Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Airgapped installation support #1619

Closed
mattroot opened this issue Jul 18, 2024 · 3 comments
Closed

Airgapped installation support #1619

mattroot opened this issue Jul 18, 2024 · 3 comments
Labels
not planned

Comments

@mattroot
Copy link
Contributor

mattroot commented Jul 18, 2024
edited
Loading

Is your feature request related to a problem? Please describe.
Honeypots tend to be sometimes run in airgapped installations. This includes industrial environments, like factories. The main purpose in such setups is to detect potential intrusions of the network or to identify misbehaving devices.

Describe the solution you'd like
An official way to install, run and maintain a T-Pot installation (distributed or standalone) in an airgapped environment. This mainly consists of a detailed instruction and a few helpers and cleanups in the code.
This includes adding an instruction to set up a Docker registry, a git instance and possibly a distribution repository mirror for this purpose.

Describe alternatives you've considered
Basically, in this case one might configure a T-Pot instance outside of the airgapped setup and bring it in after deploying. This however creates some challenges when it comes to upgrades in the future.

Additional context
I have been running a similar setup for quite some time in such an environment, thus I can help with implementing it. If this is accepted, expect a few pull requests in the future regarding this issue, although those PRs might be irregular.
@github-actions github-actions bot added the no basic support info Please follow the guidelines so we can help label Jul 18, 2024
@t3chn0m4g3 t3chn0m4g3 added not planned and removed no basic support info Please follow the guidelines so we can help labels Jul 18, 2024
@t3chn0m4g3
Copy link
Member

t3chn0m4g3 commented Jul 18, 2024
edited
Loading

You can run T-Pot airgapped, when setting TPOT_PULL_POLICY=never in $HOME/tpotce/.env after installation.

From experience airgapped solutions tend to lack updates as a tedious amount of work and planning is necessary to keep the machines updated. By disabling the container check, setting up an OS mirror / a private container registry in the airgapped environment and a HIVE setup to receive SENSOR logs an airgapped install including central logging is possible today.

This is one of the best examples we had in mind with the introduction for T-Pot 24.04 to keep things as open as possible so adding the building blocks as necessary for individual setups just with a basic T-Pot 24.04 install.

With the design choices made to keep T-Pot more open, adding / changing the platform for setups that are expected to be highly individual by design, would focus work / maintenance too much on the platform rather than contributing to T-Pot's core, which are the honeypots and the deception experience.

@t3chn0m4g3 t3chn0m4g3 closed this as not planned Won't fix, can't repro, duplicate, stale Jul 18, 2024
@mattroot
Copy link
Contributor Author

There are a few places where those variables are hardcoded tho. I will try to spot them all and submit a PR.

@t3chn0m4g3
Copy link
Member

Thanks, making this modular in that regard is a good idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
not planned
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@t3chn0m4g3 @mattroot