svn commit: r312776 - in head: . net net/kippo net/kippo/files

Fri Feb 22 16:22:51 UTC 2013

Author: culot
Date: Fri Feb 22 16:22:49 2013
New Revision: 312776
URL: http://svnweb.freebsd.org/changeset/ports/312776

Log:
  Kippo is a medium interaction SSH honeypot designed to log brute force
  attacks and, most importantly, the entire shell interaction performed
  by the attacker.
  
  WWW: http://code.google.com/p/kippo/

Added:
  head/net/kippo/
  head/net/kippo/Makefile   (contents, props changed)
  head/net/kippo/distinfo   (contents, props changed)
  head/net/kippo/files/
  head/net/kippo/files/kippo.in   (contents, props changed)
  head/net/kippo/files/pkg-message.in   (contents, props changed)
  head/net/kippo/pkg-descr   (contents, props changed)
  head/net/kippo/pkg-plist   (contents, props changed)
Modified:
  head/GIDs
  head/UIDs
  head/net/Makefile

Modified: head/GIDs
==============================================================================

--- head/GIDs	Fri Feb 22 16:03:46 2013	(r312775)
+++ head/GIDs	Fri Feb 22 16:22:49 2013	(r312776)
@@ -248,5 +248,6 @@ fluentd:*:963:
 git_daemon:*:964:
 elasticsearch:*:965:
 ossec:*:966:
+kippo:*:969:
 nogroup:*:65533:
 nobody:*:65534:

Modified: head/UIDs
==============================================================================
--- head/UIDs	Fri Feb 22 16:03:46 2013	(r312775)
+++ head/UIDs	Fri Feb 22 16:22:49 2013	(r312776)
@@ -254,4 +254,5 @@ elasticsearch:*:965:965::0:0:elasticsear
 ossec:*:966:966::0:0:OSSEC user:/usr/local/ossec-hids:/usr/sbin/nologin
 ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin
 ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin
+kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin
 nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin

Modified: head/net/Makefile
==============================================================================
--- head/net/Makefile	Fri Feb 22 16:03:46 2013	(r312775)
+++ head/net/Makefile	Fri Feb 22 16:22:49 2013	(r312776)
@@ -282,6 +282,7 @@
     SUBDIR += kdenetwork4
     SUBDIR += kiax
     SUBDIR += kio-upnp-ms
+    SUBDIR += kippo
     SUBDIR += kissd
     SUBDIR += knc
     SUBDIR += knemo

Added: head/net/kippo/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/kippo/Makefile	Fri Feb 22 16:22:49 2013	(r312776)
@@ -0,0 +1,43 @@
+# Created by: Frederic Culot <culot at FreeBSD.org>
+# $FreeBSD$
+
+PORTNAME=	kippo
+PORTVERSION=	0.5
+CATEGORIES=	net
+MASTER_SITES=	${MASTER_SITE_GOOGLE_CODE}
+
+MAINTAINER=	culot at FreeBSD.org
+COMMENT=	Medium interaction ssh honeypot
+
+LICENSE=	BSD
+
+BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}pycrypto>0:${PORTSDIR}/security/py-pycrypto \
+		${PYTHON_PKGNAMEPREFIX}zope.interface>0:${PORTSDIR}/devel/py-zope.interface
+RUN_DEPENDS:=	${BUILD_DEPENDS}
+
+USE_PYTHON=	2.5+
+USE_TWISTED_RUN=	conch web
+NO_BUILD=	yes
+
+USE_RC_SUBR=	kippo
+
+USERS=		kippo
+GROUPS=		kippo
+
+SUB_FILES=	pkg-message
+SUB_LIST+=	PYTHON=${PYTHON_CMD}
+
+do-install:
+	@${MKDIR} ${DATADIR}
+.for f in kippo.cfg kippo.tac fs.pickle
+	@${INSTALL_DATA} ${WRKSRC}/${f} ${DATADIR}
+.endfor
+.for d in doc honeyfs kippo txtcmds utils
+	@${MKDIR} ${DATADIR}/${d}
+	@(cd ${WRKSRC}/${d}/ && ${COPYTREE_SHARE} \* ${DATADIR}/${d})
+.endfor
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>

Added: head/net/kippo/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/kippo/distinfo	Fri Feb 22 16:22:49 2013	(r312776)
@@ -0,0 +1,2 @@
+SHA256 (kippo-0.5.tar.gz) = e5faa1aad668f1a5e986db93af7f132268ce059ce2edafc4a93f678864dbdbce
+SIZE (kippo-0.5.tar.gz) = 387148

Added: head/net/kippo/files/kippo.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/kippo/files/kippo.in	Fri Feb 22 16:22:49 2013	(r312776)
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: kippo
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf to enable kippo:
+#
+# kippo_enable (bool):		Set to NO by default.
+#				Set it to YES to enable kipppo
+# kippo_logfile (path):		Set to /tmp/kippo.log by default.
+# kippo_pidfile (path):         Set to /tmp/kippo.pid by default.
+
+. /etc/rc.subr
+
+name=kippo
+rcvar=kippo_enable
+
+load_rc_config $name
+: ${kippo_enable:=no}
+: ${kippo_logfile="/tmp/kippo.log"}
+: ${kippo_pidfile="/tmp/kippo.pid"}
+
+kippo_user="kippo"
+kippo_chdir="%%DATADIR%%"
+pidfile=$kippo_pidfile
+command="%%LOCALBASE%%/bin/twistd"
+command_args="-y %%DATADIR%%/kippo.tac --pidfile $pidfile --logfile $kippo_logfile"
+command_interpreter="%%PYTHON%%"
+
+run_rc_command "$1"

Added: head/net/kippo/files/pkg-message.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/kippo/files/pkg-message.in	Fri Feb 22 16:22:49 2013	(r312776)
@@ -0,0 +1,33 @@
+========================================================================
+kippo has been installed in the following directory:
+
+	%%DATADIR%%
+
+Before starting kippo you need to perform the following steps:
+
+1) Edit kippo's configuration file to suit your needs:
+
+	$EDITOR %%DATADIR%%/kippo.cfg
+
+   Please keep in mind when editing the configuration file that kippo
+   can't be run as root and is started by the 'kippo' unprivileged
+   user instead. This implies that the following folders hierarchy
+   must be created and made writable to the 'kippo' user:
+
+	dl/
+	data/
+	log/tty/
+
+2) Add the following line to your rc.conf:
+
+	kippo_enable="YES" 
+
+   Note that you can also set the 'kippo_logfile' and 'kippo_pidfile'
+   variables to specify the path to the log file and pid file that
+   will be used by kippo. The default values for those variables are
+   '/tmp/kippo.log' and '/tmp/kippo.pid' respectively.
+
+Then you can start kippo by issuing the following command:
+
+	%%PREFIX%%/etc/rc.d/kippo start
+========================================================================

Added: head/net/kippo/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/kippo/pkg-descr	Fri Feb 22 16:22:49 2013	(r312776)
@@ -0,0 +1,5 @@
+Kippo is a medium interaction SSH honeypot designed to log brute force
+attacks and, most importantly, the entire shell interaction performed
+by the attacker. 
+
+WWW: http://code.google.com/p/kippo/

Added: head/net/kippo/pkg-plist
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/kippo/pkg-plist	Fri Feb 22 16:22:49 2013	(r312776)
@@ -0,0 +1,55 @@
+%%DATADIR%%/fs.pickle
+%%DATADIR%%/kippo.cfg
+%%DATADIR%%/kippo.tac
+%%DATADIR%%/doc/COPYRIGHT
+%%DATADIR%%/doc/README
+%%DATADIR%%/doc/sql/mysql.sql
+%%DATADIR%%/honeyfs/etc/passwd
+%%DATADIR%%/honeyfs/etc/issue
+%%DATADIR%%/honeyfs/proc/cpuinfo
+%%DATADIR%%/kippo/__init__.py
+%%DATADIR%%/kippo/commands/fs.py
+%%DATADIR%%/kippo/commands/base.py
+%%DATADIR%%/kippo/commands/ssh.py
+%%DATADIR%%/kippo/commands/ping.py
+%%DATADIR%%/kippo/commands/ls.py
+%%DATADIR%%/kippo/commands/__init__.py
+%%DATADIR%%/kippo/commands/last.py
+%%DATADIR%%/kippo/commands/apt.py
+%%DATADIR%%/kippo/commands/dice.py
+%%DATADIR%%/kippo/commands/tar.py
+%%DATADIR%%/kippo/commands/wget.py
+%%DATADIR%%/kippo/commands/adduser.py
+%%DATADIR%%/kippo/core/fs.py
+%%DATADIR%%/kippo/core/__init__.py
+%%DATADIR%%/kippo/core/utils.py
+%%DATADIR%%/kippo/core/ttylog.py
+%%DATADIR%%/kippo/core/honeypot.py
+%%DATADIR%%/kippo/core/config.py
+%%DATADIR%%/kippo/core/dblog.py
+%%DATADIR%%/kippo/dblog/__init__.py
+%%DATADIR%%/kippo/dblog/mysql.py
+%%DATADIR%%/txtcmds/bin/dmesg
+%%DATADIR%%/txtcmds/bin/mount
+%%DATADIR%%/txtcmds/sbin/ifconfig
+%%DATADIR%%/txtcmds/usr/bin/vi
+%%DATADIR%%/utils/convert32.py
+%%DATADIR%%/utils/createfs.py
+%%DATADIR%%/utils/passdb.py
+%%DATADIR%%/utils/playlog.py
+ at dirrm %%DATADIR%%/doc/sql
+ at dirrm %%DATADIR%%/doc
+ at dirrm %%DATADIR%%/honeyfs/etc
+ at dirrm %%DATADIR%%/honeyfs/proc
+ at dirrm %%DATADIR%%/honeyfs
+ at dirrm %%DATADIR%%/kippo/commands
+ at dirrm %%DATADIR%%/kippo/core
+ at dirrm %%DATADIR%%/kippo/dblog
+ at dirrm %%DATADIR%%/kippo
+ at dirrm %%DATADIR%%/txtcmds/bin
+ at dirrm %%DATADIR%%/txtcmds/sbin
+ at dirrm %%DATADIR%%/txtcmds/usr/bin
+ at dirrm %%DATADIR%%/txtcmds/usr
+ at dirrm %%DATADIR%%/txtcmds
+ at dirrm %%DATADIR%%/utils
+ at dirrm %%DATADIR%%
