diff --git a/.env b/.env index 6f6098d7..3f589309 100644 --- a/.env +++ b/.env @@ -7,7 +7,7 @@ # Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd. # : This is the default # : -# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot +# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot, run 'install.sh' or 'genuser.sh' if you just want to add a web user. # Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= # Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= # Multiple users are possible: diff --git a/docker/tpotinit/Dockerfile b/docker/tpotinit/Dockerfile index 7b06c051..c50e464d 100644 --- a/docker/tpotinit/Dockerfile +++ b/docker/tpotinit/Dockerfile @@ -10,6 +10,7 @@ RUN apk --no-cache -U add \ bash \ bind-tools \ conntrack-tools \ + cracklib \ curl \ ethtool \ figlet \ diff --git a/docker/tpotinit/dist/bin/genuser.sh b/docker/tpotinit/dist/bin/genuser.sh new file mode 100755 index 00000000..ed392f70 --- /dev/null +++ b/docker/tpotinit/dist/bin/genuser.sh @@ -0,0 +1,115 @@ +#!/usr/bin/env bash +myTPOT_CONF_FILE=/data/.env + +# Read WEB_USER from file +WEB_USER=$(grep "^WEB_USER=" "${myTPOT_CONF_FILE}" | sed 's/^WEB_USER=//g' | tr -d "\"'") + +myPW=$(cat << "EOF" +__ __ _ _ _ [ T-Pot ] +\ \ / /__| |__ | | | |___ ___ _ __ + \ \ /\ / / _ \ '_ \| | | / __|/ _ \ '__| + \ V V / __/ |_) | |_| \__ \ __/ | + \_/\_/ \___|_.__/ \___/|___/\___|_| +EOF +) + +# Generate T-Pot WebUser +echo "$myPW" +echo +echo "### This script will ask for and create T-Pot web users." +echo + +# Preparing web user for T-Pot +echo +echo "### T-Pot User Configuration ..." +echo +# Asking for web user name +myWEB_USER="" +while [ 1 != 2 ]; + do + myOK="" + read -rp "### Enter your web user name: " myWEB_USER + myWEB_USER=$(echo $myWEB_USER | tr -cd "[:alnum:]_.-") + echo "### Your username is: ${myWEB_USER}" + while [[ ! "${myOK}" =~ [YyNn] ]]; + do + read -rp "### Is this correct? (y/n) " myOK + done + if [[ "${myOK}" =~ [Yy] ]] && [ "$myWEB_USER" != "" ]; + then + break + else + echo + fi + done + +# Asking for web user password +myWEB_PW="pass1" +myWEB_PW2="pass2" +mySECURE=0 +myOK="" +while [ "${myWEB_PW}" != "${myWEB_PW2}" ] && [ "${mySECURE}" == "0" ] + do + echo + while [ "${myWEB_PW}" == "pass1" ] || [ "${myWEB_PW}" == "" ] + do + read -rsp "### Enter password for your web user: " myWEB_PW + echo + done + read -rsp "### Repeat password you your web user: " myWEB_PW2 + echo + if [ "${myWEB_PW}" != "${myWEB_PW2}" ]; + then + echo "### Passwords do not match." + myWEB_PW="pass1" + myWEB_PW2="pass2" + fi + mySECURE=$(printf "%s" "$myWEB_PW" | /usr/sbin/cracklib-check | grep -c "OK") + if [ "$mySECURE" == "0" ] && [ "$myWEB_PW" == "$myWEB_PW2" ]; + then + while [[ ! "${myOK}" =~ [YyNn] ]]; + do + read -rp "### Keep insecure password? (y/n) " myOK + done + if [[ "${myOK}" =~ [Nn] ]] || [ "$myWEB_PW" == "" ]; + then + myWEB_PW="pass1" + myWEB_PW2="pass2" + mySECURE=0 + myOK="" + fi + fi +done + +# Write username and password to T-Pot config file +echo "### Creating base64 encoded htpasswd username and password for T-Pot config file: ${myTPOT_CONF_FILE}" +myWEB_USER_ENC=$(htpasswd -b -n "${myWEB_USER}" "${myWEB_PW}") +myWEB_USER_ENC_B64=$(echo -n "${myWEB_USER_ENC}" | base64 -w0) + +# Add the new web user +if [ "${WEB_USER}" == "" ]; + then + WEB_USER="${myWEB_USER_ENC_B64}" + else + WEB_USER="${WEB_USER} ${myWEB_USER_ENC_B64}" +fi +sed -i "s|^WEB_USER=.*|WEB_USER=${WEB_USER}|" ${myTPOT_CONF_FILE} + +# Done +echo +echo "### The following users are now configured in the .env:" +echo +for i in ${WEB_USER}; + do + if [[ -n $i ]]; + then + # Need to control newlines as they kept coming up for some reason + echo -n "$i" | base64 -d -w0 | tr -d '\n'; echo -n " => [$i]"; + echo + fi + done +echo +echo "### You can remove them by opening the .env and adjust the WEB_USER entry." +echo +echo "### Done." +echo diff --git a/docker/tpotinit/dist/entrypoint.sh b/docker/tpotinit/dist/entrypoint.sh index ad379fdf..9b46cf06 100755 --- a/docker/tpotinit/dist/entrypoint.sh +++ b/docker/tpotinit/dist/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash COMPOSE="/tmp/tpot/docker-compose.yml" exec > >(tee /data/tpotinit.log) 2>&1 diff --git a/env.example b/env.example index 6f6098d7..3f589309 100644 --- a/env.example +++ b/env.example @@ -7,7 +7,7 @@ # Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd. # : This is the default # : -# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot +# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot, run 'install.sh' or 'genuser.sh' if you just want to add a web user. # Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= # Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= # Multiple users are possible: diff --git a/genuser.sh b/genuser.sh new file mode 100755 index 00000000..f792ad9e --- /dev/null +++ b/genuser.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +docker run -v $PWD:/data --entrypoint bash -it -u $(id -u):$(id -g) dtagdevsec/tpotinit:alpha "/opt/tpot/bin/genuser.sh" diff --git a/install.sh b/install.sh index 42e477bb..51a3f054 100755 --- a/install.sh +++ b/install.sh @@ -1,4 +1,4 @@ -#/usr/bin/env bash +#!/usr/bin/env bash myINSTALL_NOTIFICATION="### Now installing required packages ..." myUSER=$(whoami) @@ -257,7 +257,7 @@ if [ "${myTPOT_TYPE}" == "HIVE" ]; myWEB_USER_ENC_B64=$(echo -n "${myWEB_USER_ENC}" | base64 -w0) echo - sed -i "s|^WEB_USER=.*|WEB_USER='${myWEB_USER_ENC_B64}'|" ${myTPOT_CONF_FILE} + sed -i "s|^WEB_USER=.*|WEB_USER=${myWEB_USER_ENC_B64}|" ${myTPOT_CONF_FILE} # Install T-Pot Type HIVE and use standard.yml for installation cp ${HOME}/tpotce/compose/standard.yml ${HOME}/tpotce/docker-compose.yml