I installed T-POT on AWS, but docker is not stable and seems to repeat up and down as far as I see dps.sh
What version of the OS are you currently using lsb_release -a and uname -a?
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm
What architecture are you running on (i.e. hardware, cloud, VM, etc.)?
on AWS
Did you have any problems during the install? If yes, please attach /install.log/install.err.
no (used auto install)
How long has your installation been running?
2days
Did you install upgrades, packages or use the update script?
no
Please provide a screenshot of glances and htop.
How much free disk space is available (df -h)?
[root@uselessstadium:/opt/tpot]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/root 29G 12G 18G 40% /
tmpfs 7.9G 0 7.9G 0% /dev/shm
tmpfs 3.2G 3.8M 3.2G 1% /run
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/xvda15 105M 6.1M 99M 6% /boot/efi
tmpfs 1.6G 4.0K 1.6G 1% /run/user/1000
tmpfs 1.6G 4.0K 1.6G 1% /run/user/1001
What is the current container status (dps.sh)?
repeat the following status for good
--- UP ---
--- Exited ---
--- DOWN ---
What is the status of the T-Pot service (systemctl status tpot)?
systemctl status tpot
● tpot.service - tpot
Loaded: loaded (/etc/systemd/system/tpot.service; enabled; preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2023-11-21 06:10:53 UTC; 2s ago
Process: 188962 ExecStartPre=/opt/tpot/bin/updateip.sh (code=exited, status=0/SUCCESS)
Process: 188999 ExecStartPre=/bin/bash -c /opt/tpot/bin/clean.sh on (code=exited, status=127)
Process: 189066 ExecStartPre=/opt/tpot/bin/tpdclean.sh -y (code=exited, status=0/SUCCESS)
Process: 191146 ExecStartPre=/bin/bash -c /sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk '{ print $2 }' | tr -d [:punct:]) rx off tx off (code=exited, status=0/SUCCESS)
Process: 191152 ExecStartPre=/bin/bash -c /sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk '{ print $2 }' | tr -d [:punct:]) gso off gro off (code=exited, status=0/SUCCESS)
Process: 191158 ExecStartPre=/bin/bash -c /sbin/ip link set $(/sbin/ip address | grep "^2: " | awk '{ print $2 }' | tr -d [:punct:]) promisc on (code=exited, status=0/SUCCESS)
Process: 191164 ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set (code=exited, status=0/SUCCESS)
Process: 191189 ExecStart=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color (code=exited, status=1/FAILURE)
Process: 191190 ExecStartPost=/bin/bash -c /usr/bin/sleep 30 && /usr/sbin/conntrack -D -p udp (code=exited, status=0/SUCCESS)
Process: 196184 ExecStopPost=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml unset (code=exited, status=0/SUCCESS)
Main PID: 191189 (code=exited, status=1/FAILURE)
CPU: 7.767s
Nov 20 07:00:43 uselessstadium bash[181916]: chmod: cannot access '/data/honeytrap/attacks.tgz': No such file or directory
Nov 20 07:00:43 uselessstadium bash[181916]: chmod: cannot access '/data/honeytrap/downloads.tgz': No such file or directory
Nov 20 07:00:43 uselessstadium bash[181916]: chmod: cannot access '/data/tanner/files.tgz': No such file or directory
Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/adbhoney/downloads.tgz': No such file or directory
Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/cowrie/downloads.tgz': No such file or directory
Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/dionaea/bistreams.tgz': No such file or directory
Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/dionaea/binaries.tgz': No such file or directory
Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/honeytrap/attacks.tgz': No such file or directory
Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/honeytrap/downloads.tgz': No such file or directory
Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/tanner/files.tgz': No such file or directory
What ports are being occupied? Stop T-Pot systemctl stop tpot and run netstat -tulpen
netstat -tulpen After stop tpot
I installed T-POT on AWS, but docker is not stable and seems to repeat up and down as far as I see dps.sh
lsb_release -aanduname -a? No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 12 (bookworm) Release: 12 Codename: bookwormLinux separategray 6.1.0-13-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64 GNU/Linux
What T-Pot version are you currently using? 22.04
What architecture are you running on (i.e. hardware, cloud, VM, etc.)? on AWS
Did you have any problems during the install? If yes, please attach
/install.log/install.err. no (used auto install)How long has your installation been running? 2days
Did you install upgrades, packages or use the update script? no
Please provide a screenshot of
glancesandhtop.How much free disk space is available (
df -h)? [root@uselessstadium:/opt/tpot]# df -h Filesystem Size Used Avail Use% Mounted on /dev/root 29G 12G 18G 40% / tmpfs 7.9G 0 7.9G 0% /dev/shm tmpfs 3.2G 3.8M 3.2G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock /dev/xvda15 105M 6.1M 99M 6% /boot/efi tmpfs 1.6G 4.0K 1.6G 1% /run/user/1000 tmpfs 1.6G 4.0K 1.6G 1% /run/user/1001What is the current container status (
dps.sh)?repeat the following status for good
--- UP ---
--- Exited ---
--- DOWN ---
systemctl status tpot)? systemctl status tpot ● tpot.service - tpot Loaded: loaded (/etc/systemd/system/tpot.service; enabled; preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Tue 2023-11-21 06:10:53 UTC; 2s ago Process: 188962 ExecStartPre=/opt/tpot/bin/updateip.sh (code=exited, status=0/SUCCESS) Process: 188999 ExecStartPre=/bin/bash -c /opt/tpot/bin/clean.sh on (code=exited, status=127) Process: 189066 ExecStartPre=/opt/tpot/bin/tpdclean.sh -y (code=exited, status=0/SUCCESS) Process: 191146 ExecStartPre=/bin/bash -c /sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk '{ print $2 }' | tr -d [:punct:]) rx off tx off (code=exited, status=0/SUCCESS) Process: 191152 ExecStartPre=/bin/bash -c /sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk '{ print $2 }' | tr -d [:punct:]) gso off gro off (code=exited, status=0/SUCCESS) Process: 191158 ExecStartPre=/bin/bash -c /sbin/ip link set $(/sbin/ip address | grep "^2: " | awk '{ print $2 }' | tr -d [:punct:]) promisc on (code=exited, status=0/SUCCESS) Process: 191164 ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set (code=exited, status=0/SUCCESS) Process: 191189 ExecStart=/usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color (code=exited, status=1/FAILURE) Process: 191190 ExecStartPost=/bin/bash -c /usr/bin/sleep 30 && /usr/sbin/conntrack -D -p udp (code=exited, status=0/SUCCESS) Process: 196184 ExecStopPost=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml unset (code=exited, status=0/SUCCESS) Main PID: 191189 (code=exited, status=1/FAILURE) CPU: 7.767sNov 20 07:00:43 uselessstadium bash[181916]: chmod: cannot access '/data/honeytrap/attacks.tgz': No such file or directory Nov 20 07:00:43 uselessstadium bash[181916]: chmod: cannot access '/data/honeytrap/downloads.tgz': No such file or directory Nov 20 07:00:43 uselessstadium bash[181916]: chmod: cannot access '/data/tanner/files.tgz': No such file or directory Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/adbhoney/downloads.tgz': No such file or directory Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/cowrie/downloads.tgz': No such file or directory Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/dionaea/bistreams.tgz': No such file or directory Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/dionaea/binaries.tgz': No such file or directory Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/honeytrap/attacks.tgz': No such file or directory Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/honeytrap/downloads.tgz': No such file or directory Nov 20 07:00:43 uselessstadium bash[181917]: chown: cannot access '/data/tanner/files.tgz': No such file or directory
systemctl stop tpotand runnetstat -tulpennetstat -tulpen After stop tpot[root@uselessstadium:/opt/tpot]# netstat -tulpen Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:5355 0.0.0.0: LISTEN 996 12028 327/systemd-resolve tcp 0 0 127.0.0.1:64296 0.0.0.0: LISTEN 0 675571 204425/docker-proxy tcp 0 0 127.0.0.53:53 0.0.0.0: LISTEN 996 12035 327/systemd-resolve tcp 0 0 127.0.0.54:53 0.0.0.0: LISTEN 996 12037 327/systemd-resolve tcp 0 0 127.0.0.1:34575 0.0.0.0: LISTEN 0 14316 525/containerd
tcp 0 0 0.0.0.0:64295 0.0.0.0: LISTEN 0 14201 538/sshd: /usr/sbin tcp6 0 0 :::5355 ::: LISTEN 996 12031 327/systemd-resolve tcp6 0 0 :::64295 ::: LISTEN 0 14212 538/sshd: /usr/sbin tcp6 0 0 :::64294 ::: LISTEN 0 13884 1/init
udp 0 0 127.0.0.54:53 0.0.0.0: 996 12036 327/systemd-resolve udp 0 0 127.0.0.53:53 0.0.0.0: 996 12034 327/systemd-resolve udp 0 0 172.31.16.137:68 0.0.0.0: 998 409005 431/systemd-network udp 0 0 0.0.0.0:5355 0.0.0.0: 996 12027 327/systemd-resolve udp6 0 0 :::5355 ::: 996 12030 327/systemd-resolve
DOWNyou can rundocker logs <container-name>for the latest log entries not single, every docker...