Changeset 1677

Timestamp:

07/31/08 21:18:45 (2 months ago)

Author:

till

Message:

honeytrap
- 'bind_address' configuration option added for binding dynamic servers

to a specific IP address to make it possible to run several honeytrap
instances in parallel on a single machine

Files:

• honeytrap/trunk/ChangeLog (modified) (1 diff)
• honeytrap/trunk/etc/honeytrap.conf.dist (modified) (8 diffs)
• honeytrap/trunk/src/honeytrap.h (modified) (2 diffs)
• honeytrap/trunk/src/readconf.c (modified) (6 diffs)
• honeytrap/trunk/src/sock.c (modified) (2 diffs)

honeytrap/trunk/ChangeLog

@@ -1 +1 @@
-Version 1.0.1
+- 'bind_address' configuration option added for binding dynamic servers
+  to a specific IP address to make it possible to run several honeytrap
+  instances in parallel on a single machine
-- Code cleanup: asprintf()
-- Error handling for failed malloc()'s where it was missing

honeytrap/trunk/etc/honeytrap.conf.dist

@@ -1 +1 @@
-/* 
-
+.1
- * (c) Tillmann Werner <tillmann.werner@gmx.de>
- */
-
-* log to this file */
+/ log to this file
-logfile         = "/opt/honeytrap/honeytrap.log"
-
-* PID file */
+/ store process ID in this file
-pidfile         = "/var/run/honeytrap.pid"
-
@@ -14 +14 @@
-response_dir    = "/opt/honeytrap/etc/honeytrap/responses"
-
-* replace rfc1918 ip addresses with attacking ip address */
+/ replace rfc1918 IP addresses with attacking IP address
-replace_private_ips = "no"
-
-/* default port mode -- valid values are "ignore", "normal" and "mirror"
-portconf_default = "normal"
-
-/* put network interface into promiscuous mode
-pcap-mon
+stream-mon=pcap
-//promisc = "on"
-
@@ -32 +29 @@
-read_limit = "20971520"
-
-* include a file */
+/ include a file
-//include = "ports.conf"
-
@@ -39 +36 @@
-
-/* where to look for plugins
-
+s
-plugin_dir      = "/opt/honeytrap/etc/honeytrap/plugins"
-
-
-* include a plugin via plugin-[ModuleName] = "" */
+/ include a plugin via plugin-[ModuleName] = ""
-
-plugin-ftpDownload = ""
@@ -51 +48 @@
-
-
-* store attacks on disk */
+/ store attacks on disk
-plugin-SaveFile = {
-        attacks_dir     = "/opt/honeytrap/attacks"
@@ -58 +55 @@
-
-
-
+
+
-plugin-ClamAV = {
-        temp_dir        = "/tmp"
-        clamdb_path     = "/var/lib/clamav"
-}
+*/
-
-
-
+
+
-plugin-SpamSum = {
-        md5sum_sigfile  = "/opt/honeytrap/md5sum.sigs"
-        spamsum_sigfile = "/opt/honeytrap/spamsum.sigs"
-}
+*/
-
-
-* store attacks in PostgeSQL database */
+/ store attacks in PostgeSQL database
-/*
-plugin-SavePostgres = {
@@ -84 +85 @@
-
-
-* invoke wget to download files via http */
+/ invoke an external program (f.e. wget) to download files via http
-/*
-plugin-httpDownload = {
@@ -106 +107 @@
-// explicit port configuration
-portconf = {
-* ignore these ports */
+/ ignore connection requests on these ports
-        ignore = {
-                protocol        = "tcp"

honeytrap/trunk/src/honeytrap.h

@@ -1 +1 @@
-/* honeytrap.h
-7
+8
- *
- * This file is free software; as a special exception the author gives
@@ -105 +105 @@
-// global variables regarding configuration
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-/* explicit port configurations */

honeytrap/trunk/src/readconf.c

@@ -1 +1 @@
-/* readconf.c
-7
+8
- *
- * This file is free software; as a special exception the author gives
@@ -55 +55 @@
-        "plugin_dir",
-        "read_limit",
+        "bind_address",
-        "replace_private_ips",
-#ifdef USE_PCAP_MON
@@ -138 +139 @@
-        config_tree             = NULL;
-
+        bind_address.s_addr     = INADDR_ANY;
+
-        /* build tree of allowed configuration keywords */
-        for (i=0; i<sizeof(config_keywords)/sizeof(char *); i++) {
@@ -470 +473 @@
-                else if (OPT_IS("response_dir")) OPT_SET("  Loading default responses from %s.\n", response_dir)
-                else if (OPT_IS("plugin_dir")) OPT_SET("  Loading plugins from %s.\n", plugin_dir)
+                else if (OPT_IS("bind_address")) {
+                        if (inet_aton(value, &bind_address) == 0) {
+                                fprintf(stderr, "  Error - Unable to convert IP address: %s.\n", strerror(errno));
+                                exit(EXIT_FAILURE);
+                        }
+                        DEBUG_FPRINTF(stdout, "  Binding dynamic servers to %s.\n", inet_ntoa(bind_address));
+                }
-                else if (OPT_IS("user")) {
-                        if ((pwd_entry = getpwnam(value)) == NULL) {
@@ -478 +488 @@
-                        u_id = pwd_entry->pw_uid;
-                        user = value;
-
+s
-                } else if (OPT_IS("group")) {
-                        if ((grp_entry = getgrnam(value)) == NULL) {
@@ -487 +497 @@
-                        g_id = grp_entry->gr_gid;
-                        group = value;
-
+.
-                } else if (OPT_IS("portconf")) {
-                        if (process_conftree(node, node->first_leaf, process_confopt_portconf, NULL) == NULL) return(NULL);

honeytrap/trunk/src/sock.c

@@ -1 +1 @@
-/* sock.c
-7
+8
- *
- * This file is free software; as a special exception the author gives
@@ -58 +58 @@
-        bzero((char *) server_addr, sizeof(struct sockaddr_in));
-        server_addr->sin_family         = AF_INET;
-htonl(INADDR_ANY)
+bind_address.s_addr
-        server_addr->sin_port           = port;
-        if ((bind(fd, (struct sockaddr *) server_addr, sizeof(struct sockaddr_in))) != 0) {