Closed FloppyDucks closed 4 months ago
t3chn0m4g3
commented
4 months ago Sorry it is not working for you. This is not a T-Pot issue, but a specific issue for your changes / setup. I provided you with all the hints you need to make the adjustments. Please use the discussions for individual help regarding adjusting T-Pot to your needs. Thanks for understanding.
FloppyDucks
commented
4 months ago i figured out my issue I was calling the wrong path in my Docker file, I was supposed be
cp /root/cert/cert.cert /opt/citrixhoneypot/ssl/cert.pem && cp /root/cert/key.key /opt/citrixhoneypot/ssl/key.pem && \
NOT
cp /root/citrixhoneypot/cert/cert.cert /opt/citrixhoneypot/ssl/cert.pem && cp /root/citrixhoneypot/cert/key.key /opt/citrixhoneypot/ssl/key.pem && \
I just had this ticket and I still have some questions sorry, ps I did also edit the main yml file in the ~/tpotce before I even opened the ticket that is what the "FULL-modded-docker-compose-yml.txt" file is, I just also edited the yml file in ~/tpotce/docker/citrixhoneypot/docker-compose-yml. = "modded-citrixhoneypot-docker-compose-yml.txt"
So im still a bit confused, by your previous statement of you are editing the wrong file you need to edit the docker compose in ~/tpotce i did edit the main docker-compose.yml. I just also edited the files in ~/tpotce/docker/citrixhoneypot/docker-compose-yml. & ~/tpotce/compose....becuase I didnt know what I was doing, So im not sure why the ssl cert still isnt being recognized? because I reverted the not mentioned files back to the original status, and low and behold still no ssl cert for 443.
What OS are you T-Pot running on? Debian 12 - bookworm What is the version of the OS lsb_release -a and uname -a? Linux blackwaters.org 6.1.0-21-amd64 https://github.com/telekom-security/tpotce/issues/1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64 GNU/Linux What T-Pot version are you currently using (only T-Pot 24.04.x is currently supported)? TPOT 24.04.x What architecture are you running on (i.e. hardware, cloud, VM, etc.)? cloud provider is linode, and Im 99% sure its running on a VM , so both cloud and VM Review the ~/installtpot.log, attach the log and highlight the errors. no errors, it installs fine and runs fine. 2024-05-29 14:39:30,354 p=1253 u=TPOT n=ansible | PLAY RECAP ***>2024-05-29 14:39:30,354 p=1253 u=TPOT n=ansible | 127.0.0.1 : ok=36 changed=18 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 How long has your installation been running? I start and stop it alot but about a day now. If it is a fresh install consult the documentation first. I have consulted the documentation and the online issues and have not found any thing related to Citrixhoneypot, only nginx (which i was able to configure) Most likely it is a port conflict or a remote dependency was unavailable. The service runs just fine, it just that the Citrixhoney pot docker doesnt recognize the certificate and priv key file that I gave it in the docker file, and yml Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described here. I did this and it did not fix my issue sadly Did you install upgrades, packages or use the update script? yes I have changed configuration scripts and yml scripts will attach below Did you modify any scripts or configs? If yes, please attach the changes. yes I have changed configuration scripts and yml scripts will attach below Please provide a screenshot of htop and docker stats. attached below How much free disk space is available (df -h)? plenty of room What is the current container status (dps)? fine, tbh not sure and have no idea where to find this dps On Linux: What is the status of the T-Pot service (systemctl status tpot)? active, running, working just fine What ports are being occupied? Stop T-Pot systemctl stop tpot and run grc netstat -tulpen attached below Stop T-Pot systemctl stop tpot I do this AT least once an hour :) for testing and debugging Run grc netstat -tulpen same ports pop up all is fine Run T-Pot manually with docker compose -f ~/tpotce/docker-compose.yml up and check for errors yep works like a charm Stop execution with CTRL-C and docker compose -f ~/tpotce/docker-compose.yml down -v If a single container shows as DOWN you can run docker logs for the latest log entries
no issues
**Now for the meat and potatoes my real issue is my inability to set up my ssl certificate for the citrixhoneypot over 443. I was able to set up my ssl cert for 64297 for the nginx. So I set up the ssl cert for the nginx management portal using a letsencrypt ssl cert. So I figured when I went to go and set up an ssl cert for 443 it would be a similar process. I added in the Citrixdocker file a few extra lines to copy my ssl cert to /opt/citrixhoneypot/cert/ I also figured because I am using letsencrypts cert I wont need the self singed cert in the docker file , so I removed that. I made sure to add the paths in the volume area in the docker-compose-yml. Im not sure if the way the honey pot is set for citrix its not supposed to have an ssl cert? or if it is?
trouble shoot steps: I have tried to a lot of systemctl daemon-reload (tbh i dont think it does anything i do it for good luck) I also stop tpot when i make changes when to the configs/ yaml/ docker files. then when I am finished with my modifications I run the daemon reload, docker compose up -d , then systemctl status tpot (make sure its actually down), systemctl start tpot. Then I load up a incognito tab and check to see if port 443 for my website has a valid ssl cert. and it doesn't. Then I will change the file permissions to give the certificate 777 file permission, because maybe the user citrixhoneypot cant read the cert and priv key, but that cant be it, because in my Docker file, as you will see I made sure (unless I did it wrong) to 1) give user citrixhoneypot ownership over /opt/citrixhoneypot (the path the cert lives in) and JUST IN CASE, I also made the path /opt/citrixhoneypot 774 file perm ....even tho there is no reason to overwrite a privkey and cert...any who. If you know what I am missing or what I am doing wrong any help would be MUCH appreciated!
if I missed anything or forgot to add any files or need to add/clarify anything just let me know I check this documentation daily so I should see any msg's figured it was allowed to, because the python code said that http server is wrapping the socket in the ssl/tls layer. **_
df -h.txt
docker stats.txt FULL-modded-docker-compose-yml.txt
install_tpot_yaml.txt
modded-citrixhoneypot-docker-compose-yml.txt
Modded-DockerFile.txt
netstat.txt
