Fresh install not working since today?

[SunstriderX]

Hello there,

I'm trying to perform some fresh install in a new VM, but it's apparently not working. Maybe new online repos changed screwing with the installer script? It appears as the installation does not finish properly, and after rebooting I get an error. I'm playing with the same .iso file that worked flawlessly a few weeks ago, nothing changed in my environment. The error I get is related to the rc.local file. See screenshot for more info:

edit: I tried re-running the script manually again, and even creating a rc.locale file. No success.

[t3chn0m4g3]

Please sudo su - and post cat of ...

/install.err
/install.log
/etc/issue
/etc/rc.local

Does ...

curl -s whatsmyip.org/raw

... return your external IP?

Are you having a static or dynamically assigned external IP?

[SunstriderX]

Hi @t3chn0m4g3 , first of all, the curl does not return my external IP address when querying that URL, but I do have external connectivity. It's a dynamic IP address, but I tried on a different environment with a static one and the result is the same. I tried many times, and after a few variations this is the furthest I got. (Variations include different languages, and more space assigned on the VM although I think it should have been enough since the beginning) I'm trying once more while writing these lines :)

Here the outputs you requested:

And the output of install.log

[root@sushiplace:~]# cat /install.log
### Removing NGINX default website. 
### Waiting a few seconds to avoid interference with service messages. 
### Please choose your install type and notice HW recommendation. 

    [T] - T-Pot Standard Installation 
          - Cowrie, Dionaea, Elasticpot, Glastopf, Honeytrap, Suricata & ELK 
          - 4 GB RAM (6-8 GB recommended) 
          - 64GB disk (128 GB SSD recommended) 

    [H] - Honeypots Only Installation 
          - Cowrie, Dionaea, ElasticPot, Glastopf & Honeytrap 
          - 3 GB RAM (4-6 GB recommended) 
          - 64 GB disk (64 GB SSD recommended) 

    [I] - Industrial 
          - ConPot, eMobility, ELK & Suricata 
          - 4 GB RAM (8 GB recommended) 
          - 64 GB disk (128 GB SSD recommended) 

    [E] - Everything 
          - All of the above 
          - 8 GB RAM 
          - 128 GB disk or larger (128 GB SSD or larger recommended) 

### You chose: TPOT 

### Please enter a web user name and password. 
Your username is: admin

### Generating a self-signed-certificate for NGINX. 
### If you are unsure you can use the default values. 
### Providing a wireless example config. 

### Example wireless config without 802.1x
### This configuration was tested with the IntelNUC series
### If problems occur you can try and change wpa-driver to "iwlwifi"
#
#auto wlan0
#iface wlan0 inet dhcp
#   wpa-driver wext
#   wpa-ssid <your_ssid_here_without_brackets>
#   wpa-ap-scan 1
#   wpa-proto RSN
#   wpa-pairwise CCMP
#   wpa-group CCMP
#   wpa-key-mgmt WPA-PSK
#   wpa-psk "<your_password_here_without_brackets>"
### Let's make sure SSH roaming is turned off. 
UseRoaming no
### Pulling Updates. 
Hit:1 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]
Fetched 306 kB in 0s (472 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists...
Building dependency tree...
Reading state information...
Reading package lists...
Building dependency tree...
Reading state information...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
### Installing alerta-cli. 
Collecting pip
  Downloading pip-9.0.1-py2.py3-none-any.whl (1.3MB)
Installing collected packages: pip
  Found existing installation: pip 8.1.1
    Not uninstalling pip at /usr/lib/python2.7/dist-packages, outside environment /usr
Successfully installed pip-9.0.1
Collecting alerta
  Downloading alerta-4.8.7.tar.gz
Requirement already satisfied: argparse in /usr/lib/python2.7 (from alerta)
Collecting requests (from alerta)
  Downloading requests-2.13.0-py2.py3-none-any.whl (584kB)
Collecting pytz (from alerta)
  Downloading pytz-2016.10-py2.py3-none-any.whl (483kB)
Building wheels for collected packages: alerta
  Running setup.py bdist_wheel for alerta: started
  Running setup.py bdist_wheel for alerta: finished with status 'done'
  Stored in directory: /root/.cache/pip/wheels/73/fe/f9/30bedda5d2dc08550d09b3a3e9a6fd0bab6076d62a6eb28d0c
Successfully built alerta
Installing collected packages: requests, pytz, alerta
Successfully installed alerta-4.8.7 pytz-2016.10 requests-2.13.0
### Installing wetty. 
/usr/local/bin/wetty -> /usr/local/lib/node_modules/wetty/bin/wetty.js

> pty.js@0.3.1 install /usr/local/lib/node_modules/wetty/node_modules/pty.js
> node-gyp rebuild

make: Entering directory '/usr/local/lib/node_modules/wetty/node_modules/pty.js/build'
  CXX(target) Release/obj.target/pty/src/unix/pty.o
  SOLINK_MODULE(target) Release/obj.target/pty.node
  COPY Release/pty.node
make: Leaving directory '/usr/local/lib/node_modules/wetty/node_modules/pty.js/build'
/usr/local/lib
└─┬ wetty@0.2.0  (git://github.com/t3chn0m4g3/wetty.git#daf65eaf09a1f99d3a2a1a7673d39f1843dc4c1d)
  ├─┬ express@3.5.1 
  │ ├── buffer-crc32@0.2.1 
  │ ├─┬ commander@1.3.2 
  │ │ └── keypress@0.1.0 
  │ ├─┬ connect@2.14.1 
  │ │ ├── basic-auth-connect@1.0.0 
  │ │ ├── bytes@0.2.1 
  │ │ ├─┬ compression@1.0.0 
  │ │ │ ├── compressible@1.0.0 
  │ │ │ └── negotiator@0.3.0 
  │ │ ├── connect-timeout@1.0.0 
  │ │ ├─┬ cookie-parser@1.0.1 
  │ │ │ └── cookie@0.1.0 
  │ │ ├─┬ csurf@1.0.0 
  │ │ │ └── uid2@0.0.3 
  │ │ ├── errorhandler@1.0.0 
  │ │ ├─┬ express-session@1.0.2 
  │ │ │ ├── cookie@0.1.0 
  │ │ │ ├── debug@0.7.4 
  │ │ │ └── utils-merge@1.0.0 
  │ │ ├── method-override@1.0.0 
  │ │ ├── morgan@1.0.0 
  │ │ ├─┬ multiparty@2.2.0 
  │ │ │ ├─┬ readable-stream@1.1.14 
  │ │ │ │ ├── core-util-is@1.0.2 
  │ │ │ │ ├── inherits@2.0.3 
  │ │ │ │ └── string_decoder@0.10.31 
  │ │ │ └── stream-counter@0.2.0 
  │ │ ├── pause@0.0.1 
  │ │ ├── qs@0.6.6 
  │ │ ├── raw-body@1.1.3 
  │ │ ├── response-time@1.0.0 
  │ │ ├─┬ serve-index@1.0.1 
  │ │ │ ├── batch@0.5.0 
  │ │ │ └── negotiator@0.4.2 
  │ │ ├── serve-static@1.0.2 
  │ │ ├── static-favicon@1.0.0 
  │ │ └── vhost@1.0.0 
  │ ├── cookie@0.1.1 
  │ ├── cookie-signature@1.0.3 
  │ ├── debug@0.8.1 
  │ ├── fresh@0.2.2 
  │ ├── merge-descriptors@0.0.2 
  │ ├── methods@0.1.0 
  │ ├── mkdirp@0.3.5 
  │ ├── range-parser@1.0.0 
  │ └─┬ send@0.2.0 
  │   └── mime@1.2.11 
  ├─┬ optimist@0.6.1 
  │ ├── minimist@0.0.10 
  │ └── wordwrap@0.0.3 
  ├─┬ pty.js@0.3.1 
  │ ├── extend@1.2.1 
  │ └── nan@2.3.5 
  └─┬ socket.io@1.7.3 
    ├─┬ debug@2.3.3 
    │ └── ms@0.7.2 
    ├─┬ engine.io@1.8.3 
    │ ├─┬ accepts@1.3.3 
    │ │ ├─┬ mime-types@2.1.14 
    │ │ │ └── mime-db@1.26.0 
    │ │ └── negotiator@0.6.1 
    │ ├── base64id@1.0.0 
    │ ├── cookie@0.3.1 
    │ ├── debug@2.3.3 
    │ ├─┬ engine.io-parser@1.3.2 
    │ │ ├── after@0.8.2 
    │ │ ├── arraybuffer.slice@0.0.6 
    │ │ ├── base64-arraybuffer@0.1.5 
    │ │ ├── blob@0.0.4 
    │ │ └── wtf-8@1.0.0 
    │ └─┬ ws@1.1.2 
    │   ├── options@0.0.6 
    │   └── ultron@1.0.2 
    ├─┬ has-binary@0.1.7 
    │ └── isarray@0.0.1 
    ├── object-assign@4.1.0 
    ├─┬ socket.io-adapter@0.5.0 
    │ └── debug@2.3.3 
    ├─┬ socket.io-client@1.7.3 
    │ ├── backo2@1.0.2 
    │ ├── component-bind@1.0.0 
    │ ├── component-emitter@1.2.1 
    │ ├── debug@2.3.3 
    │ ├─┬ engine.io-client@1.8.3 
    │ │ ├── component-emitter@1.2.1 
    │ │ ├── component-inherit@0.0.3 
    │ │ ├── debug@2.3.3 
    │ │ ├── has-cors@1.1.0 
    │ │ ├── parsejson@0.0.3 
    │ │ ├── parseqs@0.0.5 
    │ │ ├── xmlhttprequest-ssl@1.5.3 
    │ │ └── yeast@0.1.2 
    │ ├── indexof@0.0.1 
    │ ├── object-component@0.0.3 
    │ ├─┬ parseuri@0.0.5 
    │ │ └─┬ better-assert@1.0.2 
    │ │   └── callsite@1.0.0 
    │ └── to-array@0.1.4 
    └─┬ socket.io-parser@2.3.1 
      ├── component-emitter@1.1.2 
      ├─┬ debug@2.2.0 
      │ └── ms@0.7.1 
      └── json3@3.3.2 

### Adding the docker repository. 
Executing: /tmp/tmp.9JkUybsSqb/gpg.1.sh --keyserver
hkp://p80.pool.sks-keyservers.net:80
--recv-keys
58118E89F3A912897C070ADBF76221572C52609D
deb https://apt.dockerproject.org/repo ubuntu-xenial main
### Pulling Updates. 
Hit:1 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]
Get:5 https://apt.dockerproject.org/repo ubuntu-xenial InRelease [30.2 kB]
Get:6 https://apt.dockerproject.org/repo ubuntu-xenial/main amd64 Packages [3,580 B]
Fetched 340 kB in 0s (349 kB/s)
Reading package lists...
### Installing docker-engine. 
### You can safely ignore the [FAILED] message, 
### which is caused by a bug in the docker installer. 
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  docker-engine
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 19.3 MB of archives.
After this operation, 102 MB of additional disk space will be used.
Get:1 https://apt.dockerproject.org/repo ubuntu-xenial/main amd64 docker-engine amd64 1.12.2-0~xenial [19.3 MB]
Fetched 19.3 MB in 43s (439 kB/s)
Selecting previously unselected package docker-engine.
(Reading database ... 74495 files and directories currently installed.)
Preparing to unpack .../docker-engine_1.12.2-0~xenial_amd64.deb ...
Unpacking docker-engine (1.12.2-0~xenial) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for systemd (229-4ubuntu16) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up docker-engine (1.12.2-0~xenial) ...
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
invoke-rc.d: initscript docker, action "start" failed.
dpkg: error processing package docker-engine (--configure):
 subprocess installed post-installation script returned error exit status 1
Processing triggers for systemd (229-4ubuntu16) ...
Processing triggers for ureadahead (0.100.0-19) ...
Errors were encountered while processing:
 docker-engine
### Adding new user. 
Adding group `tpot' (GID 2000) ...
Done.
Adding system user `tpot' (UID 2000) ...
Adding new user `tpot' (UID 2000) with group `tpot' ...
Not creating home directory `/home/tpot'.
### Setting a new hostname. 
### Patching sshd_config to listen on port 64295 and deny password authentication. 
### Allow SSH password authentication from RFC1918 networks 
Match address 127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
    PasswordAuthentication yes
### Patching docker defaults. 
DOCKER_OPTS="-r=false"
### Preparing TPOT flavor installation.
### Loading docker images. Please be patient, this may take a while. 
latest1610: Pulling from dtagdevsec/cowrie
b5161f7f1772: Pulling fs layer
ccce2af570f2: Pulling fs layer
0a1f1315577e: Pulling fs layer
ccce2af570f2: Verifying Checksum
ccce2af570f2: Download complete
b5161f7f1772: Verifying Checksum
b5161f7f1772: Download complete
b5161f7f1772: Pull complete
ccce2af570f2: Pull complete
0a1f1315577e: Verifying Checksum
0a1f1315577e: Download complete
0a1f1315577e: Pull complete
Digest: sha256:5a2d1fde24e93568dd3ec07c672252bd7e91070dd2c42d33389b2d75f2e37ddb
Status: Downloaded newer image for dtagdevsec/cowrie:latest1610
latest1610: Pulling from dtagdevsec/dionaea
c60055a51d74: Pulling fs layer
755da0cdb7d2: Pulling fs layer
969d017f67e6: Pulling fs layer
37c9a9113595: Pulling fs layer
a3d9f8479786: Pulling fs layer
03a43e91023d: Pulling fs layer
b3a5d145f922: Pulling fs layer
37c9a9113595: Waiting
a3d9f8479786: Waiting
03a43e91023d: Waiting
b3a5d145f922: Waiting
969d017f67e6: Verifying Checksum
969d017f67e6: Download complete
755da0cdb7d2: Verifying Checksum
755da0cdb7d2: Download complete
37c9a9113595: Verifying Checksum
37c9a9113595: Download complete
a3d9f8479786: Verifying Checksum
a3d9f8479786: Download complete
03a43e91023d: Verifying Checksum
03a43e91023d: Download complete
b3a5d145f922: Verifying Checksum
b3a5d145f922: Download complete
c60055a51d74: Verifying Checksum
c60055a51d74: Download complete
c60055a51d74: Pull complete
755da0cdb7d2: Pull complete
969d017f67e6: Pull complete
37c9a9113595: Pull complete
a3d9f8479786: Pull complete
03a43e91023d: Pull complete
b3a5d145f922: Pull complete
Digest: sha256:0b1e430756d7696abbc6eb0359a9ec509f4080912898a2b24e38054ec090bc44
Status: Downloaded newer image for dtagdevsec/dionaea:latest1610
latest1610: Pulling from dtagdevsec/elasticpot
b5161f7f1772: Already exists
de4ec7497c3a: Pulling fs layer
f6d26312cc15: Pulling fs layer
de4ec7497c3a: Verifying Checksum
de4ec7497c3a: Download complete
de4ec7497c3a: Pull complete
f6d26312cc15: Verifying Checksum
f6d26312cc15: Download complete
f6d26312cc15: Pull complete
Digest: sha256:52ba9f9a7983077f546b76502cce1d75c4887619279fb4ceb1ac2e61da6ebfc6
Status: Downloaded newer image for dtagdevsec/elasticpot:latest1610
latest1610: Pulling from dtagdevsec/elk
5040bd298390: Pulling fs layer
5f7371c83d40: Pulling fs layer
8c5577a4b1d5: Pulling fs layer
5f7371c83d40: Verifying Checksum
5f7371c83d40: Download complete
5040bd298390: Verifying Checksum
5040bd298390: Download complete
5040bd298390: Pull complete
5f7371c83d40: Pull complete
8c5577a4b1d5: Verifying Checksum
8c5577a4b1d5: Download complete
8c5577a4b1d5: Pull complete
Digest: sha256:a4baa948cf60d21efb9d20764200fc1de7b5ad585a0af40c93f4348ac874bd95
Status: Downloaded newer image for dtagdevsec/elk:latest1610
latest1610: Pulling from dtagdevsec/glastopf
8aec416115fd: Pulling fs layer
695f074e24e3: Pulling fs layer
946d6c48c2a7: Pulling fs layer
bc7277e579f0: Pulling fs layer
2508cbcde94b: Pulling fs layer
c707b4b0f8d0: Pulling fs layer
14611b51e4bc: Pulling fs layer
b05fe1c330cf: Pulling fs layer
bc7277e579f0: Waiting
2508cbcde94b: Waiting
c707b4b0f8d0: Waiting
14611b51e4bc: Waiting
b05fe1c330cf: Waiting
695f074e24e3: Verifying Checksum
695f074e24e3: Download complete
946d6c48c2a7: Verifying Checksum
946d6c48c2a7: Download complete
2508cbcde94b: Verifying Checksum
2508cbcde94b: Download complete
bc7277e579f0: Verifying Checksum
bc7277e579f0: Download complete
c707b4b0f8d0: Verifying Checksum
c707b4b0f8d0: Download complete
b05fe1c330cf: Verifying Checksum
b05fe1c330cf: Download complete
8aec416115fd: Verifying Checksum
8aec416115fd: Download complete
8aec416115fd: Pull complete
695f074e24e3: Pull complete
946d6c48c2a7: Pull complete
bc7277e579f0: Pull complete
2508cbcde94b: Pull complete
c707b4b0f8d0: Pull complete
14611b51e4bc: Verifying Checksum
14611b51e4bc: Download complete
14611b51e4bc: Pull complete
b05fe1c330cf: Pull complete
Digest: sha256:e570a7c66491f8f5dab29ebf6391998b38cdd483019484ec15d42124a7cbe21e
Status: Downloaded newer image for dtagdevsec/glastopf:latest1610
latest1610: Pulling from dtagdevsec/honeytrap
5040bd298390: Already exists
a42acbeb69a1: Pulling fs layer
1b6b9d2e9839: Pulling fs layer
a42acbeb69a1: Verifying Checksum
a42acbeb69a1: Download complete
a42acbeb69a1: Pull complete
1b6b9d2e9839: Verifying Checksum
1b6b9d2e9839: Download complete
1b6b9d2e9839: Pull complete
Digest: sha256:5f7b7056e47123fe2919dcce17623156781dced01e83aaa2d2eab907a83d1af2
Status: Downloaded newer image for dtagdevsec/honeytrap:latest1610
latest1610: Pulling from dtagdevsec/suricata
8aec416115fd: Already exists
695f074e24e3: Already exists
946d6c48c2a7: Already exists
bc7277e579f0: Already exists
2508cbcde94b: Already exists
529bb1607046: Pulling fs layer
37cfb61d4586: Pulling fs layer
529bb1607046: Verifying Checksum
529bb1607046: Download complete
529bb1607046: Pull complete
37cfb61d4586: Verifying Checksum
37cfb61d4586: Download complete
37cfb61d4586: Pull complete
Digest: sha256:4ef5c74f7780bc8addedf863fff010bfb07f435bf9dfb031a7674f3352a9f770
Status: Downloaded newer image for dtagdevsec/suricata:latest1610
latest1610: Pulling from dtagdevsec/netdata
8aec416115fd: Already exists
695f074e24e3: Already exists
946d6c48c2a7: Already exists
bc7277e579f0: Already exists
2508cbcde94b: Already exists
8d41148e0cb3: Pulling fs layer
8d41148e0cb3: Verifying Checksum
8d41148e0cb3: Download complete
8d41148e0cb3: Pull complete
Digest: sha256:642d5e7137a506d33a973153e38ec4fb7417ad39c22412337f5fd957c4d84e2f
Status: Downloaded newer image for dtagdevsec/netdata:latest1610
latest1610: Pulling from dtagdevsec/ui-for-docker
a3ed95caeb02: Pulling fs layer
802d894958a2: Pulling fs layer
c6e381376096: Pulling fs layer
b3dc143e629d: Pulling fs layer
b3dc143e629d: Waiting
a3ed95caeb02: Verifying Checksum
a3ed95caeb02: Download complete
a3ed95caeb02: Pull complete
802d894958a2: Verifying Checksum
802d894958a2: Download complete
802d894958a2: Pull complete
b3dc143e629d: Verifying Checksum
b3dc143e629d: Download complete
c6e381376096: Verifying Checksum
c6e381376096: Download complete
c6e381376096: Pull complete
b3dc143e629d: Pull complete
Digest: sha256:88a7a46cf4ee7720b386f51fb1bd8cf3528769813382c1f52b6f1846093ad5db
Status: Downloaded newer image for dtagdevsec/ui-for-docker:latest1610
### Modifying update checks. 
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "7";
### Reboot after kernel panic. 

# Reboot after kernel panic, check via /proc/sys/kernel/panic[_on_oops]
kernel.panic = 1
kernel.panic_on_oops = 1
### Adding cronjobs. 

# Show running containers every 60s via /dev/tty2
#*/2 * * * *    root    status.sh > /dev/tty2

# Check if containers and services are up
*/5 * * * * root    check.sh

# Example for alerta-cli IP update
#*/5 * * * *    root    alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t $(cat /data/elk/logstash/mylocal.ip) --status open

# Check if updated images are available and download them
27 1 * * *  root    for i in $(cat /data/images.conf); do docker pull dtagdevsec/$i:latest1610; done

# Restart docker service and containers
27 3 * * *  root    dcres.sh

# Delete elastic indices older than 90 days (kibana index is omitted by default)
27 4 * * *  root    docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'

# Update IP and erase check.lock if it exists
27 15 * * * root    /etc/rc.local

# Daily reboot
27 23 * * * root    reboot

# Check for updated packages every sunday, upgrade and reboot
27 16 * * 0 root    apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot
### Creating some files and folders. 
data/elk/
data/elk/data/
data/elk/data/tpotcluster/
data/elk/data/tpotcluster/nodes/
data/elk/data/tpotcluster/nodes/0/
data/elk/data/tpotcluster/nodes/0/indices/
data/elk/data/tpotcluster/nodes/0/indices/.kibana/
data/elk/data/tpotcluster/nodes/0/indices/.kibana/_state/
data/elk/data/tpotcluster/nodes/0/indices/.kibana/_state/state-11.st
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/_state/
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/_state/state-6.st
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/translog/
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/translog/translog-20.tlog
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/translog/translog.ckp
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_4z.si
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/segments_t
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l_Lucene54_0.dvm
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_4r.cfs
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l_Lucene50_0.doc
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_56.cfs
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/write.lock
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_55.si
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_51.cfe
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l_Lucene50_0.tip
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_51.cfs
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_50.cfs
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l.fdx
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_50.cfe
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l.fnm
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_56.si
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l.si
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l.fdt
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l_Lucene50_0.tim
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_50.si
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_4r.cfe
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_4q.cfs
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_4q.si
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_55.cfe
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_55.cfs
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l.nvm
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_4z.cfs
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_4r.si
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_51.si
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l.nvd
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_4z.cfe
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l_4.liv
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l_Lucene54_0.dvd
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_4q.cfe
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_2l_Lucene50_0.pos
data/elk/data/tpotcluster/nodes/0/indices/.kibana/0/index/_56.cfe
data/elk/data/tpotcluster/nodes/0/_state/
data/elk/data/tpotcluster/nodes/0/_state/global-7.st
data/elk/data/tpotcluster/nodes/0/node.lock
data/elk/log/
data/elk/logstash/
data/elk/logstash/mylocal.ip
data/elk/logstash/conf/
### Enabling T-Pot website. 
update-initramfs: Generating /boot/initrd.img-4.4.0-64-generic
PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"
PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"

Output of install.err

[root@sushiplace:~]# cat /install.err
Install Type: Username (tsec not allowed): OK (y/n)? Password: Repeat password: Adding password for user admin
Generating a 8192 bit RSA private key
.........................................................................................................................................................++
.....................................++
writing new private key to '/etc/nginx/ssl/nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []:Email Address []:npm WARN deprecated static-favicon@1.0.0: use serve-favicon module
../src/unix/pty.cc: In function ‘Nan::NAN_METHOD_RETURN_TYPE PtyFork(Nan::NAN_METHOD_ARGS_TYPE)’:
../src/unix/pty.cc:222:34: warning: ignoring return value of ‘int chdir(const char*)’, declared with attribute warn_unused_result [-Wunused-result]
       if (strlen(cwd)) chdir(cwd);
                                  ^
gpg: requesting key 2C52609D from hkp server p80.pool.sks-keyservers.net
gpg: key 2C52609D: public key "Docker Release Tool (releasedocker) <docker@docker.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
E: Sub-process /usr/bin/dpkg returned an error code (1)
Created symlink from /etc/systemd/system/multi-user.target.wants/cowrie.service to /etc/systemd/system/cowrie.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/dionaea.service to /etc/systemd/system/dionaea.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticpot.service to /etc/systemd/system/elasticpot.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/elk.service to /etc/systemd/system/elk.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/glastopf.service to /etc/systemd/system/glastopf.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/honeytrap.service to /etc/systemd/system/honeytrap.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/suricata.service to /etc/systemd/system/suricata.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/netdata.service to /etc/systemd/system/netdata.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/ui-for-docker.service to /etc/systemd/system/ui-for-docker.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/wetty.service to /etc/systemd/system/wetty.service.
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.4.0-64-generic
Found initrd image: /boot/initrd.img-4.4.0-64-generic
done

As usual, thanks a lot for your time!!

[SunstriderX]

Alright, quick update, after giving it even more space, it worked flawlessly. All the files have been populated with their proper values, I'm going to run some tests on it to confirm everything is working fine.

[t3chn0m4g3]

We had some issues with resolving the external IP with whatsmyip.org and I pushed a solution to master with commit 7036a7fc77cf3c6b827e5d348601cf513f827d09. You can clone from master and build a new ISO. Feedback is welcome :bowtie: