Comments (7)
Hey @AntoninHL!, I will make some changes in the next week or so (This will allow users to change a port or disable a server)
from chameleon.
@AntoninHL I have added some changes that allow you to do that
Check out the configuration file
That file will have an entry named honeypots, you can choose what honeypots to keep, disable, or change a port
{
"logs":"db",
"logs_location":"",
"host":"chameleon_postgres",
"port":9999,
"username":"changeme027a088931d22",
"password":"changeme0f40773877963",
"db":"chameleon",
"interface":"eth0",
"honeypots":"ftp:21,ssh:22,telnet:23,smtp:25,dns:53,http:80,pop3:110,imap:143,https:443,postgres:5432,smb:445,socks5:1080,mysql:3306,vnc:5900,redis:6379,httpproxy:8080"
}
from chameleon.
Thanks @giga-a
But seems that config.json is not taken into account by ./run.sh auto_configuration
command...
I don't really understand why...
from chameleon.
Hey @AntoninHL
Thanks for getting back to me!
I don't really understand why...
The ./run.sh auto_configure
command uses different configurations file (docker-compose-dev.yml
). It publishes any port defined in the ports
element.
If your host is running ssh on port 22 and docker-compose-dev.yml
has '22:22'
in the ports
element, it will show something like
ERROR: for honeypots Cannot start service honeypots: driver failed programming external connectivity on endpoint chameleon_honeypots_1 (34a10704281a3b9ac7cfd4801b9230493b89223b0e2818e2fe953af4578ccb27): Error starting userland proxy: listen tcp4 0.0.0.0:22: bind: address already in use
If your host is running Apache on port 80 and docker-compose-dev.yml
has '80:80'
in the ports
element, it will show something like
ERROR: for honeypots Cannot start service honeypots: driver failed programming external connectivity on endpoint chameleon_honeypots_1 (4cd76dcc58a75d26ab268c01606839ecc380b629f39706032607598969f85a14): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use
And so on,
To fix the issue, remove the service port from the ports
element in docker-compose-dev.yml
Instead of this
ports:
- '21:21'
- '22:22'
- '23:23'
- '25:25'
- '80:80'
- '110:110'
- '143:143'
- '443:443'
- '445:445'
- '1080:1080'
- '1433:1433'
- '3306:3306'
- '3389:3389'
- '5900:5900'
- '6379:6379'
- '8080:8080'
- '9200:9200'
ftp, telnet and smtp only (Add your desired ports, but not the ones that cause the issue)
ports:
- '21:21'
- '23:23'
- '25:25'
And everything should work correctly
postgres_1 | WARNING: no logs are available with the 'none' log driver
grafana | WARNING: no logs are available with the 'none' log driver
honeypots_1 | Your IP: 172.25.0.2
honeypots_1 | Your MAC: 01:01:01:01:01:01
honeypots_1 | Wait for 10 seconds..
honeypots_1 | honeypotslogger_main_c18e2e91 - Waiting on postgres connection
honeypots_1 | honeypotslogger_main_c18e2e91 - postgres connection is good
honeypots_1 | honeypotslogger_QFTPServer_915217dc - Waiting on postgres connection
honeypots_1 | honeypotslogger_QFTPServer_915217dc - postgres connection is good
honeypots_1 | ["servers", {"action": "process", "ip": "0.0.0.0", "password": "test", "port": 21, "server": "ftp_server", "status": "success", "username": "test"}]
honeypots_1 | honeypotslogger_QTelnetServer_ccb241cd - Waiting on postgres connection
honeypots_1 | honeypotslogger_QFTPServer_5f234b9a - Waiting on postgres connection
honeypots_1 | honeypotslogger_QTelnetServer_ccb241cd - postgres connection is good
honeypots_1 | ["servers", {"action": "process", "ip": "0.0.0.0", "password": "test", "port": 23, "server": "telnet_server", "status": "success", "username": "test"}]
honeypots_1 | honeypotslogger_QSMTPServer_741df1eb - Waiting on postgres connection
honeypots_1 | honeypotslogger_QTelnetServer_ffb037d1 - Waiting on postgres connection
honeypots_1 | honeypotslogger_QSMTPServer_741df1eb - postgres connection is good
honeypots_1 | ["servers", {"action": "process", "ip": "0.0.0.0", "password": "test", "port": 25, "server": "smtp_server", "status": "success", "username": "test"}]
honeypots_1 | honeypotslogger_QDNSServer_9402f454 - Waiting on postgres connection
The fix above is super easy - however, there are other options to fix the issue, but they may take more steps:
- Disable the service on your host
- Change the host service port on your host
Please let me know if that works for you or not?
P.S. I will push an update by the end of this week which handles that automatically based on the config.json
from chameleon.
Hi @giga-a
Awesome.
Understand now.
Another "small" question: is it possible to change the network interface?
For example, instead of eth0, specify ens3 or eno1.
Once again, I changed config.json, but no effect.
Many thanks.
from chameleon.
@AntoninHL you are very welcome!
I'm pretty sure that you can change the interface to anything you want - I will take a look and get back to you tomorrow morning :)
from chameleon.
Hey @AntoninHL, sorry for the delay - I had to push some new updates to both Honeypots and Chameleon
For example, instead of eth0, specify ens3 or eno1.
Once again, I changed config.json, but no effect.
The network interface is used for QSniffer module, it's for monitoring the network traffic for loose creds etc.. This module can be disabled if you are running into issues with it (I will add an option to disable it). My only guess that you are probably changing that network interface to a local network interface instead of the ones listed in the docker container. I could be wrong though, but I believe it will be easier to resolve after the new update.
- The new update should handle your ports issue. When you deploy Chameleon with ./run.sh deploy it will adjust a copy of docker-compose-dep.yml with the ports listed in config.json. If you have ftp honeypot in your config.json, then ftp honeypot port will be published only and so on
- If you pass
ens3
andens3
does not it exist, then there will an error in your terminal + all available interfaces. - I added more honeypots, changed some Grafana settings and added syslog logging
- There is no more
./run.sh auto_configre
and./run.sh auto_configre_test
-> I replaced them with ./run.sh test and ./run.sh deploy
Please let me know if you are running into any issues with the new update so I fix it
Cheers 🍻
from chameleon.
Related Issues (20)
- Query on why ssh counter increments, but nothing else HOT 3
- Templating [IP] Error Updating Options pq: database "chameleon" does not exist HOT 2
- Error exposing ports HOT 6
- Need HOT 3
- run as a service HOT 5
- How to find out successful logins
- Need update for latest honeypots
- . HOT 1
- error in deploy HOT 1
- Save data to json file format
- Host own website with http honeypot
- How can i send data from chameleon to TheHive HOT 1
- Syslog error
- Make data persistent?
- rsa error during docker execution/install HOT 4
- log to file HOT 3
- Installation on CentOS HOT 5
- E : Unable to locate package python-psycopg2 HOT 1
- Can't customise the Grafana Dashbord Chameleon HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chameleon.