ansible-role-tpotce
This role is an ansible implementation of the t-pot installer script. It is limited to a sensor only configuration.
Role Variables
honeypot_list
Use this variable to specify which t-pot honeypots you want deployed to the system. The default settings specify the following honeypots:
ciscoasa
adbhoney
conpot
cowrie
dionaea
honeypy
glutton
heralding
mailoney
medpot
p0f
rdpy
suricata
tanner
fatt
You may choose from any of the following:
ciscoasa
adbhoney
conpot
cowrie
dicompot
dionaea
elasticpot
honeypy
honeysap
ipphoney
glutton
honeytrap
heralding
mailoney
medpot
p0f
rdpy
suricata
tanner
fatt
citrixhoneypot
The glutton
and honeytrap
honeypots can't be used on the same system.
logrotate_days
Use this variable to specify the number of days that logs are retained on the sensor. The default value is 30 days. Depending on the disk size of the honeypot and activity it receives, this value may require adjustment to prevent exhausting disk space.
Filebeat
If you would like to make use of filebeat to send your logs to logstash you need to run the honeynet/ansible-role-tpotce-filebeat role in addition to this one. You will need to add filebeat
to the honeypot_list
var.
filebeat_version
Use this variable to specify what version of filebeat you would like to use. The following are supported.
- 7.12.0
- 7.11.2
- 7.11.1
- 7.11.0
- 7.10.1
- 7.10.0
- 7.9.3
- 7.9.2
- 7.9.1
- 7.9.0
- 7.8.1
- 7.8.0
- 7.7.1
- 7.7.0
- 7.6.2
- 7.6.1
- 7.5.2
- 7.4.2
- 7.3.2
- 7.2.1
- 7.1.1
- 7.0.1
Example Playbook
- hosts: all
become: true
roles:
- ansible-role-tpotce
License
The role is licensed under GPLv3