diff options
author | Markus Ullmann <jokey@gentoo.org> | 2007-06-06 07:44:09 +0000 |
---|---|---|
committer | Markus Ullmann <jokey@gentoo.org> | 2007-06-06 07:44:09 +0000 |
commit | 97328adfcaf390a60be54280a87d322e96ba15ed (patch) | |
tree | b385779513535f28a5c5bc678429116413095a0c /net-analyzer/honeytrap | |
parent | sci-biology/gmap: Drop old (diff) | |
download | sunrise-97328adfcaf390a60be54280a87d322e96ba15ed.tar.gz sunrise-97328adfcaf390a60be54280a87d322e96ba15ed.tar.bz2 sunrise-97328adfcaf390a60be54280a87d322e96ba15ed.zip |
net-analyzer/honeytrap: Initial add for bug #179013
svn path=/sunrise/; revision=3812
Diffstat (limited to 'net-analyzer/honeytrap')
-rw-r--r-- | net-analyzer/honeytrap/ChangeLog | 8 | ||||
-rw-r--r-- | net-analyzer/honeytrap/Manifest | 5 | ||||
-rw-r--r-- | net-analyzer/honeytrap/files/honeytrap.conf | 48 | ||||
-rw-r--r-- | net-analyzer/honeytrap/files/honeytrap.confd | 21 | ||||
-rw-r--r-- | net-analyzer/honeytrap/files/honeytrap.initd | 31 | ||||
-rw-r--r-- | net-analyzer/honeytrap/honeytrap-0.6.4.ebuild | 96 | ||||
-rw-r--r-- | net-analyzer/honeytrap/metadata.xml | 5 |
7 files changed, 214 insertions, 0 deletions
diff --git a/net-analyzer/honeytrap/ChangeLog b/net-analyzer/honeytrap/ChangeLog new file mode 100644 index 000000000..ab4b973cd --- /dev/null +++ b/net-analyzer/honeytrap/ChangeLog @@ -0,0 +1,8 @@ +# ChangeLog for net-analyzer/honeytrap +# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 +# $Header: $ + + 06 Jun 2007; Markus Ullmann <jokey@gentoo.org> +honeytrap.conf, + +honeytrap.confd, +honeytrap.initd, +metadata.xml: + Initial add for bug #179013 + diff --git a/net-analyzer/honeytrap/Manifest b/net-analyzer/honeytrap/Manifest new file mode 100644 index 000000000..505630603 --- /dev/null +++ b/net-analyzer/honeytrap/Manifest @@ -0,0 +1,5 @@ +AUX honeytrap.conf 2018 RMD160 d12898a960f2c6bdcd24b8efdf233e850fd8da6c SHA1 4e873da666dce22df61dae35961a6316b6e5c912 SHA256 eaac73cbb94f5f1c7b51f7c7637a2cf380c11be006cf26d4a66619a94c1588a2 +AUX honeytrap.confd 614 RMD160 07a1eee2c255be2cdea329bc272e4d0eb08e4fc4 SHA1 35a55b503f934d8f911aa696ae220192b2d40720 SHA256 ba34016ec19f670dc679060e33eb79ca89927f67a2d8c1adf459b0486ed67974 +AUX honeytrap.initd 709 RMD160 e9e34b24b829476a337b3acc0f91408211bc074c SHA1 d86cd0d4dac74c65ec93527276b05230f086b04d SHA256 376addc165212da0db7b6887027e19f36f3846da5ae3928d4ff29aaa6418a327 +DIST honeytrap-0.6.4.tar.bz2 253145 RMD160 00af82f6018a0d124636164fa68b14548231097e SHA1 d0a76c559d94ca97ca97a7a6b101738f0f0611c0 SHA256 e693c50dad5745e2fac594ee4e1234e9bbcd80b757b8b6d1a126d6d9381bdac4 +EBUILD honeytrap-0.6.4.ebuild 2971 RMD160 daeb6c6a46dcc3d5be5fe8a339a70e0e90151452 SHA1 117094335513fa5ba106a4f81da5aee061692388 SHA256 6a9bbad8cabb866bff54251765acbf173623e1b436b1cb8e15a9a5e904bdf6f7 diff --git a/net-analyzer/honeytrap/files/honeytrap.conf b/net-analyzer/honeytrap/files/honeytrap.conf new file mode 100644 index 000000000..775cec8ed --- /dev/null +++ b/net-analyzer/honeytrap/files/honeytrap.conf @@ -0,0 +1,48 @@ +# /etc/honeytrap/honeytrap.conf +# +# This is a sample honeytrap configuration file. +# However, the default values below should work in most installations. +# +# Copyright (C) 2006 Tillmann Werner <tillmann.werner@gmx.de> +# +# +# allowed keywords are: +# +# keyword values description +# ---------------------------------------------------------------------------------- +# pidfile path full pid file path (defaults to /var/run/honeytrap.pid if not given) +# logfile path full logfile path (defaults to /var/log/honeytrap.log if not given) +# user username user from /etc/passwd under which honeytrap should run +# group groupname group from /etc/group under which honeytrap should run +# promisc - tells honeytrap to sniff in promiscuous mode +# mirror - tells honeytrap to run in mirror mode +# response_dir path path to directory with default responses (defaults to /etc/honeytrap/responses) +# plugin_dir path path to directory with honeytrap plugins (defaults to /usr/src/honeytrap_dynamicsrc) +# attacks_dir path where to save attack strings (default is /var/log/honeytrap) +# dlsave_dir path where to save downloaded files (default is /var/log/honeytrap) +# read_limt number max. bytes to read from a socket - prevents honeytrap from memory exhaustion + +# Sane defaults for Gentoo + +logfile = /var/log/honeytrap/honeytrap.log + +response_dir = /etc/honeytrap/responses +plugin_dir = /usr/src/honeytrap_dynamicsrc + +attacks_dir = /var/log/honeytrap/attacks +dlsave_dir = /var/log/honeytrap/downloads + +# run in mirror mode - mirror connections back to the initiator (use with caution!) +# mirror + +# put network interface into promiscuous mode - only available when using the pcap connection monitor +# promisc + +# max bytes to read from an attack connection (10MB = 10485760) +read_limit = 10485760 + +# use this host (ip address) to listen for FTP data connections (you would need the htm_ftpDownload plugin version 3) +# ftp_host = example.com + +# include explicit port configuration +# include = /etc/honeytrap/ports.conf diff --git a/net-analyzer/honeytrap/files/honeytrap.confd b/net-analyzer/honeytrap/files/honeytrap.confd new file mode 100644 index 000000000..c9a51e4ea --- /dev/null +++ b/net-analyzer/honeytrap/files/honeytrap.confd @@ -0,0 +1,21 @@ +# Config file for /etc/init.d/honeytrap + +# Set the listening interface (note: defaults to "any" when not set). +# This is only available when run with pcap; append to HONEYTRAP_OPTS with hyphen -i if needed. +# IFACE="eth0" + +# Drop priviliges and run as the following user/group. This is strongly recommended! +USER="honeytrap" +GROUP="honeytrap" + +# You probably do not have the need to change this. +CONF="/etc/honeytrap/honeytrap.conf" + +# Ditto. +PIDFILE=/var/run/honeytrap.pid + +# Log level: 0-6 (defaults to 3, LOG_NOTICE). +LOGLEVEL=3 + +# Pull these together. +HONEYTRAP_OPTS="-u $USER -g $GROUP -t $LOGLEVEL -C $CONF" diff --git a/net-analyzer/honeytrap/files/honeytrap.initd b/net-analyzer/honeytrap/files/honeytrap.initd new file mode 100644 index 000000000..9aa489d8e --- /dev/null +++ b/net-analyzer/honeytrap/files/honeytrap.initd @@ -0,0 +1,31 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +depend() { + need net +} + +checkconfig() { + if [ ! -e $CONF ] ; then + eerror "You need a configuration file to run Honeytrap." + eerror "The example config is /etc/honeytrap/honeytrap.conf." + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting Honeytrap" + start-stop-daemon --start --exec /usr/sbin/honeytrap \ + --pidfile ${PIDFILE} \ + -- ${HONEYTRAP_OPTS} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping Honeytrap" + start-stop-daemon --stop --quiet --pidfile ${PIDFILE} + eend $? +} diff --git a/net-analyzer/honeytrap/honeytrap-0.6.4.ebuild b/net-analyzer/honeytrap/honeytrap-0.6.4.ebuild new file mode 100644 index 000000000..57d63aa20 --- /dev/null +++ b/net-analyzer/honeytrap/honeytrap-0.6.4.ebuild @@ -0,0 +1,96 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +DESCRIPTION="Honeytrap is a network security tool for observing network services via low-interactive honeypot" +HOMEPAGE="http://honeytrap.mwcollect.org" +SRC_URI="mirror://sourceforge/honeytrap/${P}.tar.bz2" + +inherit eutils + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="pcap-mon ipq-mon efence debug" + +RDEPEND="pcap-mon? ( virtual/libpcap ) + ipq-mon? ( net-firewall/iptables )" +DEPEND="${RDEPEND} + efence? ( dev-util/efence )" + +pkg_setup() { + enewgroup honeytrap + enewuser honeytrap -1 -1 /sbin/nologin honeytrap +} + +src_compile() { + local myconf + + if ! use pcap-mon && ! use ipq-mon ; then + eerror "You must choose one connection monitor." + eerror "Currently only pcap-based and ip_queue-based monitors are supported." + die + fi + + if use ipq-mon ; then + myconf="${myconf} --with-libipq-includes=/usr/include/libipq" + epause 3 + einfo "You need to have IP_NF_QUEUE enabled in your kernel for this to work." + fi + + if use efence; then + epause 3 + ewarn "You have enabled a link with Electric Fence malloc debugger." + ewarn "It is known that Honeytrap will not work with efence and xen-sources." + fi + + econf \ + $(use_with pcap-mon) \ + $(use_with ipq-mon) \ + $(use_enable efence) \ + $(use_enable debug) \ + ${myconf} || die "econf failed" + + emake || die "emake failed" +} + +src_install() { + # Few hacks needed. Feel free to figure out a better way. + # A. Correct fuzzy locations. + mv "${S}"/etc/etc/* "${S}"/etc/ || die + + emake DESTDIR="${D}" install || die "emake install failed" + + # B. Unfortunately the dynamic shared plugins are installed into /etc/honeytrap/plugins by default. + # The easiest way is to just move them and put them into /usr/src/honeytrap_dynamicsrc (cf. Snort). + mkdir "${D}"/usr/src + mv "${D}"/etc/honeytrap/plugins "${D}"/usr/src/honeytrap_dynamicsrc || die + + # As the ebuild includes a modified version of this file, no need to copy this into the live system. + rm "${D}"/etc/honeytrap/honeytrap.conf* + + mv "${D}"/etc/honeytrap/ports.conf.dist "${D}"/etc/honeytrap/ports.conf + dodoc README NEWS TODO ChangeLog + + newinitd "${FILESDIR}"/${PN}.initd ${PN} || die "newinitd failed" + newconfd "${FILESDIR}"/${PN}.confd ${PN} || die "newconfd failed" + cp "${FILESDIR}"/honeytrap.conf "${D}"/etc/honeytrap/ + + keepdir /var/log/honeytrap + keepdir /var/log/honeytrap/attacks + keepdir /var/log/honeytrap/downloads + + fowners -R honeytrap:honeytrap /var/log/honeytrap + fperms 0700 -R /var/log/honeytrap +} + +pkg_postinst() { + ewarn "" + ewarn "WARNING (from the README):" + ewarn "Honeytrap is a low-interactive honeypot and therefore detectable." + ewarn "It is written in C and thus potentially vulnerable to buffer" + ewarn "overflow attacks. Take care. Running in mirror mode is dangerous." + ewarn "Attacks may be directed to the attacker, appearing to come from" + ewarn "your system. Use with caution." + ewarn "" +} diff --git a/net-analyzer/honeytrap/metadata.xml b/net-analyzer/honeytrap/metadata.xml new file mode 100644 index 000000000..7e3286984 --- /dev/null +++ b/net-analyzer/honeytrap/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>maintainer-wanted</herd> +</pkgmetadata> |