Update screenshot

Merge 24.04 into master and prepare release

.env

@@ -108,7 +108,7 @@ TPOT_DOCKER_COMPOSE=./docker-compose.yml
 TPOT_REPO=dtagdevsec
 
 # T-Pot Version Tag
-TPOT_VERSION=alpha
+TPOT_VERSION=24.04
 
 # T-Pot Pull Policy
 #  always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.

CHANGELOG.md

@@ -1,45 +1,36 @@
 # Release Notes / Changelog
-T-Pot 22.04.0 is probably the most feature rich release ever provided with long awaited (wanted!) features readily available after installation. 
+T-Pot 24.04.0 marks probably the largest change in the history of the project. While most of the changes have been made to the underlying platform some changes will be standing out in particular - a T-Pot ISO image will no longer be provided with the benefit that T-Pot will now run on multiple Linux distributions (Alma Linux, Debian, Fedora, OpenSuse, Raspbian, Rocky Linux, Ubuntu), Raspberry Pi (optimized) and macOS / Windows (limited).
 
 ## New Features
-* **Distributed** Installation with **HIVE** and **HIVE_SENSOR**
-* **ARM64** support for all provided Docker images
-* **GeoIP Attack Map** visualizing Live Attacks on a dedicated webpage
-* **Kibana Live Attack Map** visualizing Live Attacks from different **HIVE_SENSORS**
-* **Blackhole** is a script trying to avoid mass scanner detection 
-* **Elasticvue** a web front end for browsing and interacting with an Elastic Search cluster
-* **Ddospot** a honeypot for tracking and monitoring UDP-based Distributed Denial of Service (DDoS) attacks
-* **Endlessh** is a SSH tarpit that very slowly sends an endless, random SSH banner
-* **HellPot** is an endless honeypot based on Heffalump that sends unruly HTTP bots to hell
-* **qHoneypots** 25 honeypots in a single container for monitoring network traffic, bots activities, and username \ password credentials
-* **Redishoneypot** is a honeypot mimicking some of the Redis' functions
-* **SentryPeer** a dedicated SIP honeypot
-* **Index Lifecycle Management** for Elasticseach indices is now being used
-
-## Upgrades
-* **Debian 11.x** is now being used for the T-Pot ISO images and required for post installs
-* **Elastic Stack 8.x** is now provided as Docker images
+* **Distributed** Installation is now using NGINX reverse proxy instead of SSH to transmit **HIVE_SENSOR** logs to **HIVE**
+* **`deploy.sh`**, will make the deployment of sensor much easier and will automatically take care of the configuration. You only have to install the T-Pot sensor.  
+* **T-Pot Init** is the foundation for running T-Pot on multiple Linux distributions and will also ensure to restart containers with failed healthchecks using **autoheal**
+* **T-Pot Installer** is now mostly Ansible based providing a universal playbook for the most common Linux distributions 
+* **T-Pot Uninstaller** allows to uninstall T-Pot, while not recommended for general usage, this comes in handy for testing purposes
+* **T-Pot Customizer (`compose/customizer.py`)** is here to assist you in the creation of a customized `docker-compose.yml`
+* **T-Pot Landing Page** has been redesigned and simplified
+![T-Pot-WebUI](doc/tpotwebui.png)
+* **Kibana Dashboards, Objects** fully refreshed in favor of Lens based objects
+![Dashbaord](doc/kibana_a.png)
+* **Wordpot** is added as new addition to the available honeypots within T-Pot and will run on `tcp/8080` by default.
+* **Raspberry Pi** is now supported using a dedicated `mobile.yml` (why this is called mobile will be revealed soon!)
+* **GeoIP Attack Map** is now aware of connects / disconnects and thus eliminating required reloads
+* **Docker**, where possible, will now be installed directly from the Docker repositories to avoid any incompatibilities
+* **`.env`** now provides a single configuration file for the T-Pot related settings
+* **`genuser.sh`** can now be used to add new users to the T-Pot Landing Page as part of the T-Pot configuration file (`.env`)
 
 ## Updates
-* **Honeypots** and **tools** were updated to their latest masters and releases
+* **Honeypots** and **tools** were updated to their latest pushed code and / or releases
+* Where possible Docker Images will now use Alpine 3.19
 * Updates will be provided continuously through Docker Images updates 
 
 ## Breaking Changes
-* For security reasons all Py2.x honeypots with the need of PyPi packages have been removed: **HoneyPy**, **HoneySAP** and **RDPY**
-* If you are upgrading from a previous version of T-Pot (20.06.x) you need to import the new Kibana objects or some of the functionality will be broken or will be unavailabe
-* **Cyberchef** is now part of the Nginx Docker image, no longer as individual image
-* **ElasticSearch Head** is superseded by **Elasticvue** and part the Nginx Docker image
-* **Heimdall** is no longer supported and superseded with a new Bento based landing page
-* **Elasticsearch Curator** is no longer supprted and superseded with **Index Lifecycle Policies** available through Kibana.
+* There is no option to migrate a previous installation to T-Pot 24.04.0, you can try to transfer the old `data` folder to the new T-Pot installation, but a working environment depends on too many other factors outside of our control and a new installation is simply faster.
+* Most of the support scripts were moved into the **T-Pot Init** image and are no longer available directly on the host.
+* Cockpit is no longer available as part of T-Pot itself. However, where supported, you can simply install the `cockpit` package.
 
 # Thanks & Credits
-* @ghenry, for some fun late night debugging and of course SentryPeer!
-* @giga-a, for adding much appreciated features (i.e. JSON logging, 
-X-Forwarded-For, etc.) and of course qHoneypots! 
 * @sp3t3rs, @trixam, for their backend and ews support!
-* @tadashi-oya, for spotting some errors and propose fixes!
-* @tmariuss, @shaderecker for their cloud contributions!
-* @vorband, for much appreciated and helpful insights regarding the GeoIP Attack Map!
-* @yunginnanet, on not giving up on squashing a bug and of course Hellpot!
+* @shark4ce for taking the time to test, debug and offer a solution #1472.
 
 ... and many others from the T-Pot community by opening valued issues and discussions, suggesting ideas and thus helping to improve T-Pot!

CITATION.cff

@@ -38,6 +38,6 @@ keywords:
   - docker
   - elk
 license: GPL-3.0
-commit: unreleased, under heavy development
+commit: release
 version: 24.04.0
 date-released: '2024-04-22'

README.md

@@ -12,7 +12,7 @@ T-Pot is the all in one, optionally distributed, multiarch (amd64, arm64) honeyp
 4. Install `curl`: `$ sudo [apt, dnf, zypper] install curl` if not installed already
 5. Run installer as non-root from `$HOME`:
 ```
-env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/alpha/install.sh)"
+env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/install.sh)"
 ```
    * Follow instructions, read messages, check for possible port conflicts and reboot
 
@@ -125,6 +125,7 @@ T-Pot offers docker images for the following honeypots ...
 * [wordpot](https://github.com/gbrindisi/wordpot)
 
 ... alongside the following tools ...
+* [Autoheal](https://github.com/willfarrell/docker-autoheal) a tool to automatically restart containers with failed healthchecks.
 * [Cyberchef](https://gchq.github.io/CyberChef/) a web app for encryption, encoding, compression and data analysis.
 * [Elastic Stack](https://www.elastic.co/videos) to beautifully visualize all the events captured by T-Pot.
 * [Elasticvue](https://github.com/cars10/elasticvue/) a web front end for browsing and interacting with an Elasticsearch cluster.
@@ -326,9 +327,9 @@ Choose a supported distro of your choice. It is recommended to use the minimum /
 Sometimes it is just nice if you can spin up a T-Pot instance on macOS or Windows, i.e. for development, testing or just the fun of it. As Docker Desktop is rather limited not all honeypot types or T-Pot features are supported. Also remember, by default the macOS and Windows firewall are blocking access from remote, so testing is limited to the host. For production it is recommended to run T-Pot on [Linux](#choose-your-distro).<br>
 To get things up and running just follow these steps:
 1. Install Docker Desktop for [macOS](https://docs.docker.com/desktop/install/mac-install/) or [Windows](https://docs.docker.com/desktop/install/windows-install/).
-2. Clone the GitHub repository: `git clone https://github.com/telekom-security/tpotce -b alpha`.
+2. Clone the GitHub repository: `git clone https://github.com/telekom-security/tpotce`
 3. Go to: `cd ~/tpotce`
-4. Copy `cp compose/mac_win.yml ./docker-compose.yml`.
+4. Copy `cp compose/mac_win.yml ./docker-compose.yml`
 5. Create a `WEB_USER` by running `~/tpotce/genuser.sh`
 6. Adjust the `.env` file by changing `TPOT_OSTYPE=linux` to either `mac` or `win`:
    ```
@@ -575,6 +576,9 @@ sudo su -
 docker login
 ```
 
+### **T-Pot Networking Fails**
+T-Pot is designed to only run on machines with a single NIC. T-Pot will try to grab the interface with the default route, however it is not guaranteed that this will always succeed. At best use T-Pot on machines with only a single NIC.
+
 ## Start T-Pot
 The T-Pot service automatically starts and stops on each reboot (which occurs once on a daily basis as setup in `sudo crontab -l` during installation).
 <br>
@@ -705,7 +709,7 @@ The software that T-Pot is built on uses the following licenses.
 <br>GPLv2: [conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](http://suricata-ids.org/about/open-source/)
 <br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE), [ewsposter](https://github.com/telekom-security/ews/), [log4pot](https://github.com/thomaspatzke/Log4Pot/blob/master/LICENSE), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [ipphoney](https://gitlab.com/bontchev/ipphoney/-/blob/master/LICENSE), [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/blob/main/LICENSE), [sentrypeer](https://github.com/SentryPeer/SentryPeer/blob/main/LICENSE.GPL-3.0-only), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
 <br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE)
-<br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [ddospot](https://github.com/aelth/ddospot/blob/master/LICENSE), [elasticvue](https://github.com/cars10/elasticvue/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE), [hellpot](https://github.com/yunginnanet/HellPot/blob/master/LICENSE), [maltrail](https://github.com/stamparm/maltrail/blob/master/LICENSE)
+<br>MIT license: [autoheal](https://github.com/willfarrell/docker-autoheal?tab=MIT-1-ov-file#readme), [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [ddospot](https://github.com/aelth/ddospot/blob/master/LICENSE), [elasticvue](https://github.com/cars10/elasticvue/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE), [hellpot](https://github.com/yunginnanet/HellPot/blob/master/LICENSE), [maltrail](https://github.com/stamparm/maltrail/blob/master/LICENSE)
 <br> Unlicense: [endlessh](https://github.com/skeeto/endlessh/blob/master/UNLICENSE)
 <br> Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/cowrie/cowrie/blob/master/LICENSE.rst), [mailoney](https://github.com/awhitehatter/mailoney), [Elastic License](https://www.elastic.co/licensing/elastic-license), [Wordpot](https://github.com/gbrindisi/wordpot)
 <br> AGPL-3.0: [honeypots](https://github.com/qeeqbox/honeypots/blob/main/LICENSE)

SECURITY.md

@@ -3,8 +3,8 @@
 ## Supported Versions
 
 | Version | Supported          |
-|---------|--------------------|
-| 24.04.x | :white_check_mark: |
+|-------|--------------------|
+| 24.04 | :white_check_mark: |
 
 
 ## Reporting a Vulnerability

docker/adbhoney/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - adbhoney_local
     ports:
      - "5555:5555"
-    image: "dtagdevsec/adbhoney:alpha"
+    image: "dtagdevsec/adbhoney:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/adbhoney/log:/opt/adbhoney/log

docker/builder.sh

@@ -6,7 +6,7 @@
 myPLATFORMS="linux/amd64,linux/arm64"
 myHUBORG_DOCKER="dtagdevsec"
 myHUBORG_GITHUB="ghcr.io/telekom-security"
-myTAG="alpha"
+myTAG="24.04"
 myIMAGESBASE="tpotinit adbhoney ciscoasa citrixhoneypot conpot cowrie ddospot dicompot dionaea elasticpot endlessh ewsposter fatt glutton hellpot heralding honeypots honeytrap ipphoney log4pot mailoney medpot nginx p0f redishoneypot sentrypeer spiderfoot suricata wordpot"
 myIMAGESELK="elasticsearch kibana logstash map"
 myIMAGESTANNER="phpox redis snare tanner"

docker/ciscoasa/docker-compose.yml

@@ -19,7 +19,7 @@ services:
     ports:
      - "5000:5000/udp"
      - "8443:8443"
-    image: "dtagdevsec/ciscoasa:alpha"
+    image: "dtagdevsec/ciscoasa:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/ciscoasa/log:/var/log/ciscoasa

docker/citrixhoneypot/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - citrixhoneypot_local
     ports:
      - "443:443"
-    image: "dtagdevsec/citrixhoneypot:alpha"
+    image: "dtagdevsec/citrixhoneypot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/citrixhoneypot/log:/opt/citrixhoneypot/logs

docker/conpot/docker-compose.yml

@@ -37,7 +37,7 @@ services:
      - "2121:21"
      - "44818:44818"
      - "47808:47808/udp"
-    image: "dtagdevsec/conpot:alpha"
+    image: "dtagdevsec/conpot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot
@@ -61,7 +61,7 @@ services:
     ports:
 #     - "161:161/udp"
      - "2404:2404"
-    image: "dtagdevsec/conpot:alpha"
+    image: "dtagdevsec/conpot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot
@@ -84,7 +84,7 @@ services:
      - conpot_local_guardian_ast
     ports:
      - "10001:10001"
-    image: "dtagdevsec/conpot:alpha"
+    image: "dtagdevsec/conpot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot
@@ -107,7 +107,7 @@ services:
      - conpot_local_ipmi
     ports:
      - "623:623/udp"
-    image: "dtagdevsec/conpot:alpha"
+    image: "dtagdevsec/conpot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot
@@ -131,7 +131,7 @@ services:
     ports:
      - "1025:1025"
      - "50100:50100"
-    image: "dtagdevsec/conpot:alpha"
+    image: "dtagdevsec/conpot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/conpot/log:/var/log/conpot

docker/cowrie/docker-compose.yml

@@ -20,7 +20,7 @@ services:
     ports:
      - "22:22"
      - "23:23"
-    image: "dtagdevsec/cowrie:alpha"
+    image: "dtagdevsec/cowrie:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/cowrie/downloads:/home/cowrie/cowrie/dl

docker/ddospot/docker-compose.yml

@@ -20,7 +20,7 @@ services:
      - "123:123/udp"
 #     - "161:161/udp"
      - "1900:1900/udp"
-    image: "dtagdevsec/ddospot:alpha"
+    image: "dtagdevsec/ddospot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/ddospot/log:/opt/ddospot/ddospot/logs

docker/deprecated/cyberchef/docker-compose.yml

@@ -14,5 +14,5 @@ services:
      - cyberchef_local
     ports:
      - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:alpha"
+    image: "dtagdevsec/cyberchef:24.04"
     read_only: true

docker/deprecated/head/docker-compose.yml

@@ -12,5 +12,5 @@ services:
     #        condition: service_healthy
     ports:
      - "127.0.0.1:64302:9100"
-    image: "dtagdevsec/head:alpha"
+    image: "dtagdevsec/head:24.04"
     read_only: true

docker/deprecated/honeypy/docker-compose.yml

@@ -20,7 +20,7 @@ services:
      - "2324:2324"
      - "4096:4096"
      - "9200:9200"
-    image: "dtagdevsec/honeypy:alpha"
+    image: "dtagdevsec/honeypy:24.04"
     read_only: true
     volumes:
      - /data/honeypy/log:/opt/honeypy/log

docker/deprecated/honeysap/docker-compose.yml

@@ -14,6 +14,6 @@ services:
      - honeysap_local
     ports:
      - "3299:3299"
-    image: "dtagdevsec/honeysap:alpha"
+    image: "dtagdevsec/honeysap:24.04"
     volumes:
      - /data/honeysap/log:/opt/honeysap/log

docker/deprecated/rdpy/docker-compose.yml

@@ -22,7 +22,7 @@ services:
      - rdpy_local
     ports:
      - "3389:3389"
-    image: "dtagdevsec/rdpy:alpha"
+    image: "dtagdevsec/rdpy:24.04"
     read_only: true
     volumes:
      - /data/rdpy/log:/var/log/rdpy

docker/dicompot/docker-compose.yml

@@ -19,7 +19,7 @@ services:
      - dicompot_local
     ports:
      - "11112:11112"
-    image: "dtagdevsec/dicompot:alpha"
+    image: "dtagdevsec/dicompot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/dicompot/log:/var/log/dicompot

docker/dionaea/docker-compose.yml

@@ -33,7 +33,7 @@ services:
 #     - "5060:5060/udp"
 #     - "5061:5061"
      - "27017:27017"
-    image: "dtagdevsec/dionaea:alpha"
+    image: "dtagdevsec/dionaea:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp

docker/docker-compose.yml

@@ -10,133 +10,133 @@ services:
 # Adbhoney service
   adbhoney:
     build: adbhoney/.
-    image: "dtagdevsec/adbhoney:alpha"
+    image: "dtagdevsec/adbhoney:24.04"
 
 # Ciscoasa service
   ciscoasa:
     build: ciscoasa/.
-    image: "dtagdevsec/ciscoasa:alpha"
+    image: "dtagdevsec/ciscoasa:24.04"
 
 # CitrixHoneypot service
   citrixhoneypot:
     build: citrixhoneypot/.
-    image: "dtagdevsec/citrixhoneypot:alpha"
+    image: "dtagdevsec/citrixhoneypot:24.04"
 
 # Conpot IEC104 service
   conpot_IEC104:
     build: conpot/.
-    image: "dtagdevsec/conpot:alpha"
+    image: "dtagdevsec/conpot:24.04"
 
 # Cowrie service
   cowrie:
     build: cowrie/.
-    image: "dtagdevsec/cowrie:alpha"
+    image: "dtagdevsec/cowrie:24.04"
 
 # Ddospot service
   ddospot:
     build: ddospot/.
-    image: "dtagdevsec/ddospot:alpha"
+    image: "dtagdevsec/ddospot:24.04"
 
 # Dicompot service
   dicompot:
     build: dicompot/.
-    image: "dtagdevsec/dicompot:alpha"
+    image: "dtagdevsec/dicompot:24.04"
 
 # Dionaea service
   dionaea:
     build: dionaea/.
-    image: "dtagdevsec/dionaea:alpha"
+    image: "dtagdevsec/dionaea:24.04"
 
 # ElasticPot service
   elasticpot:
     build: elasticpot/.
-    image: "dtagdevsec/elasticpot:alpha"
+    image: "dtagdevsec/elasticpot:24.04"
 
 # Endlessh service
   endlessh:
     build: endlessh/.
-    image: "dtagdevsec/endlessh:alpha"
+    image: "dtagdevsec/endlessh:24.04"
 
 # Glutton service
   glutton:
     build: glutton/.
-    image: "dtagdevsec/glutton:alpha"
+    image: "dtagdevsec/glutton:24.04"
 
 # Hellpot service
   hellpot:
     build: hellpot/.
-    image: "dtagdevsec/hellpot:alpha"
+    image: "dtagdevsec/hellpot:24.04"
 
 # Heralding service
   heralding:
     build: heralding/.
-    image: "dtagdevsec/heralding:alpha"
+    image: "dtagdevsec/heralding:24.04"
 
 # Honeypots service
   honeypots:
     build: honeypots/.
-    image: "dtagdevsec/honeypots:alpha"
+    image: "dtagdevsec/honeypots:24.04"
 
 # Honeytrap service
   honeytrap:
     build: honeytrap/.
-    image: "dtagdevsec/honeytrap:alpha"
+    image: "dtagdevsec/honeytrap:24.04"
 
 # IPPHoney service
   ipphoney:
     build: ipphoney/.
-    image: "dtagdevsec/ipphoney:alpha"
+    image: "dtagdevsec/ipphoney:24.04"
 
 # Log4Pot service
   log4pot:
     build: log4pot/.
-    image: "dtagdevsec/log4pot:alpha"
+    image: "dtagdevsec/log4pot:24.04"
 
 # Mailoney service
   mailoney:
     build: mailoney/.
-    image: "dtagdevsec/mailoney:alpha"
+    image: "dtagdevsec/mailoney:24.04"
 
 # Medpot service
   medpot:
     build: medpot/.
-    image: "dtagdevsec/medpot:alpha"
+    image: "dtagdevsec/medpot:24.04"
 
 # Redishoneypot service
   redishoneypot:
     build: redishoneypot/.
-    image: "dtagdevsec/redishoneypot:alpha"
+    image: "dtagdevsec/redishoneypot:24.04"
 
 # Sentrypeer service
   sentrypeer:
     build: sentrypeer/.
-    image: "dtagdevsec/sentrypeer:alpha"
+    image: "dtagdevsec/sentrypeer:24.04"
 
 #### Snare / Tanner
 ## Tanner Redis Service
   tanner_redis:
     build: tanner/redis/.
-    image: "dtagdevsec/redis:alpha"
+    image: "dtagdevsec/redis:24.04"
 
 ## PHP Sandbox service
   tanner_phpox:
     build: tanner/phpox/.
-    image: "dtagdevsec/phpox:alpha"
+    image: "dtagdevsec/phpox:24.04"
 
 ## Tanner API Service
   tanner_api:
     build: tanner/tanner/.
-    image: "dtagdevsec/tanner:alpha"
+    image: "dtagdevsec/tanner:24.04"
 
 ## Snare Service
   snare:
     build: tanner/snare/.
-    image: "dtagdevsec/snare:alpha"
+    image: "dtagdevsec/snare:24.04"
     
 ## Wordpot Service
   wordpot:
     build: wordpot/.
-    image: "dtagdevsec/wordpot:alpha"
+    image: "dtagdevsec/wordpot:24.04"
 
 
 ##################
@@ -146,17 +146,17 @@ services:
 # Fatt service
   fatt:
     build: fatt/.
-    image: "dtagdevsec/fatt:alpha"
+    image: "dtagdevsec/fatt:24.04"
 
 # P0f service
   p0f:
     build: p0f/.
-    image: "dtagdevsec/p0f:alpha"
+    image: "dtagdevsec/p0f:24.04"
 
 # Suricata service
   suricata:
     build: suricata/.
-    image: "dtagdevsec/suricata:alpha"
+    image: "dtagdevsec/suricata:24.04"
 
 
 ##################
@@ -167,34 +167,34 @@ services:
 ## Elasticsearch service
   elasticsearch:
     build: elk/elasticsearch/.
-    image: "dtagdevsec/elasticsearch:alpha"
+    image: "dtagdevsec/elasticsearch:24.04"
 
 ## Kibana service
   kibana:
     build: elk/kibana/.
-    image: "dtagdevsec/kibana:alpha"
+    image: "dtagdevsec/kibana:24.04"
 
 ## Logstash service
   logstash:
     build: elk/logstash/.
-    image: "dtagdevsec/logstash:alpha"
+    image: "dtagdevsec/logstash:24.04"
 
 # Ewsposter service
   ewsposter:
     build: ewsposter/.
-    image: "dtagdevsec/ewsposter:alpha"
+    image: "dtagdevsec/ewsposter:24.04"
 
 # Nginx service
   nginx:
     build: nginx/.
-    image: "dtagdevsec/nginx:alpha"
+    image: "dtagdevsec/nginx:24.04"
 
 # Spiderfoot service
   spiderfoot:
     build: spiderfoot/.
-    image: "dtagdevsec/spiderfoot:alpha"
+    image: "dtagdevsec/spiderfoot:24.04"
 
 # Map Web Service
   map_web:
     build: elk/map/.
-    image: "dtagdevsec/map:alpha"
+    image: "dtagdevsec/map:24.04"

docker/elasticpot/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - elasticpot_local
     ports:
      - "9200:9200"
-    image: "dtagdevsec/elasticpot:alpha"
+    image: "dtagdevsec/elasticpot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/elasticpot/log:/opt/elasticpot/log

docker/elk/docker-compose.yml

@@ -24,7 +24,7 @@ services:
     mem_limit: 4g
     ports:
      - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:alpha"
+    image: "dtagdevsec/elasticsearch:24.04"
     volumes:
      - $HOME/tpotce/data:/data
 
@@ -40,7 +40,7 @@ services:
     mem_limit: 1g
     ports:
      - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:alpha"
+    image: "dtagdevsec/kibana:24.04"
 
 ## Logstash service
   logstash:
@@ -52,7 +52,7 @@ services:
     depends_on:
       elasticsearch:
         condition: service_healthy
-    image: "dtagdevsec/logstash:alpha"
+    image: "dtagdevsec/logstash:24.04"
     volumes:
      - $HOME/tpotce/data:/data
 #     - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf
@@ -65,7 +65,7 @@ services:
     tty: true
     ports:
       - "127.0.0.1:6379:6379"
-    image: "dtagdevsec/redis:alpha"
+    image: "dtagdevsec/redis:24.04"
     read_only: true
 
 # Map Web Service
@@ -79,7 +79,7 @@ services:
     tty: true
     ports:
      - "127.0.0.1:64299:64299"
-    image: "dtagdevsec/map:alpha"
+    image: "dtagdevsec/map:24.04"
     depends_on:
      - map_redis
 
@@ -91,6 +91,6 @@ services:
      - MAP_COMMAND=DataServer_v2.py
     stop_signal: SIGKILL
     tty: true
-    image: "dtagdevsec/map:alpha"
+    image: "dtagdevsec/map:24.04"
     depends_on:
      - map_redis

docker/elk/elasticsearch/docker-compose.yml

@@ -24,6 +24,6 @@ services:
     mem_limit: 2g
     ports:
      - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:alpha"
+    image: "dtagdevsec/elasticsearch:24.04"
     volumes:
      - $HOME/tpotce/data:/data

docker/elk/kibana/docker-compose.yml

@@ -12,4 +12,4 @@ services:
 #        condition: service_healthy
     ports:
      - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:alpha"
+    image: "dtagdevsec/kibana:24.04"

docker/elk/logstash/docker-compose.yml

@@ -14,7 +14,7 @@ services:
 #        condition: service_healthy
     ports:
      - "127.0.0.1:64305:64305"
-    image: "dtagdevsec/logstash:alpha"
+    image: "dtagdevsec/logstash:24.04"
     volumes:
      - $HOME/tpotce/data:/data
 #     - /$HOME/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf

docker/elk/map/docker-compose.yml

@@ -11,7 +11,7 @@ services:
     restart: always
     stop_signal: SIGKILL
     tty: true
-    image: "dtagdevsec/redis:alpha"
+    image: "dtagdevsec/redis:24.04"
     read_only: true
 
 # Map Web Service
@@ -25,7 +25,7 @@ services:
     tty: true
     ports:
      - "127.0.0.1:64299:64299"
-    image: "dtagdevsec/map:alpha"
+    image: "dtagdevsec/map:24.04"
     depends_on:
      - map_redis
 
@@ -39,6 +39,6 @@ services:
 #     - TZ=${TPOT_ATTACKMAP_TEXT_TIMEZONE}
     stop_signal: SIGKILL
     tty: true
-    image: "dtagdevsec/map:alpha"
+    image: "dtagdevsec/map:24.04"
     depends_on:
      - map_redis

docker/endlessh/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - endlessh_local
     ports:
      - "22:2222"
-    image: "dtagdevsec/endlessh:alpha"
+    image: "dtagdevsec/endlessh:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/endlessh/log:/var/log/endlessh

docker/ewsposter/docker-compose.yml

@@ -23,7 +23,7 @@ services:
      - EWS_HPFEEDS_SECRET=secret
      - EWS_HPFEEDS_TLSCERT=false
      - EWS_HPFEEDS_FORMAT=json
-    image: "dtagdevsec/ewsposter:alpha"
+    image: "dtagdevsec/ewsposter:24.04"
     volumes:
      - $HOME/tpotce/data:/data
      - $HOME/tpotce/data/ews/conf/ews.ip:/opt/ewsposter/ews.ip

docker/fatt/docker-compose.yml

@@ -14,6 +14,6 @@ services:
      - NET_ADMIN
      - SYS_NICE
      - NET_RAW
-    image: "dtagdevsec/fatt:alpha"
+    image: "dtagdevsec/fatt:24.04"
     volumes:
      - $HOME/tpotce/data/fatt/log:/opt/fatt/log

docker/glutton/docker-compose.yml

@@ -15,7 +15,7 @@ services:
     network_mode: "host"
     cap_add:
      - NET_ADMIN
-    image: "dtagdevsec/glutton:alpha"
+    image: "dtagdevsec/glutton:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/glutton/log:/var/log/glutton

docker/hellpot/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - hellpot_local
     ports:
      - "80:8080"
-    image: "dtagdevsec/hellpot:alpha"
+    image: "dtagdevsec/hellpot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/hellpot/log:/var/log/hellpot

docker/heralding/docker-compose.yml

@@ -33,7 +33,7 @@ services:
      - "3389:3389"
      - "5432:5432"
      - "5900:5900"
-    image: "dtagdevsec/heralding:alpha"
+    image: "dtagdevsec/heralding:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/heralding/log:/var/log/heralding

docker/honeypots/docker-compose.yml

@@ -48,7 +48,7 @@ services:
      - "9100:9100"
      - "9200:9200"
      - "11211:11211"
-    image: "dtagdevsec/honeypots:alpha"
+    image: "dtagdevsec/honeypots:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/honeypots/log:/var/log/honeypots

docker/honeytrap/docker-compose.yml

@@ -14,7 +14,7 @@ services:
     network_mode: "host"
     cap_add:
      - NET_ADMIN
-    image: "dtagdevsec/honeytrap:alpha"
+    image: "dtagdevsec/honeytrap:24.04"
     read_only: true
     volumes:
      - /data/honeytrap/attacks:/opt/honeytrap/var/attacks

docker/ipphoney/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - ipphoney_local
     ports:
      - "631:631"
-    image: "dtagdevsec/ipphoney:alpha"
+    image: "dtagdevsec/ipphoney:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/ipphoney/log:/opt/ipphoney/log

docker/log4pot/docker-compose.yml

@@ -22,7 +22,7 @@ services:
      - "8080:8080"
      - "9200:8080"
      - "25565:8080"
-    image: "dtagdevsec/log4pot:alpha"
+    image: "dtagdevsec/log4pot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/log4pot/log:/var/log/log4pot/log

docker/mailoney/docker-compose.yml

@@ -23,7 +23,7 @@ services:
     ports:
      - "25:25"
      - "587:25"
-    image: "dtagdevsec/mailoney:alpha"
+    image: "dtagdevsec/mailoney:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/mailoney/log:/opt/mailoney/logs

docker/medpot/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - medpot_local
     ports:
      - "2575:2575"
-    image: "dtagdevsec/medpot:alpha"
+    image: "dtagdevsec/medpot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/medpot/log/:/var/log/medpot

docker/nginx/docker-compose.yml

@@ -22,7 +22,7 @@ services:
       #    ports:
       #     - "64297:64297"
       #     - "127.0.0.1:64304:64304"
-    image: "dtagdevsec/nginx:alpha"
+    image: "dtagdevsec/nginx:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/nginx/cert/:/etc/nginx/cert/:ro

docker/p0f/docker-compose.yml

@@ -10,7 +10,7 @@ services:
 #    cpu_count: 1
 #    cpus: 0.75
     network_mode: "host"
-    image: "dtagdevsec/p0f:alpha"
+    image: "dtagdevsec/p0f:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/p0f/log:/var/log/p0f

docker/redishoneypot/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - redishoneypot_local
     ports:
      - "6379:6379"    
-    image: "dtagdevsec/redishoneypot:alpha"
+    image: "dtagdevsec/redishoneypot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/redishoneypot/log:/var/log/redishoneypot

docker/sentrypeer/docker-compose.yml

@@ -24,7 +24,7 @@ services:
      - "5060:5060/udp"
      - "5060:5060/tcp"
 #     - "127.0.0.1:8082:8082"
-    image: "dtagdevsec/sentrypeer:alpha"
+    image: "dtagdevsec/sentrypeer:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/sentrypeer/log:/var/log/sentrypeer

docker/spiderfoot/docker-compose.yml

@@ -16,6 +16,6 @@ services:
      - spiderfoot_local
     ports:
      - "127.0.0.1:64303:8080"
-    image: "dtagdevsec/spiderfoot:alpha"
+    image: "dtagdevsec/spiderfoot:24.04"
     volumes:
      - $HOME/tpotce/data/spiderfoot:/home/spiderfoot/.spiderfoot

docker/suricata/docker-compose.yml

@@ -17,6 +17,6 @@ services:
      - NET_ADMIN
      - SYS_NICE
      - NET_RAW
-    image: "dtagdevsec/suricata:alpha"
+    image: "dtagdevsec/suricata:24.04"
     volumes:
      - $HOME/tpotce/data/suricata/log:/var/log/suricata

docker/tanner/docker-compose.yml

@@ -16,7 +16,7 @@ services:
 #    cpus: 0.25
     networks:
      - tanner_local
-    image: "dtagdevsec/redis:alpha"
+    image: "dtagdevsec/redis:24.04"
     read_only: true
 
 # PHP Sandbox service
@@ -32,7 +32,7 @@ services:
 #    cpus: 0.25
     networks:
      - tanner_local
-    image: "dtagdevsec/phpox:alpha"
+    image: "dtagdevsec/phpox:24.04"
     read_only: true
 
 # Tanner API Service
@@ -48,7 +48,7 @@ services:
 #    cpus: 0.25
     networks:
      - tanner_local
-    image: "dtagdevsec/tanner:alpha"
+    image: "dtagdevsec/tanner:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/tanner/log:/var/log/tanner
@@ -69,7 +69,7 @@ services:
 #     - tanner_local
 #    ports:
 #     - "127.0.0.1:8091:8091"
-#    image: "dtagdevsec/tanner:alpha"
+#    image: "dtagdevsec/tanner:24.04"
 #    command: tannerweb
 #    read_only: true
 #    volumes:
@@ -90,7 +90,7 @@ services:
 #    cpus: 0.25
     networks:
      - tanner_local
-    image: "dtagdevsec/tanner:alpha"
+    image: "dtagdevsec/tanner:24.04"
     command: tanner
     read_only: true
     volumes:
@@ -114,6 +114,6 @@ services:
      - tanner_local
     ports:
      - "80:80"
-    image: "dtagdevsec/snare:alpha"
+    image: "dtagdevsec/snare:24.04"
     depends_on:
      - tanner

docker/tpotinit/docker-compose.yml

@@ -10,7 +10,7 @@ services:
       - $HOME/tpotce/.env
     restart: "no"
     stop_grace_period: 60s
-    image: "dtagdevsec/tpotinit:alpha"
+    image: "dtagdevsec/tpotinit:24.04"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - $HOME/tpotce/data:/data

docker/wordpot/docker-compose.yml

@@ -16,7 +16,7 @@ services:
      - wordpot_local
     ports:
      - "80:80"
-    image: "dtagdevsec/wordpot:alpha"
+    image: "dtagdevsec/wordpot:24.04"
     read_only: true
     volumes:
      - $HOME/tpotce/data/wordpot/log:/opt/wordpot/logs/

env.example

@@ -108,7 +108,7 @@ TPOT_DOCKER_COMPOSE=./docker-compose.yml
 TPOT_REPO=dtagdevsec
 
 # T-Pot Version Tag
-TPOT_VERSION=alpha
+TPOT_VERSION=24.04
 
 # T-Pot Pull Policy
 #  always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.

genuser.sh

@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-docker run -v $HOME/tpotce:/data --entrypoint bash -it -u $(id -u):$(id -g) dtagdevsec/tpotinit:alpha "/opt/tpot/bin/genuser.sh"
+docker run -v $HOME/tpotce:/data --entrypoint bash -it -u $(id -u):$(id -g) dtagdevsec/tpotinit:24.04 "/opt/tpot/bin/genuser.sh"

install.sh

@@ -119,7 +119,7 @@ fi
 if [ ! -f installer/install/tpot.yml ] && [ ! -f tpot.yml ];
   then
     echo "### Now downloading T-Pot Ansible Installation Playbook ... "
-    wget -qO tpot.yml https://github.com/telekom-security/tpotce/raw/alpha/installer/install/tpot.yml
+    wget -qO tpot.yml https://github.com/telekom-security/tpotce/raw/master/installer/install/tpot.yml
     myANSIBLE_TPOT_PLAYBOOK="tpot.yml"
     echo
   else

installer/install/tpot.yml

@@ -694,7 +694,7 @@
       git:
         repo: 'https://github.com/telekom-security/tpotce'
         dest: '/home/{{ ansible_user_id }}/tpotce/'
-        version: alpha
+        version: master
         clone: yes
         update: no
       when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]

update.sh

@@ -61,7 +61,7 @@ function fuSELFUPDATE () {
 	    return
 	fi
 	### DEV
-	myRESULT=$(git diff --name-only origin/alpha | grep "^update.sh")
+	myRESULT=$(git diff --name-only origin/master | grep "^update.sh")
 	if [ "$myRESULT" == "update.sh" ];
 	  then
 	    echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE"