Merge pull request #48 from dtag-dev-sec/16.10web

16.10web
2025-07-02 01:27:27 -04:00 · 2016-08-08 02:54:35 +02:00
parent cef8e5fded f038173920
commit f57c5e5e41
28 changed files with 506 additions and 124 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -0,0 +1,38 @@
 # Contribution
 Thank you for your decision to contribute to T-Pot.
 ## Issues
 Please feel free to post your problems, ideas and issues [here](https://github.com/dtag-dev-sec/tpotce/issues). We will try to answer ASAP, but to speed things up we encourage you to ...
 - [ ] Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
 - [ ] Check the [FAQ](#faq)
 - [ ] Provide [basic support information](#info) with regard to your issue
 Thank you :smiley:
 -
 <a name="faq"></a>
 ### FAQ
 ##### Where can I find the honeypot logs?
 ###### The honeypot logs are located in `/data/`. You have to login via ssh and run `sudo cd /data/`. Do not change any permissions here or T-Pot will fail to work.
 -
 <a name="info"></a>
 ### Baisc support information
 - What T-Pot version are you currtently using?
 - Are you running on a Intel NUC or a VM?
 - How long has your installation been running?
 - Did you install any upgrades or packages?
 - Did you modify any scripts?
 - Have you turned persistence on/off?
 - How much RAM available (login via ssh and run `htop`)?
 - How much stress are the CPUs under (login via ssh and run `htop`)?
 - How much swap space is being used (login via ssh and run `htop`)?
 - How much free disk space is available (login via ssh and run `sudo df -h`)?
 - What is the current container status (login via ssh and run `sudo start.sh`)?
--- a/installer/bin/check.sh
+++ b/installer/bin/check.sh
@ -19,20 +19,23 @@ touch /var/run/check.lock
 myUPTIME=$(awk '{print int($1/60)}' /proc/uptime)
 for i in $myIMAGES
  do
-    myCIDSTATUS=$(docker exec $i supervisorctl status)
+    if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ];
-      if [ $? -ne 0 ];
+      then
-        then
+        myCIDSTATUS=$(docker exec $i supervisorctl status)
-          myCIDSTATUS=1
+        if [ $? -ne 0 ];
-        else
+          then
-          myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)")
+            myCIDSTATUS=1
-      fi
+          else
-      if [ $myUPTIME -gt 4 ] && [ $myCIDSTATUS -gt 0 ];
+            myCIDSTATUS=$(echo $myCIDSTATUS | egrep -c "(STOPPED|FATAL)")
-        then
+        fi
-          echo "Restarting "$i"."
+        if [ $myUPTIME -gt 4 ] && [ $myCIDSTATUS -gt 0 ];
-          systemctl stop $i
+          then
-          sleep 5
+            echo "Restarting "$i"."
-          systemctl start $i
+            systemctl stop $i
-      fi
+            sleep 5
            systemctl start $i
        fi
    fi
 done
 rm /var/run/check.lock
--- a/installer/bin/clean.sh
+++ b/installer/bin/clean.sh
--- a/installer/bin/dps.sh
+++ b/installer/bin/dps.sh
@ -0,0 +1,2 @@
 #/bin/bash
 docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited | GREP_COLORS='mt=01;35' egrep --color=always "(^[_a-z-]+ |$)|$" | GREP_COLORS='mt=01;32' egrep --color=always "(Up[ 0-9a-Z ]+ |$)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago|$)|$"
--- a/installer/bin/status.sh
+++ b/installer/bin/status.sh
@ -42,7 +42,10 @@ echo CPU temp: $(sensors | grep "Physical" | awk '{ print $4 }')
 echo
 for i in $myIMAGES
 do
-  echo "======| Container:" $i "|======"
+  if [ "$i" != "ui-for-docker" ] && [ "$i" != "netdata" ];
-  docker exec $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$"
+  then
-  echo
+    echo "======| Container:" $i "|======"
    docker exec $i supervisorctl status | GREP_COLORS='mt=01;32' egrep --color=always "(RUNNING)|$" | GREP_COLORS='mt=01;31' egrep --color=always "(STOPPED|FATAL)|$"
    echo
  fi
 done
--- a/installer/data/ews/conf/ews.cfg
+++ b/installer/data/ews/conf/ews.cfg
@ -4,7 +4,7 @@ spooldir = /opt/ewsposter/spool/
 logdir = /opt/ewsposter/log/
 del_malware_after_send = false
 send_malware = true
-sendlimit = 10
+sendlimit = 400
 contact = your_email_address
 proxy =
 ip =
--- a/installer/data/imgcfg/all_images.conf
+++ b/installer/data/imgcfg/all_images.conf
@ -7,3 +7,5 @@ emobility
 glastopf
 honeytrap
 suricata
 netdata
 ui-for-docker
--- a/installer/data/imgcfg/industrial_images.conf
+++ b/installer/data/imgcfg/industrial_images.conf
@ -2,3 +2,5 @@ conpot
 elk
 emobility
 suricata
 netdata
 ui-for-docker
--- a/installer/data/imgcfg/tpot_images.conf
+++ b/installer/data/imgcfg/tpot_images.conf
@ -5,3 +5,5 @@ elk
 glastopf
 honeytrap
 suricata
 netdata
 ui-for-docker
--- a/installer/data/systemd/elk.service
+++ b/installer/data/systemd/elk.service
@ -8,7 +8,7 @@ Restart=always
 ExecStartPre=-/usr/bin/docker stop elk
 ExecStartPre=-/usr/bin/docker rm -v elk
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk'
-ExecStart=/usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:8080 -p 127.0.0.1:64297:9200 --rm=true dtagdevsec/elk:latest1610
+ExecStart=/usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:latest1610
 ExecStop=/usr/bin/docker stop elk
 [Install]
--- a/installer/data/systemd/honeytrap.service
+++ b/installer/data/systemd/honeytrap.service
@ -8,10 +8,15 @@ Restart=always
 ExecStartPre=-/usr/bin/docker stop honeytrap
 ExecStartPre=-/usr/bin/docker rm -v honeytrap
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh honeytrap off'
-ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061 -j NFQUEUE
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE
 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 81,102,161,502,8080,9200 -j NFQUEUE
 ExecStart=/usr/bin/docker run --name honeytrap --cap-add=NET_ADMIN --net=host --rm=true -v /data/honeytrap:/data/honeytrap -v /data/ews:/data/ews dtagdevsec/honeytrap:latest1610
 ExecStop=/usr/bin/docker stop honeytrap
-ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 81,102,161,502,8080,9200 -j NFQUEUE
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295,64296,64297,64298,64299,64300,64301 -j NFQUEUE
 ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,42,80,135,443,445,1433,3306,5060,5061 -j NFQUEUE
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/netdata.service
+++ b/installer/data/systemd/netdata.service
@ -0,0 +1,14 @@
 [Unit]
 Description=netdata
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop netdata
 ExecStartPre=-/usr/bin/docker rm -v netdata
 ExecStart=/usr/bin/docker run --name netdata --net=host --cap-add=SYS_PTRACE --rm=true -v /proc:/host/proc:ro -v /sys:/host/sys:ro -v /var/run/docker.sock:/var/run/docker.sock dtagdevsec/netdata:latest1610
 ExecStop=/usr/bin/docker stop netdata 
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/ui-for-docker.service
+++ b/installer/data/systemd/ui-for-docker.service
@ -0,0 +1,14 @@
 [Unit]
 Description=ui-for-docker
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 ExecStartPre=-/usr/bin/docker stop ui-for-docker
 ExecStartPre=-/usr/bin/docker rm -v ui-for-docker
 ExecStart=/usr/bin/docker run --name ui-for-docker --rm=true -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:64299:9000 dtagdevsec/ui-for-docker:latest1610
 ExecStop=/usr/bin/docker stop ui-for-docker
 [Install]
 WantedBy=multi-user.target
--- a/installer/data/systemd/wetty.service
+++ b/installer/data/systemd/wetty.service
@ -0,0 +1,13 @@
 [Unit]
 Description=wetty
 Requires=sshd.service
 After=sshd.service
 [Service]
 Restart=always
 User=tsec
 Group=tsec
 ExecStart=/usr/bin/node /usr/local/lib/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295
 [Install]
 WantedBy=multi-user.target
--- a/installer/etc/issue
+++ b/installer/etc/issue
@ -1,7 +1,5 @@
 T-Pot 16.10 (development)
 Hostname: \n
 IP:
 ___________     _____________________________
 \\__    ___/     \\______   \\_____  \\__    ___/
@ -10,6 +8,9 @@ ___________     _____________________________
  |____|         |____|   \\_______  /____|
                                  \\/
 IP:
 SSH:
 WEB:
 CTRL+ALT+F2 - Display current container status
 CTRL+ALT+F1 - Return to this screen
--- a/installer/etc/nginx/nginxpasswd
+++ b/installer/etc/nginx/nginxpasswd
--- a/installer/etc/nginx/ssl/dhparam4096.pem
+++ b/installer/etc/nginx/ssl/dhparam4096.pem
@ -0,0 +1,13 @@
 -----BEGIN DH PARAMETERS-----
 MIICCAKCAgEAiHmfakVLOStSULBdaTbZY/zeFyEeQ19GY9Z5CJg06dIIgIzhxk9L
 4xsQdQk8giKOjP6SfX0ZgF5CYaurQ3ljYlP0UlAQQo9+fEErbqj3hCzAxtIpd6Yj
 SV6zFdnSjwxWuKAPPywiQNljnHH+Y1KBdbl5VQ9gC3ehtaLo1A4y8q96f6fC5rGU
 nfgw4lTxLvPD7NwaOdFTCyK8tTxvUGNJIvf7805IxZ0BvAiBuVaXStaMcqf5BHLP
 fYpvIiVaCrtto4elu18nL0tf2CN5n9ai4hlr0nPmNrE/Zrrur78Re5F4Ien9kr4d
 xabXvVJJQa9j2NdQO7vk7Cz/dAIiqt/1XKFhll4TTYBqrFVXIwF+FNx636zyOjcO
 nlZk/V+IL/UTPnZOv2PGt5+WetvJJubi6B9XgOgVLduI07woAp5qnRJJt6fJW1aA
 M86By6WLy5P31Py6eFj8nYgj1V703XgQ5lESKYpeVgqA0bh7daNzOCoGQvvUKlTP
 RTu6fs7clw5ta4yYUyvuIKTngH5yGBNdTuP0GWo6Y+Dy1BctVwl2xSw+FhYeuIf/
 EB2A3129H59HhbWyNH337+1dfntHfQRXBsT0YSyDxPurI5/FNGcmw+GZEYk4BB8j
 g7TwH3GBjbKnjnr7SnhanqmWgybgQw6oR9gDC399eR4LiOk9sbxpX1MCAQI=
 -----END DH PARAMETERS-----
--- a/installer/etc/nginx/ssl/gen-cert.sh
+++ b/installer/etc/nginx/ssl/gen-cert.sh
@ -0,0 +1,12 @@
 #!/bin/bash
 # Got root?
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
  then
    echo "Need to run as root ..."
    exit
 fi
 openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "nginx.key" -out "nginx.crt" -days 3650
--- a/installer/etc/nginx/ssl/gen-dhparam.sh
+++ b/installer/etc/nginx/ssl/gen-dhparam.sh
@ -0,0 +1,16 @@
 #!/bin/bash
 # Got root?
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
  then
    echo "Need to run as root ..."
    exit
 fi
 if [ "$1" = "2048" ] || [ "$1" = "4096" ] || [ "$1" = "8192" ]
  then 
    openssl dhparam -outform PEM -out dhparam$1.pem $1
  else
    echo "Usage: ./gen-dhparam [2048, 4096, 8192]..."
 fi
--- a/installer/etc/nginx/tpotweb.conf
+++ b/installer/etc/nginx/tpotweb.conf
@ -0,0 +1,156 @@
 ############################################
 ### NGINX T-Pot configuration file by mo ###
 ############################################
 ###################################
 ### Allow for 60 reloads per minute
 ###################################
 limit_req_zone $binary_remote_addr zone=base:1m rate=1r/s;
 server {
    #########################
    ### Basic server settings
    #########################
    listen 64297 ssl http2;
    ssl_protocols TLSv1.2;
    server_name example.com;
    error_page 300 301 302 400 401 402 403 404 500 501 502 503 504 /error.html;
    ##############################################
    ### Remove version number add different header
    ##############################################
    server_tokens off;
    more_set_headers 'Server: apache';
    ##############################################
    ### SSL settings and Cipher Suites
    ##############################################
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE:!SHA:!SHA256';
    ssl_ecdh_curve secp384r1;
    ssl_dhparam /etc/nginx/ssl/dhparam4096.pem;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ####################################
    ### OWASP recommendations / settings
    ####################################
    ### Size Limits & Buffer Overflows 
    ### the size may be configured based on the needs. 
    client_body_buffer_size  100K;
    client_header_buffer_size 1k;
    client_max_body_size 100k;
    large_client_header_buffers 2 1k;
    ### Mitigate Slow HHTP DoS Attack
    ### Timeouts definition ##
    client_body_timeout   10;
    client_header_timeout 10;
    keepalive_timeout     5 5;
    send_timeout          10;
    ### X-Frame-Options is to prevent from clickJacking attack
    add_header X-Frame-Options SAMEORIGIN;
    ### disable content-type sniffing on some browsers.
    add_header X-Content-Type-Options nosniff;
    ### This header enables the Cross-site scripting (XSS) filter
    add_header X-XSS-Protection "1; mode=block";
    ### This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    ##################################
    ### Restrict access and basic auth
    ##################################
    satisfy any;
    allow 127.0.0.1;
    allow ::1;
    deny  all;
    auth_basic           "closed site";
    auth_basic_user_file /etc/nginx/nginxpasswd;
    ##############################
    ### Limit brute-force attempts
    ##############################
    location = / {
      limit_req zone=base burst=1 nodelay;
    }   
    #################
    ### Proxied sites
    #################
    ### Kibana
    location /kibana/ {
        proxy_pass http://localhost:64296;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        rewrite /kibana/(.*)$ /$1 break;
    }
    ### Head plugin
    location /myhead/ {
        proxy_pass http://localhost:64298/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        rewrite /myhead/(.*)$ /$1 break;
    }
    ### ui-for-docker
    location /ui {
        proxy_pass http://localhost:64299;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_redirect off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        rewrite /ui/(.*)$ /$1 break;
    }
    ### web tty
    location /wetty {
       proxy_pass http://127.0.0.1:64300/wetty;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_read_timeout 43200000;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_set_header X-NginX-Proxy true;
    }  
    ### netdata
    location /netdata/ {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:64301;
        proxy_http_version 1.1;
        proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
        rewrite /netdata/(.*)$ /$1 break;
    }
 }
--- a/installer/etc/rc.local
+++ b/installer/etc/rc.local
@ -2,8 +2,10 @@
 # Let's add the first local ip to the /etc/issue and external ip to ews.ip file
 source /etc/environment
 myLOCALIP=$(hostname -I | awk '{ print $1 }')
-myEXTIP=$(curl myexternalip.com/raw)
+myEXTIP=$(curl -s myexternalip.com/raw)
-sed -i "s#IP:.*#IP: $myLOCALIP, $myEXTIP#" /etc/issue
+sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
 sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
 sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
 tee /data/ews/conf/ews.ip << EOF
 [MAIN]
 ip = $myEXTIP
--- a/installer/home/2fa_enable.sh
+++ b/installer/home/2fa_enable.sh
@ -1,43 +0,0 @@
 #!/bin/bash
 ########################################################
 # T-Pot                                                #
 # Two-Factor-Authentication and SSH enable script      #
 #                                                      #
 # v16.10.0 by mo, DTAG, 2016-05-12                     #
 ########################################################
 myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script"
 # Let's ask if the user wants to enable two-factor ...
 dialog --backtitle "$myBACKTITLE" --title "[ Enable 2FA? ]" --yesno "\nDo you want to enable Two-Factor-Authentication based on Google Authenticator for SSH?" 8 70
 my2FA=$?
 # Let's ask if the user wants to enable ssh ...
 dialog --backtitle "$myBACKTITLE" --title "[ Enable SSH? ]" --yesno "\nDo you want to enable the SSH service?" 8 70
 mySSH=$?
 # Enable 2FA
 if [ "$my2FA" = "0" ] && ! [ -f /etc/pam.d/sshd.bak ];
  then
    clear
    sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
    sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
    google-authenticator -t -d -f -r 3 -R 30 -w 21
    echo "2FA enabled. Please press return to continue ..."
    read
  elif [ -f /etc/pam.d/sshd.bak ]
    then
      dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70
 fi
 # Enable SSH
 if [ "$mySSH" = "0" ] && [ "$(systemctl status ssh | grep -o dead)" = "dead" ];
  then
    clear
    sudo systemctl enable ssh
    sudo systemctl start ssh
    dialog --backtitle "$myBACKTITLE" --title "[ SSH enabled ]" --msgbox "\nThe SSH service has been enabled and is now reachable via port tcp/64295. Password authentication is disabled by default." 8 70
  elif [ "$(systemctl status ssh | grep -o dead)" = "" ]
    then
      dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that SSH has already been enabled." 8 70
 fi
--- a/installer/install.sh
+++ b/installer/install.sh
@ -36,6 +36,17 @@ set -e
 exec 2> >(tee "install.err")
 exec > >(tee "install.log")
 # Let's stop and disable ssh, nginx services
 #fuECHO "### Disabling and stopping ssh, nginx services."
 #systemctl disable ssh
 #systemctl stop ssh
 #systemctl disable nginx
 #systemctl stop nginx
 # Let's disable NGINX default website
 fuECHO "### Removing link to NGINX default website."
 rm /etc/nginx/sites-enabled/default
 # Let's setup the proxy for env
 if [ -f $myPROXYFILEPATH ];
 then fuECHO "### Setting up the proxy."
@ -150,9 +161,26 @@ tee -a /etc/ssh/ssh_config <<EOF
 UseRoaming no
 EOF
 # Let's pull some updates
 fuECHO "### Pulling Updates."
 apt-get update -y
 apt-get upgrade -y
 # Let's clean up apt
 apt-get autoclean -y
 apt-get autoremove -y
 # Installing alerta-cli, wetty
 fuECHO "### Installing alerta-cli."
 pip install --upgrade pip
 pip install alerta
 fuECHO "### Installing wetty."
 ln -s /usr/bin/nodejs /usr/bin/node
 npm install git://github.com/t3chn0m4g3/wetty -g
 # Let's install docker
 #fuECHO "### Installing docker-engine."
-#wget -qO- https://test.docker.com/ | sh
+#wget -qO- https://get.docker.com/ | sh
 # Let's add the docker repository
 fuECHO "### Adding the docker repository."
@ -170,7 +198,7 @@ fuECHO "### Installing docker-engine."
 fuECHO "### You can safely ignore the [FAILED] message,"
 fuECHO "### which is caused by a bug in the docker installer."
 #apt-get install docker-engine=1.10.2-0~trusty -y
-apt-get install docker-engine -y || true && sleep 5
+apt-get install docker-engine=1.12.0-0~xenial -y || true && sleep 5
 # Let's add proxy settings to docker defaults
 if [ -f $myPROXYFILEPATH ];
@ -192,7 +220,8 @@ adduser --system --no-create-home --uid 2000 --disabled-password --disabled-logi
 # Let's set the hostname
 fuECHO "### Setting a new hostname."
-myHOST=ce$(date +%s)$RANDOM
+#myHOST=ce$(date +%s)$RANDOM
 myHOST=$(curl -s www.nsanamegenerator.com | html2text | tr A-Z a-z)
 hostnamectl set-hostname $myHOST
 sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts
@ -201,8 +230,12 @@ fuECHO "### Patching sshd_config to listen on port 64295 and deny password authe
 sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config
 sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config
-# Let's disable ssh service
+# Let's allow ssh password authentication from RFC1918 networks
-systemctl disable ssh
+fuECHO "### Allow SSH password authentication from RFC1918 networks"
 tee -a /etc/ssh/sshd_config <<EOF
 Match address 127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
    PasswordAuthentication yes
 EOF
 # Let's patch docker defaults, so we can run images as service
 fuECHO "### Patching docker defaults."
@ -235,20 +268,20 @@ esac
 # Let's load docker images
 fuECHO "### Loading docker images. Please be patient, this may take a while."
-if [ -d /root/tpot/images ];
+#if [ -d /root/tpot/images ];
-  then
+#  then
-    fuECHO "### Found cached images and will load from local."
+#    fuECHO "### Found cached images and will load from local."
-    for name in $(cat /root/tpot/data/images.conf)
+#    for name in $(cat /root/tpot/data/images.conf)
-    do
+#    do
-      fuECHO "### Now loading dtagdevsec/$name:latest1610"
+#      fuECHO "### Now loading dtagdevsec/$name:latest1610"
-      docker load -i /root/tpot/images/$name:latest1610.img
+#      docker load -i /root/tpot/images/$name:latest1610.img
-    done
+#    done
-  else
+#  else
-    for name in $(cat /root/tpot/data/images.conf)
+for name in $(cat /root/tpot/data/images.conf)
-    do
+  do
-      docker pull dtagdevsec/$name:latest1610
+    docker pull dtagdevsec/$name:latest1610
-    done
+  done
-fi
+#fi
 # Let's add the daily update check with a weekly clean interval
 fuECHO "### Modifying update checks."
@ -272,28 +305,28 @@ fuECHO "### Adding cronjobs."
 tee -a /etc/crontab <<EOF
 # Show running containers every 60s via /dev/tty2
-*/2 * * * *   root 	status.sh > /dev/tty2
+#*/2 * * * *   root 	status.sh > /dev/tty2
 # Check if containers and services are up
-*/5 * * * *   root 	check.sh
+*/5 * * * *   root    check.sh
 # Example for alerta-cli IP update
-#*/5 * * * *   root      alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open
+#*/5 * * * *   root   alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open
 # Check if updated images are available and download them
-27 1 * * *    root	for i in \$(cat /data/images.conf); do docker pull dtagdevsec/\$i:latest1610; done
+27 1 * * *    root    for i in \$(cat /data/images.conf); do docker pull dtagdevsec/\$i:latest1610; done
 # Restart docker service and containers
-27 3 * * *    root 	dcres.sh
+27 3 * * *    root    dcres.sh
 # Delete elastic indices older than 90 days (kibana index is omitted by default)
-27 4 * * *    root  docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'
+27 4 * * *    root    docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'
 # Update IP and erase check.lock if it exists
-27 15 * * *   root  /etc/rc.local
+27 15 * * *   root    /etc/rc.local
 # Check for updated packages every sunday, upgrade and reboot
-27 16 * * 0   root  apt-get autoclean -y; apt-get autoremove -y; apt-get update -y; apt-get upgrade -y; sleep 5; reboot
+27 16 * * 0   root    apt-get autoclean -y; apt-get autoremove -y; apt-get update -y; apt-get upgrade -y; sleep 5; reboot
 EOF
 # Let's create some files and folders
@ -313,8 +346,6 @@ chmod 500 /root/tpot/bin/*
 chmod 600 /root/tpot/data/*
 chmod 644 /root/tpot/etc/issue
 chmod 755 /root/tpot/etc/rc.local
 chmod 700 /root/tpot/home/*
 chown tsec:tsec /root/tpot/home/*
 chmod 644 /root/tpot/data/systemd/*
 # Let's copy some files
@ -322,36 +353,27 @@ tar xvfz /root/tpot/data/elkbase.tgz -C /
 cp /root/tpot/data/elkbase.tgz /data/
 cp -R /root/tpot/bin/* /usr/bin/
 cp -R /root/tpot/data/* /data/
-cp /root/tpot/data/systemd/* /etc/systemd/system/
+cp    /root/tpot/data/systemd/* /etc/systemd/system/
-cp -R /root/tpot/etc/issue /etc/
+cp    /root/tpot/etc/issue /etc/
-cp -R /root/tpot/home/* /home/tsec/
+cp -R /root/tpot/etc/nginx/ssl /etc/nginx/
 cp    /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/
 cp    /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys
 cp    /root/tpot/usr/share/nginx/html/* /usr/share/nginx/html/
 for i in $(cat /data/images.conf);
  do
    systemctl enable $i;
 done
 systemctl enable wetty
 # Let's enable T-Pot website
 fuECHO "### Enabling T-Pot website."
 ln -s /etc/nginx/sites-available/tpotweb.conf /etc/nginx/sites-enabled/tpotweb.conf
 # Let's take care of some files and permissions
 chmod 760 -R /data
 chown tpot:tpot -R /data
 chmod 600 /home/tsec/.ssh/authorized_keys
-chown tsec:tsec /home/tsec/*.sh /home/tsec/.ssh /home/tsec/.ssh/authorized_keys
+chown tsec:tsec /home/tsec/.ssh /home/tsec/.ssh/authorized_keys
 # Let's pull some updates
 fuECHO "### Pulling Updates."
 apt-get update -y
 # Installing upgrades
 fuECHO "### Installing Upgrades."
 apt-get upgrade -y
 # Installing alerta-cli
 fuECHO "### Installing alerta-cli."
 pip install alerta
 # Let's clean up apt
 apt-get autoclean -y
 apt-get autoremove -y
 # Let's replace "quiet splash" options, set a console font for more screen canvas and update grub
 sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub
@ -373,15 +395,51 @@ sed -i 's#\#force_color_prompt=yes#force_color_prompt=yes#' /home/tsec/.bashrc
 sed -i 's#\#force_color_prompt=yes#force_color_prompt=yes#' /root/.bashrc
 # Let's create ews.ip before reboot and prevent race condition for first start
 source /etc/environment
 myLOCALIP=$(hostname -I | awk '{ print $1 }')
-myEXTIP=$(curl myexternalip.com/raw)
+myEXTIP=$(curl -s myexternalip.com/raw)
-sed -i "s#IP:.*#IP: $myLOCALIP, $myEXTIP#" /etc/issue
+sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
 sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
 sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
 tee /data/ews/conf/ews.ip << EOF
 [MAIN]
 ip = $myEXTIP
 EOF
 echo $myLOCALIP > /data/elk/logstash/mylocal.ip
 chown tpot:tpot /data/ews/conf/ews.ip
 # Let's ask user for web password
 fuECHO "### Please enter a web user name and password."
 myOK="n"
 myUSER="tsec"
 while [ 1 != 2 ]
  do
    read -p "Username (tsec not allowed): " myUSER
    echo "Your username is: "$myUSER
    read -p "OK (y/n)? " myOK
    if [ "$myOK" = "y" ] && [ "$myUSER" != "tsec" ];
      then
        break
    fi
  done
 myPASS1="pass1"
 myPASS2="pass2"
 while [ "$myPASS1" != "$myPASS2"  ]
  do
    read -s -p "Password: " myPASS1
    echo
    read -s -p "Repeat password: " myPASS2
    echo
  done
 htpasswd -b -c /etc/nginx/nginxpasswd $myUSER $myPASS1
 # Let's generate a SSL certificate
 fuECHO "### Generating a self-signed-certificate for NGINX."
 fuECHO "### If you are unsure you can use the default values."
 mkdir -p /etc/nginx/ssl
 openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "/etc/nginx/ssl/nginx.key" -out "/etc/nginx/ssl/nginx.crt" -days 3650
 # Final steps
 fuECHO "### Thanks for your patience. Now rebooting."
-mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && chage -d 0 tsec && sleep 2 && reboot
+#mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && chage -d 0 tsec && sleep 2 && reboot
 mv /root/tpot/etc/rc.local /etc/rc.local && rm -rf /root/tpot/ && sleep 2 && reboot
--- a/installer/usr/share/nginx/html/error.html
+++ b/installer/usr/share/nginx/html/error.html
--- a/installer/usr/share/nginx/html/favicon.ico
+++ b/installer/usr/share/nginx/html/favicon.ico
--- a/installer/usr/share/nginx/html/index.html
+++ b/installer/usr/share/nginx/html/index.html
@ -0,0 +1,24 @@
 <!DOCTYPE html>
 <html lang="en_US">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>T-Pot</title>
  </head>
  <link href="style.css" rel="stylesheet" type="text/css"/>
  <body>
    <section>
      <div class="vertical-align">
    	<p class="vertical-align center">
 	  <a href="/kibana/" target="_blank" class="btn">Kibana</a>
 	  <a href="/myhead/_plugin/head/" target="_blank" class="btn">Head</a>
 	  <a href="/ui/" target="_blank" class="btn">Docker</a>
 	  <a href="/wetty/ssh/tsec" target="_blank" class="btn">Console</a>
 	  <a href="/netdata/" target="_blank" class="btn">Metrics</a>
        </p>
      </div>
    </section>
  </body>
 </html>
--- a/installer/usr/share/nginx/html/style.css
+++ b/installer/usr/share/nginx/html/style.css
@ -0,0 +1,45 @@
 .btn {
  -webkit-border-radius: 0;
  -moz-border-radius: 0;
  border-radius: 0px;
  font-family: Arial;
  color: #ffffff;
  font-size: 20px;
  background: #E20074;
  padding: 10px 20px 10px 20px;
  text-decoration: none;
 }
 .btn:hover {
  background: #c2c2c2;
  text-decoration: none;
 }
 .vertical-align {
  position: relative;
  top: 50%;
  	-webkit-transform: translateY(-50%);
  	-ms-transform: translateY(-50%);
  	transform: translateY(-50%);
 }
 .center {
  margin: 0 auto;
  text-align: center;
 }
 .modal {
  background-color: #fff;
  border: 5px solid #333;
  width: 450px;
  height: 300px;
 }
 section {
  display: block;
  margin: 0 auto 1em;
  position: absolute;
  top: 0;
  left: 0;
  right: 0;
  bottom: 0;
  height: 100%;
 }
--- a/preseed/tpot.seed
+++ b/preseed/tpot.seed
@ -63,7 +63,7 @@ d-i passwd/root-login boolean false
 d-i passwd/make-user boolean true
 d-i passwd/user-fullname string tsec
 d-i passwd/username string tsec
-d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71
+#d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71
 d-i user-setup/encrypt-home boolean false
 ########################################
@ -100,7 +100,7 @@ tasksel tasksel/first multiselect ubuntu-server
 ########################
 ### Package Installation
 ########################
-d-i pkgsel/include string aufs-tools apparmor apt-transport-https bash-completion ca-certificates cgroupfs-mount curl dialog dstat ethtool genisoimage git htop iptables iw libpam-google-authenticator libltdl7 lm-sensors ntp openssh-server syslinux pv python-pip vim wireless-tools wpasupplicant
+d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dstat ethtool genisoimage git html2text htop iptables iw libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant
 #################
 ### Update Policy
		`@ -0,0 +1,2 @@`
							`#/bin/bash`
							`docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -f status=running -f status=exited \| GREP_COLORS='mt=01;35' egrep --color=always "(^[_a-z-]+ \|$)\|$" \| GREP_COLORS='mt=01;32' egrep --color=always "(Up[ 0-9a-Z ]+ \|$)\|$" \| GREP_COLORS='mt=01;31' egrep --color=always "(Exited[ \(0-9\) ]+ [0-9a-Z ]+ ago\|$)\|$"`