diff options
| -rw-r--r-- | GIDs | 1 | ||||
| -rw-r--r-- | UIDs | 1 | ||||
| -rw-r--r-- | net/Makefile | 1 | ||||
| -rw-r--r-- | net/kippo/Makefile | 43 | ||||
| -rw-r--r-- | net/kippo/distinfo | 2 | ||||
| -rw-r--r-- | net/kippo/files/kippo.in | 33 | ||||
| -rw-r--r-- | net/kippo/files/pkg-message.in | 33 | ||||
| -rw-r--r-- | net/kippo/pkg-descr | 5 | ||||
| -rw-r--r-- | net/kippo/pkg-plist | 55 |
9 files changed, 174 insertions, 0 deletions
@@ -248,5 +248,6 @@ fluentd:*:963: git_daemon:*:964: elasticsearch:*:965: ossec:*:966: +kippo:*:969: nogroup:*:65533: nobody:*:65534: @@ -254,4 +254,5 @@ elasticsearch:*:965:965::0:0:elasticsearch user:/nonexistent:/usr/sbin/nologin ossec:*:966:966::0:0:OSSEC user:/usr/local/ossec-hids:/usr/sbin/nologin ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin +kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin diff --git a/net/Makefile b/net/Makefile index 54966667bb4f..0bf08b9b5d43 100644 --- a/net/Makefile +++ b/net/Makefile @@ -282,6 +282,7 @@ SUBDIR += kdenetwork4 SUBDIR += kiax SUBDIR += kio-upnp-ms + SUBDIR += kippo SUBDIR += kissd SUBDIR += knc SUBDIR += knemo diff --git a/net/kippo/Makefile b/net/kippo/Makefile new file mode 100644 index 000000000000..3bf2b3e03b7a --- /dev/null +++ b/net/kippo/Makefile @@ -0,0 +1,43 @@ +# Created by: Frederic Culot <culot@FreeBSD.org> +# $FreeBSD$ + +PORTNAME= kippo +PORTVERSION= 0.5 +CATEGORIES= net +MASTER_SITES= ${MASTER_SITE_GOOGLE_CODE} + +MAINTAINER= culot@FreeBSD.org +COMMENT= Medium interaction ssh honeypot + +LICENSE= BSD + +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pycrypto>0:${PORTSDIR}/security/py-pycrypto \ + ${PYTHON_PKGNAMEPREFIX}zope.interface>0:${PORTSDIR}/devel/py-zope.interface +RUN_DEPENDS:= ${BUILD_DEPENDS} + +USE_PYTHON= 2.5+ +USE_TWISTED_RUN= conch web +NO_BUILD= yes + +USE_RC_SUBR= kippo + +USERS= kippo +GROUPS= kippo + +SUB_FILES= pkg-message +SUB_LIST+= PYTHON=${PYTHON_CMD} + +do-install: + @${MKDIR} ${DATADIR} +.for f in kippo.cfg kippo.tac fs.pickle + @${INSTALL_DATA} ${WRKSRC}/${f} ${DATADIR} +.endfor +.for d in doc honeyfs kippo txtcmds utils + @${MKDIR} ${DATADIR}/${d} + @(cd ${WRKSRC}/${d}/ && ${COPYTREE_SHARE} \* ${DATADIR}/${d}) +.endfor + +post-install: + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.mk> diff --git a/net/kippo/distinfo b/net/kippo/distinfo new file mode 100644 index 000000000000..5833bb202fbf --- /dev/null +++ b/net/kippo/distinfo @@ -0,0 +1,2 @@ +SHA256 (kippo-0.5.tar.gz) = e5faa1aad668f1a5e986db93af7f132268ce059ce2edafc4a93f678864dbdbce +SIZE (kippo-0.5.tar.gz) = 387148 diff --git a/net/kippo/files/kippo.in b/net/kippo/files/kippo.in new file mode 100644 index 000000000000..3b4064a73585 --- /dev/null +++ b/net/kippo/files/kippo.in @@ -0,0 +1,33 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: kippo +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf to enable kippo: +# +# kippo_enable (bool): Set to NO by default. +# Set it to YES to enable kipppo +# kippo_logfile (path): Set to /tmp/kippo.log by default. +# kippo_pidfile (path): Set to /tmp/kippo.pid by default. + +. /etc/rc.subr + +name=kippo +rcvar=kippo_enable + +load_rc_config $name +: ${kippo_enable:=no} +: ${kippo_logfile="/tmp/kippo.log"} +: ${kippo_pidfile="/tmp/kippo.pid"} + +kippo_user="kippo" +kippo_chdir="%%DATADIR%%" +pidfile=$kippo_pidfile +command="%%LOCALBASE%%/bin/twistd" +command_args="-y %%DATADIR%%/kippo.tac --pidfile $pidfile --logfile $kippo_logfile" +command_interpreter="%%PYTHON%%" + +run_rc_command "$1" diff --git a/net/kippo/files/pkg-message.in b/net/kippo/files/pkg-message.in new file mode 100644 index 000000000000..0ba77e3c45a1 --- /dev/null +++ b/net/kippo/files/pkg-message.in @@ -0,0 +1,33 @@ +======================================================================== +kippo has been installed in the following directory: + + %%DATADIR%% + +Before starting kippo you need to perform the following steps: + +1) Edit kippo's configuration file to suit your needs: + + $EDITOR %%DATADIR%%/kippo.cfg + + Please keep in mind when editing the configuration file that kippo + can't be run as root and is started by the 'kippo' unprivileged + user instead. This implies that the following folders hierarchy + must be created and made writable to the 'kippo' user: + + dl/ + data/ + log/tty/ + +2) Add the following line to your rc.conf: + + kippo_enable="YES" + + Note that you can also set the 'kippo_logfile' and 'kippo_pidfile' + variables to specify the path to the log file and pid file that + will be used by kippo. The default values for those variables are + '/tmp/kippo.log' and '/tmp/kippo.pid' respectively. + +Then you can start kippo by issuing the following command: + + %%PREFIX%%/etc/rc.d/kippo start +======================================================================== diff --git a/net/kippo/pkg-descr b/net/kippo/pkg-descr new file mode 100644 index 000000000000..fe2555038783 --- /dev/null +++ b/net/kippo/pkg-descr @@ -0,0 +1,5 @@ +Kippo is a medium interaction SSH honeypot designed to log brute force +attacks and, most importantly, the entire shell interaction performed +by the attacker. + +WWW: http://code.google.com/p/kippo/ diff --git a/net/kippo/pkg-plist b/net/kippo/pkg-plist new file mode 100644 index 000000000000..2284a1279cc5 --- /dev/null +++ b/net/kippo/pkg-plist @@ -0,0 +1,55 @@ +%%DATADIR%%/fs.pickle +%%DATADIR%%/kippo.cfg +%%DATADIR%%/kippo.tac +%%DATADIR%%/doc/COPYRIGHT +%%DATADIR%%/doc/README +%%DATADIR%%/doc/sql/mysql.sql +%%DATADIR%%/honeyfs/etc/passwd +%%DATADIR%%/honeyfs/etc/issue +%%DATADIR%%/honeyfs/proc/cpuinfo +%%DATADIR%%/kippo/__init__.py +%%DATADIR%%/kippo/commands/fs.py +%%DATADIR%%/kippo/commands/base.py +%%DATADIR%%/kippo/commands/ssh.py +%%DATADIR%%/kippo/commands/ping.py +%%DATADIR%%/kippo/commands/ls.py +%%DATADIR%%/kippo/commands/__init__.py +%%DATADIR%%/kippo/commands/last.py +%%DATADIR%%/kippo/commands/apt.py +%%DATADIR%%/kippo/commands/dice.py +%%DATADIR%%/kippo/commands/tar.py +%%DATADIR%%/kippo/commands/wget.py +%%DATADIR%%/kippo/commands/adduser.py +%%DATADIR%%/kippo/core/fs.py +%%DATADIR%%/kippo/core/__init__.py +%%DATADIR%%/kippo/core/utils.py +%%DATADIR%%/kippo/core/ttylog.py +%%DATADIR%%/kippo/core/honeypot.py +%%DATADIR%%/kippo/core/config.py +%%DATADIR%%/kippo/core/dblog.py +%%DATADIR%%/kippo/dblog/__init__.py +%%DATADIR%%/kippo/dblog/mysql.py +%%DATADIR%%/txtcmds/bin/dmesg +%%DATADIR%%/txtcmds/bin/mount +%%DATADIR%%/txtcmds/sbin/ifconfig +%%DATADIR%%/txtcmds/usr/bin/vi +%%DATADIR%%/utils/convert32.py +%%DATADIR%%/utils/createfs.py +%%DATADIR%%/utils/passdb.py +%%DATADIR%%/utils/playlog.py +@dirrm %%DATADIR%%/doc/sql +@dirrm %%DATADIR%%/doc +@dirrm %%DATADIR%%/honeyfs/etc +@dirrm %%DATADIR%%/honeyfs/proc +@dirrm %%DATADIR%%/honeyfs +@dirrm %%DATADIR%%/kippo/commands +@dirrm %%DATADIR%%/kippo/core +@dirrm %%DATADIR%%/kippo/dblog +@dirrm %%DATADIR%%/kippo +@dirrm %%DATADIR%%/txtcmds/bin +@dirrm %%DATADIR%%/txtcmds/sbin +@dirrm %%DATADIR%%/txtcmds/usr/bin +@dirrm %%DATADIR%%/txtcmds/usr +@dirrm %%DATADIR%%/txtcmds +@dirrm %%DATADIR%%/utils +@dirrm %%DATADIR%% |