4 Commits

Author SHA1 Message Date
be42aaa958 Update Dockerfile 2019-04-18 10:24:42 +02:00
35e89b1e20 Fix for #311
Thanks to @ChessSpider for reporting!
2019-03-06 10:20:17 +01:00
c67e4593d7 Update Dockerfile 2019-02-06 16:43:09 +01:00
565f156173 Fix name for Suricata daemons 2019-02-06 16:13:03 +01:00
15 changed files with 831 additions and 559 deletions

View File

@ -1,6 +1,6 @@
# T-Pot 19.03 # T-Pot 18.11
T-Pot 19.03 runs on Debian (Sid), is based heavily on T-Pot 18.11 runs on the latest 18.04.x LTS Ubuntu Server Network Installer image, is based on
[docker](https://www.docker.com/), [docker-compose](https://docs.docker.com/compose/) [docker](https://www.docker.com/), [docker-compose](https://docs.docker.com/compose/)
@ -70,21 +70,55 @@ Furthermore we use the following tools
- [Fun Fact](#funfact) - [Fun Fact](#funfact)
<a name="changelog"></a> <a name="changelog"></a>
# Release Notes # Changelog
- **Move from Ubuntu 18.04 to Debian (Sid)** - **New honeypots**
- For almost 5 years Ubuntu LTS versions were our distributions of choice. Last year we made a design choice for T-Pot to be closer to a rolling release model and thus allowing us to issue smaller changes and releases in a more timely manner. The distribution of choice is Debian (Sid / unstable) which will provide us with the latest advancements in a Debian based distribution. - *Adbhoney* Low interaction honeypot designed for Android Debug Bridge over TCP/IP.
- **Docker images will keep the 1811 tag** - *Ciscoasa* a low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
- The docker images will keep the 1811 tag. - *Glutton* (NextGen) is the all eating honeypot
- *Heralding* a credentials catching honeypot.
- *Medpot* is a HL7 / FHIR honeypot.
- *Snare* is a web application honeypot sensor, is the successor of Glastopf. SNARE has feature parity with Glastopf and allows to convert existing web pages into attack surfaces.
- *Tanner* is SNARES' "brain". Every event is send from SNARE to TANNER, gets evaluated and TANNER decides how SNARE should respond to the client. This allows us to change the behaviour of many sensors on the fly. We are providing a TANNER instance for your use, but there is nothing stopping you from setting up your own instance.
- **New tools**
- *Cockpit* is an interactive server admin interface. It is easy to use and very lightweight. Cockpit interacts directly with the operating system from a real Linux session in a browser.
- *Cyberchef* is the Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
- *grc* (commandline) is yet another colouriser (written in python) for beautifying your logfiles or output of commands.
- *multitail* (commandline) allows you to monitor logfiles and command output in multiple windows in a terminal, colorize, filter and merge.
- *tped.sh* (commandline) allows you to switch between T-Pot Editions after installation.
- **Deprecated tools** - **Deprecated tools**
- *ctop* will no longer be part of T-Pot. - *Netdata*, *Portainer* and *WeTTY* were superseded by *Cockpit* which is much more lightweight, perfectly well integrated into Ubuntu 18.04 LTS and of course comes with the same but a more basic feature set.
- **New Standard Installation**
- The new standard installation is now running a whopping *14* honeypot instances.
- **T-Pot Universal Installer**
- The T-Pot installer now also includes the option to install on a existing machine, the T-Pot-Autoinstaller is no longer necessary.
- **Tighten Security**
- The docker containers are now running mostly with a read-only file system
- If possible using `setcap` to start daemons without root or dropping privileges
- Introducing `fail2ban` to ease up on `authorized_keys` requirement which is no longer necessary for `SSH`. Also to further prevent brute-force attacks on `Cockpit` and `NGINX` allowing for faster load times of the WebUI.
- **Iptables exceptions for NFQ based honeypots**
- In previous versions `iptables`had manually be maintained, now a a script parses `/opt/tpot/etc/tpot.yml` and extracts port information to automatically generate exceptions for ports that should not be forwarded to NFQ.
- **CI**
- The Kibana UI now uses a magenta theme.
- **ES HEAD**
- A Java Script now automatically enters the correct FQDN / IP. A manual step is no longer required.
- **ELK STACK**
- The ELK Stack was updated to the latest 6.x versions.
- This also means you can now expect the availability of basic *X-Pack-Feaures*, the full feature set however is only available to users with a valid license.
- **Dashboards Makeover**
- Because Kibana 6.x introduced so much whitespace the dashboards and some of the visualizations needed some overhaul. While it probably needs some getting used to the key was to focus on displaying as much information while not compromising on clarity.
- Because of the new honeypots we now more than **200 Visualizations** pre-configured and compiled to 16 individual **Kibana Dashboards**. Monitor all *honeypot events* locally on your T-Pot installation. Aside from *honeypot events* you can also view *Suricata NSM and NGINX* events for a quick overview of wire events.
- **Honeypot updates and improvements**
- All honeypots were updated to their latest stable versions.
- Docker images were mostly overhauled to tighten security even further
- Some of the honeypot configurations were modified to keep things fresh
- **Update Feature** - **Update Feature**
- For the ones who like to live on the bleeding edge of T-Pot development there is now a update script available in `/opt/tpot/update.sh`. - For the ones who like to live on the bleeding edge of T-Pot development there is now a update script available in `/opt/tpot/update.sh`.
- This feature is beta and is mostly intended to provide you with the latest development advances without the need of reinstalling T-Pot. - This feature is now in beta and is mostly intended to provide you with the latest development advances without the need of reinstalling T-Pot.
<a name="concept"></a> <a name="concept"></a>
# Technical Concept # Technical Concept
T-Pot is based on the network installer Debian (Stretch). During installation the whole system will be updated to Debian (Sid). T-Pot is based on the network installer of Ubuntu Server 18.04.x LTS.
The honeypot daemons as well as other support components being used have been containerized using [docker](http://docker.io). The honeypot daemons as well as other support components being used have been containerized using [docker](http://docker.io).
This allows us to run multiple honeypot daemons on the same network interface while maintaining a small footprint and constrain each honeypot within its own environment. This allows us to run multiple honeypot daemons on the same network interface while maintaining a small footprint and constrain each honeypot within its own environment.
@ -117,7 +151,7 @@ In T-Pot we combine the dockerized honeypots ...
![Architecture](doc/architecture.png) ![Architecture](doc/architecture.png)
While data within docker containers is volatile we do ensure a default 30 day persistence of all relevant honeypot and tool data in the well known `/data` folder and sub-folders. The persistence configuration may be adjusted in `/opt/tpot/etc/logrotate/logrotate.conf`. Once a docker container crashes, all other data produced within its environment is erased and a fresh instance is started from the corresponding docker image.<br> While data within docker containers is volatile we do now ensure a default 30 day persistence of all relevant honeypot and tool data in the well known `/data` folder and sub-folders. The persistence configuration may be adjusted in `/opt/tpot/etc/logrotate/logrotate.conf`. Once a docker container crashes, all other data produced within its environment is erased and a fresh instance is started from the corresponding docker image.<br>
Basically, what happens when the system is booted up is the following: Basically, what happens when the system is booted up is the following:
@ -193,7 +227,7 @@ Depending on your installation type, whether you install on [real hardware](#har
# Installation # Installation
The installation of T-Pot is straight forward and heavily depends on a working, transparent and non-proxied up and running internet connection. Otherwise the installation **will fail!** The installation of T-Pot is straight forward and heavily depends on a working, transparent and non-proxied up and running internet connection. Otherwise the installation **will fail!**
Firstly, decide if you want to download our prebuilt installation ISO image from [GitHub](https://github.com/dtag-dev-sec/tpotce/releases), [create it yourself](#createiso) ***or*** [post-install on an existing Debian 9.7 (Stretch)](#postinstall). Firstly, decide if you want to download our prebuilt installation ISO image from [GitHub](https://github.com/dtag-dev-sec/tpotce/releases), [create it yourself](#createiso) ***or*** [post-install on a existing Ubuntu Server 18.04 LTS](#postinstall).
Secondly, decide where you want to let the system run: [real hardware](#hardware) or in a [virtual machine](#vm)? Secondly, decide where you want to let the system run: [real hardware](#hardware) or in a [virtual machine](#vm)?
@ -207,7 +241,7 @@ You can download the prebuilt installation image from [GitHub](https://github.co
For transparency reasons and to give you the ability to customize your install, we provide you the [ISO Creator](https://github.com/dtag-dev-sec/tpotce) that enables you to create your own ISO installation image. For transparency reasons and to give you the ability to customize your install, we provide you the [ISO Creator](https://github.com/dtag-dev-sec/tpotce) that enables you to create your own ISO installation image.
**Requirements to create the ISO image:** **Requirements to create the ISO image:**
- Debian 9.7 or newer as host system (others *may* work, but *remain* untested) - Ubuntu 18.04 LTS or newer as host system (others *may* work, but *remain* untested)
- 4GB of free memory - 4GB of free memory
- 32GB of free storage - 32GB of free storage
- A working internet connection - A working internet connection
@ -250,17 +284,17 @@ If you decide to run T-Pot on dedicated hardware, just follow these steps:
Whereas most CD burning tools allow you to burn from ISO images, the procedure to create a bootable USB stick from an ISO image depends on your system. There are various Windows GUI tools available, e.g. [this tip](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows) might help you.<br> On [Linux](http://askubuntu.com/questions/59551/how-to-burn-a-iso-to-a-usb-device) or [MacOS](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-mac-osx) you can use the tool *dd* or create the USB stick with T-Pot's [ISO Creator](https://github.com/dtag-dev-sec). Whereas most CD burning tools allow you to burn from ISO images, the procedure to create a bootable USB stick from an ISO image depends on your system. There are various Windows GUI tools available, e.g. [this tip](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows) might help you.<br> On [Linux](http://askubuntu.com/questions/59551/how-to-burn-a-iso-to-a-usb-device) or [MacOS](http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-mac-osx) you can use the tool *dd* or create the USB stick with T-Pot's [ISO Creator](https://github.com/dtag-dev-sec).
2. Boot from the USB stick and install. 2. Boot from the USB stick and install.
*Please note*: While we are performing limited tests with the Intel NUC platform other hardware platforms **remain untested**. We can not provide hardware support of any kind. *Please note*: We will ensure the compatibility with the Intel NUC platform, as we really like the form factor, looks and build quality. Other platforms **remain untested**.
<a name="postinstall"></a> <a name="postinstall"></a>
## Post-Install User ## Post-Install User
In some cases it is necessary to install Debian 9.7 (Stretch) on your own: In some cases it is necessary to install Ubuntu Server 18.04 LTS on your own:
- Cloud provider does not offer mounting ISO images. - Cloud provider does not offer mounting ISO images.
- Hardware setup needs special drivers and / or kernels. - Hardware setup needs special drivers and / or kernels.
- Within your company you have to setup special policies, software etc. - Within your company you have to setup special policies, software etc.
- You just like to stay on top of things. - You just like to stay on top of things.
The T-Pot Universal Installer will upgrade the system to Debian (Sid) and install all required T-Pot dependencies. While the T-Pot-Autoinstaller served us perfectly well in the past we decided to include the feature directly into T-Pot and its Universal Installer.
Just follow these steps: Just follow these steps:
@ -310,7 +344,7 @@ You can also login from your browser and access the Web UI: `https://<your.ip>:6
<a name="placement"></a> <a name="placement"></a>
# System Placement # System Placement
Make sure your system is reachable through a network you suspect intruders in / from (i.e. the internet). Otherwise T-Pot will most likely not capture any attacks, other than the ones from your internal network! We recommend you put it in an unfiltered zone, where all TCP and UDP traffic is forwarded to T-Pot's network interface. However to avoid fingerprinting you can put T-Pot behind a firewall and forward all TCP / UDP traffic in the port range of 1-64000 to T-Pot while allowing access to ports > 64000 only from trusted IPs. Make sure your system is reachable through the internet. Otherwise it will not capture any attacks, other than the ones from your internal network! We recommend you put it in an unfiltered zone, where all TCP and UDP traffic is forwarded to T-Pot's network interface. However to avoid fingerprinting you can put T-Pot behind a firewall and forward all TCP / UDP traffic in the port range of 1-64000 to T-Pot while allowing access to ports > 64000 only from trusted IPs.
A list of all relevant ports is available as part of the [Technical Concept](#concept) A list of all relevant ports is available as part of the [Technical Concept](#concept)
<br> <br>
@ -321,7 +355,7 @@ In case you need external Admin UI access, forward TCP port 64294 to T-Pot, see
In case you need external SSH access, forward TCP port 64295 to T-Pot, see below. In case you need external SSH access, forward TCP port 64295 to T-Pot, see below.
In case you need external Web UI access, forward TCP port 64297 to T-Pot, see below. In case you need external Web UI access, forward TCP port 64297 to T-Pot, see below.
T-Pot requires outgoing git, http, https connections for updates (Debian, Docker, GitHub, PyPi) and attack submission (ewsposter, hpfeeds). Ports and availability may vary based on your geographical location. T-Pot requires outgoing git, http, https connections for updates (Ubuntu, Docker, GitHub, PyPi) and attack submission (ewsposter, hpfeeds). Ports and availability may vary based on your geographical location.
<a name="updates"></a> <a name="updates"></a>
# Updates # Updates
@ -329,9 +363,10 @@ For the ones of you who want to live on the bleeding edge of T-Pot development w
**If you made any relevant changes to the T-Pot relevant config files make sure to create a backup first.** **If you made any relevant changes to the T-Pot relevant config files make sure to create a backup first.**
- The Update script will - The Update script will
- **merciless** overwrite local changes to be in sync with the T-Pot master branch - **merciless** overwrite local changes to be in sync with the T-Pot master branch
- upgrade the system to the packages available in Debian (Sid) - upgrade the system to the latest kernel within Ubuntu 18.04.x LTS
- update all resources to be in-sync with the T-Pot master branch - upgrade the system to the latest packages available within Ubuntu 18.04.x LTS
- ensure all T-Pot relevant system files will be patched / copied into the original T-Pot state - update all resources to be en par with the T-Pot master branch
- ensure all T-Pot relevant system files will be patched / copied into original T-Pot state
You simply run the update script: You simply run the update script:
``` ```
@ -447,12 +482,12 @@ The software that T-Pot is built on uses the following licenses.
<br>GPLv2: [conpot)](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](http://suricata-ids.org/about/open-source/) <br>GPLv2: [conpot)](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](http://suricata-ids.org/about/open-source/)
<br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://github.com/schmalle/ElasticPot), [ewsposter](https://github.com/dtag-dev-sec/ews/), [glastopf](https://github.com/glastopf/glastopf/blob/master/GPL), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE) <br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://github.com/schmalle/ElasticPot), [ewsposter](https://github.com/dtag-dev-sec/ews/), [glastopf](https://github.com/glastopf/glastopf/blob/master/GPL), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
<br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE) <br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE)
<br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE) <br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [ctop](https://github.com/bcicen/ctop/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE)
<br> Other: [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/) <br> Other: [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Ubuntu licensing](http://www.ubuntu.com/about/about-ubuntu/licensing)
<a name="credits"></a> <a name="credits"></a>
# Credits # Credits
Without open source and the fruitful development community (we are proud to be a part of), T-Pot would not have been possible! Our thanks are extended but not limited to the following people and organizations: Without open source and the fruitful development community we are proud to be a part of, T-Pot would not have been possible! Our thanks are extended but not limited to the following people and organizations:
### The developers and development communities of ### The developers and development communities of
@ -484,7 +519,7 @@ Without open source and the fruitful development community (we are proud to be a
* [ubuntu](http://www.ubuntu.com/) * [ubuntu](http://www.ubuntu.com/)
### The following companies and organizations ### The following companies and organizations
* [debian](https://www.debian.org/) * [canonical](http://www.canonical.com/)
* [docker](https://www.docker.com/) * [docker](https://www.docker.com/)
* [elastic.io](https://www.elastic.co/) * [elastic.io](https://www.elastic.co/)
* [honeynet project](https://www.honeynet.org/) * [honeynet project](https://www.honeynet.org/)
@ -499,4 +534,4 @@ We will be releasing a new version of T-Pot about every 6-12 months.
<a name="funfact"></a> <a name="funfact"></a>
# Fun Fact # Fun Fact
In an effort of saving the environment we are now brewing our own Mate Ice Tea and consumed 57 liters so far for the T-Pot 19.03 development 😇 In an effort of saving the environment we are now brewing our own Mate Ice Tea and consumed 241 liters so far for the T-Pot 18.11 development 😇

View File

@ -9,7 +9,7 @@ myWHITE=""
myMAGENTA="" myMAGENTA=""
function fuGETSTATUS { function fuGETSTATUS {
grc --colour=on docker ps -f status=running -f status=exited --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep -v "NAME" | sort grc docker ps -f status=running -f status=exited --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep -v "NAME" | sort
} }
function fuGETSYS { function fuGETSYS {

View File

@ -9,18 +9,10 @@ if [ "$myEXTIP" = "" ];
myEXTIP=$myLOCALIP myEXTIP=$myLOCALIP
fi fi
mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1) mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1)
echo "" > /etc/issue sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue
toilet -f ivrit -F metal --filter border:metal "T-Pot 19.03" | sed 's/\\/\\\\/g' >> /etc/issue sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue
echo >> /etc/issue sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue
echo ",---- [ \n ] [ \d ] [ \t ]" >> /etc/issue sed -i "s#ADMIN:.*#ADMIN: https://$myLOCALIP:64294#" /etc/issue
echo "|" >> /etc/issue
echo "| IP: $myLOCALIP ($myEXTIP)" >> /etc/issue
echo "| SSH: ssh -l tsec -p 64295 $myLOCALIP" >> /etc/issue
echo "| WEB: https://$myLOCALIP:64297" >> /etc/issue
echo "| ADMIN: https://$myLOCALIP:64294" >> /etc/issue
echo "|" >> /etc/issue
echo "\`----" >> /etc/issue
echo >> /etc/issue
tee /data/ews/conf/ews.ip << EOF tee /data/ews/conf/ews.ip << EOF
[MAIN] [MAIN]
ip = $myEXTIP ip = $myEXTIP

Binary file not shown.

Before

Width:  |  Height:  |  Size: 233 KiB

After

Width:  |  Height:  |  Size: 336 KiB

View File

@ -20,7 +20,7 @@ RUN apk -U --no-cache add \
py-requests \ py-requests \
py-setuptools && \ py-setuptools && \
pip install --no-cache-dir -U pip && \ pip install --no-cache-dir -U pip && \
pip install --no-use-pep517 --no-cache-dir pyOpenSSL && \ pip install --no-cache-dir pyOpenSSL xmljson && \
# Setup ewsposter # Setup ewsposter
git clone --depth=1 https://github.com/rep/hpfeeds /opt/hpfeeds && \ git clone --depth=1 https://github.com/rep/hpfeeds /opt/hpfeeds && \

144
host/etc/dialogrc Normal file
View File

@ -0,0 +1,144 @@
#
# Run-time configuration file for dialog
#
# Automatically generated by "dialog --create-rc <file>"
#
#
# Types of values:
#
# Number - <number>
# String - "string"
# Boolean - <ON|OFF>
# Attribute - (foreground,background,highlight?)
# Set aspect-ration.
aspect = 0
# Set separator (for multiple widgets output).
separate_widget = ""
# Set tab-length (for textbox tab-conversion).
tab_len = 0
# Make tab-traversal for checklist, etc., include the list.
visit_items = OFF
# Shadow dialog boxes? This also turns on color.
use_shadow = ON
# Turn color support ON or OFF
use_colors = ON
# Screen color
screen_color = (WHITE,MAGENTA,ON)
# Shadow color
shadow_color = (BLACK,BLACK,ON)
# Dialog box color
dialog_color = (BLACK,WHITE,OFF)
# Dialog box title color
title_color = (MAGENTA,WHITE,OFF)
# Dialog box border color
border_color = (WHITE,WHITE,ON)
# Active button color
button_active_color = (WHITE,MAGENTA,OFF)
# Inactive button color
button_inactive_color = dialog_color
# Active button key color
button_key_active_color = button_active_color
# Inactive button key color
button_key_inactive_color = (RED,WHITE,OFF)
# Active button label color
button_label_active_color = (YELLOW,MAGENTA,ON)
# Inactive button label color
button_label_inactive_color = (BLACK,WHITE,OFF)
# Input box color
inputbox_color = dialog_color
# Input box border color
inputbox_border_color = dialog_color
# Search box color
searchbox_color = dialog_color
# Search box title color
searchbox_title_color = title_color
# Search box border color
searchbox_border_color = border_color
# File position indicator color
position_indicator_color = title_color
# Menu box color
menubox_color = dialog_color
# Menu box border color
menubox_border_color = border_color
# Item color
item_color = dialog_color
# Selected item color
item_selected_color = button_active_color
# Tag color
tag_color = title_color
# Selected tag color
tag_selected_color = button_label_active_color
# Tag key color
tag_key_color = button_key_inactive_color
# Selected tag key color
tag_key_selected_color = (RED,MAGENTA,ON)
# Check box color
check_color = dialog_color
# Selected check box color
check_selected_color = button_active_color
# Up arrow color
uarrow_color = (MAGENTA,WHITE,ON)
# Down arrow color
darrow_color = uarrow_color
# Item help-text color
itemhelp_color = (WHITE,BLACK,OFF)
# Active form text color
form_active_text_color = button_active_color
# Form text color
form_text_color = (WHITE,CYAN,ON)
# Readonly form item color
form_item_readonly_color = (CYAN,WHITE,ON)
# Dialog box gauge color
gauge_color = title_color
# Dialog box border2 color
border2_color = dialog_color
# Input box border2 color
inputbox_border2_color = dialog_color
# Search box border2 color
searchbox_border2_color = dialog_color
# Menu box border2 color
menubox_border2_color = dialog_color

21
host/etc/issue Normal file
View File

@ -0,0 +1,21 @@

┌────────────────────────────────────────────┐
│ _____ ____ _ _ ___ _ _ │
│|_ _| | _ \\ ___ | |_ / |( _ ) / / |│
│ | |_____| |_) / _ \\| __| | |/ _ \\ | | |│
│ | |_____| __/ (_) | |_ | | (_) || | |│
│ |_| |_| \\___/ \\__| |_|\\___(_)_|_|│
│ │
└────────────────────────────────────────────┘
,---- [ \n ] [ \d ] [ \t ]
|
| IP:
| SSH:
| WEB:
| ADMIN:
|
`----

144
iso/installer/dialogrc Normal file
View File

@ -0,0 +1,144 @@
#
# Run-time configuration file for dialog
#
# Automatically generated by "dialog --create-rc <file>"
#
#
# Types of values:
#
# Number - <number>
# String - "string"
# Boolean - <ON|OFF>
# Attribute - (foreground,background,highlight?)
# Set aspect-ration.
aspect = 0
# Set separator (for multiple widgets output).
separate_widget = ""
# Set tab-length (for textbox tab-conversion).
tab_len = 0
# Make tab-traversal for checklist, etc., include the list.
visit_items = OFF
# Shadow dialog boxes? This also turns on color.
use_shadow = ON
# Turn color support ON or OFF
use_colors = ON
# Screen color
screen_color = (WHITE,MAGENTA,ON)
# Shadow color
shadow_color = (BLACK,BLACK,ON)
# Dialog box color
dialog_color = (BLACK,WHITE,OFF)
# Dialog box title color
title_color = (MAGENTA,WHITE,OFF)
# Dialog box border color
border_color = (WHITE,WHITE,ON)
# Active button color
button_active_color = (WHITE,MAGENTA,OFF)
# Inactive button color
button_inactive_color = dialog_color
# Active button key color
button_key_active_color = button_active_color
# Inactive button key color
button_key_inactive_color = (RED,WHITE,OFF)
# Active button label color
button_label_active_color = (YELLOW,MAGENTA,ON)
# Inactive button label color
button_label_inactive_color = (BLACK,WHITE,OFF)
# Input box color
inputbox_color = dialog_color
# Input box border color
inputbox_border_color = dialog_color
# Search box color
searchbox_color = dialog_color
# Search box title color
searchbox_title_color = title_color
# Search box border color
searchbox_border_color = border_color
# File position indicator color
position_indicator_color = title_color
# Menu box color
menubox_color = dialog_color
# Menu box border color
menubox_border_color = border_color
# Item color
item_color = dialog_color
# Selected item color
item_selected_color = button_active_color
# Tag color
tag_color = title_color
# Selected tag color
tag_selected_color = button_label_active_color
# Tag key color
tag_key_color = button_key_inactive_color
# Selected tag key color
tag_key_selected_color = (RED,MAGENTA,ON)
# Check box color
check_color = dialog_color
# Selected check box color
check_selected_color = button_active_color
# Up arrow color
uarrow_color = (MAGENTA,WHITE,ON)
# Down arrow color
darrow_color = uarrow_color
# Item help-text color
itemhelp_color = (WHITE,BLACK,OFF)
# Active form text color
form_active_text_color = button_active_color
# Form text color
form_text_color = (WHITE,CYAN,ON)
# Readonly form item color
form_item_readonly_color = (CYAN,WHITE,ON)
# Dialog box gauge color
gauge_color = title_color
# Dialog box border2 color
border2_color = dialog_color
# Input box border2 color
inputbox_border2_color = dialog_color
# Search box border2 color
searchbox_border2_color = dialog_color
# Menu box border2 color
menubox_border2_color = dialog_color

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
#plymouth --quit plymouth --quit
openvt -f -w -s /root/installer/wrapper.sh openvt -f -w -s /root/installer/wrapper.sh

View File

@ -1,6 +1,6 @@
default install default install
label install label install
menu label ^T-Pot 19.03 (based on Debian Sid) menu label ^T-Pot 18.11
menu default menu default
kernel linux kernel linux
append vga=788 initrd=initrd.gz console-setup/ask_detect=true -- append vga=788 initrd=initrd.gz console-setup/ask_detect=true --

View File

@ -13,7 +13,7 @@ d-i localechooser/preferred-locale string en_US.UTF-8
###################### ######################
### Keyboard Selection ### Keyboard Selection
###################### ######################
d-i console-setup/ask_detect boolean true #d-i console-setup/ask_detect boolean true
#d-i keyboard-configuration/layoutcode string de #d-i keyboard-configuration/layoutcode string de
d-i console-setup/detected note d-i console-setup/detected note
@ -25,10 +25,10 @@ d-i console-setup/detected note
######################### #########################
### Network Configuration ### Network Configuration
######################### #########################
d-i netcfg/choose_interface select auto d-i netcfg/do_not_use_netplan true
d-i netcfg/dhcp_timeout string 60 #d-i netcfg/choose_interface select auto
#d-i netcfg/dhcp_timeout string 60
d-i netcfg/get_hostname string t-pot d-i netcfg/get_hostname string t-pot
d-i netcfg/get_domain string
############### ###############
### Disk Layout ### Disk Layout
@ -71,24 +71,16 @@ d-i user-setup/encrypt-home boolean false
### Country Mirror & Proxy Configuration ### Country Mirror & Proxy Configuration
######################################## ########################################
d-i mirror/country string manual d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org d-i mirror/http/hostname string archive.ubuntu.com
d-i mirror/http/directory string /debian d-i mirror/http/directory string /ubuntu
d-i mirror/http/proxy string d-i mirror/http/proxy string
###################
# Suite to install
###################
#d-i mirror/suite string unstable
#d-i mirror/suite string testing
#d-i mirror/udeb/suite string testing
########################### ###########################
### Skip Grub Configuration ### Skip Grub Configuration
########################### ###########################
#d-i grub-installer/confirm boolean true #d-i grub-installer/confirm boolean true
#d-i grub-installer/only_debian boolean true #d-i grub-installer/only_debian boolean true
#d-i grub-installer/with_other_os boolean true #d-i grub-installer/with_other_os boolean true
#d-i grub-installer/bootdev string default
d-i grub-installer/skip boolean true d-i grub-installer/skip boolean true
d-i lilo-installer/skip boolean true d-i lilo-installer/skip boolean true
@ -99,18 +91,17 @@ d-i lilo-installer/skip boolean true
d-i clock-setup/utc boolean true d-i clock-setup/utc boolean true
d-i time/zone string UTC d-i time/zone string UTC
d-i clock-setup/ntp boolean true d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string debian.pool.ntp.org d-i clock-setup/ntp-server string ntp.ubuntu.com
################## ##################
### Package Groups ### Package Groups
################## ##################
tasksel tasksel/first multiselect ssh-server tasksel tasksel/first multiselect ubuntu-server
######################## ########################
### Package Installation ### Package Installation
######################## ########################
d-i pkgsel/include string apache2-utils curl dialog figlet git grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant
popularity-contest popularity-contest/participate boolean false
################# #################
### Update Policy ### Update Policy
@ -129,12 +120,8 @@ d-i debian-installer/splash boolean false
d-i preseed/late_command string \ d-i preseed/late_command string \
in-target apt-get -y install grub-pc; \ in-target apt-get -y install grub-pc; \
in-target grub-install --force $(debconf-get partman-auto/disk); \ in-target grub-install --force $(debconf-get partman-auto/disk); \
update-dev; \
in-target update-grub; \ in-target update-grub; \
in-target git clone --depth=1 https://github.com/dtag-dev-sec/tpotce -b debian /opt/tpot; \ in-target git clone https://github.com/dtag-dev-sec/tpotce /opt/tpot; \
in-target sed -i 's/allow-hotplug/auto/g' /etc/network/interfaces; \
#in-target apt-get -y remove exim4-base; \
#in-target apt-get -y autoremove; \
cp /target/opt/tpot/iso/installer/rc.local.install /target/etc/rc.local; \ cp /target/opt/tpot/iso/installer/rc.local.install /target/etc/rc.local; \
cp /target/opt/tpot/iso/installer -R /target/root/; cp /target/opt/tpot/iso/installer -R /target/root/;

View File

@ -2,14 +2,14 @@
# Set TERM, DIALOGRC # Set TERM, DIALOGRC
export TERM=linux export TERM=linux
export DIALOGRC=/etc/dialogrc
# Let's define some global vars # Let's define some global vars
myBACKTITLE="T-Pot - ISO Creator" myBACKTITLE="T-Pot - ISO Creator"
#myMINIISOLINK="http://ftp.debian.org/debian/dists/testing/main/installer-amd64/current/images/netboot/mini.iso" # If you need latest hardware support, try using the hardware enablement (hwe) ISO, usually released later in time
#myMINIISOLINK="https://d-i.debian.org/daily-images/amd64/daily/netboot/mini.iso" # myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/hwe-netboot/mini.iso"
# For stability reasons Debian Sid installation is built on a stable installer myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/netboot/mini.iso"
myMINIISOLINK="http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/current/images/netboot/mini.iso" myUBUNTUISO="mini.iso"
myMINIISO="mini.iso"
myTPOTISO="tpot.iso" myTPOTISO="tpot.iso"
myTPOTDIR="tpotiso" myTPOTDIR="tpotiso"
myTPOTSEED="iso/preseed/tpot.seed" myTPOTSEED="iso/preseed/tpot.seed"
@ -49,6 +49,9 @@ if [ "$myINST" != "" ]
done done
fi fi
# Let's load dialog color theme
cp host/etc/dialogrc /etc/
# Let's clean up at the end or if something goes wrong ... # Let's clean up at the end or if something goes wrong ...
function fuCLEANUP { function fuCLEANUP {
rm -rf $myTMP $myTPOTDIR $myPFXFILE $myNTPCONFFILE $myCONF_FILE rm -rf $myTMP $myTPOTDIR $myPFXFILE $myNTPCONFFILE $myCONF_FILE
@ -78,7 +81,7 @@ function valid_ip()
} }
# Let's ask if the user wants to run the script ... # Let's ask if the user wants to run the script ...
dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Debian Mini ISO and build the T-Pot Install Image." 8 50 dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Ubuntu Mini ISO and build the T-Pot Install Image." 8 50
mySTART=$? mySTART=$?
if [ "$mySTART" = "1" ]; if [ "$mySTART" = "1" ];
then then
@ -204,18 +207,18 @@ if [ "$myCONF_PROXY_USE" == "0" ] || [ "$myCONF_PFX_USE" == "0" ] || [ "$myCONF_
echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE
fi fi
# Let's download Debian Minimal ISO # Let's download Ubuntu Minimal ISO
if [ ! -f $myMINIISO ] if [ ! -f $myUBUNTUISO ]
then then
wget $myMINIISOLINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... ]" --gauge "" 5 70; wget $myUBUNTULINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... ]" --gauge "" 5 70;
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... Done! ]" --gauge "" 5 70; echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... Done! ]" --gauge "" 5 70;
else else
dialog --infobox "Using previously downloaded .iso ..." 3 50; dialog --infobox "Using previously downloaded .iso ..." 3 50;
fi fi
# Let's loop mount it and copy all contents # Let's loop mount it and copy all contents
mkdir -p $myTMP $myTPOTDIR mkdir -p $myTMP $myTPOTDIR
mount -o loop $myMINIISO $myTMP mount -o loop $myUBUNTUISO $myTMP
rsync -a $myTMP/ $myTPOTDIR rsync -a $myTMP/ $myTPOTDIR
umount $myTMP umount $myTMP
@ -276,6 +279,4 @@ do
fi fi
done done
dialog --clear
exit 0 exit 0

View File

@ -58,7 +58,7 @@ function fuSELFUPDATE () {
echo "###### $myBLUE""No updates found in repository.""$myWHITE" echo "###### $myBLUE""No updates found in repository.""$myWHITE"
return return
fi fi
myRESULT=$(git diff --name-only origin/debian | grep update.sh) myRESULT=$(git diff --name-only origin/master | grep update.sh)
if [ "$myRESULT" == "update.sh" ]; if [ "$myRESULT" == "update.sh" ];
then then
echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE" echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE"
@ -76,8 +76,8 @@ echo
# Let's check for version # Let's check for version
function fuCHECK_VERSION () { function fuCHECK_VERSION () {
local myMINVERSION="19.03.0" local myMINVERSION="18.04.0"
local myMASTERVERSION="19.03.0" local myMASTERVERSION="18.11.0"
echo echo
echo "### Checking for version tag ..." echo "### Checking for version tag ..."
if [ -f "version" ]; if [ -f "version" ];
@ -168,7 +168,7 @@ echo
} }
function fuUPDATER () { function fuUPDATER () {
local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
echo "### Now upgrading packages ..." echo "### Now upgrading packages ..."
dpkg --configure -a dpkg --configure -a
apt-get -y autoclean apt-get -y autoclean
@ -185,10 +185,12 @@ npm install "https://github.com/taskrabbit/elasticsearch-dump" -g
pip install --upgrade pip pip install --upgrade pip
hash -r hash -r
pip install --upgrade elasticsearch-curator yq pip install --upgrade elasticsearch-curator yq
wget https://github.com/bcicen/ctop/releases/download/v0.7.1/ctop-0.7.1-linux-amd64 -O /usr/bin/ctop && chmod +x /usr/bin/ctop
echo echo
echo "### Now replacing T-Pot related config files on host" echo "### Now replacing T-Pot related config files on host"
cp host/etc/systemd/* /etc/systemd/system/ cp host/etc/systemd/* /etc/systemd/system/
cp host/etc/issue /etc/
systemctl daemon-reload systemctl daemon-reload
echo echo
@ -232,7 +234,7 @@ echo "### Now pulling latest docker images"
echo "######$myBLUE This might take a while, please be patient!$myWHITE" echo "######$myBLUE This might take a while, please be patient!$myWHITE"
fuPULLIMAGES 2>&1>/dev/null fuPULLIMAGES 2>&1>/dev/null
#fuREMOVEOLDIMAGES "1804" fuREMOVEOLDIMAGES "1804"
echo "### If you made changes to tpot.yml please ensure to add them again." echo "### If you made changes to tpot.yml please ensure to add them again."
echo "### We stored the previous version as backup in /root/." echo "### We stored the previous version as backup in /root/."
echo "### Done, please reboot." echo "### Done, please reboot."
@ -265,7 +267,7 @@ fi
fuCHECK_VERSION fuCHECK_VERSION
fuCONFIGCHECK fuCONFIGCHECK
fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://debian.org" fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com"
fuSTOP_TPOT fuSTOP_TPOT
fuBACKUP fuBACKUP
fuSELFUPDATE "$0" "$@" fuSELFUPDATE "$0" "$@"

View File

@ -1 +1 @@
19.03.0 18.11.0