tpotce/docker/honeytrap/dist/honeytrap.conf

/* 
 * honeytrap 1.0.1 configuration file template -- please adjust
 * (c) Tillmann Werner <tillmann.werner@gmx.de>
 */

// log to this file
logfile		= "/opt/honeytrap/var/log/honeytrap.log"

// store process ID in this file
pidfile		= "/var/run/honeytrap.pid"

/* where to look for default responses
 * these are sent for connections handled in "normal mode" */
response_dir	= "/opt/honeytrap/etc/honeytrap/responses"

// replace rfc1918 IP addresses with attacking IP address
replace_private_ips = "no"

// bind dynamic servers to a specific address
//bind_address = "127.0.0.1"

/* put network interface into promiscuous mode
 * (only availabel when compiled with --with-stream-mon=pcap) */
//promisc = "on"

/* the user and group under which honeytrap should run
 * should be set to non-root */
user	= "honeytrap"
group	= "honeytrap"

// do not read more than 20 MB - used to prevent DoS attacks
read_limit = "20971520"


/* ----- plugin stuff below ----- */

/* where to look for plugins
   needs to be set before loading plugins */
plugin_dir	= "/opt/honeytrap/etc/honeytrap/plugins"


// include a plugin via plugin-[ModuleName] = ""

// plugin-magicPE = ""
plugin-ftpDownload = ""
plugin-tftpDownload = ""
plugin-b64Decode = ""
plugin-deUnicode = ""
plugin-vncDownload = ""


// store attacks on disk
plugin-SaveFile = {
	attacks_dir	= "/opt/honeytrap/var/attacks"
	downloads_dir	= "/opt/honeytrap/var/downloads"
}


// plugin for shellcode detection and emulation
/*
plugin-cpuEmu = {
	execute_shellcode = "no"
	createprocess_cmd = "/bin/sh -c \"cd /opt/honeytrap-libemu/.wine/drive_c/windows/system32; WINEPREFIX='/opt/honeytrap-libemu/.wine/' WINEDEBUG='-all' wine 'c:\\windows\\system32\\cmd_orig.exe'\""
}
*/


// scan downloaded samples with ClamAV engine
/*
plugin-ClamAV = {
	temp_dir	= "/tmp"
	clamdb_path	= "/var/lib/clamav"
}
*/


// calculate locality sensitive hashes
/*
plugin-SpamSum = {
	md5sum_sigfile	= "/opt/honeytrap/md5sum.sigs"
	spamsum_sigfile	= "/opt/honeytrap/spamsum.sigs"
}
*/

plugin-logAttacker = { logfile = "/opt/honeytrap/var/log/attacker.log" }

// log attack details in JSON format
plugin-logJSON = { logfile = "/opt/honeytrap/var/log/attackers.json" }


// store attacks in PostgeSQL database
/*
plugin-SavePostgres = {
	db_host	= "localhost"
	db_name	= "some_db"
	db_user	= "some_user"
	db_pass	= "some_pass"
//	db_port = "some_port"	// defaults to 5432/tcp if not set
}
*/


// invoke an external program (f.e. wget) to download files via http
/*
plugin-httpDownload = {
	http_program = "/usr/bin/wget"
	http_options = "-q -t1 -T1 -O-"
}
*/


// submit downloaded malware samples to the mwcollect alliance
/*
plugin-submitMWserv = {
	mwserv_url      = "https://submission-url/"
	guid            = "your-guid"
	maintainer      = "your-maintainer" 
	secret          = "your-secret"
	timeout		= "120"
}
*/

/* ----- port mode configuration below ----- */

// default port configuration (ignore, normal or mirror)
//   ignore: just ignore connection attempts
//   normal: send a default response
//   mirror: mirror connections back to the initiator (use with caution!)
portconf_default = "normal"

// explicit port configuration
/* portconf = {
	// ignore connection requests on these ports
	ignore = {
		protocol	= "tcp"
		port		= "22" 
	}
}
*/

// include a file
//include = "ports.conf"
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`/*`
			`* honeytrap 1.0.1 configuration file template -- please adjust`
			`* (c) Tillmann Werner <tillmann.werner@gmx.de>`
			`*/`

			`// log to this file`
			`logfile = "/opt/honeytrap/var/log/honeytrap.log"`

			`// store process ID in this file`
			`pidfile = "/var/run/honeytrap.pid"`

			`/* where to look for default responses`
			`* these are sent for connections handled in "normal mode" */`
			`response_dir = "/opt/honeytrap/etc/honeytrap/responses"`

			`// replace rfc1918 IP addresses with attacking IP address`
			`replace_private_ips = "no"`

			`// bind dynamic servers to a specific address`
			`//bind_address = "127.0.0.1"`

			`/* put network interface into promiscuous mode`
			`* (only availabel when compiled with --with-stream-mon=pcap) */`
			`//promisc = "on"`

			`/* the user and group under which honeytrap should run`
			`* should be set to non-root */`
			`user = "honeytrap"`
			`group = "honeytrap"`

			`// do not read more than 20 MB - used to prevent DoS attacks`
			`read_limit = "20971520"`


			`/* ----- plugin stuff below ----- */`

			`/* where to look for plugins`
			`needs to be set before loading plugins */`
			`plugin_dir = "/opt/honeytrap/etc/honeytrap/plugins"`


			`// include a plugin via plugin-[ModuleName] = ""`

			`// plugin-magicPE = ""`
			`plugin-ftpDownload = ""`
			`plugin-tftpDownload = ""`
			`plugin-b64Decode = ""`
			`plugin-deUnicode = ""`
			`plugin-vncDownload = ""`


			`// store attacks on disk`
			`plugin-SaveFile = {`
			`attacks_dir = "/opt/honeytrap/var/attacks"`
			`downloads_dir = "/opt/honeytrap/var/downloads"`
			`}`


			`// plugin for shellcode detection and emulation`
			`/*`
			`plugin-cpuEmu = {`
			`execute_shellcode = "no"`
			`createprocess_cmd = "/bin/sh -c \"cd /opt/honeytrap-libemu/.wine/drive_c/windows/system32; WINEPREFIX='/opt/honeytrap-libemu/.wine/' WINEDEBUG='-all' wine 'c:\\windows\\system32\\cmd_orig.exe'\""`
			`}`
			`*/`



			`// scan downloaded samples with ClamAV engine`
			`/*`
			`plugin-ClamAV = {`
			`temp_dir = "/tmp"`
			`clamdb_path = "/var/lib/clamav"`
			`}`
			`*/`


			`// calculate locality sensitive hashes`
			`/*`
			`plugin-SpamSum = {`
			`md5sum_sigfile = "/opt/honeytrap/md5sum.sigs"`
			`spamsum_sigfile = "/opt/honeytrap/spamsum.sigs"`
			`}`
			`*/`

			`plugin-logAttacker = { logfile = "/opt/honeytrap/var/log/attacker.log" }`

			`// log attack details in JSON format`
			`plugin-logJSON = { logfile = "/opt/honeytrap/var/log/attackers.json" }`


			`// store attacks in PostgeSQL database`
			`/*`
			`plugin-SavePostgres = {`
			`db_host = "localhost"`
			`db_name = "some_db"`
			`db_user = "some_user"`
			`db_pass = "some_pass"`
			`// db_port = "some_port" // defaults to 5432/tcp if not set`
			`}`
			`*/`


			`// invoke an external program (f.e. wget) to download files via http`
			`/*`
			`plugin-httpDownload = {`
			`http_program = "/usr/bin/wget"`
			`http_options = "-q -t1 -T1 -O-"`
			`}`
			`*/`


			`// submit downloaded malware samples to the mwcollect alliance`
			`/*`
			`plugin-submitMWserv = {`
			`mwserv_url = "https://submission-url/"`
			`guid = "your-guid"`
			`maintainer = "your-maintainer"`
			`secret = "your-secret"`
			`timeout = "120"`
			`}`
			`*/`

			`/* ----- port mode configuration below ----- */`

			`// default port configuration (ignore, normal or mirror)`
			`// ignore: just ignore connection attempts`
			`// normal: send a default response`
			`// mirror: mirror connections back to the initiator (use with caution!)`
			`portconf_default = "normal"`

			`// explicit port configuration`
			`/* portconf = {`
			`// ignore connection requests on these ports`
			`ignore = {`
			`protocol = "tcp"`
			`port = "22"`
			`}`
			`}`
			`*/`

			`// include a file`
			`//include = "ports.conf"`