mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-26 10:14:45 +00:00 
			
		
		
		
	
		
			
	
	
		
			302 lines
		
	
	
	
		
			7.1 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
		
		
			
		
	
	
			302 lines
		
	
	
	
		
			7.1 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
|   | # ============================================================================ | ||
|  | # General Honeypot Options | ||
|  | # ============================================================================ | ||
|  | [honeypot] | ||
|  | 
 | ||
|  | # Sensor name is used to identify this honeypot instance. Used by the database | ||
|  | # logging modules such as JSON. | ||
|  | # | ||
|  | # If not specified, the logging modules will instead use the IP address of the | ||
|  | # server as the sensor name. | ||
|  | # | ||
|  | # (default: the name of the local machine) | ||
|  | sensor_name = t-pot | ||
|  | 
 | ||
|  | # The version of Elasticsearch reported by the honeypot. | ||
|  | # | ||
|  | # (default: 1.4.1) | ||
|  | #spoofed_version = 1.4.1 | ||
|  | 
 | ||
|  | # The Elasticsearch instance name reported by the honeypot. | ||
|  | # | ||
|  | # (default = Green Goblin) | ||
|  | instance_name = USNYES01 | ||
|  | 
 | ||
|  | # The name of the simulated Elasticsearch cluster | ||
|  | # | ||
|  | # (default = elasticsearch | ||
|  | #cluster_name = elasticsearch | ||
|  | 
 | ||
|  | # The name of the simulated host running Elasticsearch | ||
|  | # | ||
|  | # (default = elk) | ||
|  | host_name = usnyes01 | ||
|  | 
 | ||
|  | # The build number of the simulated Elasticsearch instance | ||
|  | # Use something realistic or simply don't touch this value | ||
|  | # | ||
|  | # (default = 89d3241) | ||
|  | #build = 89d3241 | ||
|  | 
 | ||
|  | # The number of processors on the simulated host | ||
|  | # | ||
|  | # (default = 12) | ||
|  | #total_processors = 12 | ||
|  | 
 | ||
|  | # The total number of CPU cores on the simulated host | ||
|  | # Use a multiple of total_processors | ||
|  | # | ||
|  | # (default = 24) | ||
|  | #total_cores = 24 | ||
|  | 
 | ||
|  | # The total number of sockets on the simulated host | ||
|  | # Use a multiple of total_cores | ||
|  | # | ||
|  | # (default = 48) | ||
|  | #total_sockets = 48 | ||
|  | 
 | ||
|  | # The MAC address of the networking card of the simulated host | ||
|  | # | ||
|  | # (default = 08:01:c7:3F:15:DD) | ||
|  | #mac_address = 08:01:c7:3F:15:DD | ||
|  | 
 | ||
|  | # Directory where to save log files in. | ||
|  | # Log files are <log_filename>.YYYY-MM-DD in that directory | ||
|  | # | ||
|  | # (default: log) | ||
|  | log_path = log | ||
|  | 
 | ||
|  | # Log file name | ||
|  | # | ||
|  | # (default: stdout) | ||
|  | #log_filename = | ||
|  | 
 | ||
|  | # Directory containing the response files | ||
|  | # | ||
|  | # (default: responses) | ||
|  | #responses_dir = responses | ||
|  | 
 | ||
|  | # ============================================================================ | ||
|  | # Network Specific Options | ||
|  | # ============================================================================ | ||
|  | 
 | ||
|  | # Port to listen for incoming connections. | ||
|  | # | ||
|  | # (default: 9200) | ||
|  | #listen_port = 9200 | ||
|  | 
 | ||
|  | # Site to query for one's public IP address | ||
|  | # | ||
|  | # (default: https://ident.me) | ||
|  | #public_ip_url = https://ident.me | ||
|  | 
 | ||
|  | # Enable to log the public IP of the honeypot (useful if listening on 127.0.0.1) | ||
|  | # IP address is obtained by querying public_ip_url | ||
|  | # | ||
|  | # (default: false) | ||
|  | #report_public_ip = false | ||
|  | 
 | ||
|  | 
 | ||
|  | # ============================================================================ | ||
|  | # Output Plugins | ||
|  | # These provide an extensible mechanism to send audit log entries to third | ||
|  | # parties. The audit entries contain information on clients connecting to | ||
|  | # the honeypot. | ||
|  | # | ||
|  | # Output entries need to start with 'output_' and have the 'enabled' entry. | ||
|  | # ============================================================================ | ||
|  | 
 | ||
|  | # JSON based logging module | ||
|  | # | ||
|  | [output_jsonlog] | ||
|  | enabled = true | ||
|  | logfile = log/elasticpot.json | ||
|  | epoch_timestamp = false | ||
|  | 
 | ||
|  | # MySQL logging module | ||
|  | # Database structure for this module is supplied in docs/sql/mysql.sql | ||
|  | # | ||
|  | # MySQL logging requires extra software: sudo apt-get install libmysqlclient-dev | ||
|  | # MySQL logging requires an extra Python module: pip install mysql-python | ||
|  | # | ||
|  | #[output_mysql] | ||
|  | #enabled = false | ||
|  | #host = localhost | ||
|  | #database = elasticpot | ||
|  | #username = elasticpot | ||
|  | #password = secret | ||
|  | #port = 3306 | ||
|  | #debug = false | ||
|  | # Whether to store geolocation data in the database | ||
|  | #geoip = true | ||
|  | # Location of the databases used for geolocation | ||
|  | #geoip_citydb = data/GeoLite2-City.mmdb | ||
|  | #geoip_asndb = data/GeoLite2-ASN.mmdb | ||
|  | 
 | ||
|  | # Text output | ||
|  | # This writes audit log entries to a text file | ||
|  | # | ||
|  | #[output_textlog] | ||
|  | #enabled = false | ||
|  | #logfile = log/elasticpot.txt | ||
|  | 
 | ||
|  | # HPFeeds | ||
|  | # | ||
|  | # Note the lack of "s" at the end: | ||
|  | [output_hpfeed] | ||
|  | enabled = false | ||
|  | #server = hpfeeds.mysite.org | ||
|  | #tlscert = /path/to/tls/cert/file | ||
|  | #port = 10000 | ||
|  | #identifier = abc123 | ||
|  | #secret = secret | ||
|  | #channel = elasticpot | ||
|  | 
 | ||
|  | # MongoDB logging module | ||
|  | # | ||
|  | #[output_mongodb] | ||
|  | #enabled = false | ||
|  | #host = 127.0.0.1 | ||
|  | #port = 27017 | ||
|  | #username = elasticpot | ||
|  | #password = secret | ||
|  | #database = elasticpot | ||
|  | # Note: .format(username, password, host, port, database) is done | ||
|  | #  on the following string; make sure that there are 5 placeholders ({}) in it | ||
|  | #connection_string = mongodb://{}:{}@{}:{}/{} | ||
|  | # Whether to store geolocation data in the database | ||
|  | #geoip = true | ||
|  | # Location of the databases used for geolocation | ||
|  | #geoip_citydb = data/GeoLite2-City.mmdb | ||
|  | #geoip_asndb = data/GeoLite2-ASN.mmdb | ||
|  | 
 | ||
|  | # RedisDB logging module | ||
|  | # | ||
|  | #[output_redisdb] | ||
|  | #enabled = false | ||
|  | #host = 127.0.0.1 | ||
|  | #port = 6379 | ||
|  | # DB of the redis server. Defaults to 0 | ||
|  | #db = 0 | ||
|  | # Password of the redis server. Defaults to None | ||
|  | #password = secret | ||
|  | # Name of the list to push to or the channel to publish to. Required | ||
|  | #keyname = elasticpot | ||
|  | # Method to use when sending data to redis. | ||
|  | # Can be one of [lpush, rpush, publish]. Defaults to lpush | ||
|  | #send_method = lpush | ||
|  | 
 | ||
|  | # Rethinkdb output module | ||
|  | # | ||
|  | #[output_rethinkdblog] | ||
|  | #enabled = false | ||
|  | #host = 127.0.0.1 | ||
|  | #port = 28015 | ||
|  | #table = events | ||
|  | #db = elasticpot | ||
|  | #password = | ||
|  | 
 | ||
|  | # InfluxDB logging module | ||
|  | # | ||
|  | #[output_influx] | ||
|  | #enabled = false | ||
|  | #host = 127.0.0.1 | ||
|  | #port = 8086 | ||
|  | #database_name = elasticpot | ||
|  | #retention_policy_duration = 12w | ||
|  | 
 | ||
|  | # InfluxDB 2.0 logging module | ||
|  | # | ||
|  | #[output_influx2] | ||
|  | #enabled = false | ||
|  | #host = hostname | ||
|  | #token = token | ||
|  | #org = organization | ||
|  | #bucket = elasticpot | ||
|  | 
 | ||
|  | # CouchDB logging module | ||
|  | # | ||
|  | #[output_couch] | ||
|  | #enabled = false | ||
|  | #host = localhost | ||
|  | #port = 5984 | ||
|  | #username = elasticpot | ||
|  | #password = secret | ||
|  | #database = elasticpot | ||
|  | #geoip = true | ||
|  | # Location of the databases used for geolocation | ||
|  | #geoip_citydb = data/GeoLite2-City.mmdb | ||
|  | #geoip_asndb = data/GeoLite2-ASN.mmdb | ||
|  | 
 | ||
|  | # SQLite3 logging module | ||
|  | # | ||
|  | # Logging to SQLite3 database. To init the database, use the script | ||
|  | # docs/sql/sqlite3.sql: | ||
|  | #     sqlite3 <db_file> < docs/sql/sqlite3.sql | ||
|  | # | ||
|  | #[output_sqlite] | ||
|  | #enabled = false | ||
|  | #debug = false | ||
|  | #db_file = data/elasticpot.db | ||
|  | # Whether to store geolocation data in the database | ||
|  | #geoip = true | ||
|  | # Location of the databases used for geolocation | ||
|  | #geoip_citydb = data/GeoLite2-City.mmdb | ||
|  | #geoip_asndb = data/GeoLite2-ASN.mmdb | ||
|  | 
 | ||
|  | # Elasticsearch logging module | ||
|  | # | ||
|  | #[output_elastic] | ||
|  | #enabled = false | ||
|  | #host = localhost | ||
|  | #port = 9200 | ||
|  | #index = elasticpot | ||
|  | # | ||
|  | # type has been deprecated since ES 6.0.0 | ||
|  | # use _doc which is the default type. See | ||
|  | # https://stackoverflow.com/a/53688626 for | ||
|  | # more information | ||
|  | # | ||
|  | #type = _doc | ||
|  | # | ||
|  | # set pipeline = geoip to map src_ip to | ||
|  | # geo location data. You can use a custom | ||
|  | # pipeline but you must ensure it exists | ||
|  | # in elasticsearch. | ||
|  | # | ||
|  | #pipeline = geoip | ||
|  | # | ||
|  | # Authentication. When x-pack.security is enabled | ||
|  | # in ES, default users have been created and requests | ||
|  | # must be authenticated. | ||
|  | # | ||
|  | # Credentials | ||
|  | # | ||
|  | #username = elasticpot | ||
|  | #password = secret | ||
|  | # | ||
|  | # TLS encryption. Communications between the client (elasticpot)  | ||
|  | # and the ES server should naturally be protected by encryption | ||
|  | # if requests are authenticated (to prevent from man-in-the-middle  | ||
|  | # attacks). The following options are then paramount | ||
|  | # if username and password are provided. | ||
|  | # | ||
|  | # use ssl/tls | ||
|  | #ssl = true | ||
|  | # verify SSL certificates | ||
|  | #verify_certs = true | ||
|  | # Path to trusted CA certs on disk | ||
|  | #ca_certs = /path/to/cert/file/elastic_ca.crt | ||
|  | 
 | ||
|  | 
 | ||
|  | # TODO: | ||
|  | 
 | ||
|  | # Kafka logging module | ||
|  | # | ||
|  | #[output_kafka] | ||
|  | #enabled = false | ||
|  | #host = 127.0.0.1 | ||
|  | #port = 9092 | ||
|  | #topic = elasticpot | ||
|  | 
 |