From aea04ba38cde38b0e17a8f8b780da3250fa608dc Mon Sep 17 00:00:00 2001 From: Michal Ambroz Date: Apr 12 2018 22:56:58 +0000 Subject: initial load of dionaea package --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ba9a39c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/dionaea-0.6.0-1748f3b.tar.gz diff --git a/dionaea-01_glib.patch b/dionaea-01_glib.patch new file mode 100644 index 0000000..860bc8b --- /dev/null +++ b/dionaea-01_glib.patch @@ -0,0 +1,105 @@ +Use the glib CFLAGS and LDFLAGS during build where necessary +https://github.com/DinoTools/dionaea/issues/161 +https://github.com/DinoTools/dionaea/pull/160 +Merged in in https://github.com/DinoTools/dionaea/commit/1748f3b3936aa1da2d92500251ae8010fe181dfc +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/curl/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/curl/Makefile.am +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/curl/Makefile.am 2016-11-14 23:26:58.000000000 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/curl/Makefile.am 2018-03-21 10:34:08.529280378 +0100 +@@ -5,9 +5,12 @@ + AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src + AM_CFLAGS += -fno-strict-aliasing + +-AM_CFLAGS += $(LIB_CURL_CFLAGS) ++AM_CFLAGS += $(LIB_CURL_CFLAGS) + AM_LDFLAGS = $(LIB_CURL_LIBS) + ++AM_CFLAGS += $(LIB_GLIB_CFLAGS) ++AM_LDFLAGS += $(LIB_GLIB_LDFLAGS) ++ + pkglib_LTLIBRARIES = curl.la + + curl_la_SOURCES = module.c module.h +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/emu/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/emu/Makefile.am +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/emu/Makefile.am 2016-11-14 23:26:58.000000000 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/emu/Makefile.am 2018-03-21 10:34:08.529280378 +0100 +@@ -8,9 +8,13 @@ + AM_CFLAGS += $(LIB_EMU_CFLAGS) + AM_LDFLAGS = $(LIB_EMU_LIBS) + ++AM_CFLAGS += $(LIB_GLIB_CFLAGS) ++AM_LDFLAGS += $(LIB_GLIB_LDFLAGS) ++ ++ + + pkglib_LTLIBRARIES = emu.la + + emu_la_SOURCES = module.c module.h detect.c emulate.c profile.c hooks.c + +-emu_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS} ++emu_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS} +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nc/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nc/Makefile.am +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nc/Makefile.am 2016-11-14 23:26:58.000000000 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nc/Makefile.am 2018-03-21 10:34:39.534850615 +0100 +@@ -7,6 +7,10 @@ + AM_CFLAGS += + AM_LDFLAGS = + ++AM_CFLAGS += $(LIB_GLIB_CFLAGS) ++AM_LDFLAGS += $(LIB_GLIB_LDFLAGS) ++ ++ + + pkglib_LTLIBRARIES = nc.la + +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nfq/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nfq/Makefile.am +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nfq/Makefile.am 2016-11-14 23:26:58.000000000 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nfq/Makefile.am 2018-03-21 10:34:08.530280363 +0100 +@@ -5,8 +5,8 @@ + AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src -pipe -D _GNU_SOURCE -fno-strict-aliasing + AM_CFLAGS += -Wall -Werror + +-AM_CFLAGS += ${LIB_GLIB_CFLAGS} +-AM_LDFLAGS = ${LIB_GLIB_LIBS} ++AM_CFLAGS += ${LIB_GLIB_CFLAGS} ++AM_LDFLAGS = ${LIB_GLIB_LIBS} + + + pkglib_LTLIBRARIES = nfq.la +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nl/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nl/Makefile.am +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nl/Makefile.am 2016-11-14 23:26:58.000000000 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nl/Makefile.am 2018-03-21 10:34:08.530280363 +0100 +@@ -10,6 +10,8 @@ + #AM_LDFLAGS = -Wl,-rpath,/opt/dionaea/lib -L/opt/dionaea/lib -lnl -lnl-route -lnl-genl -lnl-nf + AM_LDFLAGS = $(LIB_NL_LIBS) + ++AM_CFLAGS += $(LIB_GLIB_CFLAGS) ++AM_LDFLAGS += $(LIB_GLIB_LDFLAGS) + + pkglib_LTLIBRARIES = nl.la + +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/pcap/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/pcap/Makefile.am +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/pcap/Makefile.am 2016-11-14 23:26:58.000000000 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/pcap/Makefile.am 2018-03-21 10:34:08.531280350 +0100 +@@ -8,6 +8,9 @@ + AM_CFLAGS += $(LIB_PCAP_CFLAGS) + AM_LDFLAGS = $(LIB_PCAP_LIBS) + ++AM_CFLAGS += $(LIB_GLIB_CFLAGS) ++AM_LDFLAGS += $(LIB_GLIB_LDFLAGS) ++ + pkglib_LTLIBRARIES = pcap.la + + pcap_la_SOURCES = pcap.c +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/xmatch/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/xmatch/Makefile.am +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/xmatch/Makefile.am 2016-11-14 23:26:58.000000000 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/xmatch/Makefile.am 2018-03-21 10:34:08.531280350 +0100 +@@ -8,6 +8,9 @@ + AM_CFLAGS += $(LIB_XMATCH_CFLAGS) + AM_LDFLAGS = $(LIB_XMATCH_LIBS) + ++AM_CFLAGS += $(LIB_GLIB_CFLAGS) ++AM_LDFLAGS += $(LIB_GLIB_LDFLAGS) ++ + pkglib_LTLIBRARIES = xmatch.la + + xmatch_la_SOURCES = module.c xmatch.c diff --git a/dionaea-02_warnerror.patch b/dionaea-02_warnerror.patch new file mode 100644 index 0000000..61b3afa --- /dev/null +++ b/dionaea-02_warnerror.patch @@ -0,0 +1,20 @@ +Get rid of the warning about not used return value from chdir. +https://github.com/DinoTools/dionaea/issues/162 +https://github.com/DinoTools/dionaea/pull/163 +Merged in in https://github.com/DinoTools/dionaea/commit/ea5d54060af53250abfe3dde9f36af399fa30524 + +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/src/dionaea.c dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/src/dionaea.c +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/src/dionaea.c 2018-03-21 04:21:30.201354584 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/src/dionaea.c 2018-03-21 04:22:07.529846514 +0100 +@@ -723,7 +723,10 @@ + g_error("Could not chroot(\"%s\") (%s)", opt->root, strerror(errno)); + } else + { +- chdir("/"); ++ if ( chdir("/") != 0 ) { ++ g_error("Could change to root directory '/' ... this shuoldn't happen exitting.\nErr: (%s)", strerror(errno)); ++ return EXIT_FAILURE; ++ } + } + } + diff --git a/dionaea-03_in6_pktinfo.patch b/dionaea-03_in6_pktinfo.patch new file mode 100644 index 0000000..7ffdc01 --- /dev/null +++ b/dionaea-03_in6_pktinfo.patch @@ -0,0 +1,18 @@ +ipv6 structures in are used by the +ipv6 structures needs explicit CFLAGS " -D_GNU_SOURCE" to compile on linux +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/include/connection.h dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/include/connection.h +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/include/connection.h 2018-03-21 04:21:30.193354693 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/include/connection.h 2018-03-21 04:46:46.450694148 +0100 +@@ -28,11 +28,11 @@ + #ifndef HAVE_CONNECTION_H + #define HAVE_CONNECTION_H + ++#include + #include + #include + #include + +-#include + //#include + #include + #include diff --git a/dionaea-04_pyev.patch b/dionaea-04_pyev.patch new file mode 100644 index 0000000..9e12eb5 --- /dev/null +++ b/dionaea-04_pyev.patch @@ -0,0 +1,98 @@ +diff --git a/modules/python/Makefile.am b/modules/python/Makefile.am +index 5beb169..aa273d3 100644 +--- a/modules/python/Makefile.am ++++ b/modules/python/Makefile.am +@@ -4,19 +4,20 @@ AUTOMAKE_OPTIONS = foreign + + SUBDIRS = dionaea util + ++PYTHON_SITEARCH=$(pkglibdir)"/python" ++ + all: binding.c + + binding.c: setup.py setup.py.in binding.pyx module.c module.h ../../config.h ../../include/protocol.h ../../include/dionaea.h + $(PYTHON) setup.py build + + install-exec-am: all +- cp build/*/dionaea/*.so $(DESTDIR)$(pkglibdir)/python.so +- (cd $(DESTDIR)$(pkglibdir)/python/dionaea && rm -f core.so && ln -s ../../python.so core.so) +- (cd $(DESTDIR)$(pkglibdir)/python/dionaea && rm -f pyev.so && ln -s ../../python.so pyev.so) ++ $(PYTHON) setup.py install -O1 --skip-build --root $(DESTDIR) --install-lib $(PYTHON_SITEARCH) ++ (cd $(DESTDIR)$(PYTHON_SITEARCH)/dionaea && export X=core*.so && ln -s $(PYTHON_SITEARCH)/dionaea/$$X python.so && mv python.so $(DESTDIR)$(pkglibdir)/python.so) + + clean: + $(PYTHON) setup.py clean +- rm -rf ./build binding.{c,h} ++ rm -rf ./build binding.{c,h} + + dist-clean: clean + +diff --git a/modules/python/dionaea/hpfeeds.py b/modules/python/dionaea/hpfeeds.py +index 3674f4b..9a92e0d 100644 +--- a/modules/python/dionaea/hpfeeds.py ++++ b/modules/python/dionaea/hpfeeds.py +@@ -38,7 +38,7 @@ import datetime + from time import gmtime, strftime + + try: +- from dionaea import pyev ++ import pyev + except ImportError: + pyev = None + +diff --git a/modules/python/dionaea/sip/__init__.py b/modules/python/dionaea/sip/__init__.py +index 66cb86e..48100f0 100644 +--- a/modules/python/dionaea/sip/__init__.py ++++ b/modules/python/dionaea/sip/__init__.py +@@ -36,9 +36,10 @@ import random + import os + import datetime + import tempfile ++import pyev + + from dionaea.core import connection, g_dionaea, incident +-from dionaea import pyev, ServiceLoader ++from dionaea import ServiceLoader + + from dionaea.sip.extras import msg_to_icd, SipConfig, ErrorWithResponse + +diff --git a/modules/python/dionaea/submit_http.py b/modules/python/dionaea/submit_http.py +index 20d645d..66c166c 100644 +--- a/modules/python/dionaea/submit_http.py ++++ b/modules/python/dionaea/submit_http.py +@@ -1,7 +1,8 @@ + from dionaea.core import ihandler, incident, g_dionaea + from dionaea.util import md5file, sha512file +-from dionaea import pyev, IHandlerLoader ++from dionaea import IHandlerLoader + ++import pyev + import logging + import uuid + import struct +diff --git a/modules/python/dionaea/virustotal.py b/modules/python/dionaea/virustotal.py +index f2508a7..3e96c3d 100644 +--- a/modules/python/dionaea/virustotal.py ++++ b/modules/python/dionaea/virustotal.py +@@ -32,7 +32,7 @@ import logging + import json + import uuid + import sqlite3 +-from dionaea import pyev ++import pyev + + logger = logging.getLogger('virustotal') + logger.setLevel(logging.DEBUG) +diff --git a/modules/python/setup.py.in b/modules/python/setup.py.in +index 17d71c0..97da738 100644 +--- a/modules/python/setup.py.in ++++ b/modules/python/setup.py.in +@@ -86,7 +86,7 @@ PYEV_VERSION = "\"{0}\"".format(pyev_version) + + ext_modules=[ + Extension("dionaea.core", +- ['binding.pyx', 'module.c', 'pyev/pyev.c'], ++ ['binding.pyx', 'module.c'], + language="c", + include_dirs=['../../include', '../../'] + [k for k in sorted(include_dir_dict)], + extra_compile_args=[k for k in sorted(extra_compile_dict)], diff --git a/dionaea-05_sitelib.patch b/dionaea-05_sitelib.patch new file mode 100644 index 0000000..a3ccb72 --- /dev/null +++ b/dionaea-05_sitelib.patch @@ -0,0 +1,28 @@ +Have a dedicated variable for the python sitelib, so it can be easily changed externally when building the system package. +diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/python/dionaea/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/python/dionaea/Makefile.am +--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/python/dionaea/Makefile.am 2018-03-21 04:21:30.195354666 +0100 ++++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/python/dionaea/Makefile.am 2018-03-21 07:36:59.780218852 +0100 +@@ -2,6 +2,9 @@ + + AUTOMAKE_OPTIONS = foreign + ++PYTHON_SITELIB=$(pkglibdir)"/python" ++ ++ + PYSCRIPTS = blackhole.py + PYSCRIPTS += emu_scripts/__init__.py + PYSCRIPTS += emu_scripts/handler.py +@@ -83,11 +86,11 @@ + + + all: $(PYSCRIPTS) +- ++ + + install-data-am: all + for i in $(PYSCRIPTS); do \ +- location=$(DESTDIR)$(pkglibdir)"/python/dionaea/$$i"; \ ++ location=$(DESTDIR)$(PYTHON_SITELIB)"/dionaea/$$i"; \ + scriptdir=`dirname "$$location"`; \ + if [ ! -d $$scriptdir ]; then \ + $(mkinstalldirs) $$scriptdir; \ diff --git a/dionaea-06_docswarn.patch b/dionaea-06_docswarn.patch new file mode 100644 index 0000000..ee3d4bb --- /dev/null +++ b/dionaea-06_docswarn.patch @@ -0,0 +1,760 @@ +https://github.com/DinoTools/dionaea/issues/170 +https://github.com/DinoTools/dionaea/pull/179 +diff --git a/doc/source/ihandler/log_sqlite.rst b/doc/source/ihandler/log_sqlite.rst +index 040a2a8..e6cca5b 100644 +--- a/doc/source/ihandler/log_sqlite.rst ++++ b/doc/source/ihandler/log_sqlite.rst +@@ -28,21 +28,18 @@ when retrieving the data from the database: + + Additionally, you can query the database for many different things, refer to: + +-* dionaea sql logging 2009/11/06 +- +-* post it yourself 2009/12/08 +- +-* sqlite performance 2009/12/12 +- +-* virustotal fun 2009/12/14 +- +-* Andrew Waite's Blog for mimic-nepstats.py ++* `dionaea sql logging 2009/11/06 `_ ++* `post it yourself 2009/12/08 `_ ++* `sqlite performance 2009/12/12 `_ ++* `virustotal fun 2009/12/14 `_ ++* `Andrew Waite's Blog `_ for mimic-nepstats.py + + for more examples how to make use of the database. + + Example config + -------------- + +-.. literalinclude:: ../../../conf/ihandlers/log_sqlite.yaml.in +- :language: yaml +- :caption: ihandlers/log_sqlite.yaml ++:: ++ .. literalinclude:: ../../../conf/ihandlers/log_sqlite.yaml.in ++ :language: yaml ++ :caption: ihandlers/log_sqlite.yaml +diff --git a/doc/source/old/configuration.rst b/doc/source/old/configuration.rst +index bb46217..7f1b19f 100644 +--- a/doc/source/old/configuration.rst ++++ b/doc/source/old/configuration.rst +@@ -90,18 +90,12 @@ gnuplotsql <#gnuplotsql> script. + + The blog on logsql: + +- * 2009-11-06 dionaea sql logging +- +- * 2009-12-08 post it yourself +- +- * 2009-12-12 sqlite performance +- +- * 2009-12-14 virustotal fun +- +- * 2009-12-15 paris mission pack avs +- +- * 2010-06-06 data visualisation +- ++ * `2009-11-06 dionaea sql logging `_ ++ * `2009-12-08 post it yourself `_ ++ * `2009-12-12 sqlite performance `_ ++ * `2009-12-14 virustotal fun `_ ++ * `2009-12-15 paris mission pack avs `_ ++ * `2010-06-06 data visualisation `_ + + + logxmpp +@@ -114,9 +108,9 @@ sensors anonymously. + + The blog on logxmpp: + +- * 2010-02-10 xmpp backend +- * 2010-05-12 xmpp take #2 +- * 2010-05-15 xmpp take #3 ++ * `2010-02-10 xmpp backend `_ ++ * `2010-05-12 xmpp take #2 `_ ++ * `2010-05-15 xmpp take #3 `_ + + pg_backend <#pg_backend> can be used as a backend for xmpp logging sensors. + +@@ -130,8 +124,7 @@ and start p0f as suggested in the config. It costs nothing, and gives + some pretty cool, even if outdated, informations about the attackers + operating system, and you can look them up from the sqlite database, + even the rejected connections. +-If you face problems, here +- are some hints. ++If you face problems, `here `_ are some hints. + + + +diff --git a/doc/source/old/seagfaults.rst b/doc/source/old/seagfaults.rst +index 39b8241..e07722a 100644 +--- a/doc/source/old/seagfaults.rst ++++ b/doc/source/old/seagfaults.rst +@@ -8,218 +8,216 @@ This software just had a segmentation fault. + The bug you encountered may even be exploitable. + If you want to assist in fixing the bug, please send the backtrace below to nepenthesdev@gmail.com. + You can create better backtraces with gdb, for more information visit http://dionaea.carnivore.it/#segfault +-Once you read this message, your tty may be broken, simply type reset, so it will come to life again +- +-/opt/dionaea/bin/dionaea(sigsegv_backtrace_cb+0x20)[0x805c11e] +-[0x70d420] +-/opt/dionaea/lib/libemu/libemu.so.2(emu_env_w32_eip_check+0x94)[0x186974] +-/opt/dionaea/lib/dionaea/emu.so(run+0x39)[0x89cced] +-/opt/dionaea/lib/dionaea/emu.so(profile+0xbb)[0x89db88] +-/opt/dionaea/lib/dionaea/emu.so(proc_emu_on_io_in+0x1e1)[0x89bfc5] +-/opt/dionaea/bin/dionaea(recurse_io_process+0x31)[0x805df4a] +-/opt/dionaea/bin/dionaea(processors_io_in_thread+0x85)[0x805e08d] +-/opt/dionaea/bin/dionaea(threadpool_wrapper+0x2e)[0x805c99a] +-/opt/dionaea/lib/libglib-2.0.so.0[0xaa9498] +-/opt/dionaea/lib/libglib-2.0.so.0[0xaa7a2f] +-/lib/libpthread.so.0[0xd8973b] +-/lib/libc.so.6(clone+0x5e)[0x2b3cfe] ++Once you read this message, your tty may be broken, simply type reset, so it will come to life again:: ++ ++ /opt/dionaea/bin/dionaea(sigsegv_backtrace_cb+0x20)[0x805c11e] ++ [0x70d420] ++ /opt/dionaea/lib/libemu/libemu.so.2(emu_env_w32_eip_check+0x94)[0x186974] ++ /opt/dionaea/lib/dionaea/emu.so(run+0x39)[0x89cced] ++ /opt/dionaea/lib/dionaea/emu.so(profile+0xbb)[0x89db88] ++ /opt/dionaea/lib/dionaea/emu.so(proc_emu_on_io_in+0x1e1)[0x89bfc5] ++ /opt/dionaea/bin/dionaea(recurse_io_process+0x31)[0x805df4a] ++ /opt/dionaea/bin/dionaea(processors_io_in_thread+0x85)[0x805e08d] ++ /opt/dionaea/bin/dionaea(threadpool_wrapper+0x2e)[0x805c99a] ++ /opt/dionaea/lib/libglib-2.0.so.0[0xaa9498] ++ /opt/dionaea/lib/libglib-2.0.so.0[0xaa7a2f] ++ /lib/libpthread.so.0[0xd8973b] ++ /lib/libc.so.6(clone+0x5e)[0x2b3cfe] + + While the backtrace itself gives an idea what might be wrong, it does + not fix the problem. To fix the problem, the logfiles usually help, as + dionaea is very verbose by default. Below are some hints how to get + started with debugging, click here <#support> for assistance. + ++debugging + +- debugging + ++Valgrind ++======== + +- Valgrind +- +-Valgrind does a great job, here is how I use it: ++Valgrind does a great job, here is how I use it:: + +-valgrind -v --leak-check=full --leak-resolution=high --show-reachable=yes \ +---log-file=dionaea-debug.log /opt/dionaea/bin/dionaea --my-dionaea-options ++ valgrind -v --leak-check=full --leak-resolution=high --show-reachable=yes \ ++ --log-file=dionaea-debug.log /opt/dionaea/bin/dionaea --my-dionaea-options + + +- gdb ++ gdb + + +- logfile assisted ++ logfile assisted + + For the above example, I was able to scrape the shellcode from the + logfile, and run it in libemu, without involving dionaea at all, +-reducing the problem. +- +-gdb /opt/dionaea/bin/sctest +-(gdb) run -S -s 10000000 -g < sc.bin +-Starting program: /media/sda4/opt64/dionaea/bin/sctest -S -s 10000000 -g < sc.bin +- +-Once it crashed, I retrieved a full backtrace: +- +-Program received signal SIGSEGV, Segmentation fault. +-env_w32_hook_GetProcAddress (env=0x629a30, hook=) at environment/win32/env_w32_dll_export_kernel32_hooks.c:545 +-545 struct emu_env_hook *hook = (struct emu_env_hook *)ehi->value; +- +-(gdb) bt full +-#0 env_w32_hook_GetProcAddress (env=0x629a30, hook=) at environment/win32/env_w32_dll_export_kernel32_hooks.c:545 +- dll = 0x6366f0 +- ehi = +- hook = +- c = 0x611180 +- mem = +- eip_save = +- module = 2088763392 +- p_procname = 4289925 +- procname = +-#1 0x00007ffff7b884fb in emu_env_w32_eip_check (env=0x629a30) at environment/win32/emu_env_w32.c:306 +- dll = +- ehi = +- hook = 0x64c5b0 +- eip = +-#2 0x0000000000403995 in test (e=0x60f0e0) at sctestmain.c:277 +- hook = 0xe2 +- ev = 0x0 +- iv = +- cpu = 0x611180 +- mem = +- env = 0x629a30 +- na = +- j = 7169 +- last_vertex = 0x0 +- graph = 0x0 +- eh = 0x0 +- ehi = 0x0 +- ret = +- eipsave = 2088807840 +-#3 0x00000000004044e4 in main (argc=5, argv=0x7fffffffe388) at sctestmain.c:971 +- e = ++reducing the problem:: ++ ++ gdb /opt/dionaea/bin/sctest ++ (gdb) run -S -s 10000000 -g < sc.bin ++ Starting program: /media/sda4/opt64/dionaea/bin/sctest -S -s 10000000 -g < sc.bin ++ ++Once it crashed, I retrieved a full backtrace:: ++ ++ Program received signal SIGSEGV, Segmentation fault. ++ env_w32_hook_GetProcAddress (env=0x629a30, hook=) at environment/win32/env_w32_dll_export_kernel32_hooks.c:545 ++ 545 struct emu_env_hook *hook = (struct emu_env_hook *)ehi->value; ++ ++ (gdb) bt full ++ #0 env_w32_hook_GetProcAddress (env=0x629a30, hook=) at environment/win32/env_w32_dll_export_kernel32_hooks.c:545 ++ dll = 0x6366f0 ++ ehi = ++ hook = ++ c = 0x611180 ++ mem = ++ eip_save = ++ module = 2088763392 ++ p_procname = 4289925 ++ procname = ++ #1 0x00007ffff7b884fb in emu_env_w32_eip_check (env=0x629a30) at environment/win32/emu_env_w32.c:306 ++ dll = ++ ehi = ++ hook = 0x64c5b0 ++ eip = ++ #2 0x0000000000403995 in test (e=0x60f0e0) at sctestmain.c:277 ++ hook = 0xe2 ++ ev = 0x0 ++ iv = ++ cpu = 0x611180 ++ mem = ++ env = 0x629a30 ++ na = ++ j = 7169 ++ last_vertex = 0x0 ++ graph = 0x0 ++ eh = 0x0 ++ ehi = 0x0 ++ ret = ++ eipsave = 2088807840 ++ #3 0x00000000004044e4 in main (argc=5, argv=0x7fffffffe388) at sctestmain.c:971 ++ e = + + In this case, the problem was a bug in libemu. + +- +- gdb dump memory +- +-Once again, it broke, and we got a backtrace: +- +-#0 0xb70b0b57 in emu_queue_enqueue (eq=0xb3da0918, data=0x4724ab) at emu_queue.c:63 +- eqi = (struct emu_queue_item *) 0x0 +-#1 0xb70b15d1 in emu_shellcode_run_and_track (e=0xb4109cd0, data=0xb411c698 "", datasize=, eipoffset=, +- steps=256, etas=0xb410cd60, known_positions=0xb3d7a810, stats_tested_positions_list=0xb3da3bf0, brute_force=true) at emu_shellcode.c:408 +- current_pos_ti_diff = (struct emu_tracking_info *) 0x88c3c88 +- current_pos_ht = +- current_pos_v = +- current_pos_satii = (struct emu_source_and_track_instr_info *) 0xb407e7f8 +- bfs_queue = (struct emu_queue *) 0xb3e17668 +- ret = 4662443 +- eipsave = +- hook = +- j = 4 +- es = +- eli = (struct emu_list_item *) 0xb3e17658 +- cpu = (struct emu_cpu *) 0xb4109ab0 +- mem = (struct emu_memory *) 0xb410c3a0 +- eq = (struct emu_queue *) 0xb3da0918 +- env = (struct emu_env *) 0xb3e10208 +- eli = (struct emu_list_item *) 0x4724ab +-#2 0xb70b1a2a in emu_shellcode_test (e=0xb4109cd0, data=0xb411c698 "", size=) at emu_shellcode.c:546 +- es = (struct emu_stats *) 0xb3d92b28 +- new_results = (struct emu_list_root *) 0xb3da3bf0 +- offset = +- el = (struct emu_list_root *) 0xb4100510 +- etas = (struct emu_track_and_source *) 0xb410cd60 +- eh = (struct emu_hashtable *) 0xb3d7a810 +- eli = (struct emu_list_item *) 0xb3d92b40 +- results = (struct emu_list_root *) 0xb3d82850 +- es = +- __PRETTY_FUNCTION__ = "emu_shellcode_test" +-#3 0xb712140c in proc_emu_on_io_in (con=0x8864b58, pd=0x87dc388) at detect.c:145 +- e = (struct emu *) 0xb4109cd0 +- ctx = (struct emu_ctx *) 0x87a2400 +- offset = 14356 +- streamdata = (void *) 0xb411c698 +- size = 8196 +- ret = 0 +- __PRETTY_FUNCTION__ = "proc_emu_on_io_in" +-#4 0x0805e8be in recurse_io_process (pd=0x87dc388, con=0x8864b58, dir=bistream_in) at processor.c:167 +-No locals. +-#5 0x0805ea01 in processors_io_in_thread (data=0x8864b58, userdata=0x87dc388) at processor.c:197 +- con = (struct connection *) 0x8864b58 +- pd = (struct processor_data *) 0x87dc388 +- __PRETTY_FUNCTION__ = "processors_io_in_thread" +-#6 0x0805d2da in threadpool_wrapper (data=0x87d7bd0, user_data=0x0) at threads.c:49 +- t = (struct thread *) 0x87d7bd0 +- timer = (GTimer *) 0xb4108540 +-#7 0xb77441f6 in g_thread_pool_thread_proxy (data=0x83db460) at gthreadpool.c:265 +- task = (gpointer) 0x87d7bd0 +- pool = (GRealThreadPool *) 0x83db460 +-#8 0xb7742b8f in g_thread_create_proxy (data=0x83dc7d0) at gthread.c:635 +- __PRETTY_FUNCTION__ = "g_thread_create_proxy" +-#9 0xb76744c0 in start_thread () from /lib/i686/cmov/libpthread.so.0 +-No symbol table info available. +-#10 0xb75f36de in clone () from /lib/i686/cmov/libc.so.6 +-No symbol table info available. ++ gdb dump memory ++ ++Once again, it broke, and we got a backtrace:: ++ ++ #0 0xb70b0b57 in emu_queue_enqueue (eq=0xb3da0918, data=0x4724ab) at emu_queue.c:63 ++ eqi = (struct emu_queue_item *) 0x0 ++ #1 0xb70b15d1 in emu_shellcode_run_and_track (e=0xb4109cd0, data=0xb411c698 "", datasize=, eipoffset=, ++ steps=256, etas=0xb410cd60, known_positions=0xb3d7a810, stats_tested_positions_list=0xb3da3bf0, brute_force=true) at emu_shellcode.c:408 ++ current_pos_ti_diff = (struct emu_tracking_info *) 0x88c3c88 ++ current_pos_ht = ++ current_pos_v = ++ current_pos_satii = (struct emu_source_and_track_instr_info *) 0xb407e7f8 ++ bfs_queue = (struct emu_queue *) 0xb3e17668 ++ ret = 4662443 ++ eipsave = ++ hook = ++ j = 4 ++ es = ++ eli = (struct emu_list_item *) 0xb3e17658 ++ cpu = (struct emu_cpu *) 0xb4109ab0 ++ mem = (struct emu_memory *) 0xb410c3a0 ++ eq = (struct emu_queue *) 0xb3da0918 ++ env = (struct emu_env *) 0xb3e10208 ++ eli = (struct emu_list_item *) 0x4724ab ++ #2 0xb70b1a2a in emu_shellcode_test (e=0xb4109cd0, data=0xb411c698 "", size=) at emu_shellcode.c:546 ++ es = (struct emu_stats *) 0xb3d92b28 ++ new_results = (struct emu_list_root *) 0xb3da3bf0 ++ offset = ++ el = (struct emu_list_root *) 0xb4100510 ++ etas = (struct emu_track_and_source *) 0xb410cd60 ++ eh = (struct emu_hashtable *) 0xb3d7a810 ++ eli = (struct emu_list_item *) 0xb3d92b40 ++ results = (struct emu_list_root *) 0xb3d82850 ++ es = ++ __PRETTY_FUNCTION__ = "emu_shellcode_test" ++ #3 0xb712140c in proc_emu_on_io_in (con=0x8864b58, pd=0x87dc388) at detect.c:145 ++ e = (struct emu *) 0xb4109cd0 ++ ctx = (struct emu_ctx *) 0x87a2400 ++ offset = 14356 ++ streamdata = (void *) 0xb411c698 ++ size = 8196 ++ ret = 0 ++ __PRETTY_FUNCTION__ = "proc_emu_on_io_in" ++ #4 0x0805e8be in recurse_io_process (pd=0x87dc388, con=0x8864b58, dir=bistream_in) at processor.c:167 ++ No locals. ++ #5 0x0805ea01 in processors_io_in_thread (data=0x8864b58, userdata=0x87dc388) at processor.c:197 ++ con = (struct connection *) 0x8864b58 ++ pd = (struct processor_data *) 0x87dc388 ++ __PRETTY_FUNCTION__ = "processors_io_in_thread" ++ #6 0x0805d2da in threadpool_wrapper (data=0x87d7bd0, user_data=0x0) at threads.c:49 ++ t = (struct thread *) 0x87d7bd0 ++ timer = (GTimer *) 0xb4108540 ++ #7 0xb77441f6 in g_thread_pool_thread_proxy (data=0x83db460) at gthreadpool.c:265 ++ task = (gpointer) 0x87d7bd0 ++ pool = (GRealThreadPool *) 0x83db460 ++ #8 0xb7742b8f in g_thread_create_proxy (data=0x83dc7d0) at gthread.c:635 ++ __PRETTY_FUNCTION__ = "g_thread_create_proxy" ++ #9 0xb76744c0 in start_thread () from /lib/i686/cmov/libpthread.so.0 ++ No symbol table info available. ++ #10 0xb75f36de in clone () from /lib/i686/cmov/libc.so.6 ++ No symbol table info available. + + Again, it was a bug in libemu, an unbreakable loop consuming all memory. + To reproduce, we have to dump the tested buffer, therefore we need the + buffers address and size. Luckily the size is noted in frame #2 as 8196 + and and the data address is a parameter which got not optimized out for +-frame #2. ++frame #2:: + +-dump binary memory /tmp/sc.bin 0xb411c698 0xb411e89c ++ dump binary memory /tmp/sc.bin 0xb411c698 0xb411e89c + + Afterwards, debugging libemu by feeding the data into sctest is easy. + + I've had fun with objgraph and gdb debugging reference count leaks in + python too, here is the +-writeup. +- ++writeup:: + +- gdb python3 embedded ++ gdb python3 embedded + + Sometimes, there is something wrong with the python scripts, but gdb +-does not provide any useful output: +- +-bt full +-#12 0xb765f12d in PyEval_EvalFrameEx (f=0x825998c, throwflag=0) at Python/ceval.c:2267 +- stack_pointer = (PyObject **) 0x8259af0 +- next_instr = (unsigned char *) 0x812fabf "m'" +- opcode = 100 +- oparg = +- why = 3071731824 +- err = 1 +- x = (PyObject *) 0xb7244aac +- v = +- w = (PyObject *) 0xadb5e4dc +- u = (PyObject *) 0xb775ccb0 +- freevars = (PyObject **) 0x8259af0 +- retval = (PyObject *) 0x0 +- tstate = (PyThreadState *) 0x809aab0 +- co = (PyCodeObject *) 0xb717b800 +- instr_ub = -1 +- instr_lb = 0 +- instr_prev = -1 +- first_instr = (unsigned char *) 0x812f918 "t" +- names = (PyObject *) 0xb723f50c +- consts = (PyObject *) 0xb71c9f7c +- opcode_targets = {0xb765d202, 0xb765f60a, 0xb766133a, 0xb76612db, 0xb7661285, 0xb7661222, 0xb765d202, 0xb765d202, 0xb765d202, 0xb76611dd, +- 0xb766114b, 0xb76610b9, 0xb766100f, 0xb765d202, 0xb765d202, 0xb7660f7d, 0xb765d202, 0xb765d202, 0xb765d202, 0xb7660eb7, 0xb7660dfb, 0xb765d202, +- 0xb7660d30, 0xb7660c65, 0xb7660ba9, 0xb7660aed, 0xb7660a31, 0xb7660975, 0xb76608b9, 0xb76607fd, 0xb765d202 , 0xb7660736, 0xb766066b, +- 0xb76605af, 0xb76604f3, 0xb765d202, 0xb7660437, 0xb766035d, 0xb76602ad, 0xb7661aba, 0xb76619fe, 0xb7661942, 0xb7661886, 0xb7661b76, 0xb76614a8, +- 0xb7661413, 0xb766138e, 0xb766171f, 0xb76616e6, 0xb765d202, 0xb765d202, 0xb765d202, 0xb766162a, 0xb766156e, 0xb76601f1, 0xb7660135, 0xb76617ca, +- 0xb7660120, 0xb765fff7, 0xb765d202, 0xb765fd72, 0xb765fc6e, 0xb765d202, 0xb765fc1d, 0xb765fe17, 0xb765fd90, 0xb765fec0, 0xb765fb41, 0xb765fadc, +- 0xb765f9ed, 0xb765f94d, 0xb765f8be, 0xb765f7e3, 0xb765f779, 0xb765f6bd, 0xb765f66c, 0xb765ef1d, 0xb765eea2, 0xb765ede1, 0xb765ed1a, 0xb765ec35, +- 0xb765ebc3, 0xb765eb30, 0xb765ea69, 0xb765f1c7, 0xb765f027, 0xb765f560, 0xb765efc1, 0xb76630e3, 0xb766310c, 0xb765e64c, 0xb765e592, 0xb765f49a, +- 0xb765f3de, 0xb765d202, 0xb765d202, 0xb765f39e, 0xb7663135, 0xb766315f, 0xb765e9cb, 0xb765d202, 0xb765e948, 0xb765e8bb, 0xb765e817, 0xb765d202, +- 0xb765d202, 0xb765d202, 0xb765d2ae, 0xb765e3e0, 0xb7663275, 0xb765e1a2, 0xb766324e, 0xb765e0ba, 0xb765e01e, 0xb765df74, 0xb765d202, 0xb765d202, +- 0xb7663189, 0xb76631d3, 0xb7663220, 0xb765e149, 0xb765d202, 0xb765de09, 0xb765dec0, 0xb765f2c0, 0xb765d202 } +-#13 0xb7664ac0 in PyEval_EvalCodeEx (co=0xb717b800, globals=0xb7160b54, locals=0x0, args=0x84babb8, argcount=9, kws=0x0, kwcount=0, defs=0xb719e978, +- defcount=1, kwdefs=0x0, closure=0x0) at Python/ceval.c:3198 +- f = (PyFrameObject *) 0x825998c +- retval = +- freevars = (PyObject **) 0x8259af0 +- tstate = (PyThreadState *) 0x809aab0 +- x = +- u = ++does not provide any useful output:: ++ ++ bt full ++ #12 0xb765f12d in PyEval_EvalFrameEx (f=0x825998c, throwflag=0) at Python/ceval.c:2267 ++ stack_pointer = (PyObject **) 0x8259af0 ++ next_instr = (unsigned char *) 0x812fabf "m'" ++ opcode = 100 ++ oparg = ++ why = 3071731824 ++ err = 1 ++ x = (PyObject *) 0xb7244aac ++ v = ++ w = (PyObject *) 0xadb5e4dc ++ u = (PyObject *) 0xb775ccb0 ++ freevars = (PyObject **) 0x8259af0 ++ retval = (PyObject *) 0x0 ++ tstate = (PyThreadState *) 0x809aab0 ++ co = (PyCodeObject *) 0xb717b800 ++ instr_ub = -1 ++ instr_lb = 0 ++ instr_prev = -1 ++ first_instr = (unsigned char *) 0x812f918 "t" ++ names = (PyObject *) 0xb723f50c ++ consts = (PyObject *) 0xb71c9f7c ++ opcode_targets = {0xb765d202, 0xb765f60a, 0xb766133a, 0xb76612db, 0xb7661285, 0xb7661222, 0xb765d202, 0xb765d202, 0xb765d202, 0xb76611dd, ++ 0xb766114b, 0xb76610b9, 0xb766100f, 0xb765d202, 0xb765d202, 0xb7660f7d, 0xb765d202, 0xb765d202, 0xb765d202, 0xb7660eb7, 0xb7660dfb, 0xb765d202, ++ 0xb7660d30, 0xb7660c65, 0xb7660ba9, 0xb7660aed, 0xb7660a31, 0xb7660975, 0xb76608b9, 0xb76607fd, 0xb765d202 , 0xb7660736, 0xb766066b, ++ 0xb76605af, 0xb76604f3, 0xb765d202, 0xb7660437, 0xb766035d, 0xb76602ad, 0xb7661aba, 0xb76619fe, 0xb7661942, 0xb7661886, 0xb7661b76, 0xb76614a8, ++ 0xb7661413, 0xb766138e, 0xb766171f, 0xb76616e6, 0xb765d202, 0xb765d202, 0xb765d202, 0xb766162a, 0xb766156e, 0xb76601f1, 0xb7660135, 0xb76617ca, ++ 0xb7660120, 0xb765fff7, 0xb765d202, 0xb765fd72, 0xb765fc6e, 0xb765d202, 0xb765fc1d, 0xb765fe17, 0xb765fd90, 0xb765fec0, 0xb765fb41, 0xb765fadc, ++ 0xb765f9ed, 0xb765f94d, 0xb765f8be, 0xb765f7e3, 0xb765f779, 0xb765f6bd, 0xb765f66c, 0xb765ef1d, 0xb765eea2, 0xb765ede1, 0xb765ed1a, 0xb765ec35, ++ 0xb765ebc3, 0xb765eb30, 0xb765ea69, 0xb765f1c7, 0xb765f027, 0xb765f560, 0xb765efc1, 0xb76630e3, 0xb766310c, 0xb765e64c, 0xb765e592, 0xb765f49a, ++ 0xb765f3de, 0xb765d202, 0xb765d202, 0xb765f39e, 0xb7663135, 0xb766315f, 0xb765e9cb, 0xb765d202, 0xb765e948, 0xb765e8bb, 0xb765e817, 0xb765d202, ++ 0xb765d202, 0xb765d202, 0xb765d2ae, 0xb765e3e0, 0xb7663275, 0xb765e1a2, 0xb766324e, 0xb765e0ba, 0xb765e01e, 0xb765df74, 0xb765d202, 0xb765d202, ++ 0xb7663189, 0xb76631d3, 0xb7663220, 0xb765e149, 0xb765d202, 0xb765de09, 0xb765dec0, 0xb765f2c0, 0xb765d202 } ++ #13 0xb7664ac0 in PyEval_EvalCodeEx (co=0xb717b800, globals=0xb7160b54, locals=0x0, args=0x84babb8, argcount=9, kws=0x0, kwcount=0, defs=0xb719e978, ++ defcount=1, kwdefs=0x0, closure=0x0) at Python/ceval.c:3198 ++ f = (PyFrameObject *) 0x825998c ++ retval = ++ freevars = (PyObject **) 0x8259af0 ++ tstate = (PyThreadState *) 0x809aab0 ++ x = ++ u = + + Luckily python3 ships with some gdb macros, which assist in dealing with + this mess. You can grab them over here +@@ -234,14 +232,14 @@ SIGTTOU, Stopped (tty output).*/, run stty -nostop before running gdb, + reattach the process with fg, close gdb properly, and start over. + + Once you got the macros loaded properly at gdb startup, set a breakpoint +-on PyEval_EvalFrameEx after dionaea loaded everything: ++on PyEval_EvalFrameEx after dionaea loaded everything:: + +-break PyEval_EvalFrameEx ++ break PyEval_EvalFrameEx + +-Then we have some useful macros for gdb: ++Then we have some useful macros for gdb:: + +-up +-pyframev ++ up ++ pyframev + + pyframev combines the output of pyframe and pylocals. + +diff --git a/doc/source/old/utils.rst b/doc/source/old/utils.rst +index 752362e..657767e 100644 +--- a/doc/source/old/utils.rst ++++ b/doc/source/old/utils.rst +@@ -3,21 +3,21 @@ Utils + + Dionaea ships with some utils, as these utils are written in python and + rely on the python3 interpreter dionaea requires to operate, this +-software can be found in modules/python/utils. ++software can be found in modules/python/utils:: + + +- readlogsqltree <#readlogsqltree> - +- modules/python/readlogsqltree.py ++ readlogsqltree <#readlogsqltree> - ++ modules/python/readlogsqltree.py + + readlogsqltree is a python3 script which queries the logsql sqlite + database for attacks, and prints out all related information for every + attack. + This is an example for an attack, you get the vulnerability exploited, + the time, the attacker, information about the shellcode, the file +-offered for download, and even the virustotal report for the file. ++offered for download, and even the virustotal report for the file:: + +-2010-10-07 20:37:27 +- connection 483256 smbd tcp accept 10.0.1.11:445 <- 93.177.176.190:47650 (483256 None) ++ 2010-10-07 20:37:27 ++ connection 483256 smbd tcp accept 10.0.1.11:445 <- 93.177.176.190:47650 (483256 None) + dcerpc bind: uuid '4b324fc8-1670-01d3-1278-5a47bf6ee188' (SRVSVC) transfersyntax 8a885d04-1ceb-11c9-9fe8-08002b104860 + dcerpc bind: uuid '7d705026-884d-af82-7b3d-961deaeb179a' (None) transfersyntax 8a885d04-1ceb-11c9-9fe8-08002b104860 + dcerpc bind: uuid '7f4fdfe9-2be7-4d6b-a5d4-aa3c831503a1' (None) transfersyntax 8a885d04-1ceb-11c9-9fe8-08002b104860 +@@ -38,49 +38,47 @@ offered for download, and even the virustotal report for the file. + + + To create such report for your own honeypots activities for the last 24 +-hours run: ++hours run:: + + +-./readlogsqltree.py -t $(date '+%s')-24*3600 /opt/dionaea/var/dionaea/logsql.sqlite ++ ./readlogsqltree.py -t $(date '+%s')-24*3600 /opt/dionaea/var/dionaea/logsql.sqlite + + +- gnuplotsql <#gnuplotsql> - modules/python/gnuplotsql.py ++ gnuplotsql <#gnuplotsql> - modules/python/gnuplotsql.py + + gnuplotsql is a very slow python3 script which runs some queries on the + logsql <#logsql> sqlite database and creates graphs with gnuplot of the + data, stores them on disk and creates an index of the data. The images + are per protocol and look like this: Overview for dionaea smbd. + Here is how the whole thing looks like. +-To create such images of your own data, run: ++To create such images of your own data, run:: + + +-./gnuplotsql.py -d /opt/dionaea/var/dionaea/logsql.sqlite -p smbd -p epmapper -p mssqld -p httpd -p ftpd ++ ./gnuplotsql.py -d /opt/dionaea/var/dionaea/logsql.sqlite -p smbd -p epmapper -p mssqld -p httpd -p ftpd + + The blog got something on gnuplotsql as well: + +- * 2010-12-05 sudden death +- * 2010-10-01 Infosanity's Blog: gnuplotsql.py +- +- * 2010-09-19 gnuplotsql ++ * `2010-12-05 sudden death `_ ++ * `2010-10-01 Infosanity's Blog: gnuplotsql.py `_ ++ * `2010-09-19 gnuplotsql `_ + ++:: + +- pg_backend <#pg_backend> - modules/python/xmpp/pg_backend.py ++ pg_backend <#pg_backend> - modules/python/xmpp/pg_backend.py + + pg_backend is the backend for logxmpp <#logxmpp>, currently it is a + python2.x script which uses pyxmpp to access the xmpp service. It parses + the messages received and can store the events in a postgres database +-and the received files on disk. pg_backend requires an xmpp account. +-/without db/ ++and the received files on disk. pg_backend requires an xmpp account:: + ++ /without db/ ++ ./pg_backend.py -U USER@sensors.carnivore.it -P XMPPPASS -M dionaea.sensors.carnivore.it -C anon-files -C anon-events -f /tmp/ + +-./pg_backend.py -U USER@sensors.carnivore.it -P XMPPPASS -M dionaea.sensors.carnivore.it -C anon-files -C anon-events -f /tmp/ ++ /with db/ ++ create database + ++ psql ... + +-/with db/ create database ++ start backend + +-psql ... +- +-start backend +- +- +-./pg_backend.py -U USER@sensors.carnivore.it -P XMPPPASS -M dionaea.sensors.carnivore.it -C anon-files -C anon-events -s DBHOST -u DBUSER -d xmpp -p DBPASS -f /tmp/ ++ ./pg_backend.py -U USER@sensors.carnivore.it -P XMPPPASS -M dionaea.sensors.carnivore.it -C anon-files -C anon-events -s DBHOST -u DBUSER -d xmpp -p DBPASS -f /tmp/ +diff --git a/conf/ihandlers/log_sqlite.yaml.in b/conf/ihandlers/log_sqlite.yaml.in +index 2866f25..d781ca1 100644 +--- a/conf/ihandlers/log_sqlite.yaml.in ++++ b/conf/ihandlers/log_sqlite.yaml.in +@@ -1,3 +1,4 @@ + - name: log_sqlite + config: + file: @LOCALESTATEDIR@/dionaea/dionaea.sqlite ++ +diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst +index 962c18b..76f995c 100644 +--- a/doc/source/configuration.rst ++++ b/doc/source/configuration.rst +@@ -5,7 +5,7 @@ If you want to change the software, it is really important to understand how it + :file:`dionaea.cfg` is the main configuration file. + In the example below you can see the default configuration. + +-.. literalinclude:: ../../conf/dionaea.cfg.in ++.. literalinclude:: ../../conf/dionaea.cfg + :language: ini + :caption: dionaea.cfg + +diff --git a/doc/source/ihandler/fail2ban.rst b/doc/source/ihandler/fail2ban.rst +index d0e0fe3..e6bb225 100644 +--- a/doc/source/ihandler/fail2ban.rst ++++ b/doc/source/ihandler/fail2ban.rst +@@ -4,6 +4,6 @@ fail2ban + Example config + -------------- + +-.. literalinclude:: ../../../conf/ihandlers/fail2ban.yaml.in ++.. literalinclude:: ../../../conf/ihandlers/fail2ban.yaml + :language: yaml + :caption: ihandlers/fail2ban.yaml +\ No newline at end of file +diff --git a/doc/source/ihandler/log_db_sql.rst b/doc/source/ihandler/log_db_sql.rst +index ca85b78..a109c63 100644 +--- a/doc/source/ihandler/log_db_sql.rst ++++ b/doc/source/ihandler/log_db_sql.rst +@@ -9,7 +9,7 @@ It uses `SQLAlchemy`_ to support different databases. + Example config + -------------- + +-.. literalinclude:: ../../../conf/ihandlers/log_db_sql.yaml.in ++.. literalinclude:: ../../../conf/ihandlers/log_db_sql.yaml + :language: yaml + :caption: ihandlers/log_db_sql.yaml + +diff --git a/doc/source/ihandler/log_incident.rst b/doc/source/ihandler/log_incident.rst +index 3c62552..f9830a7 100644 +--- a/doc/source/ihandler/log_incident.rst ++++ b/doc/source/ihandler/log_incident.rst +@@ -39,6 +39,6 @@ Format + Example config + -------------- + +-.. literalinclude:: ../../../conf/ihandlers/log_incident.yaml.in ++.. literalinclude:: ../../../conf/ihandlers/log_incident.yaml + :language: yaml + :caption: ihandlers/log_incident.yaml +diff --git a/doc/source/ihandler/log_json.rst b/doc/source/ihandler/log_json.rst +index e6f3bfe..000d5ac 100644 +--- a/doc/source/ihandler/log_json.rst ++++ b/doc/source/ihandler/log_json.rst +@@ -46,6 +46,6 @@ Format of the connection information: + Example config + -------------- + +-.. literalinclude:: ../../../conf/ihandlers/log_json.yaml.in ++.. literalinclude:: ../../../conf/ihandlers/log_json.yaml + :language: yaml + :caption: ihandlers/log_json.yaml +diff --git a/doc/source/ihandler/log_sqlite.rst b/doc/source/ihandler/log_sqlite.rst +index e6cca5b..5450912 100644 +--- a/doc/source/ihandler/log_sqlite.rst ++++ b/doc/source/ihandler/log_sqlite.rst +@@ -39,7 +39,8 @@ for more examples how to make use of the database. + Example config + -------------- + +-:: +- .. literalinclude:: ../../../conf/ihandlers/log_sqlite.yaml.in ++.. literalinclude:: ../../../conf/ihandlers/log_sqlite.yaml + :language: yaml + :caption: ihandlers/log_sqlite.yaml ++ ++ +diff --git a/doc/source/ihandler/virustotal.rst b/doc/source/ihandler/virustotal.rst +index dc7923e..3f64a02 100644 +--- a/doc/source/ihandler/virustotal.rst ++++ b/doc/source/ihandler/virustotal.rst +@@ -18,7 +18,7 @@ Configuration + Example config + -------------- + +-.. literalinclude:: ../../../conf/ihandlers/virustotal.yaml.in ++.. literalinclude:: ../../../conf/ihandlers/virustotal.yaml + :language: yaml + :caption: ihandlers/virustotal.yaml + +diff --git a/doc/source/service/ftp.rst b/doc/source/service/ftp.rst +index 0f0d52b..0c54bc9 100644 +--- a/doc/source/service/ftp.rst ++++ b/doc/source/service/ftp.rst +@@ -9,6 +9,7 @@ something interesting happening on port 21. + Example config + -------------- + +-.. literalinclude:: ../../../conf/services/ftp.yaml.in ++.. literalinclude:: ../../../conf/services/ftp.yaml + :language: yaml +- :caption: services/ftp.yaml +\ No newline at end of file ++ :caption: services/ftp.yaml ++ +diff --git a/doc/source/service/http.rst b/doc/source/service/http.rst +index 9e34fce..847d928 100644 +--- a/doc/source/service/http.rst ++++ b/doc/source/service/http.rst +@@ -41,7 +41,7 @@ root + Example config + -------------- + +-.. literalinclude:: ../../../conf/services/http.yaml.in ++.. literalinclude:: ../../../conf/services/http.yaml + :language: yaml + :caption: services/http.yaml + +diff --git a/doc/source/service/tftp.rst b/doc/source/service/tftp.rst +index 436b616..6c159d8 100644 +--- a/doc/source/service/tftp.rst ++++ b/doc/source/service/tftp.rst +@@ -9,6 +9,6 @@ tftp services. + Example config + -------------- + +-.. literalinclude:: ../../../conf/services/tftp.yaml.in ++.. literalinclude:: ../../../conf/services/tftp.yaml + :language: yaml + :caption: services/tftp.yaml +diff --git a/doc/source/service/upnp.rst b/doc/source/service/upnp.rst +index fa50de7..e28f928 100644 +--- a/doc/source/service/upnp.rst ++++ b/doc/source/service/upnp.rst +@@ -4,6 +4,6 @@ UPnP + Example config + -------------- + +-.. literalinclude:: ../../../conf/services/upnp.yaml.in ++.. literalinclude:: ../../../conf/services/upnp.yaml + :language: yaml + :caption: services/upnp.yaml diff --git a/dionaea-07_cython_el7.patch b/dionaea-07_cython_el7.patch new file mode 100644 index 0000000..b749828 --- /dev/null +++ b/dionaea-07_cython_el7.patch @@ -0,0 +1,17 @@ +On RHEL7 the python3 binary is actually naed python3.4. +The usual python3 is not available there. +Searching explicitly for python3.4 amongst the others will fix the issue. + +https://github.com/DinoTools/dionaea/pull/180 +diff -ru dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/configure.ac dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/configure.ac +--- dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/configure.ac 2018-03-26 21:49:11.042568472 +0200 ++++ dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/configure.ac 2018-03-26 21:49:29.854553159 +0200 +@@ -580,7 +580,7 @@ + [cython_dir="$withval"],[cython_dir=$PATH]) + + if test x$enable_cython = "xyes" ; then +- AC_PATH_PROGS(CYTHON_BIN, [cython3 cython], "no", $cython_dir) ++ AC_PATH_PROGS(CYTHON_BIN, [cython3.4 cython3 cython], "no", $cython_dir) + if test "x$CYTHON_BIN" == "xno" ; then + enable_cython="no" + fi diff --git a/dionaea-08_modules_libdir.patch b/dionaea-08_modules_libdir.patch new file mode 100644 index 0000000..387e0c9 --- /dev/null +++ b/dionaea-08_modules_libdir.patch @@ -0,0 +1,40 @@ +fix hardcoded /lib dir +on 64 platform the RedHat based distrubutions prefer the lib directories to +have different names for 64 bit (lib64) and 32 bit (lib). +This fix allows to configure that at compile time. + +https://github.com/DinoTools/dionaea/pull/181 + +diff -ru dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/modules/python/module.c dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/modules/python/module.c +--- dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/modules/python/module.c 2018-03-26 22:14:31.519330709 +0200 ++++ dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/modules/python/module.c 2018-03-26 22:15:40.311274663 +0200 +@@ -348,7 +348,7 @@ + + Py_Initialize(); + +- runtime.sys_path = g_string_new(PREFIX"/lib/dionaea/python/"); ++ runtime.sys_path = g_string_new(LIBDIR"/dionaea/python/"); + + PyObject *name = PyUnicode_FromString("traceback"); + runtime.traceback.module = PyImport_Import(name); +@@ -366,7 +366,7 @@ + + for (sys_path = sys_paths; *sys_path; sys_path++) { + if( strcmp(*sys_path, "default") == 0 ) { +- sprintf(relpath, "sys.path.insert(%i, '%s/lib/dionaea/python/')", i, PREFIX); ++ sprintf(relpath, "sys.path.insert(%i, '%s/dionaea/python/')", i, LIBDIR); + } else { + // ToDO + /* if( *sys_path == '/' ) +diff -ru dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/src/modules.c dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/src/modules.c +--- dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/src/modules.c 2018-03-26 22:14:31.504330721 +0200 ++++ dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/src/modules.c 2018-03-26 22:21:08.852001664 +0200 +@@ -114,7 +114,7 @@ + for (name = names; *name; name++) { + + gchar module_path[1024]; +- if( g_snprintf(module_path, 1023, PREFIX"/lib/dionaea/%s.so", *name) == -1 ) ++ if( g_snprintf(module_path, 1023, LIBDIR"/dionaea/%s.so", *name) == -1 ) + return; + + g_message("loading module %s (%s)", *name, module_path); diff --git a/dionaea-09_setgroups_before_setresuid.patch b/dionaea-09_setgroups_before_setresuid.patch new file mode 100644 index 0000000..8d6d25d --- /dev/null +++ b/dionaea-09_setgroups_before_setresuid.patch @@ -0,0 +1,28 @@ +diff --git a/src/dionaea.c b/src/dionaea.c +index e52673d..d6c1e86 100644 +--- a/src/dionaea.c ++++ b/src/dionaea.c +@@ -774,10 +774,19 @@ opt->stdOUT.filter); + g_error("Could not change group"); + } + +- if( opt->user.name != NULL && +- setresuid(opt->user.id, opt->user.id, opt->user.id) < 0 ) +- { +- g_error("Could not change user"); ++ if( opt->user.name != NULL ) ++ { ++ /* try to drop any (superuser) groups before dropping root privileges */ ++ if ( setgroups(0, NULL) < 0 ) ++ { ++ g_warning("Setgroups dropping groups failed"); ++ } ++ ++ /* drop from root privileges to normal user */ ++ if( setresuid(opt->user.id, opt->user.id, opt->user.id) < 0 ) ++ { ++ g_error("Could not change user"); ++ } + } + + options_free(opt); diff --git a/dionaea-10_chdir_before_chroot.patch b/dionaea-10_chdir_before_chroot.patch new file mode 100644 index 0000000..181c441 --- /dev/null +++ b/dionaea-10_chdir_before_chroot.patch @@ -0,0 +1,14 @@ +diff --git a/src/dionaea.c b/src/dionaea.c +index e52673d..88ac690 100644 +--- a/src/dionaea.c ++++ b/src/dionaea.c +@@ -720,7 +720,8 @@ opt->stdOUT.filter); + // chroot + if( opt->root != NULL ) + { +- if ( chroot(opt->root) != 0 ) ++ /* change working dir to the new root directory and chroot */ ++ if ( chdir(opt->root) != 0 && chroot(opt->root) != 0 ) + { + g_error("Could not chroot(\"%s\") (%s)", opt->root, strerror(errno)); + } else diff --git a/dionaea-11_obsolete_m4.patch b/dionaea-11_obsolete_m4.patch new file mode 100644 index 0000000..ccd3486 --- /dev/null +++ b/dionaea-11_obsolete_m4.patch @@ -0,0 +1,13 @@ +diff -up dionaea-1748f3b3936aa1da2d92500251ae8010fe181dfc/configure.ac.fix_obsolete_macros dionaea-1748f3b3936aa1da2d92500251ae8010fe181dfc/configure.ac +--- dionaea-1748f3b3936aa1da2d92500251ae8010fe181dfc/configure.ac.fix_obsolete_macros 2018-03-26 12:08:28.000000000 +0200 ++++ dionaea-1748f3b3936aa1da2d92500251ae8010fe181dfc/configure.ac 2018-04-07 14:42:03.306757293 +0200 +@@ -25,7 +25,7 @@ AC_C_BIGENDIAN + # Checks for programs. + AC_PROG_CC + AC_PROG_MAKE_SET +-AC_PROG_LIBTOOL ++LT_INIT + + AC_CHECK_HEADERS([stdint.h stdlib.h string.h strings.h unistd.h netpacket/packet.h execinfo.h linux/sockios.h]) + + diff --git a/dionaea.initd b/dionaea.initd new file mode 100644 index 0000000..52dc9ea --- /dev/null +++ b/dionaea.initd @@ -0,0 +1,102 @@ +#! /bin/sh +# +# Startup script for dionaea +# +# chkconfig: - 39 61 +# description: Starts and stops the dionaea honeypot + +### BEGIN INIT INFO +# Provides: dionaea +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Default-Start: +# Default-Stop: +# Short-Description: Starts and stops the dionaea +# Description: Dionaea is a low-interaction honeypot +### END INIT INFO + +[ -f /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions + +exec=/usr/sbin/dionaea +prog=dionaea +dionaea_ARGS="--detach" +[ -e /etc/sysconfig/dionaea ] && . /etc/sysconfig/dionaea +args="${dionaea_ARGS}" + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon "$exec $args" + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc "$prog" + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? + diff --git a/dionaea.logrotate b/dionaea.logrotate new file mode 100644 index 0000000..e7935e2 --- /dev/null +++ b/dionaea.logrotate @@ -0,0 +1,16 @@ +# logrotate requires dionaea to be started with a pidfile +# in this case -p /opt/dionaea/var/run/dionaea.pid +# adjust the path to your needs +/var/log/dionaea/dionaea.log /var/log/dionaea/dionaea-errors.log { + notifempty + missingok + rotate 28 + daily + compress + delaycompress + create 660 dionaea dionaea + dateext + postrotate + kill -HUP `cat /var/run/dionaea.pid` + endscript +} \ No newline at end of file diff --git a/dionaea.service b/dionaea.service new file mode 100644 index 0000000..0783061 --- /dev/null +++ b/dionaea.service @@ -0,0 +1,15 @@ +[Unit] +Description=Dionaea is low interaction honeypot +Documentation=man:dionaea https://dionaea.readthedocs.io/ +After=syslog.target network.target + +[Service] +Type=forking +PIDFile=/var/run/dionaea.pid +EnvironmentFile=-/etc/sysconfig/dionaea +ExecStart=/usr/sbin/dionaea -D $DUSER $DGROUP $DWORKDIR $LOGLEVELS $LOGDOMAINS $PIDFILE $MISC + + +[Install] +WantedBy=multi-user.target + diff --git a/dionaea.spec b/dionaea.spec new file mode 100644 index 0000000..2bc82dd --- /dev/null +++ b/dionaea.spec @@ -0,0 +1,481 @@ +Name: dionaea +Version: 0.6.0 +Summary: Low interaction honeypot +Group: Applications/System + +# Dionaea package is licensed with GPLv2 +# On top of that it is granting one exception extra - it is permitted by the license +# to link modified binary files in the src/ directory against the openssl libraries. +License: GPLv2 with exceptions +URL: https://dionaea.readthedocs.io/ +# Current source: +# https://github.com/DinoTools/dionaea +# Original site (dissappeared in 2013, but still available from archives): +# https://dionaea.carnivore.it -> https://web.archive.org/web/20150820080019/https://dionaea.carnivore.it +# Another forks: +# https://github.com/rep/dionaea +# https://gitlab.labs.nic.cz/honeynet/dionaea/ +# https://github.com/devwerks/dionaea +# https://github.com/RootingPuntoEs/DionaeaFR/ +# https://github.com/ManiacTwister/dionaea/ +# https://github.com/tklengyel/dionaea +# Installation: +# https://www.aldeid.com/wiki/Dionaea/Installation + + + +# Specification of the used GIT commit +%global gituser DinoTools +%global gitname dionaea +%global commit 1748f3b3936aa1da2d92500251ae8010fe181dfc +%global gitdate 20180326 +%global shortcommit %(c=%{commit}; echo ${c:0:7}) + + +# Use systemd unit files on Fedora and RHEL 7 and above. +%global _with_systemd 1 + +%if (0%{?rhel} && 0%{?rhel} < 7) + %global _with_systemd 0 +%endif + + +# Build source is github release=1 or git commit=0 +%global build_release 0 + +%global rel 6 + +%if 0%{?build_release} > 0 +Release: %{rel}%{?dist} +Source0: https://github.com/%{gituser}/%{gitname}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +%else +# not using 0. on the beginning of release as this git snapshot is past the 0.6.0 release +Release: %{rel}.%{gitdate}git%{shortcommit}%{?dist} +Source0: https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz +%endif #build_release + +Source1: %{name}.sysconfig +Source2: %{name}.initd +Source3: %{name}.service +Source4: %{name}.logrotate + + + +# Use the glib CFLAGS and LDFLAGS during build where necessary +# https://github.com/DinoTools/dionaea/issues/161 +# https://github.com/DinoTools/dionaea/pull/160 +# Merged in in https://github.com/DinoTools/dionaea/commit/1748f3b3936aa1da2d92500251ae8010fe181dfc +# Patch1: dionaea-01_glib.patch + +# Get rid of the warning about not used return value from chdir. +# https://github.com/DinoTools/dionaea/issues/162 +# https://github.com/DinoTools/dionaea/pull/163 +# Merged in in https://github.com/DinoTools/dionaea/commit/ea5d54060af53250abfe3dde9f36af399fa30524 +# Patch2: dionaea-02_warnerror.patch + +# ipv6 structures in are used by the +# ipv6 structures needs explicit CFLAGS " -D_GNU_SOURCE" to compile on linux +# just cosmetics - not reported yet to upstream +Patch3: dionaea-03_in6_pktinfo.patch + +# Unbundle the pyev library and use the system one +# https://github.com/DinoTools/dionaea/issues/166 +Patch4: dionaea-04_pyev.patch + +# Have a dedicated variable for the python sitelib, so it can be easily changed externally when building the system package. +# https://github.com/DinoTools/dionaea/issues/164 +# https://github.com/DinoTools/dionaea/pull/165 +# Merged in in https://github.com/DinoTools/dionaea/commit/890ae5e85f55130be928b03b751b5f7cd1032f21 +# Patch5: dionaea-05_sitelib.patch + +# Fix warnings during the generation of documentation +# https://github.com/DinoTools/dionaea/issues/170 +# https://github.com/DinoTools/dionaea/pull/179 +Patch6: dionaea-06_docswarn.patch + +# Fix configure not finding the cython on RHEL7/Centos7 +# https://github.com/DinoTools/dionaea/pull/180 +Patch7: dionaea-07_cython_el7.patch + +# Fix hardcoded lib dir +# https://github.com/DinoTools/dionaea/pull/181 +Patch8: dionaea-08_modules_libdir.patch + +# Call setgroups before setresuid +# https://github.com/DinoTools/dionaea/issues/177 +# https://github.com/DinoTools/dionaea/pull/178 +Patch9: dionaea-09_setgroups_before_setresuid.patch + +# Call chdir before chroot +# https://github.com/DinoTools/dionaea/issues/176 +# https://github.com/DinoTools/dionaea/pull/175 +Patch10: dionaea-10_chdir_before_chroot.patch + +# Not use obsolete m4 macros +# https://github.com/DinoTools/dionaea/pull/182 +Patch11: dionaea-11_obsolete_m4.patch + + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: flex +BuildRequires: bison +BuildRequires: pkgconfig +BuildRequires: sqlite +BuildRequires: git + +BuildRequires: libev-devel +BuildRequires: libemu-devel +BuildRequires: udns-devel +BuildRequires: libnl3-devel +BuildRequires: glib-devel +BuildRequires: curl-devel +BuildRequires: readline-devel +BuildRequires: libpcap-devel +BuildRequires: libsq3-devel +BuildRequires: sqlite + +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-Cython + +%if 0%{?fedora} >= 26 +BuildRequires: compat-openssl10-devel +%else +BuildRequires: openssl-devel +%endif + +%if 0%{?_with_systemd} +BuildRequires: systemd-units +%endif + + +# Optional dependencies +BuildRequires: loudmouth-devel +BuildRequires: libnetfilter_queue-devel +BuildRequires: libnl3-devel + + +# Missing dependencies + + +# Documentation generation +%if 0%{?rhel} <= 7 +BuildRequires: python-sphinx +%else +BuildRequires: python3-sphinx +%endif + +Requires: logrotate + +%if 0%{?_with_systemd} +%{?systemd_requires} +%else +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts +%endif + +Requires(pre): shadow-utils + +%description +Dionaea honeypot is meant to be a nepenthes successor, embedding python +as scripting language, using libemu to detect shellcodes, supporting +ipv6 and tls. + + + +# ============= documentation package ========================================== +%package doc +Summary: Documentation for the dionaea honeypot package +Group: Development/Libraries +BuildArch: noarch + + +%description doc +This is documentation for the dionaea honeypot package. +Dionaea honeypot is meant to be a nepenthes successor, embedding python +as scripting language, using libemu to detect shellcodes, supporting +ipv6 and tls. + + + +# ============= python3 package ================================================ +%package -n python%{python3_pkgversion}-%{gitname} +Summary: Python3 binding for the dionaea honeypot +Group: Development/Libraries +%{?python_provide:%python_provide python%{python3_pkgversion}-%{gitname}} + +# Runtime dependencies +Requires: python%{python3_pkgversion}-pyev +Requires: python%{python3_pkgversion}-bson + +%description -n python%{python3_pkgversion}-%{gitname} +This is a Python3 library that gives access to dionaea honeypot functionality. + + + +# ============= preparation ==================================================== +%prep +%if 0%{?build_release} > 0 +# Build from git release version +%autosetup -p 1 -n %{gitname}-%{version} -S git + +%else +# Build from git commit +%autosetup -p 1 -n %{gitname}-%{commit} -S git +%endif + +# Unbundle the pyev library and use the system one +# https://github.com/DinoTools/dionaea/issues/169 +rm -rf modules/python/pyev + + +# Fix paths - remove the hardcoded prefix /opt/dionaea +# https://github.com/DinoTools/dionaea/issues/168 +sed -i -e "s|/opt/dionaea[/]*|/|g;" \ + modules/python/util/readlogsqltree.py \ + modules/python/util/logsql2postgres.py \ + modules/python/util/gnuplotsql.py \ + modules/python/util/updateccs.py \ + src/dionaea.c \ + vagrant/build.sh + + +# replace in documentation the prefix/destdir /opt/dionaea with variable ${DESTDIR} +# https://github.com/DinoTools/dionaea/issues/168 +sed -i -e "s|/opt/dionaea/var/dionaea|${DESTDIR}/var/lib/dionaea|g;" \ + doc/html/index.html \ + doc/source/tips_and_tricks.rst \ + doc/source/old/configuration.rst \ + doc/source/old/utils.rst \ + modules/python/util/readlogsqltree.py + + +# move /var/dionaea to /var/lib/dionaea according to Linux FHS +# Fedora specific - not reported upstream +sed -i -e "s|/var/dionaea|/var/lib/dionaea|g;" \ + modules/python/util/readlogsqltree.py \ + modules/python/util/gnuplotsql.py + +# move /var/dionaea to /var/lib/dionaea according to Linux FHS +# Fedora specific - not reported upstream +sed -i -e 's|\$(localstatedir)/dionaea/|\$(localstatedir)/lib/dionaea/|g;' \ + Makefile.am + +# move /var/dionaea to /var/lib/dionaea according to Linux FHS +# Fedora specific - not reported upstream +sed -i -e 's|@LOCALESTATEDIR@/dionaea/|@LOCALESTATEDIR@/lib/dionaea/|g;' \ + conf/dionaea.cfg.in \ + conf/ihandlers/fail2ban.yaml.in \ + conf/ihandlers/log_db_sql.yaml.in \ + conf/ihandlers/log_incident.yaml.in \ + conf/ihandlers/log_json.yaml.in \ + conf/ihandlers/log_sqlite.yaml.in \ + conf/ihandlers/virustotal.yaml.in \ + conf/services/sip.yaml.in \ + conf/services/http.yaml.in \ + conf/services/ftp.yaml.in \ + conf/services/tftp.yaml.in \ + conf/services/upnp.yaml.in + +# move the logs from /var/lib/dionaea to /var/log/dionaea +sed -i -e 's|@LOCALESTATEDIR@/lib/dionaea/dionaea.log|@LOCALESTATEDIR@/log/dionaea/dionaea.log|g; + s|@LOCALESTATEDIR@/lib/dionaea/dionaea-errors.log|@LOCALESTATEDIR@/log/dionaea/dionaea-errors.log|g; +' conf/dionaea.cfg.in + +# Change the hardoced minor python3.2 version especially in shabang to python3 +# https://github.com/DinoTools/dionaea/issues/169 +sed -i -e 's|python3.2|python3|g;' \ + m4/az_python.m4 \ + doc/html/index.html \ + modules/python/util/readlogsqltree.py + +# Scripts should run with /usr/bin/python3 shabang and not /bin/python3 +sed -i -e 's|#!/bin/python3|#!/usr/bin/python3|;' \ + modules/python/util/readlogsqltree.py \ + modules/python/util/logsql2postgres.py \ + modules/python/util/gnuplotsql.py \ + modules/python/util/updateccs.py + + + +# ============= Build ========================================================== +%build +autoreconf -vif +%configure --enable-python --with-python=`which python3` --with-glib=glib --with-nl-include=/usr/include/libnl3 +make %{?_smp_mflags} CFLAGS="%{optflags} -Wno-error -D_GNU_SOURCE -std=c99" +cd doc +make html +make man +rm -rf build/html/.{doctrees,buildinfo} +cd .. + + + +# ============= Install ======================================================== +%install +# Use only the sitearch directory, otherwise python will be confused +# by not having native and python modules in the same directory +%make_install PYTHON_SITELIB=%{python3_sitearch} PYTHON_SITEARCH=%{python3_sitearch} + +# *.a *.la files not allowed for fedora +find %{buildroot} '(' -name '*.a' -o -name '*.la' ')' -delete + +# Fix permissions +chmod -x \ + %{buildroot}%{_sharedstatedir}/%{name}/share/python/http/template/nginx/autoindex.html.j2 \ + %{buildroot}%{_sharedstatedir}/%{name}/share/python/http/template/nginx/error.html.j2 + +# Move dionaea to sbin dir +# TODO - report upstream +mkdir -p %{buildroot}%{_sbindir} +mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_sbindir}/%{name} + +# Install the manpage +# TODO - report upstream +install -d %{buildroot}%{_mandir}/man1/ +install -p -D -m 644 doc/build/man/%{name}.1 %{buildroot}%{_mandir}/man1/%{name}.1 +mv doc/build/html/ ./html + +# install the service parameter configuration +# TODO - report upstream +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig +install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/%{name} + +# install the service init files +%if 0%{?_with_systemd} + # install systemd service files + mkdir -p %{buildroot}%{_unitdir} + install -p -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}.service +%else + # install legacy SysV init scripts + mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d + install -p -D -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/%{name} +%endif + +# Install logrotate +install -p -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} + +# Create the log directory +mkdir -p %{buildroot}%{_localstatedir}/log/%{name} || : + +# Create directories to capture binaries and payloads +mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/binaries || : +mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/bistreams || : + +# Create directory for the content templates +mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/roots/ftp || : +mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/roots/tftp || : +mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/roots/www || : +mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/roots/upnp || : + + + +# ============= Scriptlets ========================================================== +%post +%if 0%{?_with_systemd} + %systemd_post %{name}.service +%else + /sbin/chkconfig --add %{name} +%endif + +%preun +%if 0%{?_with_systemd} + %systemd_preun %{name}.service +%else + if [ $1 -eq 0 ] ; then + /sbin/service %{name} stop >/dev/null 2>&1 || : + /sbin/chkconfig --del %{name} + fi +%endif + +%postun +%if 0%{?_with_systemd} + %systemd_postun %{name}.service +%else + if [ $1 -eq 1 ] ; then + /sbin/service %{name} condrestart >/dev/null 2>&1 || : + fi +%endif + + +%pre +getent group dionaea >/dev/null || groupadd -r dionaea || : +getent passwd dionaea >/dev/null || \ + useradd -r -g dionaea -d /home/dionaea -s /sbin/nologin \ + -c "Dionaea honeypot" dionaea || : + + + + +# ============= package files ================================================== +%files +%license LICENSE +%doc README.md +%dir %{_sysconfdir}/%{name} +%config(noreplace) %{_sysconfdir}/%{name}/* +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%{_sbindir}/%{name} +%{_bindir}/gnuplotsql +%{_bindir}/readlogsqltree +%{_libdir}/%{name}/ +%exclude %{_libdir}/%{name}/python.so +%{_mandir}/man1/%{name}.1.* +%attr(0750,dionaea,dionaea) %dir %{_localstatedir}/log/%{name} +%attr(0750,dionaea,dionaea) %dir %{_sharedstatedir}/%{name} +%attr(0750,dionaea,dionaea) %dir %{_sharedstatedir}/%{name}/binaries +%attr(0750,dionaea,dionaea) %dir %{_sharedstatedir}/%{name}/bistreams +%attr(-,dionaea,dionaea) %{_sharedstatedir}/%{name}/roots/ +%attr(-,dionaea,dionaea) %{_sharedstatedir}/%{name}/share/ + +%if 0%{?_with_systemd} +%{_unitdir}/*.service +%else +%{_initrddir}/* +%endif + + + +%files doc +%doc README.md +%doc html + + + +%files -n python%{python3_pkgversion}-%{gitname} +%license LICENSE +%doc README.md +%dir %{python3_sitearch}/%{name} +%{_libdir}/%{name}/python.so +%{python3_sitearch}/%{name}/* +%{python3_sitearch}/%{name}-*egg-info + + +%changelog +* Mon Apr 09 2018 Michal Ambroz 0.6.0-6.20180326git1748f3b +- fix log rotation, move the logs to /var/log/dionaea +- create user dionaea:dionaea +- grant shared stare dir/files to the dionaea user account + +* Mon Apr 09 2018 Michal Ambroz 0.6.0-5.20180326git1748f3b +- clean-up based on review in #1564716 + +* Fri Apr 06 2018 Michal Ambroz 0.6.0-4.20180326git1748f3b +- update to current git snapshot, add logrotate and service files + +* Wed Mar 21 2018 Michal Ambroz 0.6.0-3.20180313gitd2efb76 +- fix openssl dependency for EPEL7 build + +* Wed Mar 21 2018 Michal Ambroz 0.6.0-2.20180313gitd2efb76 +- bump to commit d2efb768e753a7f1ddca6dbf402548d741f33574 +- unbundle pyev and refer to system-installed pyev +- remove the hardcoded default prefix /opt/dionaea +- move from /var/dionaea to /var/lib/dionaea +- fix the doc generation warnings + +* Thu Dec 28 2017 Michal Ambroz 0.6.0-1 +- initial package + diff --git a/dionaea.sysconfig b/dionaea.sysconfig new file mode 100644 index 0000000..fcda71e --- /dev/null +++ b/dionaea.sysconfig @@ -0,0 +1,18 @@ +# Dionaea commandline options +DUSER='--user=dionaea' + +DGROUP='--group=dionaea' + +DWORKDIR='--workingdir=/' + +#LOGLEVELS='--log-levels=all' +LOGLEVELS='--log-levels=all,-debug' + +#LOGDOMAINS='--log-domains=con*,py*' +LOGDOMAINS='--log-domains=*' + +PIDFILE='--pid-file=/var/run/dionaea.pid' + +#MISC='--chroot=/dionaea/chrootdir' +MISC='' + diff --git a/sources b/sources new file mode 100644 index 0000000..eccfe9a --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (dionaea-0.6.0-1748f3b.tar.gz) = 8bfa9453c6adb1f6ed685af7f10fcef1df87b79ddf88429ba4b2002675bc4ec20c4dae18e389120926d4408860fd634d5516273a98afef003da68c32d9cd929d