T-Pot 19.03蜜罐的安装记录

最新推荐文章于 2025-06-02 21:09:38 发布

原创最新推荐文章于 2025-06-02 21:09:38 发布 · 4.7k 阅读

11 ·

CC 4.0 BY-SA版权

Linux 同时被 3 个专栏收录

49 篇文章

订阅专栏

系统设置

35 篇文章

订阅专栏

网络安全知识

28 篇文章

订阅专栏

本文详细记录了T-Pot19.03版本在Debian9.7环境下的部署过程，包括解决安装中遇到的各种问题，如ISO镜像创建、内核版本锁定、SSH端口更改等，并分享了服务器管理界面登录技巧。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

环境需求：T-Pot 19.03 runs on Debian 9.7 or newer as host system (others may work, but remain untested)

6-8GRAM 128G磁盘空间

真实环境：Debian9.9

apt-get install screen

screen -S sessionName

Media change: please insert the disc labeled
 'Debian GNU/Linux 9.4.0 _Stretch_ - Official amd64 DVD Binary-1 20180310-11:21'
in the drive '/media/cdrom/' and press [Enter]
当没有时就无法进行安装了， 这时可以打开文件/etc/apt/sources.list文件，注释掉cdrom那一行
然后再执行apt-get update更新下deb仓库，
这样以后再使用apt-get安装时就不会再搜寻cdrom了

apt-get upgrade

apt-get install git

apt-get install sudo

官方提供了三种安装方式

git clone https://github.com/dtag-dev-sec/tpotce
cd tpotce
sudo ./makeiso.sh

之后按照提示操作在当前目录下你会得到一个tpot.iso文件

fdisk -l

Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0974dfc7

Device     Boot Start   End Sectors Size Id Type
/dev/sda1  *        0 67583   67584  33M 17 Hidden HPFS/NTFS


Disk /dev/sdb: 223.6 GiB, 240057409536 bytes, 468862128 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x244306fc

Device     Boot Start   End Sectors Size Id Type
/dev/sdb1  *        0 67583   67584  33M 17 Hidden HPFS/NTFS


mount /dev/sdb1 /mnt
mount -t iso9660 -o loop /root/tpotce/tpot.iso /media/cdrom/

apt-cdrom -m -d /media/cdrom/ add
apt-get update

apt-get upgrade

Post-Install User

In some cases it is necessary to install Debian 9.7 (Stretch) on your own:

Cloud provider does not offer mounting ISO images.
Hardware setup needs special drivers and / or kernels.
Within your company you have to setup special policies, software etc.
You just like to stay on top of things.

The T-Pot Universal Installer will upgrade the system to Debian (Sid) and install all required T-Pot dependencies.

Just follow these steps:

git clone https://github.com/dtag-dev-sec/tpotce
cd tpotce/iso/installer/
./install.sh --type=user

The installer will now start and guideyou through the install process.

3.自动化安装：Post-Install Auto

You can also let the installer run automatically if you provide your own tpot.conf. An example is available in tpotce/iso/installer/tpot.conf.dist. This should make things easier in case you want to automate the installation i.e. with Ansible.

Just follow these steps while adjusting tpot.conf to your needs:

git clone https://github.com/dtag-dev-sec/tpotce
cd tpotce/iso/installer/
cp tpot.conf.dist tpot.conf
./install.sh --type=auto --conf=tpot.conf

出错：
Aborting. Debian buster is not supported.

妈蛋，服务商没有debian9.7的系统，需要提供iso重装系统再试试，

创建ISO镜像要求:

Debian 9.7 or newer as host system (others may work, but remain untested)
4GB of free memory
32GB of free storage
A working internet connection

debian9.9也是可以安装的，debian10就安装不了

跟服务商提了提，他答应安装debian9.7，结果安装了个9.2，我将就着试试，

安装了之后:

[MAIN]
ip =**.**.**.**
MY_EXTIP=**.**.**.**
MY_INTIP=**.**.**.**
MY_HOSTNAME=likemethodology
./install.sh: line 188: toilet: command not found
./install.sh: line 847: apt-fast: command not found
./install.sh: line 848: apt-fast: command not found
Done. Please reboot.
root@debian:~/tpotce/iso/installer#

当时没安装apt-fast，直接重启了，结果连不上ssh了，

无奈叫服务商再重装系统，估计服务商已经在网络那边艹了千百遍了吧

还是打算先本地实战，下载debian9.7的iso：

从最小光盘进行网络安装：包含安装程序及一小组可以安装（非常）基本系统的软件包

https://cdimage.debian.org/mirror/cdimage/archive/9.7.0/amd64/iso-cd/

CD 映像:https://cdimage.debian.org/mirror/cdimage/archive/9.7.0/amd64/iso-cd/debian-9.7.0-amd64-xfce-CD-1.iso

DVD:https://cdimage.debian.org/mirror/cdimage/archive/9.7.0/amd64/iso-dvd/debian-9.7.0-amd64-DVD-1.iso

本地虚拟机搭建起来，经过漫长等待，debian安装好了

然后重新安装t-pot，又是一阵漫长等待

结果没安装好，系统变成了debian10...

妈的，创建快照很重要，可惜我没有创建，

内核降级没成功，只好重装再来过

后来用镜像安装，关闭虚拟机，开机加载tpot.iso，或者用自动安装指令也可以。

然后出现图形界面选项配置，配置好了之后经过一段漫长（挂机一天）的等待才安装好

安装好之后，ssh端口不再是默认的22，变成了64295

web管理界面：https://[IP]:64297

服务器管理界面：https://[IP]:64294

安装的时候使用一些监测：

重启后连上去：

遇到的其他问题：

[root@tightoctavo:~]# dps.sh
========| System |========
    Date:  Sun 09 Jun 2019 11:01:03 AM CST
  Uptime:  11:01:03 up  7:33,  2 users,  load average: 0.03, 0.02, 0.00

NAME                  STATUS                       PORTS
adbhoney              DOWN
ciscoasa              DOWN
conpot_guardian_ast   DOWN
conpot_iec104         DOWN
conpot_ipmi           DOWN
conpot_kamstrup_382   DOWN
cowrie                DOWN
cyberchef             DOWN
dionaea               DOWN
elasticpot            DOWN
elasticsearch         DOWN
ewsposter             DOWN
head                  DOWN
heralding             DOWN
honeytrap             DOWN
kibana                DOWN
logstash              DOWN
mailoney              DOWN
medpot                DOWN
nginx                 DOWN
p0f                   DOWN
rdpy                  DOWN
snare                 DOWN
spiderfoot            DOWN
suricata              DOWN
tanner                DOWN
tanner_api            DOWN
tanner_phpox          DOWN
tanner_redis          DOWN
tanner_web            DOWN

[root@tightoctavo:~]# sudo su -
[root@tightoctavo:~]# cd /opt/tpot/
[root@tightoctavo:/opt/tpot]# ./update.sh -y

### Checking for Release ID
### Checking for version tag ...
###### 19.03.0 is eligible for the update procedure. [ OK ]

### Checking for T-Pot configuration file ...
###### /opt/tpot/etc/tpot.yml [ OK ]

### Now checking availability of ...
###### https://index.docker.io [ OK ]
###### https://github.com [ OK ]
###### https://pypi.python.org [ OK ]
###### https://debian.org [ OK ]

### Need to stop T-Pot ...
######  Now stopping T-Pot. Failed to stop tpot.service: Unit tpot.service not loaded.
 [ NOT OK ]
###### Could not stop T-Pot. [ NOT OK ]
Exiting.

[root@tightoctavo:/opt/tpot]#

下载缺失容器

cd /opt/tpot/etc/compose
for i in `cat ./standard.yml | grep image | cut -d '"' -f2 | uniq`
do 
    docker pull $i
done

启动容器

cd /opt/tpot/etc/compose
docker-compose -f ./standard.yml
#如果安装别的模式yml用相应版本的
#如果部分没有成功下载，可以手动下载

[root@tightoctavo:~]# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 10 (buster)
Release:        10
Codename:       buster


系统还是变成10了，锁不住内核
删除检测版本验证
cd tpot/iso/installer/
sed -i "s/if \[ \"\$myLSB\" \!=.*/if \[ 1 \!= 1\]\;/" install.sh

服务器管理界面：https://[IP]:64294
这个登录账号密码，如果用iso安装会提示你设置，账号是tsec，
如果用指令安装，没见要设置这个账号的密码，
我用了root或者配置的账号都登录不上，
然后手动添加一个用户才登录上去：
# sudo su
# adduser thetpot
Adding user `thetpot' ...
Adding new group `thetpot' (1001) ...
Adding new user `thetpot' (1001) with group `thetpot' ...
Creating home directory `/home/thetpot' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for thetpot
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n]

# usermod -aG sudo fuckthetpot
# su - thetpot
thetpot@hostname:~$

参考：

开源蜜罐T-pot 19.03安装和使用

T-Pot18.11的安装与使用 https://www.freebuf.com/news/193347.html

T-Pot 16.10 - Multi-Honeypot Platform Redefined

T-POT 蜜罐安装教程 T-Pot16.10

在GCP云端安装T-Pot蜜罐

GitHub项目：https://github.com/dtag-dev-sec/tpotce

GitHub项目镜像包：https://github.com/dtag-dev-sec/tpotce/releases