Honeypots mailing list archives
Controlling a Honeynet Control/Containment Device
From: Rob McMillen <rvmcmil () cablespeed com>
Date: Mon, 21 Apr 2003 13:46:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How many of you have found the rc.firewall script hard to figure out? What variables need to be set to properly configure the firewall to contain/control your Honeynet? Well, here is my first attempt at making it easier to use and deploy. It is called honeyctl.sh, and you can download it from: http://project.honeynet.org/papers/honeynet/tools/honeyctl.tgz This tar ball consists of two files. The script, honeyctl.sh, and the actual firewall rules, honeyctl.rules. It will allow you to execute the following commands: honeyctl.sh [command] 1. stop - This command will shutdown the gateway by flushing the ruleset and setting the default policy to DROP. It will not affect the management interface. 2. status - This command will return a list of all firewall rules. 3. interface - This command will return network interface information. 4. bridge - This command will return bridge information. 5. reload - This reloads the previous gateway configuration. 6. zero - This zeroes the iptable chain packet and byte counters. 7. new - This command deletes previous configuration files and starts the interview process. 8. date - This provides the system date and time. 9. inline_status - Tells if snort_inline is running in daemon mode. 10. generate - This command generates the rc.firewall script via the use of an interview (without comments). 11. HELP - This command tells the user how to use the script and what each command means. An added benefit, is the ability to remotely control the device remotely via a management interface. By using ssh and this script, remote management becomes a reality. Once you have ssh configured per your preferences, either public/private key or password, you can execute the script commands as follows (script must reside on device). from a system that is not the honeynet firewall, ssh root@device /root/honeyctl.sh [command] the above command assumes the device name is device, and that the honeyctl.sh and honeyctl.rules files are located on the /root directory of the firewall. All commands are available remotely. Please give this a try and let me know what you think, good or bad. Rob -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPqQuj/nAyY+9KLjdEQI0pgCg4CyvWpaGWpK85ym5/Ymz1IWGSX8AoNHc zsODb90Du25vqy28kPh+1QPu =T9If -----END PGP SIGNATURE-----
Current thread:
- Controlling a Honeynet Control/Containment Device Rob McMillen (Apr 21)