summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Ullmann <jokey@gentoo.org>2007-06-06 07:44:09 +0000
committerMarkus Ullmann <jokey@gentoo.org>2007-06-06 07:44:09 +0000
commit97328adfcaf390a60be54280a87d322e96ba15ed (patch)
treeb385779513535f28a5c5bc678429116413095a0c /net-analyzer/honeytrap
parentsci-biology/gmap: Drop old (diff)
downloadsunrise-97328adfcaf390a60be54280a87d322e96ba15ed.tar.gz
sunrise-97328adfcaf390a60be54280a87d322e96ba15ed.tar.bz2
sunrise-97328adfcaf390a60be54280a87d322e96ba15ed.zip
net-analyzer/honeytrap: Initial add for bug #179013
svn path=/sunrise/; revision=3812
Diffstat (limited to 'net-analyzer/honeytrap')
-rw-r--r--net-analyzer/honeytrap/ChangeLog8
-rw-r--r--net-analyzer/honeytrap/Manifest5
-rw-r--r--net-analyzer/honeytrap/files/honeytrap.conf48
-rw-r--r--net-analyzer/honeytrap/files/honeytrap.confd21
-rw-r--r--net-analyzer/honeytrap/files/honeytrap.initd31
-rw-r--r--net-analyzer/honeytrap/honeytrap-0.6.4.ebuild96
-rw-r--r--net-analyzer/honeytrap/metadata.xml5
7 files changed, 214 insertions, 0 deletions
diff --git a/net-analyzer/honeytrap/ChangeLog b/net-analyzer/honeytrap/ChangeLog
new file mode 100644
index 000000000..ab4b973cd
--- /dev/null
+++ b/net-analyzer/honeytrap/ChangeLog
@@ -0,0 +1,8 @@
+# ChangeLog for net-analyzer/honeytrap
+# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+ 06 Jun 2007; Markus Ullmann <jokey@gentoo.org> +honeytrap.conf,
+ +honeytrap.confd, +honeytrap.initd, +metadata.xml:
+ Initial add for bug #179013
+
diff --git a/net-analyzer/honeytrap/Manifest b/net-analyzer/honeytrap/Manifest
new file mode 100644
index 000000000..505630603
--- /dev/null
+++ b/net-analyzer/honeytrap/Manifest
@@ -0,0 +1,5 @@
+AUX honeytrap.conf 2018 RMD160 d12898a960f2c6bdcd24b8efdf233e850fd8da6c SHA1 4e873da666dce22df61dae35961a6316b6e5c912 SHA256 eaac73cbb94f5f1c7b51f7c7637a2cf380c11be006cf26d4a66619a94c1588a2
+AUX honeytrap.confd 614 RMD160 07a1eee2c255be2cdea329bc272e4d0eb08e4fc4 SHA1 35a55b503f934d8f911aa696ae220192b2d40720 SHA256 ba34016ec19f670dc679060e33eb79ca89927f67a2d8c1adf459b0486ed67974
+AUX honeytrap.initd 709 RMD160 e9e34b24b829476a337b3acc0f91408211bc074c SHA1 d86cd0d4dac74c65ec93527276b05230f086b04d SHA256 376addc165212da0db7b6887027e19f36f3846da5ae3928d4ff29aaa6418a327
+DIST honeytrap-0.6.4.tar.bz2 253145 RMD160 00af82f6018a0d124636164fa68b14548231097e SHA1 d0a76c559d94ca97ca97a7a6b101738f0f0611c0 SHA256 e693c50dad5745e2fac594ee4e1234e9bbcd80b757b8b6d1a126d6d9381bdac4
+EBUILD honeytrap-0.6.4.ebuild 2971 RMD160 daeb6c6a46dcc3d5be5fe8a339a70e0e90151452 SHA1 117094335513fa5ba106a4f81da5aee061692388 SHA256 6a9bbad8cabb866bff54251765acbf173623e1b436b1cb8e15a9a5e904bdf6f7
diff --git a/net-analyzer/honeytrap/files/honeytrap.conf b/net-analyzer/honeytrap/files/honeytrap.conf
new file mode 100644
index 000000000..775cec8ed
--- /dev/null
+++ b/net-analyzer/honeytrap/files/honeytrap.conf
@@ -0,0 +1,48 @@
+# /etc/honeytrap/honeytrap.conf
+#
+# This is a sample honeytrap configuration file.
+# However, the default values below should work in most installations.
+#
+# Copyright (C) 2006 Tillmann Werner <tillmann.werner@gmx.de>
+#
+#
+# allowed keywords are:
+#
+# keyword values description
+# ----------------------------------------------------------------------------------
+# pidfile path full pid file path (defaults to /var/run/honeytrap.pid if not given)
+# logfile path full logfile path (defaults to /var/log/honeytrap.log if not given)
+# user username user from /etc/passwd under which honeytrap should run
+# group groupname group from /etc/group under which honeytrap should run
+# promisc - tells honeytrap to sniff in promiscuous mode
+# mirror - tells honeytrap to run in mirror mode
+# response_dir path path to directory with default responses (defaults to /etc/honeytrap/responses)
+# plugin_dir path path to directory with honeytrap plugins (defaults to /usr/src/honeytrap_dynamicsrc)
+# attacks_dir path where to save attack strings (default is /var/log/honeytrap)
+# dlsave_dir path where to save downloaded files (default is /var/log/honeytrap)
+# read_limt number max. bytes to read from a socket - prevents honeytrap from memory exhaustion
+
+# Sane defaults for Gentoo
+
+logfile = /var/log/honeytrap/honeytrap.log
+
+response_dir = /etc/honeytrap/responses
+plugin_dir = /usr/src/honeytrap_dynamicsrc
+
+attacks_dir = /var/log/honeytrap/attacks
+dlsave_dir = /var/log/honeytrap/downloads
+
+# run in mirror mode - mirror connections back to the initiator (use with caution!)
+# mirror
+
+# put network interface into promiscuous mode - only available when using the pcap connection monitor
+# promisc
+
+# max bytes to read from an attack connection (10MB = 10485760)
+read_limit = 10485760
+
+# use this host (ip address) to listen for FTP data connections (you would need the htm_ftpDownload plugin version 3)
+# ftp_host = example.com
+
+# include explicit port configuration
+# include = /etc/honeytrap/ports.conf
diff --git a/net-analyzer/honeytrap/files/honeytrap.confd b/net-analyzer/honeytrap/files/honeytrap.confd
new file mode 100644
index 000000000..c9a51e4ea
--- /dev/null
+++ b/net-analyzer/honeytrap/files/honeytrap.confd
@@ -0,0 +1,21 @@
+# Config file for /etc/init.d/honeytrap
+
+# Set the listening interface (note: defaults to "any" when not set).
+# This is only available when run with pcap; append to HONEYTRAP_OPTS with hyphen -i if needed.
+# IFACE="eth0"
+
+# Drop priviliges and run as the following user/group. This is strongly recommended!
+USER="honeytrap"
+GROUP="honeytrap"
+
+# You probably do not have the need to change this.
+CONF="/etc/honeytrap/honeytrap.conf"
+
+# Ditto.
+PIDFILE=/var/run/honeytrap.pid
+
+# Log level: 0-6 (defaults to 3, LOG_NOTICE).
+LOGLEVEL=3
+
+# Pull these together.
+HONEYTRAP_OPTS="-u $USER -g $GROUP -t $LOGLEVEL -C $CONF"
diff --git a/net-analyzer/honeytrap/files/honeytrap.initd b/net-analyzer/honeytrap/files/honeytrap.initd
new file mode 100644
index 000000000..9aa489d8e
--- /dev/null
+++ b/net-analyzer/honeytrap/files/honeytrap.initd
@@ -0,0 +1,31 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+depend() {
+ need net
+}
+
+checkconfig() {
+ if [ ! -e $CONF ] ; then
+ eerror "You need a configuration file to run Honeytrap."
+ eerror "The example config is /etc/honeytrap/honeytrap.conf."
+ return 1
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Starting Honeytrap"
+ start-stop-daemon --start --exec /usr/sbin/honeytrap \
+ --pidfile ${PIDFILE} \
+ -- ${HONEYTRAP_OPTS} >/dev/null 2>&1
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping Honeytrap"
+ start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
+ eend $?
+}
diff --git a/net-analyzer/honeytrap/honeytrap-0.6.4.ebuild b/net-analyzer/honeytrap/honeytrap-0.6.4.ebuild
new file mode 100644
index 000000000..57d63aa20
--- /dev/null
+++ b/net-analyzer/honeytrap/honeytrap-0.6.4.ebuild
@@ -0,0 +1,96 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+DESCRIPTION="Honeytrap is a network security tool for observing network services via low-interactive honeypot"
+HOMEPAGE="http://honeytrap.mwcollect.org"
+SRC_URI="mirror://sourceforge/honeytrap/${P}.tar.bz2"
+
+inherit eutils
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="pcap-mon ipq-mon efence debug"
+
+RDEPEND="pcap-mon? ( virtual/libpcap )
+ ipq-mon? ( net-firewall/iptables )"
+DEPEND="${RDEPEND}
+ efence? ( dev-util/efence )"
+
+pkg_setup() {
+ enewgroup honeytrap
+ enewuser honeytrap -1 -1 /sbin/nologin honeytrap
+}
+
+src_compile() {
+ local myconf
+
+ if ! use pcap-mon && ! use ipq-mon ; then
+ eerror "You must choose one connection monitor."
+ eerror "Currently only pcap-based and ip_queue-based monitors are supported."
+ die
+ fi
+
+ if use ipq-mon ; then
+ myconf="${myconf} --with-libipq-includes=/usr/include/libipq"
+ epause 3
+ einfo "You need to have IP_NF_QUEUE enabled in your kernel for this to work."
+ fi
+
+ if use efence; then
+ epause 3
+ ewarn "You have enabled a link with Electric Fence malloc debugger."
+ ewarn "It is known that Honeytrap will not work with efence and xen-sources."
+ fi
+
+ econf \
+ $(use_with pcap-mon) \
+ $(use_with ipq-mon) \
+ $(use_enable efence) \
+ $(use_enable debug) \
+ ${myconf} || die "econf failed"
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ # Few hacks needed. Feel free to figure out a better way.
+ # A. Correct fuzzy locations.
+ mv "${S}"/etc/etc/* "${S}"/etc/ || die
+
+ emake DESTDIR="${D}" install || die "emake install failed"
+
+ # B. Unfortunately the dynamic shared plugins are installed into /etc/honeytrap/plugins by default.
+ # The easiest way is to just move them and put them into /usr/src/honeytrap_dynamicsrc (cf. Snort).
+ mkdir "${D}"/usr/src
+ mv "${D}"/etc/honeytrap/plugins "${D}"/usr/src/honeytrap_dynamicsrc || die
+
+ # As the ebuild includes a modified version of this file, no need to copy this into the live system.
+ rm "${D}"/etc/honeytrap/honeytrap.conf*
+
+ mv "${D}"/etc/honeytrap/ports.conf.dist "${D}"/etc/honeytrap/ports.conf
+ dodoc README NEWS TODO ChangeLog
+
+ newinitd "${FILESDIR}"/${PN}.initd ${PN} || die "newinitd failed"
+ newconfd "${FILESDIR}"/${PN}.confd ${PN} || die "newconfd failed"
+ cp "${FILESDIR}"/honeytrap.conf "${D}"/etc/honeytrap/
+
+ keepdir /var/log/honeytrap
+ keepdir /var/log/honeytrap/attacks
+ keepdir /var/log/honeytrap/downloads
+
+ fowners -R honeytrap:honeytrap /var/log/honeytrap
+ fperms 0700 -R /var/log/honeytrap
+}
+
+pkg_postinst() {
+ ewarn ""
+ ewarn "WARNING (from the README):"
+ ewarn "Honeytrap is a low-interactive honeypot and therefore detectable."
+ ewarn "It is written in C and thus potentially vulnerable to buffer"
+ ewarn "overflow attacks. Take care. Running in mirror mode is dangerous."
+ ewarn "Attacks may be directed to the attacker, appearing to come from"
+ ewarn "your system. Use with caution."
+ ewarn ""
+}
diff --git a/net-analyzer/honeytrap/metadata.xml b/net-analyzer/honeytrap/metadata.xml
new file mode 100644
index 000000000..7e3286984
--- /dev/null
+++ b/net-analyzer/honeytrap/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>maintainer-wanted</herd>
+</pkgmetadata>