rpms/dionaea
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main
rpms:f43
rpms:f42
rpms:epel9
rpms:f40
rpms:f41
rpms:f37
rpms:f38
rpms:f39
rpms:epel8-playground
rpms:epel8
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f28
rpms:f29
rpms:epel7
rpms:f30
rpms:f27
rpms:f26
rpms:epel10
...
pull from: rpms:f34
Branches Tags
rpms:main
rpms:rawhide
rpms:f43
rpms:f42
rpms:epel9
rpms:f40
rpms:f41
rpms:f37
rpms:f38
rpms:f39
rpms:epel8-playground
rpms:epel8
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f28
rpms:f29
rpms:epel7
rpms:f30
rpms:f27
rpms:f26
rpms:epel10
Sign in to create a new pull request.

1 commit
rawhide ... f34

Author SHA1 Message Date
Tomas Hrcka
4665b95b1e Revert "Retired: Package fails to install for 8+ weeks" 
This reverts commit 345cdb4184.

Unretirement request: https://pagure.io/releng/issue/10092

Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2021-04-19 11:41:08 +02:00
21 changed files with 1935 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
/dionaea-0.6.0-1748f3b.tar.gz
/dionaea-0.7.0.tar.gz

5
README.md Normal file
View file

@ -0,0 +1,5 @@
# dionaea
Dionaea honeypot is meant to be a nepenthes successor, embedding python
as scripting language, using libemu to detect shell-codes, supporting
ipv6 and TLS.

3
dead.package
View file

@ -1,3 +0,0 @@
Retired: Package fails to install for 8+ weeks
See https://pagure.io/releng/issue/10067

105
dionaea-01_glib.patch Normal file
View file

@ -0,0 +1,105 @@
Use the glib CFLAGS and LDFLAGS during build where necessary
https://github.com/DinoTools/dionaea/issues/161
https://github.com/DinoTools/dionaea/pull/160
Merged in in https://github.com/DinoTools/dionaea/commit/1748f3b3936aa1da2d92500251ae8010fe181dfc
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/curl/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/curl/Makefile.am
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/curl/Makefile.am 2016-11-14 23:26:58.000000000 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/curl/Makefile.am 2018-03-21 10:34:08.529280378 +0100
@@ -5,9 +5,12 @@
AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src
AM_CFLAGS += -fno-strict-aliasing
-AM_CFLAGS += $(LIB_CURL_CFLAGS)
+AM_CFLAGS += $(LIB_CURL_CFLAGS)
AM_LDFLAGS = $(LIB_CURL_LIBS)
+AM_CFLAGS += $(LIB_GLIB_CFLAGS)
+AM_LDFLAGS += $(LIB_GLIB_LDFLAGS)
+
pkglib_LTLIBRARIES = curl.la
curl_la_SOURCES = module.c module.h
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/emu/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/emu/Makefile.am
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/emu/Makefile.am 2016-11-14 23:26:58.000000000 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/emu/Makefile.am 2018-03-21 10:34:08.529280378 +0100
@@ -8,9 +8,13 @@
AM_CFLAGS += $(LIB_EMU_CFLAGS)
AM_LDFLAGS = $(LIB_EMU_LIBS)
+AM_CFLAGS += $(LIB_GLIB_CFLAGS)
+AM_LDFLAGS += $(LIB_GLIB_LDFLAGS)
+
+
pkglib_LTLIBRARIES = emu.la
emu_la_SOURCES = module.c module.h detect.c emulate.c profile.c hooks.c
-emu_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS}
+emu_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS}
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nc/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nc/Makefile.am
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nc/Makefile.am 2016-11-14 23:26:58.000000000 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nc/Makefile.am 2018-03-21 10:34:39.534850615 +0100
@@ -7,6 +7,10 @@
AM_CFLAGS +=
AM_LDFLAGS =
+AM_CFLAGS += $(LIB_GLIB_CFLAGS)
+AM_LDFLAGS += $(LIB_GLIB_LDFLAGS)
+
+
pkglib_LTLIBRARIES = nc.la
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nfq/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nfq/Makefile.am
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nfq/Makefile.am 2016-11-14 23:26:58.000000000 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nfq/Makefile.am 2018-03-21 10:34:08.530280363 +0100
@@ -5,8 +5,8 @@
AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src -pipe -D _GNU_SOURCE -fno-strict-aliasing
AM_CFLAGS += -Wall -Werror
-AM_CFLAGS += ${LIB_GLIB_CFLAGS}
-AM_LDFLAGS = ${LIB_GLIB_LIBS}
+AM_CFLAGS += ${LIB_GLIB_CFLAGS}
+AM_LDFLAGS = ${LIB_GLIB_LIBS}
pkglib_LTLIBRARIES = nfq.la
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nl/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nl/Makefile.am
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/nl/Makefile.am 2016-11-14 23:26:58.000000000 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/nl/Makefile.am 2018-03-21 10:34:08.530280363 +0100
@@ -10,6 +10,8 @@
#AM_LDFLAGS = -Wl,-rpath,/opt/dionaea/lib -L/opt/dionaea/lib -lnl -lnl-route -lnl-genl -lnl-nf
AM_LDFLAGS = $(LIB_NL_LIBS)
+AM_CFLAGS += $(LIB_GLIB_CFLAGS)
+AM_LDFLAGS += $(LIB_GLIB_LDFLAGS)
pkglib_LTLIBRARIES = nl.la
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/pcap/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/pcap/Makefile.am
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/pcap/Makefile.am 2016-11-14 23:26:58.000000000 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/pcap/Makefile.am 2018-03-21 10:34:08.531280350 +0100
@@ -8,6 +8,9 @@
AM_CFLAGS += $(LIB_PCAP_CFLAGS)
AM_LDFLAGS = $(LIB_PCAP_LIBS)
+AM_CFLAGS += $(LIB_GLIB_CFLAGS)
+AM_LDFLAGS += $(LIB_GLIB_LDFLAGS)
+
pkglib_LTLIBRARIES = pcap.la
pcap_la_SOURCES = pcap.c
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/xmatch/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/xmatch/Makefile.am
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/xmatch/Makefile.am 2016-11-14 23:26:58.000000000 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/xmatch/Makefile.am 2018-03-21 10:34:08.531280350 +0100
@@ -8,6 +8,9 @@
AM_CFLAGS += $(LIB_XMATCH_CFLAGS)
AM_LDFLAGS = $(LIB_XMATCH_LIBS)
+AM_CFLAGS += $(LIB_GLIB_CFLAGS)
+AM_LDFLAGS += $(LIB_GLIB_LDFLAGS)
+
pkglib_LTLIBRARIES = xmatch.la
xmatch_la_SOURCES = module.c xmatch.c

20
dionaea-02_warnerror.patch Normal file
View file

@ -0,0 +1,20 @@
Get rid of the warning about not used return value from chdir.
https://github.com/DinoTools/dionaea/issues/162
https://github.com/DinoTools/dionaea/pull/163
Merged in in https://github.com/DinoTools/dionaea/commit/ea5d54060af53250abfe3dde9f36af399fa30524
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/src/dionaea.c dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/src/dionaea.c
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/src/dionaea.c 2018-03-21 04:21:30.201354584 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/src/dionaea.c 2018-03-21 04:22:07.529846514 +0100
@@ -723,7 +723,10 @@
g_error("Could not chroot(\"%s\") (%s)", opt->root, strerror(errno));
} else
{
- chdir("/");
+ if ( chdir("/") != 0 ) {
+ g_error("Could change to root directory '/' ... this shuoldn't happen exitting.\nErr: (%s)", strerror(errno));
+ return EXIT_FAILURE;
+ }
}
}

18
dionaea-03_in6_pktinfo.patch Normal file
View file

@ -0,0 +1,18 @@
ipv6 structures in <netinet/in.h> are used by the <sys/socket.h>
ipv6 structures needs explicit CFLAGS " -D_GNU_SOURCE" to compile on linux
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/include/connection.h dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/include/connection.h
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/include/connection.h 2018-03-21 04:21:30.193354693 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/include/connection.h 2018-03-21 04:46:46.450694148 +0100
@@ -28,11 +28,11 @@
#ifndef HAVE_CONNECTION_H
#define HAVE_CONNECTION_H
+#include <netinet/in.h>
#include <sys/socket.h>
#include <stdbool.h>
#include <stdint.h>
-#include <netinet/in.h>
//#include <linux/if.h>
#include <ev.h>
#include <glib.h>

110
dionaea-04_pyev.patch Normal file
View file

@ -0,0 +1,110 @@
diff --git a/modules/python/Makefile.am b/modules/python/Makefile.am
index 5beb169..aa273d3 100644
--- a/modules/python/Makefile.am
+++ b/modules/python/Makefile.am
@@ -4,19 +4,20 @@ AUTOMAKE_OPTIONS = foreign
SUBDIRS = dionaea util
+PYTHON_SITEARCH=$(pkglibdir)"/python"
+
all: binding.c
binding.c: setup.py setup.py.in binding.pyx module.c module.h ../../config.h ../../include/protocol.h ../../include/dionaea.h
$(PYTHON) setup.py build
install-exec-am: all
- cp build/*/dionaea/*.so $(DESTDIR)$(pkglibdir)/python.so
- (cd $(DESTDIR)$(pkglibdir)/python/dionaea && rm -f core.so && ln -s ../../python.so core.so)
- (cd $(DESTDIR)$(pkglibdir)/python/dionaea && rm -f pyev.so && ln -s ../../python.so pyev.so)
+ $(PYTHON) setup.py install -O1 --skip-build --root $(DESTDIR) --install-lib $(PYTHON_SITEARCH)
+ (cd $(DESTDIR)$(PYTHON_SITEARCH)/dionaea && export X=`ls core*.so | head -n 1` && ln -s $(PYTHON_SITEARCH)/dionaea/$$X python.so && mv python.so $(DESTDIR)$(pkglibdir)/python.so)
clean:
$(PYTHON) setup.py clean
- rm -rf ./build binding.{c,h}
+ rm -rf ./build binding.{c,h}
dist-clean: clean
diff --git a/modules/python/dionaea/hpfeeds.py b/modules/python/dionaea/hpfeeds.py
index 3674f4b..9a92e0d 100644
--- a/modules/python/dionaea/hpfeeds.py
+++ b/modules/python/dionaea/hpfeeds.py
@@ -38,7 +38,7 @@ import datetime
from time import gmtime, strftime
try:
- from dionaea import pyev
+ import pyev
except ImportError:
pyev = None
diff --git a/modules/python/dionaea/sip/__init__.py b/modules/python/dionaea/sip/__init__.py
index 66cb86e..48100f0 100644
--- a/modules/python/dionaea/sip/__init__.py
+++ b/modules/python/dionaea/sip/__init__.py
@@ -36,9 +36,10 @@ import random
import os
import datetime
import tempfile
+import pyev
from dionaea.core import connection, g_dionaea, incident
-from dionaea import pyev, ServiceLoader
+from dionaea import ServiceLoader
from dionaea.sip.extras import msg_to_icd, SipConfig, ErrorWithResponse
diff --git a/modules/python/dionaea/submit_http.py b/modules/python/dionaea/submit_http.py
index 20d645d..66c166c 100644
--- a/modules/python/dionaea/submit_http.py
+++ b/modules/python/dionaea/submit_http.py
@@ -1,7 +1,8 @@
from dionaea.core import ihandler, incident, g_dionaea
from dionaea.util import md5file, sha512file
-from dionaea import pyev, IHandlerLoader
+from dionaea import IHandlerLoader
+import pyev
import logging
import uuid
import struct
diff --git a/modules/python/dionaea/virustotal.py b/modules/python/dionaea/virustotal.py
index f2508a7..3e96c3d 100644
--- a/modules/python/dionaea/virustotal.py
+++ b/modules/python/dionaea/virustotal.py
@@ -32,7 +32,7 @@ import logging
import json
import uuid
import sqlite3
-from dionaea import pyev
+import pyev
logger = logging.getLogger('virustotal')
logger.setLevel(logging.DEBUG)
diff --git a/modules/python/setup.py.in b/modules/python/setup.py.in
index 17d71c0..97da738 100644
--- a/modules/python/setup.py.in
+++ b/modules/python/setup.py.in
@@ -86,7 +86,7 @@ PYEV_VERSION = "\"{0}\"".format(pyev_version)
ext_modules=[
Extension("dionaea.core",
- ['binding.pyx', 'module.c', 'pyev/pyev.c'],
+ ['binding.pyx', 'module.c'],
language="c",
include_dirs=['../../include', '../../'] + [k for k in sorted(include_dir_dict)],
extra_compile_args=[k for k in sorted(extra_compile_dict)],
diff --git a/modules/python/CMakeLists.txt b/modules/python/CMakeLists.txt
index 483eacb..bcd1df4 100644
--- a/modules/python/CMakeLists.txt
+++ b/modules/python/CMakeLists.txt
@@ -1,6 +1,6 @@
if (PYTHONINTERP_FOUND)
#set(SETUP_PY_IN "${CMAKE_CURRENT_SOURCE_DIR}/setup.py")
- set(SETUP_PY_IN "${CMAKE_CURRENT_SOURCE_DIR}/setup.py.in2")
+ set(SETUP_PY_IN "${CMAKE_CURRENT_SOURCE_DIR}/setup.py.in")
set(SETUP_PY "${CMAKE_CURRENT_BINARY_DIR}/setup.py")
#set(DEPS "${CMAKE_CURRENT_SOURCE_DIR}/module/__init__.py")
set(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/build/timestamp")

28
dionaea-05_sitelib.patch Normal file
View file

@ -0,0 +1,28 @@
Have a dedicated variable for the python sitelib, so it can be easily changed externally when building the system package.
diff -ru dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/python/dionaea/Makefile.am dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/python/dionaea/Makefile.am
--- dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.orig/modules/python/dionaea/Makefile.am 2018-03-21 04:21:30.195354666 +0100
+++ dionaea-793accd84432a77309fa8b81e1f5e9b5bd9ee7a3.new/modules/python/dionaea/Makefile.am 2018-03-21 07:36:59.780218852 +0100
@@ -2,6 +2,9 @@
AUTOMAKE_OPTIONS = foreign
+PYTHON_SITELIB=$(pkglibdir)"/python"
+
+
PYSCRIPTS = blackhole.py
PYSCRIPTS += emu_scripts/__init__.py
PYSCRIPTS += emu_scripts/handler.py
@@ -83,11 +86,11 @@
all: $(PYSCRIPTS)
-
+
install-data-am: all
for i in $(PYSCRIPTS); do \
- location=$(DESTDIR)$(pkglibdir)"/python/dionaea/$$i"; \
+ location=$(DESTDIR)$(PYTHON_SITELIB)"/dionaea/$$i"; \
scriptdir=`dirname "$$location"`; \
if [ ! -d $$scriptdir ]; then \
$(mkinstalldirs) $$scriptdir; \

760
dionaea-06_docswarn.patch Normal file
View file

@ -0,0 +1,760 @@
https://github.com/DinoTools/dionaea/issues/170
https://github.com/DinoTools/dionaea/pull/179
diff --git a/doc/source/ihandler/log_sqlite.rst b/doc/source/ihandler/log_sqlite.rst
index 040a2a8..e6cca5b 100644
--- a/doc/source/ihandler/log_sqlite.rst
+++ b/doc/source/ihandler/log_sqlite.rst
@@ -28,21 +28,18 @@ when retrieving the data from the database:
Additionally, you can query the database for many different things, refer to:
-* dionaea sql logging 2009/11/06
- <http://carnivore.it/2009/11/06/dionaea_sql_logging>
-* post it yourself 2009/12/08
- <http://carnivore.it/2009/12/08/post_it_yourself>
-* sqlite performance 2009/12/12
- <http://carnivore.it/2009/12/12/sqlite_performance>
-* virustotal fun 2009/12/14
- <http://carnivore.it/2009/12/14/virustotal_fun>
-* Andrew Waite's Blog <http://infosanity.wordpress.com/> for mimic-nepstats.py
+* `dionaea sql logging 2009/11/06 <http://carnivore.it/2009/11/06/dionaea_sql_logging>`_
+* `post it yourself 2009/12/08 <http://carnivore.it/2009/12/08/post_it_yourself>`_
+* `sqlite performance 2009/12/12 <http://carnivore.it/2009/12/12/sqlite_performance>`_
+* `virustotal fun 2009/12/14 <http://carnivore.it/2009/12/14/virustotal_fun>`_
+* `Andrew Waite's Blog <http://infosanity.wordpress.com/>`_ for mimic-nepstats.py
for more examples how to make use of the database.
Example config
--------------
-.. literalinclude:: ../../../conf/ihandlers/log_sqlite.yaml.in
- :language: yaml
- :caption: ihandlers/log_sqlite.yaml
+::
+ .. literalinclude:: ../../../conf/ihandlers/log_sqlite.yaml.in
+ :language: yaml
+ :caption: ihandlers/log_sqlite.yaml
diff --git a/doc/source/old/configuration.rst b/doc/source/old/configuration.rst
index bb46217..7f1b19f 100644
--- a/doc/source/old/configuration.rst
+++ b/doc/source/old/configuration.rst
@@ -90,18 +90,12 @@ gnuplotsql <#gnuplotsql> script.
The blog on logsql:
- * 2009-11-06 dionaea sql logging
- <http://carnivore.it/2009/11/06/dionaea_sql_logging>
- * 2009-12-08 post it yourself
- <http://carnivore.it/2009/12/08/post_it_yourself>
- * 2009-12-12 sqlite performance
- <http://carnivore.it/2009/12/12/sqlite_performance>
- * 2009-12-14 virustotal fun
- <http://carnivore.it/2009/12/14/virustotal_fun>
- * 2009-12-15 paris mission pack avs
- <http://carnivore.it/2009/12/15/paris_mission_pack_avs>
- * 2010-06-06 data visualisation
- <http://carnivore.it/2010/06/06/data_visualisation>
+ * `2009-11-06 dionaea sql logging <http://carnivore.it/2009/11/06/dionaea_sql_logging>`_
+ * `2009-12-08 post it yourself <http://carnivore.it/2009/12/08/post_it_yourself>`_
+ * `2009-12-12 sqlite performance <http://carnivore.it/2009/12/12/sqlite_performance>`_
+ * `2009-12-14 virustotal fun <http://carnivore.it/2009/12/14/virustotal_fun>`_
+ * `2009-12-15 paris mission pack avs <http://carnivore.it/2009/12/15/paris_mission_pack_avs>`_
+ * `2010-06-06 data visualisation <http://carnivore.it/2010/06/06/data_visualisation>`_
logxmpp
@@ -114,9 +108,9 @@ sensors anonymously.
The blog on logxmpp:
- * 2010-02-10 xmpp backend <http://carnivore.it/2010/02/10/xmpp_backend>
- * 2010-05-12 xmpp take #2 <http://carnivore.it/2010/05/12/xmpp_-_take_2>
- * 2010-05-15 xmpp take #3 <http://carnivore.it/2010/05/15/xmpp_-_take_3>
+ * `2010-02-10 xmpp backend <http://carnivore.it/2010/02/10/xmpp_backend>`_
+ * `2010-05-12 xmpp take #2 <http://carnivore.it/2010/05/12/xmpp_-_take_2>`_
+ * `2010-05-15 xmpp take #3 <http://carnivore.it/2010/05/15/xmpp_-_take_3>`_
pg_backend <#pg_backend> can be used as a backend for xmpp logging sensors.
@@ -130,8 +124,7 @@ and start p0f as suggested in the config. It costs nothing, and gives
some pretty cool, even if outdated, informations about the attackers
operating system, and you can look them up from the sqlite database,
even the rejected connections.
-If you face problems, here
-<http://blog.infosanity.co.uk/2010/12/04/dionaea-with-p0f/> are some hints.
+If you face problems, `here <http://blog.infosanity.co.uk/2010/12/04/dionaea-with-p0f/>`_ are some hints.
diff --git a/doc/source/old/seagfaults.rst b/doc/source/old/seagfaults.rst
index 39b8241..e07722a 100644
--- a/doc/source/old/seagfaults.rst
+++ b/doc/source/old/seagfaults.rst
@@ -8,218 +8,216 @@ This software just had a segmentation fault.
The bug you encountered may even be exploitable.
If you want to assist in fixing the bug, please send the backtrace below to nepenthesdev@gmail.com.
You can create better backtraces with gdb, for more information visit http://dionaea.carnivore.it/#segfault
-Once you read this message, your tty may be broken, simply type reset, so it will come to life again
-
-/opt/dionaea/bin/dionaea(sigsegv_backtrace_cb+0x20)[0x805c11e]
-[0x70d420]
-/opt/dionaea/lib/libemu/libemu.so.2(emu_env_w32_eip_check+0x94)[0x186974]
-/opt/dionaea/lib/dionaea/emu.so(run+0x39)[0x89cced]
-/opt/dionaea/lib/dionaea/emu.so(profile+0xbb)[0x89db88]
-/opt/dionaea/lib/dionaea/emu.so(proc_emu_on_io_in+0x1e1)[0x89bfc5]
-/opt/dionaea/bin/dionaea(recurse_io_process+0x31)[0x805df4a]
-/opt/dionaea/bin/dionaea(processors_io_in_thread+0x85)[0x805e08d]
-/opt/dionaea/bin/dionaea(threadpool_wrapper+0x2e)[0x805c99a]
-/opt/dionaea/lib/libglib-2.0.so.0[0xaa9498]
-/opt/dionaea/lib/libglib-2.0.so.0[0xaa7a2f]
-/lib/libpthread.so.0[0xd8973b]
-/lib/libc.so.6(clone+0x5e)[0x2b3cfe]
+Once you read this message, your tty may be broken, simply type reset, so it will come to life again::
+
+ /opt/dionaea/bin/dionaea(sigsegv_backtrace_cb+0x20)[0x805c11e]
+ [0x70d420]
+ /opt/dionaea/lib/libemu/libemu.so.2(emu_env_w32_eip_check+0x94)[0x186974]
+ /opt/dionaea/lib/dionaea/emu.so(run+0x39)[0x89cced]
+ /opt/dionaea/lib/dionaea/emu.so(profile+0xbb)[0x89db88]
+ /opt/dionaea/lib/dionaea/emu.so(proc_emu_on_io_in+0x1e1)[0x89bfc5]
+ /opt/dionaea/bin/dionaea(recurse_io_process+0x31)[0x805df4a]
+ /opt/dionaea/bin/dionaea(processors_io_in_thread+0x85)[0x805e08d]
+ /opt/dionaea/bin/dionaea(threadpool_wrapper+0x2e)[0x805c99a]
+ /opt/dionaea/lib/libglib-2.0.so.0[0xaa9498]
+ /opt/dionaea/lib/libglib-2.0.so.0[0xaa7a2f]
+ /lib/libpthread.so.0[0xd8973b]
+ /lib/libc.so.6(clone+0x5e)[0x2b3cfe]
While the backtrace itself gives an idea what might be wrong, it does
not fix the problem. To fix the problem, the logfiles usually help, as
dionaea is very verbose by default. Below are some hints how to get
started with debugging, click here <#support> for assistance.
+debugging
- debugging
+Valgrind
+========
- Valgrind
-
-Valgrind does a great job, here is how I use it:
+Valgrind does a great job, here is how I use it::
-valgrind -v --leak-check=full --leak-resolution=high --show-reachable=yes \
---log-file=dionaea-debug.log /opt/dionaea/bin/dionaea --my-dionaea-options
+ valgrind -v --leak-check=full --leak-resolution=high --show-reachable=yes \
+ --log-file=dionaea-debug.log /opt/dionaea/bin/dionaea --my-dionaea-options
- gdb
+ gdb
- logfile assisted
+ logfile assisted
For the above example, I was able to scrape the shellcode from the
logfile, and run it in libemu, without involving dionaea at all,
-reducing the problem.
-
-gdb /opt/dionaea/bin/sctest
-(gdb) run -S -s 10000000 -g < sc.bin
-Starting program: /media/sda4/opt64/dionaea/bin/sctest -S -s 10000000 -g < sc.bin
-
-Once it crashed, I retrieved a full backtrace:
-
-Program received signal SIGSEGV, Segmentation fault.
-env_w32_hook_GetProcAddress (env=0x629a30, hook=<value optimized out>) at environment/win32/env_w32_dll_export_kernel32_hooks.c:545
-545 struct emu_env_hook *hook = (struct emu_env_hook *)ehi->value;
-
-(gdb) bt full
-#0 env_w32_hook_GetProcAddress (env=0x629a30, hook=<value optimized out>) at environment/win32/env_w32_dll_export_kernel32_hooks.c:545
- dll = 0x6366f0
- ehi = <value optimized out>
- hook = <value optimized out>
- c = 0x611180
- mem = <value optimized out>
- eip_save = <value optimized out>
- module = 2088763392
- p_procname = 4289925
- procname = <value optimized out>
-#1 0x00007ffff7b884fb in emu_env_w32_eip_check (env=0x629a30) at environment/win32/emu_env_w32.c:306
- dll = <value optimized out>
- ehi = <value optimized out>
- hook = 0x64c5b0
- eip = <value optimized out>
-#2 0x0000000000403995 in test (e=0x60f0e0) at sctestmain.c:277
- hook = 0xe2
- ev = 0x0
- iv = <value optimized out>
- cpu = 0x611180
- mem = <value optimized out>
- env = 0x629a30
- na = <value optimized out>
- j = 7169
- last_vertex = 0x0
- graph = 0x0
- eh = 0x0
- ehi = 0x0
- ret = <value optimized out>
- eipsave = 2088807840
-#3 0x00000000004044e4 in main (argc=5, argv=0x7fffffffe388) at sctestmain.c:971
- e = <value optimized out>
+reducing the problem::
+
+ gdb /opt/dionaea/bin/sctest
+ (gdb) run -S -s 10000000 -g < sc.bin
+ Starting program: /media/sda4/opt64/dionaea/bin/sctest -S -s 10000000 -g < sc.bin
+
+Once it crashed, I retrieved a full backtrace::
+
+ Program received signal SIGSEGV, Segmentation fault.
+ env_w32_hook_GetProcAddress (env=0x629a30, hook=<value optimized out>) at environment/win32/env_w32_dll_export_kernel32_hooks.c:545
+ 545 struct emu_env_hook *hook = (struct emu_env_hook *)ehi->value;
+
+ (gdb) bt full
+ #0 env_w32_hook_GetProcAddress (env=0x629a30, hook=<value optimized out>) at environment/win32/env_w32_dll_export_kernel32_hooks.c:545
+ dll = 0x6366f0
+ ehi = <value optimized out>
+ hook = <value optimized out>
+ c = 0x611180
+ mem = <value optimized out>
+ eip_save = <value optimized out>
+ module = 2088763392
+ p_procname = 4289925
+ procname = <value optimized out>
+ #1 0x00007ffff7b884fb in emu_env_w32_eip_check (env=0x629a30) at environment/win32/emu_env_w32.c:306
+ dll = <value optimized out>
+ ehi = <value optimized out>
+ hook = 0x64c5b0
+ eip = <value optimized out>
+ #2 0x0000000000403995 in test (e=0x60f0e0) at sctestmain.c:277
+ hook = 0xe2
+ ev = 0x0
+ iv = <value optimized out>
+ cpu = 0x611180
+ mem = <value optimized out>
+ env = 0x629a30
+ na = <value optimized out>
+ j = 7169
+ last_vertex = 0x0
+ graph = 0x0
+ eh = 0x0
+ ehi = 0x0
+ ret = <value optimized out>
+ eipsave = 2088807840
+ #3 0x00000000004044e4 in main (argc=5, argv=0x7fffffffe388) at sctestmain.c:971
+ e = <value optimized out>
In this case, the problem was a bug in libemu.
-
- gdb dump memory
-
-Once again, it broke, and we got a backtrace:
-
-#0 0xb70b0b57 in emu_queue_enqueue (eq=0xb3da0918, data=0x4724ab) at emu_queue.c:63
- eqi = (struct emu_queue_item *) 0x0
-#1 0xb70b15d1 in emu_shellcode_run_and_track (e=0xb4109cd0, data=0xb411c698 "", datasize=<value optimized out>, eipoffset=<value optimized out>,
- steps=256, etas=0xb410cd60, known_positions=0xb3d7a810, stats_tested_positions_list=0xb3da3bf0, brute_force=true) at emu_shellcode.c:408
- current_pos_ti_diff = (struct emu_tracking_info *) 0x88c3c88
- current_pos_ht = <value optimized out>
- current_pos_v = <value optimized out>
- current_pos_satii = (struct emu_source_and_track_instr_info *) 0xb407e7f8
- bfs_queue = (struct emu_queue *) 0xb3e17668
- ret = 4662443
- eipsave = <value optimized out>
- hook = <value optimized out>
- j = 4
- es = <value optimized out>
- eli = (struct emu_list_item *) 0xb3e17658
- cpu = (struct emu_cpu *) 0xb4109ab0
- mem = (struct emu_memory *) 0xb410c3a0
- eq = (struct emu_queue *) 0xb3da0918
- env = (struct emu_env *) 0xb3e10208
- eli = (struct emu_list_item *) 0x4724ab
-#2 0xb70b1a2a in emu_shellcode_test (e=0xb4109cd0, data=0xb411c698 "", size=<value optimized out>) at emu_shellcode.c:546
- es = (struct emu_stats *) 0xb3d92b28
- new_results = (struct emu_list_root *) 0xb3da3bf0
- offset = <value optimized out>
- el = (struct emu_list_root *) 0xb4100510
- etas = (struct emu_track_and_source *) 0xb410cd60
- eh = (struct emu_hashtable *) 0xb3d7a810
- eli = (struct emu_list_item *) 0xb3d92b40
- results = (struct emu_list_root *) 0xb3d82850
- es = <value optimized out>
- __PRETTY_FUNCTION__ = "emu_shellcode_test"
-#3 0xb712140c in proc_emu_on_io_in (con=0x8864b58, pd=0x87dc388) at detect.c:145
- e = (struct emu *) 0xb4109cd0
- ctx = (struct emu_ctx *) 0x87a2400
- offset = 14356
- streamdata = (void *) 0xb411c698
- size = 8196
- ret = 0
- __PRETTY_FUNCTION__ = "proc_emu_on_io_in"
-#4 0x0805e8be in recurse_io_process (pd=0x87dc388, con=0x8864b58, dir=bistream_in) at processor.c:167
-No locals.
-#5 0x0805ea01 in processors_io_in_thread (data=0x8864b58, userdata=0x87dc388) at processor.c:197
- con = (struct connection *) 0x8864b58
- pd = (struct processor_data *) 0x87dc388
- __PRETTY_FUNCTION__ = "processors_io_in_thread"
-#6 0x0805d2da in threadpool_wrapper (data=0x87d7bd0, user_data=0x0) at threads.c:49
- t = (struct thread *) 0x87d7bd0
- timer = (GTimer *) 0xb4108540
-#7 0xb77441f6 in g_thread_pool_thread_proxy (data=0x83db460) at gthreadpool.c:265
- task = (gpointer) 0x87d7bd0
- pool = (GRealThreadPool *) 0x83db460
-#8 0xb7742b8f in g_thread_create_proxy (data=0x83dc7d0) at gthread.c:635
- __PRETTY_FUNCTION__ = "g_thread_create_proxy"
-#9 0xb76744c0 in start_thread () from /lib/i686/cmov/libpthread.so.0
-No symbol table info available.
-#10 0xb75f36de in clone () from /lib/i686/cmov/libc.so.6
-No symbol table info available.
+ gdb dump memory
+
+Once again, it broke, and we got a backtrace::
+
+ #0 0xb70b0b57 in emu_queue_enqueue (eq=0xb3da0918, data=0x4724ab) at emu_queue.c:63
+ eqi = (struct emu_queue_item *) 0x0
+ #1 0xb70b15d1 in emu_shellcode_run_and_track (e=0xb4109cd0, data=0xb411c698 "", datasize=<value optimized out>, eipoffset=<value optimized out>,
+ steps=256, etas=0xb410cd60, known_positions=0xb3d7a810, stats_tested_positions_list=0xb3da3bf0, brute_force=true) at emu_shellcode.c:408
+ current_pos_ti_diff = (struct emu_tracking_info *) 0x88c3c88
+ current_pos_ht = <value optimized out>
+ current_pos_v = <value optimized out>
+ current_pos_satii = (struct emu_source_and_track_instr_info *) 0xb407e7f8
+ bfs_queue = (struct emu_queue *) 0xb3e17668
+ ret = 4662443
+ eipsave = <value optimized out>
+ hook = <value optimized out>
+ j = 4
+ es = <value optimized out>
+ eli = (struct emu_list_item *) 0xb3e17658
+ cpu = (struct emu_cpu *) 0xb4109ab0
+ mem = (struct emu_memory *) 0xb410c3a0
+ eq = (struct emu_queue *) 0xb3da0918
+ env = (struct emu_env *) 0xb3e10208
+ eli = (struct emu_list_item *) 0x4724ab
+ #2 0xb70b1a2a in emu_shellcode_test (e=0xb4109cd0, data=0xb411c698 "", size=<value optimized out>) at emu_shellcode.c:546
+ es = (struct emu_stats *) 0xb3d92b28
+ new_results = (struct emu_list_root *) 0xb3da3bf0
+ offset = <value optimized out>
+ el = (struct emu_list_root *) 0xb4100510
+ etas = (struct emu_track_and_source *) 0xb410cd60
+ eh = (struct emu_hashtable *) 0xb3d7a810
+ eli = (struct emu_list_item *) 0xb3d92b40
+ results = (struct emu_list_root *) 0xb3d82850
+ es = <value optimized out>
+ __PRETTY_FUNCTION__ = "emu_shellcode_test"
+ #3 0xb712140c in proc_emu_on_io_in (con=0x8864b58, pd=0x87dc388) at detect.c:145
+ e = (struct emu *) 0xb4109cd0
+ ctx = (struct emu_ctx *) 0x87a2400
+ offset = 14356
+ streamdata = (void *) 0xb411c698
+ size = 8196
+ ret = 0
+ __PRETTY_FUNCTION__ = "proc_emu_on_io_in"
+ #4 0x0805e8be in recurse_io_process (pd=0x87dc388, con=0x8864b58, dir=bistream_in) at processor.c:167
+ No locals.
+ #5 0x0805ea01 in processors_io_in_thread (data=0x8864b58, userdata=0x87dc388) at processor.c:197
+ con = (struct connection *) 0x8864b58
+ pd = (struct processor_data *) 0x87dc388
+ __PRETTY_FUNCTION__ = "processors_io_in_thread"
+ #6 0x0805d2da in threadpool_wrapper (data=0x87d7bd0, user_data=0x0) at threads.c:49
+ t = (struct thread *) 0x87d7bd0
+ timer = (GTimer *) 0xb4108540
+ #7 0xb77441f6 in g_thread_pool_thread_proxy (data=0x83db460) at gthreadpool.c:265
+ task = (gpointer) 0x87d7bd0
+ pool = (GRealThreadPool *) 0x83db460
+ #8 0xb7742b8f in g_thread_create_proxy (data=0x83dc7d0) at gthread.c:635
+ __PRETTY_FUNCTION__ = "g_thread_create_proxy"
+ #9 0xb76744c0 in start_thread () from /lib/i686/cmov/libpthread.so.0
+ No symbol table info available.
+ #10 0xb75f36de in clone () from /lib/i686/cmov/libc.so.6
+ No symbol table info available.
Again, it was a bug in libemu, an unbreakable loop consuming all memory.
To reproduce, we have to dump the tested buffer, therefore we need the
buffers address and size. Luckily the size is noted in frame #2 as 8196
and and the data address is a parameter which got not optimized out for
-frame #2.
+frame #2::
-dump binary memory /tmp/sc.bin 0xb411c698 0xb411e89c
+ dump binary memory /tmp/sc.bin 0xb411c698 0xb411e89c
Afterwards, debugging libemu by feeding the data into sctest is easy.
I've had fun with objgraph and gdb debugging reference count leaks in
python too, here <http://carnivore.it/2009/12/23/arcane_bugs> is the
-writeup.
-
+writeup::
- gdb python3 embedded
+ gdb python3 embedded
Sometimes, there is something wrong with the python scripts, but gdb
-does not provide any useful output:
-
-bt full
-#12 0xb765f12d in PyEval_EvalFrameEx (f=0x825998c, throwflag=0) at Python/ceval.c:2267
- stack_pointer = (PyObject **) 0x8259af0
- next_instr = (unsigned char *) 0x812fabf "m'"
- opcode = 100
- oparg = <value optimized out>
- why = 3071731824
- err = 1
- x = (PyObject *) 0xb7244aac
- v = <value optimized out>
- w = (PyObject *) 0xadb5e4dc
- u = (PyObject *) 0xb775ccb0
- freevars = (PyObject **) 0x8259af0
- retval = (PyObject *) 0x0
- tstate = (PyThreadState *) 0x809aab0
- co = (PyCodeObject *) 0xb717b800
- instr_ub = -1
- instr_lb = 0
- instr_prev = -1
- first_instr = (unsigned char *) 0x812f918 "t"
- names = (PyObject *) 0xb723f50c
- consts = (PyObject *) 0xb71c9f7c
- opcode_targets = {0xb765d202, 0xb765f60a, 0xb766133a, 0xb76612db, 0xb7661285, 0xb7661222, 0xb765d202, 0xb765d202, 0xb765d202, 0xb76611dd,
- 0xb766114b, 0xb76610b9, 0xb766100f, 0xb765d202, 0xb765d202, 0xb7660f7d, 0xb765d202, 0xb765d202, 0xb765d202, 0xb7660eb7, 0xb7660dfb, 0xb765d202,
- 0xb7660d30, 0xb7660c65, 0xb7660ba9, 0xb7660aed, 0xb7660a31, 0xb7660975, 0xb76608b9, 0xb76607fd, 0xb765d202 <repeats 24 times>, 0xb7660736, 0xb766066b,
- 0xb76605af, 0xb76604f3, 0xb765d202, 0xb7660437, 0xb766035d, 0xb76602ad, 0xb7661aba, 0xb76619fe, 0xb7661942, 0xb7661886, 0xb7661b76, 0xb76614a8,
- 0xb7661413, 0xb766138e, 0xb766171f, 0xb76616e6, 0xb765d202, 0xb765d202, 0xb765d202, 0xb766162a, 0xb766156e, 0xb76601f1, 0xb7660135, 0xb76617ca,
- 0xb7660120, 0xb765fff7, 0xb765d202, 0xb765fd72, 0xb765fc6e, 0xb765d202, 0xb765fc1d, 0xb765fe17, 0xb765fd90, 0xb765fec0, 0xb765fb41, 0xb765fadc,
- 0xb765f9ed, 0xb765f94d, 0xb765f8be, 0xb765f7e3, 0xb765f779, 0xb765f6bd, 0xb765f66c, 0xb765ef1d, 0xb765eea2, 0xb765ede1, 0xb765ed1a, 0xb765ec35,
- 0xb765ebc3, 0xb765eb30, 0xb765ea69, 0xb765f1c7, 0xb765f027, 0xb765f560, 0xb765efc1, 0xb76630e3, 0xb766310c, 0xb765e64c, 0xb765e592, 0xb765f49a,
- 0xb765f3de, 0xb765d202, 0xb765d202, 0xb765f39e, 0xb7663135, 0xb766315f, 0xb765e9cb, 0xb765d202, 0xb765e948, 0xb765e8bb, 0xb765e817, 0xb765d202,
- 0xb765d202, 0xb765d202, 0xb765d2ae, 0xb765e3e0, 0xb7663275, 0xb765e1a2, 0xb766324e, 0xb765e0ba, 0xb765e01e, 0xb765df74, 0xb765d202, 0xb765d202,
- 0xb7663189, 0xb76631d3, 0xb7663220, 0xb765e149, 0xb765d202, 0xb765de09, 0xb765dec0, 0xb765f2c0, 0xb765d202 <repeats 108 times>}
-#13 0xb7664ac0 in PyEval_EvalCodeEx (co=0xb717b800, globals=0xb7160b54, locals=0x0, args=0x84babb8, argcount=9, kws=0x0, kwcount=0, defs=0xb719e978,
- defcount=1, kwdefs=0x0, closure=0x0) at Python/ceval.c:3198
- f = (PyFrameObject *) 0x825998c
- retval = <value optimized out>
- freevars = (PyObject **) 0x8259af0
- tstate = (PyThreadState *) 0x809aab0
- x = <value optimized out>
- u = <value optimized out>
+does not provide any useful output::
+
+ bt full
+ #12 0xb765f12d in PyEval_EvalFrameEx (f=0x825998c, throwflag=0) at Python/ceval.c:2267
+ stack_pointer = (PyObject **) 0x8259af0
+ next_instr = (unsigned char *) 0x812fabf "m'"
+ opcode = 100
+ oparg = <value optimized out>
+ why = 3071731824
+ err = 1
+ x = (PyObject *) 0xb7244aac
+ v = <value optimized out>
+ w = (PyObject *) 0xadb5e4dc
+ u = (PyObject *) 0xb775ccb0
+ freevars = (PyObject **) 0x8259af0
+ retval = (PyObject *) 0x0
+ tstate = (PyThreadState *) 0x809aab0
+ co = (PyCodeObject *) 0xb717b800
+ instr_ub = -1
+ instr_lb = 0
+ instr_prev = -1
+ first_instr = (unsigned char *) 0x812f918 "t"
+ names = (PyObject *) 0xb723f50c
+ consts = (PyObject *) 0xb71c9f7c
+ opcode_targets = {0xb765d202, 0xb765f60a, 0xb766133a, 0xb76612db, 0xb7661285, 0xb7661222, 0xb765d202, 0xb765d202, 0xb765d202, 0xb76611dd,
+ 0xb766114b, 0xb76610b9, 0xb766100f, 0xb765d202, 0xb765d202, 0xb7660f7d, 0xb765d202, 0xb765d202, 0xb765d202, 0xb7660eb7, 0xb7660dfb, 0xb765d202,
+ 0xb7660d30, 0xb7660c65, 0xb7660ba9, 0xb7660aed, 0xb7660a31, 0xb7660975, 0xb76608b9, 0xb76607fd, 0xb765d202 <repeats 24 times>, 0xb7660736, 0xb766066b,
+ 0xb76605af, 0xb76604f3, 0xb765d202, 0xb7660437, 0xb766035d, 0xb76602ad, 0xb7661aba, 0xb76619fe, 0xb7661942, 0xb7661886, 0xb7661b76, 0xb76614a8,
+ 0xb7661413, 0xb766138e, 0xb766171f, 0xb76616e6, 0xb765d202, 0xb765d202, 0xb765d202, 0xb766162a, 0xb766156e, 0xb76601f1, 0xb7660135, 0xb76617ca,
+ 0xb7660120, 0xb765fff7, 0xb765d202, 0xb765fd72, 0xb765fc6e, 0xb765d202, 0xb765fc1d, 0xb765fe17, 0xb765fd90, 0xb765fec0, 0xb765fb41, 0xb765fadc,
+ 0xb765f9ed, 0xb765f94d, 0xb765f8be, 0xb765f7e3, 0xb765f779, 0xb765f6bd, 0xb765f66c, 0xb765ef1d, 0xb765eea2, 0xb765ede1, 0xb765ed1a, 0xb765ec35,
+ 0xb765ebc3, 0xb765eb30, 0xb765ea69, 0xb765f1c7, 0xb765f027, 0xb765f560, 0xb765efc1, 0xb76630e3, 0xb766310c, 0xb765e64c, 0xb765e592, 0xb765f49a,
+ 0xb765f3de, 0xb765d202, 0xb765d202, 0xb765f39e, 0xb7663135, 0xb766315f, 0xb765e9cb, 0xb765d202, 0xb765e948, 0xb765e8bb, 0xb765e817, 0xb765d202,
+ 0xb765d202, 0xb765d202, 0xb765d2ae, 0xb765e3e0, 0xb7663275, 0xb765e1a2, 0xb766324e, 0xb765e0ba, 0xb765e01e, 0xb765df74, 0xb765d202, 0xb765d202,
+ 0xb7663189, 0xb76631d3, 0xb7663220, 0xb765e149, 0xb765d202, 0xb765de09, 0xb765dec0, 0xb765f2c0, 0xb765d202 <repeats 108 times>}
+ #13 0xb7664ac0 in PyEval_EvalCodeEx (co=0xb717b800, globals=0xb7160b54, locals=0x0, args=0x84babb8, argcount=9, kws=0x0, kwcount=0, defs=0xb719e978,
+ defcount=1, kwdefs=0x0, closure=0x0) at Python/ceval.c:3198
+ f = (PyFrameObject *) 0x825998c
+ retval = <value optimized out>
+ freevars = (PyObject **) 0x8259af0
+ tstate = (PyThreadState *) 0x809aab0
+ x = <value optimized out>
+ u = <value optimized out>
Luckily python3 ships with some gdb macros, which assist in dealing with
this mess. You can grab them over here
@@ -234,14 +232,14 @@ SIGTTOU, Stopped (tty output).*/, run stty -nostop before running gdb,
reattach the process with fg, close gdb properly, and start over.
Once you got the macros loaded properly at gdb startup, set a breakpoint
-on PyEval_EvalFrameEx after dionaea loaded everything:
+on PyEval_EvalFrameEx after dionaea loaded everything::
-break PyEval_EvalFrameEx
+ break PyEval_EvalFrameEx
-Then we have some useful macros for gdb:
+Then we have some useful macros for gdb::
-up
-pyframev
+ up
+ pyframev
pyframev combines the output of pyframe and pylocals.
diff --git a/doc/source/old/utils.rst b/doc/source/old/utils.rst
index 752362e..657767e 100644
--- a/doc/source/old/utils.rst
+++ b/doc/source/old/utils.rst
@@ -3,21 +3,21 @@ Utils
Dionaea ships with some utils, as these utils are written in python and
rely on the python3 interpreter dionaea requires to operate, this
-software can be found in modules/python/utils.
+software can be found in modules/python/utils::
- readlogsqltree <#readlogsqltree> -
- modules/python/readlogsqltree.py
+ readlogsqltree <#readlogsqltree> -
+ modules/python/readlogsqltree.py
readlogsqltree is a python3 script which queries the logsql sqlite
database for attacks, and prints out all related information for every
attack.
This is an example for an attack, you get the vulnerability exploited,
the time, the attacker, information about the shellcode, the file
-offered for download, and even the virustotal report for the file.
+offered for download, and even the virustotal report for the file::
-2010-10-07 20:37:27
- connection 483256 smbd tcp accept 10.0.1.11:445 <- 93.177.176.190:47650 (483256 None)
+ 2010-10-07 20:37:27
+ connection 483256 smbd tcp accept 10.0.1.11:445 <- 93.177.176.190:47650 (483256 None)
dcerpc bind: uuid '4b324fc8-1670-01d3-1278-5a47bf6ee188' (SRVSVC) transfersyntax 8a885d04-1ceb-11c9-9fe8-08002b104860
dcerpc bind: uuid '7d705026-884d-af82-7b3d-961deaeb179a' (None) transfersyntax 8a885d04-1ceb-11c9-9fe8-08002b104860
dcerpc bind: uuid '7f4fdfe9-2be7-4d6b-a5d4-aa3c831503a1' (None) transfersyntax 8a885d04-1ceb-11c9-9fe8-08002b104860
@@ -38,49 +38,47 @@ offered for download, and even the virustotal report for the file.
To create such report for your own honeypots activities for the last 24
-hours run:
+hours run::
-./readlogsqltree.py -t $(date '+%s')-24*3600 /opt/dionaea/var/dionaea/logsql.sqlite
+ ./readlogsqltree.py -t $(date '+%s')-24*3600 /opt/dionaea/var/dionaea/logsql.sqlite
- gnuplotsql <#gnuplotsql> - modules/python/gnuplotsql.py
+ gnuplotsql <#gnuplotsql> - modules/python/gnuplotsql.py
gnuplotsql is a very slow python3 script which runs some queries on the
logsql <#logsql> sqlite database and creates graphs with gnuplot of the
data, stores them on disk and creates an index of the data. The images
are per protocol and look like this: Overview for dionaea smbd.
Here <gnuplotsql> is how the whole thing looks like.
-To create such images of your own data, run:
+To create such images of your own data, run::
-./gnuplotsql.py -d /opt/dionaea/var/dionaea/logsql.sqlite -p smbd -p epmapper -p mssqld -p httpd -p ftpd
+ ./gnuplotsql.py -d /opt/dionaea/var/dionaea/logsql.sqlite -p smbd -p epmapper -p mssqld -p httpd -p ftpd
The blog got something on gnuplotsql as well:
- * 2010-12-05 sudden death <http://carnivore.it/2010/12/05/sudden_death>
- * 2010-10-01 Infosanity's Blog: gnuplotsql.py
- <http://blog.infosanity.co.uk/2010/10/01/gnuplotsql-py/>
- * 2010-09-19 gnuplotsql <http://carnivore.it/2010/09/19/gnuplotsql>
+ * `2010-12-05 sudden death <http://carnivore.it/2010/12/05/sudden_death>`_
+ * `2010-10-01 Infosanity's Blog: gnuplotsql.py <http://blog.infosanity.co.uk/2010/10/01/gnuplotsql-py/>`_
+ * `2010-09-19 gnuplotsql <http://carnivore.it/2010/09/19/gnuplotsql>`_
+::
- pg_backend <#pg_backend> - modules/python/xmpp/pg_backend.py
+ pg_backend <#pg_backend> - modules/python/xmpp/pg_backend.py
pg_backend is the backend for logxmpp <#logxmpp>, currently it is a
python2.x script which uses pyxmpp to access the xmpp service. It parses
the messages received and can store the events in a postgres database
-and the received files on disk. pg_backend requires an xmpp account.
-/without db/
+and the received files on disk. pg_backend requires an xmpp account::
+ /without db/
+ ./pg_backend.py -U USER@sensors.carnivore.it -P XMPPPASS -M dionaea.sensors.carnivore.it -C anon-files -C anon-events -f /tmp/
-./pg_backend.py -U USER@sensors.carnivore.it -P XMPPPASS -M dionaea.sensors.carnivore.it -C anon-files -C anon-events -f /tmp/
+ /with db/
+ create database
+ psql ...
-/with db/ create database
+ start backend
-psql ...
-
-start backend
-
-
-./pg_backend.py -U USER@sensors.carnivore.it -P XMPPPASS -M dionaea.sensors.carnivore.it -C anon-files -C anon-events -s DBHOST -u DBUSER -d xmpp -p DBPASS -f /tmp/
+ ./pg_backend.py -U USER@sensors.carnivore.it -P XMPPPASS -M dionaea.sensors.carnivore.it -C anon-files -C anon-events -s DBHOST -u DBUSER -d xmpp -p DBPASS -f /tmp/
diff --git a/conf/ihandlers/log_sqlite.yaml.in b/conf/ihandlers/log_sqlite.yaml.in
index 2866f25..d781ca1 100644
--- a/conf/ihandlers/log_sqlite.yaml.in
+++ b/conf/ihandlers/log_sqlite.yaml.in
@@ -1,3 +1,4 @@
- name: log_sqlite
config:
file: @LOCALESTATEDIR@/dionaea/dionaea.sqlite
+
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 962c18b..76f995c 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -5,7 +5,7 @@ If you want to change the software, it is really important to understand how it
:file:`dionaea.cfg` is the main configuration file.
In the example below you can see the default configuration.
-.. literalinclude:: ../../conf/dionaea.cfg.in
+.. literalinclude:: ../../conf/dionaea.cfg
:language: ini
:caption: dionaea.cfg
diff --git a/doc/source/ihandler/fail2ban.rst b/doc/source/ihandler/fail2ban.rst
index d0e0fe3..e6bb225 100644
--- a/doc/source/ihandler/fail2ban.rst
+++ b/doc/source/ihandler/fail2ban.rst
@@ -4,6 +4,6 @@ fail2ban
Example config
--------------
-.. literalinclude:: ../../../conf/ihandlers/fail2ban.yaml.in
+.. literalinclude:: ../../../conf/ihandlers/fail2ban.yaml
:language: yaml
:caption: ihandlers/fail2ban.yaml
\ No newline at end of file
diff --git a/doc/source/ihandler/log_db_sql.rst b/doc/source/ihandler/log_db_sql.rst
index ca85b78..a109c63 100644
--- a/doc/source/ihandler/log_db_sql.rst
+++ b/doc/source/ihandler/log_db_sql.rst
@@ -9,7 +9,7 @@ It uses `SQLAlchemy`_ to support different databases.
Example config
--------------
-.. literalinclude:: ../../../conf/ihandlers/log_db_sql.yaml.in
+.. literalinclude:: ../../../conf/ihandlers/log_db_sql.yaml
:language: yaml
:caption: ihandlers/log_db_sql.yaml
diff --git a/doc/source/ihandler/log_incident.rst b/doc/source/ihandler/log_incident.rst
index 3c62552..f9830a7 100644
--- a/doc/source/ihandler/log_incident.rst
+++ b/doc/source/ihandler/log_incident.rst
@@ -39,6 +39,6 @@ Format
Example config
--------------
-.. literalinclude:: ../../../conf/ihandlers/log_incident.yaml.in
+.. literalinclude:: ../../../conf/ihandlers/log_incident.yaml
:language: yaml
:caption: ihandlers/log_incident.yaml
diff --git a/doc/source/ihandler/log_json.rst b/doc/source/ihandler/log_json.rst
index e6f3bfe..000d5ac 100644
--- a/doc/source/ihandler/log_json.rst
+++ b/doc/source/ihandler/log_json.rst
@@ -46,6 +46,6 @@ Format of the connection information:
Example config
--------------
-.. literalinclude:: ../../../conf/ihandlers/log_json.yaml.in
+.. literalinclude:: ../../../conf/ihandlers/log_json.yaml
:language: yaml
:caption: ihandlers/log_json.yaml
diff --git a/doc/source/ihandler/log_sqlite.rst b/doc/source/ihandler/log_sqlite.rst
index e6cca5b..5450912 100644
--- a/doc/source/ihandler/log_sqlite.rst
+++ b/doc/source/ihandler/log_sqlite.rst
@@ -39,7 +39,8 @@ for more examples how to make use of the database.
Example config
--------------
-::
- .. literalinclude:: ../../../conf/ihandlers/log_sqlite.yaml.in
+.. literalinclude:: ../../../conf/ihandlers/log_sqlite.yaml
:language: yaml
:caption: ihandlers/log_sqlite.yaml
+
+
diff --git a/doc/source/ihandler/virustotal.rst b/doc/source/ihandler/virustotal.rst
index dc7923e..3f64a02 100644
--- a/doc/source/ihandler/virustotal.rst
+++ b/doc/source/ihandler/virustotal.rst
@@ -18,7 +18,7 @@ Configuration
Example config
--------------
-.. literalinclude:: ../../../conf/ihandlers/virustotal.yaml.in
+.. literalinclude:: ../../../conf/ihandlers/virustotal.yaml
:language: yaml
:caption: ihandlers/virustotal.yaml
diff --git a/doc/source/service/ftp.rst b/doc/source/service/ftp.rst
index 0f0d52b..0c54bc9 100644
--- a/doc/source/service/ftp.rst
+++ b/doc/source/service/ftp.rst
@@ -9,6 +9,7 @@ something interesting happening on port 21.
Example config
--------------
-.. literalinclude:: ../../../conf/services/ftp.yaml.in
+.. literalinclude:: ../../../conf/services/ftp.yaml
:language: yaml
- :caption: services/ftp.yaml
\ No newline at end of file
+ :caption: services/ftp.yaml
+
diff --git a/doc/source/service/http.rst b/doc/source/service/http.rst
index 9e34fce..847d928 100644
--- a/doc/source/service/http.rst
+++ b/doc/source/service/http.rst
@@ -41,7 +41,7 @@ root
Example config
--------------
-.. literalinclude:: ../../../conf/services/http.yaml.in
+.. literalinclude:: ../../../conf/services/http.yaml
:language: yaml
:caption: services/http.yaml
diff --git a/doc/source/service/tftp.rst b/doc/source/service/tftp.rst
index 436b616..6c159d8 100644
--- a/doc/source/service/tftp.rst
+++ b/doc/source/service/tftp.rst
@@ -9,6 +9,6 @@ tftp services.
Example config
--------------
-.. literalinclude:: ../../../conf/services/tftp.yaml.in
+.. literalinclude:: ../../../conf/services/tftp.yaml
:language: yaml
:caption: services/tftp.yaml
diff --git a/doc/source/service/upnp.rst b/doc/source/service/upnp.rst
index fa50de7..e28f928 100644
--- a/doc/source/service/upnp.rst
+++ b/doc/source/service/upnp.rst
@@ -4,6 +4,6 @@ UPnP
Example config
--------------
-.. literalinclude:: ../../../conf/services/upnp.yaml.in
+.. literalinclude:: ../../../conf/services/upnp.yaml
:language: yaml
:caption: services/upnp.yaml

19
dionaea-07_cython_el7.patch Normal file
View file

@ -0,0 +1,19 @@
On RHEL7 the python3 binary is actually naed python3.4.
The usual python3 is not available there.
Searching explicitly for python3.4 amongst the others will fix the issue.
Merged to upstream with 0.7.0
https://github.com/DinoTools/dionaea/pull/180
diff -ru dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/configure.ac dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/configure.ac
--- dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/configure.ac 2018-03-26 21:49:11.042568472 +0200
+++ dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/configure.ac 2018-03-26 21:49:29.854553159 +0200
@@ -580,7 +580,7 @@
[cython_dir="$withval"],[cython_dir=$PATH])
if test x$enable_cython = "xyes" ; then
- AC_PATH_PROGS(CYTHON_BIN, [cython3 cython], "no", $cython_dir)
+ AC_PATH_PROGS(CYTHON_BIN, [cython3.4 cython3 cython], "no", $cython_dir)
if test "x$CYTHON_BIN" == "xno" ; then
enable_cython="no"
fi

51
dionaea-08_modules_libdir.patch Normal file
View file

@ -0,0 +1,51 @@
fix hardcoded /lib dir
on 64 platform the RedHat based distrubutions prefer the lib directories to
have different names for 64 bit (lib64) and 32 bit (lib).
This fix allows to configure that at compile time.
https://github.com/DinoTools/dionaea/pull/181
diff -ru dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/modules/python/module.c dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/modules/python/module.c
--- dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/modules/python/module.c 2018-03-26 22:14:31.519330709 +0200
+++ dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/modules/python/module.c 2018-03-26 22:15:40.311274663 +0200
@@ -348,7 +348,7 @@
Py_Initialize();
- runtime.sys_path = g_string_new(PREFIX"/lib/dionaea/python/");
+ runtime.sys_path = g_string_new(LIBDIR"/dionaea/python/");
PyObject *name = PyUnicode_FromString("traceback");
runtime.traceback.module = PyImport_Import(name);
@@ -366,7 +366,7 @@
for (sys_path = sys_paths; *sys_path; sys_path++) {
if( strcmp(*sys_path, "default") == 0 ) {
- sprintf(relpath, "sys.path.insert(%i, '%s/lib/dionaea/python/')", i, PREFIX);
+ sprintf(relpath, "sys.path.insert(%i, '%s/dionaea/python/')", i, LIBDIR);
} else {
// ToDO
/* if( *sys_path == '/' )
diff -ru dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/src/modules.c dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/src/modules.c
--- dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.orig/src/modules.c 2018-03-26 22:14:31.504330721 +0200
+++ dionaea-d2efb768e753a7f1ddca6dbf402548d741f33574.new/src/modules.c 2018-03-26 22:21:08.852001664 +0200
@@ -114,7 +114,7 @@
for (name = names; *name; name++) {
gchar module_path[1024];
- if( g_snprintf(module_path, 1023, PREFIX"/lib/dionaea/%s.so", *name) == -1 )
+ if( g_snprintf(module_path, 1023, LIBDIR"/dionaea/%s.so", *name) == -1 )
return;
g_message("loading module %s (%s)", *name, module_path);
diff -ru dionaea-0.7.0.orig/config.h.cmake dionaea-0.7.0.new/config.h.cmake
--- dionaea-0.7.0.orig/config.h.cmake 2018-05-11 01:20:46.645826049 +0200
+++ dionaea-0.7.0.new/config.h.cmake 2018-05-11 01:18:51.860064505 +0200
@@ -8,6 +8,7 @@
#define DEBUG "${DEBUG}"
#define PREFIX "${CMAKE_INSTALL_PREFIX}"
+#define LIBDIR "${CMAKE_INSTALL_FULL_LIBDIR}"
#define SYSCONFDIR "${CMAKE_INSTALL_FULL_SYSCONFDIR}"
#define LOCALSTATEDIR "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}"
#define LOCALESTATEDIR "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}"

28
dionaea-09_setgroups_before_setresuid.patch Normal file
View file

@ -0,0 +1,28 @@
diff --git a/src/dionaea.c b/src/dionaea.c
index e52673d..d6c1e86 100644
--- a/src/dionaea.c
+++ b/src/dionaea.c
@@ -774,10 +774,19 @@ opt->stdOUT.filter);
g_error("Could not change group");
}
- if( opt->user.name != NULL &&
- setresuid(opt->user.id, opt->user.id, opt->user.id) < 0 )
- {
- g_error("Could not change user");
+ if( opt->user.name != NULL )
+ {
+ /* try to drop any (superuser) groups before dropping root privileges */
+ if ( setgroups(0, NULL) < 0 )
+ {
+ g_warning("Setgroups dropping groups failed");
+ }
+
+ /* drop from root privileges to normal user */
+ if( setresuid(opt->user.id, opt->user.id, opt->user.id) < 0 )
+ {
+ g_error("Could not change user");
+ }
}
options_free(opt);

16
dionaea-10_chdir_before_chroot.patch Normal file
View file

@ -0,0 +1,16 @@
Fix the potential vunerability of current working directory being off the chroot
Merged upstream in 0.7.0
diff --git a/src/dionaea.c b/src/dionaea.c
index e52673d..88ac690 100644
--- a/src/dionaea.c
+++ b/src/dionaea.c
@@ -720,7 +720,8 @@ opt->stdOUT.filter);
// chroot
if( opt->root != NULL )
{
- if ( chroot(opt->root) != 0 )
+ /* change working dir to the new root directory and chroot */
+ if ( chdir(opt->root) != 0 && chroot(opt->root) != 0 )
{
g_error("Could not chroot(\"%s\") (%s)", opt->root, strerror(errno));
} else

14
dionaea-11_obsolete_m4.patch Normal file
View file

@ -0,0 +1,14 @@
Merged upstream in 0.7.0
diff -up dionaea-1748f3b3936aa1da2d92500251ae8010fe181dfc/configure.ac.fix_obsolete_macros dionaea-1748f3b3936aa1da2d92500251ae8010fe181dfc/configure.ac
--- dionaea-1748f3b3936aa1da2d92500251ae8010fe181dfc/configure.ac.fix_obsolete_macros 2018-03-26 12:08:28.000000000 +0200
+++ dionaea-1748f3b3936aa1da2d92500251ae8010fe181dfc/configure.ac 2018-04-07 14:42:03.306757293 +0200
@@ -25,7 +25,7 @@ AC_C_BIGENDIAN
# Checks for programs.
AC_PROG_CC
AC_PROG_MAKE_SET
-AC_PROG_LIBTOOL
+LT_INIT
AC_CHECK_HEADERS([stdint.h stdlib.h string.h strings.h unistd.h netpacket/packet.h execinfo.h linux/sockios.h])

102
dionaea.initd Normal file
View file

@ -0,0 +1,102 @@
#! /bin/sh
#
# Startup script for dionaea
#
# chkconfig: - 39 61
# description: Starts and stops the dionaea honeypot
### BEGIN INIT INFO
# Provides: dionaea
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Default-Start:
# Default-Stop:
# Short-Description: Starts and stops the dionaea
# Description: Dionaea is a low-interaction honeypot
### END INIT INFO
[ -f /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
exec=/usr/sbin/dionaea
prog=dionaea
dionaea_ARGS="--detach"
[ -e /etc/sysconfig/dionaea ] && . /etc/sysconfig/dionaea
args="${dionaea_ARGS}"
lockfile=/var/lock/subsys/$prog
start() {
[ -x $exec ] || exit 5
[ -f $config ] || exit 6
echo -n $"Starting $prog: "
daemon "$exec $args"
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc "$prog"
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
restart
}
force_reload() {
restart
}
rh_status() {
# run checks to determine if the service is running or use generic status
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?

23
dionaea.logrotate Normal file
View file

@ -0,0 +1,23 @@
# logrotate requires dionaea to be started with a pidfile
# in this case -p /opt/dionaea/var/run/dionaea.pid
# adjust the path to your needs
/var/log/dionaea/dionaea.log /var/log/dionaea/dionaea-errors.log {
notifempty
missingok
rotate 31
daily
compress
delaycompress
su dionaea dionaea
create 660 dionaea dionaea
dateext
postrotate
# Simple reload of the configuration with HUP should, but doesn't work
# https://github.com/DinoTools/dionaea/issues/206
# https://github.com/DinoTools/dionaea/blob/master/doc/source/old/configuration.rst
# kill -HUP `cat /var/run/dionaea.pid`
# do full service restart instead
/bin/systemctl -q is-active dionaea.service && /bin/systemctl restart dionaea.service > /dev/null 2>/dev/null || true
endscript
}

21
dionaea.rpmlintrc Normal file
View file

@ -0,0 +1,21 @@
from Config import addFilter
addFilter('dionaea-debugsource.*no-documentation')
addFilter('dionaea.*: spelling-error.*nepenthes')
addFilter('dionaea.*: spelling-error.*libemu')
addFilter('dionaea.*: spelling-error.*shell-codes')
addFilter('dionaea.*: spelling-error.*TLS')
# Permissions in /var/lib/dionaea /var/log/dionaea for the dionaea account are right
addFilter('dionaea.*: non-standard-uid /var/l../dionaea.*dionaea')
addFilter('dionaea.*: non-standard-gid /var/l../dionaea.*dionaea')
addFilter('dionaea.*: non-standard-dir-perm /var/l../dionaea.*750')
# Yes the two manpages are missing
addFilter('dionaea.*: no-manual-page-for-binary gnuplotsql')
addFilter('dionaea.*: no-manual-page-for-binary readlogsqltree')
# Postun has 2 branch conditional, is not empty
addFilter('dionaea.*: empty-%postun')

15
dionaea.service Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=Dionaea low interaction honeypot
Documentation=man:dionaea https://dionaea.readthedocs.io/
After=multi-user.target
[Service]
Type=forking
PIDFile=/var/run/dionaea.pid
EnvironmentFile=-/etc/sysconfig/dionaea
ExecStart=/usr/sbin/dionaea -D $DUSER $DGROUP $DWORKDIR $LOGLEVELS $LOGDOMAINS $PIDFILE $MISC
[Install]
WantedBy=dionaea.target

579
dionaea.spec Normal file
View file

@ -0,0 +1,579 @@
Name: dionaea
Version: 0.7.0
Summary: Low interaction honeypot
# Show as the RPM release number (keep same number line for tarball and git builds)
%global baserelease 11
%if 0%{?rhel}
# Group needed for EPEL
Group: Applications/System
%endif
# Dionaea package is licensed with GPLv2
# On top of that it is granting one exception extra - it is permitted by the license
# to link modified binary files in the src/ directory against the openssl libraries.
License: GPLv2 with exceptions
URL: https://dionaea.readthedocs.io/
# Current source:
# https://github.com/DinoTools/dionaea
# Original site (dissappeared in 2013, but still available from archives):
# https://dionaea.carnivore.it -> https://web.archive.org/web/20150820080019/https://dionaea.carnivore.it
# Another forks:
# https://github.com/rep/dionaea
# https://gitlab.labs.nic.cz/honeynet/dionaea/
# https://github.com/devwerks/dionaea
# https://github.com/RootingPuntoEs/DionaeaFR/
# https://github.com/ManiacTwister/dionaea/
# https://github.com/tklengyel/dionaea
# https://github.com/rep/dionaea
# Installation:
# https://www.aldeid.com/wiki/Dionaea/Installation
# Specification of the used GIT commit
%global gituser DinoTools
%global gitname dionaea
%global commit 079d014f47a71cc85a86bd836a9a4533e98d7385
%global gitdate 20180501
%global shortcommit %(c=%{commit}; echo ${c:0:7})
# Use systemd unit files on Fedora and RHEL 7 and above.
%bcond_without systemd
%if (0%{?rhel} && 0%{?rhel} < 7)
%bcond_with systemd
%endif
# By default build from official release
# leave option here to build from git snapshot instead
%bcond_with snapshot
%if 0%{?with_snapshot}
# not using 0. on the beginning of release as this git snapshot is past the 0.7.0 release
Release: %{baserelease}.%{gitdate}git%{shortcommit}%{?dist}
Source0: https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz
%else
Release: %{baserelease}%{?dist}
Source0: https://github.com/%{gituser}/%{gitname}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
%endif
Source1: %{name}.sysconfig
Source2: %{name}.initd
Source3: %{name}.service
Source4: %{name}.logrotate
# Use the glib CFLAGS and LDFLAGS during build where necessary
# https://github.com/DinoTools/dionaea/issues/161
# https://github.com/DinoTools/dionaea/pull/160
# Merged in in https://github.com/DinoTools/dionaea/commit/1748f3b3936aa1da2d92500251ae8010fe181dfc
# Patch1: dionaea-01_glib.patch
# Get rid of the warning about not used return value from chdir.
# https://github.com/DinoTools/dionaea/issues/162
# https://github.com/DinoTools/dionaea/pull/163
# Merged in in https://github.com/DinoTools/dionaea/commit/ea5d54060af53250abfe3dde9f36af399fa30524
# Patch2: dionaea-02_warnerror.patch
# ipv6 structures in <netinet/in.h> are used by the <sys/socket.h>
# ipv6 structures needs explicit CFLAGS " -D_GNU_SOURCE" to compile on linux
# just cosmetics - not reported yet to upstream
Patch3: dionaea-03_in6_pktinfo.patch
# Unbundle the pyev library and use the system one
# https://github.com/DinoTools/dionaea/issues/166
Patch4: dionaea-04_pyev.patch
# Have a dedicated variable for the python sitelib, so it can be easily changed externally when building the system package.
# https://github.com/DinoTools/dionaea/issues/164
# https://github.com/DinoTools/dionaea/pull/165
# Merged in in https://github.com/DinoTools/dionaea/commit/890ae5e85f55130be928b03b751b5f7cd1032f21
# Patch5: dionaea-05_sitelib.patch
# Fix warnings during the generation of documentation
# https://github.com/DinoTools/dionaea/issues/170
# https://github.com/DinoTools/dionaea/pull/179
Patch6: dionaea-06_docswarn.patch
# Fix configure not finding the cython on RHEL7/Centos7
# https://github.com/DinoTools/dionaea/pull/180
# Merged to upstream with 0.7.0
# Patch7: dionaea-07_cython_el7.patch
# Fix hardcoded lib dir
# https://github.com/DinoTools/dionaea/pull/181
Patch8: dionaea-08_modules_libdir.patch
# Call setgroups before setresuid
# https://github.com/DinoTools/dionaea/issues/177
# https://github.com/DinoTools/dionaea/pull/178
Patch9: dionaea-09_setgroups_before_setresuid.patch
# Call chdir before chroot
# https://github.com/DinoTools/dionaea/issues/176
# https://github.com/DinoTools/dionaea/pull/175
# Merged upstream in 0.7.0
# Patch10: dionaea-10_chdir_before_chroot.patch
# Not use obsolete m4 macros
# https://github.com/DinoTools/dionaea/pull/182
# Merged upstream in 0.7.0
# Patch11: dionaea-11_obsolete_m4.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: flex
BuildRequires: bison
BuildRequires: pkgconfig
BuildRequires: sqlite
BuildRequires: git
BuildRequires: libev-devel
BuildRequires: libemu-devel
BuildRequires: udns-devel
BuildRequires: libnl3-devel
BuildRequires: glib2-devel
BuildRequires: curl-devel
BuildRequires: readline-devel
BuildRequires: libpcap-devel
BuildRequires: libsq3-devel
BuildRequires: sqlite
BuildRequires: openssl-devel
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-Cython
%if 0%{?with_systemd}
BuildRequires: systemd-units
%endif
# Optional dependencies
BuildRequires: loudmouth-devel
BuildRequires: libnetfilter_queue-devel
BuildRequires: libnl3-devel
# Missing dependencies
# Documentation generation
%if 0%{?rhel} && 0%{?rhel} <= 7
BuildRequires: python-sphinx
%else
BuildRequires: python3-sphinx
%endif
BuildRequires: make
Requires: logrotate
# Base package can't run without the python module
Requires: python%{python3_pkgversion}-dionaea
%if 0%{?with_systemd}
%{?systemd_requires}
%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
%endif
Requires(pre): shadow-utils
%description
Dionaea honeypot is meant to be a nepenthes successor, embedding python
as scripting language, using libemu to detect shell-codes, supporting
ipv6 and TLS.
# ============= documentation package ==========================================
%package doc
Summary: Documentation for the dionaea honeypot package
BuildArch: noarch
%description doc
This is documentation for the dionaea honeypot package.
Dionaea honeypot is meant to be a nepenthes successor, embedding python
as scripting language, using libemu to detect shell-codes, supporting
ipv6 and TLS.
# ============= python3 package ================================================
%package -n python%{python3_pkgversion}-%{gitname}
Summary: Python3 binding for the dionaea honeypot
%{?python_provide:%python_provide python%{python3_pkgversion}-%{gitname}}
# Runtime dependencies
Requires: python%{python3_pkgversion}-pyev
Requires: python%{python3_pkgversion}-bson
Requires: python%{python3_pkgversion}-PyYAML
Requires: python%{python3_pkgversion}-scapy
Requires: python%{python3_pkgversion}-sqlalchemy
%description -n python%{python3_pkgversion}-%{gitname}
This is a Python3 library that gives access to dionaea honeypot functionality.
# ============= preparation ====================================================
%prep
%if 0%{?with_snapshot}
# Build from git snapshot
%autosetup -p 1 -n %{gitname}-%{commit} -N
%else
# Build from git release version
%autosetup -p 1 -n %{gitname}-%{version} -N
%endif
# Re-initialize the git repo, to track changes even on files ignored by the upstream
rm -rf .git
# Remove the .gitignore to prevent ignoring changes in some files
rm -f .gitignore
git init -q
git config user.email "rpmbuild"
git config user.name "rpmbuild"
git add .
git commit -a -m "base"
%autopatch -p 1
# Unbundle the pyev library and use the system one
# https://github.com/DinoTools/dionaea/issues/169
rm -rf modules/python/pyev
# Fix paths - remove the hardcoded prefix /opt/dionaea
# https://github.com/DinoTools/dionaea/issues/168
sed -i -e "s|/opt/dionaea[/]*|/|g;" \
modules/python/util/readlogsqltree.py \
modules/python/util/logsql2postgres.py \
modules/python/util/gnuplotsql.py \
modules/python/util/updateccs.py \
src/dionaea.c \
vagrant/build.sh
# replace in documentation the prefix/destdir /opt/dionaea with variable ${DESTDIR}
# https://github.com/DinoTools/dionaea/issues/168
sed -i -e "s|/opt/dionaea/var/dionaea|${DESTDIR}/var/lib/dionaea|g;" \
doc/html/index.html \
doc/source/tips_and_tricks.rst \
doc/source/old/configuration.rst \
doc/source/old/utils.rst \
modules/python/util/readlogsqltree.py
# move /var/dionaea to /var/lib/dionaea according to Linux FHS
# Fedora specific - not reported upstream
sed -i -e "s|/var/dionaea|/var/lib/dionaea|g;" \
modules/python/util/readlogsqltree.py \
modules/python/util/gnuplotsql.py
# Change var/dionaea to var/lib/dionaea for the location of sip user database
sed -i -e "s|var/dionaea|var/lib/dionaea|g;" \
modules/python/dionaea/sip/extras.py
# move /var/dionaea to /var/lib/dionaea according to Linux FHS
# Fedora specific - not reported upstream
sed -i -e 's|\$(localstatedir)/dionaea/|\$(localstatedir)/lib/dionaea/|g;' \
Makefile.am
# move /var/dionaea to /var/lib/dionaea according to Linux FHS
# Fedora specific - not reported upstream
sed -i -e 's|@LOCALESTATEDIR@/dionaea/|@LOCALESTATEDIR@/lib/dionaea/|g;' \
conf/dionaea.cfg.in \
conf/ihandlers/fail2ban.yaml.in \
conf/ihandlers/log_db_sql.yaml.in \
conf/ihandlers/log_incident.yaml.in \
conf/ihandlers/log_json.yaml.in \
conf/ihandlers/log_sqlite.yaml.in \
conf/ihandlers/virustotal.yaml.in \
conf/services/sip.yaml.in \
conf/services/http.yaml.in \
conf/services/ftp.yaml.in \
conf/services/tftp.yaml.in \
conf/services/upnp.yaml.in
# move the logs from /var/lib/dionaea to /var/log/dionaea
sed -i -e 's|@LOCALESTATEDIR@/lib/dionaea/dionaea.log|@LOCALESTATEDIR@/log/dionaea/dionaea.log|g;
s|@LOCALESTATEDIR@/lib/dionaea/dionaea-errors.log|@LOCALESTATEDIR@/log/dionaea/dionaea-errors.log|g;
' conf/dionaea.cfg.in
# Change the hardoced minor python3.2 version especially in shabang to python3
# https://github.com/DinoTools/dionaea/issues/169
sed -i -e 's|python3.2|python3|g;' \
m4/az_python.m4 \
doc/html/index.html \
modules/python/util/readlogsqltree.py
# Scripts should run with /usr/bin/python3 shabang and not /bin/python3
sed -i -e 's|#!/bin/python3|#!/usr/bin/python3|;' \
modules/python/util/readlogsqltree.py \
modules/python/util/logsql2postgres.py \
modules/python/util/gnuplotsql.py \
modules/python/util/updateccs.py
git commit -a -m "finished prep"
# ============= Build ==========================================================
%build
autoreconf -vif
# --disable-werror because of https://github.com/DinoTools/dionaea/issues/225
%configure --enable-python --with-python=`which python3` --with-glib=glib --with-nl-include=/usr/include/libnl3 --disable-werror
make %{?_smp_mflags} CFLAGS="%{optflags} -Wno-error -D_GNU_SOURCE -std=c99"
cd doc
make html
make man
rm -rf build/html/.{doctrees,buildinfo}
cd ..
# ============= Install ========================================================
%install
# Use only the sitearch directory, otherwise python will be confused
# by not having native and python modules in the same directory
%make_install PYTHON_SITELIB=%{python3_sitearch} PYTHON_SITEARCH=%{python3_sitearch}
# *.a *.la files not allowed for fedora
find %{buildroot} '(' -name '*.a' -o -name '*.la' ')' -delete
# Fix permissions
chmod -x \
%{buildroot}%{_sharedstatedir}/%{name}/share/python/http/template/nginx/autoindex.html.j2 \
%{buildroot}%{_sharedstatedir}/%{name}/share/python/http/template/nginx/error.html.j2
# Move dionaea to sbin dir
# TODO - report upstream
mkdir -p %{buildroot}%{_sbindir}
mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_sbindir}/%{name}
# Install the manpage
# TODO - report upstream
install -d %{buildroot}%{_mandir}/man1/
install -p -D -m 644 doc/build/man/%{name}.1 %{buildroot}%{_mandir}/man1/%{name}.1
mv doc/build/html/ ./html
# install the service parameter configuration
# TODO - report upstream
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
# install the service init files
%if 0%{?with_systemd}
# install systemd service files
mkdir -p %{buildroot}%{_unitdir}
install -p -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}.service
%else
# install legacy SysV init scripts
mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
install -p -D -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/%{name}
%endif
# Install logrotate
install -p -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
# Create the log directory
mkdir -p %{buildroot}%{_localstatedir}/log/%{name} || :
# Create directories to capture binaries and payloads
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/binaries || :
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/bistreams || :
# Create directory for the content templates
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/roots/ftp || :
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/roots/tftp || :
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/roots/www || :
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/roots/upnp || :
touch %{buildroot}%{_sharedstatedir}/%{name}/dionaea.sqlite
touch %{buildroot}%{_sharedstatedir}/%{name}/dionaea_incident.sqlite
touch %{buildroot}%{_sharedstatedir}/%{name}/sipaccounts.sqlite
# ============= Scriptlets ==========================================================
%post
%if 0%{?with_systemd}
%systemd_post %{name}.service
%else
/sbin/chkconfig --add %{name}
%endif
%preun
%if 0%{?with_systemd}
%systemd_preun %{name}.service
%else
if [ $1 -eq 0 ] ; then
/sbin/service %{name} stop >/dev/null 2>&1 || :
/sbin/chkconfig --del %{name}
fi
%endif
%postun
%if 0%{?with_systemd}
%systemd_postun %{name}.service
%else
if [ $1 -eq 1 ] ; then
/sbin/service %{name} condrestart >/dev/null 2>&1 || :
fi
%endif
%pre
getent group dionaea >/dev/null || groupadd -r dionaea || :
getent passwd dionaea >/dev/null || \
useradd -r -g dionaea -d /home/dionaea -s /sbin/nologin \
-c "Dionaea honeypot" dionaea || :
# ============= package files ==================================================
%files
%license LICENSE
%doc README.md
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/*
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_sbindir}/%{name}
%{_bindir}/gnuplotsql
%{_bindir}/readlogsqltree
%{_libdir}/%{name}/
%exclude %{_libdir}/%{name}/python.so
%{_mandir}/man1/%{name}.1.*
%attr(0750,dionaea,dionaea) %dir %{_localstatedir}/log/%{name}
%attr(0750,dionaea,dionaea) %dir %{_sharedstatedir}/%{name}
%attr(0750,dionaea,dionaea) %dir %{_sharedstatedir}/%{name}/binaries
%attr(0750,dionaea,dionaea) %dir %{_sharedstatedir}/%{name}/bistreams
%attr(-,dionaea,dionaea) %{_sharedstatedir}/%{name}/roots/
%attr(-,dionaea,dionaea) %{_sharedstatedir}/%{name}/share/
%attr(-,dionaea,dionaea) %{_sharedstatedir}/%{name}/dionaea.sqlite
%attr(-,dionaea,dionaea) %{_sharedstatedir}/%{name}/dionaea_incident.sqlite
%attr(-,dionaea,dionaea) %{_sharedstatedir}/%{name}/sipaccounts.sqlite
%if 0%{?with_systemd}
%{_unitdir}/*.service
%else
%{_initrddir}/*
%endif
%files doc
%doc README.md
%doc html
%files -n python%{python3_pkgversion}-%{gitname}
%license LICENSE
%doc README.md
%dir %{python3_sitearch}/%{name}
%{_libdir}/%{name}/python.so
%{python3_sitearch}/%{name}/*
%{python3_sitearch}/%{name}-*egg-info
%changelog
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.7.0-9
- Rebuilt for Python 3.9
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 24 2019 Michal Ambroz <rebus at, seznam.cz> 0.7.0-7
- switch to glib2 based on #1766678 to modernize and prepare for epel8
* Thu Oct 24 2019 Michal Ambroz <rebus at, seznam.cz> 0.7.0-6
- rebuilt rawhide after ressurection of libdasm/libemu
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.7.0-5.3
- Rebuilt for Python 3.8
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-5.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-5.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jul 30 2018 Adam Williamson <awilliam@redhat.com> - 0.7.0-5
- Disable -Werror to fix build (see upstream #225)
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-4.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.7.0-4.1
- Rebuilt for Python 3.7
* Mon Jun 18 2018 Michal Ambroz <rebus at, seznam.cz> 0.7.0-4
- anothe improvement of logrotate script
- add the empty files for dionaea.sqlite dionaea_incident.sqlite sipaccounts.sqlite
* Mon Jun 04 2018 Michal Ambroz <rebus at, seznam.cz> 0.7.0-3
- fix logrotate script
- use the current version of openssl (needs to be same as curllib is using)
* Thu May 10 2018 Michal Ambroz <rebus at, seznam.cz> 0.7.0-1
- bump to release 0.7.0
* Mon May 07 2018 Michal Ambroz <rebus at, seznam.cz> 0.6.0-10.20180326git1748f3b
- cosmetics, changing description in the systemd service
* Mon Apr 30 2018 Michal Ambroz <rebus at, seznam.cz> 0.6.0-9.20180326git1748f3b
- add runtime python dependencies
- fix location of sip user database
* Mon Apr 30 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 0.6.0-8.20180326git1748f3b
- Fix condition for python-sphinx on Fedora
* Fri Apr 20 2018 Michal Ambroz <rebus at, seznam.cz> 0.6.0-7.20180326git1748f3b
- fix the link creation to python core library
* Mon Apr 09 2018 Michal Ambroz <rebus at, seznam.cz> 0.6.0-6.20180326git1748f3b
- fix log rotation, move the logs to /var/log/dionaea
- create user dionaea:dionaea
- grant shared stare dir/files to the dionaea user account
* Mon Apr 09 2018 Michal Ambroz <rebus at, seznam.cz> 0.6.0-5.20180326git1748f3b
- clean-up based on review in #1564716
* Fri Apr 06 2018 Michal Ambroz <rebus at, seznam.cz> 0.6.0-4.20180326git1748f3b
- update to current git snapshot, add logrotate and service files
* Wed Mar 21 2018 Michal Ambroz <rebus at, seznam.cz> 0.6.0-3.20180313gitd2efb76
- fix openssl dependency for EPEL7 build
* Wed Mar 21 2018 Michal Ambroz <rebus at, seznam.cz> 0.6.0-2.20180313gitd2efb76
- bump to commit d2efb768e753a7f1ddca6dbf402548d741f33574
- unbundle pyev and refer to system-installed pyev
- remove the hardcoded default prefix /opt/dionaea
- move from /var/dionaea to /var/lib/dionaea
- fix the doc generation warnings
* Thu Dec 28 2017 Michal Ambroz <rebus at, seznam.cz> 0.6.0-1
- initial package

18
dionaea.sysconfig Normal file
View file

@ -0,0 +1,18 @@
# Dionaea commandline options
DUSER='--user=dionaea'
DGROUP='--group=dionaea'
DWORKDIR='--workingdir=/'
#LOGLEVELS='--log-levels=all'
LOGLEVELS='--log-levels=all,-debug'
#LOGDOMAINS='--log-domains=con*,py*'
LOGDOMAINS='--log-domains=*'
PIDFILE='--pid-file=/var/run/dionaea.pid'
#MISC='--chroot=/dionaea/chrootdir'
MISC=''

1
sources Normal file
View file

@ -0,0 +1 @@
SHA512 (dionaea-0.7.0.tar.gz) = fec39d97ff48f3f72d3e1406c4e6889567d31fe7bf15d7934b23d6fa81d74a7051d3a865019ff5f308f69dbfc29d21d0a98abccdd502261368220ee73a570cf8