work on permissions, folders and tpotinit

Add more functions to customizer.py (improve port and service checks, improve user output)
Adjust docker-compose files

.env

@@ -0,0 +1,121 @@
+# T-Pot config file. Do not remove.
+
+###############################################
+# T-Pot Base Settings - Adjust to your needs. #
+###############################################
+
+# Set Web username and password here, it will be used to create the Nginx password file nginxpasswd.
+#  Use 'htpasswd -n <username>' to create the WEB_USER if you want to manually deploy T-Pot
+#  Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
+#  Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
+WEB_USER='change:me'
+
+# T-Pot Blackhole
+#  ENABLED: T-Pot will download a db of known mass scanners and nullroute them
+#           Be aware, this will put T-Pot off the map for stealth reasons and
+#           you will get less traffic. Routes will active until reboot and will
+#           be re-added with every T-Pot start until disabled.
+#  DISABLED: This is the default and no stealth efforts are in place.
+TPOT_BLACKHOLE=DISABLED
+
+# T-Pot Persistence
+# on: This is the default. T-Pot will keep the honeypot logfiles and rotate
+#     with logrotate for 30 days.
+# off: This is recommended for Raspberry Pi or setups with weaker CPUs or
+#      if you just do not need any of the logfiles.
+TPOT_PERSISTENCE=on
+
+# T-Pot Type
+# HIVE: This is the default and offers everything to connect T-Pot sensors.
+# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
+#         settings as well.
+#         1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
+#         2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to
+#            your SENSOR host to ~/tpotce/data/hive.crt
+#         3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
+#            Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
+#         4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
+#                       "echo -n 'username:password' | base64"
+TPOT_TYPE=HIVE
+
+# T-Pot Hive User (only relevant for SENSOR deployment)
+# <empty>: This is empty by default.
+# <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64"
+#                          i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
+TPOT_HIVE_USER=
+
+# T-Pot Hive IP (only relevant for SENSOR deployment)
+# <empty>: This is empty by default.
+# <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
+TPOT_HIVE_IP=
+
+# T-Pot AttackMap Text Output
+#  ENABLED: This is the default and the docker container map_data will print events to the console.
+#  DISABLED: Printing events to the console is disabled.
+TPOT_ATTACKMAP_TEXT=ENABLED
+
+# T-Pot AttackMap Text Output Timezone
+#  UTC: (T-Pot default) This is usually the best option.
+#  Continent/City: In Linux you can check our timezone with `readlink` /etc/localtime or
+#                  see the full list here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+#  Examples: America/New_York, Asia/Taipei, Australia/Melbourne, Europe/Athens, Europe/Berlin
+TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC
+
+###################################################################################
+# Honeypots / Tools settings
+###################################################################################
+# Some services / tools offer adjustments using ENVs which can be adjusted here.
+###################################################################################
+
+# SentryPeer P2P mode
+# Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
+# In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
+# the bad actors in its logs. Therefore this option is opt-in based.
+# 0: This is the default, P2P mode is disabled.
+# 1: Enable P2P mode.
+SENTRYPEER_PEER_TO_PEER=0
+
+# Suricata ET Pro ruleset
+# OPEN: This is the default and will the ET Open ruleset
+# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
+OINKCODE=OPEN
+
+
+###################################################################################
+# NEVER MAKE CHANGES TO THIS SECTION UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!!! #
+###################################################################################
+
+# T-Pot Landing page provides Cockpit Link
+COCKPIT=false
+
+# docker.sock Path
+TPOT_DOCKER_SOCK=/var/run/docker.sock
+
+# docker compose .env
+TPOT_DOCKER_ENV=./.env
+
+# Docker-Compose file
+TPOT_DOCKER_COMPOSE=./docker-compose.yml
+
+# T-Pot Repo
+# Depending on where you are located you may choose between DockerHub and GHCR
+# dtagdevsec: This will use the DockerHub image registry
+# ghcr.io/telekom-security: This will use the GitHub container registry
+TPOT_REPO=ghcr.io/telekom-security
+
+# T-Pot Version Tag
+TPOT_VERSION=dev
+
+# T-Pot Pull Policy
+#  always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.
+#  never: Compose implementations SHOULD NOT pull the image from a registry and SHOULD rely on the platform cached image.
+#  missing: Compose implementations SHOULD pull the image only if it's not available in the platform cache.
+#  build: Compose implementations SHOULD build the image. Compose implementations SHOULD rebuild the image if already present.
+TPOT_PULL_POLICY=always
+
+# T-Pot Data Path
+TPOT_DATA_PATH=./data
+
+# OSType (linux, mac, win)
+#  Most docker features are available on linux
+TPOT_OSTYPE=linux

.gitignore

@@ -0,0 +1,4 @@
+# Ignore data folder
+data/
+**/.DS_Store
+.idea

CITATION.cff

@@ -2,7 +2,7 @@
 # Visit https://bit.ly/cffinit to generate yours today!
 
 cff-version: 1.2.0
-title: T-Pot
+title: T-Pot DEV
 message: >-
   If you use this software, please cite it using the
   metadata from this file.
@@ -38,6 +38,6 @@ keywords:
   - docker
   - elk
 license: GPL-3.0
-commit: af09aa96b184f873ec83da4e7380762a0a5ce416
+commit: unreleased, under heavy development
-version: 22.04.0
+version: 2x.yy.z
-date-released: '2022-04-12'
+date-released: '202x-yy-zz'

PREVIEW.md

@@ -1,4 +1,4 @@
-# T-Pot - Technical Preview
+# T-Pot - Dev Preview
 
 T-Pot will be turning 10 years next year and this milestone will be celebrated when the time comes, which brings us today to the best time to reflect on how technology advanced, what this means for the project and how we can ensure T-Pot will meet the current and future requirements of the community.
 <br><br>
@@ -6,15 +6,16 @@ T-Pot will be turning 10 years next year and this milestone will be celebrated w
 # TL;DR
 1. [Download](#choose-your-distro) or use a running, supported distribution
 2. Install the ISO with as minimal packages / services as possible (SSH required!)
-3. Clone T-Pot: `$ git clone https://github.com/telekom-security/tpotce`
+3. Install curl: `$ sudo [apt, dnf, zypper] install curl` if not installed already
-4. Locate installer for your distribution: `$ cd tpotce/preview/installer/<distro>`
+4. Run installer as non-root:
-5. Run installer as non-root: `$ ./install.sh`
-   * Follow instructions, read messages, check for possible port conflicts and reboot
-7. [Set](#t-pot-config-file) username and password in config `.env`: `vi preview/.env`
-8. [Start](#start-t-pot) T-Pot for the first time:
 ```
-$ cd tpotce/preview/
+/bin/bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/dev/install.sh)"
-$ docker compose up
+```
+   * Follow instructions, read messages, check for possible port conflicts and reboot
+5. [Start](#start-t-pot) T-Pot as non-root for the first time:
+```
+cd tpotce/preview/
+docker compose up
 ```
 
 
@@ -85,12 +86,20 @@ The known T-Pot hardware (CPU, RAM, SSD) requirements and recommendations still
 Choose a supported distro of your choice. It is recommended to use the minimum / netiso installers linked below and only install a minimalistic set of packages. SSH is mandatory or you will not be able to connect to the machine remotely.
 
 | Distribution Name                              | x64                                                                                                                                   | arm64 
-|:-----------------------------------------------|:-----------------------------------------------------------------------------------------------------------|:--------------
+|:-----------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|:--------------
-| [Debian](https://www.debian.org/index.en.html) | [download](http://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/mini.iso) | [download](http://ftp.debian.org/debian/dists/stable/main/installer-arm64/current/images/netboot/mini.iso)      
+| [AlmaLinux](https://almalinux.org)             | [download](https://mirrors.almalinux.org/isos/x86_64/9.2.html)                                                                        | [download](https://mirrors.almalinux.org/isos/aarch64/9.2.html)
+| [Debian](https://www.debian.org/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.0.0-amd64-netinst.iso)                                 | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.0.0-arm64-netinst.iso)
+| [DietPi](https://dietpi.com/#home)             |                                                                                                                                       | [download](https://dietpi.com/downloads/images/DietPi_RPi-ARMv8-Bookworm.7z)
 | [Fedora](https://fedoraproject.org)            | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/38/Server/x86_64/iso/Fedora-Server-netinst-x86_64-38-1.6.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/38/Server/aarch64/iso/Fedora-Server-netinst-aarch64-38-1.6.iso)
 | [OpenSuse](https://www.opensuse.org)           | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso)                                   | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso)
+| [Rocky Linux](https://rockylinux.org)          | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.2-x86_64-minimal.iso)                                      | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.2-aarch64-minimal.iso)
 | [Ubuntu](https://ubuntu.com)                   | [download](https://releases.ubuntu.com/22.04.2/ubuntu-22.04.2-live-server-amd64.iso)                                                  | [download](https://cdimage.ubuntu.com/releases/22.04/release/ubuntu-22.04.2-live-server-arm64.iso)
 
+## Raspberry Pi 4 (8GB) Support
+| Distribution Name                              | arm64                                                                                                                                               | Notes                                                                                                                                 
+|:-----------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------|:--------------
+| [DietPi](https://dietpi.com/#home)             | [download](https://dietpi.com/downloads/images/DietPi_RPi-ARMv8-Bookworm.7z)                                                                        | In DietPi config you need to choose OpenSSH instead of Dropbear or T-Pot will fail to install
+| [Raspberry Pi OS](https://www.raspberrypi.com) | [download](https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2023-05-03/2023-05-03-raspios-bullseye-arm64-lite.img.xz) | Recommended, everything incl. Wifi works as expected right away (when using Raspberry Pi Imager)
 
 <br><br> 
 

README.md

@@ -901,3 +901,5 @@ And from @robcowart (creator of [ElastiFlow](https://github.com/robcowart/elasti
 ***"#TPot is one of the most well put together turnkey honeypot solutions. It is a must-have for anyone wanting to analyze and understand the behavior of malicious actors and the threat they pose to your organization."***
 <br><br>
 **Thank you!**
+
+![Alt](https://repobeats.axiom.co/api/embed/642a1032ac85996c81b12cf9f6393103058b8a04.svg "Repobeats analytics image")

SECURITY.md

@@ -3,8 +3,8 @@
 ## Supported Versions
 
 | Version | Supported          |
-| -------   | ------------------ |
+|---------| ------------------ |
-| 22.04.x   | :white_check_mark: |
+| 23.12.x | :white_check_mark: |
 
 
 ## Reporting a Vulnerability

_deprecated/install.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+cd iso/installer
+./install.sh "$@"

_deprecated/installer/debian/install.sh

@@ -52,9 +52,15 @@ sudo systemctl enable docker
 sudo systemctl stop docker
 sudo systemctl start docker
 
-# Add user to Docker group
+# Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
-echo "Adding user to Docker group..."
+echo "Creating T-Pot group and user ..."
+addgroup --gid 2000 tpot
+adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
+# Add user to Docker, T-Pot group
+echo "Adding $(whoami) to Docker group..."
 sudo usermod -aG docker $(whoami)
+echo "Adding $(whoami) to T-Pot group..."
+sudo usermod -aG tpot $(whoami)
 
 # Add aliases
 echo "Adding aliases..."

_deprecated/installer/debian/uninstall.sh

@@ -36,9 +36,16 @@ sudo apt-get -y autoremove
 sudo rm -rf /etc/apt/sources.list.d/docker.list
 sudo rm -rf /etc/apt/keyrings/docker.gpg
 
-# Remove user from Docker group
+# Remove user from Docker, T-Pot group
-echo "Removing user from Docker group..."
+echo "Removing $(whoami) from T-Pot group..."
+sudo deluser $(whoami) tpot
+echo "Removing $(whoami) from Docker group..."
 sudo deluser $(whoami) docker
+# Remove T-Pot user and group
+echo "Removing T-Pot user..."
+sudo deluser tpot
+echo "Removing T-Pot group..."
+sudo delgroup tpot
 
 # Remove aliases
 echo "Removing aliases..."

_deprecated/installer/fedora/install.sh

@@ -60,9 +60,15 @@ sudo systemctl start docker
 echo "Installing recommended packages..."
 sudo dnf -y install bash-completion git grc net-tools
 
-# Add user to Docker group
+# Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
-echo "Adding user to Docker group..."
+echo "Creating T-Pot group and user..."
+sudo groupadd -g 2000 tpot
+sudo useradd -r -u 2000 -g 2000 -M -s /sbin/nologin tpot
+# Add user to Docker, T-Pot group
+echo "Adding $(whoami) to Docker group..."
 sudo usermod -aG docker $(whoami)
+echo "Adding $(whoami) to T-Pot group..."
+sudo usermod -aG tpot $(whoami)
 
 # Add aliases
 echo "Adding aliases..."

_deprecated/installer/fedora/uninstall.sh

@@ -55,9 +55,16 @@ sudo dnf -y remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin do
 sudo dnf config-manager --disable docker-ce-stable
 sudo rm /etc/yum.repos.d/docker-ce.repo
 
-# Remove user from Docker group
+# Remove user from Docker, T-Pot group
-echo "Removing user from Docker group..."
+echo "Removing $(whoami) from T-Pot group..."
+sudo gpasswd -d $(whoami) tpot
+echo "Removing $(whoami) from Docker group..."
 sudo gpasswd -d $(whoami) docker
+# Remove T-Pot user and group
+echo "Removing T-Pot user..."
+sudo userdel tpot
+echo "Removing T-Pot group..."
+sudo groupdel tpot
 
 # Remove aliases
 echo "Removing aliases..."

_deprecated/installer/suse/install.sh

@@ -44,9 +44,16 @@ echo "Enabling and starting docker..."
 systemctl enable docker
 systemctl start docker
 
-# Add user to Docker group
+# Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
-echo "Adding user to Docker group..."
+echo "Creating T-Pot group and user ..."
-sudo usermod -aG docker $(whoami)
+sudo groupadd -g 2000 tpot
+sudo useradd -r -u 2000 -g 2000 -s /sbin/nologin tpot
+
+# Add user to Docker, T-Pot group
+echo "Adding $(whoami) to Docker group..."
+sudo usermod -a -G docker $(whoami)
+echo "Adding $(whoami) to T-Pot group..."
+sudo usermod -a -G tpot $(whoami)
 
 # Add aliases
 echo "Adding aliases..."

_deprecated/installer/suse/uninstall.sh

@@ -40,9 +40,16 @@ sudo systemctl disable docker
 sudo zypper -n remove docker docker-compose
 sudo zypper -n install cups postfix
 
-# Remove user from Docker group
+# Remove user from Docker, T-Pot group
-echo "Removing user from Docker group..."
+echo "Removing $(whoami) from T-Pot group..."
+sudo gpasswd -d $(whoami) tpot
+echo "Removing $(whoami) from Docker group..."
 sudo gpasswd -d $(whoami) docker
+# Remove T-Pot user and group
+echo "Removing T-Pot user..."
+sudo userdel tpot
+echo "Removing T-Pot group..."
+sudo groupdel tpot
 
 # Remove aliases
 echo "Removing aliases..."

_deprecated/installer/ubuntu/install.sh

@@ -60,9 +60,15 @@ sudo systemctl enable docker
 sudo systemctl stop docker
 sudo systemctl start docker
 
-# Add user to Docker group
+# Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
-echo "Adding user to Docker group..."
+echo "Creating T-Pot group and user ..."
+addgroup --gid 2000 tpot
+adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
+# Add user to Docker, T-Pot group
+echo "Adding $(whoami) to Docker group..."
 sudo usermod -aG docker $(whoami)
+echo "Adding $(whoami) to T-Pot group..."
+sudo usermod -aG tpot $(whoami)
 
 # Add aliases
 echo "Adding aliases..."

_deprecated/installer/ubuntu/uninstall.sh

@@ -43,9 +43,16 @@ sudo apt-get -y autoremove
 sudo rm -rf /etc/apt/sources.list.d/docker.list
 sudo rm -rf /etc/apt/keyrings/docker.gpg
 
-# Remove user from Docker group
+# Remove user from Docker, T-Pot group
-echo "Removing user from Docker group..."
+echo "Removing $(whoami) from T-Pot group..."
+sudo deluser $(whoami) tpot
+echo "Removing $(whoami) from Docker group..."
 sudo deluser $(whoami) docker
+# Remove T-Pot user and group
+echo "Removing T-Pot user..."
+sudo deluser tpot
+echo "Removing T-Pot group..."
+sudo delgroup tpot
 
 # Remove aliases
 echo "Removing aliases..."