diff --git a/bin/backup_es_folders.sh b/bin/backup_es_folders.sh index 9a621f40..a66814d0 100755 --- a/bin/backup_es_folders.sh +++ b/bin/backup_es_folders.sh @@ -1,4 +1,13 @@ #!/bin/bash +# Run as root only. +myWHOAMI=$(whoami) +if [ "$myWHOAMI" != "root" ] + then + echo "Need to run as root ..." + sudo ./$0 + exit +fi + # Backup all ES relevant folders # Make sure ES is available myES="http://127.0.0.1:64298/" diff --git a/bin/clean.sh b/bin/clean.sh index 71cca162..3b7e8c42 100755 --- a/bin/clean.sh +++ b/bin/clean.sh @@ -1,6 +1,5 @@ #!/bin/bash # T-Pot Container Data Cleaner & Log Rotator - # Set colors myRED="" myGREEN="" diff --git a/bin/dps.sh b/bin/dps.sh index 09d6c098..936f693e 100755 --- a/bin/dps.sh +++ b/bin/dps.sh @@ -1,4 +1,14 @@ #/bin/bash + +# Run as root only. +myWHOAMI=$(whoami) +if [ "$myWHOAMI" != "root" ] + then + echo "Need to run as root ..." + sudo ./$0 + exit +fi + # Show current status of T-Pot containers myPARAM="$1" myCONTAINERS="$(cat /opt/tpot/etc/tpot.yml | grep -v '#' | grep container_name | cut -d: -f2 | sort | tr -d " ")" @@ -16,7 +26,6 @@ function fuGETSYS { printf "========| System |========\n" printf "%+10s %-20s\n" "Date: " "$(date)" printf "%+10s %-20s\n" "Uptime: " "$(uptime | cut -b 2-)" -printf "%+10s %-20s\n" "CPU temp: " "$(sensors | grep 'Physical' | awk '{ print $4" " }' | tr -d [:cntrl:])" echo } diff --git a/bin/sissden_optin.sh b/bin/sissden_optin.sh index ab76beaa..aa8099a4 100755 --- a/bin/sissden_optin.sh +++ b/bin/sissden_optin.sh @@ -1,5 +1,14 @@ #!/bin/bash +# Run as root only. +myWHOAMI=$(whoami) +if [ "$myWHOAMI" != "root" ] + then + echo "Need to run as root ..." + sudo ./$0 + exit +fi + myTPOTYMLFILE="/opt/tpot/etc/tpot.yml" echo "SISSDEN Delivery Opt-In for EWSPoster" diff --git a/bin/tped.sh b/bin/tped.sh index 4e8769f9..f71d6c34 100755 --- a/bin/tped.sh +++ b/bin/tped.sh @@ -1,5 +1,14 @@ #!/bin/bash +# Run as root only. +myWHOAMI=$(whoami) +if [ "$myWHOAMI" != "root" ] + then + echo "Need to run as root ..." + sudo ./$0 + exit +fi + # set backtitle, get filename myBACKTITLE="T-Pot Edition Selection Tool" myYMLS=$(cd /opt/tpot/etc/compose/ && ls -1 *.yml) diff --git a/etc/compose/legacy.yml b/etc/compose/legacy.yml deleted file mode 100644 index f28a40ea..00000000 --- a/etc/compose/legacy.yml +++ /dev/null @@ -1,338 +0,0 @@ -# T-Pot (Legacy) -# Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton) -version: '2.3' - -networks: - cowrie_local: - elasticpot_local: - glastopf_local: - heralding_local: - mailoney_local: - rdpy_local: - ewsposter_local: - spiderfoot_local: - -services: - -################## -#### Honeypots -################## - -# Cowrie service - cowrie: - container_name: cowrie - restart: always - tmpfs: - - /tmp/cowrie:uid=2000,gid=2000 - - /tmp/cowrie/data:uid=2000,gid=2000 - networks: - - cowrie_local - ports: - - "22:22" - - "23:23" - image: "dtagdevsec/cowrie:1903" - read_only: true - volumes: - - /data/cowrie/downloads:/home/cowrie/cowrie/dl - - /data/cowrie/keys:/home/cowrie/cowrie/etc - - /data/cowrie/log:/home/cowrie/cowrie/log - - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - -# Dionaea service - dionaea: - container_name: dionaea - stdin_open: true - tty: true - restart: always - network_mode: "host" - ports: - - "20:20" - - "21:21" - - "42:42" - - "69:69/udp" - - "81:81" - - "135:135" - - "443:443" - - "445:445" - - "1433:1433" - - "1723:1723" - - "1883:1883" - - "3306:3306" - - "5060:5060" - - "5060:5060/udp" - - "5061:5061" - - "27017:27017" - image: "dtagdevsec/dionaea:1903" - read_only: true - volumes: - - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www - - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp - - /data/dionaea:/opt/dionaea/var/dionaea - - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries - - /data/dionaea/log:/opt/dionaea/var/log - - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp - -# Elasticpot service - elasticpot: - container_name: elasticpot - restart: always - networks: - - elasticpot_local - ports: - - "9200:9200" - image: "dtagdevsec/elasticpot:1903" - read_only: true - volumes: - - /data/elasticpot/log:/opt/ElasticpotPY/log - -# Glastopf service - glastopf: - container_name: glastopf - tmpfs: - - /tmp/glastopf:uid=2000,gid=2000 - restart: always - networks: - - glastopf_local - ports: - - "80:80" - image: "dtagdevsec/glastopf:1903" - read_only: true - volumes: - - /data/glastopf/db:/tmp/glastopf/db - - /data/glastopf/log:/tmp/glastopf/log - -# Heralding service - heralding: - container_name: heralding - restart: always - tmpfs: - - /tmp/heralding:uid=2000,gid=2000 - networks: - - heralding_local - ports: - # - "21:21" - # - "22:22" - # - "23:23" - # - "25:25" - # - "80:80" - # - "110:110" - # - "143:143" - # - "443:443" - # - "993:993" - # - "995:995" - # - "5432:5432" - - "5900:5900" - image: "dtagdevsec/heralding:1903" - read_only: true - volumes: - - /data/heralding/log:/var/log/heralding - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - tmpfs: - - /tmp/honeytrap:uid=2000,gid=2000 - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:1903" - read_only: true - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - -# Mailoney service - mailoney: - container_name: mailoney - restart: always - environment: - - HPFEEDS_SERVER= - - HPFEEDS_IDENT=user - - HPFEEDS_SECRET=pass - - HPFEEDS_PORT=20000 - - HPFEEDS_CHANNELPREFIX=prefix - networks: - - mailoney_local - ports: - - "25:25" - image: "dtagdevsec/mailoney:1903" - read_only: true - volumes: - - /data/mailoney/log:/opt/mailoney/logs - -# Rdpy service - rdpy: - container_name: rdpy - extra_hosts: - - hpfeeds.example.com:127.0.0.1 - restart: always - environment: - - HPFEEDS_SERVER=hpfeeds.example.com - - HPFEEDS_IDENT=user - - HPFEEDS_SECRET=pass - - HPFEEDS_PORT=65000 - - SERVERID=id - networks: - - rdpy_local - ports: - - "3389:3389" - image: "dtagdevsec/rdpy:1903" - read_only: true - volumes: - - /data/rdpy/log:/var/log/rdpy - - -################## -#### NSM -################## - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:1903" - read_only: true - volumes: - - /data/p0f/log:/var/log/p0f - -# Suricata service - suricata: - container_name: suricata - restart: always - environment: - # For ET Pro ruleset replace "OPEN" with your OINKCODE - - OINKCODE=OPEN - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:1903" - volumes: - - /data/suricata/log:/var/log/suricata - - -################## -#### Tools -################## - -#### ELK -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - ES_TMPDIR=/tmp - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - mem_limit: 4g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:1903" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:1903" - -## Logstash service - logstash: - container_name: logstash - restart: always - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/logstash:1903" - volumes: - - /data:/data - -## Elasticsearch-head service - head: - container_name: head - restart: always - depends_on: - elasticsearch: - condition: service_healthy - ports: - - "127.0.0.1:64302:9100" - image: "dtagdevsec/head:1903" - read_only: true - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - environment: - - EWS_HPFEEDS_ENABLE=false - - EWS_HPFEEDS_HOST=host - - EWS_HPFEEDS_PORT=port - - EWS_HPFEEDS_CHANNELS=channels - - EWS_HPFEEDS_IDENT=user - - EWS_HPFEEDS_SECRET=secret - - EWS_HPFEEDS_TLSCERT=/opt/ewsposter/ca.pem - - EWS_HPFEEDS_FORMAT=json - env_file: - - /opt/tpot/etc/compose/elk_environment - image: "dtagdevsec/ewsposter:1903" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Nginx service - nginx: - container_name: nginx - restart: always - tmpfs: - - /var/tmp/nginx/client_body - - /var/tmp/nginx/proxy - - /var/tmp/nginx/fastcgi - - /var/tmp/nginx/uwsgi - - /var/tmp/nginx/scgi - - /run - network_mode: "host" - ports: - - "64297:64297" - image: "dtagdevsec/nginx:1903" - read_only: true - volumes: - - /data/nginx/cert/:/etc/nginx/cert/:ro - - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro - - /data/nginx/log/:/var/log/nginx/ - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:1903" - volumes: - - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 2a0cc9c5..2749cb81 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -14,7 +14,7 @@ myLSB_STABLE_SUPPORTED="stretch" myLSB_TESTING_SUPPORTED="sid" myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org" myPREINSTALLPACKAGES="apache2-utils curl dialog figlet grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet" -myINSTALLPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" +myINSTALLPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" myINFO="\ ######################################## ### T-Pot Installer for Debian (Sid) ### @@ -485,8 +485,7 @@ if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "use "SENSOR" "Just Honeypots, EWS Poster & NSM" \ "INDUSTRIAL" "Conpot, RDPY, Vnclowpot, ELK, NSM & Tools" \ "COLLECTOR" "Heralding, ELK, NSM & Tools" \ - "NEXTGEN" "NextGen (Glutton instead of Honeytrap)" \ - "LEGACY" "Standard Edition from previous release" 3>&1 1>&2 2>&3 3>&-) + "NEXTGEN" "NextGen (Glutton, HoneyPy)" 3>&1 1>&2 2>&3 3>&-) fi # Let's ask for a secure tsec password if installation type is iso @@ -701,10 +700,6 @@ case $myCONF_TPOT_FLAVOR in fuBANNER "NEXTGEN" ln -s /opt/tpot/etc/compose/nextgen.yml $myTPOTCOMPOSE ;; - LEGACY) - fuBANNER "LEGACY" - ln -s /opt/tpot/etc/compose/legacy.yml $myTPOTCOMPOSE - ;; esac # Let's load docker images in parallel diff --git a/update.sh b/update.sh index 38a2e817..dd290df3 100755 --- a/update.sh +++ b/update.sh @@ -169,7 +169,7 @@ echo function fuUPDATER () { export DEBIAN_FRONTEND=noninteractive -local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" +local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" echo "### Now upgrading packages ..." dpkg --configure -a apt-get -y autoclean