Changeset 1283
- Timestamp:
- 06/06/07 10:04:16 (1 year ago)
- Files:
-
- honeytrap/trunk/configure.in (modified) (4 diffs)
- honeytrap/trunk/src/ipqmon.c (modified) (6 diffs)
- honeytrap/trunk/src/modules/Makefile.am (modified) (2 diffs)
- honeytrap/trunk/src/modules/htm_b64Decode.c (modified) (1 diff)
- honeytrap/trunk/src/modules/htm_submitMwserv.c (added)
- honeytrap/trunk/src/modules/htm_submitMwserv.h (added)
- honeytrap/trunk/src/modules/htm_vncDownload.c (modified) (1 diff)
- honeytrap/trunk/src/nfqmon.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeytrap/trunk/configure.in
r1282 r1283 411 411 412 412 413 AC_ARG_WITH(submit-mwserv, 414 [ --with-submit-mwserv Submit malware samples to a central server]) 415 AM_CONDITIONAL(BUILD_SUBMIT_MWSERV_PLUGIN, test x$with_submit_mwserv = xyes) 416 if test "$with_submit_mwserv" = "yes"; then 417 with_submit_mwserv="X" 418 419 AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname)) 420 AC_CHECK_FUNC(connect, , AC_CHECK_LIB(socket, connect)) 421 422 AC_ARG_WITH(libcurl_includes, 423 [ --with-libcurl-includes=DIR libcurl include directory], 424 [with_libcurl_includes="$withval"],[with_libcurl_includes=no]) 425 426 AC_ARG_WITH(libcurl_libraries, 427 [ --with-libcurl-libraries=DIR libcurl library directory], 428 [with_libcurl_libraries="$withval"],[with_libcurl_libraries=no]) 429 430 if test "$with_libcurl_includes" != "no"; then 431 CPPFLAGS="${CPPFLAGS} -I${with_libcurl_includes}" 432 fi 433 AC_CHECK_HEADER(curl.h,,[AC_ERROR(curl.h not found.)]) 434 435 AC_CHECK_LIB(curl, curl_version, LCURL="yes", LCURL="no") 436 if test "$LCURL" = "no"; then 437 echo 438 echo " ERROR! Libcurl library/headers not found. Install it or use the" 439 echo " --with-libcurl-* options, if you have it installed in unusual place." 440 echo 441 exit 442 fi 443 if test "x$libcurl" = xno ; then 444 AC_MSG_CHECKING([checking for curl with SSL]) 445 LIBS="$LIBS -lcurl -L/usr/local/ssl/lib -lssl -lcrypto" 446 AC_TRY_LINK([#include <curl/curl.h>], [curl_version();], libcurl=yes, 447 libcurl=no) 448 if test "x$libcurl" = xno ; then 449 AC_MSG_RESULT(no) 450 AC_MSG_ERROR([libcurl required. Go to http://curl.haxx.se/ to download and then install it first]) 451 else 452 AC_MSG_RESULT(yes) 453 fi 454 fi 455 else 456 with_submit_mwserv=" " 457 fi 458 459 460 413 461 AC_ARG_WITH(postgres, 414 462 [ --with-postgres Store attack data in PostgreSQL database]) … … 505 553 AC_SUBST(INCLUDES) 506 554 507 if test $with_ipq_mon != "yes" -a $with_nfq_mon != "yes" -a $with_ipfw_mon != "yes" -a $with_pcap_mon != "yes"; then555 if test ! $with_ipq_mon -a ! $with_nfq_mon -a ! $with_ipfw_mon -a ! $with_pcap_mon; then 508 556 echo 509 557 echo " ERROR! No connection monitor selected. Please reconfigure with --with-pcap-mon, --with-nfq-mon or --with-ipq-mon." … … 511 559 exit 1 512 560 fi 561 562 echo $with_ipq_mon, $sith_nfq_mon, $with_ipfw_mon, $with_pcap_mon 513 563 514 564 … … 524 574 echo "--- honeytrap configuration ---" 525 575 echo "General options" 526 echo -e " \x5b$enable_debug]Debugging"527 echo -e " \x5b$enable_profiling]Profiling"528 echo -e " \x5b$with_efence]Electric Fence"576 echo -e " ($enable_debug) Debugging" 577 echo -e " ($enable_profile) Profiling" 578 echo -e " ($with_efence) Electric Fence" 529 579 echo 530 580 echo "Connection monitor" 531 echo -e " \x5b$with_ipq_mon]Linux ip_queue (ipq)"532 echo -e " \x5b$with_ipfw_mon]FreeBSD ipfw (ipfw)"533 echo -e " \x5b$with_nfq_mon]Linux libnetfilter_queue (nfq)"534 echo -e " \x5b$with_pcap_mon]Libpcap (pcap)"581 echo -e " ($with_ipq_mon) Linux ip_queue (ipq)" 582 echo -e " ($with_ipfw_mon) FreeBSD ipfw (ipfw)" 583 echo -e " ($with_nfq_mon) Linux libnetfilter_queue (nfq)" 584 echo -e " ($with_pcap_mon) Libpcap (pcap)" 535 585 echo 536 586 echo "Optional plugins" 537 echo -e " \x5b$with_clamav] ClamAV" 538 echo -e " \x5b$with_cpuemu] cpuEmu" 539 echo -e " \x5b$with_postgres] PostgeSQL" 540 echo -e " \x5b$with_spamsum] SpamSum" 587 echo -e " ($with_clamav) ClamAV" 588 echo -e " ($with_cpuemu) cpuEmu" 589 echo -e " ($with_postgres) PostgeSQL" 590 echo -e " ($with_spamsum) SpamSum" 591 echo -e " ($with_submit_mwserv) submitMwserv" honeytrap/trunk/src/ipqmon.c
r1282 r1283 34 34 #define BUFSIZE 1500 35 35 36 static void die(struct ipq_handle *h) {37 logmsg(LOG_ERR, 1, "IPQ Error: %s.\n", ipq_errstr());38 ipq_destroy_handle(h);39 clean_exit(EXIT_SUCCESS);40 }41 36 42 37 int start_ipq_mon(void) { … … 59 54 logmsg(LOG_DEBUG, 1, "Creating ipq connection monitor.\n"); 60 55 if ((h = ipq_create_handle(0, PF_INET)) == NULL) { 61 logmsg(LOG_ERR, 1, "Error - Could not create IPQ handle .\n");62 die(h);56 logmsg(LOG_ERR, 1, "Error - Could not create IPQ handle: %s.\n", ipq_errstr()); 57 clean_exit(EXIT_FAILURE); 63 58 } 64 59 65 60 if ((status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE)) < 0) { 66 logmsg(LOG_ERR, 1, "Error - Could not set IPQ mode.\n"); 67 die(h); 61 logmsg(LOG_ERR, 1, "Error - Could not set IPQ mode: %s.\n", ipq_errstr()); 62 ipq_destroy_handle(h); 63 clean_exit(EXIT_FAILURE); 68 64 } 69 65 … … 73 69 process = 1; 74 70 if ((status = ipq_read(h, buf, BUFSIZE, 0)) < 0) { 75 logmsg(LOG_ERR, 1, "Error - Could not read queued packet.\n"); 76 die(h); 71 logmsg(LOG_ERR, 1, "Error - Could not read queued packet: %s.\n", ipq_errstr()); 72 ipq_destroy_handle(h); 73 clean_exit(EXIT_FAILURE); 77 74 } 78 75 switch (ipq_message_type(buf)) { … … 95 92 } else { 96 93 logmsg(LOG_ERR, 1, "Error - Protocol %u is not supported.\n", ip->ip_p); 94 if ((status = ipq_set_verdict(h, packet->packet_id, NF_ACCEPT, 0, NULL)) < 0) { 95 logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet: %s.\n", ipq_errstr()); 96 ipq_destroy_handle(h); 97 clean_exit(EXIT_FAILURE); 98 } 97 99 break; 98 100 } … … 108 110 dport, PROTO(ip->ip_p)); 109 111 if ((status = ipq_set_verdict(h, packet->packet_id, NF_ACCEPT, 0, NULL)) < 0) { 110 logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet.\n"); 111 die(h); 112 logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet: %s.\n", ipq_errstr()); 113 ipq_destroy_handle(h); 114 clean_exit(EXIT_FAILURE); 112 115 } 113 116 process = 0; … … 129 132 dport, PROTO(ip->ip_p)); 130 133 if ((status = ipq_set_verdict(h, packet->packet_id, NF_ACCEPT, 0, NULL)) < 0) { 131 logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet.\n"); 132 die(h); 134 logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet: %s.\n", ipq_errstr()); 135 ipq_destroy_handle(h); 136 clean_exit(EXIT_FAILURE); 133 137 } 134 138 process = 0; honeytrap/trunk/src/modules/Makefile.am
r1281 r1283 30 30 if BUILD_CLAMAV_PLUGIN 31 31 lib_LTLIBRARIES += htm_ClamAV.la 32 endif 33 34 if BUILD_SUBMIT_MWSERV_PLUGIN 35 lib_LTLIBRARIES += htm_submitMwserv.la 32 36 endif 33 37 … … 67 71 endif 68 72 73 if BUILD_SUBMIT_MWSERV_PLUGIN 74 htm_submitMwserv_la = htm_submitMwserv.c htm_submitMwserv.h 75 htm_submitMwserv_la_LDFLAGS = -module -no-undefined -avoid-version 76 endif 77 69 78 install-exec-am: 70 79 $(mkinstalldirs) $(DESTDIR)/$(sysconfdir)/honeytrap/plugins honeytrap/trunk/src/modules/htm_b64Decode.c
r1279 r1283 34 34 #include "htm_b64Decode.h" 35 35 36 const char module_name[]=" htm_b64Decode";36 const char module_name[]="b64Decode"; 37 37 const char module_version[]="0.3.1"; 38 38 honeytrap/trunk/src/modules/htm_vncDownload.c
r1279 r1283 28 28 #include "htm_vncDownload.h" 29 29 30 const char module_name[]=" htm_vncDownload";30 const char module_name[]="vncDownload"; 31 31 const char module_version[]="0.3"; 32 32 honeytrap/trunk/src/nfqmon.c
r1281 r1283 74 74 } else { 75 75 logmsg(LOG_ERR, 1, "Error - Protocol %u is not supported.\n", ip->ip_p); 76 if (nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL) == -1) { 77 logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet.\n"); 78 nfq_destroy_queue(qh); 79 exit(EXIT_FAILURE); 80 } 76 81 return(-1); 77 82 }
