diff --git a/compose/mac_win.yml b/compose/mac_win.yml index de60b56d0..f613618c2 100644 --- a/compose/mac_win.yml +++ b/compose/mac_win.yml @@ -53,6 +53,7 @@ services: - ${TPOT_DOCKER_COMPOSE}:/tmp/tpot/docker-compose.yml:ro - ${TPOT_DATA_PATH}/blackhole:/etc/blackhole - ${TPOT_DATA_PATH}:/data + - /var/run/docker.sock:/var/run/docker.sock:ro ################## @@ -190,32 +191,6 @@ services: volumes: - ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot -# Conpot kamstrup_382 - conpot_kamstrup_382: - container_name: conpot_kamstrup_382 - restart: always - depends_on: - tpotinit: - condition: service_healthy - environment: - - CONPOT_CONFIG=/etc/conpot/conpot.cfg - - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json - - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log - - CONPOT_TEMPLATE=kamstrup_382 - - CONPOT_TMP=/tmp/conpot - tmpfs: - - /tmp/conpot:uid=2000,gid=2000 - networks: - - conpot_local_kamstrup_382 - ports: - - "1025:1025" - - "50100:50100" - image: ${TPOT_REPO}/conpot:${TPOT_VERSION} - pull_policy: ${TPOT_PULL_POLICY} - read_only: true - volumes: - - ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot - # Cowrie service cowrie: container_name: cowrie @@ -303,7 +278,7 @@ services: - "81:81" - "135:135" # - "443:443" - - "445:445" + # - "445:445" - "1433:1433" - "1723:1723" - "1883:1883" diff --git a/docker/tpotinit/dist/entrypoint.sh b/docker/tpotinit/dist/entrypoint.sh index 87fdc21f4..80bd25b9b 100755 --- a/docker/tpotinit/dist/entrypoint.sh +++ b/docker/tpotinit/dist/entrypoint.sh @@ -7,14 +7,17 @@ exec > >(tee /data/tpotinit.log) 2>&1 cleanup() { echo "# SIGTERM received, cleaning up ..." echo - echo "## ... removing firewall rules." - /opt/tpot/bin/rules.sh ${COMPOSE} unset - echo - if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ -f "/etc/blackhole/mass_scanner.txt" ]; + if [ "${TPOT_OSTYPE}" = "linux" ]; then - echo "## ... removing Blackhole routes." - /opt/tpot/bin/blackhole.sh del + echo "## ... removing firewall rules." + /opt/tpot/bin/rules.sh ${COMPOSE} unset echo + if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ -f "/etc/blackhole/mass_scanner.txt" ]; + then + echo "## ... removing Blackhole routes." + /opt/tpot/bin/blackhole.sh del + echo + fi fi kill -TERM "$PID" rm -f /tmp/success @@ -153,25 +156,42 @@ update_permissions # Check for compatible OSType echo -echo "# Checking if OSType is compatible." +echo "# Checking if OSType is set correctly." echo -myOSTYPE=$(uname -a | grep -Eo "linuxkit") -if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ]; +myOSTYPE=$(uname -a | grep -Eo "microsoft|linuxkit") +if [ "${myOSTYPE}" == "microsoft" ] && [ "${TPOT_OSTYPE}" != "win" ]; then - echo "# Docker Desktop for macOS or Windows detected." - echo "# 1. You need to adjust the OSType the T-Pot .env config." - echo "# 2. You need to use the macos or win docker compose file." + echo "# Docker Desktop for Windows detected, but TPOT_OSTYPE is not set to win." + echo "# 1. You need to adjust the OSType in the T-Pot .env config." + echo "# 2. You need to copy compose/mac_win.yml to ./docker-compose.yml." echo echo "# Aborting." echo + sleep 1 exit 1 fi -if ! [ "${myOSTYPE}" == "linuxkit" ] && ! [ -S /var/run/docker.sock ]; +if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" != "mac" ]; then - echo "# Cannot access /var/run/docker.sock, check docker-compose.yml for proper volume definition." + echo "# Docker Desktop for macOS detected, but TPOT_OSTYPE is not set to mac." + echo "# 1. You need to adjust the OSType in the T-Pot .env config." + echo "# 2. You need to copy compose/mac_win.yml to ./docker-compose.yml." echo echo "# Aborting." + echo + sleep 1 + exit 1 +fi + +if [ "${myOSTYPE}" == "" ] && [ "${TPOT_OSTYPE}" != "linux" ]; + then + echo "# Docker Engine detected, but TPOT_OSTYPE is not set to linux." + echo "# 1. You need to adjust the OSType in the T-Pot .env config." + echo "# 2. You need to copy compose/standard.yml to ./docker-compose.yml." + echo + echo "# Aborting." + echo + sleep 1 exit 1 fi @@ -255,12 +275,8 @@ if [ -f "/data/uuid" ]; fi # Check if TPOT_BLACKHOLE is enabled -if [ "${myOSTYPE}" == "linuxkit" ]; +if [ "${TPOT_OSTYPE}" == "linux" ]; then - echo - echo "# Docker Desktop for macOS or Windows detected, Blackhole feature is not supported." - echo - else if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ ! -f "/etc/blackhole/mass_scanner.txt" ]; then echo @@ -278,6 +294,10 @@ if [ "${myOSTYPE}" == "linuxkit" ]; echo echo "# Blackhole is not active." fi + else + echo + echo "# T-Pot is configured for macOS / Windows. Blackhole is not supported." + echo fi # Get IP @@ -291,7 +311,7 @@ update_permissions # Update interface settings (p0f and Suricata) and setup iptables to support NFQ based honeypots (glutton, honeytrap) ### This is currently not supported on Docker for Desktop, only on Docker Engine for Linux -if [ "${myOSTYPE}" != "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ]; +if [ "${TPOT_OSTYPE}" == "linux" ]; then echo echo "# Get IF, disable offloading, enable promiscious mode for p0f and suricata ..." @@ -303,10 +323,14 @@ if [ "${myOSTYPE}" != "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ]; echo "# Adding firewall rules ..." echo /opt/tpot/bin/rules.sh ${COMPOSE} set + else + echo + echo "# T-Pot is configured for macOS / Windows. Setting up firewall rules on the host is not supported." + echo fi # Display open ports -if [ "${myOSTYPE}" != "linuxkit" ]; +if [ "${TPOT_OSTYPE}" = "linux" ]; then echo echo "# This is a list of open ports on the host (netstat -tulpen)." @@ -317,7 +341,7 @@ if [ "${myOSTYPE}" != "linuxkit" ]; echo else echo - echo "# Docker Desktop for macOS or Windows detected, cannot show open ports on the host." + echo "# T-Pot is configured for macOS / Windows. Showing open ports from the host is not supported." echo fi @@ -331,25 +355,20 @@ touch /tmp/success # We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994) # Start autoheal if running on a supported os -if [ "${myOSTYPE}" != "linuxkit" ]; +if [ "${TPOT_OSTYPE}" = "linux" ]; then sleep 60 echo "# Dropping UDP connection tables to improve visibility of true source IPs." /usr/sbin/conntrack -D -p udp + else # Starting container health monitoring echo figlet "Starting ..." figlet "Autoheal" echo "# Now monitoring healthcheck enabled containers to automatically restart them when unhealthy." echo - # exec /opt/tpot/autoheal.sh autoheal /opt/tpot/autoheal.sh autoheal & PID=$! wait $PID echo "# T-Pot Init and Autoheal were stopped. Exiting." - else - echo - echo "# Docker Desktop for macOS or Windows detected, Conntrack feature is not supported." - echo - sleep infinity fi diff --git a/dps.ps1 b/dps.ps1 new file mode 100644 index 000000000..12dcc2f8f --- /dev/null +++ b/dps.ps1 @@ -0,0 +1,20 @@ +# Format, colorize docker ps output +# Define a fixed width for the STATUS column +$statusWidth = 30 + +# Capture the Docker output into a variable +$dockerOutput = docker ps -f status=running -f status=exited --format "{{.Names}}`t{{.Status}}`t{{.Ports}}" + +# Print header with colors +Write-Host ("NAME".PadRight(20) + "STATUS".PadRight($statusWidth) + "PORTS") -ForegroundColor Cyan -NoNewline +Write-Host "" + +# Split the output into lines and loop over them +$dockerOutput -split '\r?\n' | ForEach-Object { + if ($_ -ne "") { + $fields = $_ -split "`t" + Write-Host ($fields[0].PadRight(20)) -NoNewline -ForegroundColor Yellow + Write-Host ($fields[1].PadRight($statusWidth)) -NoNewline -ForegroundColor Green + Write-Host ($fields[2]) -ForegroundColor Blue + } +} diff --git a/genuserwin.ps1 b/genuserwin.ps1 new file mode 100644 index 000000000..3cc468896 --- /dev/null +++ b/genuserwin.ps1 @@ -0,0 +1,12 @@ +# Run genuser.sh within tpotinit, prepare path and file +# Define the volume paths +$homePath = $Env:USERPROFILE + "\tpotce" +$nginxpasswdPath = $homePath + "\data\nginx\conf\nginxpasswd" + +# Ensure nginxpasswd file exists +if (-Not (Test-Path $nginxpasswdPath)) { + New-Item -ItemType File -Force -Path $nginxpasswdPath +} + +# Run the Docker container without specifying UID / GID +docker run -v "${homePath}:/data" --entrypoint bash -it dtagdevsec/tpotinit:24.04 "/opt/tpot/bin/genuser.sh"