update docs

Committer: t3chn0m4g3 <t3chn0m4g3@gmail.com>

README.md

@@ -1,6 +1,6 @@
-# T-Pot 18.11
+# T-Pot 19.03
 
-T-Pot 18.11 runs on the latest 18.04.x LTS Ubuntu Server Network Installer image, is based on
+T-Pot 19.03 runs on Debian (Sid), is based heavily on
 
 [docker](https://www.docker.com/), [docker-compose](https://docs.docker.com/compose/)
 
@@ -70,55 +70,21 @@ Furthermore we use the following tools
 - [Fun Fact](#funfact)
 
 <a name="changelog"></a>
-# Changelog
-- **New honeypots**
-  - *Adbhoney* Low interaction honeypot designed for Android Debug Bridge over TCP/IP.
-  - *Ciscoasa* a low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
-  - *Glutton* (NextGen) is the all eating honeypot
-  - *Heralding* a credentials catching honeypot.
-  - *Medpot* is a HL7 / FHIR honeypot.
-  - *Snare* is a web application honeypot sensor, is the successor of Glastopf. SNARE has feature parity with Glastopf and allows to convert existing web pages into attack surfaces.
-  - *Tanner* is SNARES' "brain". Every event is send from SNARE to TANNER, gets evaluated and TANNER decides how SNARE should respond to the client. This allows us to change the behaviour of many sensors on the fly. We are providing a TANNER instance for your use, but there is nothing stopping you from setting up your own instance.
-- **New tools**
-  - *Cockpit* is an interactive server admin interface. It is easy to use and very lightweight. Cockpit interacts directly with the operating system from a real Linux session in a browser.
-  - *Cyberchef* is the Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
-  - *grc* (commandline) is yet another colouriser (written in python) for beautifying your logfiles or output of commands.
-  - *multitail* (commandline) allows you to monitor logfiles and command output in multiple windows in a terminal, colorize, filter and merge.
-  - *tped.sh* (commandline) allows you to switch between T-Pot Editions after installation.
+# Release Notes
+- **Move from Ubuntu 18.04 to Debian (Sid)**
+  - For almost 5 years Ubuntu LTS versions were our distributions of choice. Last year we made a design choice for T-Pot to be closer to a rolling release model and thus allowing us to issue smaller changes and releases in a more timely manner. The distribution of choice is Debian (Sid / unstable) which will provide us with the latest advancements in a Debian based distribution.
+- **Docker images will keep the 1811 tag**
+  - The docker images will keep the 1811 tag.
 - **Deprecated tools**
-  - *Netdata*, *Portainer* and *WeTTY* were superseded by *Cockpit* which is much more lightweight, perfectly well integrated into Ubuntu 18.04 LTS and of course comes with the same but a more basic feature set.
-- **New Standard Installation**
-  - The new standard installation is now running a whopping *14* honeypot instances.
-- **T-Pot Universal Installer**
-  - The T-Pot installer now also includes the option to install on a existing machine, the T-Pot-Autoinstaller is no longer necessary.
-- **Tighten Security**
-  - The docker containers are now running mostly with a read-only file system
-  - If possible using `setcap` to start daemons without root or dropping privileges
-  - Introducing `fail2ban` to ease up on `authorized_keys` requirement which is no longer necessary for `SSH`. Also to further prevent brute-force attacks on `Cockpit` and `NGINX` allowing for faster load times of the WebUI.
-- **Iptables exceptions for NFQ based honeypots**
-  - In previous versions `iptables`had manually be maintained, now a a script parses `/opt/tpot/etc/tpot.yml` and extracts port information to automatically generate exceptions for ports that should not be forwarded to NFQ.
-- **CI**
-  - The Kibana UI now uses a magenta theme.
-- **ES HEAD**
-  - A Java Script now automatically enters the correct FQDN / IP. A manual step is no longer required.
-- **ELK STACK**
-  - The ELK Stack was updated to the latest 6.x versions.
-  - This also means you can now expect the availability of basic *X-Pack-Feaures*, the full feature set however is only available to users with a valid license.
-- **Dashboards Makeover**
-  - Because Kibana 6.x introduced so much whitespace the dashboards and some of the visualizations needed some overhaul. While it probably needs some getting used to the key was to focus on displaying as much information while not compromising on clarity.  
-  - Because of the new honeypots we now more than **200 Visualizations** pre-configured and compiled to 16 individual **Kibana Dashboards**. Monitor all *honeypot events* locally on your T-Pot installation. Aside from *honeypot events* you can also view *Suricata NSM and NGINX* events for a quick overview of wire events.
-- **Honeypot updates and improvements**
-  - All honeypots were updated to their latest stable versions.
-  - Docker images were mostly overhauled to tighten security even further
-  - Some of the honeypot configurations were modified to keep things fresh
+  - *ctop* will no longer be part of T-Pot.
 - **Update Feature**
   - For the ones who like to live on the bleeding edge of T-Pot development there is now a update script available in `/opt/tpot/update.sh`.
-  - This feature is now in beta and is mostly intended to provide you with the latest development advances without the need of reinstalling T-Pot.
+  - This feature is beta and is mostly intended to provide you with the latest development advances without the need of reinstalling T-Pot.
 
 <a name="concept"></a>
 # Technical Concept
 
-T-Pot is based on the network installer of Ubuntu Server 18.04.x LTS.
+T-Pot is based on the network installer Debian (Stretch). During installation the whole system will be updated to Debian (Sid).
 The honeypot daemons as well as other support components being used have been containerized using [docker](http://docker.io).
 This allows us to run multiple honeypot daemons on the same network interface while maintaining a small footprint and constrain each honeypot within its own environment.
 
@@ -151,7 +117,7 @@ In T-Pot we combine the dockerized honeypots ...
 
 ![Architecture](doc/architecture.png)
 
-While data within docker containers is volatile we do now ensure a default 30 day persistence of all relevant honeypot and tool data in the well known `/data` folder and sub-folders. The persistence configuration may be adjusted in `/opt/tpot/etc/logrotate/logrotate.conf`. Once a docker container crashes, all other data produced within its environment is erased and a fresh instance is started from the corresponding docker image.<br>
+While data within docker containers is volatile we do ensure a default 30 day persistence of all relevant honeypot and tool data in the well known `/data` folder and sub-folders. The persistence configuration may be adjusted in `/opt/tpot/etc/logrotate/logrotate.conf`. Once a docker container crashes, all other data produced within its environment is erased and a fresh instance is started from the corresponding docker image.<br>
 
 Basically, what happens when the system is booted up is the following:
 
@@ -227,7 +193,7 @@ Depending on your installation type, whether you install on [real hardware](#har
 # Installation
 The installation of T-Pot is straight forward and heavily depends on a working, transparent and non-proxied up and running internet connection. Otherwise the installation **will fail!**
 
-Firstly, decide if you want to download our prebuilt installation ISO image from [GitHub](https://github.com/dtag-dev-sec/tpotce/releases), [create it yourself](#createiso) ***or*** [post-install on a existing Ubuntu Server 18.04 LTS](#postinstall).
+Firstly, decide if you want to download our prebuilt installation ISO image from [GitHub](https://github.com/dtag-dev-sec/tpotce/releases), [create it yourself](#createiso) ***or*** [post-install on an existing Debian 9.7 (Stretch)](#postinstall).
 
 Secondly, decide where you want to let the system run: [real hardware](#hardware) or in a [virtual machine](#vm)?
 
@@ -241,7 +207,7 @@ You can download the prebuilt installation image from [GitHub](https://github.co
 For transparency reasons and to give you the ability to customize your install, we provide you the [ISO Creator](https://github.com/dtag-dev-sec/tpotce) that enables you to create your own ISO installation image.
 
 **Requirements to create the ISO image:**
-- Ubuntu 18.04 LTS or newer as host system (others *may* work, but *remain* untested)
+- Debian 9.7 or newer as host system (others *may* work, but *remain* untested)
 - 4GB of free memory  
 - 32GB of free storage
 - A working internet connection
@@ -284,17 +250,17 @@ If you decide to run T-Pot on dedicated hardware, just follow these steps:
 Whereas most CD burning tools allow you to burn from ISO images, the procedure to create a bootable USB stick from an ISO image depends on your system. There are various Windows GUI tools available, e.g. [this tip](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows) might help you.<br> On [Linux](http://askubuntu.com/questions/59551/how-to-burn-a-iso-to-a-usb-device) or [MacOS](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-mac-osx) you can use the tool *dd* or create the USB stick with T-Pot's [ISO Creator](https://github.com/dtag-dev-sec).
 2. Boot from the USB stick and install.
 
-*Please note*: We will ensure the compatibility with the Intel NUC platform, as we really like the form factor, looks and build quality. Other platforms **remain untested**.
+*Please note*: While we are performing limited tests with the Intel NUC platform other hardware platforms **remain untested**. We can not provide hardware support of any kind.
 
 <a name="postinstall"></a>
 ## Post-Install User
-In some cases it is necessary to install Ubuntu Server 18.04 LTS on your own:
+In some cases it is necessary to install Debian 9.7 (Stretch) on your own:
  - Cloud provider does not offer mounting ISO images.
  - Hardware setup needs special drivers and / or kernels.
  - Within your company you have to setup special policies, software etc.
  - You just like to stay on top of things.
 
-While the T-Pot-Autoinstaller served us perfectly well in the past we decided to include the feature directly into T-Pot and its Universal Installer.
+The T-Pot Universal Installer will upgrade the system to Debian (Sid) and install all required T-Pot dependencies.
 
 Just follow these steps:
 
@@ -344,7 +310,7 @@ You can also login from your browser and access the Web UI: `https://<your.ip>:6
 
 <a name="placement"></a>
 # System Placement
-Make sure your system is reachable through the internet. Otherwise it will not capture any attacks, other than the ones from your  internal network! We recommend you put it in an unfiltered zone, where all TCP and UDP traffic is forwarded to T-Pot's network interface. However to avoid fingerprinting you can put T-Pot behind a firewall and forward all TCP / UDP traffic in the port range of 1-64000 to T-Pot while allowing access to ports > 64000 only from trusted IPs.
+Make sure your system is reachable through a network you suspect intruders in / from (i.e. the internet). Otherwise T-Pot will most likely not capture any attacks, other than the ones from your  internal network! We recommend you put it in an unfiltered zone, where all TCP and UDP traffic is forwarded to T-Pot's network interface. However to avoid fingerprinting you can put T-Pot behind a firewall and forward all TCP / UDP traffic in the port range of 1-64000 to T-Pot while allowing access to ports > 64000 only from trusted IPs.
 
 A list of all relevant ports is available as part of the [Technical Concept](#concept)
 <br>
@@ -355,7 +321,7 @@ In case you need external Admin UI access, forward TCP port 64294 to T-Pot, see
 In case you need external SSH access, forward TCP port 64295 to T-Pot, see below.
 In case you need external Web UI access, forward TCP port 64297 to T-Pot, see below.
 
-T-Pot requires outgoing git, http, https connections for updates (Ubuntu, Docker, GitHub, PyPi) and attack submission (ewsposter, hpfeeds). Ports and availability may vary based on your geographical location.
+T-Pot requires outgoing git, http, https connections for updates (Debian, Docker, GitHub, PyPi) and attack submission (ewsposter, hpfeeds). Ports and availability may vary based on your geographical location.
 
 <a name="updates"></a>
 # Updates
@@ -363,10 +329,9 @@ For the ones of you who want to live on the bleeding edge of T-Pot development w
 **If you made any relevant changes to the T-Pot relevant config files make sure to create a backup first.**
 - The Update script will
  - **merciless** overwrite local changes to be in sync with the T-Pot master branch
- - upgrade the system to the latest kernel within Ubuntu 18.04.x LTS
- - upgrade the system to the latest packages available within Ubuntu 18.04.x LTS
- - update all resources to be en par with the T-Pot master branch
- - ensure all T-Pot relevant system files will be patched / copied into original T-Pot state
+ - upgrade the system to the packages available in Debian (Sid)
+ - update all resources to be in-sync with the T-Pot master branch
+ - ensure all T-Pot relevant system files will be patched / copied into the original T-Pot state
 
 You simply run the update script:
 ```
@@ -482,12 +447,12 @@ The software that T-Pot is built on uses the following licenses.
 <br>GPLv2: [conpot)](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](http://suricata-ids.org/about/open-source/)
 <br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://github.com/schmalle/ElasticPot), [ewsposter](https://github.com/dtag-dev-sec/ews/), [glastopf](https://github.com/glastopf/glastopf/blob/master/GPL), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
 <br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE)
-<br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [ctop](https://github.com/bcicen/ctop/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE)
-<br> Other: [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Ubuntu licensing](http://www.ubuntu.com/about/about-ubuntu/licensing)
+<br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE)
+<br> Other: [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/)
 
 <a name="credits"></a>
 # Credits
-Without open source and the fruitful development community we are proud to be a part of, T-Pot would not have been possible! Our thanks are extended but not limited to the following people and organizations:
+Without open source and the fruitful development community (we are proud to be a part of), T-Pot would not have been possible! Our thanks are extended but not limited to the following people and organizations:
 
 ### The developers and development communities of
 
@@ -519,7 +484,7 @@ Without open source and the fruitful development community we are proud to be a
 * [ubuntu](http://www.ubuntu.com/)
 
 ### The following companies and organizations
-* [canonical](http://www.canonical.com/)
+* [debian](https://www.debian.org/)
 * [docker](https://www.docker.com/)
 * [elastic.io](https://www.elastic.co/)
 * [honeynet project](https://www.honeynet.org/)
@@ -534,4 +499,4 @@ We will be releasing a new version of T-Pot about every 6-12 months.
 <a name="funfact"></a>
 # Fun Fact
 
-In an effort of saving the environment we are now brewing our own Mate Ice Tea and consumed 241 liters so far for the T-Pot 18.11 development 😇
+In an effort of saving the environment we are now brewing our own Mate Ice Tea and consumed 57 liters so far for the T-Pot 19.03 development 😇

bin/dps.sh

@@ -9,7 +9,7 @@ myWHITE=""
 myMAGENTA=""
 
 function fuGETSTATUS {
-grc docker ps -f status=running -f status=exited --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep -v "NAME" | sort
+grc --colour=on docker ps -f status=running -f status=exited --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep -v "NAME" | sort
 }
 
 function fuGETSYS {

bin/updateip.sh

@@ -9,10 +9,18 @@ if [ "$myEXTIP" = "" ];
     myEXTIP=$myLOCALIP
 fi
 mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1)
-sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
-sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
-sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
-sed -i "s#ADMIN:.*#ADMIN: https://$myLOCALIP:64294#" /etc/issue
+echo "" > /etc/issue
+toilet -f ivrit -F metal --filter border:metal "T-Pot   19.03" | sed 's/\\/\\\\/g' >> /etc/issue
+echo >> /etc/issue
+echo ",---- [ \n ] [ \d ] [ \t ]" >> /etc/issue
+echo "|" >> /etc/issue
+echo "| IP: $myLOCALIP ($myEXTIP)" >> /etc/issue
+echo "| SSH: ssh -l tsec -p 64295 $myLOCALIP" >> /etc/issue 
+echo "| WEB: https://$myLOCALIP:64297" >> /etc/issue
+echo "| ADMIN: https://$myLOCALIP:64294" >> /etc/issue
+echo "|" >> /etc/issue
+echo "\`----" >> /etc/issue
+echo >> /etc/issue
 tee /data/ews/conf/ews.ip << EOF
 [MAIN]
 ip = $myEXTIP

docker/ews/Dockerfile

@@ -8,7 +8,7 @@ RUN apk -U --no-cache add \
             build-base \
             git \
             libffi-dev \
-            libssl1.0 \
+            libssl1.1 \
             openssl-dev \
             python-dev \
             py-cffi \
@@ -20,7 +20,7 @@ RUN apk -U --no-cache add \
             py-requests \
             py-setuptools && \
     pip install --no-cache-dir -U pip && \
-    pip install --no-cache-dir pyOpenSSL && \
+    pip install --no-use-pep517 --no-cache-dir pyOpenSSL && \
 
 # Setup ewsposter
     git clone --depth=1 https://github.com/rep/hpfeeds /opt/hpfeeds && \

host/etc/dialogrc

@@ -1,144 +0,0 @@
-#
-# Run-time configuration file for dialog
-#
-# Automatically generated by "dialog --create-rc <file>"
-#
-#
-# Types of values:
-#
-# Number     -  <number>
-# String     -  "string"
-# Boolean    -  <ON|OFF>
-# Attribute  -  (foreground,background,highlight?)
-
-# Set aspect-ration.
-aspect = 0
-
-# Set separator (for multiple widgets output).
-separate_widget = ""
-
-# Set tab-length (for textbox tab-conversion).
-tab_len = 0
-
-# Make tab-traversal for checklist, etc., include the list.
-visit_items = OFF
-
-# Shadow dialog boxes? This also turns on color.
-use_shadow = ON
-
-# Turn color support ON or OFF
-use_colors = ON
-
-# Screen color
-screen_color = (WHITE,MAGENTA,ON)
-
-# Shadow color
-shadow_color = (BLACK,BLACK,ON)
-
-# Dialog box color
-dialog_color = (BLACK,WHITE,OFF)
-
-# Dialog box title color
-title_color = (MAGENTA,WHITE,OFF)
-
-# Dialog box border color
-border_color = (WHITE,WHITE,ON)
-
-# Active button color
-button_active_color = (WHITE,MAGENTA,OFF)
-
-# Inactive button color
-button_inactive_color = dialog_color
-
-# Active button key color
-button_key_active_color = button_active_color
-
-# Inactive button key color
-button_key_inactive_color = (RED,WHITE,OFF)
-
-# Active button label color
-button_label_active_color = (YELLOW,MAGENTA,ON)
-
-# Inactive button label color
-button_label_inactive_color = (BLACK,WHITE,OFF)
-
-# Input box color
-inputbox_color = dialog_color
-
-# Input box border color
-inputbox_border_color = dialog_color
-
-# Search box color
-searchbox_color = dialog_color
-
-# Search box title color
-searchbox_title_color = title_color
-
-# Search box border color
-searchbox_border_color = border_color
-
-# File position indicator color
-position_indicator_color = title_color
-
-# Menu box color
-menubox_color = dialog_color
-
-# Menu box border color
-menubox_border_color = border_color
-
-# Item color
-item_color = dialog_color
-
-# Selected item color
-item_selected_color = button_active_color
-
-# Tag color
-tag_color = title_color
-
-# Selected tag color
-tag_selected_color = button_label_active_color
-
-# Tag key color
-tag_key_color = button_key_inactive_color
-
-# Selected tag key color
-tag_key_selected_color = (RED,MAGENTA,ON)
-
-# Check box color
-check_color = dialog_color
-
-# Selected check box color
-check_selected_color = button_active_color
-
-# Up arrow color
-uarrow_color = (MAGENTA,WHITE,ON)
-
-# Down arrow color
-darrow_color = uarrow_color
-
-# Item help-text color
-itemhelp_color = (WHITE,BLACK,OFF)
-
-# Active form text color
-form_active_text_color = button_active_color
-
-# Form text color
-form_text_color = (WHITE,CYAN,ON)
-
-# Readonly form item color
-form_item_readonly_color = (CYAN,WHITE,ON)
-
-# Dialog box gauge color
-gauge_color = title_color
-
-# Dialog box border2 color
-border2_color = dialog_color
-
-# Input box border2 color
-inputbox_border2_color = dialog_color
-
-# Search box border2 color
-searchbox_border2_color = dialog_color
-
-# Menu box border2 color
-menubox_border2_color = dialog_color

host/etc/issue

@@ -1,21 +0,0 @@
-
-┌────────────────────────────────────────────┐
-│ _____     ____       _        _  ___   _ _ │
-│|_   _|   |  _ \\ ___ | |_     / |( _ ) / / |│
-│  | |_____| |_) / _ \\| __|    | |/ _ \\ | | |│
-│  | |_____|  __/ (_) | |_     | | (_) || | |│
-│  |_|     |_|   \\___/ \\__|    |_|\\___(_)_|_|│
-│                                            │
-└────────────────────────────────────────────┘
-
-
-,---- [ \n ] [ \d ] [ \t ]
-|
-| IP:
-| SSH:
-| WEB:
-| ADMIN:
-|
-`----
-
-

host/etc/systemd/tpot.service

@@ -27,9 +27,6 @@ ExecStartPre=-/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^
 ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off'
 ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on'
 
-# Modify access rights on docker.sock for netdata
-ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
-
 # Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
 # Forward all other connections to honeytrap / NFQUEUE
 ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set

iso/installer/dialogrc

@@ -1,144 +0,0 @@
-#
-# Run-time configuration file for dialog
-#
-# Automatically generated by "dialog --create-rc <file>"
-#
-#
-# Types of values:
-#
-# Number     -  <number>
-# String     -  "string"
-# Boolean    -  <ON|OFF>
-# Attribute  -  (foreground,background,highlight?)
-
-# Set aspect-ration.
-aspect = 0
-
-# Set separator (for multiple widgets output).
-separate_widget = ""
-
-# Set tab-length (for textbox tab-conversion).
-tab_len = 0
-
-# Make tab-traversal for checklist, etc., include the list.
-visit_items = OFF
-
-# Shadow dialog boxes? This also turns on color.
-use_shadow = ON
-
-# Turn color support ON or OFF
-use_colors = ON
-
-# Screen color
-screen_color = (WHITE,MAGENTA,ON)
-
-# Shadow color
-shadow_color = (BLACK,BLACK,ON)
-
-# Dialog box color
-dialog_color = (BLACK,WHITE,OFF)
-
-# Dialog box title color
-title_color = (MAGENTA,WHITE,OFF)
-
-# Dialog box border color
-border_color = (WHITE,WHITE,ON)
-
-# Active button color
-button_active_color = (WHITE,MAGENTA,OFF)
-
-# Inactive button color
-button_inactive_color = dialog_color
-
-# Active button key color
-button_key_active_color = button_active_color
-
-# Inactive button key color
-button_key_inactive_color = (RED,WHITE,OFF)
-
-# Active button label color
-button_label_active_color = (YELLOW,MAGENTA,ON)
-
-# Inactive button label color
-button_label_inactive_color = (BLACK,WHITE,OFF)
-
-# Input box color
-inputbox_color = dialog_color
-
-# Input box border color
-inputbox_border_color = dialog_color
-
-# Search box color
-searchbox_color = dialog_color
-
-# Search box title color
-searchbox_title_color = title_color
-
-# Search box border color
-searchbox_border_color = border_color
-
-# File position indicator color
-position_indicator_color = title_color
-
-# Menu box color
-menubox_color = dialog_color
-
-# Menu box border color
-menubox_border_color = border_color
-
-# Item color
-item_color = dialog_color
-
-# Selected item color
-item_selected_color = button_active_color
-
-# Tag color
-tag_color = title_color
-
-# Selected tag color
-tag_selected_color = button_label_active_color
-
-# Tag key color
-tag_key_color = button_key_inactive_color
-
-# Selected tag key color
-tag_key_selected_color = (RED,MAGENTA,ON)
-
-# Check box color
-check_color = dialog_color
-
-# Selected check box color
-check_selected_color = button_active_color
-
-# Up arrow color
-uarrow_color = (MAGENTA,WHITE,ON)
-
-# Down arrow color
-darrow_color = uarrow_color
-
-# Item help-text color
-itemhelp_color = (WHITE,BLACK,OFF)
-
-# Active form text color
-form_active_text_color = button_active_color
-
-# Form text color
-form_text_color = (WHITE,CYAN,ON)
-
-# Readonly form item color
-form_item_readonly_color = (CYAN,WHITE,ON)
-
-# Dialog box gauge color
-gauge_color = title_color
-
-# Dialog box border2 color
-border2_color = dialog_color
-
-# Input box border2 color
-inputbox_border2_color = dialog_color
-
-# Search box border2 color
-searchbox_border2_color = dialog_color
-
-# Menu box border2 color
-menubox_border2_color = dialog_color

iso/installer/rc.local.install

@@ -1,3 +1,3 @@
 #!/bin/bash
-plymouth --quit
+#plymouth --quit
 openvt -f -w -s /root/installer/wrapper.sh

iso/isolinux/txt.cfg

@@ -1,6 +1,6 @@
 default install
 label install
-  menu label ^T-Pot 18.11.1
+  menu label ^T-Pot 19.03 (based on Debian Sid)
   menu default
   kernel linux
   append vga=788 initrd=initrd.gz console-setup/ask_detect=true --

iso/preseed/tpot.seed

@@ -13,7 +13,7 @@ d-i localechooser/preferred-locale string en_US.UTF-8
 ######################
 ### Keyboard Selection
 ######################
-#d-i console-setup/ask_detect boolean true
+d-i console-setup/ask_detect boolean true
 #d-i keyboard-configuration/layoutcode string de
 d-i console-setup/detected note
 
@@ -25,10 +25,10 @@ d-i console-setup/detected note
 #########################
 ### Network Configuration
 #########################
-#d-i netcfg/do_not_use_netplan true
-#d-i netcfg/choose_interface select auto
-#d-i netcfg/dhcp_timeout string 60
+d-i netcfg/choose_interface select auto
+d-i netcfg/dhcp_timeout string 60
 d-i netcfg/get_hostname string t-pot
+d-i netcfg/get_domain string
 
 ###############
 ### Disk Layout
@@ -71,16 +71,24 @@ d-i user-setup/encrypt-home boolean false
 ### Country Mirror & Proxy Configuration
 ########################################
 d-i mirror/country string manual
-d-i mirror/http/hostname string archive.ubuntu.com
-d-i mirror/http/directory string /ubuntu
+d-i mirror/http/hostname string deb.debian.org
+d-i mirror/http/directory string /debian
 d-i mirror/http/proxy string
 
+###################
+# Suite to install
+###################
+#d-i mirror/suite string unstable
+#d-i mirror/suite string testing
+#d-i mirror/udeb/suite string testing
+
 ###########################
 ### Skip Grub Configuration
 ###########################
 #d-i grub-installer/confirm boolean true
 #d-i grub-installer/only_debian boolean true
 #d-i grub-installer/with_other_os boolean true
+#d-i grub-installer/bootdev string default
 d-i grub-installer/skip boolean true
 d-i lilo-installer/skip boolean true
 
@@ -91,17 +99,18 @@ d-i lilo-installer/skip boolean true
 d-i clock-setup/utc boolean true
 d-i time/zone string UTC
 d-i clock-setup/ntp boolean true
-d-i clock-setup/ntp-server string ntp.ubuntu.com
+d-i clock-setup/ntp-server string debian.pool.ntp.org
 
 ##################
 ### Package Groups
 ##################
-tasksel tasksel/first multiselect ubuntu-server
+tasksel tasksel/first multiselect ssh-server
 
 ########################
 ### Package Installation
 ########################
-d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant
+d-i pkgsel/include string apache2-utils curl dialog figlet git grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet
+popularity-contest popularity-contest/participate boolean false
 
 #################
 ### Update Policy
@@ -120,8 +129,12 @@ d-i debian-installer/splash boolean false
 d-i preseed/late_command string \
 in-target apt-get -y install grub-pc; \
 in-target grub-install --force $(debconf-get partman-auto/disk); \
+update-dev; \
 in-target update-grub; \
-in-target git clone https://github.com/dtag-dev-sec/tpotce -b netplan /opt/tpot; \
+in-target git clone --depth=1 https://github.com/dtag-dev-sec/tpotce -b debian /opt/tpot; \
+in-target sed -i 's/allow-hotplug/auto/g' /etc/network/interfaces; \
+#in-target apt-get -y remove exim4-base; \
+#in-target apt-get -y autoremove; \
 cp /target/opt/tpot/iso/installer/rc.local.install /target/etc/rc.local; \
 cp /target/opt/tpot/iso/installer -R /target/root/;
 

makeiso.sh

@@ -2,14 +2,14 @@
 
 # Set TERM, DIALOGRC
 export TERM=linux
-export DIALOGRC=/etc/dialogrc
 
 # Let's define some global vars
 myBACKTITLE="T-Pot - ISO Creator"
-# If you need latest hardware support, try using the hardware enablement (hwe) ISO, usually released later in time
-# myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/hwe-netboot/mini.iso"
-myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/netboot/mini.iso"
-myUBUNTUISO="mini.iso"
+#myMINIISOLINK="http://ftp.debian.org/debian/dists/testing/main/installer-amd64/current/images/netboot/mini.iso"
+#myMINIISOLINK="https://d-i.debian.org/daily-images/amd64/daily/netboot/mini.iso"
+# For stability reasons Debian Sid installation is built on a stable installer
+myMINIISOLINK="http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/current/images/netboot/mini.iso"
+myMINIISO="mini.iso"
 myTPOTISO="tpot.iso"
 myTPOTDIR="tpotiso"
 myTPOTSEED="iso/preseed/tpot.seed"
@@ -49,9 +49,6 @@ if [ "$myINST" != "" ]
     done
 fi
 
-# Let's load dialog color theme
-cp host/etc/dialogrc /etc/
-
 # Let's clean up at the end or if something goes wrong ...
 function fuCLEANUP {
 rm -rf $myTMP $myTPOTDIR $myPFXFILE $myNTPCONFFILE $myCONF_FILE
@@ -81,7 +78,7 @@ function valid_ip()
 }
 
 # Let's ask if the user wants to run the script ...
-dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Ubuntu Mini ISO and build the T-Pot Install Image." 8 50
+dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Debian Mini ISO and build the T-Pot Install Image." 8 50
 mySTART=$?
 if [ "$mySTART" = "1" ];
   then
@@ -207,18 +204,18 @@ if [ "$myCONF_PROXY_USE" == "0" ] || [ "$myCONF_PFX_USE" == "0" ] || [ "$myCONF_
     echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE
 fi
 
-# Let's download Ubuntu Minimal ISO
-if [ ! -f $myUBUNTUISO ]
+# Let's download Debian Minimal ISO
+if [ ! -f $myMINIISO ]
   then
-    wget $myUBUNTULINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... ]" --gauge "" 5 70;
-    echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... Done! ]" --gauge "" 5 70;
+    wget $myMINIISOLINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... ]" --gauge "" 5 70;
+    echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... Done! ]" --gauge "" 5 70;
   else
     dialog --infobox "Using previously downloaded .iso ..." 3 50;
 fi
 
 # Let's loop mount it and copy all contents
 mkdir -p $myTMP $myTPOTDIR
-mount -o loop $myUBUNTUISO $myTMP
+mount -o loop $myMINIISO $myTMP
 rsync -a $myTMP/ $myTPOTDIR
 umount $myTMP
 
@@ -279,4 +276,6 @@ do
   fi
 done
 
+dialog --clear
+
 exit 0

update.sh

@@ -58,7 +58,7 @@ function fuSELFUPDATE () {
       echo "###### $myBLUE""No updates found in repository.""$myWHITE"
       return
   fi
-  myRESULT=$(git diff --name-only origin/master | grep update.sh)
+  myRESULT=$(git diff --name-only origin/debian | grep update.sh)
   if [ "$myRESULT" == "update.sh" ];
     then
       echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE"
@@ -76,8 +76,8 @@ echo
 
 # Let's check for version
 function fuCHECK_VERSION () {
-local myMINVERSION="18.04.0"
-local myMASTERVERSION="18.11.0"
+local myMINVERSION="19.03.0"
+local myMASTERVERSION="19.03.0"
 echo
 echo "### Checking for version tag ..."
 if [ -f "version" ];
@@ -168,7 +168,7 @@ echo
 }
 
 function fuUPDATER () {
-local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
+local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant"
 echo "### Now upgrading packages ..."
 dpkg --configure -a
 apt-get -y autoclean
@@ -185,12 +185,10 @@ npm install "https://github.com/taskrabbit/elasticsearch-dump" -g
 pip install --upgrade pip
 hash -r
 pip install --upgrade elasticsearch-curator yq
-wget https://github.com/bcicen/ctop/releases/download/v0.7.1/ctop-0.7.1-linux-amd64 -O /usr/bin/ctop && chmod +x /usr/bin/ctop
 echo
 
 echo "### Now replacing T-Pot related config files on host"
 cp host/etc/systemd/* /etc/systemd/system/
-cp host/etc/issue /etc/
 systemctl daemon-reload
 echo
 
@@ -234,7 +232,7 @@ echo "### Now pulling latest docker images"
 echo "######$myBLUE This might take a while, please be patient!$myWHITE"
 fuPULLIMAGES 2>&1>/dev/null
 
-fuREMOVEOLDIMAGES "1804"
+#fuREMOVEOLDIMAGES "1804"
 echo "### If you made changes to tpot.yml please ensure to add them again."
 echo "### We stored the previous version as backup in /root/."
 echo "### Done, please reboot."
@@ -267,7 +265,7 @@ fi
 
 fuCHECK_VERSION
 fuCONFIGCHECK
-fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com"
+fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://debian.org"
 fuSTOP_TPOT
 fuBACKUP
 fuSELFUPDATE "$0" "$@"

version

@@ -1 +1 @@
-18.11.0
+19.03.0