-
Notifications
You must be signed in to change notification settings - Fork 1
/
env.example
138 lines (115 loc) · 7.59 KB
/
env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# CyberPot config file. Do not remove.
###############################################
# CyberPot Base Settings - Adjust to your needs. #
###############################################
# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
# <empty>: This is the default
# <base64 encoded htpasswd usernames / passwords>:
# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy CyberPot, run 'install.sh' to automatically add a user during installation, or 'genuser.sh' if you just want to add a web user.
# Example: 'htpasswd -n -b "cpot" "cpot" | base64 -w0' will print Y3BvdDokYXByMSR6NXhpTy9rbCRsLlZHd3k3U2EzNi9xT1J6UUJZU3QvCgo=
# Copy the string and replace WEB_USER= Y3BvdDokYXByMSR6NXhpTy9rbCRsLlZHd3k3U2EzNi9xT1J6UUJZU3QvCgo=
# Multiple users are possible:
# WEB_USER= Y3BvdDokYXByMSR6NXhpTy9rbCRsLlZHd3k3U2EzNi9xT1J6UUJZU3QvCgo= dHNlYzokYXByMSR6VUFHVWdmOCRROXI3a09CTjFjY3lCeU1DTloyanEvCgo=
WEB_USER=
# Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd.
# The Lostsash Web usernames are used for CyberPot log ingestion via Logstash, each sensor should have its own user.
# <empty>: This is empty by default.
# <'htpasswd encoded usernames / passwords'>:
# Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the LS_WEB_USER if you want to manually deploy the sensor.
# Example: 'htpasswd -n -b "sensor" "sensor" | base64 -w0' will print c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
# Copy the string and replace / add LS_WEB_USER=c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
# Multiple users are possible:
# LS_WEB_USER=c2Vuc29yMTokYXByMSQ5aXhNRk5yMCR6d3F2dGFwQ2x0cFBhU1pqMm9ZemYxCgo= c2Vuc29yMjokYXByMSRtYTlOS1J2NCQvU3dsVVBMeW5RaVIyM3pyWVAzOUkwCgo=
LS_WEB_USER=
# CyberPot Blackhole
# ENABLED: CyberPot will download a db of known mass scanners and nullroute them.
# Be aware, this will put CyberPot off the map for stealth reasons and
# you will get less traffic. Routes will be active until next reboot
# and will be re-added with every CyberPot start until disabled.
# DISABLED: This is the default and no stealth efforts are in place.
CYBERPOT_BLACKHOLE=DISABLED
# CyberPot Persistence
# on: This is the default. CyberPot will keep the honeypot logfiles and rotate
# with logrotate for 30 days.
# off: This is recommended for Raspberry Pi or setups with weaker CPUs or
# if you just do not need any of the logfiles.
CYBERPOT_PERSISTENCE=on
# CyberPot Type
# HIVE: This is the default and offers everything to connect CyberPot sensors.
# SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
# settings as well.
# 1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
# 2. From HIVE host you will need to copy ~/cyberpot/data/nginx/cert/nginx.crt to
# your SENSOR host to ~/cyberpot/data/hive.crt
# 3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
# Create credentials with 'htpasswd ~/cyberpot/data/nginx/conf/lswebpasswd <username>'
# 4. On SENSOR: Provide username / password from (3) for CYBERPOT_HIVE_USER as base64 encoded string:
# "echo -n 'username:password' | base64 -w0"
# MOBILE: This will set the correct type for CyberPot Mobile (https://github.com/khulnasoft/cyberpotmobile)
CYBERPOT_TYPE=HIVE
# CyberPot Hive User (only relevant for SENSOR deployment)
# <empty>: This is empty by default.
# <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64 -w0"
# i.e. CYBERPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
CYBERPOT_HIVE_USER=
# Logstash Sensor SSL verfication (only relevant on SENSOR hosts)
# full: This is the default. Logstash, by default, verifies the complete certificate chain for ssl certificates.
# This also includes the FQDN and sANs. By default CyberPot will only generate a self-signed certificate which
# contains a sAN for the HIVE IP. In scenario where the HIVE needs to be accessed via Internet, maybe with
# a different NAT address, a new certificate needs to be generated before deployment that includes all the
# IPs and FQDNs as sANs for logstash successfully establishing a connection to the HIVE for transmitting
# logs. Details here: https://github.com/khulnasoft/cyberpot?tab=readme-ov-file#distributed-deployment
# none: This setting will disable the ssl verification check of logstash and should only be used in a testing
# environment where IPs often change. It is not recommended for a production environment where trust between
# HIVE and SENSOR is only established through a self signed certificate.
LS_SSL_VERIFICATION=full
# CyberPot Hive IP (only relevant for SENSOR deployment)
# <empty>: This is empty by default.
# <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
CYBERPOT_HIVE_IP=
# CyberPot AttackMap Text Output
# ENABLED: This is the default and the docker container map_data will print events to the console.
# DISABLED: Printing events to the console is disabled.
CYBERPOT_ATTACKMAP_TEXT=ENABLED
# CyberPot AttackMap Text Output Timezone
# UTC: (CyberPot default) This is usually the best option.
# Continent/City: In Linux you can check our timezone with `readlink` /etc/localtime or
# see the full list here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
# Examples: America/New_York, Asia/Taipei, Australia/Melbourne, Europe/Athens, Europe/Berlin
CYBERPOT_ATTACKMAP_TEXT_TIMEZONE=UTC
###################################################################################
# Honeypots / Tools settings
###################################################################################
# Some services / tools offer adjustments using ENVs which can be adjusted here.
###################################################################################
# Suricata ET Pro ruleset
# OPEN: This is the default and will the ET Open ruleset
# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
OINKCODE=OPEN
###################################################################################
# NEVER MAKE CHANGES TO THIS SECTION UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!!! #
###################################################################################
# docker.sock Path
CYBERPOT_DOCKER_SOCK=/var/run/docker.sock
# docker compose .env
CYBERPOT_DOCKER_ENV=./.env
# Docker-Compose file
CYBERPOT_DOCKER_COMPOSE=./docker-compose.yml
# CyberPot Docker Repo
# Depending on where you are located you may choose between DockerHub and GHCR
# khulnasoft: This will use the DockerHub image registry
# ghcr.io/khulnasoft: This will use the GitHub container registry
CYBERPOT_REPO=khulnasoft
# CyberPot Version Tag
CYBERPOT_VERSION=24.04
# CyberPot Pull Policy
# always: (CyberPot default) Compose implementations SHOULD always pull the image from the registry.
# never: Compose implementations SHOULD NOT pull the image from a registry and SHOULD rely on the platform cached image.
# missing: Compose implementations SHOULD pull the image only if it's not available in the platform cache.
# build: Compose implementations SHOULD build the image. Compose implementations SHOULD rebuild the image if already present.
CYBERPOT_PULL_POLICY=always
# CyberPot Data Path
CYBERPOT_DATA_PATH=./data
# OSType (linux, mac, win)
# Most docker features are available on linux
CYBERPOT_OSTYPE=linux