docker-compose[21985]: In file /opt/tpot/etc/compose/elk_environment: environment variable name '<meta http-equiv' may not contain whitespace.

Pelican9091 commented 1 year ago

Before you post your issue make sure it has not been answered yet and provide basic support information if you come to the conclusion it is a new issue.

🔍 Use the search function first
🧐 Check our WIKI
📚 Consult the documentation of 💻 Debian, 🐳 Docker, the 🦌 ELK stack and the 🍯 T-Pot Readme.
⚠️ Provide basic support information or similiar information with regard to your issue or we can not help you and will close the issue without further notice

Docker compose want start the tpot.yml because of docker-compose[21985]: In file /opt/tpot/etc/compose/elk_environment: environment variable name '<meta http-equiv' may not contain whitespace. I have 2 fresh installs through the iso for Hive and Hive sensor who have this same issue.

⚠️ Basic support information (commands are expected to run as `root`)

What version of the OS are you currently using lsb_release -a and uname -a? Debian 11 bullseye 5.10.0-25-amd64 #1 SMP Debian 5.10.191-1 (2023-08-16) x86_64 GNU/Linux
What T-Pot version are you currently using? 22.04
What edition (Standard, Nextgen, etc.) of T-Pot are you running? Hive and Sensor
What architecture are you running on (i.e. hardware, cloud, VM, etc.)? VM (KVM/QEMU)
Did you have any problems during the install? If yes, please attach /install.log /install.err. No
How long has your installation been running? New
Did you install upgrades, packages or use the update script? No
Did you modify any scripts or configs? If yes, please attach the changes. No
Please provide a screenshot of glances and htop.
How much free disk space is available (df -h)? 173G
What is the current container status (dps.sh)? [ ========| System |======== ] DATE: Thu 21 Sep 2023 01:14:36 PM UTC UPTIME: 13:14:37 up 48 min, 1 user, load average: 0.05, 0.05, 0.00 T-POT: INACTIVE
BLACKHOLE: DISABLED

NAME STATUS PORTS elasticsearch DOWN
kibana DOWN
logstash DOWN
map_data DOWN
map_redis DOWN
map_web DOWN
nginx DOWN
spiderfoot DOWN

What is the status of the T-Pot service (systemctl status tpot)? (code=exited, status=1/FAILURE)
What ports are being occupied? Stop T-Pot systemctl stop tpot and run netstat -tulpen tcp 0 0 127.0.0.1:45251 0.0.0.0: LISTEN 0 14620 662/containerd
tcp 0 0 0.0.0.0:64295 0.0.0.0: LISTEN 0 13055 677/sshd: /usr/sbin tcp6 0 0 :::64294 ::: LISTEN 0 11409 1/init
tcp6 0 0 :::64295 ::: LISTEN 0 13057 677/sshd: /usr/sbin udp 0 0 0.0.0.0:68 0.0.0.0:* 0 327 590/dhclient
If a single container shows as DOWN you can run docker logs <container-name> for the latest log entries

t3chn0m4g3 commented 1 year ago

Please share the contents of /opt/tpot/etc/compose/elk_environment.

Pelican9091 commented 1 year ago

HONEY_UUID=xxxxxxxxxxxxxxx
MY_EXTIP=7X.XX.XX.XXX
MY_EXTIP_LAT=
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>403 Forbidden</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Forbidden</h1>
<h2>Your client does not have permission to get URL <code>/7X.XX.XX.XXX/loc</co>
<h2></h2>
</body></html>
MY_EXTIP_LONG=
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>403 Forbidden</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Forbidden</h1>
<h2>Your client does not have permission to get URL <code>/7X.XX.XX.XX/loc</co>
<h2></h2>
</body></html>
MY_INTIP=XX.XX.XX.XXX
MY_HOSTNAME=XX-XX-XX

t3chn0m4g3 commented 1 year ago

It is related to #1159 which means the rate limit for ipinfo has been exceeded.

Pelican9091 commented 1 year ago

Can you tell me more about the ipinfo limit? Is this used at installation? Can i use my own api key

telekom-security / tpotce