From owner-svn-ports-head@FreeBSD.ORG Fri Feb 22 16:22:51 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D110F916; Fri, 22 Feb 2013 16:22:51 +0000 (UTC) (envelope-from culot@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id AA0C4A2B; Fri, 22 Feb 2013 16:22:51 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1MGMpbL028627; Fri, 22 Feb 2013 16:22:51 GMT (envelope-from culot@svn.freebsd.org) Received: (from culot@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1MGMnDt028613; Fri, 22 Feb 2013 16:22:49 GMT (envelope-from culot@svn.freebsd.org) Message-Id: <201302221622.r1MGMnDt028613@svn.freebsd.org> From: Frederic Culot Date: Fri, 22 Feb 2013 16:22:49 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r312776 - in head: . net net/kippo net/kippo/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2013 16:22:51 -0000 Author: culot Date: Fri Feb 22 16:22:49 2013 New Revision: 312776 URL: http://svnweb.freebsd.org/changeset/ports/312776 Log: Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. WWW: http://code.google.com/p/kippo/ Added: head/net/kippo/ head/net/kippo/Makefile (contents, props changed) head/net/kippo/distinfo (contents, props changed) head/net/kippo/files/ head/net/kippo/files/kippo.in (contents, props changed) head/net/kippo/files/pkg-message.in (contents, props changed) head/net/kippo/pkg-descr (contents, props changed) head/net/kippo/pkg-plist (contents, props changed) Modified: head/GIDs head/UIDs head/net/Makefile Modified: head/GIDs ============================================================================== --- head/GIDs Fri Feb 22 16:03:46 2013 (r312775) +++ head/GIDs Fri Feb 22 16:22:49 2013 (r312776) @@ -248,5 +248,6 @@ fluentd:*:963: git_daemon:*:964: elasticsearch:*:965: ossec:*:966: +kippo:*:969: nogroup:*:65533: nobody:*:65534: Modified: head/UIDs ============================================================================== --- head/UIDs Fri Feb 22 16:03:46 2013 (r312775) +++ head/UIDs Fri Feb 22 16:22:49 2013 (r312776) @@ -254,4 +254,5 @@ elasticsearch:*:965:965::0:0:elasticsear ossec:*:966:966::0:0:OSSEC user:/usr/local/ossec-hids:/usr/sbin/nologin ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin +kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin Modified: head/net/Makefile ============================================================================== --- head/net/Makefile Fri Feb 22 16:03:46 2013 (r312775) +++ head/net/Makefile Fri Feb 22 16:22:49 2013 (r312776) @@ -282,6 +282,7 @@ SUBDIR += kdenetwork4 SUBDIR += kiax SUBDIR += kio-upnp-ms + SUBDIR += kippo SUBDIR += kissd SUBDIR += knc SUBDIR += knemo Added: head/net/kippo/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/kippo/Makefile Fri Feb 22 16:22:49 2013 (r312776) @@ -0,0 +1,43 @@ +# Created by: Frederic Culot +# $FreeBSD$ + +PORTNAME= kippo +PORTVERSION= 0.5 +CATEGORIES= net +MASTER_SITES= ${MASTER_SITE_GOOGLE_CODE} + +MAINTAINER= culot@FreeBSD.org +COMMENT= Medium interaction ssh honeypot + +LICENSE= BSD + +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pycrypto>0:${PORTSDIR}/security/py-pycrypto \ + ${PYTHON_PKGNAMEPREFIX}zope.interface>0:${PORTSDIR}/devel/py-zope.interface +RUN_DEPENDS:= ${BUILD_DEPENDS} + +USE_PYTHON= 2.5+ +USE_TWISTED_RUN= conch web +NO_BUILD= yes + +USE_RC_SUBR= kippo + +USERS= kippo +GROUPS= kippo + +SUB_FILES= pkg-message +SUB_LIST+= PYTHON=${PYTHON_CMD} + +do-install: + @${MKDIR} ${DATADIR} +.for f in kippo.cfg kippo.tac fs.pickle + @${INSTALL_DATA} ${WRKSRC}/${f} ${DATADIR} +.endfor +.for d in doc honeyfs kippo txtcmds utils + @${MKDIR} ${DATADIR}/${d} + @(cd ${WRKSRC}/${d}/ && ${COPYTREE_SHARE} \* ${DATADIR}/${d}) +.endfor + +post-install: + @${CAT} ${PKGMESSAGE} + +.include Added: head/net/kippo/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/kippo/distinfo Fri Feb 22 16:22:49 2013 (r312776) @@ -0,0 +1,2 @@ +SHA256 (kippo-0.5.tar.gz) = e5faa1aad668f1a5e986db93af7f132268ce059ce2edafc4a93f678864dbdbce +SIZE (kippo-0.5.tar.gz) = 387148 Added: head/net/kippo/files/kippo.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/kippo/files/kippo.in Fri Feb 22 16:22:49 2013 (r312776) @@ -0,0 +1,33 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: kippo +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf to enable kippo: +# +# kippo_enable (bool): Set to NO by default. +# Set it to YES to enable kipppo +# kippo_logfile (path): Set to /tmp/kippo.log by default. +# kippo_pidfile (path): Set to /tmp/kippo.pid by default. + +. /etc/rc.subr + +name=kippo +rcvar=kippo_enable + +load_rc_config $name +: ${kippo_enable:=no} +: ${kippo_logfile="/tmp/kippo.log"} +: ${kippo_pidfile="/tmp/kippo.pid"} + +kippo_user="kippo" +kippo_chdir="%%DATADIR%%" +pidfile=$kippo_pidfile +command="%%LOCALBASE%%/bin/twistd" +command_args="-y %%DATADIR%%/kippo.tac --pidfile $pidfile --logfile $kippo_logfile" +command_interpreter="%%PYTHON%%" + +run_rc_command "$1" Added: head/net/kippo/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/kippo/files/pkg-message.in Fri Feb 22 16:22:49 2013 (r312776) @@ -0,0 +1,33 @@ +======================================================================== +kippo has been installed in the following directory: + + %%DATADIR%% + +Before starting kippo you need to perform the following steps: + +1) Edit kippo's configuration file to suit your needs: + + $EDITOR %%DATADIR%%/kippo.cfg + + Please keep in mind when editing the configuration file that kippo + can't be run as root and is started by the 'kippo' unprivileged + user instead. This implies that the following folders hierarchy + must be created and made writable to the 'kippo' user: + + dl/ + data/ + log/tty/ + +2) Add the following line to your rc.conf: + + kippo_enable="YES" + + Note that you can also set the 'kippo_logfile' and 'kippo_pidfile' + variables to specify the path to the log file and pid file that + will be used by kippo. The default values for those variables are + '/tmp/kippo.log' and '/tmp/kippo.pid' respectively. + +Then you can start kippo by issuing the following command: + + %%PREFIX%%/etc/rc.d/kippo start +======================================================================== Added: head/net/kippo/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/kippo/pkg-descr Fri Feb 22 16:22:49 2013 (r312776) @@ -0,0 +1,5 @@ +Kippo is a medium interaction SSH honeypot designed to log brute force +attacks and, most importantly, the entire shell interaction performed +by the attacker. + +WWW: http://code.google.com/p/kippo/ Added: head/net/kippo/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/kippo/pkg-plist Fri Feb 22 16:22:49 2013 (r312776) @@ -0,0 +1,55 @@ +%%DATADIR%%/fs.pickle +%%DATADIR%%/kippo.cfg +%%DATADIR%%/kippo.tac +%%DATADIR%%/doc/COPYRIGHT +%%DATADIR%%/doc/README +%%DATADIR%%/doc/sql/mysql.sql +%%DATADIR%%/honeyfs/etc/passwd +%%DATADIR%%/honeyfs/etc/issue +%%DATADIR%%/honeyfs/proc/cpuinfo +%%DATADIR%%/kippo/__init__.py +%%DATADIR%%/kippo/commands/fs.py +%%DATADIR%%/kippo/commands/base.py +%%DATADIR%%/kippo/commands/ssh.py +%%DATADIR%%/kippo/commands/ping.py +%%DATADIR%%/kippo/commands/ls.py +%%DATADIR%%/kippo/commands/__init__.py +%%DATADIR%%/kippo/commands/last.py +%%DATADIR%%/kippo/commands/apt.py +%%DATADIR%%/kippo/commands/dice.py +%%DATADIR%%/kippo/commands/tar.py +%%DATADIR%%/kippo/commands/wget.py +%%DATADIR%%/kippo/commands/adduser.py +%%DATADIR%%/kippo/core/fs.py +%%DATADIR%%/kippo/core/__init__.py +%%DATADIR%%/kippo/core/utils.py +%%DATADIR%%/kippo/core/ttylog.py +%%DATADIR%%/kippo/core/honeypot.py +%%DATADIR%%/kippo/core/config.py +%%DATADIR%%/kippo/core/dblog.py +%%DATADIR%%/kippo/dblog/__init__.py +%%DATADIR%%/kippo/dblog/mysql.py +%%DATADIR%%/txtcmds/bin/dmesg +%%DATADIR%%/txtcmds/bin/mount +%%DATADIR%%/txtcmds/sbin/ifconfig +%%DATADIR%%/txtcmds/usr/bin/vi +%%DATADIR%%/utils/convert32.py +%%DATADIR%%/utils/createfs.py +%%DATADIR%%/utils/passdb.py +%%DATADIR%%/utils/playlog.py +@dirrm %%DATADIR%%/doc/sql +@dirrm %%DATADIR%%/doc +@dirrm %%DATADIR%%/honeyfs/etc +@dirrm %%DATADIR%%/honeyfs/proc +@dirrm %%DATADIR%%/honeyfs +@dirrm %%DATADIR%%/kippo/commands +@dirrm %%DATADIR%%/kippo/core +@dirrm %%DATADIR%%/kippo/dblog +@dirrm %%DATADIR%%/kippo +@dirrm %%DATADIR%%/txtcmds/bin +@dirrm %%DATADIR%%/txtcmds/sbin +@dirrm %%DATADIR%%/txtcmds/usr/bin +@dirrm %%DATADIR%%/txtcmds/usr +@dirrm %%DATADIR%%/txtcmds +@dirrm %%DATADIR%%/utils +@dirrm %%DATADIR%%