc/compose/industrial.yml +++ b/etc/compose/industrial.yml @@ -324,26 +324,6 @@ services: - /data:/data - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip -# Netdata service - netdata: - container_name: netdata - restart: always - network_mode: "host" - depends_on: - elasticsearch: - condition: service_healthy - cap_add: - - SYS_PTRACE - security_opt: - - apparmor=unconfined - ports: - - "64301:64301" - image: "dtagdevsec/netdata:1804" - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - # Nginx service nginx: container_name: nginx @@ -365,20 +345,6 @@ services: - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - /data/nginx/log/:/var/log/nginx/ -# Portainer service - portainer: - container_name: portainer - command: -H unix:///var/run/docker.sock --no-auth - restart: always - networks: - - portainer_local - ports: - - "127.0.0.1:64299:9000" - image: "dtagdevsec/portainer:1804" - read_only: true - volumes: - - /var/run/docker.sock:/var/run/docker.sock - # Spiderfoot service spiderfoot: container_name: spiderfoot @@ -390,16 +356,3 @@ services: image: "dtagdevsec/spiderfoot:1804" volumes: - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db - -# Wetty service - wetty: - container_name: wetty - restart: always - stop_signal: SIGKILL - network_mode: "host" - env_file: - - /opt/tpot/etc/compose/wetty_environment - tmpfs: - - /home/wetty/.ssh/:uid=2000,gid=2000 - image: "dtagdevsec/wetty:1804" - read_only: true diff --git a/etc/compose/legacy.yml b/etc/compose/legacy.yml index 7c11b663..0aafb2ea 100644 --- a/etc/compose/legacy.yml +++ b/etc/compose/legacy.yml @@ -290,26 +290,6 @@ services: - /data:/data - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip -# Netdata service - netdata: - container_name: netdata - restart: always - network_mode: "host" - depends_on: - elasticsearch: - condition: service_healthy - cap_add: - - SYS_PTRACE - security_opt: - - apparmor=unconfined - ports: - - "64301:64301" - image: "dtagdevsec/netdata:1804" - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - # Nginx service nginx: container_name: nginx @@ -331,20 +311,6 @@ services: - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - /data/nginx/log/:/var/log/nginx/ -# Portainer service - portainer: - container_name: portainer - command: -H unix:///var/run/docker.sock --no-auth - restart: always - networks: - - portainer_local - ports: - - "127.0.0.1:64299:9000" - image: "dtagdevsec/portainer:1804" - read_only: true - volumes: - - /var/run/docker.sock:/var/run/docker.sock - # Spiderfoot service spiderfoot: container_name: spiderfoot @@ -357,15 +323,3 @@ services: volumes: - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db -# Wetty service - wetty: - container_name: wetty - restart: always - stop_signal: SIGKILL - network_mode: "host" - env_file: - - /opt/tpot/etc/compose/wetty_environment - tmpfs: - - /home/wetty/.ssh/:uid=2000,gid=2000 - image: "dtagdevsec/wetty:1804" - read_only: true diff --git a/etc/compose/standard.yml b/etc/compose/standard.yml index 21d432a7..6ec62fee 100644 --- a/etc/compose/standard.yml +++ b/etc/compose/standard.yml @@ -16,7 +16,6 @@ networks: vnclowpot_local: ewsposter_local: spiderfoot_local: - portainer_local: services: @@ -505,26 +504,6 @@ services: - /data:/data - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip -# Netdata service - netdata: - container_name: netdata - restart: always - network_mode: "host" - depends_on: - elasticsearch: - condition: service_healthy - cap_add: - - SYS_PTRACE - security_opt: - - apparmor=unconfined - ports: - - "64301:64301" - image: "dtagdevsec/netdata:1804" - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - # Nginx service nginx: container_name: nginx @@ -546,20 +525,6 @@ services: - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - /data/nginx/log/:/var/log/nginx/ -# Portainer service - portainer: - container_name: portainer - command: -H unix:///var/run/docker.sock --no-auth - restart: always - networks: - - portainer_local - ports: - - "127.0.0.1:64299:9000" - image: "dtagdevsec/portainer:1804" - read_only: true - volumes: - - /var/run/docker.sock:/var/run/docker.sock - # Spiderfoot service spiderfoot: container_name: spiderfoot @@ -572,15 +537,3 @@ services: volumes: - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db -# Wetty service - wetty: - container_name: wetty - restart: always - stop_signal: SIGKILL - network_mode: "host" - env_file: - - /opt/tpot/etc/compose/wetty_environment - tmpfs: - - /home/wetty/.ssh/:uid=2000,gid=2000 - image: "dtagdevsec/wetty:1804" - read_only: true diff --git a/host/etc/issue b/host/etc/issue index 55e4287e..fcad492c 100644 --- a/host/etc/issue +++ b/host/etc/issue @@ -1,12 +1,12 @@  -┌───────────────────────────────────────────────────┐ -│ _____ ____ _ _ ___ ___ _ _ │ -│|_ _| | _ \\ ___ | |_ / |( _ ) / _ \\| || | │ -│ | |_____| |_) / _ \\| __| | |/ _ \\| | | | || |_ │ -│ | |_____| __/ (_) | |_ | | (_) | |_| |__ _|│ -│ |_| |_| \\___/ \\__| |_|\\___(_)___/ |_| │ -│ │ -└───────────────────────────────────────────────────┘ +┌────────────────────────────────────────────────┐ +│ _____ ____ _ _ ___ _ ___ │ +│|_ _| | _ \\ ___ | |_ / |( _ ) / |/ _ \\ │ +│ | |_____| |_) / _ \\| __| | |/ _ \\ | | | | |│ +│ | |_____| __/ (_) | |_ | | (_) || | |_| |│ +│ |_| |_| \\___/ \\__| |_|\\___(_)_|\\___/ │ +│ │ +└────────────────────────────────────────────────┘ ,---- [ \n ] [ \d ] [ \t ] @@ -14,6 +14,7 @@ | IP: | SSH: | WEB: +| ADMIN: | `---- diff --git a/iso/installer/install.sh b/iso/installer/install.sh index fa562225..8c1fb2e7 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -131,7 +131,7 @@ fi # Let's check if all dependencies are met function fuGET_DEPS { -local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant" +local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant" echo echo "### Getting update information." echo @@ -610,7 +610,8 @@ myHOST=$a$n hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF -# Let's patch sshd_config +# Let's patch cockpit.socket, sshd_config +sed -i 's#ListenStream=9090#ListeStream=64294#' /etc/systemd/system/sockets.target.wants/cockpit.socket 2>&1 | dialog --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF sed -i 's#\#Port 22#Port 64295#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF # Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started @@ -685,11 +686,23 @@ dialog --title "[ Setup fail2ban config ]" $myPROGRESSBOXCONF <&1>/dev/null < Date: Sat, 23 Jun 2018 21:31:11 +0000 Subject: [PATCH 11/11] prepare for testing, remove breakpoints, clean up --- iso/installer/install.sh | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 8c1fb2e7..a59ce738 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -1,10 +1,6 @@ #!/bin/bash # T-Pot Universal Installer -#### to do -#### 1. use fail2ban -#### 2. use cockpit - ################################## # Extract command line arguments # ################################## @@ -450,16 +446,6 @@ if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; htpasswd -b -c /data/nginx/conf/nginxpasswd "$myCONF_WEB_USER" "$myCONF_WEB_PW" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; fi -################ -echo $myCONF_TPOT_FLAVOR -echo $myCONF_TPOT_USER -echo $myCONF_TPOT_PW -echo $myCONF_WEB_USER -echo $myCONF_WEB_PW - - -##### exit ##### -exit ######################## # Installation section #