+++ /dev/null
-# ChangeLog for net-analyzer/honeytrap
-# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: $
-
- 31 Aug 2008; Thomas Sachau (Tommy[D]) <tommy@gentoo.org> metadata.xml:
- Add local useflags to metadata.xml (GLEP 56)
-
- 15 Nov 2007; Jukka Ruohonen <drear@iki.fi> honeytrap-1.0.0.ebuild:
- Renewed enewuser.
-
- 10 Nov 2007; Jukka Ruohonen <drear@iki.fi> -honeytrap-0.6.4.ebuild:
- Remove old.
-
- 10 Nov 2007; Jukka Ruohonen <drear@iki.fi>
- +files/honeytrap-1.0.0-autoconf.patch, files/honeytrap.conf,
- files/honeytrap.initd, +honeytrap-1.0.0.ebuild:
- Version bump. Thanks to aballier for help with autotools and masterdriverz
- for a quick review.
-
- 24 Jun 2007; Jakub Moc <jakub@gentoo.org> honeytrap-0.6.4.ebuild:
- Move lots of stuff to pkg_setup; use linux-info eclass instead of ewarns,
- default to iptables if no monitor backend is selected, cosmetics
-
- 06 Jun 2007; Ali Polatel (hawking) <polatel@gmail.com>
- honeytrap-0.6.4.ebuild:
- Fix trailing whitespace, add trailing slash to HOMEPAGE, shorten DESCRIPTION
-
- 06 Jun 2007; Markus Ullmann <jokey@gentoo.org> +honeytrap.conf,
- +honeytrap.confd, +honeytrap.initd, +metadata.xml:
- Initial add for bug #179013
-
+++ /dev/null
-AUX honeytrap-1.0.0-autoconf.patch 2576 RMD160 f7737b643cb010e7bf8ef8338fbaa71e2b2eba46 SHA1 07cfdd86dbb252885e5912b430f6de8ba82ee54c SHA256 083be38d8f2af86fd6d576017ec35e759ce97d2601f04805e410d2441cff8a22
-AUX honeytrap.conf 2450 RMD160 17f419cbcf7f4ed89d001b655a5e7c5c91662c9e SHA1 5d0e20a62754a5dc0159edb06f9f6dfe05ad7909 SHA256 e7802927f7146dde69d8420142cf00c8e739120cf84ca8ff8f00e6b8df9033df
-AUX honeytrap.confd 614 RMD160 07a1eee2c255be2cdea329bc272e4d0eb08e4fc4 SHA1 35a55b503f934d8f911aa696ae220192b2d40720 SHA256 ba34016ec19f670dc679060e33eb79ca89927f67a2d8c1adf459b0486ed67974
-AUX honeytrap.initd 787 RMD160 db044b2b11690fa5eed0eb3aa1c9f6358d5cac7f SHA1 958b49a8026bc5dec58925c8f16217e7177cb025 SHA256 d28c0943cf9fd0f2d3c521f4864112e2ab74aae87e4c563a069cf4170737a5c4
-DIST honeytrap-1.0.0.tar.bz2 574018 RMD160 1d4901f6b91459b6ef058e766c78803cb8114dd3 SHA1 e49306c4b7a8176c497155523176a2d657c2febf SHA256 b4066fb504e76d0b060c0ab839997e743dae13ad5f41cf6d8731b7154e47f451
-EBUILD honeytrap-1.0.0.ebuild 4440 RMD160 d19450554f3e2994b8f6bc4843a39e8dc4bc0d27 SHA1 fc4abd97779ade06cd8038b0af6d90fb6c779397 SHA256 f3252e8739a5acdcf633f5352eaf153f724e8508eeae7902a26de61c15318f8b
-MISC ChangeLog 1202 RMD160 71ee19c7878c05dd8aa52a80fb3f5adf48441758 SHA1 b17651642e83ba40f495b6d4afc2aab06c04338d SHA256 6b1958b7f4be1f47756788b3ed544c6747af0a7d6da3fa2ab559ebbc468e23ae
-MISC metadata.xml 581 RMD160 92b4661a94d4147a104dc9e19e89a3812f52ec0d SHA1 9c2182e02b698864d2143f96d1ad25a40e730550 SHA256 52082b540f2abb14756b8d491aac7e957fbb67eea6592c3b8feb6078522f66d6
+++ /dev/null
-diff -ur honeytrap-1.0.0/configure.in honeytrap-1.0.0.new/configure.in
---- honeytrap-1.0.0/configure.in 2007-10-27 14:22:14.000000000 +0300
-+++ honeytrap-1.0.0.new/configure.in 2007-11-10 14:40:27.000000000 +0200
-@@ -76,35 +76,41 @@
- CFLAGS="$CFLAGS -Wall"
- fi
-
--AC_ARG_ENABLE(debug,
--[ --enable-debug enable debugging options (bugreports and developers only)],
-- [ if test -n "$GCC"; then
-- CFLAGS="-O0 -DDEBUG -g"
-- else
-- CFLAGS="$CFLAGS -DDEBUG"
-- fi
-- enable_debug="X"
-- ], enable_debug=" ")
--
--AC_ARG_ENABLE(profile,
--[ --enable-profile enable profiling options (developers only)],
-- [ if test -n "$GCC"; then
-- CFLAGS="$CFLAGS -DPROFILE -pg"
-- else
-- CFLAGS="$CFLAGS -DPROFILE"
-- fi
-- enable_profile="X"
-- ], enable_profile=" ")
--AC_ARG_ENABLE(devmodules,
--[ --enable-devmodules enable unstable modules (not recommended for production setups)],
-- [ if test -n "$GCC"; then
-- CFLAGS="-O0 -DDEBUG -g"
-- else
-- CFLAGS="$CFLAGS -DDEBUG"
-- fi
-- enable_devmodules="X"
-- ], enable_devmodules=" ")
--
-+if test "${enable_debug}" = "yes" ; then
-+ AC_ARG_ENABLE(debug,
-+ [ --enable-debug enable debugging options (bugreports and developers only)],
-+ [ if test -n "$GCC"; then
-+ CFLAGS="-O0 -DDEBUG -g"
-+ else
-+ CFLAGS="$CFLAGS -DDEBUG"
-+ fi
-+ enable_debug="X"
-+ ], enable_debug=" ")
-+fi
-+
-+if test "${enable_profile}" = "yes" ; then
-+ AC_ARG_ENABLE(profile,
-+ [ --enable-profile enable profiling options (developers only)],
-+ [ if test -n "$GCC"; then
-+ CFLAGS="$CFLAGS -DPROFILE -pg"
-+ else
-+ CFLAGS="$CFLAGS -DPROFILE"
-+ fi
-+ enable_profile="X"
-+ ], enable_profile=" ")
-+fi
-+
-+if test "${enable_devmodules}" = "yes" ; then
-+ AC_ARG_ENABLE(devmodules,
-+ [ --enable-devmodules enable unstable modules (not recommended for production setups)],
-+ [ if test -n "$GCC"; then
-+ CFLAGS="-O0 -DDEBUG -g"
-+ else
-+ CFLAGS="$CFLAGS -DDEBUG"
-+ fi
-+ enable_devmodules="X"
-+ ], enable_devmodules=" ")
-+fi
-
- #AC_CANONICAL_HOST
- linux=no
+++ /dev/null
-/*
- * honeytrap 1.0 configuration file template -- please adjust
- * (c) Tillmann Werner <tillmann.werner@gmx.de>
- */
-
-// Small modifications for sane defaults in Gentoo.
-
-/* log to this file */
-logfile = "/var/log/honeytrap/honeytrap.log"
-
-/* where to look for default responses
- * these are sent for connections handled in "normal mode" */
-response_dir = "/etc/honeytrap/responses"
-
-/* replace rfc1918 ip addresses with attacking ip address */
-replace_private_ips = "no"
-
-/* default port mode -- valid values are "ignore", "normal" and "mirror"
-portconf_default = "normal"
-
-/* put network interface into promiscuous mode
- * (only availabel when compiled with --with-pcap-mon) */
-//promisc = "on"
-
-// do not read more than 20 MB - used to prevent DoS attacks
-read_limit = "20971520"
-
-/* include a file */
-//include = "/etc/honeytrap/ports.conf"
-
-
-/* ----- plugin stuff below ----- */
-
-/* where to look for plugins
- need to be set before loading plugins */
-plugin_dir = "/usr/src/honeytrap_dynamicsrc"
-
-
-/* include a plugin via plugin-[ModuleName] = "" */
-
-plugin-ftpDownload = ""
-plugin-tftpDownload = ""
-plugin-b64Decode = ""
-plugin-vncDownload = ""
-
-
-/* store attacks on disk */
-plugin-SaveFile = {
- attacks_dir = "/var/log/honeytrap/attacks"
- downloads_dir = "/var/log/honeytrap/downloads"
-}
-
-
-/* scan downloaded samples with ClamAV engine */
-/*
-plugin-ClamAV = {
- temp_dir = "/tmp"
- clamdb_path = "/var/lib/clamav"
-}
-*/
-
-/* calculate locality sensitive hashes */
-/*
-plugin-SpamSum = {
- md5sum_sigfile = "/var/log/honeytrap/md5sum.sigs"
- spamsum_sigfile = "/var/log/honeytrap/spamsum.sigs"
-}
-*/
-
-/* store attacks in PostgeSQL database */
-/*
-plugin-SavePostgres = {
- db_host = "localhost"
- db_name = "some_db"
- db_user = "some_user"
- db_pass = "some_pass"
-// db_port = "some_port" // defaults to 5432/tcp if not set
-}
-*/
-
-
-/* invoke wget to download files via http */
-/*
-plugin-httpDownload = {
- http_program = "/usr/bin/wget"
-// http_options = "-nv"
- http_options = "-q"
- download_dir = "/var/log/honeytrap/downloads"
-}
-*/
-
-
-
-/* ----- port mode configuration below ----- */
-
-// default port configuration (ignore, normal or mirror)
-// ignore: just ignore connection attempts
-// normal: send a default response
-// mirror: mirror connections back to the initiator (use with caution!)
-portconf_default = "normal"
-
-// explicit port configuration
-portconf = {
- /* ignore these ports */
- ignore = {
- protocol = "tcp"
- port = "22"
- }
-}
+++ /dev/null
-# Config file for /etc/init.d/honeytrap
-
-# Set the listening interface (note: defaults to "any" when not set).
-# This is only available when run with pcap; append to HONEYTRAP_OPTS with hyphen -i if needed.
-# IFACE="eth0"
-
-# Drop priviliges and run as the following user/group. This is strongly recommended!
-USER="honeytrap"
-GROUP="honeytrap"
-
-# You probably do not have the need to change this.
-CONF="/etc/honeytrap/honeytrap.conf"
-
-# Ditto.
-PIDFILE=/var/run/honeytrap.pid
-
-# Log level: 0-6 (defaults to 3, LOG_NOTICE).
-LOGLEVEL=3
-
-# Pull these together.
-HONEYTRAP_OPTS="-u $USER -g $GROUP -t $LOGLEVEL -C $CONF"
+++ /dev/null
-#!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: $
-
-depend() {
- need net
-}
-
-checkconfig() {
- if [ ! -e ${CONF} ] ; then
- eerror "You need a configuration file to run honeytrap."
- eerror "The example config is /etc/honeytrap/honeytrap.conf."
- return 1
- fi
-}
-
-start() {
- checkconfig || return 1
- ebegin "Starting honeytrap"
- # Remove --background for verbose debugging of the config file.
- start-stop-daemon --start --exec /usr/sbin/honeytrap \
- --pidfile ${PIDFILE} --background \
- -- -P ${PIDFILE} ${HONEYTRAP_OPTS}
- eend $?
-}
-
-stop() {
- ebegin "Stopping honeytrap"
- start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
- eend $?
-}
+++ /dev/null
-# Copyright 1999-2008 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: $
-
-inherit eutils autotools linux-info
-
-DESCRIPTION="Network security tool for observing network services via low-interactive honeypot"
-HOMEPAGE="http://honeytrap.mwcollect.org/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="pcap-mon ipq-mon nfq-mon clamav postgres spamsum cspm efence debug profile"
-
-RDEPEND="pcap-mon? ( virtual/libpcap )
- ipq-mon? ( net-firewall/iptables )
- nfq-mon? ( net-firewall/iptables net-libs/libnetfilter_queue )
- !pcap-mon? ( !nfq-mon? ( !ipq-mon? ( net-firewall/iptables ) ) )
- clamav? ( app-antivirus/clamav )
- postgres? ( dev-db/postgresql )
- cspm? ( dev-libs/libpcre )"
-DEPEND="${RDEPEND}
- efence? ( dev-util/efence )"
-
-pkg_setup() {
- enewgroup honeytrap
- enewuser honeytrap -1 -1 -1 honeytrap
-
- if ! use pcap-mon && ! use ipq-mon && ! use nfq-mon ; then
- ewarn "You did not choose any connection monitor."
- ewarn "Currently pcap-based, ip_queue-based and nf_queue-based monitors are supported."
- ewarn "Defaulting to ip_queue; if this is not what you want, you should add either"
- ewarn "pcap-mon or nfq-mon to your USE flags and re-emerge this ebuild."
- epause 3
- fi
-
- if use efence ; then
- ewarn "You have enabled a link with Electric Fence malloc debugger."
- ewarn "It is known that honeytrap will not work with efence and xen-sources."
- epause 3
- fi
-
- if use cspm ; then
- ewarn "You have enabled CSPM, shellcode pattern matching plugin."
- ewarn "The CSPM plugin is still unstable and should not be used in production setups."
- epause 3
- fi
-
- use ipq-mon && CONFIG_CHECK="IP_NF_QUEUE"
- use nfq-mon && CONFIG_CHECK="NETFILTER_NETLINK_QUEUE"
- linux-info_pkg_setup
-}
-
-src_unpack() {
- unpack ${A}
- cd "${S}"
-
- # Automake files are a mess; a review of these is in the upstream todo-list.
- # This patch could be nicer, but at least it prevents ugly things from happening with use_enable.
- epatch "${FILESDIR}/${PN}-1.0.0-autoconf.patch"
-
- einfo "Regenerating autoconf/automake files."
- eautoreconf
-}
-
-src_compile() {
- local myconf
-
- if use pcap-mon ; then
- myconf="${myconf} --with-stream-mon=pcap"
- elif use ipq-mon ; then
- myconf="${myconf} --with-stream-mon=ipq --with-libipq-includes=/usr/include/libipq"
- elif use nfq-mon ; then
- myconf="${myconf} --with-stream-mon=nfq --with-libnfq-includes=/usr/include/libnetfilter_queue"
- elif ! use pcap-mon && ! use ipq-mon && ! use nfq-mon ; then
- myconf="${myconf} --with-stream-mon=ipq --with-libipq-includes=/usr/include/libipq"
- fi
-
- # Note: enabling --devmodules replaces also CFLAGS; keep it this way.
- if use cspm ; then
- myconf="${myconf} --enable-devmodules"
- fi
-
- econf \
- $(use_with clamav) \
- $(use_with postgres) \
- $(use_with spamsum) \
- $(use_with cspm) \
- $(use_with efence) \
- $(use_enable debug) \
- $(use_enable profile) \
- ${myconf} || die "econf failed"
-
- emake || die "emake failed"
-}
-
-src_install() {
- emake DESTDIR="${D}" install || die "emake install failed"
-
- # Unfortunately the dynamic shared plugins are installed into /etc/honeytrap/plugins by default.
- # The easiest way is to just move them and put them into /usr/src/honeytrap_dynamicsrc (cf. Snort).
- dodir /usr/src
- mv "${D}"/etc/honeytrap/plugins "${D}"/usr/src/honeytrap_dynamicsrc || die
-
- # As the ebuild includes a modified version of this file, no need to copy this into the live system.
- rm -f "${D}"/etc/honeytrap/honeytrap.conf*
-
- mv "${D}"/etc/honeytrap/ports.conf.dist "${D}"/etc/honeytrap/ports.conf
-
- # Note: NEWS is empty, so no need for it; man-file is installed without doman.
- dodoc README TODO ChangeLog
-
- newinitd "${FILESDIR}"/${PN}.initd ${PN}
- newconfd "${FILESDIR}"/${PN}.confd ${PN}
- cp "${FILESDIR}"/honeytrap.conf "${D}"/etc/honeytrap/honeytrap.conf
-
- keepdir /var/log/honeytrap
- keepdir /var/log/honeytrap/attacks
- keepdir /var/log/honeytrap/downloads
-
- fowners -R honeytrap:honeytrap /var/log/honeytrap
- fperms 0700 -R /var/log/honeytrap
-}
-
-pkg_postinst() {
- ewarn
- ewarn "WARNING (from the README):"
- ewarn "Honeytrap is a low-interactive honeypot and therefore detectable."
- ewarn "It is written in C and thus potentially vulnerable to buffer"
- ewarn "overflow attacks. Take care. Running in mirror mode is dangerous."
- ewarn "Attacks may be directed to the attacker, appearing to come from"
- ewarn "your system. Use with caution."
- ewarn
-}
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <herd>maintainer-wanted</herd>
- <use>
- <flag name='pcap-mon'>pcap based monitor</flag>
- <flag name='ipq-mon'>IP queue based monitor</flag>
- <flag name='nfq-mon'>Netfilter queue based monitor</flag>
- <flag name='spamsum'>Enables SpamSum similarity
- analysis for recorded attacks</flag>
- <flag name='cspm'>Enables shellcode pattern matching</flag>
- <flag name='efence'>Compile with electronic fence
- malloc debugger</flag>
- </use>
-</pkgmetadata>
projects / ~andy / sunrise / commitdiff