summaryrefslogtreecommitdiff
path: root/sentinel-minipot
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2020-07-11 16:06:13 +0200
committerKarel Kočí <cynerd@email.cz>2020-07-11 16:06:13 +0200
commit2f31048b9123444aed7559b72c56645d73379e4b (patch)
treeb7ec0953b884ea2be3815adc8e488327d8871dd0 /sentinel-minipot
parentc1fac266afb99c28ffbb8213d8cf1f6c19a5b13b (diff)
downloadopenwrt-personal-pkgs-2f31048b9123444aed7559b72c56645d73379e4b.tar.gz
openwrt-personal-pkgs-2f31048b9123444aed7559b72c56645d73379e4b.tar.bz2
openwrt-personal-pkgs-2f31048b9123444aed7559b72c56645d73379e4b.zip
sentinel-minipot: include latest turris-os-version
Diffstat (limited to 'sentinel-minipot')
-rw-r--r--sentinel-minipot/Makefile57
-rwxr-xr-xsentinel-minipot/files/init23
-rw-r--r--sentinel-minipot/files/restart-minipot-hook.sh5
-rw-r--r--sentinel-minipot/files/sentinel-firewall.sh33
-rw-r--r--sentinel-minipot/files/uci-defaults25
5 files changed, 143 insertions, 0 deletions
diff --git a/sentinel-minipot/Makefile b/sentinel-minipot/Makefile
new file mode 100644
index 0000000..2db0833
--- /dev/null
+++ b/sentinel-minipot/Makefile
@@ -0,0 +1,57 @@
+#
+## Copyright (C) 2018-2020 CZ.NIC z.s.p.o. (https://www.nic.cz/)
+#
+## This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+# #
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=sentinel-minipot
+PKG_VERSION:=1
+PKG_RELEASE:=10
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/sentinel/minipot.git
+PKG_SOURCE_VERSION:=ebc6c8f96202b6c122fcc8f94b9413ec6bfd2e4f
+
+PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz>
+PKG_LICENSE:=GPL-3.0-or-later
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/sentinel-minipot
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=Sentinel
+ TITLE:=Minipots
+ URL:=https://gitlab.nic.cz/turris/sentinel/minipot
+ DEPENDS:=\
+ +czmq \
+ +libevent2 \
+ +msgpack-c \
+ +sentinel-firewall \
+ +sentinel-proxy
+endef
+
+define Package/sentinel-minipot/description
+ Sentinel minipots. These are minimal honeypots. Implements protocols: telnet
+endef
+
+define Package/sentinel-minipot/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel_minipot $(1)/usr/bin/sentinel-minipot
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/init $(1)/etc/init.d/sentinel-minipot
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_BIN) ./files/uci-defaults $(1)/etc/uci-defaults/99-sentinel-minipot-telnet
+ $(INSTALL_DIR) $(1)/usr/libexec/sentinel/firewall.d
+ $(INSTALL_BIN) ./files/sentinel-firewall.sh $(1)/usr/libexec/sentinel/firewall.d/70-minipot.sh
+
+ $(INSTALL_DIR) $(1)/usr/libexec/sentinel/reload_hooks.d
+ $(INSTALL_BIN) ./files/restart-minipot-hook.sh $(1)/usr/libexec/sentinel/reload_hooks.d/60_minipot.sh
+endef
+
+$(eval $(call BuildPackage,sentinel-minipot))
diff --git a/sentinel-minipot/files/init b/sentinel-minipot/files/init
new file mode 100755
index 0000000..0b504c1
--- /dev/null
+++ b/sentinel-minipot/files/init
@@ -0,0 +1,23 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=99
+STOP=10
+
+DEFAULT_TELNET_PORT=2333
+
+start_service() {
+ source /lib/functions/sentinel.sh
+ allowed_to_run "minipot" || return 1
+
+ config_load sentinel
+ local telnet_port
+ config_get telnet_port minipot telnet_port "$DEFAULT_TELNET_PORT"
+
+ procd_open_instance
+ procd_set_param command /usr/bin/sentinel-minipot
+ [ "$telnet_port" = "0" ] || procd_append_param command -T "$telnet_port"
+ procd_set_param respawn 3600 5 5
+ procd_set_param file /etc/config/sentinel
+ procd_close_instance
+}
diff --git a/sentinel-minipot/files/restart-minipot-hook.sh b/sentinel-minipot/files/restart-minipot-hook.sh
new file mode 100644
index 0000000..f316413
--- /dev/null
+++ b/sentinel-minipot/files/restart-minipot-hook.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+# restart Sentinel:Minipot service
+/etc/init.d/sentinel-minipot restart
+# Reload firewall to apply redirect
+/etc/init.d/firewall reload
diff --git a/sentinel-minipot/files/sentinel-firewall.sh b/sentinel-minipot/files/sentinel-firewall.sh
new file mode 100644
index 0000000..9c51268
--- /dev/null
+++ b/sentinel-minipot/files/sentinel-firewall.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+set -e
+SF_DIR="${0%/*}"
+. "$SF_DIR/common.sh"
+. /lib/functions.sh
+. /lib/functions/sentinel.sh
+
+allowed_to_run "minipot" 2>/dev/null || return 0
+
+
+config_load "sentinel"
+config_get telnet_port "minipot" "telnet_port" "2333"
+
+
+port_redirect_zone() {
+ local config_section="$1"
+ local zone enabled
+ config_get zone "$config_section" "name"
+ config_get_bool enabled "$config_section" "sentinel_minipot" "0"
+ [ "$enabled" = "1" ] || return 0
+
+ [ "$telnet_port" = "0" ] || \
+ iptables_redirect "$zone" 23 "$telnet_port" "Minipot Telnet"
+}
+
+config_load "firewall"
+config_foreach port_redirect_zone "zone"
+
+
+if source_if_exists "$SF_DIR/dynfw-utils.sh"; then
+ [ "$telnet_port" = "0" ] || \
+ bypass_dynamic_firewall "tcp" "23" "Minipot Telnet"
+fi
diff --git a/sentinel-minipot/files/uci-defaults b/sentinel-minipot/files/uci-defaults
new file mode 100644
index 0000000..f90516c
--- /dev/null
+++ b/sentinel-minipot/files/uci-defaults
@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+. /lib/functions/sentinel-firewall.sh
+
+# Minipot entry in sentinel config
+if [ "$(uci -q get sentinel.minipot)" != "minipot" ]; then
+ uci -q batch <<EOT
+ delete sentinel.minipot
+ set sentinel.minipot='minipot'
+ commit sentinel.minipot
+EOT
+fi
+
+# Remove old firewall rules
+[ -z "$(uci -q get firewall.sentinel_minipot_telnet_mark)" ] || \
+ uci -q delete firewall.sentinel_minipot_telnet_mark
+[ -z "$(uci -q get firewall.sentinel_minipot_telnet)" ] || \
+ uci -q delete firewall.sentinel_minipot_telnet
+
+
+# Enable for wan interface in default
+config_firewall_default_enable "sentinel_minipot"
+
+# Always reload firewall to use latest version of sentinel-firewall script
+/etc/init.d/firewall reload