telekom-security / tpotce Goto Github PK
View Code? Open in Web Editor NEW๐ฏ T-Pot - The All In One Honeypot Platform ๐
License: GNU General Public License v3.0
๐ฏ T-Pot - The All In One Honeypot Platform ๐
License: GNU General Public License v3.0
Hello,
I am using t-pot 16.03 and after a while (one week) it is not working anymore, the status.sh command display waiting for services......... services are busy or not available....etc
Thank you.
port forwarding needs to be changed from -p 5060:5060/udp to -p 5060/udp:5060/udp
I was wondering if there is a way for logs of the various honeypots to keep their entries persistent i.e. not lose them every new day/start of the VM. Many thanks.
we will loose maxmind ASN feature due to limitation of logstash geo plugin (will only read .mmdb, no more .dat)
While trying to install from the prebuild image http://community-honeypot.de/tpot.iso I get this error message. I have tried it twice but no luck.
Hello,
It is possible to change dionaea ftp fingerprint? Because nmap show that is a honeypot. I could modify the internal config file of dionaea but if I restart the docker the configuration is returned to default.
Thank you.
Where can I find this file to enable ssh? It is not in the same directory as the 2factor script. I am running the VM provided.
Being able to deploy multiple TPot's and have them send logs to a central collector or aggregator for visualization would be nice. HPFeeds does not appear to retain the same level of integrity as the events visible in the ELK stack, maybe add an optional Splunk Docker container to have a Splunk Forwarder send events to a Splunk server or some other method.
Is it possible to access the kibana dashboard without prior setup a ssh-tunnel? I tried with some NAT rules but no success so far. Background: I want to retrieve sensor data with my own scripts. Is it maybe possible to access the sensor data without the dashboard? Is there an export option I missed? Would be really great to access the data from my own scripts :-)
Thanks for any hint
tobi
Hi, in my dashboard i can only see honeytrap and cowrie to be active, with some counts, please how can i enable the others. Also how to get T-Pot attack logfile. tq
Hi there,
I found the project really interesting, but I wanted to try to take control of the logs of the honeypots by my own means. The problem is that I didn't find any place which would tell all of the different logs that each honeypot can report in order to make rules, being stuck with Kibana for the visualization of the logs. Is there any documentation of all the unique alerts that each honeypot can log?
Thanks in advance, and great job guys!
I was wondering what the TPOT system should be classified under if installed in a VM environment on a host with a bridged connection. Is it still a host intrusion detection system or a network intrusion detection system since it now can be accessed through the Internet? Or is it an enhanced HIDS with internet access?
I am confused can you please clarify?
Hello there,
atm hpfeeds are by default exported to Sicherheitstacho.
I would like to keep this going but add some further destinations in my local network.
Can this be achieved by editing the basic ews-configs? How would the config for this look like?
Thanks,
Bo
Hello,
I install the t-pot 16.10 distribution and worked fine for a couple of days, but today I try to access kibana at 127.0.0.1:8080 and not working. Output of the status.sh seems to be OK. I restart the honeypot, I restart the services... and nothing...
Thank you.
HI
I have completed the details below. Please could you advise me as to whether or not it is possible to replay attacks. This is a great advantage in Kippo and was wondering if the same is possible in T-Pot. If possible how do I replay the attack. Can this also be achieved with Kibana
I am also looking for the Payloads that is being recorded or captured as I would like to analyse the payloads. Where do I find this ? Can this also be viewed on Kibana dashboard for quick access ?
Looking forward to your reply.
Sincerely.
Gerhard
Thank you for your decision to contribute to T-Pot.
Please feel free to post your problems, ideas and issues here. We will try to answer ASAP, but to speed things up we encourage you to ...
Thank you ๐
/data/
. You have to login via ssh and run sudo cd /data/
. Do not change any permissions here or T-Pot will fail to work.htop
)? 18,053mbhtop
)? No stress at all I am using a Xeon Processorhtop
)? 0sudo df -h
)? 1Terabytesudo start.sh
)? startedI have kept persistence.on file located in data folder for a week with no problem. Today, the glastopf.log deleted all other logs and started from 2016-04-23. Why did this happen?
Need more information
Probably timing problem within upstart and dependencies.
As it stands T-Pot is a nicely integrated solution but adding bricks to it is cumbersome and requires either changing most installation scripts or abandonning this nice integration to deploy other tools aside from T-Pot.
It is mostly a matter of hardcoded names. While I think making it work with ews may be troublesome as it would on the information sharing side it would still be nice to have a plugin system to add containers of other origins.
This would also IMHO make it easier to deploy as more specific honeypots have more value in enterprises.
Howdy colleagues
I Just installed TpotCE successfully w/ support from your inst-video. Now I am stuck at minute 6:56 of your video at that point where to configure the ssh tunnel to get access via browser on localhost:8080. Here I get the message of 'connection refused'. Where does this message belong to? Does it refer to the access to my pub-IP via ssh? Or does it say that the access to localhost is denied?
Where exactly does the tunnel want to connect to and where is this request rejected then?
Your response will be highly appreciated.
Kind regards,
Roger
hi, i cant find (ssh_enable.sh) in the same session i found (2fa_enable.sh). and when i try connect to ssh based on the installation given i get port 64295: connection refused. pls can i get a deep details on how to do it. Thanks
After 6hrs of the system running non-stop without any issues, when doing status.sh, I get Error response from daemon: No such container: dionaea. This happened just now.
Before restarting the VM, container cowrie also stopped running. What is the problem? Should I restart the host machine?
Hello. When I run sudo status.sh, a few of the containers show "ewsposter fatal: exited too quickly (process log may have details)." Should I be concerned? The pots affected are Dionaea, Glastopf and Honeytrap.
A couple of reboots did not resolve problem.
Eventually replace Glastopf with SNARE.
I installed mail package but in /var/log/cron nothing exists, the directory does not exist.
How can I make sure that the cronjob is running?
I used crontab -e to create a new crontab and at the end of the file, i.e after the comments section I wrote
0 * * * * logretreiver.sh
The tool Suricata used in T-Pot does it just labelling traffic using signatures and letting it pass or else stopping traffic in some way?
For my research I need all traffic to pass. If it is stopping some traffic, is there a way to let it all pass?
Thankyou
starting with 14.04 LTS releases will follow the biosdevname scheme.
Device Old Name New Name
Embedded NIC eth[0123โฆ] em[1234โฆ]
card NIC eth[0123โฆ] pp
since this should only occur on physical hardware you will not be able to reproduce this behavior in most VM environments.
this is a bug in docker, is fixed & merged in source and will be released soon.
https://github.com/docker/docker/blob/master/contrib/init/upstart/docker.conf
replace updated docker.conf in /etc/init/docker.conf for a quick fix.
update ALL upstart conf for containers, on test machine everything works fine so far.
ip =
Hello,
I understand that the honeypots are designed such that little to no configuration is necessary. DHCP is not enabled on my network; all VMs are assigned static IPs. Is it possible to assign individual IP addresses to the honeypots? Some of them need to be in the internal network and others in the DMZ.
Hi,
Lately, anytime I try to log in I get the following.
channel 2: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 4: open failed: connect failed: Connection refused
channel 5: open failed: connect failed: Connection refused
channel 6: open failed: connect failed: Connection refused
channel 7: open failed: connect failed: Connection refused
channel 2: open failed: connect failed: Connection refused
Requires a reboot to get back in which isn't ideal.
Is there a community forum that users can discuss issues etc? I like the project a lot and would like the opportunity to discuss stuff with other running it.
Cheers
Hi there,
Looking at the honeypot we set up now it seems as if there is data logging missing, can I get some help/insight on this? in the /data folder there is nothing besides the Suricata folder ( no kippo folder nothing, just one lone folder) and the dashboard looks like this:
Any insight would be appreciated!
We need housekeeping.
Hi,
I successfully installed the T-Pot 16.03 system with Ubuntu 14.04.4 LTS. I had windows OS installed with Symantec disk encryption in the same PC. But the problem is when I boot the TPot, the login screen appears and it denies the login:tsec password:tsec credentials. What can I do?
This is only optical, filtering is working perfectly fine.
The dashboard only needs to be saved again within Kibana with *
as filter.
Is there a way to read or access the information stored in sqlite:///db/glastopf.db?
I need more information as can be seen in Kibana in glastopf dashboard and not just the IP and dummy page as found in glastopf.log.
Thankyou
Hello,
I am installing t-pot in a VM and am at the point of "Configure Package Manager." However, I get the error message: Bad Archive Mirror. The ubuntu mirror hostname is archive.ubuntu.com and the mirror directory is /ubuntu. Has this changed? Or is there an alternative mirror that I can use?
Did some testing in VM, still needs testing on a NUC
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.