search

telekom-security / tpotce

🍯 T-Pot - The All In One Multi Honeypot Platform 🐝
GNU General Public License v3.0
6.29k stars 1.02k forks source link

install.sh fails to download tpot.yml #1605

Open rilstrats opened 4 days ago

rilstrats commented 4 days ago

Issue

I am running the install script on Fedora Linux 40 (Server Edition). It hangs on the section ### Now downloading T-Pot Ansible Installation Playbook .... Looking at the source code, the command it hangs on is:

wget -qO tpot.yml https://github.com/telekom-security/tpotce/raw/master/installer/install/tpot.yml

The issue is that the url https://github.com/telekom-security/tpotce/raw/master/installer/install/tpot.yml redirects to https://raw.githubusercontent.com/telekom-security/tpotce/master/installer/install/tpot.yml, causing wget to hang. I've researched the reason, and it seems to be most likely caused by an untrusted certificate.

I'm happy to make a pull request if desired, just let me know which solution you'd prefer!

Solution

It seems that the easiest solution would be to replace the URL with it's resolved URL:

wget -qO tpot.yml https://raw.githubusercontent.com/telekom-security/tpotce/master/installer/install/tpot.yml

Please note that the issue can also be fixed using the --no-check-certificate, but this seems like a more insecure option.

Alternative Solution

Alternatively, wget could be removed (resulting in one less item that must be downloaded), and just use curl:

curl -so tpot.yml https://github.com/telekom-security/tpotce/raw/master/installer/install/tpot.yml

Off-Topic

Also, note that the command in the readme using curl, uses one of the links that doesn't work with wget. For some reason curl can complete the command correctly, but wget is unable to.

env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/install.sh)"

Perhaps this link should be changed as well?

env bash -c "$(curl -sL https://raw.githubusercontent.com/telekom-security/tpotce/master/install.sh)"

Logs

Here is my log from debugging the command as well: 

----
Certificate info [0]:
  Valid since: Wed 06 Mar 2024 05:00:00 PM MST
  Expires: Fri 07 Mar 2025 04:59:59 PM MST
  Fingerprint: 97a4680b4bd4ec2c6df7c07540141824
  Serial number: 4e28f786b66c1a3b942cd2c40eb742a5
  Public key: EC/ECDSA, High (256 bits)
  Version: #3
  DN: CN=github.com
  Issuer's DN: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo ECC Domain Validation Secure Server CA
  Issuer's OID: 2.5.4.6
  Issuer's UID: 2.5.4.6
Certificate info [1]:
  Valid since: Thu 01 Nov 2018 06:00:00 PM MDT
  Expires: Tue 31 Dec 2030 04:59:59 PM MST
  Fingerprint: ba350626c82ce16811457b0da6e102c8
  Public key: EC/ECDSA, High (256 bits)
  Version: #3
  DN: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo ECC Domain Validation Secure Server CA
  Issuer's DN: C=US,ST=New Jersey,L=Jersey City,O=The USERTRUST Network,CN=USERTrust ECC Certification Authority
  Issuer's OID: 2.5.4.6
  Issuer's UID: 2.5.4.6
Certificate info [2]:
  Valid since: Mon 11 Mar 2019 06:00:00 PM MDT
  Expires: Sun 31 Dec 2028 04:59:59 PM MST
  Fingerprint: 42f8529fe545103fdd848980a8647f29
  Serial number: 56671d04ea4f994c6f10814759d27594
  Public key: EC/ECDSA, Ultra (384 bits)
  Version: #3
  DN: C=US,ST=New Jersey,L=Jersey City,O=The USERTRUST Network,CN=USERTrust ECC Certification Authority
  Issuer's DN: C=GB,ST=Greater Manchester,L=Salford,O=Comodo CA Limited,CN=AAA Certificate Services
  Issuer's OID: 2.5.4.6
  Issuer's UID: 2.5.4.6
----
Ephemeral ECDH using curve X25519
Key Exchange: ECDHE-RSA
Protocol: TLS1.3
Certificate Type: X.509
Cipher: AES-128-GCM
MAC: AEAD
----
[0] Downloading 'https://github.com/telekom-security/tpotce/raw/master/installer/install/tpot.yml' ...
----
Certificate info [0]:
  Valid since: Wed 06 Mar 2024 05:00:00 PM MST
  Expires: Fri 07 Mar 2025 04:59:59 PM MST
  Fingerprint: 97a4680b4bd4ec2c6df7c07540141824
  Serial number: 4e28f786b66c1a3b942cd2c40eb742a5
  Public key: EC/ECDSA, High (256 bits)
  Version: #3
  DN: CN=github.com
  Issuer's DN: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo ECC Domain Validation Secure Server CA
  Issuer's OID: 2.5.4.6
  Issuer's UID: 2.5.4.6
Certificate info [1]:
  Valid since: Thu 01 Nov 2018 06:00:00 PM MDT
  Expires: Tue 31 Dec 2030 04:59:59 PM MST
  Fingerprint: ba350626c82ce16811457b0da6e102c8
  Public key: EC/ECDSA, High (256 bits)
  Version: #3
  DN: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo ECC Domain Validation Secure Server CA
  Issuer's DN: C=US,ST=New Jersey,L=Jersey City,O=The USERTRUST Network,CN=USERTrust ECC Certification Authority
  Issuer's OID: 2.5.4.6
  Issuer's UID: 2.5.4.6
Certificate info [2]:
  Valid since: Mon 11 Mar 2019 06:00:00 PM MDT
  Expires: Sun 31 Dec 2028 04:59:59 PM MST
  Fingerprint: 42f8529fe545103fdd848980a8647f29
  Serial number: 56671d04ea4f994c6f10814759d27594
  Public key: EC/ECDSA, Ultra (384 bits)
  Version: #3
  DN: C=US,ST=New Jersey,L=Jersey City,O=The USERTRUST Network,CN=USERTrust ECC Certification Authority
  Issuer's DN: C=GB,ST=Greater Manchester,L=Salford,O=Comodo CA Limited,CN=AAA Certificate Services
  Issuer's OID: 2.5.4.6
  Issuer's UID: 2.5.4.6
----
Ephemeral ECDH using curve X25519
Key Exchange: ECDHE-RSA
Protocol: TLS1.3
Certificate Type: X.509
Cipher: AES-128-GCM
MAC: AEAD
----
[0] Downloading 'https://github.com/telekom-security/tpotce/raw/master/installer/install/tpot.yml' ...
----
Certificate info [0]:
  Valid since: Wed 06 Mar 2024 05:00:00 PM MST
  Expires: Fri 07 Mar 2025 04:59:59 PM MST
  Fingerprint: 97a4680b4bd4ec2c6df7c07540141824
  Serial number: 4e28f786b66c1a3b942cd2c40eb742a5
  Public key: EC/ECDSA, High (256 bits)
  Version: #3
  DN: CN=github.com
  Issuer's DN: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo ECC Domain Validation Secure Server CA
  Issuer's OID: 2.5.4.6
  Issuer's UID: 2.5.4.6
Certificate info [1]:
  Valid since: Thu 01 Nov 2018 06:00:00 PM MDT
  Expires: Tue 31 Dec 2030 04:59:59 PM MST
  Fingerprint: ba350626c82ce16811457b0da6e102c8
  Public key: EC/ECDSA, High (256 bits)
  Version: #3
  DN: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo ECC Domain Validation Secure Server CA
  Issuer's DN: C=US,ST=New Jersey,L=Jersey City,O=The USERTRUST Network,CN=USERTrust ECC Certification Authority
  Issuer's OID: 2.5.4.6
  Issuer's UID: 2.5.4.6
Certificate info [2]:
  Valid since: Mon 11 Mar 2019 06:00:00 PM MDT
  Expires: Sun 31 Dec 2028 04:59:59 PM MST
  Fingerprint: 42f8529fe545103fdd848980a8647f29
  Serial number: 56671d04ea4f994c6f10814759d27594
  Public key: EC/ECDSA, Ultra (384 bits)
  Version: #3
  DN: C=US,ST=New Jersey,L=Jersey City,O=The USERTRUST Network,CN=USERTrust ECC Certification Authority
  Issuer's DN: C=GB,ST=Greater Manchester,L=Salford,O=Comodo CA Limited,CN=AAA Certificate Services
  Issuer's OID: 2.5.4.6
  Issuer's UID: 2.5.4.6
----
Ephemeral ECDH using curve X25519
Key Exchange: ECDHE-RSA
Protocol: TLS1.3
Certificate Type: X.509
Cipher: AES-128-GCM
MAC: AEAD
----

wget.log

t3chn0m4g3 commented 4 days ago

@rilstrats Tried to reproduce this without success. Is it possible the server / certificate in question has been fixed?

neofetch
             .',;::::;,'.                marco@fedora
         .';:cccccccccccc:;,.            ------------
      .;cccccccccccccccccccccc;.         OS: Fedora Linux 40 (Forty) aarch64
    .:cccccccccccccccccccccccccc:.       Host: Parallels ARM Virtual Machine 0.1
  .;ccccccccccccc;.:dddl:.;ccccccc;.     Kernel: 6.9.4-200.fc40.aarch64
 .:ccccccccccccc;OWMKOOXMWd;ccccccc:.    Uptime: 1 hour, 58 mins
.:ccccccccccccc;KMMc;cc;xMMc:ccccccc:.   Packages: 688 (rpm)
,cccccccccccccc;MMM.;cc;;WW::cccccccc,   Shell: bash 5.2.26
:cccccccccccccc;MMM.;cccccccccccccccc:   Resolution: 1024x768
:ccccccc;oxOOOo;MMM0OOk.;cccccccccccc:   Terminal: /dev/pts/0
cccccc:0MMKxdd:;MMMkddc.;cccccccccccc;   CPU: (4)
ccccc:XM0';cccc;MMM.;cccccccccccccccc'   GPU: 00:0a.0 Red Hat, Inc. Virtio 1.0 GPU
ccccc;MMo;ccccc;MMW.;ccccccccccccccc;    Memory: 7507MiB / 9911MiB
ccccc;0MNc.ccc.xMMd:ccccccccccccccc;
cccccc;dNMWXXXWM0::cccccccccccccc:,
cccccccc;.:odl:.;cccccccccccccc:,.
:cccccccccccccccccccccccccccc:'.
.:cccccccccccccccccccccc:;,..
  '::cccccccccccccc::;,.

wget -O tpot.yml https://github.com/telekom-security/tpotce/raw/master/installer/install/tpot.yml
tpot.yml             100% [=============================================================================================================================================================================>]    3.78K    --.-KB/s
                          [Files: 1  Bytes: 3.78K [23.23KB/s] Redirects: 1  Todo: 0  Errors: 0                                                                                                           ]
rilstrats commented 3 days ago

Interesting. I am trying this on a university campus so maybe it has something to do with network rules? I'll try it at home this afternoon and let you know.

t3chn0m4g3 commented 3 days ago

I am happy to adjust the script to use the proposed URL, but understanding the reason why I cannot reproduce it would awesome. So looking forward to your re-test(s). Thanks for the swift feedback!