From 09fb4b7b9651a35e13a95d2da6e21d230bfebb34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Sat, 11 Jul 2020 16:06:59 +0200 Subject: sentinel-minipot: include additional minipots --- sentinel-minipot/Makefile | 14 +++++++++----- sentinel-minipot/files/defaults.sh | 4 ++++ sentinel-minipot/files/init | 12 +++++++++--- sentinel-minipot/files/sentinel-firewall.sh | 18 +++++++++++++++++- 4 files changed, 39 insertions(+), 9 deletions(-) create mode 100644 sentinel-minipot/files/defaults.sh diff --git a/sentinel-minipot/Makefile b/sentinel-minipot/Makefile index 2db0833..6ac8e95 100644 --- a/sentinel-minipot/Makefile +++ b/sentinel-minipot/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sentinel-minipot -PKG_VERSION:=1 -PKG_RELEASE:=10 +PKG_VERSION:=2.0 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/sentinel/minipot.git -PKG_SOURCE_VERSION:=ebc6c8f96202b6c122fcc8f94b9413ec6bfd2e4f +PKG_SOURCE_VERSION:=cf5a115c6b064ad510c2a6fff255f96e36fa63e4 PKG_MAINTAINER:=CZ.NIC PKG_LICENSE:=GPL-3.0-or-later @@ -36,19 +36,23 @@ define Package/sentinel-minipot endef define Package/sentinel-minipot/description - Sentinel minipots. These are minimal honeypots. Implements protocols: telnet + Sentinel minipots. These are minimal honeypots. + Implements protocols: FTP, HTTP, SMTP submission and Telnet endef define Package/sentinel-minipot/install $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel_minipot $(1)/usr/bin/sentinel-minipot + $(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel-minipot $(1)/usr/bin/sentinel-minipot $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/init $(1)/etc/init.d/sentinel-minipot + $(INSTALL_DIR) $(1)/etc/uci-defaults $(INSTALL_BIN) ./files/uci-defaults $(1)/etc/uci-defaults/99-sentinel-minipot-telnet + $(INSTALL_DIR) $(1)/usr/libexec/sentinel/firewall.d $(INSTALL_BIN) ./files/sentinel-firewall.sh $(1)/usr/libexec/sentinel/firewall.d/70-minipot.sh + $(INSTALL_DATA) ./files/defaults.sh $(1)/usr/libexec/sentinel/minipot-defaults.sh $(INSTALL_DIR) $(1)/usr/libexec/sentinel/reload_hooks.d $(INSTALL_BIN) ./files/restart-minipot-hook.sh $(1)/usr/libexec/sentinel/reload_hooks.d/60_minipot.sh diff --git a/sentinel-minipot/files/defaults.sh b/sentinel-minipot/files/defaults.sh new file mode 100644 index 0000000..2e38095 --- /dev/null +++ b/sentinel-minipot/files/defaults.sh @@ -0,0 +1,4 @@ +DEFAULT_FTP_PORT="2133" +DEFAULT_HTTP_PORT="8033" +DEFAULT_SMTP_PORT="5873" +DEFAULT_TELNET_PORT="2333" diff --git a/sentinel-minipot/files/init b/sentinel-minipot/files/init index 0b504c1..90ad252 100755 --- a/sentinel-minipot/files/init +++ b/sentinel-minipot/files/init @@ -4,19 +4,25 @@ USE_PROCD=1 START=99 STOP=10 -DEFAULT_TELNET_PORT=2333 start_service() { source /lib/functions/sentinel.sh + source /usr/libexec/sentinel/minipot-defaults.sh allowed_to_run "minipot" || return 1 config_load sentinel - local telnet_port + local ftp_port http_port smtp_port telnet_port + config_get ftp_port minipot ftp_port "$DEFAULT_FTP_PORT" + config_get http_port minipot http_port "$DEFAULT_HTTP_PORT" + config_get smtp_port minipot smtp_port "$DEFAULT_SMTP_PORT" config_get telnet_port minipot telnet_port "$DEFAULT_TELNET_PORT" procd_open_instance procd_set_param command /usr/bin/sentinel-minipot - [ "$telnet_port" = "0" ] || procd_append_param command -T "$telnet_port" + [ "$ftp_port" = "0" ] || procd_append_param command --ftp="$ftp_port" + [ "$http_port" = "0" ] || procd_append_param command --http="$http_port" + [ "$smtp_port" = "0" ] || procd_append_param command --smtp="$smtp_port" + [ "$telnet_port" = "0" ] || procd_append_param command --telnet="$telnet_port" procd_set_param respawn 3600 5 5 procd_set_param file /etc/config/sentinel procd_close_instance diff --git a/sentinel-minipot/files/sentinel-firewall.sh b/sentinel-minipot/files/sentinel-firewall.sh index 9c51268..40c584b 100644 --- a/sentinel-minipot/files/sentinel-firewall.sh +++ b/sentinel-minipot/files/sentinel-firewall.sh @@ -4,12 +4,16 @@ SF_DIR="${0%/*}" . "$SF_DIR/common.sh" . /lib/functions.sh . /lib/functions/sentinel.sh +. /usr/libexec/sentinel/minipot-defaults.sh allowed_to_run "minipot" 2>/dev/null || return 0 config_load "sentinel" -config_get telnet_port "minipot" "telnet_port" "2333" +config_get ftp_port "minipot" "ftp_port" "$DEFAULT_FTP_PORT" +config_get http_port "minipot" "http_port" "$DEFAULT_HTTP_PORT" +config_get smtp_port "minipot" "smtp_port" "$DEFAULT_SMTP_PORT" +config_get telnet_port "minipot" "telnet_port" "$DEFAULT_TELNET_PORT" port_redirect_zone() { @@ -19,6 +23,12 @@ port_redirect_zone() { config_get_bool enabled "$config_section" "sentinel_minipot" "0" [ "$enabled" = "1" ] || return 0 + [ "$ftp_port" = "0" ] || \ + iptables_redirect "$zone" 21 "$ftp_port" "Minipot FTP" + [ "$http_port" = "0" ] || \ + iptables_redirect "$zone" 80 "$http_port" "Minipot HTTP" + [ "$smtp_port" = "0" ] || \ + iptables_redirect "$zone" 587 "$smtp_port" "Minipot SMTP submission" [ "$telnet_port" = "0" ] || \ iptables_redirect "$zone" 23 "$telnet_port" "Minipot Telnet" } @@ -28,6 +38,12 @@ config_foreach port_redirect_zone "zone" if source_if_exists "$SF_DIR/dynfw-utils.sh"; then + [ "$ftp_port" = "0" ] || \ + bypass_dynamic_firewall "tcp" "21" "Minipot FTP" + [ "$http_port" = "0" ] || \ + bypass_dynamic_firewall "tcp" "23" "Minipot HTTP" + [ "$smtp_port" = "0" ] || \ + bypass_dynamic_firewall "tcp" "587" "Minipot SMTP submission" [ "$telnet_port" = "0" ] || \ bypass_dynamic_firewall "tcp" "23" "Minipot Telnet" fi -- cgit v1.2.3