summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2020-07-11 16:06:59 +0200
committerKarel Kočí <cynerd@email.cz>2020-07-11 16:06:59 +0200
commit09fb4b7b9651a35e13a95d2da6e21d230bfebb34 (patch)
treed2379de111f3d835ce356b5e9f5f7fa4cca0eddb
parent2f31048b9123444aed7559b72c56645d73379e4b (diff)
downloadopenwrt-personal-pkgs-09fb4b7b9651a35e13a95d2da6e21d230bfebb34.tar.gz
openwrt-personal-pkgs-09fb4b7b9651a35e13a95d2da6e21d230bfebb34.tar.bz2
openwrt-personal-pkgs-09fb4b7b9651a35e13a95d2da6e21d230bfebb34.zip
sentinel-minipot: include additional minipots
-rw-r--r--sentinel-minipot/Makefile14
-rw-r--r--sentinel-minipot/files/defaults.sh4
-rwxr-xr-xsentinel-minipot/files/init12
-rw-r--r--sentinel-minipot/files/sentinel-firewall.sh18
4 files changed, 39 insertions, 9 deletions
diff --git a/sentinel-minipot/Makefile b/sentinel-minipot/Makefile
index 2db0833..6ac8e95 100644
--- a/sentinel-minipot/Makefile
+++ b/sentinel-minipot/Makefile
@@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=sentinel-minipot
-PKG_VERSION:=1
-PKG_RELEASE:=10
+PKG_VERSION:=2.0
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/sentinel/minipot.git
-PKG_SOURCE_VERSION:=ebc6c8f96202b6c122fcc8f94b9413ec6bfd2e4f
+PKG_SOURCE_VERSION:=cf5a115c6b064ad510c2a6fff255f96e36fa63e4
PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz>
PKG_LICENSE:=GPL-3.0-or-later
@@ -36,19 +36,23 @@ define Package/sentinel-minipot
endef
define Package/sentinel-minipot/description
- Sentinel minipots. These are minimal honeypots. Implements protocols: telnet
+ Sentinel minipots. These are minimal honeypots.
+ Implements protocols: FTP, HTTP, SMTP submission and Telnet
endef
define Package/sentinel-minipot/install
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel_minipot $(1)/usr/bin/sentinel-minipot
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel-minipot $(1)/usr/bin/sentinel-minipot
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/init $(1)/etc/init.d/sentinel-minipot
+
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/uci-defaults $(1)/etc/uci-defaults/99-sentinel-minipot-telnet
+
$(INSTALL_DIR) $(1)/usr/libexec/sentinel/firewall.d
$(INSTALL_BIN) ./files/sentinel-firewall.sh $(1)/usr/libexec/sentinel/firewall.d/70-minipot.sh
+ $(INSTALL_DATA) ./files/defaults.sh $(1)/usr/libexec/sentinel/minipot-defaults.sh
$(INSTALL_DIR) $(1)/usr/libexec/sentinel/reload_hooks.d
$(INSTALL_BIN) ./files/restart-minipot-hook.sh $(1)/usr/libexec/sentinel/reload_hooks.d/60_minipot.sh
diff --git a/sentinel-minipot/files/defaults.sh b/sentinel-minipot/files/defaults.sh
new file mode 100644
index 0000000..2e38095
--- /dev/null
+++ b/sentinel-minipot/files/defaults.sh
@@ -0,0 +1,4 @@
+DEFAULT_FTP_PORT="2133"
+DEFAULT_HTTP_PORT="8033"
+DEFAULT_SMTP_PORT="5873"
+DEFAULT_TELNET_PORT="2333"
diff --git a/sentinel-minipot/files/init b/sentinel-minipot/files/init
index 0b504c1..90ad252 100755
--- a/sentinel-minipot/files/init
+++ b/sentinel-minipot/files/init
@@ -4,19 +4,25 @@ USE_PROCD=1
START=99
STOP=10
-DEFAULT_TELNET_PORT=2333
start_service() {
source /lib/functions/sentinel.sh
+ source /usr/libexec/sentinel/minipot-defaults.sh
allowed_to_run "minipot" || return 1
config_load sentinel
- local telnet_port
+ local ftp_port http_port smtp_port telnet_port
+ config_get ftp_port minipot ftp_port "$DEFAULT_FTP_PORT"
+ config_get http_port minipot http_port "$DEFAULT_HTTP_PORT"
+ config_get smtp_port minipot smtp_port "$DEFAULT_SMTP_PORT"
config_get telnet_port minipot telnet_port "$DEFAULT_TELNET_PORT"
procd_open_instance
procd_set_param command /usr/bin/sentinel-minipot
- [ "$telnet_port" = "0" ] || procd_append_param command -T "$telnet_port"
+ [ "$ftp_port" = "0" ] || procd_append_param command --ftp="$ftp_port"
+ [ "$http_port" = "0" ] || procd_append_param command --http="$http_port"
+ [ "$smtp_port" = "0" ] || procd_append_param command --smtp="$smtp_port"
+ [ "$telnet_port" = "0" ] || procd_append_param command --telnet="$telnet_port"
procd_set_param respawn 3600 5 5
procd_set_param file /etc/config/sentinel
procd_close_instance
diff --git a/sentinel-minipot/files/sentinel-firewall.sh b/sentinel-minipot/files/sentinel-firewall.sh
index 9c51268..40c584b 100644
--- a/sentinel-minipot/files/sentinel-firewall.sh
+++ b/sentinel-minipot/files/sentinel-firewall.sh
@@ -4,12 +4,16 @@ SF_DIR="${0%/*}"
. "$SF_DIR/common.sh"
. /lib/functions.sh
. /lib/functions/sentinel.sh
+. /usr/libexec/sentinel/minipot-defaults.sh
allowed_to_run "minipot" 2>/dev/null || return 0
config_load "sentinel"
-config_get telnet_port "minipot" "telnet_port" "2333"
+config_get ftp_port "minipot" "ftp_port" "$DEFAULT_FTP_PORT"
+config_get http_port "minipot" "http_port" "$DEFAULT_HTTP_PORT"
+config_get smtp_port "minipot" "smtp_port" "$DEFAULT_SMTP_PORT"
+config_get telnet_port "minipot" "telnet_port" "$DEFAULT_TELNET_PORT"
port_redirect_zone() {
@@ -19,6 +23,12 @@ port_redirect_zone() {
config_get_bool enabled "$config_section" "sentinel_minipot" "0"
[ "$enabled" = "1" ] || return 0
+ [ "$ftp_port" = "0" ] || \
+ iptables_redirect "$zone" 21 "$ftp_port" "Minipot FTP"
+ [ "$http_port" = "0" ] || \
+ iptables_redirect "$zone" 80 "$http_port" "Minipot HTTP"
+ [ "$smtp_port" = "0" ] || \
+ iptables_redirect "$zone" 587 "$smtp_port" "Minipot SMTP submission"
[ "$telnet_port" = "0" ] || \
iptables_redirect "$zone" 23 "$telnet_port" "Minipot Telnet"
}
@@ -28,6 +38,12 @@ config_foreach port_redirect_zone "zone"
if source_if_exists "$SF_DIR/dynfw-utils.sh"; then
+ [ "$ftp_port" = "0" ] || \
+ bypass_dynamic_firewall "tcp" "21" "Minipot FTP"
+ [ "$http_port" = "0" ] || \
+ bypass_dynamic_firewall "tcp" "23" "Minipot HTTP"
+ [ "$smtp_port" = "0" ] || \
+ bypass_dynamic_firewall "tcp" "587" "Minipot SMTP submission"
[ "$telnet_port" = "0" ] || \
bypass_dynamic_firewall "tcp" "23" "Minipot Telnet"
fi