Changeset 1425

Timestamp:

10/27/07 13:09:48 (10 months ago)

Author:

till

Message:

honeytrap
- weekend cleaning

Files:

• honeytrap/trunk/ChangeLog (modified) (2 diffs)
• honeytrap/trunk/INSTALL (modified) (1 diff)
• honeytrap/trunk/README (modified) (1 diff)
• honeytrap/trunk/configure.in (modified) (22 diffs)
• honeytrap/trunk/doc/honeytrap.8 (modified) (4 diffs)
• honeytrap/trunk/etc/honeytrap.conf.dist (modified) (6 diffs)
• honeytrap/trunk/etc/ports.conf.dist (modified) (1 diff)
• honeytrap/trunk/etc/responses/21000_tcp (added)
• honeytrap/trunk/etc/responses/5060_tcp (added)
• honeytrap/trunk/src/modules/Makefile.am (modified) (1 diff)
• honeytrap/trunk/src/modules/htm_cspm/Makefile.am (modified) (1 diff)

honeytrap/trunk/ChangeLog

@@ -1 +1 @@
-Version 1.0.0
-- Improved configure script
-Basic http download wrapper plugin added
+New plugin: Basic http download wrapper
-- VNC plugin redesigned to generate virtual attacks
-- Safe signal delivery and handling using per-process pipes
@@ -16 +16 @@
-- Plugins can be prioritized
-- x86 CPU emulation module for generic shellcode analysis
-
+ (unstable)
-- PostgreSQL module for commits into mwcollect database
-- SHA512 hash support

honeytrap/trunk/INSTALL

@@ -9 +9 @@
-
-   The `configure' shell script must be told which connection monitor
-should be used by
+to use in
-connection requests. Currently the following options are possible:
-
-nfq-mon
-
-
-ipq-mon
-
-
-pcap-mon
+stream-mon=nfq
+       
+
+stream-mon=ipq
+       
+
+stream-mon=pcap
-
-To build additional plugins use the --with-[pluginname] options.
+`configure --help' gives a full list of available options.
+
+After the configure step a `make' compiles the code. Finally `make
+install' puts all needed files in the correct places.
-
-Please refer to the generic installation instructions below for further

honeytrap/trunk/README

@@ -24 +24 @@
-INSTALLATION
-
-should be pretty straight forward. Just
-do  a  './configure  --with-<type>-mon  &&  make &&
+is  pretty straight forward.  Just do a
+'./configure  --with-stream-mon=<type> &&  make && 
-  where '<type>' is the connection monitor  type  of  your  choice.
-  Please  refer to the INSTALL file and to the output of './config-

honeytrap/trunk/configure.in

@@ -68 +68 @@
-
-bold () {
-$seo
-$seo 
+-e
+
-}
-
@@ -96 +96 @@
-          enable_profile="X"
-        ], enable_profile=" ")
+AC_ARG_ENABLE(devmodules,
+[  --enable-devmodules     enable unstable modules (not recommended for production setups)],
+                [ if test -n "$GCC"; then
+                    CFLAGS="-O0 -DDEBUG -g"
+                  else
+                    CFLAGS="$CFLAGS -DDEBUG"
+                  fi      
+                  enable_devmodules="X"
+                ], enable_devmodules=" ")
+
-
-#AC_CANONICAL_HOST
@@ -293 +303 @@
-                        bold "   %BError%b - libpcap headers not found. Install them or use the following options:"
-                        echo
-[location of libpcap header files]
+\133location of libpcap header files\135
-                        echo
-                        exit 1
@@ -307 +317 @@
-                        bold "   %BError%b - libpcap library not found. Install it or use the following options:"
-                        echo
-y=%b[location of libpcap shared library files]
+ies=%b\133location of libpcap shared library files\135
-                        echo
-                        exit 1
@@ -333 +343 @@
-                        bold "   %BError%b - libnetfilter_queue headers not found. Install them or use the following options:"
-                        echo
-[location of libnetfilter_queue header files]
+\133location of libnetfilter_queue header files\135
-                        echo
-                        exit
@@ -347 +357 @@
-                        bold "   %BError%b - libnetfilter_queue library not found. Install it or use the following options:"
-                        echo
-y=%b[location of libnetfilter_queue shared library files]
+ies=%b\133location of libnetfilter_queue shared library files\135
-                        echo
-                        exit
@@ -372 +382 @@
-                        bold "   %BError%b - libipq headers not found. Install them or use the following options:"
-                        echo
-[location of libipq header files]
+\133location of libipq header files\135
-                        echo
-                        exit
@@ -386 +396 @@
-                        bold "   %BError%b - libipq library not found. Install it or use the following options:"
-                        echo
-y=%[blocation of libipq shared library files]
+ies=%b\133location of libipq shared library files\135
-                        echo
-                        exit
@@ -448 +458 @@
-    bold "   %BError%b - libclamav headers not found. Install them or use the following options:"
-    echo
-[location of libclamav header files]
+\133location of libclamav header filesi\135
-    echo
-    exit
@@ -462 +472 @@
-    bold "   %BError%b - libclamav library not found. Install it or use the following options:"
-    echo
-y=%b[location of libclamav shared library files]
+ies=%b\133location of libclamav shared library files\135
-    echo
-    exit
@@ -475 +485 @@
-AM_CONDITIONAL(BUILD_CPUEMU_PLUGIN, test x$with_cpuemu = xyes)
-if test "$with_cpuemu" = "yes"; then
+  if test "$enable_devmodules" != "X"; then
+    echo
+    echo "   The cpuEmu plugin is still unstable and should not be used in production setups."
+    bold "   Use %B--enable-devmodules%b to build it anyway."
+    echo
+    exit
+  fi
+
-  with_cpuemu="X"
-  AC_ARG_WITH(libemu_includes,
@@ -490 +508 @@
-  AC_CHECK_HEADER(emu/emu.h,, HEMU="no")
-  if test "$HEMU" = "no"; then
+    echo
-    bold "   %BError%b - libemu headers not found. Install them or use the following options:"
-    echo
-[location of libemu header files]
+\133location of libemu header files\135
-    echo
-    exit
@@ -503 +522 @@
-  AC_CHECK_LIB(emu, emu_getpc_check,, LEMU="no")
-  if test "$LEMU" = "no"; then
+    echo
-    bold "   %BError%b - libemu library not found. Install it or use the following options:"
-    echo
-y=%b[location of libemu shared library files]
+ies=%b\133location of libemu shared library files\135
-    echo
-    exit
@@ -520 +540 @@
-AM_CONDITIONAL(BUILD_SUBMIT_MWSERV_PLUGIN, test x$with_submit_mwserv = xyes)
-if test "$with_submit_mwserv" = "yes"; then
+        if test "$enable_devmodules" != "X"; then
+                echo
+                echo "   The submitMWserv plugin is still unstable and should not be used in production setups."
+                bold "   Use %B--enable-devmodules%b to build it anyway."
+                echo
+                exit
+        fi
+
-        with_submit_mwserv="X"
-
@@ -539 +567 @@
-        AC_CHECK_HEADER(curl.h,, HCURL="no")
-        if test "$HCURL" = "no"; then
+                echo
-                bold "   %BError%b - libcurl headers not found. Install them or use the following options:"
-                echo
-[location of libcurl header files]
+\133location of libcurl header files\135
-                echo
-                exit
-        fi
-
+        if test "$with_libcurl_libraries" != "no"; then
+                LDFLAGS="${LDFLAGS}  -L${with_libcurl_libraries}"
+        fi
-        LCURL="yes"
-        AC_CHECK_LIB(curl, curl_version, LCURL="yes", LCURL="no")
-        if test "$LCURL" = "no"; then
+                echo
-                bold "   %BError%b - libcurl library not found. Install it or use the following options:"
-                echo
-y=%b[location of libcurl shared library files]
+ies=%b\133location of libcurl shared library files\135
-                echo
-                exit
-        fi
-
-        if test "x$libcurl" = xno ; then
-                AC_MSG_CHECKING([checking for curl with SSL])
-                LIBS="$LIBS -lcurl -L/usr/local/ssl/lib -lssl -lcrypto"
-                AC_TRY_LINK([#include <curl/curl.h>], [curl_version();], libcurl=yes, libcurl=no)
-                if test "x$libcurl" = xno ; then
-                        AC_MSG_RESULT(no)
-                        AC_MSG_ERROR([libcurl required. Go to http://curl.haxx.se/ to download and then install it first])
-                else
-                        AC_MSG_RESULT(yes)
-                fi
-        fi 
-else
-        with_submit_mwserv=" "
@@ -577 +598 @@
-AM_CONDITIONAL(BUILD_CSPM_PLUGIN, test x$with_cspm = xyes)
-if test "$with_cspm" = "yes"; then
+  if test "$enable_devmodules" != "X"; then
+    echo
+    echo "   The CSPM plugin is still unstable and should not be used in production setups."
+    bold "   Use %B--enable-devmodules%b to build it anyway."
+    echo
+    exit
+  fi
+
+  with_cspm="X"
+
-  AC_ARG_WITH(libpcre_includes,
-    [  --with-libpcre-includes=DIR     libpcre include directory],
@@ -594 +625 @@
-    bold "   %BError%b - libpcre headers not found. Install them or use the following options:"
-    echo
-[location of libpcre header files]
+\133location of libpcre header files\135
-    echo
-    exit
@@ -608 +639 @@
-    bold "   %BError%b - libpcre library not found. Install it or use the following options:"
-    echo
-y=%b[location of libpcre shared library files]
-
-
-
-
+ies=%b\133location of libpcre shared library files\135
+
+
+
+
-else
-        with_cspm=" "
@@ -641 +672 @@
-    bold "   %BError%b - libpq headers not found. Install them or use the following options:"
-    echo
-[location of libpq header files]
+\133location of libpq header files\135
-    echo
-    exit
@@ -655 +686 @@
-    bold "   %BError%b - libpq library not found. Install it or use the following options:"
-    echo
-y=%b[location of libpq shared library files]
+ies=%b\133location of libpq shared library files\135
-    echo
-    exit
@@ -754 +785 @@
-bold "    (%B$enable_debug%b)  Debugging"
-bold "    (%B$enable_profile%b)  Profiling"
+bold "    (%B$enable_devmodules%b)  Unstable Modules"
-bold "    (%B$with_efence%b)  Electric Fence"
-echo
@@ -765 +797 @@
-bold "    (%B$with_clamav%b)  ClamAV"
-bold "    (%B$with_cpuemu%b)  cpuEmu"
+bold "    (%B$with_cspm%b)  CSPM"
-bold "    (%B$with_postgres%b)  PostgeSQL"
-bold "    (%B$with_spamsum%b)  SpamSum"
-bold "    (%B$with_cspm%b)  CSPM"
-bold "    (%B$with_submit_mwserv%b)  submitMwserv"

honeytrap/trunk/doc/honeytrap.8

@@ -28 +28 @@
-.SH NAME
-.B honeytrap 
-tcp
+network
-.SH SYNOPSIS
-.B honeytrap
@@ -71 +71 @@
-.SH DESCRIPTION
-.I honeytrap
-TCP
+network
-.LP
-Data capture is basically done by the core system. The master process uses a connection monitor to catch incoming requests. Currently, connection monitoring can be performed via a PCAP based sniffer or by hooking the ip_queue API, a userland interface to netfilter/iptables on Linux systems. The appropriate technique has to be built in during compile time.
-.LP
-TCP
+tcp or udp
-.I honeytrap
-as a meta-honeypot, forwarding some connections to different honeypot systems, handle some attacks with own routines or even route connections to different honeypots.
@@ -177 +177 @@
-To recognize rejected connections, 
-.I honeytrap
-sniff TCP reset packets sent to a remote host
+catch connection requests
-.I expression.
-This only has an effect when using the pcap connection monitor.
@@ -205 +205 @@
-As a honeypot,
-.I honeytrap
-to
+side
-.SH SEE ALSO
-.BR bpf (4),
-.BR iptables (8),
-.BR pcap (3),
+.BR udp(7).
-.BR tcp (7).
-.SH AUTHOR

honeytrap/trunk/etc/honeytrap.conf.dist

@@ -14 +14 @@
-response_dir    = "/opt/honeytrap/etc/honeytrap/responses"
-
-
-
-
+
+
+
+
+
-
-/* put network interface into promiscuous mode
@@ -48 +50 @@
-plugin-vncDownload = ""
-
+
-/* store attacks on disk */
-plugin-SaveFile = {
@@ -53 +56 @@
-        downloads_dir   = "/opt/honeytrap/downloads"
-}
+
-
-/* scan downloaded samples with ClamAV engine */
@@ -60 +64 @@
-}
-
+
-/* calculate locality sensitive hashes */
-plugin-SpamSum = {
@@ -65 +70 @@
-        spamsum_sigfile = "/opt/honeytrap/spamsum.sigs"
-}
+
-
-/* store attacks in PostgeSQL database */
@@ -76 +82 @@
-}
-*/
+
+
+/* invoke wget to download files via http */
+/*
+plugin-httpDownload = {
+        http_program = "/usr/bin/wget"
+//      http_options = "-nv"
+        http_options = "-q"
+        download_dir = "/opt/honeytrap/downloads/"
+}
+*/
+
-
-

honeytrap/trunk/etc/ports.conf.dist

@@ -3 +3 @@
- * should be included in main configuration file
- * (c) Tillmann Werner <tillmann.werner@gmx.de>
-
+ 
-
-portconf = {

honeytrap/trunk/src/modules/Makefile.am

@@ -85 +85 @@
-endif
-
+
-install-exec-am:
-DESTDIR)/$(sysconfdir)/honeytrap/plugins
+libdir)
-        for module in `find .libs -name htm_*.so`; do \
-DESTDIR)/$(sysconfdir)/honeytrap/plugins/
+libdir)
-        done
-        for module in `find . -name htm_*.*a`; do \
-                rm -f $(DESTDIR)/$(sysconfdir)/honeytrap/plugins/`basename "$$module"` ; \
-        done

honeytrap/trunk/src/modules/htm_cspm/Makefile.am

@@ -26 +26 @@
-htm_cspm_la_LDFLAGS = -module -no-undefined -avoid-version
-
+
-install-exec-am:
-DESTDIR)/$(sysconfdir)/honeytrap/plugins
+libdir)
-        for module in `find .libs -name htm_*.so`; do \
-DESTDIR)/$(sysconfdir)/honeytrap/plugins/
+libdir)
-        done
-        for module in `find . -name htm_*.*a`; do \
-                rm -f $(DESTDIR)/$(sysconfdir)/honeytrap/plugins/`basename "$$module"` ; \
-        done