Changeset 691
- Timestamp:
- 10/30/06 20:05:21 (2 years ago)
- Files:
-
- nepenthes/trunk/Makefile.am (modified) (2 diffs)
- nepenthes/trunk/modules/module-honeytrap/PCAPSocket.cpp (modified) (2 diffs)
- nepenthes/trunk/modules/module-honeytrap/TrapSocket.cpp (modified) (1 diff)
- nepenthes/trunk/modules/module-honeytrap/module-honeytrap.conf.dist (modified) (2 diffs)
- nepenthes/trunk/modules/module-honeytrap/module-honeytrap.cpp (modified) (5 diffs)
- nepenthes/trunk/modules/module-honeytrap/module-honeytrap.hpp (modified) (2 diffs)
- nepenthes/trunk/modules/submit-postgres/submit-postgres.conf.dist (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/Config.hpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
nepenthes/trunk/Makefile.am
r527 r691 49 49 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/cache 50 50 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/cache/nepenthes 51 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/cache/nepenthes/ geolocation51 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/cache/nepenthes/pcap 52 52 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/cache/nepenthes/signatures 53 53 … … 57 57 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/spool/nepenthes 58 58 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/spool/nepenthes/gotek 59 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/spool/nepenthes/submitpostgres 59 60 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/log 61 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/log/pcap 60 62 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/binaries 61 63 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/hexdumps nepenthes/trunk/modules/module-honeytrap/PCAPSocket.cpp
r689 r691 76 76 [SYN] ACK SYN|ACK (RST|FIN) */ 77 77 78 if ( m_PacketCount < = 3)78 if ( m_PacketCount < g_ModuleHoneytrap->getPcapMinPackets() ) 79 79 drop_file = true; 80 80 … … 220 220 char *pcap_file_path; 221 221 222 asprintf(&pcap_file_path,"var/log/nepenthes/pcap/%i_%s-%i_%s-%i.pcap", 222 asprintf(&pcap_file_path,"%s/%i_%s-%i_%s-%i.pcap", 223 g_ModuleHoneytrap->getPcapPath().c_str(), 223 224 (int)time(NULL), 224 225 rhost.c_str(),getRemotePort(), nepenthes/trunk/modules/module-honeytrap/TrapSocket.cpp
r690 r691 801 801 } 802 802 #ifdef HAVE_PCAP 803 if ( m_HTType != HT_PCAP )803 if ( g_ModuleHoneytrap->getPcapDumpFiles() && m_HTType != HT_PCAP ) 804 804 { 805 805 if ( g_ModuleHoneytrap->socketExists((uint32_t)ip->ip_src.s_addr, ntohs(tcp->th_sport), nepenthes/trunk/modules/module-honeytrap/module-honeytrap.conf.dist
r573 r691 1 1 module-honeytrap 2 2 { 3 listen_mode "ipq"; // valid values are ipq pcap and divert3 listen_mode "ipq"; // valid values are ipq pcap and ipfw 4 4 5 5 … … 9 9 }; 10 10 11 divert11 ipfw 12 12 { 13 port "4711";13 divert_port "4711"; 14 14 }; 15 15 16 17 write_pcap_files "1"; /* creates a single pcap file per accepted connection 18 only supported in ipq and ipfw mode */ 19 20 pcap_dump_options 21 { 22 min_packets "3"; // minimum of packets, else the dump gets removed 23 path "var/log/pcap/"; // path for pcap files relative to basedir 24 }; 16 25 17 26 }; nepenthes/trunk/modules/module-honeytrap/module-honeytrap.cpp
r679 r691 112 112 g_ModuleHoneytrap = this; 113 113 114 m_PcapDumpFiles = false; 115 m_PcapDumpFilePath = "var/log/pcap/"; 116 m_PcapMinPackets = 3; 117 118 114 119 } 115 120 … … 144 149 145 150 mode = m_Config->getValString("module-honeytrap.listen_mode"); 151 152 m_PcapDumpFiles = (bool)m_Config->getValInt("module-honeytrap.write_pcap_files"); 153 m_PcapDumpFilePath = m_Config->getValString("module-honeytrap.pcap_dump_options.path");; 154 m_PcapMinPackets = m_Config->getValInt("module-honeytrap.pcap_dump_options.min_packets");; 155 146 156 } catch ( ... ) 147 157 { … … 153 163 TrapSocket::getSupportedModes().c_str(), 154 164 mode.c_str()); 165 166 167 if (m_PcapDumpFiles == true) 168 { 169 #ifdef HAVE_PCAP 170 logInfo("Dumping accepted connection pcap files to %s if they have the minimum of %i packets\n", 171 m_PcapDumpFilePath.c_str(), 172 m_PcapMinPackets); 173 #else 174 logWarn("Not dumping to pcap files (not supported)\n"); 175 m_PcapDumpFiles = false; 176 #endif 177 178 }else 179 { 180 logInfo("Not dumping to pcap files\n"); 181 } 182 155 183 156 184 Socket *s = NULL; … … 187 215 try 188 216 { 189 port = m_Config->getValInt("module-honeytrap. divert.port");217 port = m_Config->getValInt("module-honeytrap.ipfw.divert_port"); 190 218 } catch (...) 191 219 { … … 349 377 } 350 378 379 bool ModuleHoneyTrap::getPcapDumpFiles() 380 { 381 return m_PcapDumpFiles; 382 } 383 384 385 string ModuleHoneyTrap::getPcapPath() 386 { 387 388 return m_PcapDumpFilePath; 389 } 390 391 uint32_t ModuleHoneyTrap::getPcapMinPackets() 392 { 393 return m_PcapMinPackets; 394 } 395 351 396 352 397 extern "C" int32_t module_init(int32_t version, Module **module, Nepenthes *nepenthes) nepenthes/trunk/modules/module-honeytrap/module-honeytrap.hpp
r679 r691 119 119 bool socketExists(uint32_t remotehost, uint16_t remoteport, uint32_t localhost, uint16_t localport); 120 120 121 bool getPcapDumpFiles(); 122 string getPcapPath(); 123 uint32_t getPcapMinPackets(); 124 125 121 126 protected: 122 127 map<connection_t ,Socket *,cmp_connection_t> m_Sockets; … … 125 130 126 131 string m_DialogueFactory; 132 133 bool m_PcapDumpFiles; 134 string m_PcapDumpFilePath; 135 uint32_t m_PcapMinPackets; 127 136 }; 128 137 nepenthes/trunk/modules/submit-postgres/submit-postgres.conf.dist
r667 r691 7 7 options ""; // not sure if options already work (ssl is an option) 8 8 9 spooldir "var/spool/ submitpostgres/";9 spooldir "var/spool/nepenthes/submitpostgres/"; 10 10 }; 11 11 nepenthes/trunk/nepenthes-core/include/Config.hpp
r321 r691 28 28 /* $Id$ */ 29 29 30 #ifndef CONFIG_H31 #define CONIFG_H30 #ifndef HAVE_CONFIG_HPP 31 #define HAVE_CONFIG_HPP 32 32 33 33 #include <vector>
