Coder Social home page Coder Social logo

log to file about chameleon HOT 3 CLOSED

qeeqbox avatar qeeqbox commented on June 1, 2024
log to file

from chameleon.

Comments (3)

giga-a avatar giga-a commented on June 1, 2024

Hey @Sparkxxx,

I can make that happen, but what about my other project Honeypots?
Chameleon is built on top of Honeypots - it's super easy to set it up!
You can setup all sort of honeypots and output the logs to file, terminal or both

pip3 install honeypots
honeypots --setup ssh,ftp --config config.json

config.json
{
    "logs":"file,terminal",
    "logs_location":"/temp/honeypots_logs/"
    "honeypots": {
        "ftp": {
            "port": 21,
            "ip": "0.0.0.0",
            "username": "test",
            "password": "test"
            }
        },
        "ssh": {
            "port": 22,
            "ip": "0.0.0.0",
            "username": "test",
            "password": "test"
            }
        }
}

[edit]

You can enable logging to file -> Chameleon project -> config.json -> change

    "logs": "db",

to

    "logs":"db,file",
    "logs_location":"/temp/honeypots_logs/"

from chameleon.

Sparkxxx avatar Sparkxxx commented on June 1, 2024

Thanks for the reply,
Using "logs":"db,file", works but the format of the log is not compatible with syslog so it's not much use without a syslog-ng filter/parser.
Regarding honeypots I've upgraded the chameleon container with the latest version from honeypots-Dockerfile to the latest version
RUN pip3 install honeypots==0.25
instead of 0.23 which was the default one but I have not tested functionality yet.
I prefer using docker since it would not require maintaining python processes on vms running docker containers, it makes more sense for me.
My scenario is that I have a VM with docker-compose chameleon and nobody should touch that host.
When this happens I would like to have the attempt in syslog format so that I can act upon it, and it would be great if we could use the docker syslog driver directly to redirect stdout:

      driver: syslog
      options:
        syslog-address: "udp://10.1.0.x:514"
        tag: "honeypots"

Thanks

P.S.
Couldn't find much info on honeypots either and searching the web I found some references to chameleon honeypots
https://owasp.org/www-pdf-archive/GOD17-Chameleon.pdf
https://www.tu-braunschweig.de/index.php?eID=dumpFile&t=f&f=74776&token=78405aa9f5db4f5c28b1c071af0e27fb8893c2b7 , are you affiliated, is it the same project or behavior expected from this project?

from chameleon.

giga-a avatar giga-a commented on June 1, 2024

@Sparkxxx

Using "logs":"db,file", works but the format of the log is not compatible with syslog so it's not much use without a syslog-ng filter/parser.

Would you be able to share your syslog-ng config file?

Regarding honeypots I've upgraded the chameleon container with the latest version from honeypots-Dockerfile to the latest version
RUN pip3 install honeypots==0.25
instead of 0.23 which was the default one but I have not tested functionality yet.
I prefer using docker since it would not require maintaining python processes on vms running docker containers, it makes more sense for me.

I have pushed many updates and now you can specify syslog server in the config.json in any stage ./run.sh test, ./run.sh dev or ./run.sh deploy

Add syslog to logs, configure the syslog_address as URI and syslog_facility value

    "logs": "db,syslog",
    "logs_location": "",
    "syslog_address":"udp://syslog:514",
    "syslog_facility":3,
    "postgres":"//changeme027a088931d22:changeme0f40773877963@chameleon_postgres:9999/chameleon",
    "filter": "not port 9999 and not port 514",
    "interface": "eth0",

Also, I have added a syslog server to test that functionality (If you do not have one). You can run the project in test stage ./run.sh test and view the logs by accessing the chameleon_syslog container. The location is specified in the syslogs-ng

Couldn't find much info on honeypots either and searching the web I found some references to chameleon honeypots
https://owasp.org/www-pdf-archive/GOD17-Chameleon.pdf
https://www.tu-braunschweig.de/index.php?eID=dumpFile&t=f&f=74776&token=78405aa9f5db4f5c28b1c071af0e27fb8893c2b7 , are you affiliated, is it the same project or behavior expected from this project?

No, the links you listed above are different. I was referring to this honeypots package (You won't be able to find much information about QeeqBox projects because they were closed-source and used internally)

Let me know if the new updates make sense or not!

from chameleon.

Related Issues (19)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.