diff options
| -rw-r--r-- | sentinel-minipot/Makefile | 66 | ||||
| -rw-r--r-- | sentinel-minipot/files/defaults.sh | 4 | ||||
| -rwxr-xr-x | sentinel-minipot/files/init | 33 | ||||
| -rw-r--r-- | sentinel-minipot/files/restart-minipot-hook.sh | 5 | ||||
| -rw-r--r-- | sentinel-minipot/files/sentinel-firewall.sh | 53 | ||||
| -rw-r--r-- | sentinel-minipot/files/uci-defaults | 25 |
6 files changed, 0 insertions, 186 deletions
diff --git a/sentinel-minipot/Makefile b/sentinel-minipot/Makefile deleted file mode 100644 index 5ba9642..0000000 --- a/sentinel-minipot/Makefile +++ /dev/null @@ -1,66 +0,0 @@ -# -## Copyright (C) 2018-2020 CZ.NIC z.s.p.o. (https://www.nic.cz/) -# -## This is free software, licensed under the GNU General Public License v3. -# See /LICENSE for more information. -# # -# -include $(TOPDIR)/rules.mk - -PKG_NAME:=sentinel-minipot -#PKG_VERSION:=2.0.0 -PKG_RELEASE:=1 -PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/sentinel/minipot.git -#PKG_SOURCE_VERSION:=v$(PKG_VERSION) -PKG_SOURCE_BRANCH:=telnet-debug - -PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz> -PKG_LICENSE:=GPL-3.0-or-later -PKG_LICENSE_FILES:=LICENSE - -PKG_BUILD_DEPENDS:=argp-standalone - -PKG_FIXUP:=autoreconf - -include $(INCLUDE_DIR)/autopkg-branch.mk -include $(INCLUDE_DIR)/package.mk - -define Package/sentinel-minipot - SECTION:=net - CATEGORY:=Network - SUBMENU:=Sentinel - TITLE:=Minipots - URL:=https://gitlab.nic.cz/turris/sentinel/minipot - DEPENDS:=\ - +czmq \ - +libevent2 \ - +msgpack-c \ - +base64c \ - +sentinel-firewall \ - +sentinel-proxy -endef - -define Package/sentinel-minipot/description - Sentinel minipots. These are minimal honeypots. - Implements protocols: FTP, HTTP, SMTP submission and Telnet -endef - -define Package/sentinel-minipot/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel-minipot $(1)/usr/bin/sentinel-minipot - - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/init $(1)/etc/init.d/sentinel-minipot - - $(INSTALL_DIR) $(1)/etc/uci-defaults - $(INSTALL_BIN) ./files/uci-defaults $(1)/etc/uci-defaults/99-sentinel-minipot-telnet - - $(INSTALL_DIR) $(1)/usr/libexec/sentinel/firewall.d - $(INSTALL_BIN) ./files/sentinel-firewall.sh $(1)/usr/libexec/sentinel/firewall.d/70-minipot.sh - $(INSTALL_DATA) ./files/defaults.sh $(1)/usr/libexec/sentinel/minipot-defaults.sh - - $(INSTALL_DIR) $(1)/usr/libexec/sentinel/reload_hooks.d - $(INSTALL_BIN) ./files/restart-minipot-hook.sh $(1)/usr/libexec/sentinel/reload_hooks.d/60_minipot.sh -endef - -$(eval $(call BuildPackage,sentinel-minipot)) diff --git a/sentinel-minipot/files/defaults.sh b/sentinel-minipot/files/defaults.sh deleted file mode 100644 index 2e38095..0000000 --- a/sentinel-minipot/files/defaults.sh +++ /dev/null @@ -1,4 +0,0 @@ -DEFAULT_FTP_PORT="2133" -DEFAULT_HTTP_PORT="8033" -DEFAULT_SMTP_PORT="5873" -DEFAULT_TELNET_PORT="2333" diff --git a/sentinel-minipot/files/init b/sentinel-minipot/files/init deleted file mode 100755 index c243697..0000000 --- a/sentinel-minipot/files/init +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh /etc/rc.common - -USE_PROCD=1 -START=99 -STOP=10 - - -start_service() { - source /lib/functions/sentinel.sh - source /usr/libexec/sentinel/minipot-defaults.sh - allowed_to_run "minipot" || return 1 - - config_load sentinel - local ftp_port http_port smtp_port telnet_port - config_get ftp_port minipot ftp_port "$DEFAULT_FTP_PORT" - config_get http_port minipot http_port "$DEFAULT_HTTP_PORT" - config_get smtp_port minipot smtp_port "$DEFAULT_SMTP_PORT" - config_get telnet_port minipot telnet_port "$DEFAULT_TELNET_PORT" - - procd_open_instance - procd_set_param command /usr/bin/sentinel-minipot - [ "$ftp_port" = "0" ] || procd_append_param command --ftp="$ftp_port" - [ "$http_port" = "0" ] || procd_append_param command --http="$http_port" - [ "$smtp_port" = "0" ] || procd_append_param command --smtp="$smtp_port" - [ "$telnet_port" = "0" ] || procd_append_param command --telnet="$telnet_port" - procd_set_param respawn 3600 5 5 - # TODO uncomment or replace logging once debug logs are no longer printed - # Otherwise this just spams log a lot. - #procd_set_param stdout 1 - #procd_set_param stderr 1 - procd_set_param file /etc/config/sentinel - procd_close_instance -} diff --git a/sentinel-minipot/files/restart-minipot-hook.sh b/sentinel-minipot/files/restart-minipot-hook.sh deleted file mode 100644 index f316413..0000000 --- a/sentinel-minipot/files/restart-minipot-hook.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -# restart Sentinel:Minipot service -/etc/init.d/sentinel-minipot restart -# Reload firewall to apply redirect -/etc/init.d/firewall reload diff --git a/sentinel-minipot/files/sentinel-firewall.sh b/sentinel-minipot/files/sentinel-firewall.sh deleted file mode 100644 index f01ee86..0000000 --- a/sentinel-minipot/files/sentinel-firewall.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -set -e -SF_DIR="${0%/*}" -. "$SF_DIR/common.sh" -. /lib/functions.sh -. /lib/functions/sentinel.sh -. /usr/libexec/sentinel/minipot-defaults.sh - -allowed_to_run "minipot" 2>/dev/null || return 0 - - -config_load "sentinel" -config_get ftp_port "minipot" "ftp_port" "$DEFAULT_FTP_PORT" -config_get http_port "minipot" "http_port" "$DEFAULT_HTTP_PORT" -config_get smtp_port "minipot" "smtp_port" "$DEFAULT_SMTP_PORT" -config_get telnet_port "minipot" "telnet_port" "$DEFAULT_TELNET_PORT" - - -port_redirect_zone() { - local config_section="$1" - local zone enabled - config_get zone "$config_section" "name" - config_get_bool enabled "$config_section" "sentinel_minipot" "0" - [ "$enabled" = "1" ] || return 0 - - [ "$ftp_port" = "0" ] || \ - iptables_redirect "$zone" 21 "$ftp_port" "Minipot FTP" - [ "$http_port" = "0" ] || \ - iptables_redirect "$zone" 80 "$http_port" "Minipot HTTP" - [ "$smtp_port" = "0" ] || { - iptables_redirect "$zone" 25 "$smtp_port" "Minipot SMTP" - iptables_redirect "$zone" 587 "$smtp_port" "Minipot SMTP submission" - } - [ "$telnet_port" = "0" ] || \ - iptables_redirect "$zone" 23 "$telnet_port" "Minipot Telnet" -} - -config_load "firewall" -config_foreach port_redirect_zone "zone" - - -if source_if_exists "$SF_DIR/dynfw-utils.sh"; then - [ "$ftp_port" = "0" ] || \ - bypass_dynamic_firewall "tcp" "21" "Minipot FTP" - [ "$http_port" = "0" ] || \ - bypass_dynamic_firewall "tcp" "80" "Minipot HTTP" - [ "$smtp_port" = "0" ] || { - bypass_dynamic_firewall "tcp" "25" "Minipot SMTP" - bypass_dynamic_firewall "tcp" "587" "Minipot SMTP submission" - } - [ "$telnet_port" = "0" ] || \ - bypass_dynamic_firewall "tcp" "23" "Minipot Telnet" -fi diff --git a/sentinel-minipot/files/uci-defaults b/sentinel-minipot/files/uci-defaults deleted file mode 100644 index f90516c..0000000 --- a/sentinel-minipot/files/uci-defaults +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -set -e -. /lib/functions/sentinel-firewall.sh - -# Minipot entry in sentinel config -if [ "$(uci -q get sentinel.minipot)" != "minipot" ]; then - uci -q batch <<EOT - delete sentinel.minipot - set sentinel.minipot='minipot' - commit sentinel.minipot -EOT -fi - -# Remove old firewall rules -[ -z "$(uci -q get firewall.sentinel_minipot_telnet_mark)" ] || \ - uci -q delete firewall.sentinel_minipot_telnet_mark -[ -z "$(uci -q get firewall.sentinel_minipot_telnet)" ] || \ - uci -q delete firewall.sentinel_minipot_telnet - - -# Enable for wan interface in default -config_firewall_default_enable "sentinel_minipot" - -# Always reload firewall to use latest version of sentinel-firewall script -/etc/init.d/firewall reload |