Update screenshot

Merge 24.04 into master and prepare release
2025-07-02 01:27:27 -04:00 · 2024-04-22 17:23:50 +02:00 · 2024-04-22 17:10:17 +02:00 · 2024-04-22 17:08:22 +02:00 · 2024-04-19 18:20:39 +02:00 · 2024-03-24 19:22:37 +01:00
365 changed files with 121945 additions and 28255 deletions
--- a/.env
+++ b/.env
@ -4,49 +4,64 @@
 # T-Pot Base Settings - Adjust to your needs. #
 ###############################################
-# Set Web username and password here, it will be used to create the Nginx password file nginxpasswd.
+# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
-#  Use 'htpasswd -n <username>' to create the WEB_USER if you want to manually deploy T-Pot
+#  <empty>: This is the default
-#  Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
+#  <base64 encoded htpasswd usernames / passwords>:
-#  Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
+#   Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot, run 'install.sh' to automatically add a user during installation, or 'genuser.sh' if you just want to add a web user.
-WEB_USER='change:me'
+#   Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
 #   Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
 #   Multiple users are possible:
 #   WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= dHNlYzokYXByMSR6VUFHVWdmOCRROXI3a09CTjFjY3lCeU1DTloyanEvCgo=
 WEB_USER=
 # Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd.
 # The Lostsash Web usernames are used for T-Pot log ingestion via Logstash, each sensor should have its own user.
 #  <empty>: This is empty by default.
 #  <'htpasswd encoded usernames / passwords'>:
 #   Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the LS_WEB_USER if you want to manually deploy the sensor.
 #   Example: 'htpasswd -n -b "sensor" "sensor" | base64 -w0' will print c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
 #   Copy the string and replace / add LS_WEB_USER=c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
 #   Multiple users are possible:
 #   LS_WEB_USER=c2Vuc29yMTokYXByMSQ5aXhNRk5yMCR6d3F2dGFwQ2x0cFBhU1pqMm9ZemYxCgo= c2Vuc29yMjokYXByMSRtYTlOS1J2NCQvU3dsVVBMeW5RaVIyM3pyWVAzOUkwCgo=
 LS_WEB_USER=
 # T-Pot Blackhole
-#  ENABLED: T-Pot will download a db of known mass scanners and nullroute them
+#  ENABLED: T-Pot will download a db of known mass scanners and nullroute them.
 #           Be aware, this will put T-Pot off the map for stealth reasons and
-#           you will get less traffic. Routes will active until reboot and will
+#           you will get less traffic. Routes will be active until next reboot
-#           be re-added with every T-Pot start until disabled.
+#           and will be re-added with every T-Pot start until disabled.
 #  DISABLED: This is the default and no stealth efforts are in place.
 TPOT_BLACKHOLE=DISABLED
 # T-Pot Persistence
-# on: This is the default. T-Pot will keep the honeypot logfiles and rotate
+#  on: This is the default. T-Pot will keep the honeypot logfiles and rotate
-#     with logrotate for 30 days.
+#      with logrotate for 30 days.
-# off: This is recommended for Raspberry Pi or setups with weaker CPUs or
+#  off: This is recommended for Raspberry Pi or setups with weaker CPUs or
-#      if you just do not need any of the logfiles.
+#       if you just do not need any of the logfiles.
 TPOT_PERSISTENCE=on
 # T-Pot Type
-# HIVE: This is the default and offers everything to connect T-Pot sensors.
+#  HIVE: This is the default and offers everything to connect T-Pot sensors.
-# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
+#  SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
-#         settings as well.
+#          settings as well.
-#         1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
+#          1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
-#         2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to
+#          2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to
-#            your SENSOR host to ~/tpotce/data/hive.crt
+#             your SENSOR host to ~/tpotce/data/hive.crt
-#         3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
+#          3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
-#            Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
+#             Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
-#         4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
+#          4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
-#                       "echo -n 'username:password' | base64"
+#                        "echo -n 'username:password' | base64 -w0"
 TPOT_TYPE=HIVE
 # T-Pot Hive User (only relevant for SENSOR deployment)
-# <empty>: This is empty by default.
+#  <empty>: This is empty by default.
-# <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64"
+#  <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64 -w0"
-#                          i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
+#                           i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
 TPOT_HIVE_USER=
 # T-Pot Hive IP (only relevant for SENSOR deployment)
-# <empty>: This is empty by default.
+#  <empty>: This is empty by default.
-# <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
+#  <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
 TPOT_HIVE_IP=
 # T-Pot AttackMap Text Output
@ -67,17 +82,9 @@ TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC
 # Some services / tools offer adjustments using ENVs which can be adjusted here.
 ###################################################################################
 # SentryPeer P2P mode
 # Exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
 # In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
 # the bad actors in its logs. Therefore this option is opt-in based.
 # 0: This is the default, P2P mode is disabled.
 # 1: Enable P2P mode.
 SENTRYPEER_PEER_TO_PEER=0
 # Suricata ET Pro ruleset
-# OPEN: This is the default and will the ET Open ruleset
+#  OPEN: This is the default and will the ET Open ruleset
-# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
+#  OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
 OINKCODE=OPEN
@ -85,9 +92,6 @@ OINKCODE=OPEN
 # NEVER MAKE CHANGES TO THIS SECTION UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!!! #
 ###################################################################################
 # T-Pot Landing page provides Cockpit Link
 COCKPIT=false
 # docker.sock Path
 TPOT_DOCKER_SOCK=/var/run/docker.sock
@ -97,14 +101,14 @@ TPOT_DOCKER_ENV=./.env
 # Docker-Compose file
 TPOT_DOCKER_COMPOSE=./docker-compose.yml
-# T-Pot Repo
+# T-Pot Docker Repo
-# Depending on where you are located you may choose between DockerHub and GHCR
+#  Depending on where you are located you may choose between DockerHub and GHCR
-# dtagdevsec: This will use the DockerHub image registry
+#  dtagdevsec: This will use the DockerHub image registry
-# ghcr.io/telekom-security: This will use the GitHub container registry
+#  ghcr.io/telekom-security: This will use the GitHub container registry
-TPOT_REPO=ghcr.io/telekom-security
+TPOT_REPO=dtagdevsec
 # T-Pot Version Tag
-TPOT_VERSION=dev
+TPOT_VERSION=24.04
 # T-Pot Pull Policy
 #  always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.
--- a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md
+++ b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md
@ -1,37 +1,42 @@
 ---
-name: Bug report for T-Pot
+name: Bug report for T-Pot 24.04.x
-about: Bug report for T-Pot
+about: Bug report for T-Pot 24.04.x
 title: ''
 labels: ''
 assignees: ''
 ---
-Before you post your issue make sure it has not been answered yet and provide `basic support information` if you come to the conclusion it is a new issue.
+# Successfully raise an issue
 Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
 - 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
- 🧐 Check our [WIKI](https://github.com/dtag-dev-sec/tpotce/wiki)
+- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions)
- 📚 Consult the documentation of 💻 [Debian](https://www.debian.org/doc/), 🐳 [Docker](https://docs.docker.com/), the 🦌 [ELK stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
+- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
- **⚠️ Provide [basic support information](#info) or similiar information with regard to your issue or we can not help you and will close the issue without further notice**
+- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
-<br>
+# ⚠️ Basic support information (commands are expected to run as `root`)
 <br>
 <br>
-<a name="info"></a>
+**We happily take the time to improve T-Pot and take care of things, but we need you to take the time to create an issue that provides us with all the information we need.** 
 ## ⚠️ Basic support information (commands are expected to run as `root`)
- What version of the OS are you currently using `lsb_release -a` and `uname -a`?
+- What OS are you T-Pot running on?
- What T-Pot version are you currently using?
+- What is the version of the OS `lsb_release -a` and `uname -a`?
- What edition (Standard, Nextgen, etc.) of T-Pot are you running?
+- What T-Pot version are you currently using (only **T-Pot 24.04.x** is currently supported)?
 - What architecture are you running on (i.e. hardware, cloud, VM, etc.)?
- Did you have any problems during the install? If yes, please attach `/install.log` `/install.err`.
+- Review the `~/install_tpot.log`, attach the log and highlight the errors.
 - How long has your installation been running?
  - If it is a fresh install consult the documentation first.
  - Most likely it is a port conflict or a remote dependency was unavailable.
  - Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described [here](#how-to-raise-an-issue).  
 - Did you install upgrades, packages or use the update script?
 - Did you modify any scripts or configs? If yes, please attach the changes.
- Please provide a screenshot of `glances` and `htop`.
+- Please provide a screenshot of `htop` and `docker stats`.
 - How much free disk space is available (`df -h`)?
 - What is the current container status (`dps.sh`)?
- What is the status of the T-Pot service (`systemctl status tpot`)?
+- On Linux: What is the status of the T-Pot service (`systemctl status tpot`)?
- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `netstat -tulpen`
+- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `grc netstat -tulpen`
  - Stop T-Pot `systemctl stop tpot`
  - Run `grc netstat -tulpen`
  - Run T-Pot manually with `docker compose -f ~/tpotce/docker-compose.yml up` and check for errors
  - Stop execution with `CTRL-C` and `docker compose -f ~/tpotce/docker-compose.yml down -v`
 - If a single container shows as `DOWN` you can run `docker logs <container-name>` for the latest log entries
--- a/.github/ISSUE_TEMPLATE/feature-request-for-t-pot.md
+++ b/.github/ISSUE_TEMPLATE/feature-request-for-t-pot.md
@ -1,6 +1,6 @@
 ---
-name: Feature request for T-Pot
+name: Feature request for T-Pot 24.04.x
-about: Suggest an idea for T-Pot
+about: Suggest an idea for T-Pot 24.04.x
 title: ''
 labels: ''
 assignees: ''
--- a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md
+++ b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md
@ -1,39 +1,42 @@
 ---
-name: General issue for T-Pot
+name: General issue for T-Pot 24.04.x
-about: General issue for T-Pot
+about: General issue for T-Pot 24.04.x
 title: ''
 labels: ''
 assignees: ''
 ---
-🗨️ Please post your questions in [Discussions](https://github.com/telekom-security/tpotce/discussions) and keep the issues for **issues**. Thank you 😁.<br>
+# Successfully raise an issue
-
+Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
 Before you post your issue make sure it has not been answered yet and provide `basic support information` if you come to the conclusion it is a new issue.
 - 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
- 🧐 Check our [WIKI](https://github.com/dtag-dev-sec/tpotce/wiki)
+- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions)
- 📚 Consult the documentation of 💻 [Debian](https://www.debian.org/doc/), 🐳 [Docker](https://docs.docker.com/), the 🦌 [ELK stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
+- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
- **⚠️ Provide [basic support information](#info) or similiar information with regard to your issue or we can not help you and will close the issue without further notice**
+- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
-<br>
+# ⚠️ Basic support information (commands are expected to run as `root`)
 <br>
 <br>
-<a name="info"></a>
+**We happily take the time to improve T-Pot and take care of things, but we need you to take the time to create an issue that provides us with all the information we need.** 
 ## ⚠️ Basic support information (commands are expected to run as `root`)
- What version of the OS are you currently using `lsb_release -a` and `uname -a`?
+- What OS are you T-Pot running on?
- What T-Pot version are you currently using?
+- What is the version of the OS `lsb_release -a` and `uname -a`?
- What edition (Standard, Nextgen, etc.) of T-Pot are you running?
+- What T-Pot version are you currently using (only **T-Pot 24.04.x** is currently supported)?
 - What architecture are you running on (i.e. hardware, cloud, VM, etc.)?
- Did you have any problems during the install? If yes, please attach `/install.log` `/install.err`.
+- Review the `~/install_tpot.log`, attach the log and highlight the errors.
 - How long has your installation been running?
  - If it is a fresh install consult the documentation first.
  - Most likely it is a port conflict or a remote dependency was unavailable.
  - Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described [here](#how-to-raise-an-issue).  
 - Did you install upgrades, packages or use the update script?
 - Did you modify any scripts or configs? If yes, please attach the changes.
- Please provide a screenshot of `glances` and `htop`.
+- Please provide a screenshot of `htop` and `docker stats`.
 - How much free disk space is available (`df -h`)?
 - What is the current container status (`dps.sh`)?
- What is the status of the T-Pot service (`systemctl status tpot`)?
+- On Linux: What is the status of the T-Pot service (`systemctl status tpot`)?
- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `netstat -tulpen`
+- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `grc netstat -tulpen`
  - Stop T-Pot `systemctl stop tpot`
  - Run `grc netstat -tulpen`
  - Run T-Pot manually with `docker compose -f ~/tpotce/docker-compose.yml up` and check for errors
  - Stop execution with `CTRL-C` and `docker compose -f ~/tpotce/docker-compose.yml down -v`
 - If a single container shows as `DOWN` you can run `docker logs <container-name>` for the latest log entries
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 data/
 **/.DS_Store
 .idea
 install_tpot.log
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,45 +1,36 @@
 # Release Notes / Changelog
-T-Pot 22.04.0 is probably the most feature rich release ever provided with long awaited (wanted!) features readily available after installation. 
+T-Pot 24.04.0 marks probably the largest change in the history of the project. While most of the changes have been made to the underlying platform some changes will be standing out in particular - a T-Pot ISO image will no longer be provided with the benefit that T-Pot will now run on multiple Linux distributions (Alma Linux, Debian, Fedora, OpenSuse, Raspbian, Rocky Linux, Ubuntu), Raspberry Pi (optimized) and macOS / Windows (limited).
 ## New Features
-* **Distributed** Installation with **HIVE** and **HIVE_SENSOR**
+* **Distributed** Installation is now using NGINX reverse proxy instead of SSH to transmit **HIVE_SENSOR** logs to **HIVE**
-* **ARM64** support for all provided Docker images
+* **`deploy.sh`**, will make the deployment of sensor much easier and will automatically take care of the configuration. You only have to install the T-Pot sensor.  
-* **GeoIP Attack Map** visualizing Live Attacks on a dedicated webpage
+* **T-Pot Init** is the foundation for running T-Pot on multiple Linux distributions and will also ensure to restart containers with failed healthchecks using **autoheal**
-* **Kibana Live Attack Map** visualizing Live Attacks from different **HIVE_SENSORS**
+* **T-Pot Installer** is now mostly Ansible based providing a universal playbook for the most common Linux distributions 
-* **Blackhole** is a script trying to avoid mass scanner detection 
+* **T-Pot Uninstaller** allows to uninstall T-Pot, while not recommended for general usage, this comes in handy for testing purposes
-* **Elasticvue** a web front end for browsing and interacting with an Elastic Search cluster
+* **T-Pot Customizer (`compose/customizer.py`)** is here to assist you in the creation of a customized `docker-compose.yml`
-* **Ddospot** a honeypot for tracking and monitoring UDP-based Distributed Denial of Service (DDoS) attacks
+* **T-Pot Landing Page** has been redesigned and simplified
-* **Endlessh** is a SSH tarpit that very slowly sends an endless, random SSH banner
+![T-Pot-WebUI](doc/tpotwebui.png)
-* **HellPot** is an endless honeypot based on Heffalump that sends unruly HTTP bots to hell
+* **Kibana Dashboards, Objects** fully refreshed in favor of Lens based objects
-* **qHoneypots** 25 honeypots in a single container for monitoring network traffic, bots activities, and username \ password credentials
+![Dashbaord](doc/kibana_a.png)
-* **Redishoneypot** is a honeypot mimicking some of the Redis' functions
+* **Wordpot** is added as new addition to the available honeypots within T-Pot and will run on `tcp/8080` by default.
-* **SentryPeer** a dedicated SIP honeypot
+* **Raspberry Pi** is now supported using a dedicated `mobile.yml` (why this is called mobile will be revealed soon!)
-* **Index Lifecycle Management** for Elasticseach indices is now being used
+* **GeoIP Attack Map** is now aware of connects / disconnects and thus eliminating required reloads
-
+* **Docker**, where possible, will now be installed directly from the Docker repositories to avoid any incompatibilities
-## Upgrades
+* **`.env`** now provides a single configuration file for the T-Pot related settings
-* **Debian 11.x** is now being used for the T-Pot ISO images and required for post installs
+* **`genuser.sh`** can now be used to add new users to the T-Pot Landing Page as part of the T-Pot configuration file (`.env`)
 * **Elastic Stack 8.x** is now provided as Docker images
 ## Updates
-* **Honeypots** and **tools** were updated to their latest masters and releases
+* **Honeypots** and **tools** were updated to their latest pushed code and / or releases
 * Where possible Docker Images will now use Alpine 3.19
 * Updates will be provided continuously through Docker Images updates 
 ## Breaking Changes
-* For security reasons all Py2.x honeypots with the need of PyPi packages have been removed: **HoneyPy**, **HoneySAP** and **RDPY**
+* There is no option to migrate a previous installation to T-Pot 24.04.0, you can try to transfer the old `data` folder to the new T-Pot installation, but a working environment depends on too many other factors outside of our control and a new installation is simply faster.
-* If you are upgrading from a previous version of T-Pot (20.06.x) you need to import the new Kibana objects or some of the functionality will be broken or will be unavailabe
+* Most of the support scripts were moved into the **T-Pot Init** image and are no longer available directly on the host.
-* **Cyberchef** is now part of the Nginx Docker image, no longer as individual image
+* Cockpit is no longer available as part of T-Pot itself. However, where supported, you can simply install the `cockpit` package.
 * **ElasticSearch Head** is superseded by **Elasticvue** and part the Nginx Docker image
 * **Heimdall** is no longer supported and superseded with a new Bento based landing page
 * **Elasticsearch Curator** is no longer supprted and superseded with **Index Lifecycle Policies** available through Kibana.
 # Thanks & Credits
 * @ghenry, for some fun late night debugging and of course SentryPeer!
 * @giga-a, for adding much appreciated features (i.e. JSON logging, 
 X-Forwarded-For, etc.) and of course qHoneypots! 
 * @sp3t3rs, @trixam, for their backend and ews support!
-* @tadashi-oya, for spotting some errors and propose fixes!
+* @shark4ce for taking the time to test, debug and offer a solution #1472.
 * @tmariuss, @shaderecker for their cloud contributions!
 * @vorband, for much appreciated and helpful insights regarding the GeoIP Attack Map!
 * @yunginnanet, on not giving up on squashing a bug and of course Hellpot!
 ... and many others from the T-Pot community by opening valued issues and discussions, suggesting ideas and thus helping to improve T-Pot!
--- a/CITATION.cff
+++ b/CITATION.cff
@ -2,7 +2,7 @@
 # Visit https://bit.ly/cffinit to generate yours today!
 cff-version: 1.2.0
-title: T-Pot DEV
+title: T-Pot 24.04.0
 message: >-
  If you use this software, please cite it using the
  metadata from this file.
@ -20,8 +20,8 @@ authors:
 identifiers:
  - type: url
    value: >-
-      https://github.com/telekom-security/tpotce/releases/tag/22.04.0
+      https://github.com/telekom-security/tpotce/releases/tag/24.04.0
-    description: T-Pot Release 22.04.0
+    description: T-Pot Release 24.04.0
 repository-code: 'https://github.com/telekom-security/tpotce'
 abstract: >-
  T-Pot is the all in one, optionally distributed, multiarch
@ -38,6 +38,6 @@ keywords:
  - docker
  - elk
 license: GPL-3.0
-commit: unreleased, under heavy development
+commit: release
-version: 2x.yy.z
+version: 24.04.0
-date-released: '202x-yy-zz'
+date-released: '2024-04-22'
--- a/PREVIEW.md
+++ b/PREVIEW.md
@ -1,205 +0,0 @@
 # T-Pot - Dev Preview
 T-Pot will be turning 10 years next year and this milestone will be celebrated when the time comes, which brings us today to the best time to reflect on how technology advanced, what this means for the project and how we can ensure T-Pot will meet the current and future requirements of the community.
 <br><br>
 # TL;DR
 1. [Download](#choose-your-distro) or use a running, supported distribution
 2. Install the ISO with as minimal packages / services as possible (SSH required!)
 3. Install curl: `$ sudo [apt, dnf, zypper] install curl` if not installed already
 4. Run installer as non-root:
 ```
 /bin/bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/dev/install.sh)"
 ```
   * Follow instructions, read messages, check for possible port conflicts and reboot
 5. [Start](#start-t-pot) T-Pot as non-root for the first time:
 ```
 cd tpotce/preview/
 docker compose up
 ```
 # Table of Contents
 - [Disclaimer](#disclaimer)
 - [Last Time Departed](#last-time-departed)
 - [Present Time](#present-time)
 - [Destination Time](#destination-time)
 - [Technical Preview](#technical-preview)
  - [Architecture](#architecture)
 - [Installation](#installation)
  - [Choose your distro](#choose-your-distro)
  - [Get and Install T-Pot](#get-and-install-t-pot)
  - [T-Pot Config File](#t-pot-config-file)
  - [macOS & Windows](#macos--windows)
 - [Start T-Pot](#start-t-pot)
 - [Stop T-Pot](#stop-t-pot)
 - [Uninstall T-Pot](#uninstall-t-pot)
 - [Feedback](#uninstall-t-pot)
 <br><br>
 # Disclaimer
 - This is a Technical Preview, a very very early stage in the development T-Pot. You have been warned - there will be dragons steering flying time machines possibly causing paradoxes.
 - The T-Pot [disclaimer](https://github.com/telekom-security/tpotce/blob/master/README.md#disclaimer) and [documentation](https://github.com/telekom-security/tpotce/blob/master/README.md) apply.
 <br><br>
 # Last Time Departed
 Jumping back to 2014 T-Pot was born as the direct ancestor of our Raspberry Pi images we used to offer for download (which probably by now only insiders will remember 😅). Docker was just the new kid on the block with the shiny new container engine everyone desperately unknowingly waited for and thus taking the dev-world by storm. At that point we wanted to ensure that T-Pot was something tangible, tethered to a physical device (Hello NUC my old friend 👋) while using latest technologies ensuring an easy transition should we ever leave hardware based installations (or VMs for that matter). And Oh-My-Zsh as you all know that day came faster than anticipated! (Special thanks @vorband, @shaderecker and @tmariuss for all of their contributions!)  
 <br><br>
 # Present Time
 Flash Forward to today, T-Pot offers support for Debian, both as an ISO based installation or a post installation method (install your own Debian Server), support for OTC, AWS and other clouds through Ansible and Terraform Support. All of this in many different flavors and even a distributed installation. At the same time we are still relying on the same base concept we originally started with which does not seem fit for the foreseeable future.<br>
 In the last couple of years being independent of a certain platform was the one feature that stood out by far. The reason for this, until today, is the simple fact that T-Pot, although relying heavily on Docker, still relies on a fully controlled environment. This has its advantages but can not meet a demand where cloud based installations need different settings than we can provide (we can only run limited platform tests), companies follow different guidelines for allowed distributions or hosters simply offer Debian images slightly adjusted to their environments causing issues with the setting T-Pot relies on. Roll the dice or ask the Magic-8-Ball.     
 <br><br>
 # Destination Time
 Back to the future of T-Pot. For a brief time we had the idea of T-Pot Light which should compensate for the missing platform support. A concept was whipped up to support all of T-Pot's dockered services on minimal installations of Debian, Fedora, OpenSuse and Ubuntu Server. And it worked! It worked so good that we have almost achieved feature parity for this Technical Preview and decided that this is the best candidate for the future of the development of T-Pot<br>
 We are thrilled to share this now, so you can test, provide us with feedback, open issues and discussions and give us the chance to make the next T-Pot the best T-Pot we have ever released!
 <br><br>
 ## Technical Preview
 For the purpose of the Technical Preview T-Pot will still use the 22.04 images and for a great part rely on the 22.04 release. This will lay the groundwork though for the next T-Pot release by just relying on the latest Docker package repositories (yes, the distros mostly do not offer Docker's bleeding edge features), some tiny modifications on the host (installer and uninstaller provided!) and move all of T-Pot's core in its own Docker image with a simple, user adjustable, configuration.<br>
 <br><br>
 ## Architecture
 While the basic architecture still remains, the Technical Preview of T-Pot is mostly independent of the underlying OS with only some basic requirements:
 1. Underlying OS is available as supported distribution:
    * Only the bare minimum of services and packages are installed to avoid possible port conflicts with T-Pot's services
    * Debian, Fedora, OpenSuse and Ubuntu Server are currently supported, others might follow if the requirements will be met
 2. Latest Docker Engine from Docker's repositories is supported
    * Only the latest Docker Engine packages offer all the features needed for T-Pot
    * Docker Desktop does not offer host network capabilities and thus only a limited T-Pot experience (not available for the Technical Preview, but planned to even get started faster!)
 3. Changes to the host
    * Some changes to the host are necessary but will be kept as minimalistic as possible, just enough T-Pot will be able to run
    * There are uninstallers available this time 😁
 <br><br>
 # System Requirements
 The known T-Pot hardware (CPU, RAM, SSD) requirements and recommendations still apply.
 <br><br>
 # Installation
 [Download](#choose-your-distro) one of the supported Linux distro images, `git clone` the T-Pot repository and run the installer specific to your system. Running T-Pot on top of a running and supported Linux system is possible, but a clean installation is recommended to avoid port conflicts with running services.
 <br><br>
 ## Choose your distro
 Choose a supported distro of your choice. It is recommended to use the minimum / netiso installers linked below and only install a minimalistic set of packages. SSH is mandatory or you will not be able to connect to the machine remotely.
 | Distribution Name                              | x64                                                                                                                                   | arm64 
 |:-----------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|:--------------
 | [AlmaLinux](https://almalinux.org)             | [download](https://mirrors.almalinux.org/isos/x86_64/9.2.html)                                                                        | [download](https://mirrors.almalinux.org/isos/aarch64/9.2.html)
 | [Debian](https://www.debian.org/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.0.0-amd64-netinst.iso)                                 | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.0.0-arm64-netinst.iso)
 | [DietPi](https://dietpi.com/#home)             |                                                                                                                                       | [download](https://dietpi.com/downloads/images/DietPi_RPi-ARMv8-Bookworm.7z)
 | [Fedora](https://fedoraproject.org)            | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/38/Server/x86_64/iso/Fedora-Server-netinst-x86_64-38-1.6.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/38/Server/aarch64/iso/Fedora-Server-netinst-aarch64-38-1.6.iso)
 | [OpenSuse](https://www.opensuse.org)           | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso)                                   | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso)
 | [Rocky Linux](https://rockylinux.org)          | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.2-x86_64-minimal.iso)                                      | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.2-aarch64-minimal.iso)
 | [Ubuntu](https://ubuntu.com)                   | [download](https://releases.ubuntu.com/22.04.2/ubuntu-22.04.2-live-server-amd64.iso)                                                  | [download](https://cdimage.ubuntu.com/releases/22.04/release/ubuntu-22.04.2-live-server-arm64.iso)
 ## Raspberry Pi 4 (8GB) Support
 | Distribution Name                              | arm64                                                                                                                                               | Notes                                                                                                                                 
 |:-----------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------|:--------------
 | [DietPi](https://dietpi.com/#home)             | [download](https://dietpi.com/downloads/images/DietPi_RPi-ARMv8-Bookworm.7z)                                                                        | In DietPi config you need to choose OpenSSH instead of Dropbear or T-Pot will fail to install
 | [Raspberry Pi OS](https://www.raspberrypi.com) | [download](https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2023-05-03/2023-05-03-raspios-bullseye-arm64-lite.img.xz) | Recommended, everything incl. Wifi works as expected right away (when using Raspberry Pi Imager)
 <br><br> 
 ## Get and install T-Pot
 1. Clone the GitHub repository: `$ git clone https://github.com/telekom-security/tpotce`
 2. Change into the **tpotce/preview/installer** folder: `$ cd tpotce/preview/installer`
 3. Locate your distribution, i.e. `fedora`: `$ cd fedora`
 4. Run the installer as non-root: `$ ./install.sh`:
   * ⚠️ ***Depending on your Linux distribution of choice the installer will:***
     * Change the SSH port to `tcp/64295`
     * Disable the DNS Stub Listener to avoid port conflicts with honeypots
     * Set SELinux to Monitor Mode
     * Set the firewall target for the public zone to ACCEPT
     * Add Docker's repository and install Docker
     * Install recommended packages
     * Remove package known to cause issues
     * Add the current user to the docker group (allow docker interaction without `sudo`)
     * Add `dps` and `dpsw` aliases (`grc docker ps -a`, `watch -c "grc --colour=on docker ps -a`)
     * Display open ports on the host (compare with T-Pot [required](https://github.com/telekom-security/tpotce#required-ports) ports)
 5. Follow the installer instructions, you will have to enter your password at least once
 6. Check the installer messages for errors and open ports that might cause port conflicts
 7. Reboot: `$ sudo reboot`
 <br><br>
 ## T-Pot Config File
 T-Pot offers a configuration file providing environment variables not only for the docker services (i.e. honeypots and tools) but also for the docker compose environment. The configuration file is hidden in the `preview` folder and is called `.env`. There is however an example file (`env.example`) which holds the default configuration.<br> Before the first start set the `WEB_USER` and `WEB_PW`. Once T-Pot was initialized it is recommended to remove the password and set `WEB_PW=<changeme>`. Other settings are available also, these however should only be changed if you are comfortable with possible errors 🫠 as some of the features are not fully integrated and tested yet.
 ```
 # T-Pot config file. Do not remove.
 # Set Web username and password here, only required for first run
 #  Removing the password after first run is recommended
 #  You can always add or remove users as you see fit using htpasswd:
 #  htpasswd -b -c /<data_folder>/nginx/conf/nginxpasswd <username> <password>
 WEB_USER=<changeme>
 WEB_PW=<changeme>
 # T-Pot Blackhole
 #  ENABLED: T-Pot will download a db of known mass scanners and nullroute them
 #           Be aware, this will put T-Pot off the map for stealth reasons and
 #           you will get less traffic. Routes will active until reboot and will
 #           be re-added with every T-Pot start until disabled.
 #  DISABLED: This is the default and no stealth efforts are in place.
 TPOT_BLACKHOLE=DISABLED
 ```
 ## macOS & Windows
 Sometimes it is just nice if you can spin up a T-Pot instance on macOS or Windows, i.e. for development, testing or just the fun of it. While Docker Desktop is rather limited not all honeypot types or T-Pot features are supported. Also remember, by default the macOS and Windows firewall are blocking access from remote, so testing is limited to the host. For production it is recommended to run T-Pot on Linux.<br>
 To get things up and running just follow these steps:
 1. Install Docker Desktop for [macOS](https://docs.docker.com/desktop/install/mac-install/) or [Windows](https://docs.docker.com/desktop/install/windows-install/)
 2. Clone the GitHub repository: `$ git clone https://github.com/telekom-security/tpotce`
 2. Change into the **tpotce/preview/compose** folder: `$ cd tpotce/preview/compose`
 3. Copy **mac_win.yml** to the **tpotce/preview** folder by overwriting **docker-compose.yml**: `$ cp mac_win.yml ../docker-compose.yml`
 4. Adjust the **.env** file by changing **TPOT_OSTYPE** to either **mac** or **win**:
 ```
 # OSType (linux, mac, win)
 #  Most docker features are available on linux
 TPOT_OSTYPE=mac
 ```
 5. You have to ensure on your own there are no port conflicts keeping T-Pot from starting up.
 You can follow the README on how to [Start T-Pot](#start-t-pot), however you may skip the **crontab**.
 # Start T-Pot
 1. Change into the **tpotce/preview/** folder: `$ cd tpotce/preview/`
 2. Run: `$ docker compose up` (notice the missing dash, `docker-compose` no longer exists with the latest Docker installation)
   * You can also run `$ docker compose -f /<path_to_tpot>/tpotce/preview/docker-compose.yml up` directly if you want to avoid to change into the `preview` folder or add an alias of your choice.
 3. `docker compose` will now download all the necessary images to run the T-Pot Docker containers
 4. On the first run T-Pot (`tpotinit`) will initialize and create the `data` folder in the path specified (by default it is located in `tpotce/preview/data/`):
   * It takes about 2-3 minutes to bring all the containers up (should port conflicts arise `docker compose` will simply abort)
   * Once all containers have started successfully for the first time you can access T-Pot as described [here](https://github.com/telekom-security/tpotce#remote-access-and-tools) or cancel with `CTRL-C` ...
 5. ... and run T-Pot in the background: `$ docker compose up -d`
   * Unless you run `docker compose down -v` T-Pot's Docker service will remain persistent and restart with a reboot
   * You can however add a crontab entry with `crontab -e` which will also add some container and image management.
 ```
@reboot docker compose -f /<path_to_tpot_>/tpotce/preview/docker-compose.yml down -v; \
 docker container prune -f; \
 docker image prune -f; \
 docker compose -f /<path_to_tpot_>/tpotce/preview/docker-compose.yml up -d
 ```
 6. By default Docker will always check if the local and remote docker images match, if not, Docker will either revert to a fitting locally cached image or download the image from remote. This ensures T-Pot images will always be up-to-date
 # Stop T-Pot
 1. Change into the **tpotce/preview/** folder: `$ cd tpotce/preview/`
 2. Run: `$ docker compose down -v` (notice the missing dash, `docker-compose` no longer exists with the latest docker installation)
 3. Docker will now stop all running T-Pot containers and disable reboot persistence (unless you made a [crontab entry](#start-t-pot)
   * You can also run `$ docker compose -f /<path_to_tpot>/tpotce/preview/docker-compose.yml down -v` directly if you want to avoid to change into the `preview` folder or add an alias of your choice.
 # Uninstall T-Pot
 1. Change into the **tpotce/preview/uninstaller/** folder: `$ cd tpotce/preview/uninstaller/`
 2. Locate your distribution, i.e. `fedora`: `$ cd fedora`
 3. Run the installer as non-root: `$ ./uninstall.sh`:
   * The uninstaller will reverse the installation steps
 4. Follow the uninstaller instructions, you will have to enter your password at least once
 5. Check the uninstaller messages for errors
 6. Reboot: `$ sudo reboot`
 <br><br>
 # Feedback
 To ensure the next T-Pot release will be everything we and you - The T-Pot Community - have in mind please feel free to leave comments in the `Technical Preview` [discussion](https://github.com/telekom-security/tpotce/discussions/1325) pinned on our GitHub [Discussions](https://github.com/telekom-security/tpotce/discussions) section. Please bear in mind that this Technical Preview is made public in the earliest stage of the T-Pot development process at your convenience for ***your*** valuable input.
 <br><br>
 Thank you for testing 💖
 Special thanks to all the [contributors](https://github.com/telekom-security/tpotce/graphs/contributors) and [developers](https://github.com/telekom-security/tpotce#credits) making this project possible!
--- a/README.md
+++ b/README.md
--- a/SECURITY.md
+++ b/SECURITY.md
@ -3,18 +3,21 @@
 ## Supported Versions
 | Version | Supported          |
-|---------| ------------------ |
+|-------|--------------------|
-| 23.12.x | :white_check_mark: |
+| 24.04 | :white_check_mark: |
 ## Reporting a Vulnerability
-We take security of T-Pot very seriously. If one of T-Pot's components is affected, it is most likely that a upstream component we rely on is involved, such as a honeypot, docker image, tool or package. Together we will find the best possible way to remedy the situation.
+We prioritize the security of T-Pot highly. Often, vulnerabilities in T-Pot components stem from upstream dependencies, including honeypots, Docker images, tools, or packages. We are committed to working together to resolve any issues effectively.
-Before you submit a possible vulnerability, please ensure you have done the following:
+Please follow these steps before reporting a potential vulnerability:
 1. You have checked the documentation, issues and discussions if the detected behavior is typical and does not revolve around other issues. I.e. Cowrie will be detected with outgoing conncection requests or T-Pot opening all possible TCP ports which Honeytrap enabled install flavors will do as a feature.
 2. You have identified the vulnerable component and isolated your finding (honeypot, docker image, tool, package, etc.).
 3. You have a detailed description including log files, possibly debug files, with all steps necessary for us to reproduce / trigger the behaviour or vulnerability. At best you already have a possible solution, hotfix, fix or patch to remedy the situation and want to submit a PR. 
 4. You have checked if the possible vulnerability is known upstream. If a fix / patch is already available, please provide the necessary info.
-We will get back to you as fast as possible. In case you think this is an emergency for the whole T-Pot community feel free to speed things up by **responsibly** informing our [CERT](https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/introducing-deutsche-telekom-cert-358316).
+1. Verify that the behavior you've observed isn't already documented as a normal aspect or unrelated issue of T-Pot. For example, Cowrie may initiate outgoing connections, or T-Pot might open all possible TCP ports—a feature enabled by Honeytrap.
 2. Clearly identify which component is vulnerable (e.g., a specific honeypot, Docker image, tool, package) and isolate the issue.
 3. Provide a detailed description of the issue, including log and, if available, debug files. Include all steps necessary to reproduce the vulnerability. If you have a proposed solution, hotfix, or patch, please be prepared to submit a pull request (PR).
 4. Check whether the vulnerability is already known upstream. If there is an existing fix or patch, include that information in your report.
 This approach ensures a thorough and efficient resolution process.
 We aim to respond as quickly as possible. If you believe the issue poses an immediate threat to the entire T-Pot community, you can expedite the process by responsibly alerting our [CERT](https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/introducing-deutsche-telekom-cert-358316).
--- a/_deprecated/bin/2fa.sh
+++ b/_deprecated/bin/2fa.sh
@ -1,77 +0,0 @@
 #!/bin/bash
 # Make sure script is started as non-root.
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" = "root" ]
  then
    echo "Need to run as non-root ..."
    echo ""
    exit
 fi
 # set vars, check deps
 myPAM_COCKPIT_FILE="/etc/pam.d/cockpit"
 if ! [ -s "$myPAM_COCKPIT_FILE" ];
  then
    echo "### Cockpit PAM module config does not exist. Something went wrong."
    echo ""
    exit 1
 fi
 myPAM_COCKPIT_GA="
 # google authenticator for two-factor
 auth required pam_google_authenticator.so
 "
 myAUTHENTICATOR=$(which google-authenticator)
 if [ "$myAUTHENTICATOR" == "" ];
  then
    echo "### Could not locate google-authenticator, trying to install (if asked provide root password)."
    echo ""
    sudo apt-get update
    sudo apt-get install -y libpam-google-authenticator
    exec "$1" "$2"    
    exit 1
 fi
 # write PAM changes 
 function fuWRITE_PAM_CHANGES {
  myCHECK=$(cat $myPAM_COCKPIT_FILE | grep -c "google")
  if ! [ "$myCHECK" == "0" ];
    then
      echo "### PAM config already enabled. Skipped."
      echo ""
    else
      echo "### Updating PAM config for Cockpit (if asked provide root password)."
      echo "$myPAM_COCKPIT_GA" | sudo tee -a $myPAM_COCKPIT_FILE
      sudo systemctl restart cockpit
  fi
 }
 # create 2fa
 function fuGEN_TOKEN {
  echo "### Now generating token for Google Authenticator."
  echo ""
  google-authenticator -t -d -r 3 -R 30 -w 17
 }
 # main
 echo "### This script will enable Two Factor Authentication for Cockpit."
 echo ""
 echo "### Please download one of the many authenticator apps from the appstore of your choice."
 echo ""
 while true;
  do
    read -p "### Ready to start (y/n)? " myANSWER
    case $myANSWER in
      [Yy]* ) echo "### OK. Starting ..."; break;;
      [Nn]* ) echo "### Exiting."; exit;;
    esac
 done
 fuWRITE_PAM_CHANGES
 fuGEN_TOKEN
 echo "Done. Re-run this script by every user who needs Cockpit access."
 echo ""
--- a/_deprecated/bin/backup_es_folders.sh
+++ b/_deprecated/bin/backup_es_folders.sh
@ -1,61 +0,0 @@
 #!/bin/bash
 # Run as root only.
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ];
  then
    echo "Need to run as root ..."
    exit
 fi
 if [ "$1" == "" ] || [ "$1" != "all" ] && [ "$1" != "base" ];
  then
    echo "Usage: backup_es_folders [all, base]"
    echo "       all  = backup all ES folder"
    echo "       base = backup only Kibana index".
    echo
    exit
 fi
 # Backup all ES relevant folders
 # Make sure ES is available
 myES="http://127.0.0.1:64298/"
 myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
 if ! [ "$myESSTATUS" = "1" ]
  then
    echo "### Elasticsearch is not available, try starting via 'systemctl start tpot'."
    exit
  else
    echo "### Elasticsearch is available, now continuing."
    echo
 fi
 # Set vars
 myCOUNT=1
 myDATE=$(date +%Y%m%d%H%M)
 myELKPATH="/data/elk/data"
 myKIBANAINDEXNAME=$(curl -s -XGET ''$myES'_cat/indices/.kibana' | awk '{ print $4 }')
 myKIBANAINDEXPATH=$myELKPATH/indices/$myKIBANAINDEXNAME
 # Let's ensure normal operation on exit or if interrupted ...
 function fuCLEANUP {
  ### Start ELK
  systemctl start tpot
  echo "### Now starting T-Pot ..."
 }
 trap fuCLEANUP EXIT
 # Stop T-Pot to lift db lock
 echo "### Now stopping T-Pot"
 systemctl stop tpot
 sleep 2
 # Backup DB in 2 flavors
 echo "### Now backing up Elasticsearch folders ..."
 if [ "$1" == "all" ];
  then
    tar cvfz "elkall_"$myDATE".tgz" $myELKPATH
 elif [ "$1" == "base" ];
  then
    tar cvfz "elkbase_"$myDATE".tgz" $myKIBANAINDEXPATH
 fi
--- a/_deprecated/bin/blackhole.sh
+++ b/_deprecated/bin/blackhole.sh
@ -1,109 +0,0 @@
 #!/bin/bash
 # Run as root only.
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
  then
    echo "### Need to run as root ..."
    echo
    exit
 fi
 # Disclaimer
 if [ "$1" == "" ];
  then
    echo "### Warning!"
    echo "### This script will download and add blackhole routes for known mass scanners in an attempt to decrease the chance of detection."
    echo "### IPs are neither curated or verified, use at your own risk!"
    echo "###"
    echo "### As long as <blackhole.sh del> is not executed the routes will be re-added on T-Pot start through </opt/tpot/bin/updateip.sh>."
    echo "### Check with <ip r> or <dps.sh> if blackhole is enabled."
    echo
    echo "Usage: blackhole.sh add (add blackhole routes)" 
    echo "       blackhole.sh del (delete blackhole routes)"
    echo
    exit
 fi
 # QnD paths, files
 mkdir -p /etc/blackhole
 cd /etc/blackhole
 myFILE="mass_scanner.txt"
 myURL="https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner.txt"
 myBASELINE="500"
 # Alternatively, using less routes, but blocking complete /24 networks
 #myFILE="mass_scanner_cidr.txt"
 #myURL="https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner_cidr.txt"
 # Calculate age of downloaded list, read IPs
 if [ -f "$myFILE" ];
  then
    myNOW=$(date +%s)
    myOLD=$(date +%s -r "$myFILE")
    myDAYS=$(( ($myNOW-$myOLD) / (60*60*24) ))
    echo "### Downloaded $myFILE list is $myDAYS days old."
    myBLACKHOLE_IPS=$(grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}\b" "$myFILE" | sort -u)
 fi
 # Let's load ip list
 if [[ ! -f "$myFILE" && "$1" == "add" || "$myDAYS" -gt 30 ]];
  then
    echo "### Downloading $myFILE list."
    aria2c --allow-overwrite -s16 -x 16 "$myURL" && \
    myBLACKHOLE_IPS=$(grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}\b" "$myFILE" | sort -u) 
 fi
 myCOUNT=$(echo $myBLACKHOLE_IPS | wc -w)
 # Let's extract mass scanner IPs
 if [ "$myCOUNT" -lt "$myBASELINE" ] && [ "$1" == "add" ];
  then
    echo "### Something went wrong. Please check contents of /etc/blackhole/$myFILE."
    echo "### Aborting."
    echo
    exit
 elif [ "$(ip r | grep 'blackhole' -c)" -gt "$myBASELINE" ] && [ "$1" == "add" ];
  then
    echo "### Blackhole already enabled."
    echo "### Aborting."
    echo
    exit
 fi
 # Let's add blackhole routes for all mass scanner IPs
 if [ "$1" == "add" ];
  then
    echo
    echo -n "Now adding $myCOUNT IPs to blackhole."
    for i in $myBLACKHOLE_IPS;
      do
        ip route add blackhole "$i"
 	echo -n "."
    done
    echo
    echo "Added $(ip r | grep "blackhole" -c) IPs to blackhole."
    echo
    echo "### Remember!"
    echo "### As long as <blackhole.sh del> is not executed the routes will be re-added on T-Pot start through </opt/tpot/bin/updateip.sh>."
    echo "### Check with <ip r> or <dps.sh> if blackhole is enabled."
    echo
    exit
 fi
 # Let's delete blackhole routes for all mass scanner IPs
 if [ "$1" == "del" ] && [ "$myCOUNT" -gt "$myBASELINE" ];
  then
    echo
    echo -n "Now deleting $myCOUNT IPs from blackhole."
      for i in $myBLACKHOLE_IPS;
        do
          ip route del blackhole "$i"
 	  echo -n "."
      done
      echo
      echo "$(ip r | grep 'blackhole' -c) IPs remaining in blackhole."
      echo
      rm "$myFILE"
  else
    echo "### Blackhole already disabled."
    echo
 fi
--- a/_deprecated/bin/change_ews_config.sh
+++ b/_deprecated/bin/change_ews_config.sh
@ -1,89 +0,0 @@
 #!/bin/bash
 echo """
 ##############################
 # T-POT DTAG Data Submission #
 # Contact:                   #
 # cert@telekom.de            # 
 ##############################
 """
 # Got root?
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
  then
    echo "Need to run as root ..."
    sudo ./$0
    exit
 fi
 printf "[*] Enter your API UserID: "
 read apiUser
 printf "[*] Enter your API Token: "
 read apiToken
 printf "[*] If you have multiple T-Pots running, give them each a unique NUMBER, e.g. '2' for your second T-Pot installation. Enter unique number for THIS T-Pot: "
 read indexNumber
 if ! [[ "$indexNumber" =~ ^[0-9]+$ ]]
    then
        echo "Sorry integers only. You have to start over..."
        exit 1
 fi
 apiURL="https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage"
 printf "[*] Currently, your honeypot is configured to transmit data the default backend at 'https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage'. Do you want to change this API endpoint? Only do this if you run your own PEBA backend instance? (N/y): "
 read replyAPI
 if [[ $replyAPI =~ ^[Yy]$ ]]
 then    
    printf "[*] Enter your API endpoint URL and make sure it contains the full path, e.g. 'https://myDomain.local:9922/ews-0.1/alert/postSimpleMessage': "
    read apiURL
 fi
 echo ""
 echo "[*] Recap! You defined: "
 echo "############################"
 echo "API User: " $apiUser
 echo "API Token: " $apiToken
 echo "API URL: " $apiURL
 echo "Unique numeric ID for your T-Pot Installation: "  $indexNumber
 echo "Specific honeypot-IDs will look like : <honeypotType>-"$apiUser"-"$indexNumber
 echo "############################"
 echo ""
 printf  "[*] Is the above correct (y/N)? "
 read reply
 if [[ ! $reply =~ ^[Yy]$ ]]
 then	
 	echo "OK, then run this again..."
    exit 1
 fi
 echo ""
 echo "[+] Creating config file with API UserID '$apiUser' and API Token '$apiToken'."
 echo "[+] Fetching config file from github. Outgoing https requests must be enabled!"
 wget -q https://raw.githubusercontent.com/telekom-security/tpotce/master/docker/ews/dist/ews.cfg -O ews.cfg.dist 
 if [[ -f "ews.cfg.dist" ]]; then
 	echo "[+] Successfully downloaded ews.cfg from github."
 else 
 	echo "[+] Could not download ews.cfg from github."
 	exit 1
 fi 
 echo "[+] Patching ews.cfg API Credentials."
 sed 's/community-01-user/'$apiUser'/' ews.cfg.dist > ews.cfg
 sed -i 's/foth{a5maiCee8fineu7/'$apiToken'/' ews.cfg
 echo "[+] Patching ews.cfg API Url."
 apiURL=${apiURL////\\/};
 sed -i 's/https:\/\/community.sicherheitstacho.eu\/ews-0.1\/alert\/postSimpleMessage/'$apiURL'/' ews.cfg
 echo "[+] Patching ews.cfg honeypot IDs."
 sed -i 's/community-01/'$apiUser'-'$indexNumber'/' ews.cfg
 rm ews.cfg.dist
 echo "[+] Changing tpot.yml to include new ews.cfg."
 cp ews.cfg /data/ews/conf/ews.cfg
 cp /opt/tpot/etc/tpot.yml /opt/tpot/etc/tpot.yml.bak
 sed -i '/- \/data\/ews\/conf\/ews.ip:\/opt\/ewsposter\/ews.ip/a\ \ \   - \/data\/ews\/conf\/ews.cfg:\/opt\/ewsposter\/ews.cfg' /opt/tpot/etc/tpot.yml
 echo "[+] Restarting T-Pot."
 systemctl restart tpot
 echo "[+] Done."
--- a/_deprecated/bin/clean.sh
+++ b/_deprecated/bin/clean.sh
@ -1,372 +0,0 @@
 #!/bin/bash
 # T-Pot Container Data Cleaner & Log Rotator
 # Set colors
 myRED="[0;31m"
 myGREEN="[0;32m"
 myWHITE="[0;0m"
 # Set pigz
 myPIGZ=$(which pigz)
 # Set persistence
 myPERSISTENCE=$1
 # Let's create a function to check if folder is empty
 fuEMPTY () {
  local myFOLDER=$1
 echo $(ls $myFOLDER | wc -l)
 }
 # Let's create a function to rotate and compress logs
 fuLOGROTATE () {
  local mySTATUS="/opt/tpot/etc/logrotate/status"
  local myCONF="/opt/tpot/etc/logrotate/logrotate.conf"
  local myADBHONEYTGZ="/data/adbhoney/downloads.tgz"
  local myADBHONEYDL="/data/adbhoney/downloads/"
  local myCOWRIETTYLOGS="/data/cowrie/log/tty/"
  local myCOWRIETTYTGZ="/data/cowrie/log/ttylogs.tgz"
  local myCOWRIEDL="/data/cowrie/downloads/"
  local myCOWRIEDLTGZ="/data/cowrie/downloads.tgz"
  local myDIONAEABI="/data/dionaea/bistreams/"
  local myDIONAEABITGZ="/data/dionaea/bistreams.tgz"
  local myDIONAEABIN="/data/dionaea/binaries/"
  local myDIONAEABINTGZ="/data/dionaea/binaries.tgz"
  local myHONEYTRAPATTACKS="/data/honeytrap/attacks/"
  local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
  local myHONEYTRAPDL="/data/honeytrap/downloads/"
  local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz"
  local myTANNERF="/data/tanner/files/"
  local myTANNERFTGZ="/data/tanner/files.tgz"
 # Ensure correct permissions and ownerships for logrotate to run without issues
 chmod 770 /data/ -R
 chown tpot:tpot /data -R
 chmod 644 /data/nginx/conf -R
 chmod 644 /data/nginx/cert -R
 # Run logrotate with force (-f) first, so the status file can be written and race conditions (with tar) be avoided
 logrotate -f -s $mySTATUS $myCONF
 # Compressing some folders first and rotate them later
 if [ "$(fuEMPTY $myADBHONEYDL)" != "0" ]; then tar -I $myPIGZ -cvf $myADBHONEYTGZ $myADBHONEYDL; fi
 if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIETTYTGZ $myCOWRIETTYLOGS; fi
 if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIEDLTGZ $myCOWRIEDL; fi
 if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABITGZ $myDIONAEABI; fi
 if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABINTGZ $myDIONAEABIN; fi
 if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
 if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
 if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar -I $myPIGZ -cvf $myTANNERFTGZ $myTANNERF; fi
 # Ensure correct permissions and ownership for previously created archives
 chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
 chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
 # Need to remove subfolders since too many files cause rm to exit with errors
 rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
 # Recreate subfolders with correct permissions and ownership
 mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
 chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
 chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
 # Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
 logrotate -s $mySTATUS $myCONF
 }
 # Let's create a function to clean up and prepare honeytrap data
 fuADBHONEY () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/adbhoney/*; fi
  mkdir -p /data/adbhoney/log/ /data/adbhoney/downloads/
  chmod 770 /data/adbhoney/ -R
  chown tpot:tpot /data/adbhoney/ -R
 }
 # Let's create a function to clean up and prepare ciscoasa data
 fuCISCOASA () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ciscoasa/*; fi
  mkdir -p /data/ciscoasa/log
  chmod 770 /data/ciscoasa -R
  chown tpot:tpot /data/ciscoasa -R
 }
 # Let's create a function to clean up and prepare citrixhoneypot data
 fuCITRIXHONEYPOT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/citrixhoneypot/*; fi
  mkdir -p /data/citrixhoneypot/logs/
  chmod 770 /data/citrixhoneypot/ -R
  chown tpot:tpot /data/citrixhoneypot/ -R
 }
 # Let's create a function to clean up and prepare conpot data
 fuCONPOT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi
  mkdir -p /data/conpot/log
  chmod 770 /data/conpot -R
  chown tpot:tpot /data/conpot -R
 }
 # Let's create a function to clean up and prepare cowrie data
 fuCOWRIE () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/cowrie/*; fi
  mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/
  chmod 770 /data/cowrie -R
  chown tpot:tpot /data/cowrie -R
 }
 # Let's create a function to clean up and prepare ddospot data
 fuDDOSPOT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ddospot/log; fi
  mkdir -p /data/ddospot/bl /data/ddospot/db /data/ddospot/log
  chmod 770 /data/ddospot -R
  chown tpot:tpot /data/ddospot -R
 }
 # Let's create a function to clean up and prepare dicompot data
 fuDICOMPOT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/log; fi
  mkdir -p /data/dicompot/log
  mkdir -p /data/dicompot/images
  chmod 770 /data/dicompot -R
  chown tpot:tpot /data/dicompot -R
 }
 # Let's create a function to clean up and prepare dionaea data
 fuDIONAEA () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dionaea/*; fi
  mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp
  chmod 770 /data/dionaea -R
  chown tpot:tpot /data/dionaea -R
 }
 # Let's create a function to clean up and prepare elasticpot data
 fuELASTICPOT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elasticpot/*; fi
  mkdir -p /data/elasticpot/log
  chmod 770 /data/elasticpot -R
  chown tpot:tpot /data/elasticpot -R
 }
 # Let's create a function to clean up and prepare elk data
 fuELK () {
  # ELK data will be kept for <= 90 days, check /etc/crontab for curator modification
  # ELK daemon log files will be removed
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elk/log/*; fi
  mkdir -p /data/elk
  chmod 770 /data/elk -R
  chown tpot:tpot /data/elk -R
 }
 # Let's create a function to clean up and prepare endlessh data
 fuENDLESSH () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/endlessh/log; fi
  mkdir -p /data/endlessh/log
  chmod 770 /data/endlessh -R
  chown tpot:tpot /data/endlessh -R
 }
 # Let's create a function to clean up and prepare fatt data
 fuFATT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/fatt/*; fi
  mkdir -p /data/fatt/log
  chmod 770 -R /data/fatt
  chown tpot:tpot -R /data/fatt
 }
 # Let's create a function to clean up and prepare glastopf data
 fuGLUTTON () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi
  mkdir -p /data/glutton/log
  chmod 770 /data/glutton -R
  chown tpot:tpot /data/glutton -R
 }
 # Let's create a function to clean up and prepare hellpot data
 fuHELLPOT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
  mkdir -p /data/hellpot/log
  chmod 770 /data/hellpot -R
  chown tpot:tpot /data/hellpot -R
 }
 # Let's create a function to clean up and prepare heralding data
 fuHERALDING () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/heralding/*; fi
  mkdir -p /data/heralding/log
  chmod 770 /data/heralding -R
  chown tpot:tpot /data/heralding -R
 }
 # Let's create a function to clean up and prepare honeypots data
 fuHONEYPOTS () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeypots/*; fi
  mkdir -p /data/honeypots/log
  chmod 770 /data/honeypots -R
  chown tpot:tpot /data/honeypots -R
 }
 # Let's create a function to clean up and prepare honeysap data
 fuHONEYSAP () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeysap/*; fi
  mkdir -p /data/honeysap/log
  chmod 770 /data/honeysap -R
  chown tpot:tpot /data/honeysap -R
 }
 # Let's create a function to clean up and prepare honeytrap data
 fuHONEYTRAP () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeytrap/*; fi
  mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/
  chmod 770 /data/honeytrap/ -R
  chown tpot:tpot /data/honeytrap/ -R
 }
 # Let's create a function to clean up and prepare ipphoney data
 fuIPPHONEY () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ipphoney/*; fi
  mkdir -p /data/ipphoney/log
  chmod 770 /data/ipphoney -R
  chown tpot:tpot /data/ipphoney -R
 }
 # Let's create a function to clean up and prepare log4pot data
 fuLOG4POT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/log4pot/*; fi
  mkdir -p /data/log4pot/log
  chmod 770 /data/log4pot -R
  chown tpot:tpot /data/log4pot -R
 }
 # Let's create a function to clean up and prepare mailoney data
 fuMAILONEY () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/mailoney/*; fi
  mkdir -p /data/mailoney/log/
  chmod 770 /data/mailoney/ -R
  chown tpot:tpot /data/mailoney/ -R
 }
 # Let's create a function to clean up and prepare mailoney data
 fuMEDPOT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/medpot/*; fi
  mkdir -p /data/medpot/log/
  chmod 770 /data/medpot/ -R
  chown tpot:tpot /data/medpot/ -R
 }
 # Let's create a function to clean up nginx logs
 fuNGINX () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/nginx/log/*; fi
  touch /data/nginx/log/error.log
  chmod 644 /data/nginx/conf -R
  chmod 644 /data/nginx/cert -R
 }
 # Let's create a function to clean up and prepare rdpy data
 fuRDPY () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/rdpy/*; fi
  mkdir -p /data/rdpy/log/
  chmod 770 /data/rdpy/ -R
  chown tpot:tpot /data/rdpy/ -R
 }
 # Let's create a function to clean up and prepare redishoneypot data
 fuREDISHONEYPOT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/redishoneypot/log; fi
  mkdir -p /data/redishoneypot/log
  chmod 770 /data/redishoneypot -R
  chown tpot:tpot /data/redishoneypot -R
 }
 # Let's create a function to clean up and prepare sentrypeer data
 fuSENTRYPEER () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/sentrypeer/log; fi
  mkdir -p /data/sentrypeer/log
  chmod 770 /data/sentrypeer -R
  chown tpot:tpot /data/sentrypeer -R
 }
 # Let's create a function to prepare spiderfoot db
 fuSPIDERFOOT () {
  mkdir -p /data/spiderfoot
  touch /data/spiderfoot/spiderfoot.db
  chmod 770 -R /data/spiderfoot
  chown tpot:tpot -R /data/spiderfoot
 }
 # Let's create a function to clean up and prepare suricata data
 fuSURICATA () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/suricata/*; fi
  mkdir -p /data/suricata/log
  chmod 770 -R /data/suricata
  chown tpot:tpot -R /data/suricata
 }
 # Let's create a function to clean up and prepare p0f data
 fuP0F () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/p0f/*; fi
  mkdir -p /data/p0f/log
  chmod 770 -R /data/p0f
  chown tpot:tpot -R /data/p0f
 }
 # Let's create a function to clean up and prepare p0f data
 fuTANNER () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/tanner/*; fi
  mkdir -p /data/tanner/log /data/tanner/files
  chmod 770 -R /data/tanner
  chown tpot:tpot -R /data/tanner
 }
 # Avoid unwanted cleaning
 if [ "$myPERSISTENCE" = "" ];
  then
    echo $myRED"!!! WARNING !!! - This will delete ALL honeypot logs. "$myWHITE
    while [ "$myQST" != "y" ] && [ "$myQST" != "n" ];
      do
        read -p "Continue? (y/n) " myQST
    done
    if [ "$myQST" = "n" ];
      then
        echo $myGREEN"Puuh! That was close! Aborting!"$myWHITE
        exit
    fi
 fi
 # Check persistence, if enabled compress and rotate logs
 if [ "$myPERSISTENCE" = "on" ];
  then
    echo "Persistence enabled, now rotating and compressing logs."
    fuLOGROTATE
  else
    echo "Cleaning up and preparing data folders."
    fuADBHONEY
    fuCISCOASA
    fuCITRIXHONEYPOT
    fuCONPOT
    fuCOWRIE
    fuDDOSPOT
    fuDICOMPOT
    fuDIONAEA
    fuELASTICPOT
    fuELK
    fuENDLESSH
    fuFATT
    fuGLUTTON
    fuHERALDING
    fuHELLPOT
    fuHONEYSAP
    fuHONEYPOTS
    fuHONEYTRAP
    fuIPPHONEY
    fuLOG4POT
    fuMAILONEY
    fuMEDPOT
    fuNGINX
    fuREDISHONEYPOT
    fuRDPY
    fuSENTRYPEER
    fuSPIDERFOOT
    fuSURICATA
    fuP0F
    fuTANNER
  fi
--- a/_deprecated/bin/deploy.sh
+++ b/_deprecated/bin/deploy.sh
@ -1,182 +0,0 @@
 #!/bin/bash
 # Do we have root?
 function fuGOT_ROOT {
 echo
 echo -n "### Checking for root: "
 if [ "$(whoami)" != "root" ];
  then
    echo "[ NOT OK ]"
    echo "### Please run as root."
    echo "### Example: sudo $0"
    exit
  else
    echo "[ OK ]"
 fi
 }
 function fuDEPLOY_SENSOR () {
 echo
 echo "###############################"
 echo "# Deploying to T-Pot Hive ... #"
 echo "###############################"
 echo
 sshpass -e ssh -4 -t -T -l "$MY_TPOT_USERNAME" -p 64295 "$MY_HIVE_IP" << EOF
 echo "$SSHPASS" | sudo -S bash -c 'useradd -m -s /sbin/nologin -G tpotlogs "$MY_HIVE_USERNAME";
 mkdir -p /home/"$MY_HIVE_USERNAME"/.ssh;
 echo "$MY_SENSOR_PUBLICKEY" >> /home/"$MY_HIVE_USERNAME"/.ssh/authorized_keys;
 chmod 600 /home/"$MY_HIVE_USERNAME"/.ssh/authorized_keys;
 chmod 755 /home/"$MY_HIVE_USERNAME"/.ssh;
 chown "$MY_HIVE_USERNAME":"$MY_HIVE_USERNAME" -R /home/"$MY_HIVE_USERNAME"/.ssh'
 EOF
 echo
 echo "###########################"
 echo "# Done. Please reboot ... #"
 echo "###########################"
 echo
 exit 0
 }
 # Check Hive availability 
 function fuCHECK_HIVE () {
 echo
 echo "############################################"
 echo "# Checking for T-Pot Hive availability ... #"
 echo "############################################"
 echo
 sshpass -e ssh -4 -t -l "$MY_TPOT_USERNAME" -p 64295 -f -N -L64305:127.0.0.1:64305 "$MY_HIVE_IP" -o "StrictHostKeyChecking=no"
 if [ $? -eq 0 ];
  then
    echo
    echo "#########################"
    echo "# T-Pot Hive available! #"
    echo "#########################"
    echo
    myHIVE_OK=$(curl -s http://127.0.0.1:64305)
    if [ "$myHIVE_OK" == "ok" ];
      then
 	echo
        echo "##############################"
        echo "# T-Pot Hive tunnel test OK! #"
        echo "##############################"
        echo
        kill -9 $(pidof ssh)
      else
        echo
 	echo "######################################################"
        echo "# T-Pot Hive tunnel test FAILED!                     #"
 	echo "# Tunneled port tcp/64305 unreachable on T-Pot Hive. #"
 	echo "# Aborting.                                          #"
        echo "######################################################"
        echo
        kill -9 $(pidof ssh)
 	rm $MY_SENSOR_PUBLICKEYFILE
 	rm $MY_SENSOR_PRIVATEKEYFILE
 	rm $MY_LS_ENVCONFIGFILE
 	exit 1
    fi;
  else
    echo
    echo "#################################################################"
    echo "# Something went wrong, most likely T-Pot Hive was unreachable! #"
    echo "# Aborting.                                                     #"
    echo "#################################################################"
    echo
    rm $MY_SENSOR_PUBLICKEYFILE
    rm $MY_SENSOR_PRIVATEKEYFILE
    rm $MY_LS_ENVCONFIGFILE
    exit 1
 fi;
 }
 function fuGET_DEPLOY_DATA () {
 echo
 echo "### Please provide data from your T-Pot Hive installation."
 echo "### This usually is the one running the 'T-Pot Hive' type."
 echo "### You will be needing the OS user (typically 'tsec'), the users' password and the IP / FQDN."
 echo "### Do not worry, the password will not be persisted!"
 echo
 read -p "Username: " MY_TPOT_USERNAME
 read -s -p "Password: " SSHPASS
 echo
 export SSHPASS
 read -p "IP / FQDN: " MY_HIVE_IP
 MY_HIVE_USERNAME="$(hostname)"
 MY_TPOT_TYPE="SENSOR"
 MY_LS_ENVCONFIGFILE="/data/elk/logstash/ls_environment"
 MY_SENSOR_PUBLICKEYFILE="/data/elk/logstash/$MY_HIVE_USERNAME.pub"
 MY_SENSOR_PRIVATEKEYFILE="/data/elk/logstash/$MY_HIVE_USERNAME"
 if ! [ -s "$MY_SENSOR_PRIVATEKEYFILE" ] && ! [ -s "$MY_SENSOR_PUBLICKEYFILE" ];
  then
    echo
    echo "##############################"
    echo "# Generating ssh keyfile ... #"
    echo "##############################"
    echo
    mkdir -p /data/elk/logstash
    ssh-keygen -f "$MY_SENSOR_PRIVATEKEYFILE" -N "" -C "$MY_HIVE_USERNAME"
    MY_SENSOR_PUBLICKEY="$(cat "$MY_SENSOR_PUBLICKEYFILE")"
  else
    echo
    echo "#############################################"
    echo "# There is already a ssh keyfile. Aborting. #"
    echo "#############################################"
    echo
    exit 1
 fi
 echo
 echo "###########################################################"
 echo "# Writing config to /data/elk/logstash/ls_environment.    #"
 echo "# If you make changes to this file, you need to reboot or #"
 echo "# run /opt/tpot/bin/updateip.sh.                          #"
 echo "###########################################################"
 echo
 tee $MY_LS_ENVCONFIGFILE << EOF
 MY_TPOT_TYPE=$MY_TPOT_TYPE
 MY_SENSOR_PRIVATEKEYFILE=$MY_SENSOR_PRIVATEKEYFILE
 MY_HIVE_USERNAME=$MY_HIVE_USERNAME
 MY_HIVE_IP=$MY_HIVE_IP
 EOF
 }
 # Deploy Pot to Hive
 fuGOT_ROOT
 echo
 echo "#################################"
 echo "# Ship T-Pot Logs to T-Pot Hive #"
 echo "#################################"
 echo
 echo "If you already have a T-Pot Hive installation running and"
 echo "this T-Pot installation is running the type \"Pot\" the"
 echo "script will automagically setup this T-Pot to ship and"
 echo "prepare the Hive to receive logs from this T-Pot."
 echo
 echo
 echo "###################################"
 echo "# Deploy T-Pot Logs to T-Pot Hive #"
 echo "###################################"
 echo 
 echo "[c] - Continue deplyoment"
 echo "[q] - Abort and exit"
 echo
 while [ 1 != 2 ]
  do
    read -s -n 1 -p "Your choice: " mySELECT
      echo $mySELECT
      case "$mySELECT" in
        [c,C])
          fuGET_DEPLOY_DATA
          fuCHECK_HIVE
 	  fuDEPLOY_SENSOR
          break
          ;;
        [q,Q])
          echo "Aborted."
          exit 0
          ;;
      esac
 done
--- a/_deprecated/bin/deprecated/hptest.sh
+++ b/_deprecated/bin/deprecated/hptest.sh
@ -1,122 +0,0 @@
 #!/bin/bash
 myHOST="$1"
 myPACKAGES="dcmtk netcat nmap"
 myMEDPOTPACKET="
 MSH|^~\&|ADT1|MCM|LABADT|MCM|198808181126|SECURITY|ADT^A01|MSG00001-|P|2.6
 EVN|A01|198808181123
 PID|||PATID1234^5^M11^^AN||JONES^WILLIAM^A^III||19610615|M||2106-3|677 DELAWARE AVENUE^^EVERETT^MA^02149|GL|(919)379-1212|(919)271-3434~(919)277-3114||S||PATID12345001^2^M10^^ACSN|123456789|9-87654^NC
 NK1|1|JONES^BARBARA^K|SPO|||||20011105
 NK1|1|JONES^MICHAEL^A|FTH
 PV1|1|I|2000^2012^01||||004777^LEBAUER^SIDNEY^J.|||SUR||-||ADM|A0
 AL1|1||^PENICILLIN||CODE16~CODE17~CODE18
 AL1|2||^CAT DANDER||CODE257
 DG1|001|I9|1550|MAL NEO LIVER, PRIMARY|19880501103005|F
 PR1|2234|M11|111^CODE151|COMMON PROCEDURES|198809081123
 ROL|45^RECORDER^ROLE MASTER LIST|AD|RO|KATE^SMITH^ELLEN|199505011201
 GT1|1122|1519|BILL^GATES^A
 IN1|001|A357|1234|BCMD|||||132987
 IN2|ID1551001|SSN12345678
 ROL|45^RECORDER^ROLE MASTER LIST|AD|RO|KATE^ELLEN|199505011201"
 function fuGOTROOT {
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
  then
    echo "Need to run as root ..."
    exit
 fi
 }
 function fuCHECKDEPS {
 myINST=""
 for myDEPS in $myPACKAGES;
 do
  myOK=$(dpkg -s $myDEPS | grep ok | awk '{ print $3 }');
  if [ "$myOK" != "ok" ]
    then
      myINST=$(echo $myINST $myDEPS)
  fi
 done
 if [ "$myINST" != "" ]
  then
    apt-get update -y
    for myDEPS in $myINST;
    do
      apt-get install $myDEPS -y
    done
 fi
 }
 function fuCHECKFORARGS {
 if [ "$myHOST" != "" ];
  then
    echo "All arguments met. Continuing."
  else
    echo "Usage: hp_test.sh <[host or ip]>"
    exit
 fi
 }
 function fuGETPORTS {
 myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ' | sed -e s/^:// | cut -f1 -d ':' | grep -v "6429\|6430" | sort -gu)
 myPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo "$i"; done)
 echo "Found these ports enabled:"
 echo "$myPORTS"
 exit
 }
 function fuSCAN {
 local myTIMEOUT="$1"
 local mySCANPORT="$2"
 local mySCANIP="$3"
 local mySCANOPTS="$4"
 timeout --foreground ${myTIMEOUT} nmap ${mySCANOPTS} -T4 -v -p ${mySCANPORT} ${mySCANIP} &
 }
 # Main
 fuGOTROOT
 fuCHECKDEPS
 fuCHECKFORARGS
 echo "Starting scans ..."
 echo "$myMEDPOTPACKET" | nc "$myHOST" 2575 &
 curl -XGET "http://$myHOST:9200/logstash-*/_search" &
 curl -XPOST -H "Content-Type: application/json" -d '{"name":"test","email":"test@test.com"}' "http://$myHOST:9200/test" &
 echo "I20100" | timeout --foreground 3 nc "$myHOST" 10001 &
 findscu -P -k PatientName="*" $myHOST 11112 &
 getscu -P -k PatientName="*" $myHOST 11112 &
 telnet $myHOST 3299 &
 fuSCAN "180" "7,8,102,135,161,1025,1080,5000,9200" "$myHOST" "-sC -sS -sU -sV"
 fuSCAN "180" "2048,4096,5432" "$myHOST" "-sC -sS -sU -sV --version-light"
 fuSCAN "120" "20,21" "$myHOST" "--script=ftp* -sC -sS -sV"
 fuSCAN "120" "22" "$myHOST" "--script=ssh2-enum-algos,ssh-auth-methods,ssh-hostkey,ssh-publickey-acceptance,sshv1 -sC -sS -sV"
 fuSCAN "30" "22" "$myHOST" "--script=ssh-brute"
 fuSCAN "120" "23,2323,2324" "$myHOST" "--script=telnet-encryption,telnet-ntlm-info -sC -sS -sV --version-light"
 fuSCAN "120" "25" "$myHOST" "--script=smtp* -sC -sS -sV"
 fuSCAN "180" "42" "$myHOST" "-sC -sS -sV"
 fuSCAN "120" "69" "$myHOST" "--script=tftp-enum -sU"
 fuSCAN "120" "80,81,8080,8443" "$myHOST" "-sC -sS -sV"
 fuSCAN "120" "110,995" "$myHOST" "--script=pop3-capabilities,pop3-ntlm-info -sC -sS -sV --version-light"
 fuSCAN "30" "110,995" "$myHOST" "--script=pop3-brute -sS"
 fuSCAN "120" "143,993" "$myHOST" "--script=imap-capabilities,imap-ntlm-info -sC -sS -sV --version-light"
 fuSCAN "30" "143,993" "$myHOST" "--script=imap-brute -sS"
 fuSCAN "240" "445" "$myHOST" "--script=smb-vuln* -sS -sU"
 fuSCAN "120" "502" "$myHOST" "--script=modbus-discover -sS -sU"
 fuSCAN "120" "623" "$myHOST" "--script=ipmi-cipher-zero,ipmi-version,supermicro-ipmi -sS -sU"
 fuSCAN "30" "623" "$myHOST" "--script=ipmi-brute -sS -sU"
 fuSCAN "120" "1433" "$myHOST" "--script=ms-sql* -sS"
 fuSCAN "120" "1723" "$myHOST" "--script=pptp-version -sS"
 fuSCAN "120" "1883" "$myHOST" "--script=mqtt-subscribe -sS"
 fuSCAN "120" "2404" "$myHOST" "--script=iec-identify -sS"
 fuSCAN "120" "3306" "$myHOST" "--script=mysql-vuln* -sC -sS -sV"
 fuSCAN "120" "3389" "$myHOST" "--script=rdp* -sC -sS -sV"
 fuSCAN "120" "5000" "$myHOST" "--script=*upnp* -sS -sU"
 fuSCAN "120" "5060,5061" "$myHOST" "--script=sip-call-spoof,sip-enum-users,sip-methods -sS -sU"
 fuSCAN "120" "5900" "$myHOST" "--script=vnc-info,vnc-title,realvnc-auth-bypass -sS"
 fuSCAN "120" "27017" "$myHOST" "--script=mongo* -sS"
 fuSCAN "120" "47808" "$myHOST" "--script=bacnet* -sS"
 wait
 reset
 echo "Done."
--- a/_deprecated/bin/dps.sh
+++ b/_deprecated/bin/dps.sh
@ -1,73 +0,0 @@
 #!/bin/bash
 # Run as root only.
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
  then
    echo "Need to run as root ..."
    exit
 fi
 myPARAM="$1"
 if [[ $myPARAM =~ ^([1-9]|[1-9][0-9]|[1-9][0-9][0-9])$ ]];
  then
    watch --color -n $myPARAM "$0"
    exit
 fi
 # Show current status of T-Pot containers
 myCONTAINERS="$(cat /opt/tpot/etc/tpot.yml | grep -v '#' | grep container_name | cut -d: -f2 | sort | tr -d " ")"
 myRED="[1;31m"
 myGREEN="[1;32m"
 myBLUE="[1;34m"
 myWHITE="[0;0m"
 myMAGENTA="[1;35m"
 # Blackhole Status
 myBLACKHOLE_STATUS=$(ip r | grep "blackhole" -c)
 if [ "$myBLACKHOLE_STATUS" -gt "500" ];
  then
    myBLACKHOLE_STATUS="${myGREEN}ENABLED"
  else
    myBLACKHOLE_STATUS="${myRED}DISABLED"
 fi
 function fuGETTPOT_STATUS {
 # T-Pot Status
 myTPOT_STATUS=$(systemctl status tpot | grep "Active" | awk '{ print $2 }')
 if [ "$myTPOT_STATUS" == "active" ];
  then
    echo "${myGREEN}ACTIVE"
  else
    echo "${myRED}INACTIVE"
 fi
 }
 function fuGETSTATUS {
 grc --colour=on docker ps -f status=running -f status=exited --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep -v "NAME" | sort
 }
 function fuGETSYS {
 printf "[ ========| System |======== ]\n"
 printf "${myBLUE}%+11s ${myWHITE}%-20s\n" "DATE: " "$(date)"
 printf "${myBLUE}%+11s ${myWHITE}%-20s\n" "UPTIME: " "$(grc --colour=on uptime)"
 printf "${myMAGENTA}%+11s %-20s\n" "T-POT: " "$(fuGETTPOT_STATUS)"
 printf "${myMAGENTA}%+11s %-20s\n" "BLACKHOLE: " "$myBLACKHOLE_STATUS${myWHITE}"
 echo
 }
    myDPS=$(fuGETSTATUS)
    myDPSNAMES=$(echo "$myDPS" | awk '{ print $1 }' | sort)
    fuGETSYS
    printf "%-21s %-28s %s\n" "NAME" "STATUS" "PORTS"
    if [ "$myDPS" != "" ];
      then
        echo "$myDPS"
    fi
    for i in $myCONTAINERS; do
      myAVAIL=$(echo "$myDPSNAMES" | grep -o "$i" | uniq | wc -l)      	    
      if [ "$myAVAIL" = "0" ];
 	then
 	  printf "%-28s %-28s\n" "$myRED$i" "DOWN$myWHITE"
      fi
    done
--- a/_deprecated/bin/hpfeeds_optin.sh
+++ b/_deprecated/bin/hpfeeds_optin.sh
@ -1,134 +0,0 @@
 #!/bin/bash
 # Run as root only.
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
  then
    echo "Need to run as root ..."
    exit
 fi
 myTPOTYMLFILE="/opt/tpot/etc/tpot.yml"
 function fuGENERIC () {
 echo
 echo "You chose generic, please provide all the details of the broker"
 echo
 myENABLE="true"
 read -p "Host URL: " myHOST
 read -p "Port: " myPORT
 read -p "Channel: " myCHANNEL
 echo "For generic providers set this to 'false'"
 echo "If you received a CA certficate mount it into the ewsposter container by modifying $myTPOTYMLFILE"
 read -p "TLS - 'false' or path to CA in container: " myCERT
 read -p "Ident: " myIDENT
 read -p "Secret: " mySECRET
 read -p "Format ews (xml) or json: " myFORMAT
 }
 function fuOPTOUT () {
 echo
 while [ 1 != 2 ]
  do
    read -s -n 1 -p "You chose to opt out (y/n)? " mySELECT
      echo $mySELECT
      case "$mySELECT" in
        [y,Y])
          echo "Opt out."
          break
          ;;
        [n,N])
          echo "Aborted."
          exit
          ;;
      esac
 done
 myENABLE="false"
 myHOST="host"
 myPORT="port"
 myCHANNEL="channels"
 myCERT="false"
 myIDENT="user"
 mySECRET="secret"
 myFORMAT="json"
 }
 function fuWRITETOFILE () {
 if [ -f '/data/ews/conf/hpfeeds.cfg' ]; then
  echo "Creating backup of current config in /data/ews/conf/hpfeeds.cfg.old"
  mv /data/ews/conf/hpfeeds.cfg /data/ews/conf/hpfeeds.cfg.old
 fi
 echo "Storing new config in /data/ews/conf/hpfeeds.cfg"
 cat >> /data/ews/conf/hpfeeds.cfg <<EOF
 myENABLE=$myENABLE
 myHOST=$myHOST
 myPORT=$myPORT
 myCHANNEL=$myCHANNEL
 myCERT=$myCERT
 myIDENT=$myIDENT
 mySECRET=$mySECRET
 myFORMAT=$myFORMAT
 EOF
 }
 function fuAPPLY () {
 echo "Now stopping T-Pot ..."
 systemctl stop tpot
 echo "Applying your settings to tpot.yml ... "
 sed --follow-symlinks -i "s/EWS_HPFEEDS_ENABLE.*/EWS_HPFEEDS_ENABLE=${myENABLE}/g" "$myTPOTYMLFILE"
 sed --follow-symlinks -i "s/EWS_HPFEEDS_HOST.*/EWS_HPFEEDS_HOST=${myHOST}/g" "$myTPOTYMLFILE"
 sed --follow-symlinks -i "s/EWS_HPFEEDS_PORT.*/EWS_HPFEEDS_PORT=${myPORT}/g" "$myTPOTYMLFILE"
 sed --follow-symlinks -i "s/EWS_HPFEEDS_CHANNELS.*/EWS_HPFEEDS_CHANNELS=${myCHANNEL}/g" "$myTPOTYMLFILE"
 sed --follow-symlinks -i "s#EWS_HPFEEDS_TLSCERT.*#EWS_HPFEEDS_TLSCERT=${myCERT}#g" "$myTPOTYMLFILE"
 sed --follow-symlinks -i "s/EWS_HPFEEDS_IDENT.*/EWS_HPFEEDS_IDENT=${myIDENT}/g" "$myTPOTYMLFILE"
 sed --follow-symlinks -i "s/EWS_HPFEEDS_SECRET.*/EWS_HPFEEDS_SECRET=${mySECRET}/g" "$myTPOTYMLFILE"
 sed --follow-symlinks -i "s/EWS_HPFEEDS_FORMAT.*/EWS_HPFEEDS_FORMAT=${myFORMAT}/g" "$myTPOTYMLFILE"
 echo "Now starting T-Pot ..."
 systemctl start tpot
 echo "You can always change or review your settings in /data/ews/conf/hpfeeds.cfg and apply changes by"
 echo "running \"./hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg\""
 echo "Done."
 }
 # Check for cmdline argument and parse config file
 filename=$(echo $@ | cut -d= -f2)
 if [ $# == 1 ] && echo $@ | grep '\-\-conf=' > /dev/null && [ ! -z $filename ] && [ -f $filename ]
  then
    source $filename
 else
 # Proceed with interactive setup when no config file is found
 echo "HPFEEDS Delivery Opt-In for T-Pot"
 echo "---------------------------------"
 echo "By running this script you agree to share your data with a 3rd party and agree to their corresponding sharing terms."
 echo
 echo
 echo "Please choose your broker"
 echo "---------------------------"
 echo "[1] - Generic (enter details manually)"
 echo "[0] - Opt out of HPFEEDS"
 echo "[q] - Do not agree end exit"
 echo
 while [ 1 != 2 ]
  do
    read -s -n 1 -p "Your choice: " mySELECT
      echo $mySELECT
      case "$mySELECT" in
        [1])
 	  fuGENERIC
          break
          ;;
        [0])
 	  fuOPTOUT
          break
          ;;
        [q,Q])
 	  echo "Aborted."
          exit
          ;;
      esac
 done
 fi
 fuWRITETOFILE
 fuAPPLY
--- a/_deprecated/bin/hptest.sh
+++ b/_deprecated/bin/hptest.sh
@ -1,68 +0,0 @@
 #!/bin/bash
 myHOST="$1"
 myPACKAGES="nmap"
 myDOCKERCOMPOSEYML="/opt/tpot/etc/tpot.yml"
 function fuGOTROOT {
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
  then
    echo "Need to run as root ..."
    exit
 fi
 }
 function fuCHECKDEPS {
 myINST=""
 for myDEPS in $myPACKAGES;
 do
  myOK=$(dpkg -s $myDEPS | grep ok | awk '{ print $3 }');
  if [ "$myOK" != "ok" ]
    then
      myINST=$(echo $myINST $myDEPS)
  fi
 done
 if [ "$myINST" != "" ]
  then
    apt-get update -y
    for myDEPS in $myINST;
    do
      apt-get install $myDEPS -y
    done
 fi
 }
 function fuCHECKFORARGS {
 if [ "$myHOST" != "" ];
  then
    echo "All arguments met. Continuing."
    echo
  else
    echo "Usage: hptest.sh <[host or ip]>"
    echo
    exit
 fi
 }
 function fuGETPORTS {
 myDOCKERCOMPOSEUDPPORTS=$(cat $myDOCKERCOMPOSEYML | grep "udp" | tr -d '"\|#\-' | cut -d ":" -f2 | cut -d "/" -f1 | sort -gu)
 myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ' | sed -e s/^:// | cut -f1 -d ':' | grep -v "6429\|6430" | sort -gu)
 myUDPPORTS=$(for i in $myDOCKERCOMPOSEUDPPORTS; do echo -n "U:$i,"; done)
 myPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo -n "T:$i,"; done)
 }
 # Main
 fuGETPORTS
 fuGOTROOT
 fuCHECKDEPS
 fuCHECKFORARGS
 echo
 echo "Starting scan on all UDP / TCP ports defined in /opt/tpot/etc/tpot.yml ..."
 nmap -sV -sC -v -p $myPORTS $1 &
 nmap -sU -sV -sC -v -p $myUDPPORTS $1 &
 echo
 wait
 echo "Done."
 echo
--- a/_deprecated/bin/myip.sh
+++ b/_deprecated/bin/myip.sh
@ -1,103 +0,0 @@
 #!/bin/bash
 ## Get my external IP
 timeout=2   # seconds to wait for a reply before trying next server
 verbose=1   # prints which server was used to STDERR
 dnslist=(
  "dig +short            myip.opendns.com        @resolver1.opendns.com"
  "dig +short            myip.opendns.com        @resolver2.opendns.com"
  "dig +short            myip.opendns.com        @resolver3.opendns.com"
  "dig +short            myip.opendns.com        @resolver4.opendns.com"
  "dig +short -4 -t a    whoami.akamai.net       @ns1-1.akamaitech.net"
  "dig +short            whoami.akamai.net       @ns1-1.akamaitech.net"
 )
 httplist=(
  alma.ch/myip.cgi
  api.infoip.io/ip
  api.ipify.org
  bot.whatismyipaddress.com
  canhazip.com
  checkip.amazonaws.com
  eth0.me
  icanhazip.com
  ident.me
  ipecho.net/plain
  ipinfo.io/ip
  ipof.in/txt
  ip.tyk.nu
  l2.io/ip
  smart-ip.net/myip
  wgetip.com
  whatismyip.akamai.com
 )
 # function to check for valid ip
 function valid_ip()
 {
  local  ip=$1
  local  stat=1
  if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
    OIFS=$IFS
    IFS='.'
    ip=($ip)
    IFS=$OIFS
    [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
        && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
    stat=$?
  fi
  return $stat
 }
 # function to shuffle the global array "array"
 shuffle() {
  local i tmp size max rand
  size=${#array[*]}
  max=$(( 32768 / size * size ))
  for ((i=size-1; i>0; i--)); do
    while (( (rand=$RANDOM) >= max )); do :; done
    rand=$(( rand % (i+1) ))
    tmp=${array[i]} array[i]=${array[rand]} array[rand]=$tmp
  done
 }
 # if we have dig and a list of dns methods, try that first
 if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then
  eval array=( \"\${dnslist[@]}\" )
  shuffle
  for cmd in "${array[@]}"; do
    [ "$verbose" == 1 ] && echo Trying: $cmd 1>&2
    ip=$(timeout $timeout $cmd)
    if [ -n "$ip" ]; then
      if valid_ip $ip; then
        echo $ip 
        exit
      fi
    fi
  done
 fi
 # if we haven't succeeded with DNS, try HTTP
 if [ ${#httplist[*]} == 0 ]; then
  echo "No hosts in httplist array!" >&2
  exit 1
 fi
 # use curl or wget, depending on which one we find
 curl_or_wget=$(if hash curl 2>/dev/null; then echo "curl -s"; elif hash wget 2>/dev/null; then echo "wget -qO-"; fi);
 if [ -z "$curl_or_wget" ]; then
  echo "Neither curl nor wget found. Cannot use http method." >&2
  exit 1
 fi
 eval array=( \"\${httplist[@]}\" )
 shuffle
 for url in "${array[@]}"; do
  [ "$verbose" == 1 ] && echo Trying: $curl_or_wget "$url" 1>&2
  ip=$(timeout $timeout $curl_or_wget "$url")
  if [ -n "$ip" ]; then
    if valid_ip $ip; then 
      echo $ip 
      exit
    fi
  fi
 done
--- a/_deprecated/bin/mytopips.sh
+++ b/_deprecated/bin/mytopips.sh
@ -1,27 +0,0 @@
 #!/bin/bash
 # Make sure ES is available
 myES="http://127.0.0.1:64298/"
 myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
 if ! [ "$myESSTATUS" = "1" ]
  then
    echo "### Elasticsearch is not available, try starting via 'systemctl start elk'."
    exit 1
  else
    echo "### Elasticsearch is available, now continuing."
    echo
 fi
 function fuMYTOPIPS {
 curl -s -XGET $myES"_search" -H 'Content-Type: application/json' -d'
 {
  "aggs": {
    "ips": {
      "terms": { "field": "src_ip.keyword", "size": 100 }
    }
  },
  "size" : 0
 }'
 }
 echo "### Aggregating top 100 source IPs in ES"
 fuMYTOPIPS | jq '.aggregations.ips.buckets[].key' | tr -d '"'
--- a/_deprecated/bin/rules.sh
+++ b/_deprecated/bin/rules.sh
@ -1,107 +0,0 @@
 #!/bin/bash
 ### Vars, Ports for Standard services
 myHOSTPORTS="7634 64294 64295 64297 64304"
 myDOCKERCOMPOSEYML="$1"
 myRULESFUNCTION="$2"
 function fuCHECKFORARGS {
 ### Check if args are present, if not throw error
 if [ "$myDOCKERCOMPOSEYML" != "" ] && ([ "$myRULESFUNCTION" == "set" ] || [ "$myRULESFUNCTION" == "unset" ]);
  then
    echo "All arguments met. Continuing."
  else
    echo "Usage: rules.sh <docker-compose.yml> <[set, unset]>"
    exit
 fi
 }
 function fuNFQCHECK {
 ### Check if honeytrap or glutton is actively enabled in docker-compose.yml
 myNFQCHECK=$(grep -e '^\s*honeytrap:\|^\s*glutton:' $myDOCKERCOMPOSEYML | tr -d ': ' | uniq)
 if [ "$myNFQCHECK" == "" ];
  then
    echo "No NFQ related honeypot detected, no iptables-legacy rules needed. Exiting."
    exit
  else
    echo "Detected $myNFQCHECK as NFQ based honeypot, iptables-legacy rules needed. Continuing."
 fi
 }
 function fuGETPORTS {
 ### Get ports from docker-compose.yml
 myDOCKERCOMPOSEPORTS=$(cat $myDOCKERCOMPOSEYML | yq -r '.services[].ports' | grep ':' | sed -e s/127.0.0.1// | tr -d '", ' | sed -e s/^:// | cut -f1 -d ':' )
 myDOCKERCOMPOSEPORTS+=" $myHOSTPORTS"
 myRULESPORTS=$(for i in $myDOCKERCOMPOSEPORTS; do echo $i; done | sort -gu)
 echo "Setting up / removing these ports:"
 echo "$myRULESPORTS"
 }
 function fuSETRULES {
 ### Setting up iptables-legacy rules for honeytrap
 if [ "$myNFQCHECK" == "honeytrap" ];
  then
    /usr/sbin/iptables-legacy -w -A INPUT -s 127.0.0.1 -j ACCEPT
    /usr/sbin/iptables-legacy -w -A INPUT -d 127.0.0.1 -j ACCEPT
    for myPORT in $myRULESPORTS; do
      /usr/sbin/iptables-legacy -w -A INPUT -p tcp --dport $myPORT -j ACCEPT
    done
    /usr/sbin/iptables-legacy -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
 fi
 ### Setting up iptables-legacy rules for glutton
 if [ "$myNFQCHECK" == "glutton" ];
  then
    /usr/sbin/iptables-legacy -w -t raw -A PREROUTING -s 127.0.0.1 -j ACCEPT
    /usr/sbin/iptables-legacy -w -t raw -A PREROUTING -d 127.0.0.1 -j ACCEPT
    for myPORT in $myRULESPORTS; do
      /usr/sbin/iptables-legacy -w -t raw -A PREROUTING -p tcp --dport $myPORT -j ACCEPT
    done
    # No need for NFQ forwarding, such rules are set up by glutton
 fi
 }
 function fuUNSETRULES {
 ### Removing  iptables-legacy rules for honeytrap
 if [ "$myNFQCHECK" == "honeytrap" ];
  then
    /usr/sbin/iptables-legacy -w -D INPUT -s 127.0.0.1 -j ACCEPT
    /usr/sbin/iptables-legacy -w -D INPUT -d 127.0.0.1 -j ACCEPT
    for myPORT in $myRULESPORTS; do
      /usr/sbin/iptables-legacy -w -D INPUT -p tcp --dport $myPORT -j ACCEPT
    done
    /usr/sbin/iptables-legacy -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
 fi
 ### Removing iptables-legacy rules for glutton
 if [ "$myNFQCHECK" == "glutton" ];
  then
    /usr/sbin/iptables-legacy -w -t raw -D PREROUTING -s 127.0.0.1 -j ACCEPT
    /usr/sbin/iptables-legacy -w -t raw -D PREROUTING -d 127.0.0.1 -j ACCEPT
    for myPORT in $myRULESPORTS; do
      /usr/sbin/iptables-legacy -w -t raw -D PREROUTING -p tcp --dport $myPORT -j ACCEPT
    done
    # No need for removing NFQ forwarding, such rules are removed by glutton
 fi
 }
 # Main
 fuCHECKFORARGS
 fuNFQCHECK
 fuGETPORTS
 if [ "$myRULESFUNCTION" == "set" ];
  then
    fuSETRULES
  else
    fuUNSETRULES
 fi
--- a/_deprecated/bin/tpdclean.sh
+++ b/_deprecated/bin/tpdclean.sh
@ -1,29 +0,0 @@
 #!/bin/bash
 # T-Pot Compose and Container Cleaner
 # Set colors
 myRED="[0;31m"
 myGREEN="[0;32m"
 myWHITE="[0;0m"
 # Only run with command switch
 if [ "$1" != "-y" ]; then
  echo $myRED"### WARNING"$myWHITE
  echo ""
  echo $myRED"###### This script is only intended for the tpot.service."$myWHITE
  echo $myRED"###### Run <systemctl stop tpot> first and then <tpdclean.sh -y>."$myWHITE
  echo $myRED"###### Be aware, all T-Pot container volumes and images will be removed."$myWHITE
  echo ""
  echo $myRED"### WARNING "$myWHITE
  echo
  exit
 fi
 # Remove old containers, images and volumes
 docker-compose -f /opt/tpot/etc/tpot.yml down -v >> /dev/null 2>&1
 docker-compose -f /opt/tpot/etc/tpot.yml rm -v >> /dev/null 2>&1
 docker network rm $(docker network ls -q) >> /dev/null 2>&1
 docker volume rm $(docker volume ls -q) >> /dev/null 2>&1
 docker rm -v $(docker ps -aq) >> /dev/null 2>&1
 docker rmi $(docker images | grep "<none>" | awk '{print $3}') >> /dev/null 2>&1
 docker rmi $(docker images | grep "2203" | awk '{print $3}') >> /dev/null 2>&1
 exit 0
--- a/_deprecated/bin/tped.sh
+++ b/_deprecated/bin/tped.sh
@ -1,56 +0,0 @@
 #!/bin/bash
 # Run as root only.
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
  then
    echo "Need to run as root ..."
    exit
 fi
 # set backtitle, get filename
 myBACKTITLE="T-Pot Edition Selection Tool"
 myYMLS=$(cd /opt/tpot/etc/compose/ && ls -1 *.yml)
 myLINK="/opt/tpot/etc/tpot.yml"
 # Let's load docker images in parallel
 function fuPULLIMAGES {
 local myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
 for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | uniq)
  do
    docker pull $name &
  done
 wait
 echo
 }
 # setup menu
 for i in $myYMLS;
  do
    myITEMS+="$i $(echo $i | cut -d "." -f1 | tr [:lower:] [:upper:]) " 
 done
 myEDITION=$(dialog --backtitle "$myBACKTITLE" --menu "Select T-Pot Edition" 18 50 1 $myITEMS 3>&1 1>&2 2>&3 3>&-)
 if [ "$myEDITION" == "" ];
  then
    echo "Have a nice day!"
    exit
 fi
 dialog --backtitle "$myBACKTITLE" --title "[ Activate now? ]" --yesno "\n$myEDITION" 7 50
 myOK=$?
 if [ "$myOK" == "0" ];
  then
    echo "OK - Activating and downloading latest images."
    systemctl stop tpot
    if [ "$(docker ps -aq)" != "" ];
      then
        docker stop $(docker ps -aq)
        docker rm $(docker ps -aq)
    fi
    rm -f $myLINK
    ln -s /opt/tpot/etc/compose/$myEDITION $myLINK
    fuPULLIMAGES
    systemctl start tpot
    echo "Done. Use \"dps.sh\" for monitoring"
  else 
    echo "Have a nice day!"
 fi
--- a/_deprecated/bin/updateip.sh
+++ b/_deprecated/bin/updateip.sh
@ -1,89 +0,0 @@
 #!/bin/bash
 # Let's add the first local ip to the /etc/issue and external ip to ews.ip file
 # If the external IP cannot be detected, the internal IP will be inherited.
 source /etc/environment
 myCHECKIFSENSOR=$(head -n 1 /opt/tpot/etc/tpot.yml | grep "Sensor" | wc -l)
 myUUID=$(lsblk -o MOUNTPOINT,UUID | grep -e "^/ " | awk '{ print $2 }')
 myLOCALIP=$(hostname -I | awk '{ print $1 }')
 myEXTIP=$(/opt/tpot/bin/myip.sh)
 if [ "$myEXTIP" = "" ];
  then
    myEXTIP=$myLOCALIP
    myEXTIP_LAT="49.865835022498125"
    myEXTIP_LONG="8.62606472775735"
  else
    myEXTIP_LOC=$(curl -s ipinfo.io/$myEXTIP/loc)
    myEXTIP_LAT=$(echo "$myEXTIP_LOC" | cut -f1 -d",")
    myEXTIP_LONG=$(echo "$myEXTIP_LOC" | cut -f2 -d",")
 fi
 # Load Blackhole routes if enabled 
 myBLACKHOLE_FILE1="/etc/blackhole/mass_scanner.txt"
 myBLACKHOLE_FILE2="/etc/blackhole/mass_scanner_cidr.txt"
 if [ -f "$myBLACKHOLE_FILE1" ] || [ -f "$myBLACKHOLE_FILE2" ];
  then
    /opt/tpot/bin/blackhole.sh add
 fi
 myBLACKHOLE_STATUS=$(ip r | grep "blackhole" -c)
 if [ "$myBLACKHOLE_STATUS" -gt "500" ];
  then
    myBLACKHOLE_STATUS="| [1;34mBLACKHOLE: [ [0;37mENABLED[1;34m ][0m"
  else
    myBLACKHOLE_STATUS="| [1;34mBLACKHOLE: [ [1;30mDISABLED[1;34m ][0m"
 fi
 mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1)
 # Export
 export myUUID
 export myLOCALIP
 export myEXTIP
 export myEXTIP_LAT
 export myEXTIP_LONG
 export myBLACKHOLE_STATUS
 export mySSHUSER
 # Build issue
 echo "[H[2J" > /etc/issue
 toilet -f ivrit -F metal --filter border:metal "T-Pot   22.04" | sed 's/\\/\\\\/g' >> /etc/issue
 echo >> /etc/issue
 echo ",---- [ [1;34m\n[0m ] [ [0;34m\d[0m ] [ [1;30m\t[0m ]" >> /etc/issue
 echo "|" >> /etc/issue
 echo "| [1;34mIP: $myLOCALIP ($myEXTIP)[0m" >> /etc/issue
 echo "| [0;34mSSH: ssh -l tsec -p 64295 $myLOCALIP[0m" >> /etc/issue 
 if [ "$myCHECKIFSENSOR" == "0" ];
  then
    echo "| [1;30mWEB: https://$myLOCALIP:64297[0m" >> /etc/issue
 fi
 echo "| [0;37mADMIN: https://$myLOCALIP:64294[0m" >> /etc/issue
 echo "$myBLACKHOLE_STATUS" >> /etc/issue
 echo "|" >> /etc/issue
 echo "\`----" >> /etc/issue
 echo >> /etc/issue
 tee /data/ews/conf/ews.ip << EOF
 [MAIN]
 ip = $myEXTIP
 EOF
 tee /opt/tpot/etc/compose/elk_environment << EOF
 HONEY_UUID=$myUUID
 MY_EXTIP=$myEXTIP
 MY_EXTIP_LAT=$myEXTIP_LAT
 MY_EXTIP_LONG=$myEXTIP_LONG
 MY_INTIP=$myLOCALIP
 MY_HOSTNAME=$HOSTNAME
 EOF
 if [ -s "/data/elk/logstash/ls_environment" ];
  then
    source /data/elk/logstash/ls_environment
    tee -a /opt/tpot/etc/compose/elk_environment << EOF
 MY_TPOT_TYPE=$MY_TPOT_TYPE
 MY_SENSOR_PRIVATEKEYFILE=$MY_SENSOR_PRIVATEKEYFILE
 MY_HIVE_USERNAME=$MY_HIVE_USERNAME
 MY_HIVE_IP=$MY_HIVE_IP
 EOF
 fi
 chown tpot:tpot /data/ews/conf/ews.ip
 chmod 770 /data/ews/conf/ews.ip
--- a/_deprecated/cloud/.gitignore
+++ b/_deprecated/cloud/.gitignore
@ -1,10 +0,0 @@
 # Ansible
 *.retry
 # Terraform
 **/.terraform
 **/terraform.*
 # OpenStack clouds
 **/clouds.yaml
 **/secure.yaml
--- a/_deprecated/cloud/ansible/README.md
+++ b/_deprecated/cloud/ansible/README.md
@ -1,257 +0,0 @@
 # T-Pot Ansible
 Here you can find a ready-to-use solution for your automated T-Pot deployment using [Ansible](https://www.ansible.com/).  
 It consists of an Ansible Playbook with multiple roles, which is reusable for all [OpenStack](https://www.openstack.org/) based clouds (e.g. Open Telekom Cloud, Orange Cloud, Telefonica Open Cloud, OVH) out of the box.  
 Apart from that you can easily adapt the deploy role to use other [cloud providers](https://docs.ansible.com/ansible/latest/scenario_guides/cloud_guides.html). Check out [Ansible Galaxy](https://galaxy.ansible.com/search?keywords=&order_by=-relevance&page=1&deprecated=false&type=collection&tags=cloud) for more cloud collections.
 The Playbook first creates all resources (security group, network, subnet, router), deploys one (or more) new servers and then installs and configures T-Pot on them.
 This example showcases the deployment on our own OpenStack based Public Cloud Offering [Open Telekom Cloud](https://open-telekom-cloud.com/en).
 # Table of contents
 - [Preparation of Ansible Master](#ansible-master)
  - [Ansible Installation](#ansible)
  - [OpenStack Collection Installation](#collection)
  - [Agent Forwarding](#agent-forwarding)
 - [Preparations in Open Telekom Cloud Console](#preparation)
  - [Create new project](#project)
  - [Create API user](#api-user)
  - [Import Key Pair](#key-pair)
 - [Clone Git Repository](#clone-git)
 - [Settings and recommended values](#settings)
  - [clouds.yaml](#clouds-yaml)
  - [Ansible remote user](#remote-user)
  - [Number of instances to deploy](#number)
  - [Instance settings](#instance-settings)
  - [User password](#user-password)
  - [Configure `tpot.conf.dist`](#tpot-conf)
  - [Optional: Custom `ews.cfg`](#ews-cfg)
  - [Optional: Custom HPFEEDS](#hpfeeds)
 - [Deploying a T-Pot](#deploy)
 - [Further documentation](#documentation)
 <a name="ansible-master"></a>
 # Preparation of Ansible Master
 You can either run the Ansible Playbook locally on your Linux or macOS machine or you can use an ECS (Elastic Cloud Server) on Open Telekom Cloud, which I did.  
 I used Ubuntu 18.04 for my Ansible Master Server, but other OSes are fine too.  
 Ansible works over the SSH Port, so you don't have to add any special rules to your Security Group.
 <a name="ansible"></a>
 ## Ansible Installation
 :warning: Ansible 2.10 or newer is required!
 Example for Ubuntu 18.04:  
 At first we update the system:  
 `sudo apt update`  
 `sudo apt dist-upgrade`
 Then we need to add the repository and install Ansible:  
 `sudo apt-add-repository --yes --update ppa:ansible/ansible`  
 `sudo apt install ansible`
 For other OSes and Distros have a look at the official [Ansible Documentation](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html).
 If your OS does not offer a recent version of Ansible (>= 2.10) you should consider [installing Ansible with pip](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-with-pip).  
 In short (if you already have Python3/pip3 installed):
 ```
 pip3 install ansible
 ```
 <a name="collection"></a>
 ## OpenStack Collection Installation
 For interacting with OpenStack resources in Ansible, you need to install the collection from Ansible Galaxy:  
 `ansible-galaxy collection install openstack.cloud`
 <a name="agent-forwarding"></a>
 ## Agent Forwarding
 If you run the Ansible Playbook remotely on your Ansible Master Server, Agent Forwarding must be enabled in order to let Ansible connect to newly created machines.  
 - On Linux or macOS:  
  - Create or edit `~/.ssh/config`
    ```
    Host ANSIBLE_MASTER_IP
    ForwardAgent yes
    ```
 - On Windows using Putty:  
 ![Putty Agent Forwarding](doc/putty_agent_forwarding.png)
 <a name="preparation"></a>
 # Preparations in Open Telekom Cloud Console
 (You can skip this if you have already set up a project and an API account with key pair)  
 (Just make sure you know the naming for everything, as you need to configure the Ansible variables.)
 Before we can start deploying, we have to prepare the Open Telekom Cloud tenant.  
 For that, go to the [Web Console](https://auth.otc.t-systems.com/authui/login) and log in with an admin user.
 <a name="project"></a>
 ## Create new project
 I strongly advise you to create a separate project for the T-Pots in your tenant.  
 In my case I named it `tpot`.
 ![Create new project](doc/otc_1_project.gif)
 <a name="api-user"></a>
 ## Create API user
 The next step is to create a new user account, which is restricted to the project.  
 This ensures that the API access is limited to that project.
 ![Create API user](doc/otc_2_user.gif)
 <a name="key-pair"></a>
 ## Import Key Pair
 :warning: Now log in with the newly created API user account and select your project.
 ![Login as API user](doc/otc_3_login.gif)
 Import your SSH public key.
 ![Import SSH Public Key](doc/otc_4_import_key.gif)
 <a name="clone-git"></a>
 # Clone Git Repository
 Clone the `tpotce` repository to your Ansible Master:  
 `git clone https://github.com/telekom-security/tpotce.git`  
 All Ansible related files are located in the [`cloud/ansible/openstack`](openstack) folder.
 <a name="settings"></a>
 # Settings and recommended values
 You can configure all aspects of your Elastic Cloud Server and T-Pot before using the Playbook:
 <a name="clouds-yaml"></a>
 ## clouds.yaml
 Located at [`openstack/clouds.yaml`](openstack/clouds.yaml).  
 Enter your Open Telekom Cloud API user credentials here (username, password, project name, user domain name):  
 ```
 clouds:
  open-telekom-cloud:
    profile: otc
    auth:
      project_name: eu-de_your_project
      username: your_api_user
      password: your_password
      user_domain_name: OTC-EU-DE-000000000010000XXXXX
 ```
 You can also perform different authentication methods like sourcing OpenStack OS_* environment variables or providing an inline dictionary.  
 For more information have a look in the [openstack.cloud.server](https://docs.ansible.com/ansible/latest/collections/openstack/cloud/server_module.html) Ansible module documentation.
 If you already have your own `clouds.yaml` file or have multiple clouds in there, you can specify which one to use in the `openstack/my_os_cloud.yaml` file:
 ```
 # Enter the name of your cloud to use from clouds.yaml
 cloud: open-telekom-cloud
 ```
 <a name="remote-user"></a>
 ## Ansible remote user
 You may have to adjust the `remote_user` in the Ansible Playbook under [`openstack/deploy_tpot.yaml`](openstack/deploy_tpot.yaml) depending on your Debian base image (e.g. on Open Telekom Cloud the default Debian user is `linux`).
 <a name="number"></a>
 ## Number of instances to deploy
 You can adjust the number of VMs/T-Pots that you want to create in [`openstack/deploy_tpot.yaml`](openstack/deploy_tpot.yaml):
 ```
 loop: "{{ range(0, 1) }}"
 ```
 One instance is set as the default, increase to your liking.
 <a name="instance-settings"></a>
 ## Instance settings
 Located at [`openstack/roles/create_vm/vars/main.yaml`](openstack/roles/create_vm/vars/main.yaml).  
 Here you can customize your virtual machine specifications:
  - Choose an availability zone. For Open Telekom Cloud reference see [here](https://docs.otc.t-systems.com/en-us/endpoint/index.html).
  - Change the OS image (For T-Pot we need Debian)
  - (Optional) Change the volume size
  - Specify your key pair (:warning: Mandatory)
  - (Optional) Change the instance type (flavor)  
    `s3.medium.8` corresponds to 1 vCPU and 8GB of RAM and is the minimum required flavor.  
    A full list of Open Telekom Cloud flavors can be found [here](https://docs.otc.t-systems.com/en-us/usermanual/ecs/en-us_topic_0177512565.html).
 ```
 availability_zone: eu-de-03
 image: Standard_Debian_10_latest
 volume_size: 128
 key_name: your-KeyPair
 flavor: s3.medium.8
 ```
 <a name="user-password"></a>
 ## User password
 Located at [`openstack/roles/install/vars/main.yaml`](openstack/roles/install/vars/main.yaml).  
 Here you can set the password for your Debian user (**you should definitely change that**).
 ```
 user_password: LiNuXuSeRPaSs#
 ```
 <a name="tpot-conf"></a>
 ## Configure `tpot.conf.dist`
 The file is located in [`iso/installer/tpot.conf.dist`](/iso/installer/tpot.conf.dist).  
 Here you can choose:
  - between the various T-Pot editions
  - a username for the web interface
  - a password for the web interface (**you should definitely change that**)
 <a name="ews-cfg"></a>
 ## Optional: Custom `ews.cfg`
 Enable this by uncommenting the role in the [deploy_tpot.yaml](openstack/deploy_tpot.yaml) playbook.
 ```
 #    - custom_ews
 ```
 You can use a custom config file for `ewsposter`.  
 e.g. when you have your own credentials for delivering data to our [Sicherheitstacho](https://sicherheitstacho.eu/start/main).  
 You can find the `ews.cfg` template file here: [`openstack/roles/custom_ews/templates/ews.cfg`](openstack/roles/custom_ews/templates/ews.cfg) and adapt it for your needs.
 For setting custom credentials, these settings would be relevant for you (the rest of the file can stay as is):  
 ```
 [MAIN]
 ...
 contact = your_email_address
 ...
 [EWS]
 ...
 username = your_username
 token = your_token
 ...
 ```
 <a name="hpfeeds"></a>
 ## Optional: Custom HPFEEDS
 Enable this by uncommenting the role in the [deploy_tpot.yaml](openstack/deploy_tpot.yaml) playbook.
 ```
 #    - custom_hpfeeds
 ```
 You can specify custom HPFEEDS in [`openstack/roles/custom_hpfeeds/files/hpfeeds.cfg`](openstack/roles/custom_hpfeeds/files/hpfeeds.cfg).  
 That file contains the defaults (turned off) and you can adapt it for your needs, e.g. for SISSDEN:
 ```
 myENABLE=true
 myHOST=hpfeeds.sissden.eu
 myPORT=10000
 myCHANNEL=t-pot.events
 myCERT=/opt/ewsposter/sissden.pem
 myIDENT=your_user
 mySECRET=your_secret
 myFORMAT=json
 ```
 <a name="deploy"></a>
 # Deploying a T-Pot :honey_pot::honeybee:
 Now, after configuring everything, we can finally start deploying T-Pots!  
 Go to the [`openstack`](openstack) folder and run the Ansible Playbook with:  
 `ansible-playbook deploy_tpot.yaml`  
 (Yes, it is as easy as that :smile:)
 If you are running on a machine which asks for a sudo password, you can use:  
 `ansible-playbook --ask-become-pass deploy_tpot.yaml`
 The Playbook will first install required packages on the Ansible Master and then deploy one (or more) new server instances.  
 After that, T-Pot gets installed and configured on them, optionally custom configs are applied and finally it reboots.
 Once this is done, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/telekom-security/tpotce#ssh-and-web-access).
 <a name="documentation"></a>
 # Further documentation
 - [Ansible Documentation](https://docs.ansible.com/ansible/latest/)
 - [openstack.cloud.server – Create/Delete Compute Instances from OpenStack](https://docs.ansible.com/ansible/latest/collections/openstack/cloud/server_module.html)
 - [Open Telekom Cloud Help Center](https://docs.otc.t-systems.com/)
--- a/_deprecated/cloud/ansible/doc/otc_1_project.gif
+++ b/_deprecated/cloud/ansible/doc/otc_1_project.gif
--- a/_deprecated/cloud/ansible/doc/otc_2_user.gif
+++ b/_deprecated/cloud/ansible/doc/otc_2_user.gif
--- a/_deprecated/cloud/ansible/doc/otc_3_login.gif
+++ b/_deprecated/cloud/ansible/doc/otc_3_login.gif
--- a/_deprecated/cloud/ansible/doc/otc_4_import_key.gif
+++ b/_deprecated/cloud/ansible/doc/otc_4_import_key.gif
--- a/_deprecated/cloud/ansible/doc/putty_agent_forwarding.png
+++ b/_deprecated/cloud/ansible/doc/putty_agent_forwarding.png
--- a/_deprecated/cloud/ansible/openstack/ansible.cfg
+++ b/_deprecated/cloud/ansible/openstack/ansible.cfg
@ -1,6 +0,0 @@
 [defaults]
 host_key_checking = false
 [ssh_connection]
 scp_if_ssh = true
 ssh_args = -o ServerAliveInterval=60
--- a/_deprecated/cloud/ansible/openstack/deploy_tpot.yaml
+++ b/_deprecated/cloud/ansible/openstack/deploy_tpot.yaml
@ -1,30 +0,0 @@
 - name: Check host prerequisites
  hosts: localhost
  become: yes
  roles:
    - check
 - name: Deploy instances
  hosts: localhost
  vars_files: my_os_cloud.yaml
  tasks:
    - name: Create security group and network
      ansible.builtin.include_role:
        name: create_net
    - name: Create one or more instances
      ansible.builtin.include_role:
        name: create_vm
      loop: "{{ range(0, 1) }}"
      loop_control:
        extended: yes
 - name: Install T-Pot
  hosts: tpot
  remote_user: linux
  become: yes
  gather_facts: no
  roles:
    - install
 #    - custom_ews
 #    - custom_hpfeeds
    - reboot
--- a/_deprecated/cloud/ansible/openstack/my_os_cloud.yaml
+++ b/_deprecated/cloud/ansible/openstack/my_os_cloud.yaml
@ -1,2 +0,0 @@
 # Enter the name of your cloud to use from clouds.yaml
 cloud: open-telekom-cloud
--- a/_deprecated/cloud/ansible/openstack/requirements.yaml
+++ b/_deprecated/cloud/ansible/openstack/requirements.yaml
@ -1,2 +0,0 @@
 collections:
 - name: openstack.cloud
--- a/_deprecated/cloud/ansible/openstack/roles/check/tasks/main.yaml
+++ b/_deprecated/cloud/ansible/openstack/roles/check/tasks/main.yaml
@ -1,19 +0,0 @@
 - name: Install dependencies
  ansible.builtin.package:
    name:
      - gcc
      - python3-dev
      - python3-setuptools
      - python3-pip
    state: present
 - name: Install openstacksdk
  ansible.builtin.pip:
    name: openstacksdk
    executable: pip3
 - name: Check if agent forwarding is enabled
  ansible.builtin.fail:
    msg: Please enable agent forwarding to allow Ansible to connect to the remote host!
  ignore_errors: yes
  failed_when: lookup('env','SSH_AUTH_SOCK') == ""
--- a/_deprecated/cloud/ansible/openstack/roles/create_net/tasks/main.yaml
+++ b/_deprecated/cloud/ansible/openstack/roles/create_net/tasks/main.yaml
@ -1,33 +0,0 @@
 - name: Create security group
  openstack.cloud.security_group:
    cloud: "{{ cloud }}"
    name: sg-tpot-ansible
    description: Security Group for T-Pot
 - name: Add rules to security group
  openstack.cloud.security_group_rule:
    cloud: "{{ cloud }}"
    security_group: sg-tpot-ansible
    remote_ip_prefix: 0.0.0.0/0
 - name: Create network
  openstack.cloud.network:
    cloud: "{{ cloud }}"
    name: network-tpot-ansible
 - name: Create subnet
  openstack.cloud.subnet:
    cloud: "{{ cloud }}"
    network_name: network-tpot-ansible
    name: subnet-tpot-ansible
    cidr: 192.168.0.0/24
    dns_nameservers:
      - 100.125.4.25
      - 100.125.129.199
 - name: Create router
  openstack.cloud.router:
    cloud: "{{ cloud }}"
    name: router-tpot-ansible
    interfaces:
      - subnet-tpot-ansible
--- a/_deprecated/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
+++ b/_deprecated/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
@ -1,24 +0,0 @@
 - name: Generate T-Pot name
  ansible.builtin.set_fact:
    tpot_name: "t-pot-ansible-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=6') }}"
 - name: Create instance {{ ansible_loop.index }} of {{ ansible_loop.length }}
  openstack.cloud.server:
    cloud: "{{ cloud }}"
    name: "{{ tpot_name }}"
    availability_zone: "{{ availability_zone }}"
    image: "{{ image }}"
    boot_from_volume: yes
    volume_size: "{{ volume_size }}"
    key_name: "{{ key_name }}"
    auto_ip: yes
    flavor: "{{ flavor }}"
    security_groups: sg-tpot-ansible
    network: network-tpot-ansible
  register: tpot
 - name: Add instance to inventory
  ansible.builtin.add_host:
    hostname: "{{ tpot_name }}"
    ansible_host: "{{ tpot.server.public_v4 }}"
    groups: tpot
--- a/_deprecated/cloud/ansible/openstack/roles/create_vm/vars/main.yaml
+++ b/_deprecated/cloud/ansible/openstack/roles/create_vm/vars/main.yaml
@ -1,5 +0,0 @@
 availability_zone: eu-de-03
 image: Standard_Debian_10_latest
 volume_size: 128
 key_name: your-KeyPair
 flavor: s3.medium.8
--- a/_deprecated/cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml
+++ b/_deprecated/cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml
@ -1,13 +0,0 @@
 - name: Copy ews configuration file
  ansible.builtin.template:
    src: ews.cfg
    dest: /data/ews/conf
    owner: root
    group: root
    mode: 0644
 - name: Patching tpot.yml with custom ews configuration file
  ansible.builtin.lineinfile:
    path: /opt/tpot/etc/tpot.yml
    insertafter: "/opt/ewsposter/ews.ip"
    line: "     - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg"
--- a/_deprecated/cloud/ansible/openstack/roles/custom_ews/templates/ews.cfg
+++ b/_deprecated/cloud/ansible/openstack/roles/custom_ews/templates/ews.cfg
@ -1,137 +0,0 @@
 [MAIN]
 homedir = /opt/ewsposter/
 spooldir = /opt/ewsposter/spool/
 logdir = /opt/ewsposter/log/
 del_malware_after_send = false
 send_malware = true
 sendlimit = 500
 contact = your_email_address
 proxy =
 ip =
 [EWS]
 ews = true
 username = your_username
 token = your_token
 rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
 rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
 ignorecert = false
 [HPFEED]
 hpfeed = %(EWS_HPFEEDS_ENABLE)s
 host = %(EWS_HPFEEDS_HOST)s
 port = %(EWS_HPFEEDS_PORT)s
 channels = %(EWS_HPFEEDS_CHANNELS)s
 ident = %(EWS_HPFEEDS_IDENT)s
 secret= %(EWS_HPFEEDS_SECRET)s
 # path/to/certificate for tls broker - or "false" for non-tls broker
 tlscert = %(EWS_HPFEEDS_TLSCERT)s
 # hpfeeds submission format: "ews" (xml) or "json"
 hpfformat = %(EWS_HPFEEDS_FORMAT)s
 [EWSJSON]
 json = false
 jsondir = /data/ews/json/
 [GLASTOPFV3]
 glastopfv3 = true
 nodeid = glastopfv3-{{ ansible_hostname }}
 sqlitedb = /data/glastopf/db/glastopf.db
 malwaredir = /data/glastopf/data/files/
 [GLASTOPFV2]
 glastopfv2 = false
 nodeid =
 mysqlhost =
 mysqldb =
 mysqluser =
 mysqlpw =
 malwaredir =
 [KIPPO]
 kippo = false
 nodeid =
 mysqlhost =
 mysqldb =
 mysqluser =
 mysqlpw =
 malwaredir =
 [COWRIE]
 cowrie = true
 nodeid = cowrie-{{ ansible_hostname }}
 logfile = /data/cowrie/log/cowrie.json
 [DIONAEA]
 dionaea = true
 nodeid = dionaea-{{ ansible_hostname }}
 malwaredir = /data/dionaea/binaries/
 sqlitedb = /data/dionaea/log/dionaea.sqlite
 [HONEYTRAP]
 honeytrap = true
 nodeid = honeytrap-{{ ansible_hostname }}
 newversion = true
 payloaddir = /data/honeytrap/attacks/
 attackerfile = /data/honeytrap/log/attacker.log
 [RDPDETECT]
 rdpdetect = false
 nodeid =
 iptableslog =
 targetip =
 [EMOBILITY]
 eMobility = false
 nodeid = emobility-{{ ansible_hostname }}
 logfile = /data/emobility/log/centralsystemEWS.log
 [CONPOT]
 conpot = true
 nodeid = conpot-{{ ansible_hostname }}
 logfile = /data/conpot/log/conpot*.json
 [ELASTICPOT]
 elasticpot = true
 nodeid = elasticpot-{{ ansible_hostname }}
 logfile = /data/elasticpot/log/elasticpot.log
 [SURICATA]
 suricata = true
 nodeid = suricata-{{ ansible_hostname }}
 logfile = /data/suricata/log/eve.json
 [MAILONEY]
 mailoney = true
 nodeid = mailoney-{{ ansible_hostname }}
 logfile = /data/mailoney/log/commands.log
 [RDPY]
 rdpy = true
 nodeid = rdpy-{{ ansible_hostname }}
 logfile = /data/rdpy/log/rdpy.log
 [VNCLOWPOT]
 vnclowpot = true
 nodeid = vnclowpot-{{ ansible_hostname }}
 logfile = /data/vnclowpot/log/vnclowpot.log
 [HERALDING]
 heralding = true
 nodeid = heralding-{{ ansible_hostname }}
 logfile = /data/heralding/log/auth.csv
 [CISCOASA]
 ciscoasa = true
 nodeid = ciscoasa-{{ ansible_hostname }}
 logfile = /data/ciscoasa/log/ciscoasa.log
 [TANNER]
 tanner = true
 nodeid = tanner-{{ ansible_hostname }}
 logfile = /data/tanner/log/tanner_report.json
 [GLUTTON]
 glutton = true
 nodeid = glutton-{{ ansible_hostname }}
 logfile = /data/glutton/log/glutton.log
--- a/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/files/hpfeeds.cfg
+++ b/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/files/hpfeeds.cfg
@ -1,8 +0,0 @@
 myENABLE=false
 myHOST=host
 myPORT=port
 myCHANNEL=channels
 myCERT=false
 myIDENT=user
 mySECRET=secret
 myFORMAT=json
--- a/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml
+++ b/_deprecated/cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml
@ -1,12 +0,0 @@
 - name: Copy hpfeeds configuration file
  ansible.builtin.copy:
    src: hpfeeds.cfg
    dest: /data/ews/conf
    owner: tpot
    group: tpot
    mode: 0770
  register: config
 - name: Applying hpfeeds settings
  ansible.builtin.command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
  when: config.changed == true
--- a/_deprecated/cloud/ansible/openstack/roles/install/tasks/main.yaml
+++ b/_deprecated/cloud/ansible/openstack/roles/install/tasks/main.yaml
@ -1,48 +0,0 @@
 - name: Waiting for SSH connection
  ansible.builtin.wait_for_connection:
 - name: Gathering facts
  ansible.builtin.setup:
 - name: Cloning T-Pot install directory
  ansible.builtin.git:
    repo: "https://github.com/telekom-security/tpotce.git"
    dest: /root/tpot
 - name: Prepare to set user password
  ansible.builtin.set_fact:
    user_name: "{{ ansible_user }}"
    user_salt: "s0mew1ck3dTpoT"
  no_log: true
 - name: Changing password for user {{ user_name }}
  ansible.builtin.user:
   name: "{{ ansible_user }}"
   password: "{{ user_password | password_hash('sha512', user_salt) }}"
   state: present
   shell: /bin/bash
 - name: Copy T-Pot configuration file
  ansible.builtin.copy:
    src: ../../../../../../iso/installer/tpot.conf.dist
    dest: /root/tpot.conf
    owner: root
    group: root
    mode: 0644
 - name: Install T-Pot on instance -  be patient, this might take 15 to 30 minutes depending on the connection speed.
  ansible.builtin.command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
 - name: Delete T-Pot configuration file
  ansible.builtin.file:
    path: /root/tpot.conf
    state: absent
 - name: Change unattended-upgrades to take default action
  ansible.builtin.blockinfile:
    dest: /etc/apt/apt.conf.d/50unattended-upgrades
    block: |
      Dpkg::Options {
        "--force-confdef";
        "--force-confold";
      }
--- a/_deprecated/cloud/ansible/openstack/roles/install/vars/main.yaml
+++ b/_deprecated/cloud/ansible/openstack/roles/install/vars/main.yaml
@ -1 +0,0 @@
 user_password: LiNuXuSeRPaSs#
--- a/_deprecated/cloud/ansible/openstack/roles/reboot/tasks/main.yaml
+++ b/_deprecated/cloud/ansible/openstack/roles/reboot/tasks/main.yaml
@ -1,16 +0,0 @@
 - name: Finally rebooting T-Pot
  ansible.builtin.command: shutdown -r now
  async: 1
  poll: 0
 - name: Next login options
  ansible.builtin.debug:
    msg:
    - "*****    SSH Access:"
    - "*****    ssh {{ ansible_user }}@{{ ansible_host }} -p 64295"
    - ""
    - "*****    Web UI:"
    - "*****    https://{{ ansible_host }}:64297"
    - ""
    - "*****    Admin UI:"
    - "*****    https://{{ ansible_host }}:64294"
--- a/_deprecated/cloud/terraform/README.md
+++ b/_deprecated/cloud/terraform/README.md
@ -1,129 +0,0 @@
 # T-Pot Terraform
 This [Terraform](https://www.terraform.io/) configuration can be used to launch a virtual machine, bootstrap any dependencies and install T-Pot in a single step.  
 Configuration for Amazon Web Services (AWS) and Open Telekom Cloud (OTC) is currently included.
 This can easily be extended to support other [Terraform providers](https://registry.terraform.io/browse/providers?category=public-cloud%2Ccloud-automation%2Cinfrastructure).
 [Cloud-init](https://cloudinit.readthedocs.io/en/latest/) is used to bootstrap the instance and install T-Pot on startup.
 # Table of Contents
 - [What get's created](#what-created)
  - [Amazon Web Services (AWS)](#what-created-aws)
  - [Open Telekom Cloud (OTC)](#what-created-otc)
 - [Prerequisites](#pre)
  - [Amazon Web Services (AWS)](#pre-aws)
  - [Open Telekom Cloud (OTC)](#pre-otc)
 - [Terraform Variables](#variables)
  - [Common configuration items](#variables-common)
  - [Amazon Web Services (AWS)](#variables-aws)
  - [Open Telekom Cloud (OTC)](#variables-otc)
 - [Initialising](#initialising)
 - [Applying the Configuration](#applying)
 - [Connecting to the Instance](#connecting)
 <a name="what-created"></a>
 ## What get's created
 <a name="what-created-aws"></a>
 ### Amazon Web Services (AWS)
 * EC2 instance:
  * t3.large (2 vCPUs, 8 GB RAM)
  * 128 GB disk
  * Debian 10
  * Public IP
 * Security Group:
  * TCP/UDP ports <= 64000 open to the Internet
  * TCP ports 64294, 64295 and 64297 open to a chosen administrative IP
 <a name="what-created-otc"></a>
 ### Open Telekom Cloud (OTC)
 * ECS instance:
  * s3.medium.8 (1 vCPU, 8 GB RAM)
  * 128 GB disk
  * Debian 10
  * Public EIP
 * Security Group
  * All TCP/UDP ports are open to the Internet
 * Virtual Private Cloud (VPC) and Subnet
 <a name="pre"></a>
 ## Prerequisites
 * [Terraform](https://www.terraform.io/) 0.13
 <a name="pre-aws"></a>
 ### Amazon Web Services (AWS)
 * AWS Account
  * Existing VPC: VPC ID needs to be specified in `aws/variables.tf`
  * Existing subnet: Subnet ID needs to be specified in `aws/variables.tf`
  * Existing SSH key pair: Key name needs to be specified in `aws/variables.tf`
 * AWS Authentication credentials should be [set using environment variables](https://www.terraform.io/docs/providers/aws/index.html#environment-variables)
 <a name="pre-otc"></a>
 ### Open Telekom Cloud (OTC)
 * OTC Account
  * Existing SSH key pair: Key name needs to be specified in `otc/variables.tf`
 * OTC Authentication credentials (Username, Password, Project Name, User Domain Name) can be set in the `otc/clouds.yaml` file
 <a name="variables"></a>
 ## Terraform Variables
 <a name="variables-common"></a>
 ### Common configuration items
 These variables exist in `aws/variables.tf` and `otc/variables.tf` respectively.  
 Settings for cloud-init:  
 * `timezone` - Set the Server's timezone
 * `linux_password`- Set a password for the Linux Operating System user (which is also used on the Admin UI)
 Settings for T-Pot:  
 * `tpot_flavor` - Set the flavor of the T-Pot (Available flavors are listed in the variable's description)
 * `web_user` - Set a username for the T-Pot Kibana Dasboard
 * `web_password` - Set a password for the T-Pot Kibana Dashboard
 <a name="variables-aws"></a>
 ### Amazon Web Services (AWS)
 In `aws/variables.tf`, you can change the additional variables:
 * `admin_ip` - source IP address(es) that you will use to administer the system. Connections to TCP ports 64294, 64295 and 64297 will be allowed from this IP only. Multiple IPs or CIDR blocks can be specified in the format: `["127.0.0.1/32", "192.168.0.0/24"]`
 * `ec2_vpc_id` - Specify an existing VPC ID
 * `ec2_subnet_id` - Specify an existing Subnet ID
 * `ec2_region`
 * `ec2_ssh_key_name` - Specify an existing SSH key pair
 * `ec2_instance_type`
 <a name="variables-otc"></a>
 ### Open Telekom Cloud (OTC)
 In `otc/variables.tf`, you can change the additional variables:
 * `ecs_flavor`
 * `ecs_disk_size`
 * `availability_zone`
 * `key_pair` - Specify an existing SSH key pair
 * `eip_size`
 ... and some more, but these are the most relevant.
 <a name="initialising"></a>
 ## Initialising
 The [`terraform init`](https://www.terraform.io/docs/commands/init.html) command is used to initialize a working directory containing Terraform configuration files.
 ```
 $ cd aws
 $ terraform init
 ```
 OR
 ```
 $ cd otc
 $ terraform init
 ```
 <a name="applying"></a>
 ## Applying the Configuration
 The [`terraform apply`](https://www.terraform.io/docs/commands/apply.html) command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a [`terraform plan`](https://www.terraform.io/docs/commands/plan.html) execution plan.
 ```
 $ terraform apply
 ```
 This will create your infrastructure and start a Cloud Server. On startup, the Server gets bootstrapped with cloud-init and will install T-Pot. Once this is done, the server will reboot.
 If you want the remove the built infrastructure, you can run [`terraform destroy`](https://www.terraform.io/docs/commands/destroy.html) to delete it.
 <a name="connecting"></a>
 ## Connecting to the Instance
 When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/telekom-security/tpotce#ssh-and-web-access).
--- a/_deprecated/cloud/terraform/aws/.terraform.lock.hcl
+++ b/_deprecated/cloud/terraform/aws/.terraform.lock.hcl
@ -1,20 +0,0 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/hashicorp/aws" {
  version     = "3.26.0"
  constraints = "3.26.0"
  hashes = [
    "h1:0i78FItlPeiomd+4ThZrtm56P5K33k7/6dnEe4ZePI0=",
    "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb",
    "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300",
    "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b",
    "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535",
    "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587",
    "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d",
    "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea",
    "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4",
    "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58",
    "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01",
  ]
 }
--- a/_deprecated/cloud/terraform/aws/main.tf
+++ b/_deprecated/cloud/terraform/aws/main.tf
@ -1,66 +0,0 @@
 provider "aws" {
  region = var.ec2_region
 }
 resource "aws_security_group" "tpot" {
  name        = "T-Pot"
  description = "T-Pot Honeypot"
  vpc_id      = var.ec2_vpc_id
  ingress {
    from_port   = 0
    to_port     = 64000
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 0
    to_port     = 64000
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 64294
    to_port     = 64294
    protocol    = "tcp"
    cidr_blocks = var.admin_ip
  }
  ingress {
    from_port   = 64295
    to_port     = 64295
    protocol    = "tcp"
    cidr_blocks = var.admin_ip
  }
  ingress {
    from_port   = 64297
    to_port     = 64297
    protocol    = "tcp"
    cidr_blocks = var.admin_ip
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
    Name = "T-Pot"
  }
 }
 resource "aws_instance" "tpot" {
  ami           = var.ec2_ami[var.ec2_region]
  instance_type = var.ec2_instance_type
  key_name      = var.ec2_ssh_key_name
  subnet_id     = var.ec2_subnet_id
  tags = {
    Name = "T-Pot Honeypot"
  }
  root_block_device {
    volume_type           = "gp2"
    volume_size           = 128
    delete_on_termination = true
  }
  user_data                   = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
  vpc_security_group_ids      = [aws_security_group.tpot.id]
  associate_public_ip_address = true
 }
--- a/_deprecated/cloud/terraform/aws/outputs.tf
+++ b/_deprecated/cloud/terraform/aws/outputs.tf
@ -1,12 +0,0 @@
 output "Admin_UI" {
  value = "https://${aws_instance.tpot.public_dns}:64294/"
 }
 output "SSH_Access" {
  value = "ssh -i {private_key_file} -p 64295 admin@${aws_instance.tpot.public_dns}"
 }
 output "Web_UI" {
  value = "https://${aws_instance.tpot.public_dns}:64297/"
 }
--- a/_deprecated/cloud/terraform/aws/variables.tf
+++ b/_deprecated/cloud/terraform/aws/variables.tf
@ -1,93 +0,0 @@
 variable "admin_ip" {
  default     = ["127.0.0.1/32"]
  description = "admin IP addresses in CIDR format"
 }
 variable "ec2_vpc_id" {
  description = "ID of AWS VPC"
  default     = "vpc-XXX"
 }
 variable "ec2_subnet_id" {
  description = "ID of AWS VPC subnet"
  default     = "subnet-YYY"
 }
 variable "ec2_region" {
  description = "AWS region to launch servers"
  default     = "eu-west-1"
 }
 variable "ec2_ssh_key_name" {
  default = "default"
 }
 # https://aws.amazon.com/ec2/instance-types/
 # t3.large = 2 vCPU, 8 GiB RAM
 variable "ec2_instance_type" {
  default = "t3.large"
 }
 # Refer to https://wiki.debian.org/Cloud/AmazonEC2Image/Bullseye
 variable "ec2_ami" {
  type = map(string)
  default = {
    "af-south-1"     = "ami-0c372f041acae6d49"
    "ap-east-1"      = "ami-079b8d011d4655385"
    "ap-northeast-1" = "ami-08dbbf1c0485a4aa8"
    "ap-northeast-2" = "ami-0269fe7d013b8e2dd"
    "ap-northeast-3" = "ami-0848d1e5fb6e3e3da"
    "ap-south-1"     = "ami-020d429f17c9f1d0a"
    "ap-southeast-1" = "ami-09625a221230d9fe6"
    "ap-southeast-2" = "ami-03cbc6cddb06af2c2"
    "ca-central-1"   = "ami-09125623b02302014"
    "eu-central-1"   = "ami-00c36c60f07e21791"
    "eu-north-1"     = "ami-052bea934e2d9dbfe"
    "eu-south-1"     = "ami-04e2bb16d37324719"
    "eu-west-1"      = "ami-0f87948fe2cf1b2a4"
    "eu-west-2"      = "ami-02ed1bc837487d535"
    "eu-west-3"      = "ami-080efd2add7e29430"
    "me-south-1"     = "ami-0dbde382c834c4a72"
    "sa-east-1"      = "ami-0a0792814cb068077"
    "us-east-1"      = "ami-05dd1b6e7ef6f8378"
    "us-east-2"      = "ami-04dd0542609808c50"
    "us-west-1"      = "ami-07af5f877b3db9f73"
    "us-west-2"      = "ami-0d0d8694ba492c02b"
  }
 }
 ## cloud-init configuration ##
 variable "timezone" {
  default = "UTC"
 }
 variable "linux_password" {
  #default = "LiNuXuSeRPaSs#"
  description = "Set a password for the default user"
  validation {
    condition     = length(var.linux_password) > 0
    error_message = "Please specify a password for the default user."
  }
 }
 ## These will go in the generated tpot.conf file ##
 variable "tpot_flavor" {
  default     = "STANDARD"
  description = "Specify your tpot flavor [STANDARD, HIVE, HIVE_SENSOR, INDUSTRIAL, LOG4J, MEDICAL, MINI, SENSOR]"
 }
 variable "web_user" {
  default     = "webuser"
  description = "Set a username for the web user"
 }
 variable "web_password" {
  #default = "w3b$ecret"
  description = "Set a password for the web user"
  validation {
    condition     = length(var.web_password) > 0
    error_message = "Please specify a password for the web user."
  }
 }
--- a/_deprecated/cloud/terraform/aws/versions.tf
+++ b/_deprecated/cloud/terraform/aws/versions.tf
@ -1,9 +0,0 @@
 terraform {
  required_version = ">= 0.13"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "3.26.0"
    }
  }
 }
--- a/_deprecated/cloud/terraform/aws_multi_region/_provider.tf
+++ b/_deprecated/cloud/terraform/aws_multi_region/_provider.tf
@ -1,9 +0,0 @@
 provider "aws" {
  alias  = "eu-west-2"
  region = "eu-west-2"
 }
 provider "aws" {
  alias  = "us-west-1"
  region = "us-west-1"
 }
--- a/_deprecated/cloud/terraform/aws_multi_region/main.tf
+++ b/_deprecated/cloud/terraform/aws_multi_region/main.tf
@ -1,27 +0,0 @@
 module "eu-west-2" {
  source = "./modules/multi-region"
  ec2_vpc_id = "vpc-xxxxxxxx"
  ec2_subnet_id = "subnet-xxxxxxxx"
  ec2_region = "eu-west-2"
  tpot_name = "T-Pot Honeypot"
  linux_password = var.linux_password
  web_password = var.web_password
  providers = {
    aws = aws.eu-west-2
  }
 }
 module "us-west-1" {
  source = "./modules/multi-region"
  ec2_vpc_id = "vpc-xxxxxxxx"
  ec2_subnet_id = "subnet-xxxxxxxx"
  ec2_region = "us-west-1"
  tpot_name = "T-Pot Honeypot"
  linux_password = var.linux_password
  web_password = var.web_password
  providers = {
    aws = aws.us-west-1
  }
 }
--- a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/main.tf
+++ b/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/main.tf
@ -1,69 +0,0 @@
 variable "ec2_vpc_id" {}
 variable "ec2_subnet_id" {}
 variable "ec2_region" {}
 variable "linux_password" {}
 variable "web_password" {}
 variable "tpot_name" {}
 resource "aws_security_group" "tpot" {
  name        = "T-Pot"
  description = "T-Pot Honeypot"
  vpc_id      = var.ec2_vpc_id
  ingress {
    from_port   = 0
    to_port     = 64000
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 0
    to_port     = 64000
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 64294
    to_port     = 64294
    protocol    = "tcp"
    cidr_blocks = var.admin_ip
  }
  ingress {
    from_port   = 64295
    to_port     = 64295
    protocol    = "tcp"
    cidr_blocks = var.admin_ip
  }
  ingress {
    from_port   = 64297
    to_port     = 64297
    protocol    = "tcp"
    cidr_blocks = var.admin_ip
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
    Name = "T-Pot"
  }
 }
 resource "aws_instance" "tpot" {
  ami           = var.ec2_ami[var.ec2_region]
  instance_type = var.ec2_instance_type
  key_name      = var.ec2_ssh_key_name
  subnet_id     = var.ec2_subnet_id
  tags = {
    Name = var.tpot_name
  }
  root_block_device {
    volume_type           = "gp2"
    volume_size           = 128
    delete_on_termination = true
  }
  user_data                   = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
  vpc_security_group_ids      = [aws_security_group.tpot.id]
  associate_public_ip_address = true
 }
--- a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/outputs.tf
+++ b/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/outputs.tf
@ -1,12 +0,0 @@
 output "Admin_UI" {
  value = "https://${aws_instance.tpot.public_dns}:64294/"
 }
 output "SSH_Access" {
  value = "ssh -i {private_key_file} -p 64295 admin@${aws_instance.tpot.public_dns}"
 }
 output "Web_UI" {
  value = "https://${aws_instance.tpot.public_dns}:64297/"
 }
--- a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/variables.tf
+++ b/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/variables.tf
@ -1,57 +0,0 @@
 variable "admin_ip" {
  default     = ["127.0.0.1/32"]
  description = "admin IP addresses in CIDR format"
 }
 variable "ec2_ssh_key_name" {
  default = "default"
 }
 # https://aws.amazon.com/ec2/instance-types/
 variable "ec2_instance_type" {
  default = "t3.xlarge"
 }
 # Refer to https://wiki.debian.org/Cloud/AmazonEC2Image/Bullseye
 variable "ec2_ami" {
  type = map(string)
  default = {
    "af-south-1"     = "ami-0c372f041acae6d49"
    "ap-east-1"      = "ami-079b8d011d4655385"
    "ap-northeast-1" = "ami-08dbbf1c0485a4aa8"
    "ap-northeast-2" = "ami-0269fe7d013b8e2dd"
    "ap-northeast-3" = "ami-0848d1e5fb6e3e3da"
    "ap-south-1"     = "ami-020d429f17c9f1d0a"
    "ap-southeast-1" = "ami-09625a221230d9fe6"
    "ap-southeast-2" = "ami-03cbc6cddb06af2c2"
    "ca-central-1"   = "ami-09125623b02302014"
    "eu-central-1"   = "ami-00c36c60f07e21791"
    "eu-north-1"     = "ami-052bea934e2d9dbfe"
    "eu-south-1"     = "ami-04e2bb16d37324719"
    "eu-west-1"      = "ami-0f87948fe2cf1b2a4"
    "eu-west-2"      = "ami-02ed1bc837487d535"
    "eu-west-3"      = "ami-080efd2add7e29430"
    "me-south-1"     = "ami-0dbde382c834c4a72"
    "sa-east-1"      = "ami-0a0792814cb068077"
    "us-east-1"      = "ami-05dd1b6e7ef6f8378"
    "us-east-2"      = "ami-04dd0542609808c50"
    "us-west-1"      = "ami-07af5f877b3db9f73"
    "us-west-2"      = "ami-0d0d8694ba492c02b"
  }
 }
 ## cloud-init configuration ##
 variable "timezone" {
  default = "UTC"
 }
 ## These will go in the generated tpot.conf file ##
 variable "tpot_flavor" {
  default     = "STANDARD"
  description = "Specify your tpot flavor [STANDARD, HIVE, HIVE_SENSOR, INDUSTRIAL, LOG4J, MEDICAL, MINI, SENSOR]"
 }
 variable "web_user" {
  default     = "webuser"
  description = "Set a username for the web user"
 }
--- a/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/versions.tf
+++ b/_deprecated/cloud/terraform/aws_multi_region/modules/multi-region/versions.tf
@ -1,9 +0,0 @@
 terraform {
  required_version = ">= 0.13"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "3.72.0"
    }
  }
 }
--- a/_deprecated/cloud/terraform/aws_multi_region/outputs.tf
+++ b/_deprecated/cloud/terraform/aws_multi_region/outputs.tf
@ -1,7 +0,0 @@
 output "eu-west-2_Web_UI" {
  value = module.eu-west-2.Web_UI
 }
 output "us-west-1_Web_UI" {
  value = module.us-west-1.Web_UI
 }
--- a/_deprecated/cloud/terraform/aws_multi_region/variables.tf
+++ b/_deprecated/cloud/terraform/aws_multi_region/variables.tf
@ -1,19 +0,0 @@
 variable "linux_password" {
  #default = "LiNuXuSeRP4Ss!"
  description = "Set a password for the default user"
  validation {
    condition     = length(var.linux_password) > 0
    error_message = "Please specify a password for the default user."
  }
 }
 variable "web_password" {
  #default = "w3b$ecret20"
  description = "Set a password for the web user"
  validation {
    condition     = length(var.web_password) > 0
    error_message = "Please specify a password for the web user."
  }
 }
--- a/_deprecated/cloud/terraform/cloud-init.yaml
+++ b/_deprecated/cloud/terraform/cloud-init.yaml
@ -1,26 +0,0 @@
 #cloud-config
 timezone: ${timezone}
 packages:
  - git
 runcmd:
  - curl -sS --retry 5 https://github.com
  - git clone https://github.com/telekom-security/tpotce /root/tpot
  - /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
  - rm /root/tpot.conf
  - /sbin/shutdown -r now
 password: ${password}
 chpasswd:
  expire: false
 write_files:
  - content: |
      # tpot configuration file
      myCONF_TPOT_FLAVOR='${tpot_flavor}'
      myCONF_WEB_USER='${web_user}'
      myCONF_WEB_PW='${web_password}'
    owner: root:root
    path: /root/tpot.conf
    permissions: '0600'
--- a/_deprecated/cloud/terraform/otc/.terraform.lock.hcl
+++ b/_deprecated/cloud/terraform/otc/.terraform.lock.hcl
@ -1,38 +0,0 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/hashicorp/random" {
  version     = "3.1.0"
  constraints = "~> 3.1.0"
  hashes = [
    "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
    "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
    "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
    "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
    "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
    "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
    "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
    "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
    "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
    "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
    "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
    "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
  ]
 }
 provider "registry.terraform.io/opentelekomcloud/opentelekomcloud" {
  version     = "1.23.6"
  constraints = "~> 1.23.4"
  hashes = [
    "h1:B/1Md957jWaDgFqsJDzmJc75KwL0eC/PCVuZ8HV5xSc=",
    "zh:1aa79010869d082157fb44fc83c3bff4e40938ec0ca916f704d974c7f7ca39e4",
    "zh:3155b8366828ce50231f69962b55df1e2261ed63c44bb64e2c950dd68769df1b",
    "zh:4a909617aa96a6d8aead14f56996ad94e0a1cae9d28e8df1ddae19c2095ed337",
    "zh:4f71046719632b4b90f88d29d8ba88915ee6ad66cd9d7ebe84a7459013e5003a",
    "zh:67e4d10b2db79ad78ae2ec8d9dfac53c4721028f97f4436a7aa45e80b1beefd3",
    "zh:7f12541fc5a3513e5522ff2bd5fee17d1e67bfe64f9ef59d03863fc7389e12ce",
    "zh:86fadabfc8307cf6084a412ffc9c797ec94932d08bc663a3fcebf98101e951f6",
    "zh:98744b39c2bfe3e8e6f929f750a689971071b257f3f066f669f93c8e0b76d179",
    "zh:c363d41debb060804e2c6bd9cb50b4e8daa37362299e3ea74e187265cd85f2ca",
  ]
 }
--- a/_deprecated/cloud/terraform/otc/main.tf
+++ b/_deprecated/cloud/terraform/otc/main.tf
@ -1,68 +0,0 @@
 data "opentelekomcloud_images_image_v2" "debian" {
  name = "Standard_Debian_10_latest"
 }
 resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
  name        = var.secgroup_name
  description = var.secgroup_desc
 }
 resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
  direction         = "ingress"
  ethertype         = "IPv4"
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
 }
 resource "opentelekomcloud_vpc_v1" "vpc_1" {
  name = var.vpc_name
  cidr = var.vpc_cidr
 }
 resource "opentelekomcloud_vpc_subnet_v1" "subnet_1" {
  name   = var.subnet_name
  cidr   = var.subnet_cidr
  vpc_id = opentelekomcloud_vpc_v1.vpc_1.id
  gateway_ip = var.subnet_gateway_ip
  dns_list   = ["100.125.4.25", "100.125.129.199"]
 }
 resource "random_id" "tpot" {
  byte_length = 6
  prefix      = var.ecs_prefix
 }
 resource "opentelekomcloud_ecs_instance_v1" "ecs_1" {
  name     = random_id.tpot.b64_url
  image_id = data.opentelekomcloud_images_image_v2.debian.id
  flavor   = var.ecs_flavor
  vpc_id   = opentelekomcloud_vpc_v1.vpc_1.id
  nics {
    network_id = opentelekomcloud_vpc_subnet_v1.subnet_1.id
  }
  system_disk_size  = var.ecs_disk_size
  system_disk_type  = "SAS"
  security_groups   = [opentelekomcloud_networking_secgroup_v2.secgroup_1.id]
  availability_zone = var.availability_zone
  key_name          = var.key_pair
  user_data         = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
 }
 resource "opentelekomcloud_vpc_eip_v1" "eip_1" {
  publicip {
    type = "5_bgp"
  }
  bandwidth {
    name       = "bandwidth-${random_id.tpot.b64_url}"
    size       = var.eip_size
    share_type = "PER"
  }
 }
 resource "opentelekomcloud_compute_floatingip_associate_v2" "fip_1" {
  floating_ip = opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address
  instance_id = opentelekomcloud_ecs_instance_v1.ecs_1.id
 }
--- a/_deprecated/cloud/terraform/otc/outputs.tf
+++ b/_deprecated/cloud/terraform/otc/outputs.tf
@ -1,11 +0,0 @@
 output "Admin_UI" {
  value = "https://${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}:64294"
 }
 output "SSH_Access" {
  value = "ssh -p 64295 linux@${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}"
 }
 output "Web_UI" {
  value = "https://${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}:64297"
 }
--- a/_deprecated/cloud/terraform/otc/provider.tf
+++ b/_deprecated/cloud/terraform/otc/provider.tf
@ -1,3 +0,0 @@
 provider "opentelekomcloud" {
  cloud = "open-telekom-cloud"
 }
--- a/_deprecated/cloud/terraform/otc/variables.tf
+++ b/_deprecated/cloud/terraform/otc/variables.tf
@ -1,98 +0,0 @@
 ## cloud-init configuration ##
 variable "timezone" {
  default = "UTC"
 }
 variable "linux_password" {
  #default = "LiNuXuSeRPaSs#"
  description = "Set a password for the default user"
  validation {
    condition     = length(var.linux_password) > 0
    error_message = "Please specify a password for the default user."
  }
 }
 ## Security Group ##
 variable "secgroup_name" {
  default = "sg-tpot"
 }
 variable "secgroup_desc" {
  default = "Security Group for T-Pot"
 }
 ## Virtual Private Cloud ##
 variable "vpc_name" {
  default = "vpc-tpot"
 }
 variable "vpc_cidr" {
  default = "192.168.0.0/16"
 }
 ## Subnet ##
 variable "subnet_name" {
  default = "subnet-tpot"
 }
 variable "subnet_cidr" {
  default = "192.168.0.0/24"
 }
 variable "subnet_gateway_ip" {
  default = "192.168.0.1"
 }
 ## Elastic Cloud Server ##
 variable "ecs_prefix" {
  default = "tpot-"
 }
 variable "ecs_flavor" {
  default = "s3.medium.8"
 }
 variable "ecs_disk_size" {
  default = "128"
 }
 variable "availability_zone" {
  default = "eu-de-03"
 }
 variable "key_pair" {
  #default = ""
  description = "Specify your SSH key pair"
  validation {
    condition     = length(var.key_pair) > 0
    error_message = "Please specify a Key Pair."
  }
 }
 ## Elastic IP ##
 variable "eip_size" {
  default = "100"
 }
 ## These will go in the generated tpot.conf file ##
 variable "tpot_flavor" {
  default     = "STANDARD"
  description = "Specify your tpot flavor [STANDARD, HIVE, HIVE_SENSOR, INDUSTRIAL, LOG4J, MEDICAL, MINI, SENSOR]"
 }
 variable "web_user" {
  default     = "webuser"
  description = "Set a username for the web user"
 }
 variable "web_password" {
  #default = "w3b$ecret"
  description = "Set a password for the web user"
  validation {
    condition     = length(var.web_password) > 0
    error_message = "Please specify a password for the web user."
  }
 }
--- a/_deprecated/cloud/terraform/otc/versions.tf
+++ b/_deprecated/cloud/terraform/otc/versions.tf
@ -1,13 +0,0 @@
 terraform {
  required_version = ">= 0.13"
  required_providers {
    opentelekomcloud = {
      source  = "opentelekomcloud/opentelekomcloud"
      version = "~> 1.23.4"
    }
    random = {
      source  = "hashicorp/random"
      version = "~> 3.1.0"
    }
  }
 }
--- a/_deprecated/etc/compose/collector.yml
+++ b/_deprecated/etc/compose/collector.yml
@ -1,260 +0,0 @@
 # T-Pot (Collector)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  heralding_local:
  ewsposter_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # Heralding service
  heralding:
    container_name: heralding
    restart: always
    tmpfs:
     - /tmp/heralding:uid=2000,gid=2000
    networks:
     - heralding_local
    ports:
     - "21:21"
     - "22:22"
     - "23:23"
     - "25:25"
     - "80:80"
     - "110:110"
     - "143:143"
     - "443:443"
     - "465:465"
     - "993:993"
     - "995:995"
     - "1080:1080"
     - "3306:3306"
     - "3389:3389"
     - "5432:5432"
     - "5900:5900"
    image: "dtagdevsec/heralding:2204"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
 # Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:2204"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2204"
    volumes:
     - /data:/data
 ## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2204"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 ## Map Redis Service
  map_redis:
    container_name: map_redis
    restart: always
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## Map Web Service
  map_web:
    container_name: map_web
    restart: always
    environment:
     - MAP_COMMAND=AttackMapServer.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map:2204"
 ## Map Data Service
  map_data:
    container_name: map_data
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
     - MAP_COMMAND=DataServer_v2.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/map:2204"
 #### /ELK
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 # Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
      #    ports:
      #     - "64297:64297"
      #     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2204"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2204"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
--- a/_deprecated/etc/compose/hive.yml
+++ b/_deprecated/etc/compose/hive.yml
@ -1,141 +0,0 @@
 # T-Pot (Hive)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  spiderfoot_local:
 services:
 ##################
 #### Tools
 ##################
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
 #    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2204"
    volumes:
     - /data:/data
 ## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
 #    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2204"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    ports:
     - "127.0.0.1:64305:64305"
 #    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 ## Map Redis Service
  map_redis:
    container_name: map_redis
    restart: always
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## Map Web Service
  map_web:
    container_name: map_web
    restart: always
    environment:
     - MAP_COMMAND=AttackMapServer.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map:2204"
 ## Map Data Service
  map_data:
    container_name: map_data
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
     - MAP_COMMAND=DataServer_v2.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/map:2204"
 #### /ELK
 # Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
      #    ports:
      #     - "64297:64297"
      #     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2204"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2204"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
--- a/_deprecated/etc/compose/hive_sensor.yml
+++ b/_deprecated/etc/compose/hive_sensor.yml
@ -1,548 +0,0 @@
 # T-Pot (Hive_Sensor)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  adbhoney_local:
  ciscoasa_local:
  citrixhoneypot_local:
  conpot_local_IEC104:
  conpot_local_guardian_ast:
  conpot_local_ipmi:
  conpot_local_kamstrup_382:
  cowrie_local:
  ddospot_local:
  dicompot_local:
  dionaea_local:
  elasticpot_local:
  heralding_local:
  ipphoney_local:
  mailoney_local:
  medpot_local:
  redishoneypot_local:
  tanner_local:
  ewsposter_local:
  sentrypeer_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # Adbhoney service
  adbhoney:
    container_name: adbhoney
    restart: always
    networks:
     - adbhoney_local
    ports:
     - "5555:5555"
    image: "dtagdevsec/adbhoney:2204"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
     - /data/adbhoney/downloads:/opt/adbhoney/dl
 # Ciscoasa service
  ciscoasa:
    container_name: ciscoasa
    restart: always
    tmpfs:
     - /tmp/ciscoasa:uid=2000,gid=2000
    networks:
     - ciscoasa_local
    ports:
     - "5000:5000/udp"
     - "8443:8443"
    image: "dtagdevsec/ciscoasa:2204"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
 # CitrixHoneypot service
  citrixhoneypot:
    container_name: citrixhoneypot
    restart: always
    networks:
     - citrixhoneypot_local
    ports:
     - "443:443"
    image: "dtagdevsec/citrixhoneypot:2204"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
 # Conpot IEC104 service
  conpot_IEC104:
    container_name: conpot_iec104
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
     - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
     - CONPOT_TEMPLATE=IEC104
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_IEC104
    ports:
     - "161:161/udp"
     - "2404:2404"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot guardian_ast service
  conpot_guardian_ast:
    container_name: conpot_guardian_ast
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
     - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
     - CONPOT_TEMPLATE=guardian_ast
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot ipmi
  conpot_ipmi:
    container_name: conpot_ipmi
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
     - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
     - CONPOT_TEMPLATE=ipmi
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_ipmi
    ports:
     - "623:623/udp"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot kamstrup_382
  conpot_kamstrup_382:
    container_name: conpot_kamstrup_382
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
     - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
     - CONPOT_TEMPLATE=kamstrup_382
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_kamstrup_382
    ports:
     - "1025:1025"
     - "50100:50100"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Cowrie service
  cowrie:
    container_name: cowrie
    restart: always
    tmpfs:
     - /tmp/cowrie:uid=2000,gid=2000
     - /tmp/cowrie/data:uid=2000,gid=2000
    networks:
     - cowrie_local
    ports:
     - "22:22"
     - "23:23"
    image: "dtagdevsec/cowrie:2204"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
     - /data/cowrie/keys:/home/cowrie/cowrie/etc
     - /data/cowrie/log:/home/cowrie/cowrie/log
     - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
 # Ddospot service
  ddospot:
    container_name: ddospot
    restart: always
    networks:
     - ddospot_local
    ports:
     - "19:19/udp"
     - "53:53/udp"
     - "123:123/udp"
 #     - "161:161/udp"
     - "1900:1900/udp"
    image: "dtagdevsec/ddospot:2204"
    read_only: true
    volumes:
     - /data/ddospot/log:/opt/ddospot/ddospot/logs
     - /data/ddospot/bl:/opt/ddospot/ddospot/bl
     - /data/ddospot/db:/opt/ddospot/ddospot/db
 # Dicompot service
 # Get the Horos Client for testing: https://horosproject.org/
 # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
 # Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
  dicompot:
    container_name: dicompot
    restart: always
    networks:
     - dicompot_local
    ports:
     - "11112:11112"
    image: "dtagdevsec/dicompot:2204"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
 #     - /data/dicompot/images:/opt/dicompot/images
 # Dionaea service
  dionaea:
    container_name: dionaea
    stdin_open: true
    tty: true
    restart: always
    networks:
     - dionaea_local
    ports:
     - "20:20"
     - "21:21"
     - "42:42"
     - "69:69/udp"
     - "81:81"
     - "135:135"
     # - "443:443"
     - "445:445"
     - "1433:1433"
     - "1723:1723"
     - "1883:1883"
     - "3306:3306"
     # - "5060:5060"
     # - "5060:5060/udp"
     # - "5061:5061"
     - "27017:27017"
    image: "dtagdevsec/dionaea:2204"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
     - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
     - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
     - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
     - /data/dionaea:/opt/dionaea/var/dionaea
     - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
     - /data/dionaea/log:/opt/dionaea/var/log
     - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
 # ElasticPot service
  elasticpot:
    container_name: elasticpot
    restart: always
    networks:
     - elasticpot_local
    ports:
     - "9200:9200"
    image: "dtagdevsec/elasticpot:2204"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
 # Heralding service
  heralding:
    container_name: heralding
    restart: always
    tmpfs:
     - /tmp/heralding:uid=2000,gid=2000
    networks:
     - heralding_local
    ports:
    # - "21:21"
    # - "22:22"
    # - "23:23"
    # - "25:25"
    # - "80:80"
     - "110:110"
     - "143:143"
    # - "443:443"
     - "465:465"
     - "993:993"
     - "995:995"
    # - "3306:3306"
    # - "3389:3389"
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
    image: "dtagdevsec/heralding:2204"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
 # Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:2204"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log
 # Ipphoney service
  ipphoney:
    container_name: ipphoney
    restart: always
    networks:
     - ipphoney_local
    ports:
     - "631:631"
    image: "dtagdevsec/ipphoney:2204"
    read_only: true
    volumes:
     - /data/ipphoney/log:/opt/ipphoney/log
 # Mailoney service
  mailoney:
    container_name: mailoney
    restart: always
    environment:
     - HPFEEDS_SERVER=
     - HPFEEDS_IDENT=user
     - HPFEEDS_SECRET=pass
     - HPFEEDS_PORT=20000
     - HPFEEDS_CHANNELPREFIX=prefix
    networks:
     - mailoney_local
    ports:
     - "25:25"
    image: "dtagdevsec/mailoney:2204"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
 # Medpot service
  medpot:
    container_name: medpot
    restart: always
    networks:
     - medpot_local
    ports:
     - "2575:2575"
    image: "dtagdevsec/medpot:2204"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
 # Redishoneypot service
  redishoneypot:
    container_name: redishoneypot
    restart: always
    networks:
     - redishoneypot_local
    ports:
     - "6379:6379"
    image: "dtagdevsec/redishoneypot:2204"
    read_only: true
    volumes:
     - /data/redishoneypot/log:/var/log/redishoneypot
 # SentryPeer service
  sentrypeer:
    container_name: sentrypeer
    restart: always
 # SentryPeer offers to exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
 # In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
 # the bad actors in its logs. Therefore this option is opt-in based.
 #    environment:
 #     - SENTRYPEER_PEER_TO_PEER=0
    networks:
     - sentrypeer_local
    ports:
 #     - "4222:4222/udp"
     - "5060:5060/udp"
 #     - "127.0.0.1:8082:8082"
    image: "dtagdevsec/sentrypeer:2204"
    read_only: true
    volumes:
     - /data/sentrypeer/log:/var/log/sentrypeer
 #### Snare / Tanner
 ## Tanner Redis Service
  tanner_redis:
    container_name: tanner_redis
    restart: always
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## PHP Sandbox service
  tanner_phpox:
    container_name: tanner_phpox
    restart: always
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/phpox:2204"
    read_only: true
 ## Tanner API Service
  tanner_api:
    container_name: tanner_api
    restart: always
    tmpfs:
     - /tmp/tanner:uid=2000,gid=2000
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/tanner:2204"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
    command: tannerapi
    depends_on:
     - tanner_redis
 ## Tanner Service
  tanner:
    container_name: tanner
    restart: always
    tmpfs:
     - /tmp/tanner:uid=2000,gid=2000
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/tanner:2204"
    command: tanner
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
     - /data/tanner/files:/opt/tanner/files
    depends_on:
     - tanner_api
 #     - tanner_web
     - tanner_phpox
 ## Snare Service
  snare:
    container_name: snare
    restart: always
    tty: true
    networks:
     - tanner_local
    ports:
     - "80:80"
    image: "dtagdevsec/snare:2204"
    depends_on:
     - tanner
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
--- a/_deprecated/etc/compose/industrial.yml
+++ b/_deprecated/etc/compose/industrial.yml
@ -1,431 +0,0 @@
 # T-Pot (Industrial)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  conpot_local_default:
  conpot_local_IEC104:
  conpot_local_guardian_ast:
  conpot_local_ipmi:
  conpot_local_kamstrup_382:
  cowrie_local:
  dicompot_local:
  heralding_local:
  medpot_local:
  ewsposter_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # Conpot default service
  conpot_default:
    container_name: conpot_default
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_default.json
     - CONPOT_LOG=/var/log/conpot/conpot_default.log
     - CONPOT_TEMPLATE=default
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_default
    ports:
     - "69:69/udp"
     - "80:80"
     - "102:102"
     - "161:161/udp"
     - "502:502"
 #     - "623:623/udp"
     - "21:21"
     - "44818:44818"
     - "47808:47808/udp"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot IEC104 service
  conpot_IEC104:
    container_name: conpot_iec104
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
     - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
     - CONPOT_TEMPLATE=IEC104
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_IEC104
    ports:
 #     - "161:161/udp"
     - "2404:2404"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot guardian_ast service
  conpot_guardian_ast:
    container_name: conpot_guardian_ast
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
     - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
     - CONPOT_TEMPLATE=guardian_ast
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot ipmi
  conpot_ipmi:
    container_name: conpot_ipmi
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
     - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
     - CONPOT_TEMPLATE=ipmi
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_ipmi
    ports:
     - "623:623/udp"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot kamstrup_382
  conpot_kamstrup_382:
    container_name: conpot_kamstrup_382
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
     - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
     - CONPOT_TEMPLATE=kamstrup_382
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_kamstrup_382
    ports:
     - "1025:1025"
     - "50100:50100"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Cowrie service
  cowrie:
    container_name: cowrie
    restart: always
    tmpfs:
     - /tmp/cowrie:uid=2000,gid=2000
     - /tmp/cowrie/data:uid=2000,gid=2000
    networks:
     - cowrie_local
    ports:
     - "22:22"
     - "23:23"
    image: "dtagdevsec/cowrie:2204"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
     - /data/cowrie/keys:/home/cowrie/cowrie/etc
     - /data/cowrie/log:/home/cowrie/cowrie/log
     - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
 # Dicompot service
 # Get the Horos Client for testing: https://horosproject.org/
 # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
 # Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
  dicompot:
    container_name: dicompot
    restart: always
    networks:
     - dicompot_local
    ports:
     - "11112:11112"
    image: "dtagdevsec/dicompot:2204"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
 #     - /data/dicompot/images:/opt/dicompot/images
 # Heralding service
  heralding:
    container_name: heralding
    restart: always
    tmpfs:
     - /tmp/heralding:uid=2000,gid=2000
    networks:
     - heralding_local
    ports:
    # - "21:21"
    # - "22:22"
    # - "23:23"
    # - "25:25"
    # - "80:80"
    # - "110:110"
    # - "143:143"
    # - "443:443"
    # - "465:465"
    # - "993:993"
    # - "995:995"
    # - "3306:3306"
    # - "3389:3389"
    # - "5432:5432"
     - "5900:5900"
    image: "dtagdevsec/heralding:2204"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
 # Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:2204"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log
 # Medpot service
  medpot:
    container_name: medpot
    restart: always
    networks:
     - medpot_local
    ports:
     - "2575:2575"
    image: "dtagdevsec/medpot:2204"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2204"
    volumes:
     - /data:/data
 ## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2204"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 ## Map Redis Service
  map_redis:
    container_name: map_redis
    restart: always
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## Map Web Service
  map_web:
    container_name: map_web
    restart: always
    environment:
     - MAP_COMMAND=AttackMapServer.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map:2204"
 ## Map Data Service
  map_data:
    container_name: map_data
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
     - MAP_COMMAND=DataServer_v2.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/map:2204"
 #### /ELK
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 # Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
      #    ports:
      #     - "64297:64297"
      #     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2204"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2204"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
--- a/_deprecated/etc/compose/log4j.yml
+++ b/_deprecated/etc/compose/log4j.yml
@ -1,250 +0,0 @@
 # T-Pot (Log4j)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  log4pot_local:
  ewsposter_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # Log4pot service
  log4pot:
    container_name: log4pot
    restart: always
    tmpfs:
     - /tmp:uid=2000,gid=2000
    networks:
     - log4pot_local
    ports:
     - "80:8080"
     - "443:8080"
     - "8080:8080"
     - "9200:8080"
     - "25565:8080"
    image: "dtagdevsec/log4pot:2204"
    read_only: true
    volumes:
     - /data/log4pot/log:/var/log/log4pot/log
     - /data/log4pot/payloads:/var/log/log4pot/payloads
 # Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:2204"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2204"
    volumes:
     - /data:/data
 ## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2204"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 ## Map Redis Service
  map_redis:
    container_name: map_redis
    restart: always
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## Map Web Service
  map_web:
    container_name: map_web
    restart: always
    environment:
     - MAP_COMMAND=AttackMapServer.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map:2204"
 ## Map Data Service
  map_data:
    container_name: map_data
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
     - MAP_COMMAND=DataServer_v2.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/map:2204"
 #### /ELK
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 # Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
      #    ports:
      #     - "64297:64297"
      #     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2204"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2204"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
--- a/_deprecated/etc/compose/medical.yml
+++ b/_deprecated/etc/compose/medical.yml
@ -1,244 +0,0 @@
 # T-Pot (Medical)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  dicompot_local:
  medpot_local:
  ewsposter_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # Dicompot service
 # Get the Horos Client for testing: https://horosproject.org/
 # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
 # Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
  dicompot:
    container_name: dicompot
    restart: always
    networks:
     - dicompot_local
    ports:
     - "11112:11112"
    image: "dtagdevsec/dicompot:2204"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
 #     - /data/dicompot/images:/opt/dicompot/images
 # Medpot service
  medpot:
    container_name: medpot
    restart: always
    networks:
     - medpot_local
    ports:
     - "2575:2575"
    image: "dtagdevsec/medpot:2204"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2204"
    volumes:
     - /data:/data
 ## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2204"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 ## Map Redis Service
  map_redis:
    container_name: map_redis
    restart: always
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## Map Web Service
  map_web:
    container_name: map_web
    restart: always
    environment:
     - MAP_COMMAND=AttackMapServer.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map:2204"
 ## Map Data Service
  map_data:
    container_name: map_data
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
     - MAP_COMMAND=DataServer_v2.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/map:2204"
 #### /ELK
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 # Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
      #    ports:
      #     - "64297:64297"
      #     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2204"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2204"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
--- a/_deprecated/etc/compose/mini.yml
+++ b/_deprecated/etc/compose/mini.yml
@ -1,271 +0,0 @@
 # T-Pot (Mini)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  honeypots_local:
  ewsposter_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # qHoneypots service
  honeypots:
    container_name: honeypots
    stdin_open: true
    tty: true
    restart: always
    tmpfs:
     - /tmp:uid=2000,gid=2000
    networks:
     - honeypots_local
    ports:
     - "21:21"
     - "22:22"
     - "23:23"
     - "25:25"
     - "53:53/udp"
     - "80:80"
     - "110:110"
     - "123:123"
     - "143:143"
     - "161:161"
     - "389:389"
     - "443:443"
     - "445:445"
     - "1080:1080"
     - "1433:1433"
     - "1521:1521"
     - "3306:3306"
     - "5060:5060"
     - "5432:5432"
     - "5900:5900"
     - "6379:6379"
     - "6667:6667"
     - "8080:8080"
     - "9200:9200"
     - "11211:11211"
    image: "dtagdevsec/honeypots:2204"
    read_only: true
    volumes:
     - /data/honeypots/log:/var/log/honeypots
 # Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:2204"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2204"
    volumes:
     - /data:/data
 ## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2204"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 ## Map Redis Service
  map_redis:
    container_name: map_redis
    restart: always
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## Map Web Service
  map_web:
    container_name: map_web
    restart: always
    environment:
     - MAP_COMMAND=AttackMapServer.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map:2204"
 ## Map Data Service
  map_data:
    container_name: map_data
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
     - MAP_COMMAND=DataServer_v2.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/map:2204"
 #### /ELK
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 # Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
      #    ports:
      #     - "64297:64297"
      #     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2204"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2204"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
--- a/_deprecated/etc/compose/nextgen.yml
+++ b/_deprecated/etc/compose/nextgen.yml
@ -1,575 +0,0 @@
 # T-Pot (NextGen)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  adbhoney_local:
  ciscoasa_local:
  citrixhoneypot_local:
  conpot_local_IEC104:
  conpot_local_guardian_ast:
  conpot_local_ipmi:
  conpot_local_kamstrup_382:
  ddospot_local:
  dicompot_local:
  dionaea_local:
  elasticpot_local:
  endlessh_local:
  hellpot_local:
  heralding_local:
  ipphoney_local:
  mailoney_local:
  medpot_local:
  redishoneypot_local:
  ewsposter_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # Adbhoney service
  adbhoney:
    container_name: adbhoney
    restart: always
    networks:
     - adbhoney_local
    ports:
     - "5555:5555"
    image: "dtagdevsec/adbhoney:2204"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
     - /data/adbhoney/downloads:/opt/adbhoney/dl
 # Ciscoasa service
  ciscoasa:
    container_name: ciscoasa
    restart: always
    tmpfs:
     - /tmp/ciscoasa:uid=2000,gid=2000
    networks:
     - ciscoasa_local
    ports:
     - "5000:5000/udp"
     - "8443:8443"
    image: "dtagdevsec/ciscoasa:2204"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
 # CitrixHoneypot service
  citrixhoneypot:
    container_name: citrixhoneypot
    restart: always
    networks:
     - citrixhoneypot_local
    ports:
     - "443:443"
    image: "dtagdevsec/citrixhoneypot:2204"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs       
 # Conpot IEC104 service
  conpot_IEC104:
    container_name: conpot_iec104
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
     - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
     - CONPOT_TEMPLATE=IEC104
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_IEC104
    ports:
     - "161:161/udp"
     - "2404:2404"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot guardian_ast service
  conpot_guardian_ast:
    container_name: conpot_guardian_ast
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
     - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
     - CONPOT_TEMPLATE=guardian_ast
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot ipmi
  conpot_ipmi:
    container_name: conpot_ipmi
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
     - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
     - CONPOT_TEMPLATE=ipmi
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_ipmi
    ports:
     - "623:623/udp"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot kamstrup_382
  conpot_kamstrup_382:
    container_name: conpot_kamstrup_382
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
     - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
     - CONPOT_TEMPLATE=kamstrup_382
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_kamstrup_382
    ports:
     - "1025:1025"
     - "50100:50100"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Ddospot service
  ddospot:
    container_name: ddospot
    restart: always
    networks:
     - ddospot_local
    ports:
     - "19:19/udp"
     - "53:53/udp"
     - "123:123/udp"
 #     - "161:161/udp"
     - "1900:1900/udp"
    image: "dtagdevsec/ddospot:2204"
    read_only: true
    volumes:
     - /data/ddospot/log:/opt/ddospot/ddospot/logs
     - /data/ddospot/bl:/opt/ddospot/ddospot/bl
     - /data/ddospot/db:/opt/ddospot/ddospot/db
 # Dicompot service
 # Get the Horos Client for testing: https://horosproject.org/
 # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/ 
 # Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
  dicompot:
    container_name: dicompot
    restart: always
    networks:
     - dicompot_local
    ports:
     - "11112:11112"
    image: "dtagdevsec/dicompot:2204"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
 #     - /data/dicompot/images:/opt/dicompot/images
 # Dionaea service
  dionaea:
    container_name: dionaea
    stdin_open: true
    tty: true
    restart: always
    networks:
     - dionaea_local
    ports:
     - "20:20"
     - "21:21"
     - "42:42"
     - "69:69/udp"
     - "81:81"
     - "135:135"
     # - "443:443"
     - "445:445"
     - "1433:1433"
     - "1723:1723"
     - "1883:1883"
     - "3306:3306"
     # - "5060:5060"
     # - "5060:5060/udp"
     # - "5061:5061"
     - "27017:27017"
    image: "dtagdevsec/dionaea:2204"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
     - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
     - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
     - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
     - /data/dionaea:/opt/dionaea/var/dionaea
     - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
     - /data/dionaea/log:/opt/dionaea/var/log
     - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
 # ElasticPot service
  elasticpot:
    container_name: elasticpot
    restart: always
    networks:
     - elasticpot_local
    ports:
     - "9200:9200"
    image: "dtagdevsec/elasticpot:2204"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
 # Endlessh service
  endlessh:
    container_name: endlessh
    restart: always
    networks:
     - endlessh_local
    ports:
     - "22:2222"
    image: "dtagdevsec/endlessh:2204"
    read_only: true
    volumes:
     - /data/endlessh/log:/var/log/endlessh
 # Glutton service
  glutton:
    container_name: glutton
    restart: always
    tmpfs:
     - /var/lib/glutton:uid=2000,gid=2000
     - /run:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/glutton:2204"
    read_only: true
    volumes:
     - /data/glutton/log:/var/log/glutton
 #     - /root/tpotce/docker/glutton/dist/rules.yaml:/opt/glutton/rules/rules.yaml
 # Heralding service
  heralding:
    container_name: heralding
    restart: always
    tmpfs:
     - /tmp/heralding:uid=2000,gid=2000
    networks:
     - heralding_local
    ports:
    # - "21:21"
    # - "22:22"
    # - "23:23"
    # - "25:25"
    # - "80:80"
     - "110:110"
     - "143:143"
    # - "443:443"
     - "465:465"
     - "993:993"
     - "995:995"
    # - "3306:3306"
    # - "3389:3389"
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
    image: "dtagdevsec/heralding:2204"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
 # Ipphoney service
  ipphoney:
    container_name: ipphoney
    restart: always
    networks:
     - ipphoney_local
    ports:
     - "631:631"
    image: "dtagdevsec/ipphoney:2204"
    read_only: true
    volumes:
     - /data/ipphoney/log:/opt/ipphoney/log
 # Mailoney service
  mailoney:
    container_name: mailoney
    restart: always
    environment:
     - HPFEEDS_SERVER=
     - HPFEEDS_IDENT=user
     - HPFEEDS_SECRET=pass
     - HPFEEDS_PORT=20000
     - HPFEEDS_CHANNELPREFIX=prefix
    networks:
     - mailoney_local
    ports:
     - "25:25"
    image: "dtagdevsec/mailoney:2204"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
 # Medpot service
  medpot:
    container_name: medpot
    restart: always
    networks:
     - medpot_local
    ports:
     - "2575:2575"
    image: "dtagdevsec/medpot:2204"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
 # Redishoneypot service
  redishoneypot:
    container_name: redishoneypot
    restart: always
    networks:
     - redishoneypot_local
    ports:
     - "6379:6379"
    image: "dtagdevsec/redishoneypot:2204"
    read_only: true
    volumes:
     - /data/redishoneypot/log:/var/log/redishoneypot
 # Hellpot service
  hellpot:
    container_name: hellpot
    restart: always
    networks:
     - hellpot_local
    ports:
     - "80:8080"
    image: "dtagdevsec/hellpot:2204"
    read_only: true
    volumes:
     - /data/hellpot/log:/var/log/hellpot
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2204"
    volumes:
     - /data:/data
 ## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2204"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 ## Map Redis Service
  map_redis:
    container_name: map_redis
    restart: always
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## Map Web Service
  map_web:
    container_name: map_web
    restart: always
    environment:
     - MAP_COMMAND=AttackMapServer.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map:2204"
 ## Map Data Service
  map_data:
    container_name: map_data
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
     - MAP_COMMAND=DataServer_v2.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/map:2204"
 #### /ELK
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 # Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
      #    ports:
      #     - "64297:64297"
      #     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2204"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2204"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
--- a/_deprecated/etc/compose/sensor.yml
+++ b/_deprecated/etc/compose/sensor.yml
@ -1,535 +0,0 @@
 # T-Pot (Sensor)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  adbhoney_local:
  ciscoasa_local:
  citrixhoneypot_local:
  conpot_local_IEC104:
  conpot_local_guardian_ast:
  conpot_local_ipmi:
  conpot_local_kamstrup_382:
  cowrie_local:
  ddospot_local:
  dicompot_local:
  dionaea_local:
  elasticpot_local:
  heralding_local:
  ipphoney_local:
  mailoney_local:
  medpot_local:
  redishoneypot_local:
  tanner_local:
  ewsposter_local:
  sentrypeer_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # Adbhoney service
  adbhoney:
    container_name: adbhoney
    restart: always
    networks:
     - adbhoney_local
    ports:
     - "5555:5555"
    image: "dtagdevsec/adbhoney:2204"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
     - /data/adbhoney/downloads:/opt/adbhoney/dl
 # Ciscoasa service
  ciscoasa:
    container_name: ciscoasa
    restart: always
    tmpfs:
     - /tmp/ciscoasa:uid=2000,gid=2000
    networks:
     - ciscoasa_local
    ports:
     - "5000:5000/udp"
     - "8443:8443"
    image: "dtagdevsec/ciscoasa:2204"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
 # CitrixHoneypot service
  citrixhoneypot:
    container_name: citrixhoneypot
    restart: always
    networks:
     - citrixhoneypot_local
    ports:
     - "443:443"
    image: "dtagdevsec/citrixhoneypot:2204"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
 # Conpot IEC104 service
  conpot_IEC104:
    container_name: conpot_iec104
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
     - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
     - CONPOT_TEMPLATE=IEC104
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_IEC104
    ports:
     - "161:161/udp"
     - "2404:2404"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot guardian_ast service
  conpot_guardian_ast:
    container_name: conpot_guardian_ast
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
     - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
     - CONPOT_TEMPLATE=guardian_ast
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot ipmi
  conpot_ipmi:
    container_name: conpot_ipmi
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
     - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
     - CONPOT_TEMPLATE=ipmi
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_ipmi
    ports:
     - "623:623/udp"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot kamstrup_382
  conpot_kamstrup_382:
    container_name: conpot_kamstrup_382
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
     - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
     - CONPOT_TEMPLATE=kamstrup_382
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_kamstrup_382
    ports:
     - "1025:1025"
     - "50100:50100"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Cowrie service
  cowrie:
    container_name: cowrie
    restart: always
    tmpfs:
     - /tmp/cowrie:uid=2000,gid=2000
     - /tmp/cowrie/data:uid=2000,gid=2000
    networks:
     - cowrie_local
    ports:
     - "22:22"
     - "23:23"
    image: "dtagdevsec/cowrie:2204"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
     - /data/cowrie/keys:/home/cowrie/cowrie/etc
     - /data/cowrie/log:/home/cowrie/cowrie/log
     - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
 # Ddospot service
  ddospot:
    container_name: ddospot
    restart: always
    networks:
     - ddospot_local
    ports:
     - "19:19/udp"
     - "53:53/udp"
     - "123:123/udp"
 #     - "161:161/udp"
     - "1900:1900/udp"
    image: "dtagdevsec/ddospot:2204"
    read_only: true
    volumes:
     - /data/ddospot/log:/opt/ddospot/ddospot/logs
     - /data/ddospot/bl:/opt/ddospot/ddospot/bl
     - /data/ddospot/db:/opt/ddospot/ddospot/db
 # Dicompot service
 # Get the Horos Client for testing: https://horosproject.org/
 # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
 # Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
  dicompot:
    container_name: dicompot
    restart: always
    networks:
     - dicompot_local
    ports:
     - "11112:11112"
    image: "dtagdevsec/dicompot:2204"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
 #     - /data/dicompot/images:/opt/dicompot/images
 # Dionaea service
  dionaea:
    container_name: dionaea
    stdin_open: true
    tty: true
    restart: always
    networks:
     - dionaea_local
    ports:
     - "20:20"
     - "21:21"
     - "42:42"
     - "69:69/udp"
     - "81:81"
     - "135:135"
     # - "443:443"
     - "445:445"
     - "1433:1433"
     - "1723:1723"
     - "1883:1883"
     - "3306:3306"
     # - "5060:5060"
     # - "5060:5060/udp"
     # - "5061:5061"
     - "27017:27017"
    image: "dtagdevsec/dionaea:2204"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
     - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
     - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
     - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
     - /data/dionaea:/opt/dionaea/var/dionaea
     - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
     - /data/dionaea/log:/opt/dionaea/var/log
     - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
 # ElasticPot service
  elasticpot:
    container_name: elasticpot
    restart: always
    networks:
     - elasticpot_local
    ports:
     - "9200:9200"
    image: "dtagdevsec/elasticpot:2204"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
 # Heralding service
  heralding:
    container_name: heralding
    restart: always
    tmpfs:
     - /tmp/heralding:uid=2000,gid=2000
    networks:
     - heralding_local
    ports:
    # - "21:21"
    # - "22:22"
    # - "23:23"
    # - "25:25"
    # - "80:80"
     - "110:110"
     - "143:143"
    # - "443:443"
     - "465:465"
     - "993:993"
     - "995:995"
    # - "3306:3306"
    # - "3389:3389"
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
    image: "dtagdevsec/heralding:2204"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
 # Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:2204"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log
 # Ipphoney service
  ipphoney:
    container_name: ipphoney
    restart: always
    networks:
     - ipphoney_local
    ports:
     - "631:631"
    image: "dtagdevsec/ipphoney:2204"
    read_only: true
    volumes:
     - /data/ipphoney/log:/opt/ipphoney/log
 # Mailoney service
  mailoney:
    container_name: mailoney
    restart: always
    environment:
     - HPFEEDS_SERVER=
     - HPFEEDS_IDENT=user
     - HPFEEDS_SECRET=pass
     - HPFEEDS_PORT=20000
     - HPFEEDS_CHANNELPREFIX=prefix
    networks:
     - mailoney_local
    ports:
     - "25:25"
    image: "dtagdevsec/mailoney:2204"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
 # Medpot service
  medpot:
    container_name: medpot
    restart: always
    networks:
     - medpot_local
    ports:
     - "2575:2575"
    image: "dtagdevsec/medpot:2204"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
 # Redishoneypot service
  redishoneypot:
    container_name: redishoneypot
    restart: always
    networks:
     - redishoneypot_local
    ports:
     - "6379:6379"
    image: "dtagdevsec/redishoneypot:2204"
    read_only: true
    volumes:
     - /data/redishoneypot/log:/var/log/redishoneypot
 # SentryPeer service
  sentrypeer:
    container_name: sentrypeer
    restart: always
 # SentryPeer offers to exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
 # In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
 # the bad actors in its logs. Therefore this option is opt-in based.
 #    environment:
 #     - SENTRYPEER_PEER_TO_PEER=0
    networks:
     - sentrypeer_local
    ports:
 #     - "4222:4222/udp"
     - "5060:5060/udp"
 #     - "127.0.0.1:8082:8082"
    image: "dtagdevsec/sentrypeer:2204"
    read_only: true
    volumes:
     - /data/sentrypeer/log:/var/log/sentrypeer
 #### Snare / Tanner
 ## Tanner Redis Service
  tanner_redis:
    container_name: tanner_redis
    restart: always
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## PHP Sandbox service
  tanner_phpox:
    container_name: tanner_phpox
    restart: always
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/phpox:2204"
    read_only: true
 ## Tanner API Service
  tanner_api:
    container_name: tanner_api
    restart: always
    tmpfs:
     - /tmp/tanner:uid=2000,gid=2000
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/tanner:2204"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
    command: tannerapi
    depends_on:
     - tanner_redis
 ## Tanner Service
  tanner:
    container_name: tanner
    restart: always
    tmpfs:
     - /tmp/tanner:uid=2000,gid=2000
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/tanner:2204"
    command: tanner
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
     - /data/tanner/files:/opt/tanner/files
    depends_on:
     - tanner_api
 #     - tanner_web
     - tanner_phpox
 ## Snare Service
  snare:
    container_name: snare
    restart: always
    tty: true
    networks:
     - tanner_local
    ports:
     - "80:80"
    image: "dtagdevsec/snare:2204"
    depends_on:
     - tanner
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
--- a/_deprecated/etc/compose/standard.yml
+++ b/_deprecated/etc/compose/standard.yml
@ -1,662 +0,0 @@
 # T-Pot (Standard)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  adbhoney_local:
  ciscoasa_local:
  citrixhoneypot_local:
  conpot_local_IEC104:
  conpot_local_guardian_ast:
  conpot_local_ipmi:
  conpot_local_kamstrup_382:
  cowrie_local:
  ddospot_local:
  dicompot_local:
  dionaea_local:
  elasticpot_local:
  heralding_local:
  ipphoney_local:
  mailoney_local:
  medpot_local:
  redishoneypot_local:
  tanner_local:
  ewsposter_local:
  sentrypeer_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # Adbhoney service
  adbhoney:
    container_name: adbhoney
    restart: always
    networks:
     - adbhoney_local
    ports:
     - "5555:5555"
    image: "dtagdevsec/adbhoney:2204"
    read_only: true
    volumes:
     - /data/adbhoney/log:/opt/adbhoney/log
     - /data/adbhoney/downloads:/opt/adbhoney/dl
 # Ciscoasa service
  ciscoasa:
    container_name: ciscoasa
    restart: always
    tmpfs:
     - /tmp/ciscoasa:uid=2000,gid=2000
    networks:
     - ciscoasa_local
    ports:
     - "5000:5000/udp"
     - "8443:8443"
    image: "dtagdevsec/ciscoasa:2204"
    read_only: true
    volumes:
     - /data/ciscoasa/log:/var/log/ciscoasa
 # CitrixHoneypot service
  citrixhoneypot:
    container_name: citrixhoneypot
    restart: always
    networks:
     - citrixhoneypot_local
    ports:
     - "443:443"
    image: "dtagdevsec/citrixhoneypot:2204"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
 # Conpot IEC104 service
  conpot_IEC104:
    container_name: conpot_iec104
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
     - CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
     - CONPOT_TEMPLATE=IEC104
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_IEC104
    ports:
     - "161:161/udp"
     - "2404:2404"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot guardian_ast service
  conpot_guardian_ast:
    container_name: conpot_guardian_ast
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
     - CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
     - CONPOT_TEMPLATE=guardian_ast
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_guardian_ast
    ports:
     - "10001:10001"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot ipmi
  conpot_ipmi:
    container_name: conpot_ipmi
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
     - CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
     - CONPOT_TEMPLATE=ipmi
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_ipmi
    ports:
     - "623:623/udp"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Conpot kamstrup_382
  conpot_kamstrup_382:
    container_name: conpot_kamstrup_382
    restart: always
    environment:
     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
     - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
     - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
     - CONPOT_TEMPLATE=kamstrup_382
     - CONPOT_TMP=/tmp/conpot
    tmpfs:
     - /tmp/conpot:uid=2000,gid=2000
    networks:
     - conpot_local_kamstrup_382
    ports:
     - "1025:1025"
     - "50100:50100"
    image: "dtagdevsec/conpot:2204"
    read_only: true
    volumes:
     - /data/conpot/log:/var/log/conpot
 # Cowrie service
  cowrie:
    container_name: cowrie
    restart: always
    tmpfs:
     - /tmp/cowrie:uid=2000,gid=2000
     - /tmp/cowrie/data:uid=2000,gid=2000
    networks:
     - cowrie_local
    ports:
     - "22:22"
     - "23:23"
    image: "dtagdevsec/cowrie:2204"
    read_only: true
    volumes:
     - /data/cowrie/downloads:/home/cowrie/cowrie/dl
     - /data/cowrie/keys:/home/cowrie/cowrie/etc
     - /data/cowrie/log:/home/cowrie/cowrie/log
     - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
 # Ddospot service
  ddospot:
    container_name: ddospot
    restart: always
    networks:
     - ddospot_local
    ports:
     - "19:19/udp"
     - "53:53/udp"
     - "123:123/udp"
 #     - "161:161/udp"
     - "1900:1900/udp"
    image: "dtagdevsec/ddospot:2204"
    read_only: true
    volumes:
     - /data/ddospot/log:/opt/ddospot/ddospot/logs
     - /data/ddospot/bl:/opt/ddospot/ddospot/bl
     - /data/ddospot/db:/opt/ddospot/ddospot/db
 # Dicompot service
 # Get the Horos Client for testing: https://horosproject.org/
 # Get Dicom images (CC BY 3.0): https://www.cancerimagingarchive.net/collections/
 # Put images (which must be in Dicom DCM format or it will not work!) into /data/dicompot/images
  dicompot:
    container_name: dicompot
    restart: always
    networks:
     - dicompot_local
    ports:
     - "11112:11112"
    image: "dtagdevsec/dicompot:2204"
    read_only: true
    volumes:
     - /data/dicompot/log:/var/log/dicompot
 #     - /data/dicompot/images:/opt/dicompot/images
 # Dionaea service
  dionaea:
    container_name: dionaea
    stdin_open: true
    tty: true
    restart: always
    networks:
     - dionaea_local
    ports:
     - "20:20"
     - "21:21"
     - "42:42"
     - "69:69/udp"
     - "81:81"
     - "135:135"
     # - "443:443"
     - "445:445"
     - "1433:1433"
     - "1723:1723"
     - "1883:1883"
     - "3306:3306"
     # - "5060:5060"
     # - "5060:5060/udp"
     # - "5061:5061"
     - "27017:27017"
    image: "dtagdevsec/dionaea:2204"
    read_only: true
    volumes:
     - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp
     - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp
     - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www
     - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp
     - /data/dionaea:/opt/dionaea/var/dionaea
     - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
     - /data/dionaea/log:/opt/dionaea/var/log
     - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
 # ElasticPot service
  elasticpot:
    container_name: elasticpot
    restart: always
    networks:
     - elasticpot_local
    ports:
     - "9200:9200"
    image: "dtagdevsec/elasticpot:2204"
    read_only: true
    volumes:
     - /data/elasticpot/log:/opt/elasticpot/log
 # Heralding service
  heralding:
    container_name: heralding
    restart: always
    tmpfs:
     - /tmp/heralding:uid=2000,gid=2000
    networks:
     - heralding_local
    ports:
    # - "21:21"
    # - "22:22"
    # - "23:23"
    # - "25:25"
    # - "80:80"
     - "110:110"
     - "143:143"
    # - "443:443"
     - "465:465"
     - "993:993"
     - "995:995"
    # - "3306:3306"
    # - "3389:3389"
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
    image: "dtagdevsec/heralding:2204"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
 # Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:2204"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log
 # Ipphoney service
  ipphoney:
    container_name: ipphoney
    restart: always
    networks:
     - ipphoney_local
    ports:
     - "631:631"
    image: "dtagdevsec/ipphoney:2204"
    read_only: true
    volumes:
     - /data/ipphoney/log:/opt/ipphoney/log
 # Mailoney service
  mailoney:
    container_name: mailoney
    restart: always
    environment:
     - HPFEEDS_SERVER=
     - HPFEEDS_IDENT=user
     - HPFEEDS_SECRET=pass
     - HPFEEDS_PORT=20000
     - HPFEEDS_CHANNELPREFIX=prefix
    networks:
     - mailoney_local
    ports:
     - "25:25"
    image: "dtagdevsec/mailoney:2204"
    read_only: true
    volumes:
     - /data/mailoney/log:/opt/mailoney/logs
 # Medpot service
  medpot:
    container_name: medpot
    restart: always
    networks:
     - medpot_local
    ports:
     - "2575:2575"
    image: "dtagdevsec/medpot:2204"
    read_only: true
    volumes:
     - /data/medpot/log/:/var/log/medpot
 # Redishoneypot service
  redishoneypot:
    container_name: redishoneypot
    restart: always
    networks:
     - redishoneypot_local
    ports:
     - "6379:6379"
    image: "dtagdevsec/redishoneypot:2204"
    read_only: true
    volumes:
     - /data/redishoneypot/log:/var/log/redishoneypot
 # SentryPeer service
  sentrypeer:
    container_name: sentrypeer
    restart: always
 # SentryPeer offers to exchange bad actor data via DHT / P2P mode by setting the ENV to true (1)
 # In some cases (i.e. internally deployed T-Pots) this might be confusing as SentryPeer will show
 # the bad actors in its logs. Therefore this option is opt-in based.
 #    environment:
 #     - SENTRYPEER_PEER_TO_PEER=0
    networks:
     - sentrypeer_local
    ports:
 #     - "4222:4222/udp"
     - "5060:5060/udp"
 #     - "127.0.0.1:8082:8082"
    image: "dtagdevsec/sentrypeer:2204"
    read_only: true
    volumes:
     - /data/sentrypeer/log:/var/log/sentrypeer
 #### Snare / Tanner
 ## Tanner Redis Service
  tanner_redis:
    container_name: tanner_redis
    restart: always
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## PHP Sandbox service
  tanner_phpox:
    container_name: tanner_phpox
    restart: always
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/phpox:2204"
    read_only: true
 ## Tanner API Service
  tanner_api:
    container_name: tanner_api
    restart: always
    tmpfs:
     - /tmp/tanner:uid=2000,gid=2000
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/tanner:2204"
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
    command: tannerapi
    depends_on:
     - tanner_redis
 ## Tanner Service
  tanner:
    container_name: tanner
    restart: always
    tmpfs:
     - /tmp/tanner:uid=2000,gid=2000
    tty: true
    networks:
     - tanner_local
    image: "dtagdevsec/tanner:2204"
    command: tanner
    read_only: true
    volumes:
     - /data/tanner/log:/var/log/tanner
     - /data/tanner/files:/opt/tanner/files
    depends_on:
     - tanner_api
 #     - tanner_web
     - tanner_phpox
 ## Snare Service
  snare:
    container_name: snare
    restart: always
    tty: true
    networks:
     - tanner_local
    ports:
     - "80:80"
    image: "dtagdevsec/snare:2204"
    depends_on:
     - tanner
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2204"
    volumes:
     - /data:/data
 ## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2204"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 ## Map Redis Service
  map_redis:
    container_name: map_redis
    restart: always
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## Map Web Service
  map_web:
    container_name: map_web
    restart: always
    environment:
     - MAP_COMMAND=AttackMapServer.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map:2204"
 ## Map Data Service
  map_data:
    container_name: map_data
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
     - MAP_COMMAND=DataServer_v2.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/map:2204"
 #### /ELK
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 # Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
      #    ports:
      #     - "64297:64297"
      #     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2204"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2204"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
--- a/_deprecated/etc/compose/tarpit.yml
+++ b/_deprecated/etc/compose/tarpit.yml
@ -1,287 +0,0 @@
 # T-Pot (Tarpit)
 # Do not erase ports sections, these are used by /opt/tpot/bin/rules.sh to setup iptables ACCEPT rules for NFQ (honeytrap / glutton)
 version: '2.3'
 networks:
  endlessh_local:
  hellpot_local:
  heralding_local:
  ewsposter_local:
  spiderfoot_local:
 services:
 ##################
 #### Honeypots
 ##################
 # Endlessh service
  endlessh:
    container_name: endlessh
    restart: always
    networks:
     - endlessh_local
    ports:
     - "22:2222"
    image: "dtagdevsec/endlessh:2204"
    read_only: true
    volumes:
     - /data/endlessh/log:/var/log/endlessh
 # Heralding service
  heralding:
    container_name: heralding
    restart: always
    tmpfs:
     - /tmp/heralding:uid=2000,gid=2000
    networks:
     - heralding_local
    ports:
    # - "21:21"
    # - "22:22"
    # - "23:23"
    # - "25:25"
    # - "80:80"
     - "110:110"
     - "143:143"
    # - "443:443"
     - "465:465"
     - "993:993"
     - "995:995"
    # - "3306:3306"
    # - "3389:3389"
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
    image: "dtagdevsec/heralding:2204"
    read_only: true
    volumes:
     - /data/heralding/log:/var/log/heralding
 # Honeytrap service
  honeytrap:
    container_name: honeytrap
    restart: always
    tmpfs:
     - /tmp/honeytrap:uid=2000,gid=2000
    network_mode: "host"
    cap_add:
     - NET_ADMIN
    image: "dtagdevsec/honeytrap:2204"
    read_only: true
    volumes:
     - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
     - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
     - /data/honeytrap/log:/opt/honeytrap/var/log
 # Hellpot service
  hellpot:
    container_name: hellpot
    restart: always
    networks:
     - hellpot_local
    ports:
     - "80:8080"
    image: "dtagdevsec/hellpot:2204"
    read_only: true
    volumes:
     - /data/hellpot/log:/var/log/hellpot
 ##################
 #### NSM
 ##################
 # Fatt service
  fatt:
    container_name: fatt
    restart: always
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/fatt:2204"
    volumes:
     - /data/fatt/log:/opt/fatt/log
 # P0f service
  p0f:
    container_name: p0f
    restart: always
    network_mode: "host"
    image: "dtagdevsec/p0f:2204"
    read_only: true
    volumes:
     - /data/p0f/log:/var/log/p0f
 # Suricata service
  suricata:
    container_name: suricata
    restart: always
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
    # Loading externel Rules from URL 
    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN
     - SYS_NICE
     - NET_RAW
    image: "dtagdevsec/suricata:2204"
    volumes:
     - /data/suricata/log:/var/log/suricata
 ##################
 #### Tools
 ##################
 #### ELK
 ## Elasticsearch service
  elasticsearch:
    container_name: elasticsearch
    restart: always
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
     - ES_TMPDIR=/tmp
    cap_add:
     - IPC_LOCK
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 4g
    ports:
     - "127.0.0.1:64298:9200"
    image: "dtagdevsec/elasticsearch:2204"
    volumes:
     - /data:/data
 ## Kibana service
  kibana:
    container_name: kibana
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
    image: "dtagdevsec/kibana:2204"
 ## Logstash service
  logstash:
    container_name: logstash
    restart: always
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
    depends_on:
      elasticsearch:
        condition: service_healthy
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    mem_limit: 2g
    image: "dtagdevsec/logstash:2204"
    volumes:
     - /data:/data
 ## Map Redis Service
  map_redis:
    container_name: map_redis
    restart: always
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/redis:2204"
    read_only: true
 ## Map Web Service
  map_web:
    container_name: map_web
    restart: always
    environment:
     - MAP_COMMAND=AttackMapServer.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    ports:
     - "127.0.0.1:64299:64299"
    image: "dtagdevsec/map:2204"
 ## Map Data Service
  map_data:
    container_name: map_data
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
     - MAP_COMMAND=DataServer_v2.py
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    stop_signal: SIGKILL
    tty: true
    image: "dtagdevsec/map:2204"
 #### /ELK
 # Ewsposter service
  ewsposter:
    container_name: ewsposter
    restart: always
    networks:
     - ewsposter_local
    environment:
     - EWS_HPFEEDS_ENABLE=false
     - EWS_HPFEEDS_HOST=host
     - EWS_HPFEEDS_PORT=port
     - EWS_HPFEEDS_CHANNELS=channels
     - EWS_HPFEEDS_IDENT=user
     - EWS_HPFEEDS_SECRET=secret
     - EWS_HPFEEDS_TLSCERT=false
     - EWS_HPFEEDS_FORMAT=json
    env_file:
     - /opt/tpot/etc/compose/elk_environment
    image: "dtagdevsec/ewsposter:2204"
    volumes:
     - /data:/data
     - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
 # Nginx service
  nginx:
    container_name: nginx
    restart: always
    tmpfs:
     - /var/tmp/nginx/client_body
     - /var/tmp/nginx/proxy
     - /var/tmp/nginx/fastcgi
     - /var/tmp/nginx/uwsgi
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
    network_mode: "host"
      #    ports:
      #     - "64297:64297"
      #     - "127.0.0.1:64304:64304"
    image: "dtagdevsec/nginx:2204"
    read_only: true
    volumes:
     - /data/nginx/cert/:/etc/nginx/cert/:ro
     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
     - /data/nginx/log/:/var/log/nginx/
 # Spiderfoot service
  spiderfoot:
    container_name: spiderfoot
    restart: always
    networks:
     - spiderfoot_local
    ports:
     - "127.0.0.1:64303:8080"
    image: "dtagdevsec/spiderfoot:2204"
    volumes:
     - /data/spiderfoot:/home/spiderfoot/.spiderfoot
--- a/_deprecated/etc/logrotate/logrotate.conf
+++ b/_deprecated/etc/logrotate/logrotate.conf
@ -1,69 +0,0 @@
 /data/adbhoney/log/*.json
 /data/adbhoney/log/*.log
 /data/ciscoasa/log/ciscoasa.log
 /data/citrixhoneypot/logs/server.log
 /data/conpot/log/conpot*.json
 /data/conpot/log/conpot*.log
 /data/cowrie/log/cowrie.json
 /data/cowrie/log/cowrie-textlog.log
 /data/cowrie/log/lastlog.txt
 /data/ddospot/log/*.log
 /data/dicompot/log/dicompot.log
 /data/dionaea/log/dionaea.json
 /data/dionaea/log/dionaea.sqlite
 /data/dionaea/dionaea-errors.log
 /data/elasticpot/log/elasticpot.log
 /data/elasticpot/log/elasticpot.json
 /data/elk/log/*.log
 /data/endlessh/log/*.log
 /data/fatt/log/fatt.log
 /data/glutton/log/*.log
 /data/glutton/log/*.err
 /data/hellpot/log/*.log
 /data/heralding/log/*.log
 /data/heralding/log/*.csv
 /data/heralding/log/*.json
 /data/honeypots/log/*.log
 /data/honeysap/log/*.log
 /data/honeytrap/log/*.log
 /data/honeytrap/log/*.json
 /data/ipphoney/log/*.json
 /data/log4pot/log/*.log
 /data/mailoney/log/*.log
 /data/medpot/log/*.log
 /data/nginx/log/*.log
 /data/p0f/log/p0f.json
 /data/rdpy/log/rdpy.log
 /data/redishoneypot/log/*.log
 /data/sentrypeer/log/*.json
 /data/suricata/log/*.log
 /data/suricata/log/*.json
 /data/tanner/log/*.json
 {
 	su tpot tpot
        copytruncate
        create 770 tpot tpot
 	daily
        missingok
        notifempty
 	rotate 30
 	compress
        compresscmd /usr/bin/pigz
 }
 /data/adbhoney/downloads.tgz
 /data/cowrie/log/ttylogs.tgz
 /data/cowrie/downloads.tgz
 /data/dionaea/bistreams.tgz
 /data/dionaea/binaries.tgz
 /data/honeytrap/attacks.tgz
 /data/honeytrap/downloads.tgz
 {
 	su tpot tpot
        copytruncate
        create 770 tpot tpot
 	daily
        missingok
        notifempty
 	rotate 30
 }
--- a/_deprecated/etc/objects/elkbase.tgz
+++ b/_deprecated/etc/objects/elkbase.tgz
--- a/_deprecated/etc/objects/kibana_export.ndjson.zip
+++ b/_deprecated/etc/objects/kibana_export.ndjson.zip
--- a/_deprecated/host/etc/rc.local
+++ b/_deprecated/host/etc/rc.local
@ -1,3 +0,0 @@
 #!/bin/bash
 /opt/tpot/bin/updateip.sh
 exit 0
--- a/_deprecated/host/etc/systemd/tpot.service
+++ b/_deprecated/host/etc/systemd/tpot.service
@ -1,42 +0,0 @@
 [Unit]
 Description=tpot
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 RestartSec=5
 TimeoutSec=infinity
 # Get and set internal, external IP infos, but ignore errors
 ExecStartPre=-/opt/tpot/bin/updateip.sh
 # Clear state or if persistence is enabled rotate and compress logs from /data
 ExecStartPre=-/bin/bash -c '/opt/tpot/bin/clean.sh on'
 # Remove old containers, images and volumes
 ExecStartPre=/opt/tpot/bin/tpdclean.sh -y
 # Get IF, disable offloading, enable promiscious mode for p0f and suricata
 ExecStartPre=-/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) rx off tx off'
 ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off'
 ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on'
 # Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
 # Forward all other connections to honeytrap / NFQUEUE
 ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set
 # Compose T-Pot up
 ExecStart=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color
 # We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
 ExecStartPost=/bin/bash -c '/usr/bin/sleep 30 && /usr/sbin/conntrack -D -p udp'
 # Compose T-Pot down, remove containers and volumes
 ExecStop=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v
 # Remove only previously set iptables rules
 ExecStopPost=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml unset
 [Install]
 WantedBy=multi-user.target
--- a/_deprecated/host/usr/share/dict/a.txt
+++ b/_deprecated/host/usr/share/dict/a.txt
--- a/_deprecated/host/usr/share/dict/n.txt
+++ b/_deprecated/host/usr/share/dict/n.txt
--- a/_deprecated/host/usr/share/dict/names
+++ b/_deprecated/host/usr/share/dict/names
--- a/_deprecated/install.sh
+++ b/_deprecated/install.sh
@ -1,3 +0,0 @@
 #!/bin/bash
 cd iso/installer
 ./install.sh "$@"
--- a/_deprecated/installer/debian/install.sh
+++ b/_deprecated/installer/debian/install.sh
@ -1,77 +0,0 @@
 #!/bin/bash
 # Needs to run as non-root
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" == "root" ]
  then
    echo "Need to run as user ..."
    exit
 fi
 # Check if running on Debian
 if ! grep -q 'ID=debian' /etc/os-release; then
  echo "This script is designed to run on Debian. Aborting."
  exit 1
 fi
 if [ -f /var/log/debian-install-lock ]; then
  echo "Error: The installer has already been run on this system. If you wish to run it again, please run the uninstall.sh first."
  exit 1
 fi
 # Create installer lock file
 sudo touch /var/log/debian-install-lock
 # Update SSH config
 echo "Updating SSH config..."
 sudo bash -c 'echo "Port 64295" >> /etc/ssh/sshd_config'
 # Install recommended packages
 echo "Installing recommended packages..."
 sudo apt-get -y update
 sudo apt-get -y install bash-completion git grc neovim net-tools
 # Remove old Docker
 echo "Removing old docker packages..."
 sudo apt-get -y remove docker docker-engine docker.io containerd runc
 # Add Docker to repositories, install latest docker
 echo "Adding Docker to repositories and installing..."
 sudo apt-get -y update
 sudo apt-get -y install ca-certificates curl gnupg
 sudo install -m 0755 -d /etc/apt/keyrings
 curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
 sudo chmod a+r /etc/apt/keyrings/docker.gpg
 echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
 sudo apt-get -y update
 sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 sudo systemctl enable docker
 sudo systemctl stop docker
 sudo systemctl start docker
 # Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
 echo "Creating T-Pot group and user ..."
 addgroup --gid 2000 tpot
 adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
 # Add user to Docker, T-Pot group
 echo "Adding $(whoami) to Docker group..."
 sudo usermod -aG docker $(whoami)
 echo "Adding $(whoami) to T-Pot group..."
 sudo usermod -aG tpot $(whoami)
 # Add aliases
 echo "Adding aliases..."
 echo "alias dps='grc docker ps -a'" >> ~/.bashrc
 echo "alias dpsw='watch -c \"grc --colour=on docker ps -a\"'" >> ~/.bashrc
 # Show running services
 sudo grc netstat -tulpen
 echo "Please review for possible honeypot port conflicts."
 echo "While SSH is taken care of, other services such as"
 echo "SMTP, HTTP, etc. might prevent T-Pot from starting."
 echo "Done. Please reboot and re-connect via SSH on tcp/64295."
--- a/_deprecated/installer/debian/sudo-install.sh
+++ b/_deprecated/installer/debian/sudo-install.sh
@ -1,10 +0,0 @@
 #!/bin/bash
 if ! command -v sudo &> /dev/null
 then
    echo "sudo is not installed. Installing now..."
    su -c "apt-get -y update && apt-get -y install sudo"
    su -c "/usr/sbin/usermod -aG sudo $(whoami)"
 else
    echo "sudo is already installed."
 fi
--- a/_deprecated/installer/debian/uninstall.sh
+++ b/_deprecated/installer/debian/uninstall.sh
@ -1,59 +0,0 @@
 #!/bin/bash
 # Needs to run as non-root
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" == "root" ]
  then
    echo "Need to run as user ..."
    exit
 fi
 # Check if running on Debian
 if ! grep -q 'ID=debian' /etc/os-release; then
  echo "This script is designed to run on Debian. Aborting."
  exit 1
 fi
 # Check if installer lock file exists
 if [ ! -f /var/log/debian-install-lock ]; then
  echo "Error: The installer has not been run on this system. Aborting."
  exit 1
 fi
 # Remove SSH config changes
 echo "Removing SSH config changes..."
 sudo sed -i '/Port 64295/d' /etc/ssh/sshd_config
 # Uninstall Docker
 echo "Stopping and removing all containers ..."
 docker stop $(docker ps -aq)
 docker rm $(docker ps -aq)
 echo "Uninstalling Docker..."
 sudo systemctl stop docker
 sudo systemctl disable docker
 sudo apt-get -y remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 sudo apt-get -y autoremove
 sudo rm -rf /etc/apt/sources.list.d/docker.list
 sudo rm -rf /etc/apt/keyrings/docker.gpg
 # Remove user from Docker, T-Pot group
 echo "Removing $(whoami) from T-Pot group..."
 sudo deluser $(whoami) tpot
 echo "Removing $(whoami) from Docker group..."
 sudo deluser $(whoami) docker
 # Remove T-Pot user and group
 echo "Removing T-Pot user..."
 sudo deluser tpot
 echo "Removing T-Pot group..."
 sudo delgroup tpot
 # Remove aliases
 echo "Removing aliases..."
 sed -i '/alias dps=/d' ~/.bashrc
 sed -i '/alias dpsw=/d' ~/.bashrc
 # Remove installer lock file
 sudo rm -f /var/log/debian-install-lock
 echo "Done. Please reboot and re-connect via SSH on tcp/22"
--- a/_deprecated/installer/fedora/install.sh
+++ b/_deprecated/installer/fedora/install.sh
@ -1,85 +0,0 @@
 #!/bin/bash
 # Needs to run as non-root
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" == "root" ]
  then
    echo "Need to run as user ..."
    exit
 fi
 # Check if running on Fedora
 if ! grep -q 'ID=fedora' /etc/os-release; then
  echo "This script is designed to run on Fedora. Aborting."
  exit 1
 fi
 if [ -f /var/log/fedora-install-lock ]; then
  echo "Error: The installer has already been run on this system. If you wish to run it again, please run the uninstall.sh first."
  exit 1
 fi
 # Create installer lock file
 sudo touch /var/log/fedora-install-lock
 # Update SSH config
 echo "Updating SSH config..."
 sudo bash -c 'echo "Port 64295" >> /etc/ssh/sshd_config'
 # Update DNS config
 echo "Updating DNS config..."
 sudo bash -c "sed -i 's/^.*DNSStubListener=.*/DNSStubListener=no/' /etc/systemd/resolved.conf"
 sudo systemctl restart systemd-resolved.service
 # Update SELinux config
 echo "Updating SELinux config..."
 sudo sed -i s/SELINUX=enforcing/SELINUX=permissive/g /etc/selinux/config
 # Update Firewall rules
 echo "Updating Firewall rules..."
 sudo firewall-cmd --permanent --add-port=64295/tcp
 sudo firewall-cmd --permanent --zone=public --set-target=ACCEPT
 #sudo firewall-cmd --reload
 sudo firewall-cmd --list-all
 # Load kernel modules
 echo "Loading kernel modules..."
 sudo modprobe -v iptable_filter
 echo "iptable_filter" | sudo tee /etc/modules-load.d/iptables.conf
 # Add Docker to repositories, install latest docker
 echo "Adding Docker to repositories and installing..."
 sudo dnf -y update
 sudo dnf -y install dnf-plugins-core
 sudo dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
 sudo dnf -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 sudo systemctl enable docker
 sudo systemctl start docker
 # Install recommended packages
 echo "Installing recommended packages..."
 sudo dnf -y install bash-completion git grc net-tools
 # Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
 echo "Creating T-Pot group and user..."
 sudo groupadd -g 2000 tpot
 sudo useradd -r -u 2000 -g 2000 -M -s /sbin/nologin tpot
 # Add user to Docker, T-Pot group
 echo "Adding $(whoami) to Docker group..."
 sudo usermod -aG docker $(whoami)
 echo "Adding $(whoami) to T-Pot group..."
 sudo usermod -aG tpot $(whoami)
 # Add aliases
 echo "Adding aliases..."
 echo "alias dps='grc docker ps -a'" >> ~/.bashrc
 echo "alias dpsw='watch -c \"grc --colour=on docker ps -a\"'" >> ~/.bashrc
 # Show running services
 sudo grc netstat -tulpen
 echo "Please review for possible honeypot port conflicts."
 echo "While SSH is taken care of, other services such as"
 echo "SMTP, HTTP, etc. might prevent T-Pot from starting."
 echo "Done. Please reboot and re-connect via SSH on tcp/64295."
--- a/_deprecated/installer/fedora/uninstall.sh
+++ b/_deprecated/installer/fedora/uninstall.sh
@ -1,78 +0,0 @@
 #!/bin/bash
 # Needs to run as non-root
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" == "root" ]
  then
    echo "Need to run as user ..."
    exit
 fi
 # Check if running on Fedora
 if ! grep -q 'ID=fedora' /etc/os-release; then
  echo "This script is designed to run on Fedora. Aborting."
  exit 1
 fi
 if [ ! -f /var/log/fedora-install-lock ]; then
  echo "Error: The installer has not been run on this system. Aborting uninstallation."
  exit 1
 fi
 # Remove SSH config changes
 echo "Removing SSH config changes..."
 sudo sed -i '/Port 64295/d' /etc/ssh/sshd_config
 # Remove DNS config changes
 echo "Updating DNS config..."
 sudo bash -c "sed -i 's/^.*DNSStubListener=.*/#DNSStubListener=yes/' /etc/systemd/resolved.conf"
 sudo systemctl restart systemd-resolved.service
 # Restore SELinux config
 echo "Restoring SELinux config..."
 sudo sed -i s/SELINUX=permissive/SELINUX=enforcing/g /etc/selinux/config
 # Remove Firewall rules
 echo "Removing Firewall rules..."
 sudo firewall-cmd --permanent --remove-port=64295/tcp
 sudo firewall-cmd --permanent --zone=public --set-target=default
 #sudo firewall-cmd --reload
 sudo firewall-cmd --list-all
 # Unload kernel modules
 echo "Unloading kernel modules..."
 sudo modprobe -rv iptable_filter
 sudo rm /etc/modules-load.d/iptables.conf
 # Uninstall Docker
 echo "Stopping and removing all containers ..."
 docker stop $(docker ps -aq)
 docker rm $(docker ps -aq)
 echo "Uninstalling Docker..."
 sudo systemctl stop docker
 sudo systemctl disable docker
 sudo dnf -y remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 sudo dnf config-manager --disable docker-ce-stable
 sudo rm /etc/yum.repos.d/docker-ce.repo
 # Remove user from Docker, T-Pot group
 echo "Removing $(whoami) from T-Pot group..."
 sudo gpasswd -d $(whoami) tpot
 echo "Removing $(whoami) from Docker group..."
 sudo gpasswd -d $(whoami) docker
 # Remove T-Pot user and group
 echo "Removing T-Pot user..."
 sudo userdel tpot
 echo "Removing T-Pot group..."
 sudo groupdel tpot
 # Remove aliases
 echo "Removing aliases..."
 sed -i '/alias dps=/d' ~/.bashrc
 sed -i '/alias dpsw=/d' ~/.bashrc
 # Remove installer lock file
 sudo rm /var/log/fedora-install-lock
 echo "Done. Please reboot and re-connect via SSH on tcp/22"
--- a/_deprecated/installer/suse/install.sh
+++ b/_deprecated/installer/suse/install.sh
@ -1,70 +0,0 @@
 #!/bin/bash
 # Needs to run as non-root
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" == "root" ]
  then
    echo "Need to run as user ..."
    exit
 fi
 # Check if running on OpenSuse Tumbleweed
 if ! grep -q 'ID="opensuse-tumbleweed"' /etc/os-release; then
  echo "This script is designed to run on OpenSuse Tumbleweed. Aborting."
  exit 1
 fi
 if [ -f /var/log/suse-install-lock ]; then
  echo "Error: The installer has already been run on this system. If you wish to run it again, please run the uninstall.sh first."
  exit 1
 fi
 # Create installer lock file
 sudo touch /var/log/suse-install-lock
 # Update SSH config
 echo "Updating SSH config..."
 sudo bash -c 'echo "Port 64295" >> /etc/ssh/sshd_config.d/port.conf'
 # Update Firewall rules
 echo "Updating Firewall rules..."
 sudo firewall-cmd --permanent --add-port=64295/tcp
 sudo firewall-cmd --permanent --zone=public --set-target=ACCEPT
 #sudo firewall-cmd --reload
 sudo firewall-cmd --list-all
 # Install docker and recommended packages
 echo "Installing recommended packages..."
 sudo zypper -n update
 sudo zypper -n remove cups net-tools postfix yast2-auth-client yast2-auth-server
 sudo zypper -n install bash-completion docker docker-compose git grc busybox-net-tools
 # Enable and start docker
 echo "Enabling and starting docker..."
 systemctl enable docker
 systemctl start docker
 # Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
 echo "Creating T-Pot group and user ..."
 sudo groupadd -g 2000 tpot
 sudo useradd -r -u 2000 -g 2000 -s /sbin/nologin tpot
 # Add user to Docker, T-Pot group
 echo "Adding $(whoami) to Docker group..."
 sudo usermod -a -G docker $(whoami)
 echo "Adding $(whoami) to T-Pot group..."
 sudo usermod -a -G tpot $(whoami)
 # Add aliases
 echo "Adding aliases..."
 echo "alias dps='grc docker ps -a'" >> ~/.bashrc
 echo "alias dpsw='watch -c \"grc --colour=on docker ps -a\"'" >> ~/.bashrc
 # Show running services
 sudo grc netstat -tulpen
 echo "Please review for possible honeypot port conflicts."
 echo "While SSH is taken care of, other services such as"
 echo "SMTP, HTTP, etc. might prevent T-Pot from starting."
 echo "Done. Please reboot and re-connect via SSH on tcp/64295."
--- a/_deprecated/installer/suse/uninstall.sh
+++ b/_deprecated/installer/suse/uninstall.sh
@ -1,63 +0,0 @@
 #!/bin/bash
 # Needs to run as non-root
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" == "root" ]
  then
    echo "Need to run as user ..."
    exit
 fi
 # Check if running on OpenSuse Tumbleweed
 if ! grep -q 'ID="opensuse-tumbleweed"' /etc/os-release; then
  echo "This script is designed to run on OpenSuse Tumbleweed. Aborting."
  exit 1
 fi
 if [ ! -f /var/log/suse-install-lock ]; then
  echo "Error: The installer has not been run on this system. Aborting uninstallation."
  exit 1
 fi
 # Remove SSH config changes
 echo "Removing SSH config changes..."
 sudo sed -i '/Port 64295/d' /etc/ssh/sshd_config.d/port.conf
 # Remove Firewall rules
 echo "Removing Firewall rules..."
 sudo firewall-cmd --permanent --remove-port=64295/tcp
 sudo firewall-cmd --permanent --zone=public --set-target=default
 #sudo firewall-cmd --reload
 sudo firewall-cmd --list-all
 # Uninstall Docker
 echo "Stopping and removing all containers ..."
 docker stop $(docker ps -aq)
 docker rm $(docker ps -aq)
 echo "Uninstalling Docker..."
 sudo systemctl stop docker
 sudo systemctl disable docker
 sudo zypper -n remove docker docker-compose
 sudo zypper -n install cups postfix
 # Remove user from Docker, T-Pot group
 echo "Removing $(whoami) from T-Pot group..."
 sudo gpasswd -d $(whoami) tpot
 echo "Removing $(whoami) from Docker group..."
 sudo gpasswd -d $(whoami) docker
 # Remove T-Pot user and group
 echo "Removing T-Pot user..."
 sudo userdel tpot
 echo "Removing T-Pot group..."
 sudo groupdel tpot
 # Remove aliases
 echo "Removing aliases..."
 sed -i '/alias dps=/d' ~/.bashrc
 sed -i '/alias dpsw=/d' ~/.bashrc
 # Remove installer lock file
 sudo rm /var/log/suse-install-lock
 echo "Done. Please reboot and re-connect via SSH on tcp/22"
--- a/_deprecated/installer/ubuntu/install.sh
+++ b/_deprecated/installer/ubuntu/install.sh
@ -1,85 +0,0 @@
 #!/bin/bash
 # Needs to run as non-root
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" == "root" ]
  then
    echo "Need to run as user ..."
    exit
 fi
 # Check if running on Ubuntu
 if ! grep -q 'ID=ubuntu' /etc/os-release; then
  echo "This script is designed to run on Ubuntu. Aborting."
  exit 1
 fi
 if [ -f /var/log/ubuntu-install-lock ]; then
  echo "Error: The installer has already been run on this system. If you wish to run it again, please run the uninstall.sh first."
  exit 1
 fi
 # Create installer lock file
 sudo touch /var/log/ubuntu-install-lock
 # Update SSH config
 echo "Updating SSH config..."
 sudo bash -c 'echo "Port 64295" >> /etc/ssh/sshd_config'
 sudo systemctl disable ssh.socket
 sudo rm /etc/systemd/system/ssh.service.d/00-socket.conf
 sudo systemctl enable ssh.service
 # Update DNS config
 echo "Updating DNS config..."
 sudo bash -c "sed -i 's/^.*DNSStubListener=.*/DNSStubListener=no/' /etc/systemd/resolved.conf"
 sudo systemctl restart systemd-resolved.service
 # Install recommended packages
 echo "Installing recommended packages..."
 sudo apt-get -y update
 sudo apt-get -y install bash-completion git grc net-tools vim
 # Remove old Docker
 echo "Removing old docker packages..."
 sudo apt-get -y remove docker docker-engine docker.io containerd runc
 # Add Docker to repositories, install latest docker
 echo "Adding Docker to repositories and installing..."
 sudo apt-get -y update
 sudo apt-get -y install ca-certificates curl gnupg
 sudo install -m 0755 -d /etc/apt/keyrings
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
 sudo chmod a+r /etc/apt/keyrings/docker.gpg
 echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
 sudo apt-get -y update
 sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 sudo systemctl enable docker
 sudo systemctl stop docker
 sudo systemctl start docker
 # Add T-Pot user and group to avoid any permission denied on the data folder while keeping permissions 770
 echo "Creating T-Pot group and user ..."
 addgroup --gid 2000 tpot
 adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
 # Add user to Docker, T-Pot group
 echo "Adding $(whoami) to Docker group..."
 sudo usermod -aG docker $(whoami)
 echo "Adding $(whoami) to T-Pot group..."
 sudo usermod -aG tpot $(whoami)
 # Add aliases
 echo "Adding aliases..."
 echo "alias dps='grc docker ps -a'" >> ~/.bashrc
 echo "alias dpsw='watch -c \"grc --colour=on docker ps -a\"'" >> ~/.bashrc
 # Show running services
 sudo grc netstat -tulpen
 echo "Please review for possible honeypot port conflicts."
 echo "While SSH is taken care of, other services such as"
 echo "SMTP, HTTP, etc. might prevent T-Pot from starting."
 echo "Done. Please reboot and re-connect via SSH on tcp/64295."
--- a/_deprecated/installer/ubuntu/uninstall.sh
+++ b/_deprecated/installer/ubuntu/uninstall.sh
@ -1,66 +0,0 @@
 #!/bin/bash
 # Needs to run as non-root
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" == "root" ]
  then
    echo "Need to run as user ..."
    exit
 fi
 # Check if running on Ubuntu
 if ! grep -q 'ID=ubuntu' /etc/os-release; then
  echo "This script is designed to run on Ubuntu. Aborting."
  exit 1
 fi
 # Check if installer lock file exists
 if [ ! -f /var/log/ubuntu-install-lock ]; then
  echo "Error: The installer has not been run on this system. Aborting."
  exit 1
 fi
 # Remove SSH config changes
 echo "Removing SSH config changes..."
 sudo sed -i '/Port 64295/d' /etc/ssh/sshd_config
 sudo systemctl disable ssh.service
 sudo systemctl enable ssh.socket
 # Remove DNS config changes
 echo "Updating DNS config..."
 sudo bash -c "sed -i 's/^.*DNSStubListener=.*/#DNSStubListener=yes/' /etc/systemd/resolved.conf"
 sudo systemctl restart systemd-resolved.service
 # Uninstall Docker
 echo "Stopping and removing all containers ..."
 docker stop $(docker ps -aq)
 docker rm $(docker ps -aq)
 echo "Uninstalling Docker..."
 sudo systemctl stop docker
 sudo systemctl disable docker
 sudo apt-get -y remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 sudo apt-get -y autoremove
 sudo rm -rf /etc/apt/sources.list.d/docker.list
 sudo rm -rf /etc/apt/keyrings/docker.gpg
 # Remove user from Docker, T-Pot group
 echo "Removing $(whoami) from T-Pot group..."
 sudo deluser $(whoami) tpot
 echo "Removing $(whoami) from Docker group..."
 sudo deluser $(whoami) docker
 # Remove T-Pot user and group
 echo "Removing T-Pot user..."
 sudo deluser tpot
 echo "Removing T-Pot group..."
 sudo delgroup tpot
 # Remove aliases
 echo "Removing aliases..."
 sed -i '/alias dps=/d' ~/.bashrc
 sed -i '/alias dpsw=/d' ~/.bashrc
 # Remove installer lock file
 sudo rm -f /var/log/ubuntu-install-lock
 echo "Done. Please reboot and re-connect via SSH on tcp/22"
--- a/_deprecated/iso/installer/install.sh
+++ b/_deprecated/iso/installer/install.sh
@ -1,922 +0,0 @@
 #!/bin/bash
 # T-Pot Universal Installer
 # Installer can only be executed once.
 myTPOT_INSTALL_LOG="/install.log"
 if [ -s "$myTPOT_INSTALL_LOG" ];
  then
    echo "Aborting. Installer can only be executed once."
    exit
 fi
 ##################
 # I. Global vars #
 ##################
 myBACKTITLE="T-Pot-Installer"
 myCONF_FILE="/root/installer/iso.conf"
 myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80"
 mySITES="https://ghcr.io https://github.com https://pypi.python.org https://debian.org"
 myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
 myLSB_STABLE_SUPPORTED="bullseye"
 myLSB_TESTING_SUPPORTED="stable"
 myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org https://listbot.sicherheitstacho.eu"
 myPREINSTALLPACKAGES="aria2 apache2-utils cracklib-runtime curl dialog figlet fuse grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet"
 if [ -f "../../packages.txt" ];
  then myINSTALLPACKAGESFILE="../../packages.txt"
 elif [ -f "/opt/tpot/packages.txt" ];
  then myINSTALLPACKAGESFILE="/opt/tpot/packages.txt"
 elif [ -f "/root/tpot/packages.txt" ];
  then myINSTALLPACKAGESFILE="/root/tpot/packages.txt"
 else
  echo "packages.txt NOT FOUND."
  exit 1
 fi
 myINSTALLPACKAGES=$(cat $myINSTALLPACKAGESFILE)
 myINFO="\
 ###########################################
 ### T-Pot Installer for Debian (Stable) ###
 ###########################################
 Disclaimer:
 This script will install T-Pot on this system.
 By running the script you know what you are doing:
 1. SSH will be reconfigured to tcp/64295.
 2. Please ensure other means of access to this system in case something goes wrong.
 3. At best this script will be executed on the console instead through a SSH session.
 ########################################
 Usage:
        $0 --help - Help.
 Example:
        $0 --type=user - Best option for most users."
 myNETWORK_INTERFACES="
 wpa-driver wired
 wpa-conf /etc/wpa_supplicant/wired8021x.conf
 ### Example wireless config for 802.1x
 ### This configuration was tested with the IntelNUC series
 ### If problems occur you can try and change wpa-driver to \"iwlwifi\"
 ### Do not forget to enter a ssid in /etc/wpa_supplicant/wireless8021x.conf
 ### The Intel NUC uses wlpXsY notation instead of wlanX
 #
 #auto wlp2s0
 #iface wlp2s0 inet dhcp
 #        wpa-driver wext
 #        wpa-conf /etc/wpa_supplicant/wireless8021x.conf
 "
 myNETWORK_WIRED8021x="ctrl_interface=/var/run/wpa_supplicant
 ctrl_interface_group=root
 eapol_version=1
 ap_scan=1
 network={
  key_mgmt=IEEE8021X
  eap=TLS
  identity=\"host/$myCONF_PFX_HOST_ID\"
  private_key=\"/etc/wpa_supplicant/8021x.pfx\"
  private_key_passwd=\"$myCONF_PFX_PW\"
 }
 "
 myNETWORK_WLAN8021x="ctrl_interface=/var/run/wpa_supplicant
 ctrl_interface_group=root
 eapol_version=1
 ap_scan=1
 network={
  ssid=\"<your_ssid_here_without_brackets>\"
  key_mgmt=WPA-EAP
  pairwise=CCMP
  group=CCMP
  eap=TLS
  identity=\"host/$myCONF_PFX_HOST_ID\"
  private_key=\"/etc/wpa_supplicant/8021x.pfx\"
  private_key_passwd=\"$myCONF_PFX_PW\"
 }
 "
 myNETWORK_WLANEXAMPLE="
 ### Example static ip config
 ### Replace <eth0> with the name of your physical interface name
 #
 #auto eth0
 #iface eth0 inet static
 # address 192.168.1.1
 # netmask 255.255.255.0
 # network 192.168.1.0
 # broadcast 192.168.1.255
 # gateway 192.168.1.1
 # dns-nameservers 192.168.1.1
 ### Example wireless config without 802.1x
 ### This configuration was tested with the IntelNUC series
 ### If problems occur you can try and change wpa-driver to \"iwlwifi\"
 #
 #auto wlan0
 #iface wlan0 inet dhcp
 #   wpa-driver wext
 #   wpa-ssid <your_ssid_here_without_brackets>
 #   wpa-ap-scan 1
 #   wpa-proto RSN
 #   wpa-pairwise CCMP
 #   wpa-group CCMP
 #   wpa-key-mgmt WPA-PSK
 #   wpa-psk \"<your_password_here_without_brackets>\"
 "
 myUPDATECHECK="APT::Periodic::Update-Package-Lists \"1\";
 APT::Periodic::Download-Upgradeable-Packages \"0\";
 APT::Periodic::AutocleanInterval \"7\";
 "
 mySYSCTLCONF="
 # Reboot after kernel panic, check via /proc/sys/kernel/panic[_on_oops]
 # Set required map count for ELK
 kernel.panic = 1
 kernel.panic_on_oops = 1
 vm.max_map_count = 262144
 "
 myFAIL2BANCONF="[DEFAULT]
 ignoreip = 127.0.0.1/8
 bantime = 3600
 findtime = 600
 maxretry = 5
 [nginx-http-auth]
 enabled  = true
 filter   = nginx-http-auth
 port     = 64297
 logpath  = /data/nginx/log/error.log
 [pam-generic]
 enabled = true
 port    = 64294
 filter  = pam-generic
 logpath = /var/log/auth.log
 [sshd]
 enabled = true
 port    = 64295
 filter  = sshd
 logpath = /var/log/auth.log
 "
 mySYSTEMDFIX="[Link]
 NamePolicy=kernel database onboard slot path
 MACAddressPolicy=none
 "
 myCOCKPIT_SOCKET="[Socket]
 ListenStream=
 ListenStream=64294
 "
 mySSHSETTINGS="
 Port 64295
 Match Group tpotlogs
        PermitOpen 127.0.0.1:64305
        ForceCommand /usr/bin/false
 "
 myRANDOM_HOUR=$(shuf -i 2-22 -n 1)
 myRANDOM_MINUTE=$(shuf -i 0-59 -n 1)
 myDEL_HOUR=$(($myRANDOM_HOUR+1))
 myPULL_HOUR=$(($myRANDOM_HOUR-2))
 myCRONJOBS="
 # Check if updated images are available and download them
 $myRANDOM_MINUTE $myPULL_HOUR * * *      root    docker-compose -f /opt/tpot/etc/tpot.yml pull
 # Uploaded binaries are not supposed to be downloaded
 */1 * * * *     root    mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/
 # Daily reboot
 $myRANDOM_MINUTE $myRANDOM_HOUR * * 1-6      root    systemctl stop tpot && docker stop \$(docker ps -aq) && docker rm \$(docker ps -aq); reboot
 # Check for updated packages every sunday, upgrade and reboot
 $myRANDOM_MINUTE $myRANDOM_HOUR * * 0     root    apt-fast autoclean -y && apt-fast autoremove -y && apt-fast update -y && apt-fast upgrade -y && sleep 10 && reboot
 "
 mySHELLCHECK='[[ $- == *i* ]] || return'
 myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
 myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
 myROOTCOLORS="export LS_OPTIONS='--color=auto'
 eval \"\`dircolors\`\"
 alias ls='ls \$LS_OPTIONS'
 alias ll='ls \$LS_OPTIONS -l'
 alias l='ls \$LS_OPTIONS -lA'"
 #################
 # II. Functions #
 #################
 # Create banners
 function fuBANNER {
  toilet -f ivrit "$1"
 }
 # Create funny words for hostnames
 function fuRANDOMWORD {
  local myWORDFILE="$1"
  local myLINES=$(cat $myWORDFILE | wc -l)
  local myRANDOM=$((RANDOM % $myLINES))
  local myNUM=$((myRANDOM * myRANDOM % $myLINES + 1))
  echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z)
 }
 # Do we have root?
 function fuGOT_ROOT {
 echo
 echo -n "### Checking for root: "
 if [ "$(whoami)" != "root" ];
  then
    echo "[ NOT OK ]"
    echo "### Please run as root."
    echo "### Example: sudo $0"
    exit
  else
    echo "[ OK ]"
 fi
 }
 # Check for pre-installer package requirements.
 # If not present install them
 function fuCHECKPACKAGES {
  export DEBIAN_FRONTEND=noninteractive
  # Make sure dependencies for apt-fast are installed
  myCURL=$(which curl)
  myWGET=$(which wget)
  mySUDO=$(which sudo)
  if [ "$myCURL" == "" ] || [ "$myWGET" == "" ] || [ "$mySUDO" == "" ]
    then
      echo "### Installing deps for apt-fast"
      apt-get -y update
      apt-get -y install curl wget sudo
  fi
  echo "### Installing apt-fast"
  /bin/bash -c "$(curl -sL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)"
  echo -n "### Checking for installer dependencies: "
  local myPACKAGES="$1"
  for myDEPS in $myPACKAGES;
    do
      myOK=$(dpkg -s $myDEPS 2>&1 | grep -w ok | awk '{ print $3 }' | head -n 1)
      if [ "$myOK" != "ok" ];
        then
          echo "[ NOW INSTALLING ]"
          apt-fast update -y
          apt-fast install -y $myPACKAGES
          break
      fi
  done
  if [ "$myOK" = "ok" ];
    then
      echo "[ OK ]"
  fi
 }
 # Check if remote sites are available
 function fuCHECKNET {
  if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
    then
      local mySITES="$1"
      mySITESCOUNT=$(echo $mySITES | wc -w)
      j=0
      for i in $mySITES;
        do
          echo $(expr 100 \* $j / $mySITESCOUNT) | dialog --title "[ Availability check ]" --backtitle "$myBACKTITLE" --gauge "\n  Now checking: $i\n" 8 80
          curl --connect-timeout 30 -IsS $i 2>&1>/dev/null
          if [ $? -ne 0 ];
            then
              dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nAvailability check failed. You can continue, but the installation might fail." 10 50
              if [ $? = 1 ];
                then
                  dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Abort ]" --msgbox "\nInstallation aborted. Exiting the installer." 7 50
                  exit
                else
                  break;
              fi;
          fi;
        let j+=1
        echo $(expr 100 \* $j / $mySITESCOUNT) | dialog --keep-window --title "[ Availability check ]" --backtitle "$myBACKTITLE" --gauge "\n  Now checking: $i\n" 8 80
      done;
  fi
 }
 # Install T-Pot dependencies
 function fuGET_DEPS {
  export DEBIAN_FRONTEND=noninteractive
  echo
  echo "### Getting update information."
  echo
  apt-fast -y update
  echo
  echo "### Upgrading packages."
  echo
  # Downlaod and upgrade packages, but silently keep existing configs
  echo "docker.io docker.io/restart       boolean true" | debconf-set-selections -v
  echo "debconf debconf/frontend select noninteractive" | debconf-set-selections -v
  apt-fast -y dist-upgrade -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
  echo
  echo "### Installing T-Pot dependencies."
  echo
  apt-fast -y install $myINSTALLPACKAGES
  # Remove exim4
  echo "### Removing and holding back problematic packages ..."
  apt-fast -y purge exim4-base mailutils pcp cockpit-pcp elasticsearch-curator
  apt-fast -y autoremove
  apt-mark hold exim4-base mailutils pcp cockpit-pcp
 }
 # Check for other services
 function fuCHECK_PORTS {
 if [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
  then
    echo
    echo "### Checking for active services."
    echo
    grc netstat -tulpen
    echo
    echo "### Please review your running services."
    echo "### We will take care of SSH (22), but other services i.e. FTP (21), TELNET (23), SMTP (25), HTTP (80), HTTPS (443), etc."
    echo "### might collide with T-Pot's honeypots and prevent T-Pot from starting successfully."
    echo
    while [ 1 != 2 ]
      do
        read -s -n 1 -p "Continue [y/n]? " mySELECT
 	echo
        case "$mySELECT" in
          [y,Y])
            break
            ;;
          [n,N])
            exit
            ;;
        esac
      done
 fi
 }
 ############################
 # III. Pre-Installer phase #
 ############################
 fuGOT_ROOT
 fuCHECKPACKAGES "$myPREINSTALLPACKAGES"
 #####################################
 # IV. Prepare installer environment #
 #####################################
 # Check for Debian release and extract command line arguments
 myLSB=$(lsb_release -c | awk '{ print $2 }')
 myVERSIONS="$myLSB_STABLE_SUPPORTED $myLSB_TESTING_SUPPORTED"
 mySUPPORT="FALSE"
 for i in $myVERSIONS
  do
    if [ "$myLSB" = "$i" ];
      then
        mySUPPORT="TRUE"
    fi
 done
 if [ "$mySUPPORT" = "FALSE" ];
  then
    echo "Aborting. Debian $myLSB is not supported."
    exit
 fi
 if [ "$1" == "" ];
  then
    echo "$myINFO"
    exit
 fi
 for i in "$@"
  do
    case $i in
      --conf=*)
        myTPOT_CONF_FILE="${i#*=}"
        shift
      ;;
      --type=user)
        myTPOT_DEPLOYMENT_TYPE="${i#*=}"
        shift
      ;;
      --type=auto)
        myTPOT_DEPLOYMENT_TYPE="${i#*=}"
        shift
      ;;
      --type=iso)
        myTPOT_DEPLOYMENT_TYPE="${i#*=}"
        shift
      ;;
      --help)
        echo "Usage: $0 <options>"
        echo
        echo "--conf=<Path to \"tpot.conf\">"
 	echo "  Use this if you want to automatically deploy a T-Pot instance (--type=auto implied)."
        echo "  A configuration example is available in \"tpotce/iso/installer/tpot.conf.dist\"."
        echo
        echo "--type=<[user, auto, iso]>"
 	echo "  user, use this if you want to manually install a T-Pot on a Debian (Stable) machine."
        echo "  auto, implied if a configuration file is passed as an argument for automatic deployment."
        echo "  iso, use this if you are a T-Pot developer and want to install a T-Pot from a pre-compiled iso."
        echo
 	exit
      ;;
      *)
        echo "$myINFO"
 	exit
      ;;
    esac
  done
 # Validate command line arguments and load config
 # If a valid config file exists, set deployment type to "auto" and load the configuration
 if [ "$myTPOT_DEPLOYMENT_TYPE" == "auto" ] && [ "$myTPOT_CONF_FILE" == "" ];
  then
    echo "Aborting. No configuration file given."
    exit
 fi
 if [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ];
  then
    myTPOT_DEPLOYMENT_TYPE="auto"
    if [ "$(head -n 1 $myTPOT_CONF_FILE | grep -c "# tpot")" == "1" ];
      then
        source "$myTPOT_CONF_FILE"
      else
 	echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not a T-Pot configuration file."
        exit
      fi
  elif ! [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ];
    then
      echo "Aborting. Config file \"$myTPOT_CONF_FILE\" not found."
      exit
 fi
 # Prepare running the installer
 myUSERCHECK=$(grep "tpot" /etc/passwd | wc -l)
 if [ "$myUSERCHECK" -gt "0" ];
  then
    echo "### The user name \"tpot\" already exists. The tpot username and group may not previously exist or T-Pot will not work."
    echo "### We recommend a fresh install according to the T-Pot Readme Post-Install method."
    echo
    echo "Aborting."
    echo
    exit 0
 fi
 echo "$myINFO" | head -n 3
 fuCHECK_PORTS
 #######################################
 # V. Installer user interaction phase #
 #######################################
 # Set TERM
 export TERM=linux
 # If this is a ISO installation we need to wait a few seconds to avoid interference with service messages
 if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
  then
    sleep 5
    dialog --keep-window --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 7 80 7
 fi
 # Check if remote sites are available
 fuCHECKNET "$myREMOTESITES"
 # Let' s load the iso config file if there is one
 if [ -f $myCONF_FILE ];
  then
    dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Found personalized iso.config ]" --msgbox "\nYour personalized settings will be applied!" 7 47
    source $myCONF_FILE
  else
    # dialog logic considers 1=false, 0=true
    myCONF_PROXY_USE="1"
    myCONF_PFX_USE="1"
    myCONF_NTP_USE="1"
 fi
 ### <--- Begin proxy setup
 # If a proxy is set in iso.conf it needs to be setup.
 # However, none of the other installation types will automatically take care of a proxy.
 # Please open a feature request if you think this is something worth considering.
 myPROXY="http://$myCONF_PROXY_IP:$myCONF_PROXY_PORT"
 myPROXY_ENV="export http_proxy=$myPROXY
 export https_proxy=$myPROXY
 export HTTP_PROXY=$myPROXY
 export HTTPS_PROXY=$myPROXY
 export no_proxy=localhost,127.0.0.1,.sock
 "
 myPROXY_APT="Acquire::http::Proxy \"$myPROXY\";
 Acquire::https::Proxy \"$myPROXY\";
 "
 myPROXY_DOCKER="http_proxy=$myPROXY
 https_proxy=$myPROXY
 HTTP_PROXY=$myPROXY
 HTTPS_PROXY=$myPROXY
 no_proxy=localhost,127.0.0.1,.sock
 "
 if [ "$myCONF_PROXY_USE" == "0" ];
  then
    # Let's setup proxy for the environment
    echo "$myPROXY_ENV" 2>&1 | tee -a /etc/environment | dialog --keep-window --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF
    source /etc/environment
    # Let's setup the proxy for apt
    echo "$myPROXY_APT" 2>&1 | tee /etc/apt/apt.conf | dialog --keep-window --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF
    # Let's add proxy settings to docker defaults
    echo "$myPROXY_DOCKER" 2>&1 | tee -a /etc/default/docker | dialog --keep-window --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF
    # Let's restart docker for proxy changes to take effect
    systemctl stop docker 2>&1 | dialog --keep-window --title "[ Stop docker service ]" $myPROGRESSBOXCONF
    systemctl start docker 2>&1 | dialog --keep-window --title "[ Start docker service ]" $myPROGRESSBOXCONF
 fi
 ### ---> End proxy setup
 # Let's ask the user for install flavor
 if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
  then
    myCONF_TPOT_FLAVOR=$(dialog --keep-window --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose Your T-Pot Edition ]" --menu \
    "\nRequired: 8-16GB RAM, 128GB SSD\nRecommended: 16GB RAM, 256GB SSD" 17 70 1 \
    "STANDARD" "T-Pot Standalone with everything you need" \
    "HIVE" "T-Pot Hive: ELK & Tools" \
    "HIVE_SENSOR" "T-Pot Hive Sensor: Honeypots & NSM" \
    "INDUSTRIAL" "Same as Standard with focus on Conpot" \
    "LOG4J" "Log4Pot, ELK, NSM & Tools" \
    "MEDICAL" "Dicompot, Medpot, ELK, NSM & Tools" \
    "MINI" "Same as Standard with focus on qHoneypots" \
    "SENSOR" "Just Honeypots & NSM" 3>&1 1>&2 2>&3 3>&-)
 fi
 # Let's ask for a secure tsec password if installation type is iso
 if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
  then
    myCONF_TPOT_USER="tsec"
    myPASS1="pass1"
    myPASS2="pass2"
    mySECURE="0"
    while [ "$myPASS1" != "$myPASS2"  ] && [ "$mySECURE" == "0" ]
      do
        while [ "$myPASS1" == "pass1"  ] || [ "$myPASS1" == "" ]
          do
            myPASS1=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \
                             --title "[ Enter password for console user (tsec) ]" \
                             --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-)
          done
            myPASS2=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \
                             --title "[ Repeat password for console user (tsec) ]" \
                             --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-)
        if [ "$myPASS1" != "$myPASS2" ];
          then
            dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \
                   --msgbox "\nPlease re-enter your password." 7 60
            myPASS1="pass1"
            myPASS2="pass2"
        fi
        mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK")
        if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ];
          then
            dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50
            myOK=$?
            if [ "$myOK" == "1" ];
              then
                myPASS1="pass1"
                myPASS2="pass2"
            fi
        fi
      done
    printf "%s" "$myCONF_TPOT_USER:$myPASS1" | chpasswd
 fi
 # Let's ask for web user credentials if deployment type is iso or user
 # In case of auto, credentials are created from config values
 # Skip this step entirely if SENSOR flavor
 if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
  then
    myOK="1"
    myCONF_WEB_USER="webuser"
    myCONF_WEB_PW="pass1"
    myCONF_WEB_PW2="pass2"
    mySECURE="0"
    while [ 1 != 2 ]
      do
        myCONF_WEB_USER=$(dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Enter your web user name ]" --inputbox "\nUsername (tsec not allowed)" 9 50 3>&1 1>&2 2>&3 3>&-)
        myCONF_WEB_USER=$(echo $myCONF_WEB_USER | tr -cd "[:alnum:]_.-")
        dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myCONF_WEB_USER" 7 50
        myOK=$?
        if [ "$myOK" = "0" ] && [ "$myCONF_WEB_USER" != "tsec" ] && [ "$myCONF_WEB_USER" != "" ];
          then
            break
        fi
      done
    while [ "$myCONF_WEB_PW" != "$myCONF_WEB_PW2"  ] && [ "$mySECURE" == "0" ]
      do
        while [ "$myCONF_WEB_PW" == "pass1"  ] || [ "$myCONF_WEB_PW" == "" ]
          do
            myCONF_WEB_PW=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \
                             --title "[ Enter password for your web user ]" \
                             --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-)
          done
        myCONF_WEB_PW2=$(dialog --keep-window --insecure --backtitle "$myBACKTITLE" \
                         --title "[ Repeat password for your web user ]" \
                         --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-)
        if [ "$myCONF_WEB_PW" != "$myCONF_WEB_PW2" ];
          then
            dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \
                   --msgbox "\nPlease re-enter your password." 7 60
            myCONF_WEB_PW="pass1"
            myCONF_WEB_PW2="pass2"
        fi
        mySECURE=$(printf "%s" "$myCONF_WEB_PW" | cracklib-check | grep -c "OK")
        if [ "$mySECURE" == "0" ] && [ "$myCONF_WEB_PW" == "$myCONF_WEB_PW2" ];
          then
            dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50
            myOK=$?
            if [ "$myOK" == "1" ];
              then
                myCONF_WEB_PW="pass1"
                myCONF_WEB_PW2="pass2"
            fi
        fi
      done
 fi
 dialog --clear
 ##########################
 # VI. Installation phase #
 ##########################
 exec 2> >(tee "/install.err")
 exec > >(tee "/install.log")
 fuBANNER "Installing ..."
 fuGET_DEPS
 # If flavor is SENSOR do not write credentials
 if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ];
  then
    fuBANNER "Webuser creds"
    mkdir -p /data/nginx/conf
    htpasswd -b -c /data/nginx/conf/nginxpasswd "$myCONF_WEB_USER" "$myCONF_WEB_PW"
    echo
 fi
 # Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway)
 if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ];
 then
  fuBANNER "NGINX Certificate"
  myINTIP=$(hostname -I | awk '{ print $1 }')
  mkdir -p /data/nginx/cert
  openssl req \
          -nodes \
          -x509 \
          -sha512 \
          -newkey rsa:8192 \
          -keyout "/data/nginx/cert/nginx.key" \
          -out "/data/nginx/cert/nginx.crt" \
          -days 3650 \
          -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' \
          -addext "subjectAltName = IP:$myINTIP"
 fi
 # Let's setup the ntp server
 if [ "$myCONF_NTP_USE" == "0" ];
  then
    fuBANNER "Setup NTP"
    cp $myCONF_NTP_CONF_FILE /etc/systemd/timesyncd.conf
 fi
 # Let's setup 802.1x networking
 if [ "myCONF_PFX_USE" == "0" ];
  then
    fuBANNER "Setup 802.1x"
    cp $myCONF_PFX_FILE /etc/wpa_supplicant/
    echo "$myNETWORK_INTERFACES" | tee -a /etc/network/interfaces
    echo "$myNETWORK_WIRED8021x" | tee /etc/wpa_supplicant/wired8021x.conf
    echo "$myNETWORK_WLAN8021x" | tee /etc/wpa_supplicant/wireless8021x.conf
 fi
 # Let's provide a wireless example config ...
 fuBANNER "Example config"
 echo "$myNETWORK_WLANEXAMPLE" | tee -a /etc/network/interfaces
 # Let's make sure SSH roaming is turned off (CVE-2016-0777, CVE-2016-0778)
 fuBANNER "SSH roaming off"
 echo "UseRoaming no" | tee -a /etc/ssh/ssh_config
 # Installing elasticdump, yq
 fuBANNER "Installing pkgs"
 npm install elasticdump -g
 pip3 install glances[docker] yq
 hash -r
 # Cloning T-Pot from GitHub
 if ! [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
  then
    fuBANNER "Cloning T-Pot"
    ### DEV
    git clone https://github.com/telekom-security/tpotce /opt/tpot
 fi
 # Let's create the T-Pot user
 fuBANNER "Create groups"
 addgroup --gid 2000 tpot
 addgroup tpotlogs
 fuBANNER "Create user"
 adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
 # Let's set the hostname
 a=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/a.txt)
 n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt)
 myHOST=$a$n
 fuBANNER "Set hostname"
 hostnamectl set-hostname $myHOST
 sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts
 # Prevent cloud-init from overwriting our new hostname
 if [ -f '/etc/cloud/cloud.cfg' ]; then
    sed -i 's/preserve_hostname.*/preserve_hostname: true/g' /etc/cloud/cloud.cfg
 fi
 # Let's patch cockpit.socket, sshd_config
 fuBANNER "Adjust ports"
 mkdir -p /etc/systemd/system/cockpit.socket.d
 echo "$myCOCKPIT_SOCKET" | tee /etc/systemd/system/cockpit.socket.d/listen.conf
 sed -i '/^port/Id' /etc/ssh/sshd_config
 echo "$mySSHSETTINGS" | tee -a /etc/ssh/sshd_config
 # Do not allow root login for cockpit
 sed -i '2i\auth requisite pam_succeed_if.so uid >= 1000' /etc/pam.d/cockpit
 # Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started
 case $myCONF_TPOT_FLAVOR in
  STANDARD)
    fuBANNER "STANDARD"
    ln -s /opt/tpot/etc/compose/standard.yml $myTPOTCOMPOSE
  ;;
  HIVE)
    fuBANNER "HIVE"
    ln -s /opt/tpot/etc/compose/hive.yml $myTPOTCOMPOSE
  ;;
  HIVE_SENSOR)
    fuBANNER "HIVE_SENSOR"
    ln -s /opt/tpot/etc/compose/hive_sensor.yml $myTPOTCOMPOSE
  ;;
  INDUSTRIAL)
    fuBANNER "INDUSTRIAL"
    ln -s /opt/tpot/etc/compose/industrial.yml $myTPOTCOMPOSE
  ;;
  LOG4J)
    fuBANNER "LOG4J"
    ln -s /opt/tpot/etc/compose/log4j.yml $myTPOTCOMPOSE
  ;;
  MEDICAL)
    fuBANNER "MEDICAL"
    ln -s /opt/tpot/etc/compose/medical.yml $myTPOTCOMPOSE
  ;;
  MINI)
    fuBANNER "MINI"
    ln -s /opt/tpot/etc/compose/mini.yml $myTPOTCOMPOSE
  ;;
  SENSOR)
    fuBANNER "SENSOR"
    ln -s /opt/tpot/etc/compose/sensor.yml $myTPOTCOMPOSE
  ;;
 esac
 # Let's load docker images
 function fuPULLIMAGES {
 for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | uniq)
  do
    docker pull $name
 done
 }
 fuBANNER "Pull images"
 fuPULLIMAGES
 # Let's add the daily update check with a weekly clean interval
 fuBANNER "Modify checks"
 echo "$myUPDATECHECK" | tee /etc/apt/apt.conf.d/10periodic
 # Let's make sure to reboot the system after a kernel panic
 fuBANNER "Tweak sysctl"
 echo "$mySYSCTLCONF" | tee -a /etc/sysctl.conf
 # Let's setup fail2ban config
 fuBANNER "Setup fail2ban"
 echo "$myFAIL2BANCONF" | tee /etc/fail2ban/jail.d/tpot.conf
 # Fix systemd error https://github.com/systemd/systemd/issues/3374
 fuBANNER "Systemd fix"
 echo "$mySYSTEMDFIX" | tee /etc/systemd/network/99-default.link
 # Let's add some cronjobs
 fuBANNER "Add cronjobs"
 echo "$myCRONJOBS" | tee -a /etc/crontab
 # Let's create some files and folders
 fuBANNER "Files & folders"
 mkdir -vp /data/adbhoney/{downloads,log} \
          /data/ciscoasa/log \
          /data/conpot/log \
          /data/citrixhoneypot/logs \
          /data/cowrie/{downloads,keys,misc,log,log/tty} \
          /data/ddospot/{bl,db,log} \
          /data/dicompot/{images,log} \
          /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
          /data/elasticpot/log \
          /data/elk/{data,log} \
          /data/endlessh/log \
          /data/ews/conf \
          /data/fatt/log \
          /data/glutton/log \
          /data/hellpot/log \
          /data/heralding/log \
          /data/honeypots/log \
          /data/honeysap/log \
          /data/honeytrap/{log,attacks,downloads} \
          /data/ipphoney/log \
          /data/log4pot/{log,payloads} \
          /data/mailoney/log \
          /data/medpot/log \
          /data/nginx/{log,heimdall} \
          /data/p0f/log \
          /data/redishoneypot/log \
          /data/sentrypeer/log \
          /data/spiderfoot \
          /data/suricata/log \
          /data/tanner/{log,files} \
          /home/tsec/.ssh/
 touch /data/nginx/log/error.log
 # Let's copy some files
 fuBANNER "Copy configs"
 tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C /
 cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/
 systemctl enable tpot
 # Let's take care of some files and permissions
 fuBANNER "Permissions"
 chmod 770 -R /data
 if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ];
  then
    usermod -a -G tpot tsec
    chown tsec:tsec -R /home/tsec/.ssh
  else
    usermod -a -G tpot $(who am i | awk '{ print $1 }')
 fi
 chown tpot:tpot -R /data
 chmod 644 -R /data/nginx/conf
 chmod 644 -R /data/nginx/cert
 # Let's replace "quiet splash" options, set a console font for more screen canvas and update grub
 fuBANNER "Options"
 sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet"#GRUB_CMDLINE_LINUX_DEFAULT="quiet consoleblank=0"#' /etc/default/grub
 sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub
 update-grub
 fuBANNER "Setup console"
 cp /usr/share/consolefonts/Uni2-Terminus12x6.psf.gz /etc/console-setup/
 gunzip /etc/console-setup/Uni2-Terminus12x6.psf.gz
 sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup
 sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup
 update-initramfs -u
 sed -i 's#After=.*#After=systemd-tmpfiles-setup.service console-screen.service kbd.service local-fs.target#' /etc/systemd/system/multi-user.target.wants/console-setup.service
 # Let's enable a color prompt and add /opt/tpot/bin to path
 fuBANNER "Setup prompt"
 tee -a /root/.bashrc <<EOF
 $mySHELLCHECK
 $myROOTPROMPT
 $myROOTCOLORS
 PATH="\$PATH:/opt/tpot/bin"
 EOF
 for i in $(ls -d /home/*/)
  do
 tee -a $i.bashrc <<EOF
 $mySHELLCHECK
 $myUSERPROMPT
 PATH="\$PATH:/opt/tpot/bin"
 EOF
 done
 # Let's create ews.ip before reboot and prevent race condition for first start
 fuBANNER "Update IP"
 /opt/tpot/bin/updateip.sh
 # Let's clean up apt
 fuBANNER "Clean up"
 apt-fast autoclean -y
 apt-fast autoremove -y
 # Final steps
 cp /opt/tpot/host/etc/rc.local /etc/rc.local && \
 rm -rf /root/installer && \
 rm -rf /etc/issue.d/cockpit.issue && \
 rm -rf /etc/motd.d/cockpit && \
 rm -rf /etc/issue.net && \
 rm -rf /etc/motd && \
 systemctl restart console-setup.service
 if [ "$myTPOT_DEPLOYMENT_TYPE" == "auto" ];
  then
    echo "Done. Please reboot."
  else
    fuBANNER "Rebooting ..."
    sleep 2
    reboot
 fi
--- a/_deprecated/iso/installer/iso.conf.dist
+++ b/_deprecated/iso/installer/iso.conf.dist
@ -1,12 +0,0 @@
 # makeiso configuration file
 myCONF_PROXY_USE='0'
 myCONF_PROXY_IP='1.2.3.4'
 myCONF_PROXY_PORT='3128'
 myCONF_PFX_USE='0'
 myCONF_PFX_FILE='/'
 myCONF_PFX_PW_USE='0'
 myCONF_PFX_PW='<SECRET>'
 myCONF_PFX_HOST_ID='<HOSTNAME>.<DOMAIN>'
 myCONF_NTP_USE='0'
 myCONF_NTP_IP='1.2.3.4'
 myCONF_NTP_CONF_FILE='/'
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Marco Ochse	9a42192a6c	Update screenshot	2024-04-22 17:23:50 +02:00
Marco Ochse	60be54059b	Merge 24.04 into master and prepare release Merge 24.04 into master and prepare release	2024-04-22 17:10:17 +02:00
Marco Ochse	0e73986772	Prepare for merge into master	2024-04-22 17:08:22 +02:00
Marco Ochse	35d68c88cd	resolve merge conflicts	2024-04-19 18:20:39 +02:00
Marco Ochse	85431b308d	add 24.04 version tag	2024-03-24 19:22:37 +01:00
Marco Ochse	086116f64d	tweaking	2024-03-24 18:15:58 +01:00
Marco Ochse	42689cf902	tweaking	2024-03-24 17:53:11 +01:00
Marco Ochse	0488849a37	tweaking	2024-03-24 17:28:26 +01:00
Marco Ochse	ebffec9b0f	tweaking	2024-03-24 17:22:43 +01:00
Marco Ochse	3e9c94c3ac	tweaking	2024-03-24 17:01:29 +01:00
Marco Ochse	e2d9362f8a	tweaking	2024-03-24 16:59:02 +01:00
Marco Ochse	3a81e988da	finish documentation add uninstaller playbook and script tweaking and cleanup	2024-03-24 16:21:51 +01:00
Marco Ochse	013f817c19	fix an issue where micro is missing in opensuse tumbleweed	2024-03-23 21:41:17 +01:00
Marco Ochse	d594c2aa0c	fix an issue where crontab (cron) is missing in ubuntu	2024-03-23 21:23:28 +01:00
Marco Ochse	8a64930b59	fix an issue where crontab (cronie) is missing in fedora	2024-03-23 20:08:27 +01:00
Marco Ochse	e0182cae6b	fix an issue where tar is missing for alma and rocky	2024-03-23 19:21:32 +01:00
Marco Ochse	d8c187b176	fix an issue where micro, htop and exa are no longer available for alma and rocky fix an issue for download links for supported linux distros	2024-03-23 19:16:50 +01:00
Marco Ochse	de9db43ae0	continue with documentation	2024-03-22 21:12:37 +01:00
Marco Ochse	558280a041	continue with documentation	2024-03-22 21:00:10 +01:00
Marco Ochse	cf5df3b60b	continue with documentation fix tpotinit entrypoint.sh to resolve a conflict with sensor deployment where data folder is not yet owned by tpot user	2024-03-22 20:47:39 +01:00
t3chn0m4g3	4585d750e1	add htop, cron job to t-pot playbook	2024-03-22 18:09:18 +01:00
t3chn0m4g3	9c1120384b	add logo to customizer, change path for genuser.sh, adjust README accordingly	2024-03-22 17:27:21 +01:00
Marco Ochse	fc0ca4c935	continue with documentation cleanup preview related folders fix typos / errors	2024-03-22 16:48:40 +01:00
Marco Ochse	e21eb1aef6	begin with documentation	2024-03-21 19:32:10 +01:00
t3chn0m4g3	0580215afd	tweak updater	2024-03-19 21:14:40 +01:00
t3chn0m4g3	f9ff4d10aa	add updater	2024-03-19 21:05:25 +01:00
t3chn0m4g3	abe03436d4	add tpot.service	2024-03-19 13:56:35 +01:00
t3chn0m4g3	234fb16394	tweaking where possible kibana visualizations are converted to lens objects (more than 100 objects) all dashboards have been updated fixes #1392 for leaving SentryPeer log tag out add wordpot dashboard after discussion (#1486) and testing iptables-legacy is no longer required include all kibana objects for installation cleaning up some service scripts	2024-03-18 16:19:49 +01:00
t3chn0m4g3	3546e31a7c	tweaking	2024-03-15 22:41:12 +01:00
t3chn0m4g3	b0a6ce432a	add wordpot to compose files	2024-03-13 17:03:30 +01:00
t3chn0m4g3	6c5e34f2bf	fix typo	2024-03-13 16:37:05 +01:00
t3chn0m4g3	3c7e27d9ad	better wording	2024-03-13 16:34:35 +01:00
t3chn0m4g3	fe5eac0104	add genuser.sh, fix errors macOS and Windows might not have htpasswd tools available, so adding this to the tpotinit image. users can run genuser.sh which simply contains a docker command to run tpotinit to create a user and add it to the T-Pot config (.env). Fix an issue where WEB_USER was added with hyphens Fix issues where shebang was incorrect Update .env / env.example	2024-03-13 16:30:17 +01:00
t3chn0m4g3	1e5e57a52b	fix git tree error	2024-03-12 17:37:23 +01:00
t3chn0m4g3	540d5574d1	cleanup, tweaking, updating make tpotinit aware of sigterm events to unload blackhole routes, firewall rules fixes #1204 where citrixhoneypot logs use logs instead of log folder bump ELK stack to 8.12.2 add wordpot logs to logstash pipeline bump t-pot attackmap to 2.2.0, alpine 3.19	2024-03-12 17:03:43 +01:00
t3chn0m4g3	1da35284be	update, tweaking, add add wordpot incl. json logging with activated plugins bump snare, tanner, phpox, tanner_redis to latest master and to alpine 3.19	2024-03-11 17:33:53 +01:00
t3chn0m4g3	4baac7ac04	update esvue, cleanup	2024-03-11 09:45:01 +01:00
t3chn0m4g3	97adcbeb1b	tweaking updating .env, env.example and compose files regarding sentrypeer ENVs make glutton image aware of payloads feature bump glutton to latest master, alpine 3.19, multi-stage build bump ipphoney to alpine 3.19 bump mailoney to alpine 3.19, adjust for py3 revert medpot to previous master, use multi stage build and alpine 3.19 bump cyberchef to latest master bump ngninx to alpine 3.19 bump p0f to alpine 3.19, use multi stage build bump redishoneypot to alpine 3.19, use multi stage build bump sentrypeer to latest master, fix bug for open ports in compose files, now all tcp/5060, udp/5060 traffic will be seen bump spiderfoot to latest master bump spiderfoot to alpine 3.19 bump suricata to 7.0.2, fix performance issue with capture-filter-bpf by reducing the rules update clean.sh to include glutton payloads folder	2024-03-09 12:11:14 +01:00
t3chn0m4g3	c45870594b	tweaking multi stage build for dicompot rebuild fatt, glutton, hellpot, honeypots for alpine 3.19 bump glutton, hellpot, honeypots to latest master	2024-03-05 19:50:35 +01:00
Marco Ochse	932ad6b27c	Fix repack for AMD64 .iso (#1481 )	2024-03-04 15:23:27 +01:00
t3chn0m4g3	519a101fdf	tweaking	2024-02-28 21:05:03 +01:00
t3chn0m4g3	be74fc75ca	tweaking healthcheck, watch pid not cpu cleanup dockerfiles bump dicompot, heralding, elasticpot, endlessh to alpine 3.19 bump dionaea, heralding to latest master	2024-02-28 19:07:22 +01:00
t3chn0m4g3	285b37a00d	cleanup	2024-02-27 20:28:07 +01:00
t3chn0m4g3	f9a9c8c4bf	tweak deploy, add autoheal, start update Dockerfiles - tweak deploy a little further - start with rebuilding Dockerfiles - rework healthcheck for adbhoney CPU issues - bump adbhoney, ciscoasa, citrixhoneypot, conpot, cowriepot, ddospot to alpine 3.19 - fix conpot issue with py 3.11 - bump conpot to latest master - bump cowrie to latest master - add autoheal to tpotinit to restart unhealthy container (if healthcheck enabled)	2024-02-27 20:23:30 +01:00
Marco Ochse	22d2bdff7e	update .env	2024-02-23 20:41:58 +01:00
t3chn0m4g3	2723becd96	continue work on sensor deploy	2024-02-23 20:30:12 +01:00
t3chn0m4g3	127f0c2c92	point installer and ansible to alpha	2024-02-23 17:30:36 +01:00
t3chn0m4g3	31f09413e0	continue working on env, tpotinit and deploy	2024-02-23 16:41:52 +01:00
t3chn0m4g3	72fd6d963b	start rework env, sensor deploy	2024-02-22 19:09:52 +01:00
Marco Ochse	a4262e9aae	Add SENSOR type to installer with info to deploy from HIVE.	2024-02-21 16:20:18 +01:00
t3chn0m4g3	4f41b84103	Adjust T-Pot config file, tpotinit fix logrotate.conf path add tpotinit logging add support for LS_WEB_USER in tpot config (.env) make tpotinit always validate config / adjust users on tpotinit start	2024-02-19 17:34:14 +01:00
Marco Ochse	09b75cb5be	Start working on new landing page Remove old code	2024-02-16 19:32:02 +01:00
Marco Ochse	0dda858ac1	Start working on new landing page Remove old code	2024-02-16 19:15:17 +01:00
Marco Ochse	0c9b58b6ac	Remove Cockpit	2024-02-15 18:32:16 +01:00
Marco Ochse	380ade13a3	make heralding work with py3.10+	2024-02-14 22:47:41 +01:00
Marco Ochse	e94f70a15f	Revert to medpot (75a2e6134cf926c35b6017d62542274434c87388) from 2 years ago since current master is broken.	2024-02-14 21:14:40 +01:00
Marco Ochse	8bbfe7ac62	Fix manuf location	2024-02-14 20:16:13 +01:00
Marco Ochse	7ae6c73b88	Testing and developing in alpha branch	2024-02-14 19:23:25 +01:00
Marco Ochse	02098f9b76	Update Citation	2023-08-28 10:29:24 +02:00
Marco Ochse	649163e06f	Update Citation	2023-08-28 10:16:18 +02:00
Marco Ochse	9d66bcb7d3	Add Bibtex, closes #1398	2023-08-28 10:02:59 +02:00
Marco Ochse	dc4384d6ab	Merge pull request #1369 from swiftsolves-msft/pr-azure Azure Deployment via ARM template	2023-08-22 13:36:09 +02:00
swiftsolves-msft	1af7cdcaa1	Azure Deployment via ARM template The following is a Azure Deployment of T-Pot using a ARM Template, creates a debian 11 vm, disks, nic, nsg, pip and leverages cloud-init customData to pass a B64 encoded string of a cloud-inity yaml file, example in readme docs.	2023-07-02 00:56:38 -04:00
		`@ -1,2 +0,0 @@`
			`# Enter the name of your cloud to use from clouds.yaml`
			`cloud: open-telekom-cloud`