/* * honeytrap 1.0 configuration file template -- please adjust * (c) Tillmann Werner */ // Small modifications for sane defaults in Gentoo. /* log to this file */ logfile = "/var/log/honeytrap/honeytrap.log" /* where to look for default responses * these are sent for connections handled in "normal mode" */ response_dir = "/etc/honeytrap/responses" /* replace rfc1918 ip addresses with attacking ip address */ replace_private_ips = "no" /* default port mode -- valid values are "ignore", "normal" and "mirror" portconf_default = "normal" /* put network interface into promiscuous mode * (only availabel when compiled with --with-pcap-mon) */ //promisc = "on" // do not read more than 20 MB - used to prevent DoS attacks read_limit = "20971520" /* include a file */ //include = "/etc/honeytrap/ports.conf" /* ----- plugin stuff below ----- */ /* where to look for plugins need to be set before loading plugins */ plugin_dir = "/usr/src/honeytrap_dynamicsrc" /* include a plugin via plugin-[ModuleName] = "" */ plugin-ftpDownload = "" plugin-tftpDownload = "" plugin-b64Decode = "" plugin-vncDownload = "" /* store attacks on disk */ plugin-SaveFile = { attacks_dir = "/var/log/honeytrap/attacks" downloads_dir = "/var/log/honeytrap/downloads" } /* scan downloaded samples with ClamAV engine */ /* plugin-ClamAV = { temp_dir = "/tmp" clamdb_path = "/var/lib/clamav" } */ /* calculate locality sensitive hashes */ /* plugin-SpamSum = { md5sum_sigfile = "/var/log/honeytrap/md5sum.sigs" spamsum_sigfile = "/var/log/honeytrap/spamsum.sigs" } */ /* store attacks in PostgeSQL database */ /* plugin-SavePostgres = { db_host = "localhost" db_name = "some_db" db_user = "some_user" db_pass = "some_pass" // db_port = "some_port" // defaults to 5432/tcp if not set } */ /* invoke wget to download files via http */ /* plugin-httpDownload = { http_program = "/usr/bin/wget" // http_options = "-nv" http_options = "-q" download_dir = "/var/log/honeytrap/downloads" } */ /* ----- port mode configuration below ----- */ // default port configuration (ignore, normal or mirror) // ignore: just ignore connection attempts // normal: send a default response // mirror: mirror connections back to the initiator (use with caution!) portconf_default = "normal" // explicit port configuration portconf = { /* ignore these ports */ ignore = { protocol = "tcp" port = "22" } }