cody-eding/ansible-tpot-vultr

A set of Ansible plays to deploy/collect data from/destory the T-Pot honeypot software on Vultr's cloud infrastructure.

ansible-tpot-vultr

A set of Ansible plays to deploy/collect/destroy the T-Pot honeypot software on Vultr's cloud infrastructure.
Report Bug · Request Feature

Table of Contents

• Built With
• Getting Started
  • Prerequisites
  • Installation
• Usage
• Contributing
• License
• Contact
• Acknowledgements

Built With/On

• Ansible
• T-Pot
• Vultr
• Atom

Getting Started

To get a local copy up and running follow these simple steps.

Prerequisites

As this is an Ansible playbook, Ansible is required to be installed on a control machine. Ansible is available for almost every platform.

This playbook was developed using Ansible 2.11.5 on Mac OS X. It should run on any platform capable of supporting Ansible.

The following must be completed before running the playbook:

• Accounts must exist at Vultr and Cloudflare.
• Have a registered domain and setup Cloudflare DNS.
• Obtain API keys/token with proper privileges for Vultr and Cloudflare. The Cloudflare token should have privileges to update your registered DNS zone.
• Setup public/private keys for Vultr instances.

Installation

1. Clone the ansible-tpot-vultr repository:

git clone https://github.com/edingc/ansible-tpot-vultr.git

2. Configure settings.yml with the necessary information.

3. Run the Ansible playbook:

ansible-playbook deploy.yml

Usage

After the playbook has been run, T-Pot will have been deployed and started in the selected Vultr regions. It can be accessed through the methods described in the T-Pot README.

The playbook automatically creates an Ansible hosts file for later use:

[tpots]
newjersey.cloudappz.xyz:64295 name=newjersey
losangeles.cloudappz.xyz:64295 name=losangeles

To collect data from the honeypots, you can dump the Elasticsearch logs using the provided play:

ansible-playbook -i vultr_hosts dump_es.yml

The servers and DNS entries can be removed:

ansible-playbook destroy.yml

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

1. Fork the Project.
2. Create your Feature Branch (git checkout -b feature/AmazingFeature).
3. Commit your Changes (git commit -m 'Add some AmazingFeature').
4. Push to the Branch (git push origin feature/AmazingFeature).
5. Open a Pull Request.

License

Distributed under the MIT License. See LICENSE for more information.

Contact

Your Name - @edingc - cody@codyeding.com

Project Link: https://github.com/edingc/ansible-tpot-vultr

Acknowledgements

• Telekom Security for the T-Pot software.
• Othneil Drew for the great README.md template.
• Numerous other websites, Google searches and StackOverflow posts that yielded individual bits and bobs necessary to get Ansible, Vultr, Cloudflare and T-Pot working together.