Closed FloppyDucks closed 1 month ago
also If you want me to point out exactly where and what part of the code/script I changed I can do that, I neglected to do that in my first post, wasnt sure how long/ much you needed? I can go more in detail depending on how much you need?
You are modifying the wrong files. Identify the Dockerfile
in docker/citrixhoneypot
, you will find all the necessary files / folder names to adjust citrixhoneypot service in docker-compose.yml
in tpotce/
folder (not in the docker/citrixhoneypot/
folder) with volumes for the certificate. Examples how to handle docker volumes are available in the Wiki.
wow your fast, thanks ! ok so from what I understood. use the DockerFile from ~/docker/citrixhoneypot/ and then the only .yml file i should modify should be the main one in ~/tpotce thats really long. let me check out the wiki
lsb_release -a
anduname -a
? _Linux blackwaters.org 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x8664 GNU/Linux~/install_tpot.log
, attach the log and highlight the errors. no errors, it installs fine and runs fine. **2024-05-29 14:39:30,354 p=1253 u=TPOT n=ansible | PLAY RECAP ***>2024-05-29 14:39:30,354 p=1253 u=TPOT n=ansible | 127.0.0.1 : ok=36 changed=18 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0**I did this and it did not fix my issue sadly
htop
anddocker stats
. attached belowdf -h
)? plenty of roomdps
)? fine, tbh not sure and have no idea where to find this dpssystemctl status tpot
)? active, running, working just finesystemctl stop tpot
and rungrc netstat -tulpen
attached belowsystemctl stop tpot
I do this AT least once an hour :) for testing and debugginggrc netstat -tulpen
same ports pop up all is finedocker compose -f ~/tpotce/docker-compose.yml up
and check for errors yep works like a charmCTRL-C
anddocker compose -f ~/tpotce/docker-compose.yml down -v
DOWN
you can rundocker logs <container-name>
for the latest log entries no issues_**Now for the meat and potatoes my real issue is my inability to set up my ssl certificate for the citrixhoneypot over 443. I was able to set up my ssl cert for 64297 for the nginx. So I set up the ssl cert for the nginx management portal using a letsencrypt ssl cert. So I figured when I went to go and set up an ssl cert for 443 it would be a similar process. I added in the Citrixdocker file a few extra lines to copy my ssl cert to /opt/citrixhoneypot/cert/ I also figured because I am using letsencrypts cert I wont need the self singed cert in the docker file , so I removed that. I made sure to add the paths in the volume area in the docker-compose-yml. Im not sure if the way the honey pot is set for citrix its not supposed to have an ssl cert? or if it is?
trouble shoot steps: I have tried to a lot of systemctl daemon-reload (tbh i dont think it does anything i do it for good luck) I also stop tpot when i make changes when to the configs/ yaml/ docker files. then when I am finished with my modifications I run the daemon reload, docker compose up -d , then systemctl status tpot (make sure its actually down), systemctl start tpot. Then I load up a incognito tab and check to see if port 443 for my website has a valid ssl cert. and it doesn't. Then I will change the file permissions to give the certificate 777 file permission, because maybe the user citrixhoneypot cant read the cert and priv key, but that cant be it, because in my Docker file, as you will see I made sure (unless I did it wrong) to 1) give user citrixhoneypot ownership over /opt/citrixhoneypot (the path the cert lives in) and JUST IN CASE, I also made the path /opt/citrixhoneypot 774 file perm ....even tho there is no reason to overwrite a privkey and cert...any who. If you know what I am missing or what I am doing wrong any help would be MUCH appreciated!
if I missed anything or forgot to add any files or need to add/clarify anything just let me know I check this documentation daily so I should see any msg's figured it was allowed to, because the python code said that http server is wrapping the socket in the ssl/tls layer. **_
df -h.txt docker stats.txt FULL-modded-docker-compose-yml.txt
install_tpot_yaml.txt
modded-citrixhoneypot-docker-compose-yml.txt
Modded-DockerFile.txt
netstat.txt
![working ssl for nginx mngmt portal](https://github.com/telekom-security/tpotce/assets/168114442/63d0e9f0-d3e4-4a80-b58e-663ea564fd82)