search

telekom-security / tpotce

🍯 T-Pot - The All In One Multi Honeypot Platform 🐝
GNU General Public License v3.0
6.84k stars 1.08k forks source link

elasticpot and ipphoney showing down after clean install. #1288

Closed LuXc-NL closed 1 year ago

LuXc-NL commented 1 year ago

After a clean install I noticed that ipphoney and elasticpot are down. Elasticpot is using port 9200 but this is already in use by elasticsearch.

[root@NH-TPOT:~/tpotce/bin]# ./dps.sh 
[ ========| System |======== ]
     DATE:  Wed 29 Mar 2023 06:04:39 PM CEST
   UPTIME:   18:04:39 up 50 min,  1 user,  load average: 0.53, 0.44, 0.40
    T-POT:  ACTIVE       
BLACKHOLE:  DISABLED

NAME                  STATUS                       PORTS
adbhoney              Up 49 minutes (healthy)   0.0.0.0:5555->5555/tcp
ciscoasa              Up 49 minutes             0.0.0.0:5000->5000/udp, 0.0.0.0:8443->8443/tcp
citrixhoneypot        Up 49 minutes             0.0.0.0:443->443/tcp
conpot_guardian_ast   Up 49 minutes (healthy)   0.0.0.0:10001->10001/tcp
conpot_iec104         Up 49 minutes (healthy)   0.0.0.0:161->161/udp, 0.0.0.0:2404->2404/tcp
conpot_ipmi           Up 49 minutes (healthy)   0.0.0.0:623->623/udp
conpot_kamstrup_382   Up 49 minutes (healthy)   0.0.0.0:1025->1025/tcp, 0.0.0.0:50100->50100/tcp
cowrie                Up 49 minutes             0.0.0.0:22-23->22-23/tcp
ddospot               Up 49 minutes             0.0.0.0:19->19/udp, 0.0.0.0:53->53/udp, 0.0.0.0:123->123/udp, 0.0.0.0:1900->1900/udp
dicompot              Up 49 minutes             0.0.0.0:11112->11112/tcp
dionaea               Up 49 minutes (healthy)   0.0.0.0:20-21->20-21/tcp, 0.0.0.0:42->42/tcp, 0.0.0.0:81->81/tcp, 0.0.0.0:135->135/tcp, 0.0.0.0:445->445/tcp, 0.0.0.0:1433->1433/tcp, 0.0.0.0:1723->1723/tcp, 0.0.0.0:1883->1883/tcp, 0.0.0.0:3306->3306/tcp, 0.0.0.0:27017->27017/tcp, 0.0.0.0:69->69/udp
elasticsearch         Up 49 minutes (healthy)   127.0.0.1:64298->9200/tcp
ewsposter             Up 8 seconds              
fatt                  Up 49 minutes             
heralding             Up 49 minutes             0.0.0.0:110->110/tcp, 0.0.0.0:143->143/tcp, 0.0.0.0:465->465/tcp, 0.0.0.0:993->993/tcp, 0.0.0.0:995->995/tcp, 0.0.0.0:1080->1080/tcp, 0.0.0.0:5432->5432/tcp, 0.0.0.0:5900->5900/tcp
honeytrap             Up 49 minutes             
kibana                Up 49 minutes (healthy)   127.0.0.1:64296->5601/tcp
logstash              Up 49 minutes (healthy)   
mailoney              Up 49 minutes             0.0.0.0:25->25/tcp
map_data              Up 49 minutes             
map_redis             Up 49 minutes             
map_web               Up 49 minutes             127.0.0.1:64299->64299/tcp
medpot                Up 49 minutes             0.0.0.0:2575->2575/tcp
nginx                 Up 49 minutes             
p0f                   Up 49 minutes             
redishoneypot         Up 49 minutes             0.0.0.0:6379->6379/tcp
sentrypeer            Up 49 minutes             0.0.0.0:5060->5060/udp
snare                 Up 49 minutes             0.0.0.0:80->80/tcp
spiderfoot            Up 49 minutes (healthy)   127.0.0.1:64303->8080/tcp
suricata              Up 49 minutes             
tanner                Up 49 minutes             
tanner_api            Up 49 minutes             
tanner_phpox          Up 49 minutes             
tanner_redis          Up 49 minutes             
elasticpot            DOWN                  
ipphoney              DOWN

Is it safe to change this port to e.g. 9300 in the docker-compose?

ipphoney is throwing the following error:

Traceback (most recent call last):
  File "/opt/ipphoney/ipphoney.py", line 105, in <module>
    main()
  File "/opt/ipphoney/ipphoney.py", line 88, in main
    cfg_options = set_options()
  File "/opt/ipphoney/ipphoney.py", line 77, in set_options
    cfg_options['public_ip'] = get_public_ip(cfg_options['public_ip_url'])
  File "/opt/ipphoney/core/tools.py", line 70, in get_public_ip
    return decode(urlopen(ip_reporter).read())
  File "/usr/lib/python3.10/urllib/request.py", line 216, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python3.10/urllib/request.py", line 519, in open
    response = self._open(req, data)
  File "/usr/lib/python3.10/urllib/request.py", line 536, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
  File "/usr/lib/python3.10/urllib/request.py", line 496, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.10/urllib/request.py", line 1391, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
  File "/usr/lib/python3.10/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 99] Address not available>
Traceback (most recent call last):
  File "/usr/lib/python3.10/urllib/request.py", line 1348, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/usr/lib/python3.10/http/client.py", line 1282, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1328, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1277, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1037, in _send_output
    self.send(msg)
  File "/usr/lib/python3.10/http/client.py", line 975, in send
    self.connect()
  File "/usr/lib/python3.10/http/client.py", line 1447, in connect
    super().connect()
  File "/usr/lib/python3.10/http/client.py", line 941, in connect
    self.sock = self._create_connection(
  File "/usr/lib/python3.10/socket.py", line 845, in create_connection
    raise err
  File "/usr/lib/python3.10/socket.py", line 833, in create_connection
    sock.connect(sa)
OSError: [Errno 99] Address not available

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/ipphoney/ipphoney.py", line 105, in <module>
    main()
  File "/opt/ipphoney/ipphoney.py", line 88, in main
    cfg_options = set_options()
  File "/opt/ipphoney/ipphoney.py", line 77, in set_options
    cfg_options['public_ip'] = get_public_ip(cfg_options['public_ip_url'])
  File "/opt/ipphoney/core/tools.py", line 70, in get_public_ip
    return decode(urlopen(ip_reporter).read())
  File "/usr/lib/python3.10/urllib/request.py", line 216, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python3.10/urllib/request.py", line 519, in open
    response = self._open(req, data)
  File "/usr/lib/python3.10/urllib/request.py", line 536, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
  File "/usr/lib/python3.10/urllib/request.py", line 496, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.10/urllib/request.py", line 1391, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
  File "/usr/lib/python3.10/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 99] Address not available>

uname -a:

[root@NH-TPOT:~/tpotce/docker/elasticpot]# uname -a
Linux NH-TPOT 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
t3chn0m4g3 commented 1 year ago

This is a post-install, please check here for troubleshooting advice, most likely there is a conflicting port on your machine. Closing this, since all docker-compose files are carefully tested and crafted to ensure there are no port conflicts, also elasticsearch is running on tcp/64298 and does not collide with other services.

LuXc-NL commented 1 year ago

I tried it on multiple machines and I can assure you the port is not used (for both ipphoney and elasticpot). You are correct about elasticsearch running on the port tcp/64298.

LuXc-NL commented 1 year ago

Nevermind. I was blocking the following domains in my Pi-hole:

Working fine now.