From d6077792b975555aee4f651abe4ca32f9564fa6b Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <m.ochse@telekom.de>
Date: Sat, 23 Jun 2018 21:23:33 +0000
Subject: [PATCH] continue working on installer

remove portainer
remove wetty
remove netdata
add cockpit
tweak fail2ban for cockpit, sshd, nginx
update logo to 18.10
remove configs with regard to portainer, wetty, netdata
adjust packages for install.sh, preseed
---
 bin/updateip.sh                     |  4 +--
 docker/nginx/dist/conf/tpotweb.conf | 41 +++----------------------
 docker/nginx/dist/html/navbar.html  |  9 +++---
 etc/compose/collector.yml           | 46 ----------------------------
 etc/compose/experimental.yml        | 46 ----------------------------
 etc/compose/industrial.yml          | 47 -----------------------------
 etc/compose/legacy.yml              | 46 ----------------------------
 etc/compose/standard.yml            | 47 -----------------------------
 host/etc/issue                      | 17 ++++++-----
 iso/installer/install.sh            | 19 ++++++++++--
 iso/preseed/tpot.seed               |  2 +-
 11 files changed, 36 insertions(+), 288 deletions(-)

diff --git a/bin/updateip.sh b/bin/updateip.sh
index b7d8080d..a0eecba1 100755
--- a/bin/updateip.sh
+++ b/bin/updateip.sh
@@ -12,6 +12,7 @@ mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1)
 sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
 sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
 sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
+sed -i "s#ADMIN:.*#ADMIN: https://$myLOCALIP:64294#" /etc/issue
 tee /data/ews/conf/ews.ip << EOF
 [MAIN]
 ip = $myEXTIP
@@ -21,8 +22,5 @@ MY_EXTIP=$myEXTIP
 MY_INTIP=$myLOCALIP
 MY_HOSTNAME=$HOSTNAME
 EOF
-tee /opt/tpot/etc/compose/wetty_environment << EOF
-MY_SSHUSER=$mySSHUSER
-EOF
 chown tpot:tpot /data/ews/conf/ews.ip
 chmod 760 /data/ews/conf/ews.ip
diff --git a/docker/nginx/dist/conf/tpotweb.conf b/docker/nginx/dist/conf/tpotweb.conf
index 67cf9208..5dc71ec5 100644
--- a/docker/nginx/dist/conf/tpotweb.conf
+++ b/docker/nginx/dist/conf/tpotweb.conf
@@ -2,11 +2,6 @@
 ### NGINX T-Pot configuration file by mo ###
 ############################################
 
-###################################
-### Allow for 60 reloads per minute
-###################################
-limit_req_zone $binary_remote_addr zone=base:1m rate=1r/s;
-
 server {
 
     #########################
@@ -39,16 +34,16 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:10m;
 
- 
+
     ####################################
     ### OWASP recommendations / settings
     ####################################
 
     ### Size Limits & Buffer Overflows 
     ### the size may be configured based on the needs. 
-    client_body_buffer_size  100K;
+    client_body_buffer_size  128k;
     client_header_buffer_size 1k;
-    client_max_body_size 100k;
+    client_max_body_size 256k;
     large_client_header_buffers 2 1k;
 
     ### Mitigate Slow HHTP DoS Attack
@@ -89,14 +84,6 @@ server {
     auth_basic_user_file /etc/nginx/nginxpasswd;
 
 
-    ##############################
-    ### Limit brute-force attempts
-    ##############################
-    location = / {
-      limit_req zone=base burst=1 nodelay;
-    }   
-
-
     #################
     ### Proxied sites
     #################
@@ -119,27 +106,6 @@ server {
         rewrite /myhead/(.*)$ /$1 break;
     }
 
-    ### portainer
-    location /ui {
-        proxy_pass http://127.0.0.1:64299;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $http_connection;
-        proxy_set_header Host $host;
-        proxy_redirect off;
-        rewrite /ui/(.*)$ /$1 break;
-    }
-    ### web tty
-    location /wetty {
-       proxy_pass http://127.0.0.1:64300/wetty;
-    }  
-
-    ### netdata
-    location /netdata/ {
-        proxy_pass http://localhost:64301;
-        rewrite /netdata/(.*)$ /$1 break;
-    }
-
     ### spiderfoot
     location /spiderfoot {
         proxy_pass http://127.0.0.1:64303;
@@ -156,4 +122,5 @@ server {
         location /scandelete {
             proxy_pass http://127.0.0.1:64303/spiderfoot/scandelete;
         }
+
 }
diff --git a/docker/nginx/dist/html/navbar.html b/docker/nginx/dist/html/navbar.html
index e3954f74..0069a138 100644
--- a/docker/nginx/dist/html/navbar.html
+++ b/docker/nginx/dist/html/navbar.html
@@ -10,12 +10,13 @@
   <body bgcolor="#E20074">
     <center>
       <a href="/tpotweb.html" target="_top" class="btn">Home</a>
-      <a href="/kibana" target="main" class="btn">Kibana</a>
+      <script language="JavaScript">
+        document.write('<a href="' + window.location.protocol + '//' + window.location.hostname + ':64294' + '" target="_blank" class="btn">Cockpit</a> ' );
+      </script>
       <a href="/myhead/" target="main" class="btn">ES Head</a>
-      <a href="/netdata/" target="_blank" class="btn">Netdata</a>
+      <a href="/kibana" target="main" class="btn">Kibana</a>
       <a href="/spiderfoot/" target="main" class="btn">Spiderfoot</a>
-      <a href="/ui/" target="main" class="btn">Portainer</a>
-      <a href="/wetty/" target="main" class="btn">WebTTY</a>
     </center>
   </body>
 </html>
+
diff --git a/etc/compose/collector.yml b/etc/compose/collector.yml
index 1586fc39..36619a18 100644
--- a/etc/compose/collector.yml
+++ b/etc/compose/collector.yml
@@ -171,26 +171,6 @@ services:
      - /data:/data
      - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 
-# Netdata service
-  netdata:
-    container_name: netdata
-    restart: always
-    network_mode: "host"
-    depends_on:
-      elasticsearch:
-        condition: service_healthy
-    cap_add:
-     - SYS_PTRACE
-    security_opt:
-     - apparmor=unconfined
-    ports:
-     - "64301:64301"
-    image: "dtagdevsec/netdata:1804"
-    volumes:
-     - /proc:/host/proc:ro
-     - /sys:/host/sys:ro
-     - /var/run/docker.sock:/var/run/docker.sock:ro
-
 # Nginx service
   nginx:
     container_name: nginx
@@ -212,20 +192,6 @@ services:
      - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
      - /data/nginx/log/:/var/log/nginx/
 
-# Portainer service
-  portainer:
-    container_name: portainer
-    command:  -H unix:///var/run/docker.sock --no-auth
-    restart: always
-    networks:
-     - portainer_local
-    ports:
-     - "127.0.0.1:64299:9000"
-    image: "dtagdevsec/portainer:1804"
-    read_only: true
-    volumes:
-     - /var/run/docker.sock:/var/run/docker.sock
-
 # Spiderfoot service
   spiderfoot:
     container_name: spiderfoot
@@ -238,15 +204,3 @@ services:
     volumes:
      - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
 
-# Wetty service
-  wetty:
-    container_name: wetty
-    restart: always
-    stop_signal: SIGKILL
-    network_mode: "host"
-    env_file:
-     - /opt/tpot/etc/compose/wetty_environment
-    tmpfs:
-     - /home/wetty/.ssh/:uid=2000,gid=2000
-    image: "dtagdevsec/wetty:1804"
-    read_only: true
diff --git a/etc/compose/experimental.yml b/etc/compose/experimental.yml
index 39f928cb..b20d1f26 100644
--- a/etc/compose/experimental.yml
+++ b/etc/compose/experimental.yml
@@ -505,26 +505,6 @@ services:
      - /data:/data
      - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 
-# Netdata service
-  netdata:
-    container_name: netdata
-    restart: always
-    network_mode: "host"
-    depends_on:
-      elasticsearch:
-        condition: service_healthy
-    cap_add:
-     - SYS_PTRACE
-    security_opt:
-     - apparmor=unconfined
-    ports:
-     - "64301:64301"
-    image: "dtagdevsec/netdata:1804"
-    volumes:
-     - /proc:/host/proc:ro
-     - /sys:/host/sys:ro
-     - /var/run/docker.sock:/var/run/docker.sock:ro
-
 # Nginx service
   nginx:
     container_name: nginx
@@ -546,20 +526,6 @@ services:
      - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
      - /data/nginx/log/:/var/log/nginx/
 
-# Portainer service
-  portainer:
-    container_name: portainer
-    command:  -H unix:///var/run/docker.sock --no-auth
-    restart: always
-    networks:
-     - portainer_local
-    ports:
-     - "127.0.0.1:64299:9000"
-    image: "dtagdevsec/portainer:1804"
-    read_only: true
-    volumes:
-     - /var/run/docker.sock:/var/run/docker.sock
-
 # Spiderfoot service
   spiderfoot:
     container_name: spiderfoot
@@ -572,15 +538,3 @@ services:
     volumes:
      - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
 
-# Wetty service
-  wetty:
-    container_name: wetty
-    restart: always
-    stop_signal: SIGKILL
-    network_mode: "host"
-    env_file:
-     - /opt/tpot/etc/compose/wetty_environment
-    tmpfs:
-     - /home/wetty/.ssh/:uid=2000,gid=2000
-    image: "dtagdevsec/wetty:1804"
-    read_only: true
diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml
index 04330c77..c653e6af 100644
--- a/etc/compose/industrial.yml
+++ b/etc/compose/industrial.yml
@@ -324,26 +324,6 @@ services:
      - /data:/data
      - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 
-# Netdata service
-  netdata:
-    container_name: netdata
-    restart: always
-    network_mode: "host"
-    depends_on:
-      elasticsearch:
-        condition: service_healthy
-    cap_add:
-     - SYS_PTRACE
-    security_opt:
-     - apparmor=unconfined
-    ports:
-     - "64301:64301"
-    image: "dtagdevsec/netdata:1804"
-    volumes:
-     - /proc:/host/proc:ro
-     - /sys:/host/sys:ro
-     - /var/run/docker.sock:/var/run/docker.sock:ro
-
 # Nginx service
   nginx:
     container_name: nginx
@@ -365,20 +345,6 @@ services:
      - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
      - /data/nginx/log/:/var/log/nginx/
 
-# Portainer service
-  portainer:
-    container_name: portainer
-    command:  -H unix:///var/run/docker.sock --no-auth
-    restart: always
-    networks:
-     - portainer_local
-    ports:
-     - "127.0.0.1:64299:9000"
-    image: "dtagdevsec/portainer:1804"
-    read_only: true
-    volumes:
-     - /var/run/docker.sock:/var/run/docker.sock
-
 # Spiderfoot service
   spiderfoot:
     container_name: spiderfoot
@@ -390,16 +356,3 @@ services:
     image: "dtagdevsec/spiderfoot:1804"
     volumes:
      - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
-
-# Wetty service
-  wetty:
-    container_name: wetty
-    restart: always
-    stop_signal: SIGKILL
-    network_mode: "host"
-    env_file:
-     - /opt/tpot/etc/compose/wetty_environment
-    tmpfs:
-     - /home/wetty/.ssh/:uid=2000,gid=2000
-    image: "dtagdevsec/wetty:1804"
-    read_only: true
diff --git a/etc/compose/legacy.yml b/etc/compose/legacy.yml
index 7c11b663..0aafb2ea 100644
--- a/etc/compose/legacy.yml
+++ b/etc/compose/legacy.yml
@@ -290,26 +290,6 @@ services:
      - /data:/data
      - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 
-# Netdata service
-  netdata:
-    container_name: netdata
-    restart: always
-    network_mode: "host"
-    depends_on:
-      elasticsearch:
-        condition: service_healthy
-    cap_add:
-     - SYS_PTRACE
-    security_opt:
-     - apparmor=unconfined
-    ports:
-     - "64301:64301"
-    image: "dtagdevsec/netdata:1804"
-    volumes:
-     - /proc:/host/proc:ro
-     - /sys:/host/sys:ro
-     - /var/run/docker.sock:/var/run/docker.sock:ro
-
 # Nginx service
   nginx:
     container_name: nginx
@@ -331,20 +311,6 @@ services:
      - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
      - /data/nginx/log/:/var/log/nginx/
 
-# Portainer service
-  portainer:
-    container_name: portainer
-    command:  -H unix:///var/run/docker.sock --no-auth
-    restart: always
-    networks:
-     - portainer_local
-    ports:
-     - "127.0.0.1:64299:9000"
-    image: "dtagdevsec/portainer:1804"
-    read_only: true
-    volumes:
-     - /var/run/docker.sock:/var/run/docker.sock
-
 # Spiderfoot service
   spiderfoot:
     container_name: spiderfoot
@@ -357,15 +323,3 @@ services:
     volumes:
      - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
 
-# Wetty service
-  wetty:
-    container_name: wetty
-    restart: always
-    stop_signal: SIGKILL
-    network_mode: "host"
-    env_file:
-     - /opt/tpot/etc/compose/wetty_environment
-    tmpfs:
-     - /home/wetty/.ssh/:uid=2000,gid=2000
-    image: "dtagdevsec/wetty:1804"
-    read_only: true
diff --git a/etc/compose/standard.yml b/etc/compose/standard.yml
index 21d432a7..6ec62fee 100644
--- a/etc/compose/standard.yml
+++ b/etc/compose/standard.yml
@@ -16,7 +16,6 @@ networks:
   vnclowpot_local:
   ewsposter_local:
   spiderfoot_local:
-  portainer_local:
 
 services:
 
@@ -505,26 +504,6 @@ services:
      - /data:/data
      - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 
-# Netdata service
-  netdata:
-    container_name: netdata
-    restart: always
-    network_mode: "host"
-    depends_on:
-      elasticsearch:
-        condition: service_healthy
-    cap_add:
-     - SYS_PTRACE
-    security_opt:
-     - apparmor=unconfined
-    ports:
-     - "64301:64301"
-    image: "dtagdevsec/netdata:1804"
-    volumes:
-     - /proc:/host/proc:ro
-     - /sys:/host/sys:ro
-     - /var/run/docker.sock:/var/run/docker.sock:ro
-
 # Nginx service
   nginx:
     container_name: nginx
@@ -546,20 +525,6 @@ services:
      - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
      - /data/nginx/log/:/var/log/nginx/
 
-# Portainer service
-  portainer:
-    container_name: portainer
-    command:  -H unix:///var/run/docker.sock --no-auth
-    restart: always
-    networks:
-     - portainer_local
-    ports:
-     - "127.0.0.1:64299:9000"
-    image: "dtagdevsec/portainer:1804"
-    read_only: true
-    volumes:
-     - /var/run/docker.sock:/var/run/docker.sock
-
 # Spiderfoot service
   spiderfoot:
     container_name: spiderfoot
@@ -572,15 +537,3 @@ services:
     volumes:
      - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db
 
-# Wetty service
-  wetty:
-    container_name: wetty
-    restart: always
-    stop_signal: SIGKILL
-    network_mode: "host"
-    env_file:
-     - /opt/tpot/etc/compose/wetty_environment
-    tmpfs:
-     - /home/wetty/.ssh/:uid=2000,gid=2000
-    image: "dtagdevsec/wetty:1804"
-    read_only: true
diff --git a/host/etc/issue b/host/etc/issue
index 55e4287e..fcad492c 100644
--- a/host/etc/issue
+++ b/host/etc/issue
@@ -1,12 +1,12 @@
 
-┌───────────────────────────────────────────────────┐
-│ _____     ____       _       _  ___   ___  _  _   │
-│|_   _|   |  _ \\ ___ | |_    / |( _ ) / _ \\| || |  │
-│  | |_____| |_) / _ \\| __|   | |/ _ \\| | | | || |_ │
-│  | |_____|  __/ (_) | |_    | | (_) | |_| |__   _|│
-│  |_|     |_|   \\___/ \\__|   |_|\\___(_)___/   |_|  │
-│                                                   │
-└───────────────────────────────────────────────────┘
+┌────────────────────────────────────────────────┐
+│ _____     ____       _        _  ___   _  ___  │
+│|_   _|   |  _ \\ ___ | |_     / |( _ ) / |/ _ \\ │
+│  | |_____| |_) / _ \\| __|    | |/ _ \\ | | | | |│
+│  | |_____|  __/ (_) | |_     | | (_) || | |_| |│
+│  |_|     |_|   \\___/ \\__|    |_|\\___(_)_|\\___/ │
+│                                                │
+└────────────────────────────────────────────────┘
 
 
 ,---- [ \n ] [ \d ] [ \t ]
@@ -14,6 +14,7 @@
 | IP:
 | SSH:
 | WEB:
+| ADMIN:
 |
 `----
 
diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index fa562225..8c1fb2e7 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -131,7 +131,7 @@ fi
 
 # Let's check if all dependencies are met
 function fuGET_DEPS {
-local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
+local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
 echo
 echo "### Getting update information."
 echo
@@ -610,7 +610,8 @@ myHOST=$a$n
 hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
 sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
 
-# Let's patch sshd_config
+# Let's patch cockpit.socket, sshd_config
+sed -i 's#ListenStream=9090#ListeStream=64294#' /etc/systemd/system/sockets.target.wants/cockpit.socket 2>&1 | dialog --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF
 sed -i 's#\#Port 22#Port 64295#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF
 
 # Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started
@@ -685,11 +686,23 @@ dialog --title "[ Setup fail2ban config ]" $myPROGRESSBOXCONF <<EOF
 EOF
 tee /etc/fail2ban/jail.d/tpot.conf 2>&1>/dev/null <<EOF
 [DEFAULT]
-ignoreip = 127.0.0.1/8
+ignore-ip = 127.0.0.1/8
 bantime = 3600
 findtime = 600
 maxretry = 5
 
+[nginx-http-auth]
+enabled  = true
+filter   = nginx-http-auth
+port     = 64297
+logpath  = /data/nginx/log/error.log
+
+[pam-generic]
+enabled = true
+port    = 64294
+filter  = pam-generic
+logpath = /var/log/auth.log
+
 [sshd]
 enabled = true
 port    = 64295
diff --git a/iso/preseed/tpot.seed b/iso/preseed/tpot.seed
index ade230aa..15b2f7ff 100755
--- a/iso/preseed/tpot.seed
+++ b/iso/preseed/tpot.seed
@@ -101,7 +101,7 @@ tasksel tasksel/first multiselect ubuntu-server
 ########################
 ### Package Installation
 ########################
-d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant
+d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant
 
 #################
 ### Update Policy