#!/bin/sh # TarPit.pro Installation Script # Usage: curl -fsSL https://get.tarpit.pro | sudo sh # With registration code: curl -fsSL https://get.tarpit.pro | sudo sh -s -- --code "XXXX-XXXX-XXXX" # # This script installs the TarPit.pro agent binary and optionally # registers the server with your account using a registration code. set -e # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Configuration BINARY_NAME="tarpit-pro" INSTALL_DIR="/usr/local/bin" CONFIG_DIR="/etc/tarpit-pro" DATA_DIR="/var/lib/tarpit-pro" LOG_DIR="/var/log/tarpit-pro" DOWNLOAD_BASE="https://releases.tarpit.pro" API_URL="https://api.tarpit.pro" VERSION="latest" # Parse arguments REGISTRATION_CODE="" while [ $# -gt 0 ]; do case $1 in --code|-c) REGISTRATION_CODE="$2" shift 2 ;; --init|--token) # Backwards compatibility aliases REGISTRATION_CODE="$2" shift 2 ;; --version) VERSION="$2" shift 2 ;; --help|-h) echo "TarPit.pro Installation Script" echo "" echo "Usage: curl -fsSL https://get.tarpit.pro | sudo sh -s -- [OPTIONS]" echo "" echo "Options:" echo " --code Registration code to automatically register this server" echo " --version Install specific version (default: latest)" echo " --help Show this help message" echo "" echo "Examples:" echo " # Install latest version" echo " curl -fsSL https://get.tarpit.pro | sudo sh" echo "" echo " # Install and register with code" echo " curl -fsSL https://get.tarpit.pro | sudo sh -s -- --code \"XXXX-XXXX-XXXX\"" exit 0 ;; *) printf "${RED}Unknown option: %s${NC}\n" "$1" exit 1 ;; esac done # Functions log_info() { printf "${BLUE}[INFO]${NC} %s\n" "$1" } log_success() { printf "${GREEN}[OK]${NC} %s\n" "$1" } log_warn() { printf "${YELLOW}[WARN]${NC} %s\n" "$1" } log_error() { printf "${RED}[ERROR]${NC} %s\n" "$1" } # Check if running as root check_root() { if [ "$(id -u)" -ne 0 ]; then log_error "This script must be run as root (use sudo)" exit 1 fi } # Detect OS and architecture detect_platform() { OS=$(uname -s | tr '[:upper:]' '[:lower:]') ARCH=$(uname -m) case "$OS" in linux) OS="linux" ;; darwin) OS="darwin" ;; mingw*|msys*|cygwin*) OS="windows" ;; *) log_error "Unsupported operating system: $OS" exit 1 ;; esac case "$ARCH" in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64) ARCH="arm64" ;; armv7l|armv6l) ARCH="arm" ;; *) log_error "Unsupported architecture: $ARCH" exit 1 ;; esac PLATFORM="${OS}-${ARCH}" log_info "Detected platform: $PLATFORM" } # Get the download URL for the binary get_download_url() { if [ "$OS" = "windows" ]; then BINARY_FILE="${BINARY_NAME}-${PLATFORM}.exe" else BINARY_FILE="${BINARY_NAME}-${PLATFORM}" fi # All binaries are at the root of the releases server (no version directories) DOWNLOAD_URL="${DOWNLOAD_BASE}/${BINARY_FILE}" log_info "Download URL: $DOWNLOAD_URL" } # Check for existing installation check_existing() { if command -v $BINARY_NAME >/dev/null 2>&1; then EXISTING_VERSION=$($BINARY_NAME version 2>/dev/null | grep -o 'v[0-9.]*' | head -1 || echo "unknown") log_warn "TarPit.pro is already installed (version: $EXISTING_VERSION)" log_info "Upgrading to version $VERSION..." # Stop existing service if running if systemctl is-active --quiet tarpit-pro 2>/dev/null; then log_info "Stopping existing service..." systemctl stop tarpit-pro || true fi fi } # Download and install binary install_binary() { log_info "Downloading TarPit.pro..." TMP_DIR=$(mktemp -d) TMP_FILE="${TMP_DIR}/${BINARY_NAME}" # Download binary if ! curl -fsSL "$DOWNLOAD_URL" -o "$TMP_FILE"; then log_error "Failed to download binary from $DOWNLOAD_URL" rm -rf "$TMP_DIR" exit 1 fi # Verify download (check it's not an error page) # Use head + grep instead of 'file' command which may not be installed if head -c 100 "$TMP_FILE" 2>/dev/null | grep -qE '(/dev/null | xxd -p 2>/dev/null || head -c 4 "$TMP_FILE" | od -A n -t x1 | tr -d ' \n') IS_VALID=false # ELF magic: 7f454c46 (Linux) if echo "$MAGIC_BYTES" | grep -qi "7f454c46"; then IS_VALID=true fi # Mach-O magic: cffa edfe (macOS ARM64) or cefa edfe (macOS x86_64) or feedface/feedfacf if echo "$MAGIC_BYTES" | grep -qiE "(cffaedfe|cefaedfe|feedface|feedfacf)"; then IS_VALID=true fi if [ "$IS_VALID" = "false" ]; then log_error "Downloaded file is not a valid binary" log_error "First 100 bytes:" head -c 100 "$TMP_FILE" | xxd 2>/dev/null || head -c 100 "$TMP_FILE" rm -rf "$TMP_DIR" exit 1 fi # Make executable chmod +x "$TMP_FILE" # Verify binary signature (if the binary supports it) log_info "Verifying binary signature..." VERIFY_EXIT=0 "$TMP_FILE" verify 2>/dev/null || VERIFY_EXIT=$? if [ "$VERIFY_EXIT" -eq 0 ]; then log_success "Binary signature verified" elif [ "$VERIFY_EXIT" -eq 2 ]; then log_warn "Binary is not signed (development build)" elif [ "$VERIFY_EXIT" -eq 1 ]; then log_error "Binary signature verification FAILED - binary may be tampered!" rm -rf "$TMP_DIR" exit 1 else # Command not found or other error - skip verification log_warn "Signature verification not available (older binary version)" fi # Install to system directory log_info "Installing to $INSTALL_DIR..." mv "$TMP_FILE" "${INSTALL_DIR}/${BINARY_NAME}" # Clean up rm -rf "$TMP_DIR" log_success "Binary installed successfully" } # Create necessary directories create_directories() { log_info "Creating directories..." mkdir -p "$CONFIG_DIR" mkdir -p "$DATA_DIR" mkdir -p "$LOG_DIR" # Set permissions chmod 755 "$CONFIG_DIR" chmod 755 "$DATA_DIR" chmod 755 "$LOG_DIR" log_success "Directories created" } # Create default configuration if it doesn't exist create_config() { CONFIG_FILE="${CONFIG_DIR}/config.yaml" if [ -f "$CONFIG_FILE" ]; then log_info "Configuration file already exists, preserving..." return fi log_info "Creating default configuration..." cat > "$CONFIG_FILE" << 'EOF' # TarPit.pro Configuration # Documentation: https://tarpit.pro/docs # Ports to monitor (honeypot services) ports: - 21 # FTP - 22 # SSH - 23 # Telnet - 3306 # MySQL - 5432 # PostgreSQL - 6379 # Redis # Tarpit settings tarpit: enabled: true delay: 3s max_response_bytes: 1024 # Cloud sync (configured automatically with --init) cloud: enabled: false api_url: https://api.tarpit.pro # token: # Local storage storage: db_path: /var/lib/tarpit-pro/attacks.db max_attacks: 10000 # Logging logging: level: info file: /var/log/tarpit-pro/tarpit-pro.log EOF chmod 644 "$CONFIG_FILE" log_success "Configuration created at $CONFIG_FILE" # Save token decryption key for CLI commands # This is the raw 32-byte key (must match platform's TOKEN_KEY) TOKEN_KEY_FILE="${CONFIG_DIR}/token.key" echo -n "76zXCet85qnlFsNlOfty1IqPYarQHAAD" > "$TOKEN_KEY_FILE" chmod 600 "$TOKEN_KEY_FILE" } # Check if systemd is running as init (PID 1) is_systemd_running() { # Check if systemctl exists and systemd is PID 1 if ! command -v systemctl >/dev/null 2>&1; then return 1 fi # Check if systemd is the init system if [ ! -d /run/systemd/system ]; then return 1 fi return 0 } # Install systemd service (Linux only) install_service_linux() { if [ "$OS" != "linux" ]; then return fi if ! is_systemd_running; then log_warn "systemd not running, skipping service installation" log_info "You can start TarPit.pro manually with: tarpit-pro start" return fi log_info "Installing systemd service..." cat > /etc/systemd/system/tarpit-pro.service << EOF [Unit] Description=TarPit.pro Honeypot Agent Documentation=https://tarpit.pro/docs After=network-online.target Wants=network-online.target [Service] Type=simple ExecStart=${INSTALL_DIR}/${BINARY_NAME} start Restart=always RestartSec=5 User=root LimitNOFILE=65536 Environment=TARPIT_TOKEN_KEY=76zXCet85qnlFsNlOfty1IqPYarQHAAD # Security hardening NoNewPrivileges=true ProtectSystem=strict ProtectHome=true ReadWritePaths=${INSTALL_DIR} ${DATA_DIR} ${LOG_DIR} ${CONFIG_DIR} PrivateTmp=true [Install] WantedBy=multi-user.target EOF systemctl daemon-reload log_success "Systemd service installed" } # Install launchd service (macOS only) install_service_darwin() { if [ "$OS" != "darwin" ]; then return fi log_info "Installing launchd service..." PLIST_FILE="/Library/LaunchDaemons/pro.tarpit.agent.plist" cat > "$PLIST_FILE" << EOF Label pro.tarpit.agent ProgramArguments ${INSTALL_DIR}/${BINARY_NAME} start RunAtLoad KeepAlive StandardOutPath ${LOG_DIR}/tarpit-pro.log StandardErrorPath ${LOG_DIR}/tarpit-pro.error.log EnvironmentVariables TARPIT_TOKEN_KEY 76zXCet85qnlFsNlOfty1IqPYarQHAAD EOF chmod 644 "$PLIST_FILE" log_success "Launchd service installed" } # Detect public IP detect_public_ip() { PUBLIC_IP="" # Try multiple services for service in "https://api.ipify.org" "https://ifconfig.me/ip" "https://icanhazip.com"; do PUBLIC_IP=$(curl -fsSL --connect-timeout 5 "$service" 2>/dev/null | tr -d '\n' || echo "") if [ -n "$PUBLIC_IP" ] && echo "$PUBLIC_IP" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then break fi done if [ -z "$PUBLIC_IP" ]; then log_warn "Could not detect public IP address" else log_info "Detected public IP: $PUBLIC_IP" fi } # Detect internal IP detect_internal_ip() { INTERNAL_IP="" if [ "$OS" = "linux" ]; then INTERNAL_IP=$(ip route get 1 2>/dev/null | awk '{print $7; exit}' || hostname -I 2>/dev/null | awk '{print $1}' || echo "") elif [ "$OS" = "darwin" ]; then INTERNAL_IP=$(ipconfig getifaddr en0 2>/dev/null || ipconfig getifaddr en1 2>/dev/null || echo "") fi if [ -n "$INTERNAL_IP" ]; then log_info "Detected internal IP: $INTERNAL_IP" fi } # Register server with code # The agent handles IP detection, API registration, secret storage, AND auto-starts register_server() { if [ -z "$REGISTRATION_CODE" ]; then return fi log_info "Registering server with TarPit.pro..." echo "" # Let the agent handle everything: IP detection, registration, secret storage # The agent auto-starts after successful init if "${INSTALL_DIR}/${BINARY_NAME}" init --code "$REGISTRATION_CODE"; then log_success "Server registered successfully!" SERVER_ID="registered" # Mark as registered for start_service logic # Get tier from config for display TIER=$(grep 'tier:' "${CONFIG_DIR}/config.yaml" 2>/dev/null | awk '{print $2}' || echo "") else log_error "Failed to register server" log_warn "You can manually register later with: tarpit-pro init --code \"$REGISTRATION_CODE\"" return 1 fi } # Start the service start_service() { if [ "$OS" = "linux" ] && is_systemd_running; then log_info "Starting TarPit.pro service..." systemctl enable tarpit-pro systemctl start tarpit-pro sleep 2 if systemctl is-active --quiet tarpit-pro; then log_success "Service started successfully" else log_error "Service failed to start. Check logs with: journalctl -u tarpit-pro -f" fi elif [ "$OS" = "darwin" ]; then log_info "Starting TarPit.pro service..." launchctl load /Library/LaunchDaemons/pro.tarpit.agent.plist 2>/dev/null || true log_success "Service started" else log_warn "No init system detected. Start manually with: tarpit-pro start" fi } # Print success message print_success() { # Get actual version from installed binary INSTALLED_VERSION=$("${INSTALL_DIR}/${BINARY_NAME}" version 2>/dev/null | head -1 | awk '{print $3}' || echo "$VERSION") echo "" printf "${GREEN}╔══════════════════════════════════════════════════════════════╗${NC}\n" printf "${GREEN}║ ║${NC}\n" printf "${GREEN}║ TarPit.pro installed successfully! ║${NC}\n" printf "${GREEN}║ ║${NC}\n" printf "${GREEN}╚══════════════════════════════════════════════════════════════╝${NC}\n" echo "" printf "Binary: ${BLUE}%s/${BINARY_NAME}${NC}\n" "$INSTALL_DIR" printf "Config: ${BLUE}%s/config.yaml${NC}\n" "$CONFIG_DIR" printf "Logs: ${BLUE}%s/${NC}\n" "$LOG_DIR" printf "Version: ${BLUE}%s${NC}\n" "$INSTALLED_VERSION" echo "" if [ -n "$REGISTRATION_CODE" ] && [ -n "$SERVER_ID" ]; then printf "Registered: ${GREEN}Yes${NC}\n" if [ -n "$TIER" ]; then printf "Tier: ${GREEN}%s${NC}\n" "$TIER" fi echo "" fi echo "Useful commands:" printf " ${BLUE}tarpit-pro status${NC} - Check status\n" printf " ${BLUE}tarpit-pro ports list${NC} - List monitored ports\n" printf " ${BLUE}tarpit-pro attacks list${NC} - View recent attacks\n" echo "" if [ -z "$REGISTRATION_CODE" ]; then printf "${YELLOW}Note: This server is not connected to TarPit.pro cloud.${NC}\n" printf "To enable cloud features, run: ${BLUE}tarpit-pro init --code ${NC}\n" echo "" fi echo "Documentation: https://tarpit.pro/docs" echo "Support: https://tarpit.pro/support" } # Main installation flow main() { echo "" printf "${BLUE}╔══════════════════════════════════════════════════════════════╗${NC}\n" printf "${BLUE}║ ║${NC}\n" printf "${BLUE}║ TarPit.pro Installation Script ║${NC}\n" printf "${BLUE}║ \"Waste Their Time, Protect Yours\" ║${NC}\n" printf "${BLUE}║ ║${NC}\n" printf "${BLUE}╚══════════════════════════════════════════════════════════════╝${NC}\n" echo "" check_root detect_platform get_download_url check_existing install_binary create_directories create_config if [ "$OS" = "linux" ]; then install_service_linux elif [ "$OS" = "darwin" ]; then install_service_darwin fi # Register server if code provided if [ -n "$REGISTRATION_CODE" ]; then register_server fi # Start service if registration was successful or no code needed if [ -z "$REGISTRATION_CODE" ] || [ -n "$SERVER_ID" ]; then start_service fi print_success } # Run main main "$@"