-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge 24.04 into master and prepare release
Merge 24.04 into master and prepare release
- Loading branch information
Showing
363 changed files
with
126,180 additions
and
22,121 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
# T-Pot config file. Do not remove. | ||
|
||
############################################### | ||
# T-Pot Base Settings - Adjust to your needs. # | ||
############################################### | ||
|
||
# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd. | ||
# <empty>: This is the default | ||
# <base64 encoded htpasswd usernames / passwords>: | ||
# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot, run 'install.sh' to automatically add a user during installation, or 'genuser.sh' if you just want to add a web user. | ||
# Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= | ||
# Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= | ||
# Multiple users are possible: | ||
# WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= dHNlYzokYXByMSR6VUFHVWdmOCRROXI3a09CTjFjY3lCeU1DTloyanEvCgo= | ||
WEB_USER= | ||
|
||
# Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd. | ||
# The Lostsash Web usernames are used for T-Pot log ingestion via Logstash, each sensor should have its own user. | ||
# <empty>: This is empty by default. | ||
# <'htpasswd encoded usernames / passwords'>: | ||
# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the LS_WEB_USER if you want to manually deploy the sensor. | ||
# Example: 'htpasswd -n -b "sensor" "sensor" | base64 -w0' will print c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg== | ||
# Copy the string and replace / add LS_WEB_USER=c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg== | ||
# Multiple users are possible: | ||
# LS_WEB_USER=c2Vuc29yMTokYXByMSQ5aXhNRk5yMCR6d3F2dGFwQ2x0cFBhU1pqMm9ZemYxCgo= c2Vuc29yMjokYXByMSRtYTlOS1J2NCQvU3dsVVBMeW5RaVIyM3pyWVAzOUkwCgo= | ||
LS_WEB_USER= | ||
|
||
# T-Pot Blackhole | ||
# ENABLED: T-Pot will download a db of known mass scanners and nullroute them. | ||
# Be aware, this will put T-Pot off the map for stealth reasons and | ||
# you will get less traffic. Routes will be active until next reboot | ||
# and will be re-added with every T-Pot start until disabled. | ||
# DISABLED: This is the default and no stealth efforts are in place. | ||
TPOT_BLACKHOLE=DISABLED | ||
|
||
# T-Pot Persistence | ||
# on: This is the default. T-Pot will keep the honeypot logfiles and rotate | ||
# with logrotate for 30 days. | ||
# off: This is recommended for Raspberry Pi or setups with weaker CPUs or | ||
# if you just do not need any of the logfiles. | ||
TPOT_PERSISTENCE=on | ||
|
||
# T-Pot Type | ||
# HIVE: This is the default and offers everything to connect T-Pot sensors. | ||
# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other | ||
# settings as well. | ||
# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml | ||
# 2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to | ||
# your SENSOR host to ~/tpotce/data/hive.crt | ||
# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below | ||
# Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>' | ||
# 4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string: | ||
# "echo -n 'username:password' | base64 -w0" | ||
TPOT_TYPE=HIVE | ||
|
||
# T-Pot Hive User (only relevant for SENSOR deployment) | ||
# <empty>: This is empty by default. | ||
# <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64 -w0" | ||
# i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ=' | ||
TPOT_HIVE_USER= | ||
|
||
# T-Pot Hive IP (only relevant for SENSOR deployment) | ||
# <empty>: This is empty by default. | ||
# <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local) | ||
TPOT_HIVE_IP= | ||
|
||
# T-Pot AttackMap Text Output | ||
# ENABLED: This is the default and the docker container map_data will print events to the console. | ||
# DISABLED: Printing events to the console is disabled. | ||
TPOT_ATTACKMAP_TEXT=ENABLED | ||
|
||
# T-Pot AttackMap Text Output Timezone | ||
# UTC: (T-Pot default) This is usually the best option. | ||
# Continent/City: In Linux you can check our timezone with `readlink` /etc/localtime or | ||
# see the full list here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones | ||
# Examples: America/New_York, Asia/Taipei, Australia/Melbourne, Europe/Athens, Europe/Berlin | ||
TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC | ||
|
||
################################################################################### | ||
# Honeypots / Tools settings | ||
################################################################################### | ||
# Some services / tools offer adjustments using ENVs which can be adjusted here. | ||
################################################################################### | ||
|
||
# Suricata ET Pro ruleset | ||
# OPEN: This is the default and will the ET Open ruleset | ||
# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset | ||
OINKCODE=OPEN | ||
|
||
|
||
################################################################################### | ||
# NEVER MAKE CHANGES TO THIS SECTION UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!!! # | ||
################################################################################### | ||
|
||
# docker.sock Path | ||
TPOT_DOCKER_SOCK=/var/run/docker.sock | ||
|
||
# docker compose .env | ||
TPOT_DOCKER_ENV=./.env | ||
|
||
# Docker-Compose file | ||
TPOT_DOCKER_COMPOSE=./docker-compose.yml | ||
|
||
# T-Pot Docker Repo | ||
# Depending on where you are located you may choose between DockerHub and GHCR | ||
# dtagdevsec: This will use the DockerHub image registry | ||
# ghcr.io/telekom-security: This will use the GitHub container registry | ||
TPOT_REPO=dtagdevsec | ||
|
||
# T-Pot Version Tag | ||
TPOT_VERSION=24.04 | ||
|
||
# T-Pot Pull Policy | ||
# always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry. | ||
# never: Compose implementations SHOULD NOT pull the image from a registry and SHOULD rely on the platform cached image. | ||
# missing: Compose implementations SHOULD pull the image only if it's not available in the platform cache. | ||
# build: Compose implementations SHOULD build the image. Compose implementations SHOULD rebuild the image if already present. | ||
TPOT_PULL_POLICY=always | ||
|
||
# T-Pot Data Path | ||
TPOT_DATA_PATH=./data | ||
|
||
# OSType (linux, mac, win) | ||
# Most docker features are available on linux | ||
TPOT_OSTYPE=linux |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,37 +1,42 @@ | ||
--- | ||
name: Bug report for T-Pot | ||
about: Bug report for T-Pot | ||
name: Bug report for T-Pot 24.04.x | ||
about: Bug report for T-Pot 24.04.x | ||
title: '' | ||
labels: '' | ||
assignees: '' | ||
|
||
--- | ||
|
||
Before you post your issue make sure it has not been answered yet and provide `basic support information` if you come to the conclusion it is a new issue. | ||
# Successfully raise an issue | ||
Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue. | ||
|
||
- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first | ||
- 🧐 Check our [WIKI](https://github.com/dtag-dev-sec/tpotce/wiki) | ||
- 📚 Consult the documentation of 💻 [Debian](https://www.debian.org/doc/), 🐳 [Docker](https://docs.docker.com/), the 🦌 [ELK stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md). | ||
- **⚠️ Provide [basic support information](#info) or similiar information with regard to your issue or we can not help you and will close the issue without further notice** | ||
- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions) | ||
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md). | ||
- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br> | ||
|
||
<br> | ||
<br> | ||
<br> | ||
# ⚠️ Basic support information (commands are expected to run as `root`) | ||
|
||
<a name="info"></a> | ||
## ⚠️ Basic support information (commands are expected to run as `root`) | ||
**We happily take the time to improve T-Pot and take care of things, but we need you to take the time to create an issue that provides us with all the information we need.** | ||
|
||
- What version of the OS are you currently using `lsb_release -a` and `uname -a`? | ||
- What T-Pot version are you currently using? | ||
- What edition (Standard, Nextgen, etc.) of T-Pot are you running? | ||
- What OS are you T-Pot running on? | ||
- What is the version of the OS `lsb_release -a` and `uname -a`? | ||
- What T-Pot version are you currently using (only **T-Pot 24.04.x** is currently supported)? | ||
- What architecture are you running on (i.e. hardware, cloud, VM, etc.)? | ||
- Did you have any problems during the install? If yes, please attach `/install.log` `/install.err`. | ||
- Review the `~/install_tpot.log`, attach the log and highlight the errors. | ||
- How long has your installation been running? | ||
- If it is a fresh install consult the documentation first. | ||
- Most likely it is a port conflict or a remote dependency was unavailable. | ||
- Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described [here](#how-to-raise-an-issue). | ||
- Did you install upgrades, packages or use the update script? | ||
- Did you modify any scripts or configs? If yes, please attach the changes. | ||
- Please provide a screenshot of `glances` and `htop`. | ||
- Please provide a screenshot of `htop` and `docker stats`. | ||
- How much free disk space is available (`df -h`)? | ||
- What is the current container status (`dps.sh`)? | ||
- What is the status of the T-Pot service (`systemctl status tpot`)? | ||
- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `netstat -tulpen` | ||
- On Linux: What is the status of the T-Pot service (`systemctl status tpot`)? | ||
- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `grc netstat -tulpen` | ||
- Stop T-Pot `systemctl stop tpot` | ||
- Run `grc netstat -tulpen` | ||
- Run T-Pot manually with `docker compose -f ~/tpotce/docker-compose.yml up` and check for errors | ||
- Stop execution with `CTRL-C` and `docker compose -f ~/tpotce/docker-compose.yml down -v` | ||
- If a single container shows as `DOWN` you can run `docker logs <container-name>` for the latest log entries |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,39 +1,42 @@ | ||
--- | ||
name: General issue for T-Pot | ||
about: General issue for T-Pot | ||
name: General issue for T-Pot 24.04.x | ||
about: General issue for T-Pot 24.04.x | ||
title: '' | ||
labels: '' | ||
assignees: '' | ||
|
||
--- | ||
|
||
🗨️ Please post your questions in [Discussions](https://github.com/telekom-security/tpotce/discussions) and keep the issues for **issues**. Thank you 😁.<br> | ||
|
||
Before you post your issue make sure it has not been answered yet and provide `basic support information` if you come to the conclusion it is a new issue. | ||
# Successfully raise an issue | ||
Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue. | ||
|
||
- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first | ||
- 🧐 Check our [WIKI](https://github.com/dtag-dev-sec/tpotce/wiki) | ||
- 📚 Consult the documentation of 💻 [Debian](https://www.debian.org/doc/), 🐳 [Docker](https://docs.docker.com/), the 🦌 [ELK stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md). | ||
- **⚠️ Provide [basic support information](#info) or similiar information with regard to your issue or we can not help you and will close the issue without further notice** | ||
- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions) | ||
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md). | ||
- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br> | ||
|
||
<br> | ||
<br> | ||
<br> | ||
# ⚠️ Basic support information (commands are expected to run as `root`) | ||
|
||
<a name="info"></a> | ||
## ⚠️ Basic support information (commands are expected to run as `root`) | ||
**We happily take the time to improve T-Pot and take care of things, but we need you to take the time to create an issue that provides us with all the information we need.** | ||
|
||
- What version of the OS are you currently using `lsb_release -a` and `uname -a`? | ||
- What T-Pot version are you currently using? | ||
- What edition (Standard, Nextgen, etc.) of T-Pot are you running? | ||
- What OS are you T-Pot running on? | ||
- What is the version of the OS `lsb_release -a` and `uname -a`? | ||
- What T-Pot version are you currently using (only **T-Pot 24.04.x** is currently supported)? | ||
- What architecture are you running on (i.e. hardware, cloud, VM, etc.)? | ||
- Did you have any problems during the install? If yes, please attach `/install.log` `/install.err`. | ||
- Review the `~/install_tpot.log`, attach the log and highlight the errors. | ||
- How long has your installation been running? | ||
- If it is a fresh install consult the documentation first. | ||
- Most likely it is a port conflict or a remote dependency was unavailable. | ||
- Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described [here](#how-to-raise-an-issue). | ||
- Did you install upgrades, packages or use the update script? | ||
- Did you modify any scripts or configs? If yes, please attach the changes. | ||
- Please provide a screenshot of `glances` and `htop`. | ||
- Please provide a screenshot of `htop` and `docker stats`. | ||
- How much free disk space is available (`df -h`)? | ||
- What is the current container status (`dps.sh`)? | ||
- What is the status of the T-Pot service (`systemctl status tpot`)? | ||
- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `netstat -tulpen` | ||
- On Linux: What is the status of the T-Pot service (`systemctl status tpot`)? | ||
- What ports are being occupied? Stop T-Pot `systemctl stop tpot` and run `grc netstat -tulpen` | ||
- Stop T-Pot `systemctl stop tpot` | ||
- Run `grc netstat -tulpen` | ||
- Run T-Pot manually with `docker compose -f ~/tpotce/docker-compose.yml up` and check for errors | ||
- Stop execution with `CTRL-C` and `docker compose -f ~/tpotce/docker-compose.yml down -v` | ||
- If a single container shows as `DOWN` you can run `docker logs <container-name>` for the latest log entries |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# Ignore data folder | ||
data/ | ||
**/.DS_Store | ||
.idea | ||
install_tpot.log |
Oops, something went wrong.