t3chn0m4g3
commented
3 years ago Thanks. Confirmed, upstream kernel modules changed. Building new ISO now.
Closed nunolobao closed 3 years ago
t3chn0m4g3
commented
3 years ago Thanks. Confirmed, upstream kernel modules changed. Building new ISO now.
t3chn0m4g3
commented
3 years ago Uploaded new ISO to release.
This should fix it.
nunolobao
commented
3 years ago @t3chn0m4g3 thanks a lot! I'll try it out and will let you know the results.
t3chn0m4g3
commented
3 years ago As for the other scenarios, I could see that Docker was not installed as were some other packages. This might point to repos not fully synced. I tried the ISO install against Germany and had no issues there.
nunolobao
commented
3 years ago Hi Marco, I was able to install from the ISO but it did gave me some issues after the installation.
Issues description Wasn't able to login to the web ports 64294 nor 64297 but was able to ssh into it. It didn't install everything and the IP address was not binding to the nic.
Error when trying to update: 403 Forbidden
Later discovered this was caused by a lack of a certificate on one of the mirrors in which the installation added and located in /etc/apt/sources.list: _#Debian packages for stable deb http://ftp.pt.debian.org/debian/ stable main contrib non-free <--- Added this one
deb http://security.debian.org/ stable/updates main contrib non-free_
Since I'm located in Portugal, the install did fetch a Portuguese mirror although I chose a German mirror to begin the installation. This mirror has a self signed certificate generated locally and causes the update to fail.
I suspect the root cause of this exchange in the mirror list is the addition of IPv6 in the installation. IPv6 uses "one-to-nearest" so it chooses the closest mirror to my geographical location and this causes the problem.
Suggestion Note: I'd suggest to remove IPv6 config from the installation, or at least add an option at the install. Or add the same repo which you choose at the install to be added into the /etc/apt/source.list preventing this problem.
My solution: I went into /opt/tpot/ and ran the update.sh script, and only then it installed everything including docker images. After that I rebooted the system and now I can access both web gui. Not sure if everything is installed and working as intended though still have to test it but looks promising.
I'll post my findings if I encounter more issues, Thanks for your quick reply by the way, appreciate it!
t3chn0m4g3
commented
3 years ago Yes, once the T-Pot installation starts we will determine the fastest mirror (via netselect-apt), since we had users where the installation took ages. The downside is, the tool does not check for any validity. For cases like this it may interesting to look into making this an option.
shaderecker
commented
3 years ago Regarding the broken mirror (mirrors.ptisp.pt) selected by netselect-apt: I filed a bug at the Debian Bug Tracking System: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977982 So hopefully it will get fixed soon.
I encountered the same issue with broken mirrors when I tried a deployment in Amsterdam. And there I went the same way: Filed a bug which got fixed pretty quickly and now it works there again.
But I agree: It would be really good if there was an option to disable netselect-apt.
t3chn0m4g3
commented
3 years ago Thanks for the feedback @shaderecker!
t3chn0m4g3
commented
3 years ago I removed netselect-apt completely, it was causing more trouble than it was worth. Swapped the ISO and everything is already checked into master.
Thanks for the feedback everyone!
Xboarder56
commented
3 years ago @t3chn0m4g3 this is happening again with the latest build, is it possible to rebuild the ISO with the new modules?
t3chn0m4g3
commented
3 years ago Updated the current release with new ISO.
Hi there, and first of all I'd like to thank you for sharing this superb project!
Unfortunately I was unsuccessful on the 4 times I tried to install tpot.
Scenario 1 1 Prepared the VM with your requirements 1.1. 8GB ram, 128GB HDD, Network adapter bridged and in promiscuous mode. 1.2. VM template Debian 10x64
Note: I'm currently located in Portugal, so I selected Portugal in the "Select your Location"
I chose the mirror of the Debian archive to the following unsuccessfully, all gave the same message (Germany, Portugal, US, UK, Poland)
No proxy was selected
Then this happens every time I chose a mirror.
Note: without a kernel module I didn't spend time with this option. "probably a mismatch with the kernel mismatch between the kernel used by the installer".
Scenario 2
Then I tried to create my own iso file in which I installed a Debian 10x64 VM, cloned the tpot git repo and created the iso successfully with the provided script.
1.1. Installed Debian 10x64 1.2. 'git clone https://github.com/telekom-security/tpotce' 1.3. 'cd tpotce' 1.4. './makeiso.sh'
Note: Created the iso file so I continued. -rw-r--r-- 1 root root 42M Dec 8 19:00 tpot.iso -rw-r--r-- 1 root root 75 Dec 8 19:00 tpot.sha256
1.5. I've mounted the tpot.iso on the VM and proceeded with the installation (also tried the optional "automatic install with the same result as previous try)
Scenario 3
Note: I'd very much like to try your tpot, it seams very nice so I would appreciate if you guys can fix.
Installation Output
`###########################################
T-Pot Installer for Debian (Stable)
###########################################
Checking for active services.
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 0 18591 445/sshd
tcp6 0 0 :::22 ::: LISTEN 0 18602 445/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 0 18517 434/dhclient
Please review your running services.
We will take care of SSH (22), but other services i.e. FTP (21), TELNET (23), SMTP (25), HTTP (80), HTTPS (443), etc.
might collide with T-Pot's honeypots and prevent T-Pot from starting successfully.
Note: You should have no other service running other than SSH. Type 'Y' to continue
Note2: It will ask you for the type of installation that you want, I chose 'standard', next it willask you for a username, I chose again 'nuno' and a password. Output: ##############################################################
| | | |_ | | ()
| || ' \/ | /
| | | | '_ \ / _|| || | | _ \ || (| | | | | | | | (| | |__|| ||/__,||||| ||_, | (||) |___/
Determine fastest mirror for your location.
Using distribution stable. Retrieving the list of mirrors from www.debian.org...
--2020-12-08 16:37:38-- http://www.debian.org/mirror/mirrors_full Resolving www.debian.org (www.debian.org)... 2001:4f8:1:c::15, 2603:400a:ffff:bb8::801f:3e, 149.20.4.15, ... Connecting to www.debian.org (www.debian.org)|2001:4f8:1:c::15|:80... connected. HTTP request sent, awaiting response... 302 Found Location: https://www.debian.org/mirror/mirrors_full [following] --2020-12-08 16:37:39-- https://www.debian.org/mirror/mirrors_full Connecting to www.debian.org (www.debian.org)|2001:4f8:1:c::15|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 163847 (160K) [text/html] Saving to: ā/tmp/netselect-apt.0vpy6lā
100K .......... .......... .......... .......... .......... 93% 735K 0s 150K .......... 100% 15.8M=0.5s
2020-12-08 16:37:40 (332 KB/s) - ā/tmp/netselect-apt.0vpy6lā saved [163847/163847]
Choosing a main Debian mirror using netselect. netselect: 341 (23 active) nameserver request(s)...
Duplicate address 212.50.0.19 (http://debian.mobiltel.bg/debian/, http://ftp.bg.debian.org/debian/); keeping only under first name. netselect: 339 (23 active) nameserver request(s)...
Duplicate address 200.236.31.3 (http://ftp.br.debian.org/debian/, http://debian.c3sl.ufpr.br/debian/); keeping only under first name. netselect: 332 (23 active) nameserver request(s)...
Duplicate address 82.209.230.71 (http://ftp.byfly.by/debian/, http://ftp.by.debian.org/debian/); keeping only under first name. netselect: 331 (23 active) nameserver request(s)... Duplicate address 207.210.46.249 (http://ftp.ca.debian.org/debian/, http://debian.mirror.rafal.ca/debian/); keeping only under first name. netselect: 322 (23 active) nameserver request(s)...
Duplicate address 129.132.53.171 (http://debian.ethz.ch/debian/, http://ftp.ch.debian.org/debian/); keeping only under first name. netselect: 316 (22 active) nameserver request(s)...
Duplicate address 45.125.0.6 (http://ftp.cn.debian.org/debian/, http://ftp2.cn.debian.org/debian/); keeping only under first name. netselect: 312 (24 active) nameserver request(s)...
Duplicate address 200.75.30.181 (http://ftp.cl.debian.org/debian/, http://200.75.30.181/debian/); keeping only under first name. netselect: 306 (23 active) nameserver request(s)...
Duplicate address 78.128.211.127 (http://ftp.cz.debian.org/debian/, http://ftp.debian.cz/debian/); keeping only under first name. netselect: 295 (24 active) nameserver request(s)...
Duplicate address 137.226.34.46 (http://ftp.halifax.rwth-aachen.de/debian/, http://ftp2.de.debian.org/debian/); keeping only under first name. netselect: 292 (23 active) nameserver request(s)...
Duplicate address 141.76.2.4 (http://ftp.de.debian.org/debian/, http://debian.inf.tu-dresden.de/debian/); keeping only under first name. netselect: 253 (24 active) nameserver request(s)...
Duplicate address 130.225.254.116 (http://mirrors.dotsrc.org/debian/, http://ftp.dk.debian.org/debian/); keeping only under first name. netselect: 248 (24 active) nameserver request(s)...
Duplicate address 193.40.0.5 (http://ftp.eenet.ee/debian/, http://ftp.ee.debian.org/debian/); keeping only under first name. netselect: 246 (22 active) nameserver request(s)... Duplicate address 82.194.78.250 (http://ulises.hostalia.com/debian/, http://ftp.es.debian.org/debian/); keeping only under first name. netselect: 238 (23 active) nameserver request(s)...
Duplicate address 212.27.32.66 (http://debian.proxad.net/debian/, http://ftp.fr.debian.org/debian/); keeping only under first name. netselect: 219 (23 active) nameserver request(s)...
Duplicate address 78.129.164.123 (http://free.hands.com/debian/, http://ftp.uk.debian.org/debian/); keeping only under first name. netselect: 215 (24 active) nameserver request(s)...
Duplicate address 78.129.164.123 (http://free.hands.com/debian/, http://ftp.is.debian.org/debian/); keeping only under first name. netselect: 201 (23 active) nameserver request(s)...
Duplicate address 147.102.222.211 (http://ftp.gr.debian.org/debian/, http://debian.noc.ntua.gr/debian/); keeping only under first name. netselect: 197 (23 active) nameserver request(s)...
Duplicate address 45.125.0.6 (http://ftp.cn.debian.org/debian/, http://ftp.hk.debian.org/debian/); keeping only under first name. netselect: 195 (23 active) nameserver request(s)...
Duplicate address 161.53.160.11 (http://ftp.hr.debian.org/debian/, http://debian.carnet.hr/debian/); keeping only under first name. netselect: 193 (23 active) nameserver request(s)...
Duplicate address 45.125.0.6 (http://ftp.cn.debian.org/debian/, http://mirror.xtom.com.hk/debian/); keeping only under first name. netselect: 178 (23 active) nameserver request(s)...
Duplicate address 195.228.252.133 (http://ftp.hu.debian.org/debian/, http://ftp.fsn.hu/debian/); keeping only under first name. netselect: 172 (23 active) nameserver request(s)...
Duplicate address 85.94.199.210 (http://ftp.it.debian.org/debian/, http://ftp.linux.it/debian/); keeping only under first name. netselect: 164 (23 active) nameserver request(s)...
Duplicate address 150.203.164.37 (http://ftp.au.debian.org/debian/, http://mirror.linux.org.au/debian/); keeping only under first name. netselect: 144 (23 active) nameserver request(s)...
Duplicate address 158.129.159.169 (http://ftp.lt.debian.org/debian/, http://debian.mirror.vu.lt/debian/); keeping only under first name. netselect: 137 (23 active) nameserver request(s)...
Duplicate address 178.17.160.48 (http://mirror.as43289.net/debian/, http://ftp.md.debian.org/debian/); keeping only under first name. netselect: 132 (24 active) nameserver request(s)...
Duplicate address 130.89.149.21 (http://debian.snt.utwente.nl/debian/, http://ftp.nl.debian.org/debian/); keeping only under first name. netselect: 108 (23 active) nameserver request(s)...
Duplicate address 193.136.216.34 (http://ftp.pt.debian.org/debian/, http://debian.uevora.pt/debian/); keeping only under first name. netselect: 103 (23 active) nameserver request(s)...
Duplicate address 129.240.118.47 (http://ftp.uio.no/debian/, http://ftp.no.debian.org/debian/); keeping only under first name. netselect: 94 (23 active) nameserver request(s)...
Duplicate address 163.7.134.112 (http://mirror.fsmg.org.nz/debian/, http://ftp.nz.debian.org/debian/); keeping only under first name. netselect: 88 (24 active) nameserver request(s)...
Duplicate address 194.71.11.173 (http://194.71.11.173/debian/, http://194.71.11.173/debian/); keeping only under first name. netselect: 87 (23 active) nameserver request(s)... Duplicate address 194.71.11.165 (http://194.71.11.165/debian/, http://194.71.11.165/debian/); keeping only under first name. netselect: 87 (24 active) nameserver request(s)... Duplicate address 194.71.11.173 (http://194.71.11.173/debian/, http://194.71.11.173/debian/); keeping only under first name. netselect: 86 (23 active) nameserver request(s)... Duplicate address 194.71.11.165 (http://194.71.11.165/debian/, http://194.71.11.165/debian/); keeping only under first name. netselect: 76 (23 active) nameserver request(s)...
Duplicate address 85.143.112.112 (http://mirror.mephi.ru/debian/, http://ftp.ru.debian.org/debian/); keeping only under first name. netselect: 72 (23 active) nameserver request(s)...
Duplicate address 195.80.174.186 (http://ftp.debian.sk/debian/, http://ftp.sk.debian.org/debian/); keeping only under first name. netselect: 71 (23 active) nameserver request(s)... Duplicate address 213.129.232.18 (http://debian.sil.at/debian/, http://ftp.si.debian.org/debian/); keeping only under first name. netselect: 68 (23 active) nameserver request(s)...
Duplicate address 103.22.220.133 (http://ftp.kr.debian.org/debian/, http://ftp.kaist.ac.kr/debian/); keeping only under first name. netselect: 67 (23 active) nameserver request(s)... Duplicate address 193.140.98.183 (http://ftp.linux.org.tr/debian/, http://ftp.tr.debian.org/debian/); keeping only under first name. netselect: 61 (23 active) nameserver request(s)...
Duplicate address 103.2.186.80 (http://103.2.186.80/debian/, http://103.2.186.80/debian/); keeping only under first name. netselect: 60 (23 active) nameserver request(s)... Duplicate address 103.2.186.81 (http://103.2.186.81/debian/, http://103.2.186.81/debian/); keeping only under first name. netselect: 52 (23 active) nameserver request(s)...
Duplicate address 64.50.233.100 (http://64.50.233.100/debian/, http://64.50.233.100/debian/); keeping only under first name. netselect: 51 (24 active) nameserver request(s)...
Duplicate address 64.50.236.52 (http://64.50.236.52/debian/, http://64.50.236.52/debian/); keeping only under first name. netselect: 33 (24 active) nameserver request(s)...
Duplicate address 208.80.154.15 (http://208.80.154.15/debian/, http://mirrors.wikimedia.org/debian/); keeping only under first name. netselect: 14 (14 active) nameserver request(s)...
Duplicate address 140.110.240.80 (http://opensource.nchc.org.tw/debian/, http://ftp.tw.debian.org/debian/); keeping only under first name. netselect: 12 (12 active) nameserver request(s)...
Duplicate address 213.129.232.18 (http://debian.sil.at/debian/, http://ftp.at.debian.org/debian/); keeping only under first name. Running netselect to choose 10 out of 341 addresses.
................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. The fastest 10 servers seem to be:
Of the hosts tested we choose the fastest valid for HTTP: http://mirrors.ptisp.pt/debian/
Writing sources.list. Done.
Getting update information.
Err:1 http://mirrors.ptisp.pt/debian stable InRelease 403 Forbidden [IP: 2a00:1650:1000:0:8fc7:3f4f:8629:b7fc 80] Get:2 http://security.debian.org stable/updates InRelease [65.4 kB] Get:3 http://security.debian.org stable/updates/main amd64 Packages [254 kB] Get:4 http://security.debian.org stable/updates/main Translation-en [139 kB] Get:5 http://security.debian.org stable/updates/non-free amd64 Packages [556 B] Get:6 http://security.debian.org stable/updates/non-free Translation-en [344 B] Reading package lists... E: Failed to fetch http://mirrors.ptisp.pt/debian/dists/stable/InRelease 403 Forbidden [IP: 2a00:1650:1000:0:8fc7:3f4f:8629:b7fc 80] E: The repository 'http://mirrors.ptisp.pt/debian stable InRelease' is not signed.
Upgrading packages.
info: Trying to set 'docker.io/restart' [boolean] to 'true' info: Loading answer for 'docker.io/restart' info: Trying to set 'debconf/frontend' [select] to 'noninteractive' info: Loading answer for 'debconf/frontend' [apt-fast 16:38:24] [apt-fast 16:38:24]Working... this may take a while. W: --force-yes is deprecated, use one of the options starting with --allow instead. Reading package lists... Building dependency tree... Reading state information... Calculating upgrade... 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. W: --force-yes is deprecated, use one of the options starting with --allow instead.
Installing T-Pot dependencies.
[apt-fast 16:38:24] [apt-fast 16:38:24]Working... this may take a while. E: Package 'aufs-tools' has no installation candidate E: Unable to locate package build-essential E: Package 'cgroupfs-mount' has no installation candidate E: Unable to locate package cockpit E: Unable to locate package cockpit-docker E: Package 'debconf-utils' has no installation candidate E: Unable to locate package docker-compose E: Package 'ethtool' has no installation candidate E: Package 'fail2ban' has no installation candidate E: Unable to locate package genisoimage E: Unable to locate package glances E: Package 'haveged' has no installation candidate E: Unable to locate package html2text E: Unable to locate package htop E: Unable to locate package iw E: Unable to locate package jq E: Package 'libltdl7' has no installation candidate E: Unable to locate package libpam-google-authenticator E: Unable to locate package mosh E: Unable to locate package multitail E: Package 'npm' has no installation candidate E: Package 'ntp' has no installation candidate E: Unable to locate package pass E: Package 'pigz' has no installation candidate E: Unable to locate package prips E: Package 'syslinux' has no installation candidate E: Package 'psmisc' has no installation candidate E: Unable to locate package pv E: Unable to locate package python3-pip E: Package 'unzip' has no installation candidate E: Package 'vim' has no installation candidate E: Unable to locate package wireless-tools [apt-fast 16:38:24]Package manager quit with exit code.
Removing and holding back problematic packages ...
Reading package lists... Building dependency tree... Reading state information... E: Unable to locate package mailutils E: Unable to locate package pcp E: Unable to locate package cockpit-pcp E: Unable to locate package elasticsearch-curator Reading package lists... Building dependency tree... Reading state information... 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. exim4-base set on hold. E: Unable to locate package mailutils E: Unable to locate package pcp E: Unable to locate package cockpit-pcp E: Unable to locate package elasticsearch-curator
\ \ / /| | | |_ \ \ /\ / / \ ' | | | / |/ _ \ '| / | '/ \/ ` / | \ V V / / |) | || __ \ / | | (| | | / (| _ \ _/_/ _|./ \,|/\|_| _|| \|_,|___/
Adding password for user nuno
| \ | |/ | | \ | \ \/ / / | | |()/ () _ _ | | | | | | | || | |\ / | | / \ '| | | |_| |/ / _` | / \ | |\ | || || || |\ |/ \ | || / | | || | | | (| (| | || / || _|____||| _//_\ _\|| _||| ||_\,|_____|
Generating a RSA private key ............................................................................................................................................................................................................+++ ..........................................................................................................................................................................................................................................................................................................+++ writing new private key to '/data/nginx/cert/nginx.key'
| _| _ _ _ | | _ / () | | \ \/ / ` | '
_ \| '_ \| |/ _ \ / __/ _ \| '_ \| |_| |/ _| | | > < (| | | | | | | |_) | | _/ | (| () | | | | | | (_| | |___//__,|| || || ./||\| __/|| ||| ||_, | || |___/Example static ip config
Replace with the name of your physical interface name
#
auto eth0
iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.1
Example wireless config without 802.1x
This configuration was tested with the IntelNUC series
If problems occur you can try and change wpa-driver to "iwlwifi"
#
auto wlan0
iface wlan0 inet dhcp
wpa-driver wext
wpa-ssid
wpa-ap-scan 1
wpa-proto RSN
wpa-pairwise CCMP
wpa-group CCMP
wpa-key-mgmt WPA-PSK
wpa-psk ""
/ / || | | | () __ / |/ | \ _ | |_| | | '/ \ /
| '_| | ' \ / ` | / | || | _) |_) | | | | | () | (| | | | | | | | | | | (| | | () | | | |__/_/|| || || _/ _,|| || |||| ||__, | __/|| |_||___/
UseRoaming no
| | | |_ | | () _ | | __ _ __ | || ' \/ | / ` | | | | ' \ / ` | | ' | |/ / ` / | | || | | \ \ || (| | | | | | | | (| | | |) | < (| _ \ |_|| ||/__,||||| ||_, | | ./||\\, |_/ |_/ || |/
./install.sh: line 699: npm: command not found ./install.sh: line 700: pip3: command not found
/ | | _ () | | | \ _ | | | | | |/ | ' | | ' \ / _` | | |___| |) / | _| | || | () | | | | | | | | (| | | || / () | | ____||_/|| |||| ||_, | || || _/ _| |/
Cloning into '/opt/tpot'...
/ | _ _ | | | | | '/ \/ _` | / _ \ | | | / _|/ \ '| | |_| | | _/ (| | || / | || _ \ / |
___|| _|_,|__| \,|/\|_|
Adding group
tpot' (GID 2000) ... Done. Adding system usertpot' (UID 2000) ... Adding new usertpot' (UID 2000) with grouptpot' ... Not creating home directory `/home/tpot'./ | | | | | | | _ _ \ \ / _ \ | | ' \ / \/ | | ' \ /
| '_\ / \ _) | / | | | | | () _ \ || | | | (_| | | | | | | / |__/ _|_| || ||_/|/_|| ||_,|| || ||___|/ \ | |() | | __ | |_ / \ / ` || | | | / | | | ' \ / _ | '| / _| / \ (| || | || _ \ | | |) | () | | | |_ \ // __,|/ |_,_|/_| | ._/ \/|| _|/ |/ ||
[Socket] ListenStream= ListenStream=64294
Port 64295
sed: can't read /etc/pam.d/cockpit: No such file or directory
/ | |/ \ | \ | | \ / \ | | \ _ \ | | / \ | | | | | |/ \ | |_) | | | | ) || |/ | |\ | |_| / | <| || | |____/ |// __| \|__// __| \____/
| \ | | | () _ _ | |) | | | | | | | | '
_ \ / _|/ ` |/ \/ | | /| || | | | | | | | | | | (| | (| | /\ \ || _,||| ||| || ||_,|_, |_||/ |___/./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found ./install.sh: line 770: docker: command not found
| \/ | _ _| ()/ | | | __ | | __ | |\/| |/ \ / ` | | || | | | / | ' \ / \/ | |/ / | | | | | () | (| | | | || | | (| | | | / (| <_ \ || ||\/ _,||| __, | _|| ||_|_||_\/ |___/
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "0"; APT::Periodic::AutocleanInterval "7";
| | ____ _| | _ | || | | | \ \ /\ / / \/ _` | |/ / / | | | / |/ | | | | | \ V V / / (| | < _ \ || _ \ (_| || | || _/_/ \|_,||\\ |/_, |_/_|\|_| |___/
Reboot after kernel panic, check via /proc/sys/kernel/panic[_on_oops]
Set required map count for ELK
kernel.panic = 1 kernel.panic_on_oops = 1 vm.max_map_count = 262144 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
/ | | | / _| _ () | | |
_ \ / _ \ | | | | ' \ | | / _
| | | __) | '_ \ / _| '_ \ ) | / || || | |) | | | (| | | |/ /| |) | (| | | | | |_/ \|_|_,_| ./ || _,|||____|_./ _,|| || |_|tee: /etc/fail2ban/jail.d/tpot.conf: No such file or directory [DEFAULT] ignore-ip = 127.0.0.1/8 bantime = 3600 findtime = 600 maxretry = 5
[nginx-http-auth] enabled = true filter = nginx-http-auth port = 64297 logpath = /data/nginx/log/error.log
[pam-generic] enabled = true port = 64294 filter = pam-generic logpath = /var/log/auth.log
[sshd] enabled = true port = 64295 filter = sshd logpath = /var/log/auth.log
/ | | |_ _ _| | / () _ | | | / | / \ '
_ \ / _| | || \ \/ / ) | || _ \ || / | | | | | (| | | | |> < |__/ __, |/__|| || ||_,| || |//_\ |___/[Link] NamePolicy=kernel database onboard slot path MACAddressPolicy=none
/ \ | | | | (_) _ | |_ / \ /
|/ _| / | '/ | ' \ | |/ | ' \/ | / \ (| | (_| | | (| | | () | | | || | () | |) _ \ // \\,_|\,| \|_| _/|| ||/ |_/|./|/ |__/Check if updated images are available and download them
6 20 * root docker-compose -f /opt/tpot/etc/tpot.yml pull
Delete elasticsearch logstash indices older than 90 days
6 23 * root curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml
Uploaded binaries are not supposed to be downloaded
/1 root mv --backup=numbered /data/dionaea/roots/ftp/ /data/dionaea/binaries/
Daily reboot
6 22 1-6 root systemctl stop tpot && docker stop $(docker ps -aq) || docker rm $(docker ps -aq) || reboot
Check for updated packages every sunday, upgrade and reboot
6 22 0 root apt-fast autoclean -y && apt-fast autoremove -y && apt-fast update -y && apt-fast upgrade -y && sleep 10 && reboot
| () | __ ( ) / | _ | | _| | | | | | |/ \/ | / \/\ | | / | |/ ` |/ \ '/ | | | | | | /_ \ | (> < | | () | | (| | / | \ \ || |||_||__/ \/\/ |_| _/||_,|\|_| |___/
mkdir: created directory '/data/adbhoney' mkdir: created directory '/data/adbhoney/downloads' mkdir: created directory '/data/adbhoney/log' mkdir: created directory '/data/ciscoasa' mkdir: created directory '/data/ciscoasa/log' mkdir: created directory '/data/conpot' mkdir: created directory '/data/conpot/log' mkdir: created directory '/data/citrixhoneypot' mkdir: created directory '/data/citrixhoneypot/logs' mkdir: created directory '/data/cowrie' mkdir: created directory '/data/cowrie/downloads' mkdir: created directory '/data/cowrie/keys' mkdir: created directory '/data/cowrie/misc' mkdir: created directory '/data/cowrie/log' mkdir: created directory '/data/cowrie/log/tty' mkdir: created directory '/data/dicompot' mkdir: created directory '/data/dicompot/images' mkdir: created directory '/data/dicompot/log' mkdir: created directory '/data/dionaea' mkdir: created directory '/data/dionaea/log' mkdir: created directory '/data/dionaea/bistreams' mkdir: created directory '/data/dionaea/binaries' mkdir: created directory '/data/dionaea/rtp' mkdir: created directory '/data/dionaea/roots' mkdir: created directory '/data/dionaea/roots/ftp' mkdir: created directory '/data/dionaea/roots/tftp' mkdir: created directory '/data/dionaea/roots/www' mkdir: created directory '/data/dionaea/roots/upnp' mkdir: created directory '/data/elasticpot' mkdir: created directory '/data/elasticpot/log' mkdir: created directory '/data/elk' mkdir: created directory '/data/elk/data' mkdir: created directory '/data/elk/log' mkdir: created directory '/data/fatt' mkdir: created directory '/data/fatt/log' mkdir: created directory '/data/honeytrap' mkdir: created directory '/data/honeytrap/log' mkdir: created directory '/data/honeytrap/attacks' mkdir: created directory '/data/honeytrap/downloads' mkdir: created directory '/data/glutton' mkdir: created directory '/data/glutton/log' mkdir: created directory '/data/heralding' mkdir: created directory '/data/heralding/log' mkdir: created directory '/data/honeypy' mkdir: created directory '/data/honeypy/log' mkdir: created directory '/data/honeysap' mkdir: created directory '/data/honeysap/log' mkdir: created directory '/data/ipphoney' mkdir: created directory '/data/ipphoney/log' mkdir: created directory '/data/mailoney' mkdir: created directory '/data/mailoney/log' mkdir: created directory '/data/medpot' mkdir: created directory '/data/medpot/log' mkdir: created directory '/data/nginx/log' mkdir: created directory '/data/nginx/heimdall' mkdir: created directory '/data/emobility' mkdir: created directory '/data/emobility/log' mkdir: created directory '/data/ews' mkdir: created directory '/data/ews/conf' mkdir: created directory '/data/rdpy' mkdir: created directory '/data/rdpy/log' mkdir: created directory '/data/spiderfoot' mkdir: created directory '/data/suricata' mkdir: created directory '/data/suricata/log' mkdir: created directory '/data/tanner' mkdir: created directory '/data/tanner/log' mkdir: created directory '/data/tanner/files' mkdir: created directory '/data/p0f' mkdir: created directory '/data/p0f/log' mkdir: created directory '/home/tsec' mkdir: created directory '/home/tsec/.ssh/'
/ | _ __ _ / () _ | | / | '_ | | | | / / | ' | || |/ ` / | | |_| () | |) | || | | (| () | | | | | | (| _ \ ____\/| ./ _, | \_/|| ||| ||_, |/ |_| |/ |/
data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/ data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/ data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/_state/ data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/_state/retention-leases-93.st data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/_state/state-1.st data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/translog/ data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/translog/translog-5.tlog data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/translog/translog.ckp data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/ data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6q.si data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.fdx data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.fnm data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6q.cfe data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6m.cfe data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6n.cfs data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.kdd data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6m_1_Lucene80_0.dvd data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_Lucene84_0.tip data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_4_Lucene80_0.dvd data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_Lucene84_0.tim data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6q.cfs data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_Lucene84_0.tmd data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6n.cfe data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.nvm data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6m.si data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6m.cfs data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_Lucene84_0.doc data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_Lucene80_0.dvd data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/segments_5 data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_Lucene84_0.pos data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.si data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.kdi data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6m_1.fnm data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.kdm data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_4.fnm data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.fdt data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_Lucene80_0.dvm data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.nvd data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6n.si data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l_4_Lucene80_0.dvm data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/write.lock data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6m_1_Lucene80_0.dvm data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/0/index/_6l.fdm data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/_state/ data/elk/data/nodes/0/indices/VMOHKVEXR22sT6GUuszIrA/_state/state-9.st Created symlink /etc/systemd/system/multi-user.target.wants/tpot.service ā /etc/systemd/system/tpot.service.
| _ \ (_) (_) | |) / _ \ '| ' ` | / / | |/ | ' \/ | | / / | | | | | | | _ _ \ | () | | | _ \ || \|| || || ||_|//_|__/|| |_|___/
/ \ | |() __ | | | | ' | | |/ | ' \/ | | || | |) | || | () | | | _ \ \/| ./ _||_/|| ||__/ ||
Generating grub configuration file ... Found linux image: /boot/vmlinuz-4.19.0-13-amd64 Found initrd image: /boot/initrd.img-4.19.0-13-amd64 done
/ | | | __ | | _ \ / _ \ _| | | | ' \ / / | ' \/ |/ | |/ \ _) | _/ || || | |) | | (| () | | | \ \ (_) | | / |_/ \|_|_,| ./ \_/|| ||__/\/|_|__| ||
update-initramfs: Generating /boot/initrd.img-4.19.0-13-amd64
/ | | | _ _ | |_ _ \ / _ \ | | | | ' \ | ' | '/ | ' ` | ' | _| ) | / || || | |) | | |) | | | () | | | | | | |) | | |____/ \|_|_,| ./ | ./|| __/|| || || ./ \| || || |_|
[[ $- == i ]] || return PS1="[\033[38;5;8m][[$(tput sgr0)][\033[38;5;1m]\u[$(tput sgr0)][\033[38;5;6m]@[$(tput sgr0)][\033[38;5;4m]\h[$(tput sgr0)][\033[38;5;6m]:[$(tput sgr0)][\033[38;5;5m]\w[$(tput sgr0)][\033[38;5;8m]][$(tput sgr0)][\033[38;5;1m]\$[$(tput sgr0)][\033[38;5;15m] [$(tput sgr0)]" export LS_OPTIONS='--color=auto' eval "
dircolors" alias ls='ls $LS_OPTIONS' alias ll='ls $LS_OPTIONS -l' alias l='ls $LS_OPTIONS -lA' PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/tpot/bin" [[ $- == i ]] || return PS1="[\033[38;5;8m][[$(tput sgr0)][\033[38;5;2m]\u[$(tput sgr0)][\033[38;5;6m]@[$(tput sgr0)][\033[38;5;4m]\h[$(tput sgr0)][\033[38;5;6m]:[$(tput sgr0)][\033[38;5;5m]\w[$(tput sgr0)][\033[38;5;8m]][$(tput sgr0)][\033[38;5;2m]\$[$(tput sgr0)][\033[38;5;15m] [$(tput sgr0)]" PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/tpot/bin" [[ $- == i ]] || return PS1="[\033[38;5;8m][[$(tput sgr0)][\033[38;5;2m]\u[$(tput sgr0)][\033[38;5;6m]@[$(tput sgr0)][\033[38;5;4m]\h[$(tput sgr0)][\033[38;5;6m]:[$(tput sgr0)][\033[38;5;5m]\w[$(tput sgr0)][\033[38;5;8m]][$(tput sgr0)][\033[38;5;2m]\$[$(tput sgr0)][\033[38;5;15m] [$(tput sgr0)]" PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/tpot/bin" [[ $- == i ]] || return PS1="[\033[38;5;8m][[$(tput sgr0)][\033[38;5;2m]\u[$(tput sgr0)][\033[38;5;6m]@[$(tput sgr0)][\033[38;5;4m]\h[$(tput sgr0)][\033[38;5;6m]:[$(tput sgr0)][\033[38;5;5m]\w[$(tput sgr0)][\033[38;5;8m]][$(tput sgr0)][\033[38;5;2m]\$[$(tput sgr0)][\033[38;5;15m] [$(tput sgr0)]" PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/tpot/bin"| | | |_ | | | | _ | | \ | | | | ' \ / ` |/ ` | / \ | || |) | | || | |) | (| | (| | || / | || / _/| ./ _,|_,|_\| |__||
|_|
Trying: curl -s ip.tyk.nu Trying: curl -s api.ipify.org [MAIN] ip = 85.242.165.183 HONEY_UUID=09ac0177-094e-41cf-8772-42f42ef0bf05 18bcb878-be8b-47de-83a6-1dd9d19564cf 3d49abf7-836d-4ffa-ae26-b9d05ae28dcd 4fd2bf0e-caf9-45c9-ae83-96ebd38b5f91 MY_EXTIP=85.242.165.183 MY_INTIP=192.168.1.165 MY_HOSTNAME=noisysentence
/ | | _
| | | |/ \/ ` | ' \ | | | | ' \ | |_| | _/ (| | | | | | || | |) | __||\|_,|| || _,| ._/ ||
Reading package lists... Building dependency tree... Reading state information... Del python3-dbus 1.2.8-3 [103 kB] Del python3-software-properties 0.96.20.2-2 [49.6 kB] Del cracklib-runtime 2.9.6-2 [155 kB] Del netselect 0.3.ds1-28+b1 [31.9 kB] Del toilet-fonts 0.3-1.2 [724 kB] Del packagekit-tools 1.1.12-5 [46.9 kB] Del xdg-user-dirs 0.17-2 [53.8 kB] Del aria2 1.34.0-4 [362 kB] Del packagekit 1.1.12-5 [593 kB] Del fuse 2.9.9-1+deb10u1 [72.3 kB] Del unattended-upgrades 1.11.2 [79.0 kB] Del libpackagekit-glib2-18 1.1.12-5 [116 kB] Del libpq-dev 11.9-0+deb10u1 [163 kB] Del libcrack2 2.9.6-2 [55.4 kB] Del libglib2.0-bin 2.58.3-2+deb10u2 [126 kB] Del sudo 1.8.27-1+deb10u2 [1,245 kB] Del libgirepository-1.0-1 1.58.3-2 [92.8 kB] Del libpq5 11.9-0+deb10u1 [167 kB] Del python3-distro-info 0.21 [7,896 B] Del dialog 1.3-20190211-1 [274 kB] Del grc 1.11.3-1 [43.0 kB] Del gir1.2-glib-2.0 1.58.3-2 [143 kB] Del libglib2.0-0 2.58.3-2+deb10u2 [1,258 kB] Del python3-gi 3.30.4-1 [180 kB] Del libpolkit-backend-1-0 0.105-25 [48.0 kB] Del libapr1 1.6.5-1+b1 [102 kB] Del libgstreamer1.0-0 1.14.4-1 [2,103 kB] Del libpolkit-gobject-1-0 0.105-25 [45.9 kB] Del libc-ares2 1.14.0-1 [85.8 kB] Del libstemmer0d 0+svn585-1+b2 [63.3 kB] Del gir1.2-packagekitglib-1.0 1.1.12-5 [35.9 kB] Del net-tools 1.60+git20180626.aebd88e-1 [248 kB] Del software-properties-common 0.96.20.2-2 [83.3 kB] Del libyaml-0-2 0.2.1-1 [47.2 kB] Del libcaca0 0.99.beta19-2.1 [346 kB] Del libaprutil1 1.6.1-4 [91.8 kB] Del netselect-apt 0.3.ds1-28 [18.7 kB] Del toilet 0.3-1.2 [22.0 kB] Del policykit-1 0.105-25 [64.0 kB] Del libappstream4 0.12.5-1 [110 kB] Del libpolkit-agent-1-0 0.105-25 [26.1 kB] Del libglib2.0-data 2.58.3-2+deb10u2 [1,110 kB] Del liberror-perl 0.17027-2 [30.9 kB] Del libaria2-0 1.34.0-4 [1,091 kB] Del figlet 2.2.5-3 [136 kB] Del shared-mime-info 1.10-1 [766 kB] Reading package lists... Building dependency tree... Reading state information... 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
| _ \ _| |_ | |()
| |) / \ ' \ / \ / | | | ' \ /
| | _ < __/ |_) | (_) | (_) | |_| | | | | (_| | _ _ _ |_| \_\___|_.__/ \___/ \___/ \__|_|_| |_|\__, | (_|_|_) |___/ ##############################################################