chrisbdaemon / beartrap Goto Github PK

Once I enable a TCPPort and run an nmap scan from another machine the program crashes.
nmap 10.1.1.1

tbennett@fserver:~/beartrap$ sudo ruby bear_trap.rb -c config.yml -d
Trying to load trigger: {"type"=>"TCPPort", "port"=>3389, "address"=>"0.0.0.0"}
Loading /home/tbennett/beartrap/lib/Trigger/TCPPortTrigger.rb
/home/tbennett/beartrap/lib/Trigger/TCPPortTrigger.rb loaded successfully
Checking parameters for #TCPPortTrigger:0x00000002a2b618
Parameters verified for #TCPPortTrigger:0x00000002a2b618
Trying to load trigger: {"type"=>"FTP", "banner"=>"BearTrap-ftpd Service ready"}
Loading /home/tbennett/beartrap/lib/Trigger/FTPTrigger.rb
/home/tbennett/beartrap/lib/Trigger/FTPTrigger.rb loaded successfully
Checking parameters for #FTPTrigger:0x00000002a647d8
Parameters verified for #FTPTrigger:0x00000002a647d8
Loading /home/tbennett/beartrap/lib/AlertHandler/CommandlineAlertHandler.rb
/home/tbennett/beartrap/lib/AlertHandler/CommandlineAlertHandler.rb loaded successfully
Checking parameters for #CommandlineAlertHandler:0x00000002a83a48
Parameters verified for #CommandlineAlertHandler:0x00000002a83a48
Binding TCP socket to: 0.0.0.0:3389
Binding FTP server to 0.0.0.0:21
Created thread for #TCPServer:0x00000002a82ff8
Created thread for #TCPServer:0x00000002a83160
Command: /sbin/iptables -A INPUT -s 10.1.1.102 -j DROP
/home/tbennett/beartrap/lib/AlertHandler/CommandlineAlertHandler.rb:55:in handle_alert': undefined methodsuccess?' for nil:NilClass (NoMethodError)
from bear_trap.rb:86:in block in got_alert' from bear_trap.rb:85:ineach'
from bear_trap.rb:85:in got_alert' from /home/tbennett/beartrap/lib/Trigger/TCPPortTrigger.rb:63:inblock (2 levels) in set_trigger'
from /home/tbennett/beartrap/lib/Trigger/TCPPortTrigger.rb:51:in loop' from /home/tbennett/beartrap/lib/Trigger/TCPPortTrigger.rb:51:inblock in set_trigger'

Hi love the software.

When I try something like these commands
block_command: "/bin/echo $IP
block_command: "/bin/echo $IP >> bans.txt"
It doesn't appear to run these commands.

Then after more testing the iptables commands don't appear to be working either.
block_command: "/sbin/iptables -A INPUT -s $IP -j DROP"
unblock_command: "/sbin/iptables -D INPUT -s $IP -j DROP"

When I run these commands outside of beartrap they work. Any ideas?

Ubuntu Server 14.04.1

root@fserver:/home/tbennett/beartrap# ruby bear_trap.rb -c config.yml -d
Trying to load trigger: {"type"=>"FTP", "banner"=>"BearTrap-ftpd Service ready"}
Loading /home/tbennett/beartrap/lib/Trigger/FTPTrigger.rb
/home/tbennett/beartrap/lib/Trigger/FTPTrigger.rb loaded successfully
Checking parameters for #FTPTrigger:0x0000000118b040
Parameters verified for #FTPTrigger:0x0000000118b040
Loading /home/tbennett/beartrap/lib/AlertHandler/CommandlineAlertHandler.rb
/home/tbennett/beartrap/lib/AlertHandler/CommandlineAlertHandler.rb loaded successfully
Checking parameters for #CommandlineAlertHandler:0x000000011a9248
Parameters verified for #CommandlineAlertHandler:0x000000011a9248
Binding FTP server to 0.0.0.0:21
Created thread for #TCPServer:0x000000011ba390
Command: /sbin/iptables -A INPUT -s 10.1.1.102 -j DROP

bear_trap.rb:33
require 'Distributor'

From the commit logs, it looks like this was used previously, but now has been removed.

I'm a linux newbie...I don't know if I'm doing this right.

I used git clone https://github.com/chrisbdaemon/Bear/Trap to get the repository.

When I try to start it up, this is what I get

root@raspberrypi:/opt/BearTrap# sudo ruby bear_trap.rb -c config.yml
/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in require': cannot load such file -- getopt/long (LoadError) from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:inrequire'
from bear_trap.rb:29:in `

I have no idea what this means, any help would be greatly appreciated