diff --git a/README.md b/README.md index 0f0041fd..e6dfe61b 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ The image can then be used to install T-Pot on a physical or virtual machine. cd tpotce 2. Invoke the script that builds the ISO image. -The script will download and install dependecies necessary to build the image on the invoking machine. It will further download the ubuntu base image (~600MB) which T-Pot is based on. +The script will download and install dependencies necessary to build the image on the invoking machine. It will further download the ubuntu base image (~600MB) which T-Pot is based on. sudo ./makeiso.sh @@ -38,7 +38,7 @@ When installing the T-Pot ISO image, make sure the target system (physical/virtu ### Sensor Installation (Cowrie, Dionaea, ElasticPot, Glastopf, Honeytrap) This installation type is currently only available via ISO Creator. When installing the T-Pot ISO image, make sure the target system (physical/virtual) meets the following minimum requirements: -- 3 GB RAM (4-6 GB recommended) +- 3 GB RAM (4-6 GB recommended) - 64 GB disk (64 GB SSD recommended) - Network via DHCP - A working internet connection @@ -66,7 +66,7 @@ Once the installation is finished, the system will automatically reboot and you You will need to set a new password after first login. -All honeypot services are started automatically. +All honeypot services are started automatically. # T-Pot Dashboard diff --git a/getimages.sh b/getimages.sh index 2418f903..ff701301 100755 --- a/getimages.sh +++ b/getimages.sh @@ -4,11 +4,11 @@ # T-Pot # # Export docker images maker # # # -# v0.02 by mo, DTAG, 2016-02-22 # +# v16.03.1 by mo, DTAG, 2016-03-09 # ######################################################## # This feature is experimental and requires at least docker 1.7! -# Using any docker version < 1.7 may result in a unusable installation +# Using any docker version < 1.7 may result in a unusable T-Pot installation # This script will download the docker images and export them to the folder "images". # When building the .iso image the preloaded docker images will be exported to the .iso which diff --git a/installer/bin/backup_elk.sh b/installer/bin/backup_elk.sh index 695f8d9c..29d4b325 100755 --- a/installer/bin/backup_elk.sh +++ b/installer/bin/backup_elk.sh @@ -4,7 +4,7 @@ # T-Pot # # ELK DB backup script # # # -# v0.01 by mo, DTAG, 2016-02-12 # +# v16.03.1 by mo, DTAG, 2016-03-09 # ######################################################## myCOUNT=1 myDATE=$(date +%Y%m%d%H%M) @@ -43,13 +43,12 @@ sleep 10 # Backup DB in 2 flavors echo "Now backing up Elasticsearch data ..." -tar cvfz $myBACKUPPATH"$myDATE"_elkall.tgz $myELKPATH +tar cvfz $myBACKUPPATH"$myDATE"_elkall.tgz $myELKPATH rm -rf "$myELKPATH"log/* rm -rf "$myELKPATH"data/elasticsearch/nodes/0/indices/logstash* tar cvfz $myBACKUPPATH"$myDATE"_elkbase.tgz $myELKPATH rm -rf $myELKPATH -tar xvfz $myBACKUPPATH"$myDATE"_elkall.tgz -C / -#tar xvfz $myBACKUPPATH"$myDATE"_elkbase.tgz -C / +tar xvfz $myBACKUPPATH"$myDATE"_elkall.tgz -C / chmod 760 -R $myELKPATH chown tpot:tpot -R $myELKPATH @@ -59,4 +58,3 @@ echo "Now starting up ELK ..." # Allow checks to resume rm /var/run/check.lock - diff --git a/installer/bin/check.sh b/installer/bin/check.sh index 4c601dc4..8397ccb6 100755 --- a/installer/bin/check.sh +++ b/installer/bin/check.sh @@ -4,10 +4,10 @@ # T-Pot # # Check container and services script # # # -# v0.03 by mo, DTAG, 2016-02-12 # +# v16.03.1 by mo, DTAG, 2016-03-09 # ######################################################## if [ -a /var/run/check.lock ]; - then + then echo "Lock exists. Exiting now." exit fi @@ -34,5 +34,5 @@ for i in $myIMAGES service $i start fi done - + rm /var/run/check.lock diff --git a/installer/bin/dcres.sh b/installer/bin/dcres.sh index e824263f..364fa92e 100755 --- a/installer/bin/dcres.sh +++ b/installer/bin/dcres.sh @@ -4,7 +4,7 @@ # T-Pot # # Container and services restart script # # # -# v0.04 by mo, DTAG, 2016-02-12 # +# v16.03.1 by mo, DTAG, 2016-03-09 # ######################################################## myCOUNT=1 @@ -40,7 +40,7 @@ if [ $myUPTIME -gt 4 ]; do service $i stop done - echo "Waiting 10 seconds before restarting docker ..." + echo "### Waiting 10 seconds before restarting docker ..." sleep 10 iptables -w -F service docker restart @@ -56,25 +56,21 @@ if [ $myUPTIME -gt 4 ]; fi sleep 0.1 done - echo "Docker is now up and running again." - echo "Removing obsolete container data ..." + echo "### Docker is now up and running again." + echo "### Removing obsolete container data ..." docker rm -v $(docker ps -aq) - echo "Removing obsolete image data ..." + echo "### Removing obsolete image data ..." docker rmi $(docker images | grep "^" | awk '{print $3}') - echo "Starting T-Pot services ..." + echo "### Starting T-Pot services ..." for i in $myIMAGES do service $i start done sleep 5 - else - echo "T-Pot needs to be up and running for at least 5 minutes." + else + echo "### T-Pot needs to be up and running for at least 5 minutes." fi rm /var/run/check.lock /etc/rc.local - -echo "Done. Now running status.sh" -/usr/bin/status.sh - diff --git a/installer/bin/status.sh b/installer/bin/status.sh index e6ab3e0c..6f98ae90 100755 --- a/installer/bin/status.sh +++ b/installer/bin/status.sh @@ -4,7 +4,7 @@ # T-Pot # # Container and services status script # # # -# v0.05 by mo, DTAG, 2016-02-12 # +# v16.03.1 by mo, DTAG, 2016-03-09 # ######################################################## myCOUNT=1 diff --git a/installer/bin/update-images.sh b/installer/bin/update-images.sh index dfbbfa2e..34f456fd 100755 --- a/installer/bin/update-images.sh +++ b/installer/bin/update-images.sh @@ -4,7 +4,7 @@ # T-Pot # # Only start the containers found in /etc/init/ # # # -# v0.03 by mo, DTAG, 2016-02-12 # +# v16.03.1 by mo, DTAG, 2016-03-09 # ######################################################## # Make sure not to interrupt a check @@ -40,7 +40,7 @@ done # Setup only T-Pot upstart scripts from images.conf and pull the images for i in $(cat /data/images.conf); - do + do docker pull dtagdevsec/$i:latest1603; cp /data/upstart/"$i".conf /etc/init/; done @@ -49,8 +49,8 @@ done rm /var/run/check.lock # Announce reboot -echo "Rebooting in 5 seconds for the changes to take effect." -sleep 5 +echo "### Rebooting in 60 seconds for the changes to take effect." +sleep 60 # Reboot reboot diff --git a/installer/home/2fa_enable.sh b/installer/home/2fa_enable.sh index 796739c2..4646b3c6 100755 --- a/installer/home/2fa_enable.sh +++ b/installer/home/2fa_enable.sh @@ -4,7 +4,7 @@ # T-Pot # # Two-Factor-Authentication and SSH enable script # # # -# v16.03.1 by mo, DTAG, 2016-03-07 # +# v16.03.2 by mo, DTAG, 2016-03-09 # ######################################################## myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script" @@ -18,7 +18,7 @@ dialog --backtitle "$myBACKTITLE" --title "[ Enable SSH? ]" --yesno "\nDo you wa mySSH=$? # Enable 2FA -if [ $my2FA == 0 ] && ! [ -f /etc/pam.d/sshd.bak ]; +if [ "$my2FA" = "0" ] && ! [ -f /etc/pam.d/sshd.bak ]; then clear sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd @@ -27,12 +27,12 @@ if [ $my2FA == 0 ] && ! [ -f /etc/pam.d/sshd.bak ]; echo "2FA enabled. Please press return to continue ..." read elif [ -f /etc/pam.d/sshd.bak ] - then - dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70 + then + dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70 fi # Enable SSH -if [ $mySSH == 0 ] && [ -f /etc/init/ssh.override ]; +if [ "$mySSH" = "0" ] && [ -f /etc/init/ssh.override ]; then clear sudo rm /etc/init/ssh.override