Changes to be committed:

.env

@@ -0,0 +1,138 @@
+# CyberPot config file. Do not remove.
+
+###############################################
+# CyberPot Base Settings - Adjust to your needs. #
+###############################################
+
+# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
+#  <empty>: This is the default
+#  <base64 encoded htpasswd usernames / passwords>:
+#   Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy CyberPot, run 'install.sh' to automatically add a user during installation, or 'genuser.sh' if you just want to add a web user.
+#   Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
+#   Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
+#   Multiple users are possible:
+#   WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= dHNlYzokYXByMSR6VUFHVWdmOCRROXI3a09CTjFjY3lCeU1DTloyanEvCgo=
+WEB_USER=CyberPot
+
+# Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd.
+# The Lostsash Web usernames are used for CyberPot log ingestion via Logstash, each sensor should have its own user.
+#  <empty>: This is empty by default.
+#  <'htpasswd encoded usernames / passwords'>:
+#   Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the LS_WEB_USER if you want to manually deploy the sensor.
+#   Example: 'htpasswd -n -b "sensor" "sensor" | base64 -w0' will print c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
+#   Copy the string and replace / add LS_WEB_USER=c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
+#   Multiple users are possible:
+#   LS_WEB_USER=c2Vuc29yMTokYXByMSQ5aXhNRk5yMCR6d3F2dGFwQ2x0cFBhU1pqMm9ZemYxCgo= c2Vuc29yMjokYXByMSRtYTlOS1J2NCQvU3dsVVBMeW5RaVIyM3pyWVAzOUkwCgo=
+LS_WEB_USER=Q3liZXJQb3Q6JGFwcjEkczVldDc3b0skSldCSy9FNC8xVHN0TFRtU3A3ZmdmLg==
+
+# CyberPot Blackhole
+#  ENABLED: CyberPot will download a db of known mass scanners and nullroute them.
+#           Be aware, this will put CyberPot off the map for stealth reasons and
+#           you will get less traffic. Routes will be active until next reboot
+#           and will be re-added with every CyberPot start until disabled.
+#  DISABLED: This is the default and no stealth efforts are in place.
+CYBERPOT_BLACKHOLE=DISABLED
+
+# CyberPot Persistence
+#  on: This is the default. CyberPot will keep the honeypot logfiles and rotate
+#      with logrotate for 30 days.
+#  off: This is recommended for Raspberry Pi or setups with weaker CPUs or
+#       if you just do not need any of the logfiles.
+CYBERPOT_PERSISTENCE=on
+
+# CyberPot Type
+#  HIVE: This is the default and offers everything to connect CyberPot sensors.
+#  SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
+#          settings as well.
+#          1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
+#          2. From HIVE host you will need to copy ~/cyberpot/data/nginx/cert/nginx.crt to
+#             your SENSOR host to ~/cyberpot/data/hive.crt
+#          3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
+#             Create credentials with 'htpasswd ~/cyberpot/data/nginx/conf/lswebpasswd <username>'
+#          4. On SENSOR: Provide username / password from (3) for CYBERPOT_HIVE_USER as base64 encoded string:
+#                        "echo -n 'username:password' | base64 -w0"
+#  MOBILE: This will set the correct type for CyberPot Mobile (https://github.com/khulnasoft/cyberpotmobile)
+CYBERPOT_TYPE=HIVE
+
+# CyberPot Hive User (only relevant for SENSOR deployment)
+#  <empty>: This is empty by default.
+#  <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64 -w0"
+#                           i.e. CYBERPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
+CYBERPOT_HIVE_USER=
+
+# Logstash Sensor SSL verfication (only relevant on SENSOR hosts)
+# full: This is the default. Logstash, by default, verifies the complete certificate chain for ssl certificates.
+#       This also includes the FQDN and sANs. By default CyberPot will only generate a self-signed certificate which
+#       contains a sAN for the HIVE IP. In scenario where the HIVE needs to be accessed via Internet, maybe with
+#       a different NAT address, a new certificate needs to be generated before deployment that includes all the
+#       IPs and FQDNs as sANs for logstash successfully establishing a connection to the HIVE for transmitting
+#       logs. Details here: https://github.com/khulnasoft/cyberpot?tab=readme-ov-file#distributed-deployment
+# none: This setting will disable the ssl verification check of logstash and should only be used in a testing
+#       environment where IPs often change. It is not recommended for a production environment where trust between
+#       HIVE and SENSOR is only established through a self signed certificate. 
+LS_SSL_VERIFICATION=full
+
+# CyberPot Hive IP (only relevant for SENSOR deployment)
+#  <empty>: This is empty by default.
+#  <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
+CYBERPOT_HIVE_IP=
+
+# CyberPot AttackMap Text Output
+#  ENABLED: This is the default and the docker container map_data will print events to the console.
+#  DISABLED: Printing events to the console is disabled.
+CYBERPOT_ATTACKMAP_TEXT=ENABLED
+
+# CyberPot AttackMap Text Output Timezone
+#  UTC: (CyberPot default) This is usually the best option.
+#  Continent/City: In Linux you can check our timezone with `readlink` /etc/localtime or
+#                  see the full list here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+#  Examples: America/New_York, Asia/Taipei, Australia/Melbourne, Europe/Athens, Europe/Berlin
+CYBERPOT_ATTACKMAP_TEXT_TIMEZONE=UTC
+
+###################################################################################
+# Honeypots / Tools settings
+###################################################################################
+# Some services / tools offer adjustments using ENVs which can be adjusted here.
+###################################################################################
+
+# Suricata ET Pro ruleset
+#  OPEN: This is the default and will the ET Open ruleset
+#  OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
+OINKCODE=OPEN
+
+
+###################################################################################
+# NEVER MAKE CHANGES TO THIS SECTION UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!!! #
+###################################################################################
+
+# docker.sock Path
+CYBERPOT_DOCKER_SOCK=/var/run/docker.sock
+
+# docker compose .env
+CYBERPOT_DOCKER_ENV=./.env
+
+# Docker-Compose file
+CYBERPOT_DOCKER_COMPOSE=./docker-compose.yml
+
+# CyberPot Docker Repo
+#  Depending on where you are located you may choose between DockerHub and GHCR
+#  khulnasoft: This will use the DockerHub image registry
+#  ghcr.io/telekom-security: This will use the GitHub container registry
+CYBERPOT_REPO=khulnasoft
+
+# CyberPot Version Tag
+CYBERPOT_VERSION=24.04
+
+# CyberPot Pull Policy
+#  always: (CyberPot default) Compose implementations SHOULD always pull the image from the registry.
+#  never: Compose implementations SHOULD NOT pull the image from a registry and SHOULD rely on the platform cached image.
+#  missing: Compose implementations SHOULD pull the image only if it's not available in the platform cache.
+#  build: Compose implementations SHOULD build the image. Compose implementations SHOULD rebuild the image if already present.
+CYBERPOT_PULL_POLICY=always
+
+# CyberPot Data Path
+CYBERPOT_DATA_PATH=./data
+
+# OSType (linux, mac, win)
+#  Most docker features are available on linux
+CYBERPOT_OSTYPE=linux

.github/ISSUE_TEMPLATE/bug-report-for-cyberpot.md

@@ -0,0 +1,47 @@
+---
+name: Bug report for CyberPot 24.04.x
+about: Bug report for CyberPot 24.04.x
+title: ""
+labels: ""
+assignees: ""
+---
+
+# Ask CyberPot Assistant
+
+- 🤖 Ask [CyberPot Assistant (beta)](https://chatgpt.com/g/g-67OJ5idsQ-cyberpot-assistant-beta) if you have not read the documentation yet and do not intent to do so (#1564)
+
+# Successfully raise an issue
+
+Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
+
+- 🔍 Use the [search function](https://github.com/dtag-dev-sec/cyberpot/issues?utf8=%E2%9C%93&q=) first
+- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/cyberpot/wiki) and the [discussions](https://github.com/khulnasoft/cyberpot/discussions)
+- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [CyberPot Readme](https://github.com/dtag-dev-sec/cyberpot/blob/master/README.md).
+- ⚙️ The [Troubleshoot Section](https://github.com/khulnasoft/cyberpot?tab=readme-ov-file#troubleshooting) of the [CyberPot Readme](https://github.com/dtag-dev-sec/cyberpot/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
+- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
+
+# ⚠️ Basic support information (commands are expected to run as `root`)
+
+**We happily take the time to improve CyberPot and take care of things, but we need you to take the time to create an issue that provides us with all the information we need.**
+
+- What OS are you CyberPot running on?
+- What is the version of the OS `lsb_release -a` and `uname -a`?
+- What CyberPot version are you currently using (only **CyberPot 24.04.x** is currently supported)?
+- What architecture are you running on (i.e. hardware, cloud, VM, etc.)?
+- Review the `~/install_cyberpot.log`, attach the log and highlight the errors.
+- How long has your installation been running?
+  - If it is a fresh install consult the documentation first.
+  - Most likely it is a port conflict or a remote dependency was unavailable.
+  - Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described [here](#how-to-raise-an-issue).
+- Did you install upgrades, packages or use the update script?
+- Did you modify any scripts or configs? If yes, please attach the changes.
+- Please provide a screenshot of `htop` and `docker stats`.
+- How much free disk space is available (`df -h`)?
+- What is the current container status (`dps`)?
+- On Linux: What is the status of the CyberPot service (`systemctl status cyberpot`)?
+- What ports are being occupied? Stop CyberPot `systemctl stop cyberpot` and run `grc netstat -tulpen`
+  - Stop CyberPot `systemctl stop cyberpot`
+  - Run `grc netstat -tulpen`
+  - Run CyberPot manually with `docker compose -f ~/cyberpot/docker-compose.yml up` and check for errors
+  - Stop execution with `CTRL-C` and `docker compose -f ~/cyberpot/docker-compose.yml down -v`
+- If a single container shows as `DOWN` you can run `docker logs <container-name>` for the latest log entries

.github/ISSUE_TEMPLATE/feature-request-for-cyberpot.md

@@ -0,0 +1,19 @@
+---
+name: Feature request for CyberPot 24.04.x
+about: Suggest an idea for CyberPot 24.04.x
+title: ""
+labels: ""
+assignees: ""
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/general-issue-for-cyberpot.md

@@ -1,37 +1,47 @@
 ---
-name: General issue for CyberPot
-about: General issue for CyberPot
-title: ''
-labels: ''
-assignees: ''
-
+name: General issue for CyberPot 24.04.x
+about: General issue for CyberPot 24.04.x
+title: ""
+labels: ""
+assignees: ""
 ---
 
-🗨️ Please post your questions in [Discussions](https://github.com/khulnasoft/cyberpot/discussions) and keep the issues for **issues**. Thank you 😁.<br>
+# Ask CyberPot Assistant
+
+- 🤖 Ask [CyberPot Assistant (beta)](https://chatgpt.com/g/g-67OJ5idsQ-cyberpot-assistant-beta) if you have not read the documentation yet and do not intent to do so (#1564)
+
+# Successfully raise an issue
 
-Before you post your issue make sure it has not been answered yet and provide `basic support information` if you come to the conclusion it is a new issue.
+Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
 
-- 📚 Consult the documentation of 💻 [Debian](https://www.debian.org/doc/), 🐳 [Docker](https://docs.docker.com/), the 🦌 [ELK stack](https://www.elastic.co/guide/index.html) and the 🍯 [CyberPot Readme](https://github.com/dtag-dev-sec/cyberpot/blob/master/README.md).
-- **⚠️ Provide [basic support information](#info) or similiar information with regard to your issue or we can not help you and will close the issue without further notice**
+- 🔍 Use the [search function](https://github.com/dtag-dev-sec/cyberpot/issues?utf8=%E2%9C%93&q=) first
+- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/cyberpot/wiki) and the [discussions](https://github.com/khulnasoft/cyberpot/discussions)
+- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [CyberPot Readme](https://github.com/dtag-dev-sec/cyberpot/blob/master/README.md).
+- ⚙️ The [Troubleshoot Section](https://github.com/khulnasoft/cyberpot?tab=readme-ov-file#troubleshooting) of the [CyberPot Readme](https://github.com/dtag-dev-sec/cyberpot/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
+- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
 
-<br>
-<br>
-<br>
+# ⚠️ Basic support information (commands are expected to run as `root`)
 
-<a name="info"></a>
-## ⚠️ Basic support information (commands are expected to run as `root`)
+**We happily take the time to improve CyberPot and take care of things, but we need you to take the time to create an issue that provides us with all the information we need.**
 
-- What version of the OS are you currently using `lsb_release -a` and `uname -a`?
-- What CyberPot version are you currently using?
-- What edition (Standard, Nextgen, etc.) of CyberPot are you running?
+- What OS are you CyberPot running on?
+- What is the version of the OS `lsb_release -a` and `uname -a`?
+- What CyberPot version are you currently using (only **CyberPot 24.04.x** is currently supported)?
 - What architecture are you running on (i.e. hardware, cloud, VM, etc.)?
-- Did you have any problems during the install? If yes, please attach `/install.log` `/install.err`.
+- Review the `~/install_cyberpot.log`, attach the log and highlight the errors.
 - How long has your installation been running?
+  - If it is a fresh install consult the documentation first.
+  - Most likely it is a port conflict or a remote dependency was unavailable.
+  - Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described [here](#how-to-raise-an-issue).
 - Did you install upgrades, packages or use the update script?
 - Did you modify any scripts or configs? If yes, please attach the changes.
-- Please provide a screenshot of `glances` and `htop`.
+- Please provide a screenshot of `htop` and `docker stats`.
 - How much free disk space is available (`df -h`)?
-- What is the current container status (`dps.sh`)?
-- What is the status of the CyberPot service (`systemctl status cyberpot`)?
-- What ports are being occupied? Stop CyberPot `systemctl stop cyberpot` and run `netstat -tulpen`
+- What is the current container status (`dps`)?
+- On Linux: What is the status of the CyberPot service (`systemctl status cyberpot`)?
+- What ports are being occupied? Stop CyberPot `systemctl stop cyberpot` and run `grc netstat -tulpen`
+  - Stop CyberPot `systemctl stop cyberpot`
+  - Run `grc netstat -tulpen`
+  - Run CyberPot manually with `docker compose -f ~/cyberpot/docker-compose.yml up` and check for errors
+  - Stop execution with `CTRL-C` and `docker compose -f ~/cyberpot/docker-compose.yml down -v`
 - If a single container shows as `DOWN` you can run `docker logs <container-name>` for the latest log entries

.github/workflows/basic-support-info.yml

@@ -0,0 +1,49 @@
+name: "Check Basic Support Info"
+
+on:
+  issues:
+    types: [opened, edited]
+
+permissions:
+  issues: write
+  contents: read
+
+jobs:
+  check-issue:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+
+      - name: Install jq
+        run: sudo apt-get install jq -y
+
+      - name: Check issue for basic support info
+        id: check_issue
+        run: |
+          REQUIRED_INFO=("What OS are you CyberPot running on?" "What is the version of the OS" "What CyberPot version are you currently using" "What architecture are you running on" "Review the \`~/install_cyberpot.log\`" "How long has your installation been running?" "Did you install upgrades, packages or use the update script?" "Did you modify any scripts or configs?" "Please provide a screenshot of \`htop\` and \`docker stats\`." "How much free disk space is available" "What is the current container status" "What is the status of the CyberPot service" "What ports are being occupied?")
+
+          ISSUE_BODY=$(cat $GITHUB_EVENT_PATH | jq -r '.issue.body')
+          MISSING_INFO=()
+
+          for info in "${REQUIRED_INFO[@]}"; do
+            if [[ "$ISSUE_BODY" != *"$info"* ]]; then
+              MISSING_INFO+=("$info")
+            fi
+          done
+
+          if [ ${#MISSING_INFO[@]} -ne 0 ]; then
+            echo "missing=true" >> $GITHUB_ENV
+          else
+            echo "missing=false" >> $GITHUB_ENV
+          fi
+
+      - name: Add "no basic support info" label if necessary
+        if: env.missing == 'true'
+        run: gh issue edit "$NUMBER" --add-label "$LABELS"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_REPO: ${{ github.repository }}
+          NUMBER: ${{ github.event.issue.number }}
+          LABELS: no basic support info