-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1712 from telekom-security/24.04.1
Release T-Pot 24.04.1
- Loading branch information
Showing
134 changed files
with
4,004 additions
and
2,673 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
# Ignore data folder | ||
data/ | ||
_data/ | ||
**/.DS_Store | ||
.idea | ||
install_tpot.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,36 +1,46 @@ | ||
# Release Notes / Changelog | ||
T-Pot 24.04.0 marks probably the largest change in the history of the project. While most of the changes have been made to the underlying platform some changes will be standing out in particular - a T-Pot ISO image will no longer be provided with the benefit that T-Pot will now run on multiple Linux distributions (Alma Linux, Debian, Fedora, OpenSuse, Raspbian, Rocky Linux, Ubuntu), Raspberry Pi (optimized) and macOS / Windows (limited). | ||
T-Pot 24.04.1 brings significant updates and exciting new honeypot additions, especially the LLM-based honeypots **Beelzebub** and **Galah**! | ||
|
||
## New Features | ||
* **Distributed** Installation is now using NGINX reverse proxy instead of SSH to transmit **HIVE_SENSOR** logs to **HIVE** | ||
* **`deploy.sh`**, will make the deployment of sensor much easier and will automatically take care of the configuration. You only have to install the T-Pot sensor. | ||
* **T-Pot Init** is the foundation for running T-Pot on multiple Linux distributions and will also ensure to restart containers with failed healthchecks using **autoheal** | ||
* **T-Pot Installer** is now mostly Ansible based providing a universal playbook for the most common Linux distributions | ||
* **T-Pot Uninstaller** allows to uninstall T-Pot, while not recommended for general usage, this comes in handy for testing purposes | ||
* **T-Pot Customizer (`compose/customizer.py`)** is here to assist you in the creation of a customized `docker-compose.yml` | ||
* **T-Pot Landing Page** has been redesigned and simplified | ||
![T-Pot-WebUI](doc/tpotwebui.png) | ||
* **Kibana Dashboards, Objects** fully refreshed in favor of Lens based objects | ||
![Dashbaord](doc/kibana_a.png) | ||
* **Wordpot** is added as new addition to the available honeypots within T-Pot and will run on `tcp/8080` by default. | ||
* **Raspberry Pi** is now supported using a dedicated `mobile.yml` (why this is called mobile will be revealed soon!) | ||
* **GeoIP Attack Map** is now aware of connects / disconnects and thus eliminating required reloads | ||
* **Docker**, where possible, will now be installed directly from the Docker repositories to avoid any incompatibilities | ||
* **`.env`** now provides a single configuration file for the T-Pot related settings | ||
* **`genuser.sh`** can now be used to add new users to the T-Pot Landing Page as part of the T-Pot configuration file (`.env`) | ||
* **Beelzebub** (SSH) and **Galah** (HTTP) are the first LLM-based honeypots included in T-Pot (requires Ollama installation or a ChatGPT subscription). | ||
* **Go-Pot** a HTTP tarpit designed to maximize bot misery by slowly feeding them an infinite stream of fake secrets. | ||
* **Honeyaml** a configurable API server honeypot even supporting JWT-based HTTP bearer/token authentication. | ||
* **H0neytr4p** a HTTP/S honeypot capable of emulating vulnerabilities using configurable traps. | ||
* **Miniprint** a medium-interaction printer honeypot. | ||
|
||
## Updates | ||
* **Honeypots** and **tools** were updated to their latest pushed code and / or releases | ||
* Where possible Docker Images will now use Alpine 3.19 | ||
* Updates will be provided continuously through Docker Images updates | ||
* **Honeypots** were updated to their latest pushed code and / or releases. | ||
* **Editions** have been re-introduced. You can now additionally choose to install T-Pot as **Mini**, **LLM** and **Tarpit** edition. | ||
* **Attack Map** has been updated to 2.2.6 including support for all new honeypots. | ||
* **Elastic Stack** has been upgrade to 8.16.1. | ||
* **Cyberchef** has been updated to the latest release. | ||
* **Elasticvue** has been updated to 1.1.0. | ||
* **Suricata** has been updated to 7.0.7, now supporting JA4 hashes. | ||
* Most honeypots now use **PyInstaller** (for Python) and **Scratch** (for Go) to minimize Docker image sizes. | ||
* All new honeypots have been integrated with **Kibana**, featuring dedicated dashboards and visualizations. | ||
* **Github Container Registry** is now the default container registry for the T-Pot configuration file `.env`. | ||
* Compatibility tested with **Alma 9.5**, **Fedora 41**, **Rocky 9.5**, and **Ubuntu 24.04.1**, with updated supported ISO links. | ||
* Docker images now use **Alpine 3.20** or **Scratch** wherever possible. | ||
* Updates for `24.04.1` images will be provided continuously through Docker image updates. | ||
* **Ddospot** has been moved from the Hive / Sensor installation to the Tarpit installation. | ||
|
||
## Breaking Changes | ||
* There is no option to migrate a previous installation to T-Pot 24.04.0, you can try to transfer the old `data` folder to the new T-Pot installation, but a working environment depends on too many other factors outside of our control and a new installation is simply faster. | ||
* Most of the support scripts were moved into the **T-Pot Init** image and are no longer available directly on the host. | ||
* Cockpit is no longer available as part of T-Pot itself. However, where supported, you can simply install the `cockpit` package. | ||
## Breaking Changes | ||
### NGINX | ||
- The container no longer runs in host mode, requiring changes to the `docker-compose.yml` and related services. | ||
- To avoid confusion and downtime, the `24.04.1` tag for Docker images has been introduced. | ||
- **Important**: Actively update T-Pot as described in the [README](https://github.com/telekom-security/tpotce/blob/master/README.md). | ||
- **Deprecation Notice**: The `24.04` tagged images will no longer be maintained and will be removed by **2025-01-31**. | ||
|
||
# Thanks & Credits | ||
* @sp3t3rs, @trixam, for their backend and ews support! | ||
* @shark4ce for taking the time to test, debug and offer a solution #1472. | ||
### Suricata | ||
- Capture filters have been updated to exclude broadcast, multicast, NetBIOS, IGMP, and MDNS traffic. | ||
|
||
... and many others from the T-Pot community by opening valued issues and discussions, suggesting ideas and thus helping to improve T-Pot! | ||
## Thanks & Credits | ||
A heartfelt thank you to the contributors who made this release possible: | ||
* @elivlo, @mancasa, koalafiedTroll, @trixam, for their backend and ews support! | ||
* @mariocandela for his work and updates on Beelzebub based on our discussions! | ||
* @ryanolee for approaching us and adding valuable features to go-pot based on our discussions! | ||
* @neon-ninja for the work on #1661! | ||
* @sarkoziadam for the work on #1643! | ||
* @glaslos for the work on #1538! | ||
|
||
… and to the entire T-Pot community for opening issues, sharing ideas, and helping improve T-Pot! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.