-# /etc/honeytrap/honeytrap.conf
-#
-# This is a sample honeytrap configuration file.
-# However, the default values below should work in most installations.
-#
-# Copyright (C) 2006 Tillmann Werner <tillmann.werner@gmx.de>
-#
-#
-# allowed keywords are:
-#
-# keyword values description
-# ----------------------------------------------------------------------------------
-# pidfile path full pid file path (defaults to /var/run/honeytrap.pid if not given)
-# logfile path full logfile path (defaults to /var/log/honeytrap.log if not given)
-# user username user from /etc/passwd under which honeytrap should run
-# group groupname group from /etc/group under which honeytrap should run
-# promisc - tells honeytrap to sniff in promiscuous mode
-# mirror - tells honeytrap to run in mirror mode
-# response_dir path path to directory with default responses (defaults to /etc/honeytrap/responses)
-# plugin_dir path path to directory with honeytrap plugins (defaults to /usr/src/honeytrap_dynamicsrc)
-# attacks_dir path where to save attack strings (default is /var/log/honeytrap)
-# dlsave_dir path where to save downloaded files (default is /var/log/honeytrap)
-# read_limt number max. bytes to read from a socket - prevents honeytrap from memory exhaustion
-
-# Sane defaults for Gentoo
-
-logfile = /var/log/honeytrap/honeytrap.log
-
-response_dir = /etc/honeytrap/responses
-plugin_dir = /usr/src/honeytrap_dynamicsrc
-
-attacks_dir = /var/log/honeytrap/attacks
-dlsave_dir = /var/log/honeytrap/downloads
-
-# run in mirror mode - mirror connections back to the initiator (use with caution!)
-# mirror
-
-# put network interface into promiscuous mode - only available when using the pcap connection monitor
-# promisc
-
-# max bytes to read from an attack connection (10MB = 10485760)
-read_limit = 10485760
-
-# use this host (ip address) to listen for FTP data connections (you would need the htm_ftpDownload plugin version 3)
-# ftp_host = example.com
-
-# include explicit port configuration
-# include = /etc/honeytrap/ports.conf
+/*
+ * honeytrap 1.0 configuration file template -- please adjust
+ * (c) Tillmann Werner <tillmann.werner@gmx.de>
+ */
+
+// Small modifications for sane defaults in Gentoo.
+
+/* log to this file */
+logfile = "/var/log/honeytrap/honeytrap.log"
+
+/* where to look for default responses
+ * these are sent for connections handled in "normal mode" */
+response_dir = "/etc/honeytrap/responses"
+
+/* replace rfc1918 ip addresses with attacking ip address */
+replace_private_ips = "no"
+
+/* default port mode -- valid values are "ignore", "normal" and "mirror"
+portconf_default = "normal"
+
+/* put network interface into promiscuous mode
+ * (only availabel when compiled with --with-pcap-mon) */
+//promisc = "on"
+
+// do not read more than 20 MB - used to prevent DoS attacks
+read_limit = "20971520"
+
+/* include a file */
+//include = "/etc/honeytrap/ports.conf"
+
+
+/* ----- plugin stuff below ----- */
+
+/* where to look for plugins
+ need to be set before loading plugins */
+plugin_dir = "/usr/src/honeytrap_dynamicsrc"
+
+
+/* include a plugin via plugin-[ModuleName] = "" */
+
+plugin-ftpDownload = ""
+plugin-tftpDownload = ""
+plugin-b64Decode = ""
+plugin-vncDownload = ""
+
+
+/* store attacks on disk */
+plugin-SaveFile = {
+ attacks_dir = "/var/log/honeytrap/attacks"
+ downloads_dir = "/var/log/honeytrap/downloads"
+}
+
+
+/* scan downloaded samples with ClamAV engine */
+/*
+plugin-ClamAV = {
+ temp_dir = "/tmp"
+ clamdb_path = "/var/lib/clamav"
+}
+*/
+
+/* calculate locality sensitive hashes */
+/*
+plugin-SpamSum = {
+ md5sum_sigfile = "/var/log/honeytrap/md5sum.sigs"
+ spamsum_sigfile = "/var/log/honeytrap/spamsum.sigs"
+}
+*/
+
+/* store attacks in PostgeSQL database */
+/*
+plugin-SavePostgres = {
+ db_host = "localhost"
+ db_name = "some_db"
+ db_user = "some_user"
+ db_pass = "some_pass"
+// db_port = "some_port" // defaults to 5432/tcp if not set
+}
+*/
+
+
+/* invoke wget to download files via http */
+/*
+plugin-httpDownload = {
+ http_program = "/usr/bin/wget"
+// http_options = "-nv"
+ http_options = "-q"
+ download_dir = "/var/log/honeytrap/downloads"
+}
+*/
+
+
+
+/* ----- port mode configuration below ----- */
+
+// default port configuration (ignore, normal or mirror)
+// ignore: just ignore connection attempts
+// normal: send a default response
+// mirror: mirror connections back to the initiator (use with caution!)
+portconf_default = "normal"
+
+// explicit port configuration
+portconf = {
+ /* ignore these ports */
+ ignore = {
+ protocol = "tcp"
+ port = "22"
+ }
+}
projects / ~andy / sunrise / blobdiff