Docker container issues

sirgos69420 commented 4 years ago

Hi T-Pot team.

I'm very new to using T-Pot. The issue I'm having is I noticed that after I installed T-Pot, I have this issue where whenever I run a docker image (such as nginx, logstash, conpot, ciscoasa, glutton, heralding, honeypy, etc)

It would exit immediately.

I even tried running the containers from Terminal, and Admin UI.

I Assumed that it could be something was wrong with the installation, to the point I think I'm starting to consider reinstalling T-Pot.

And also I can't access the Web UI

What do you think? Let me know if there are some things you would like to clarify, any logs do you want see, or any issue number I would like to take a look. Thank you.

⚠️ Basic support information (commands are expected to run as `root`)

What version of the OS are you currently using lsb_release -a and uname -a?
What T-Pot version are you currently using? 20.06
What edition (Standard, Nextgen, etc.) of T-Pot are you running? Standard
What architecture are you running on (i.e. hardware, cloud, VM, etc.)? VM
Did you have any problems during the install? If yes, please attach /install.log /install.err. NO
How long has your installation been running? Only few hours
Did you install upgrades, packages or use the update script? Yes
Did you modify any scripts or configs? If yes, please attach the changes. No
Please provide a screenshot of glances and htop. glances

htop

How much free disk space is available (df -h)?
What is the current container status (dps.sh)?
What is the status of the T-Pot service (systemctl status tpot)?
What ports are being occupied? Stop T-Pot systemctl stop tpot and run netstat -tulpen

t3chn0m4g3 commented 4 years ago

It seems you started some containers individually and you did not stop and removed them. This might prevent docker-compse from starting the tpot.service properly. T-Pot's container are always meant to be started with the service systemctl [start, stop] tpot which is done automatically.

sirgos69420 commented 4 years ago

Thanks for the reply, I think the first time I started T-Pot, all of the containers were not running, I think Docker wasn't installed at that time so we installed it then went to the Admin UI to run all the containers individually, few of them run, but other containers such as Logstash, conpot, nginx, and etc were not working. Maybe I'll try to to stop all of the container and off and on T-Pot, to see if it does fix the problem.

Are there any other things I should be concern about?

sirgos69420 commented 4 years ago

Sorry, no luck. Even if I restarted tpot, its still the same result.

Do you think docker could be the only problem here? or are there any other factors that I did not see based on the basic support info I've provided?

t3chn0m4g3 commented 4 years ago

You can try ... systemctl status tpot, journalctl -u tpot -f or after systemctl stop tpot a docker-compose -f /opt/tpot/etc/tpot.yml up to see if there are any helpful error messages.

sirgos69420 commented 4 years ago

systemctl status tpot

journalctl -u tpot -f

Oh! there's also that one time, we tried to see the running containers using docker ps -a sadly no container was running so we tried to run docker hello world container for debugging then we check if the containers start to run then after that the hello world disappeared so then we tried to stop and start docker

systemctl stop docker systemctl start docker

then we tried it again then the hello world, then starts to work. Let me know if you need some clarification.

t3chn0m4g3 commented 4 years ago

What about docker-compose -f /opt/tpot/etc/tpot.yml up. However, if that does not work try a reinstall or the post-install method as described in the README.

sirgos69420 commented 4 years ago

docker-compose -f /opt/tpot/etc/tpot.yml up

t3chn0m4g3 commented 4 years ago

There seems to be something very wrong with the installation, because that's how it should look like on a fresh installation:

docker-compose -f /opt/tpot/etc/tpot.yml up
Creating network "etc_adbhoney_local" with the default driver
Creating network "etc_ciscoasa_local" with the default driver
Creating network "etc_citrixhoneypot_local" with the default driver
Creating network "etc_conpot_local_IEC104" with the default driver
Creating network "etc_conpot_local_guardian_ast" with the default driver
Creating network "etc_conpot_local_ipmi" with the default driver
Creating network "etc_conpot_local_kamstrup_382" with the default driver
Creating network "etc_cowrie_local" with the default driver
Creating network "etc_dicompot_local" with the default driver
Creating network "etc_dionaea_local" with the default driver
Creating network "etc_elasticpot_local" with the default driver
Creating network "etc_heralding_local" with the default driver
Creating network "etc_honeypy_local" with the default driver
Creating network "etc_honeysap_local" with the default driver
Creating network "etc_ipphoney_local" with the default driver
Creating network "etc_mailoney_local" with the default driver
Creating network "etc_medpot_local" with the default driver
Creating network "etc_rdpy_local" with the default driver
Creating network "etc_tanner_local" with the default driver
Creating network "etc_cyberchef_local" with the default driver
Creating network "etc_default" with the default driver
Creating network "etc_ewsposter_local" with the default driver
Creating network "etc_spiderfoot_local" with the default driver
Creating conpot_iec104       ... done
Creating ewsposter           ... done
Creating cyberchef           ... done
Creating conpot_kamstrup_382 ... done
Creating tanner_phpox        ... done
Creating glutton             ... done
Creating nginx               ... done
Creating honeypy             ... done
Creating honeysap            ... done
Creating dicompot            ... done
Creating citrixhoneypot      ... done
Creating rdpy                ... done
Creating cowrie              ... done
Creating mailoney            ... done
Creating tanner_redis        ... done
Creating dionaea             ... done
Creating fatt                ... done
Creating p0f                 ... done
Creating elasticpot          ... done
Creating ipphoney            ... done
Creating adbhoney            ... done
Creating elasticsearch       ... done
Creating medpot              ... done
Creating conpot_ipmi         ... done
Creating heralding           ... done
Creating ciscoasa            ... done
Creating suricata            ... done
Creating conpot_guardian_ast ... done
Creating spiderfoot          ... done
Creating tanner_api          ... done
Creating tanner              ... done
Creating snare               ... done

This can have all kinds of causes, in Windows 10 mostly if WSL or WSL2 is activated and VirtualBox is being used as hypervisor, since VirtualMachinePlatform from Microsoft and VirtualBox are not playing well together (yet). Even a reinstall of T-Pot might not solve things unless VMP and WSL/2 are taken care of.

sirgos69420 commented 4 years ago

Post-install auto

Post-Install user

Looks like the Post-Install Methods didn't work as well.

I was thinking about reinstalling though, but it was sad to see that it would not solve the problem as well.

t3chn0m4g3 commented 4 years ago

You cannot run the installer on top of an existing T-Pot installation, you will need a fresh Debian install as described in the Readme.

telekom-security / tpotce