dvash 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +674 -0
- data/bin/dvash +0 -2
- data/dvash.gemspec +12 -23
- data/lib/dvash.rb +12 -21
- data/lib/dvash/application.rb +32 -49
- data/lib/dvash/core.rb +96 -116
- data/lib/dvash/honeyports/ipv4/http.rb +26 -37
- data/lib/dvash/honeyports/ipv4/rdp.rb +26 -37
- data/lib/dvash/honeyports/ipv4/ssh.rb +26 -37
- data/lib/dvash/honeyports/ipv4/telnet.rb +26 -37
- data/lib/dvash/honeyports/ipv6/http.rb +26 -37
- data/lib/dvash/honeyports/ipv6/rdp.rb +26 -37
- data/lib/dvash/honeyports/ipv6/ssh.rb +26 -37
- data/lib/dvash/os/linux.rb +42 -64
- data/lib/dvash/os/mac.rb +24 -28
- data/lib/dvash/os/windows.rb +23 -24
- metadata +5 -21
- data/etc/dvash-baseline.conf +0 -48
data/lib/dvash/os/mac.rb
CHANGED
@@ -1,34 +1,30 @@
|
|
1
1
|
module Dvash
|
2
|
+
#
|
3
|
+
# Used by Mac OS X systems to leverage ipfw for blocking all of the peoples
|
4
|
+
#
|
5
|
+
class Mac < Core
|
2
6
|
|
3
|
-
|
7
|
+
def initialize
|
8
|
+
# Make sure we have binaries for ipfw using the paths
|
9
|
+
# set in the configuration file
|
10
|
+
unless File.exist?(@@cfgfile['ipfw']['ipfw'])
|
11
|
+
# TODO: Use [logger] gem to output debug information
|
12
|
+
puts "can't find ipfw"
|
13
|
+
exit
|
14
|
+
end
|
15
|
+
end
|
4
16
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
unless File.exist?(@@cfgfile['ipfw']['ipfw'])
|
11
|
-
# TODO: Use 'logger' gem to output debug information
|
12
|
-
puts "can't find ipfw"
|
13
|
-
exit
|
14
|
-
end
|
15
|
-
end
|
17
|
+
def block_ip(address)
|
18
|
+
# Block the client IP address using ipfw binaries set in the conf file
|
19
|
+
if IPAddr.new("#{address}").ipv4? then
|
20
|
+
system("#{@@cfgfile['ipfw']['ipfw']} -q add deny all from #{address} to any")
|
21
|
+
end
|
16
22
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
system("#{@@cfgfile['ipfw']['ipfw']} -q add deny all from #{address} to any")
|
23
|
-
end
|
23
|
+
# Block the client IP address using ip6fw binaries set in the conf file
|
24
|
+
if IPAddr.new("#{address}").ipv6? then
|
25
|
+
system("#{@@cfgfile['ipfw']['ip6fw']} -q add deny all from #{address} to any")
|
26
|
+
end
|
27
|
+
end
|
24
28
|
|
25
|
-
|
26
|
-
# Block the client IP address using ip6fw binaries set in the configuration file
|
27
|
-
#
|
28
|
-
if IPAddr.new("#{address}").ipv6? then
|
29
|
-
system("#{@@cfgfile['ipfw']['ip6fw']} -q add deny all from #{address} to any")
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
end
|
29
|
+
end
|
34
30
|
end
|
data/lib/dvash/os/windows.rb
CHANGED
@@ -1,30 +1,29 @@
|
|
1
1
|
module Dvash
|
2
|
-
|
3
|
-
|
2
|
+
#
|
3
|
+
# Used by Windows systems to leverage route command for blocking all of the peoples
|
4
|
+
#
|
5
|
+
class Windows < Core
|
4
6
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
7
|
+
def block_ip(address)
|
8
|
+
# Windows XP/Server 2003 compatible but we don't have a way to determine
|
9
|
+
# what version of Windows is running, so we assume the newer versions
|
10
|
+
# we're going to leave this here for now in case sometime in the future
|
11
|
+
# we can figure out how to determine the differenc between WinXP/2003 and Win7
|
12
|
+
#
|
13
|
+
# system("route add #{address} mask 255.255.255.255 10.255.255.255 metric 1 -p")
|
11
14
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
system("route add #{address} mask 255.255.255.255 10.255.255.255 if 1 -p")
|
18
|
-
end
|
15
|
+
# Windows 7/Server 2008 and newer compatible (IPv4)
|
16
|
+
# Blackholes the client IP address by routing traffic to a null route
|
17
|
+
if IPAddr.new("#{address}").ipv4? then
|
18
|
+
system("route add #{address} mask 255.255.255.255 10.255.255.255 if 1 -p")
|
19
|
+
end
|
19
20
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
end
|
27
|
-
end
|
21
|
+
# Windows 7/Server 2008 and newer compatible (IPv6)
|
22
|
+
# Blackholes the client IP address by routing traffic to localhost
|
23
|
+
if IPAddr.new("#{address}").ipv6? then
|
24
|
+
system("netsh interface ipv6 add route #{address} \"Local Area Connection\" ::1")
|
25
|
+
end
|
26
|
+
end
|
28
27
|
|
29
|
-
|
28
|
+
end
|
30
29
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dvash
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-
|
12
|
+
date: 2013-07-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: parseconfig
|
@@ -27,22 +27,6 @@ dependencies:
|
|
27
27
|
- - ~>
|
28
28
|
- !ruby/object:Gem::Version
|
29
29
|
version: '1.0'
|
30
|
-
- !ruby/object:Gem::Dependency
|
31
|
-
name: bundler
|
32
|
-
requirement: !ruby/object:Gem::Requirement
|
33
|
-
none: false
|
34
|
-
requirements:
|
35
|
-
- - ~>
|
36
|
-
- !ruby/object:Gem::Version
|
37
|
-
version: '1.3'
|
38
|
-
type: :runtime
|
39
|
-
prerelease: false
|
40
|
-
version_requirements: !ruby/object:Gem::Requirement
|
41
|
-
none: false
|
42
|
-
requirements:
|
43
|
-
- - ~>
|
44
|
-
- !ruby/object:Gem::Version
|
45
|
-
version: '1.3'
|
46
30
|
description: Part honeypot, part defense system. Opens up ports and simulates services
|
47
31
|
in order to look like an attractive target. Hosts that try to connect to the fake
|
48
32
|
services are considered attackers and blocked from all access.
|
@@ -52,7 +36,7 @@ executables:
|
|
52
36
|
extensions: []
|
53
37
|
extra_rdoc_files: []
|
54
38
|
files:
|
55
|
-
-
|
39
|
+
- lib/dvash/application.rb
|
56
40
|
- lib/dvash/honeyports/ipv4/http.rb
|
57
41
|
- lib/dvash/honeyports/ipv4/rdp.rb
|
58
42
|
- lib/dvash/honeyports/ipv4/ssh.rb
|
@@ -63,13 +47,13 @@ files:
|
|
63
47
|
- lib/dvash/os/linux.rb
|
64
48
|
- lib/dvash/os/mac.rb
|
65
49
|
- lib/dvash/os/windows.rb
|
66
|
-
- lib/dvash/application.rb
|
67
50
|
- lib/dvash/core.rb
|
68
51
|
- lib/dvash.rb
|
52
|
+
- bin/dvash
|
69
53
|
- dvash.gemspec
|
70
54
|
- Gemfile
|
71
55
|
- README.md
|
72
|
-
-
|
56
|
+
- LICENSE
|
73
57
|
homepage: http://github.com/codemunchies/dvash
|
74
58
|
licenses:
|
75
59
|
- GPL-3
|
data/etc/dvash-baseline.conf
DELETED
@@ -1,48 +0,0 @@
|
|
1
|
-
###############################################################################
|
2
|
-
#
|
3
|
-
# Dvash Configuration File
|
4
|
-
#
|
5
|
-
###############################################################################
|
6
|
-
|
7
|
-
###############################################################################
|
8
|
-
#
|
9
|
-
# Honeyports are listed here according to the filename of the module in the
|
10
|
-
# honeyports path. Dvash will automatically look for the honeyport load it
|
11
|
-
# if it is enabled here.
|
12
|
-
#
|
13
|
-
# Enabled:
|
14
|
-
# ipv4_http = true
|
15
|
-
#
|
16
|
-
# Disabled:
|
17
|
-
# ipv4_http = false
|
18
|
-
#
|
19
|
-
###############################################################################
|
20
|
-
[honeyports]
|
21
|
-
ipv4_http = true
|
22
|
-
ipv4_ssh = false
|
23
|
-
ipv4_rdp = false
|
24
|
-
ipv4_telnet = false
|
25
|
-
ipv6_http = false
|
26
|
-
ipv6_ssh = false
|
27
|
-
ipv6_rdp = false
|
28
|
-
|
29
|
-
###############################################################################
|
30
|
-
#
|
31
|
-
# Dvash configures iptables and ip6tables for linux using the binaries
|
32
|
-
# according to the paths you configure here.
|
33
|
-
#
|
34
|
-
###############################################################################
|
35
|
-
[iptables]
|
36
|
-
ipv4 = /usr/sbin/iptables
|
37
|
-
ipv6 = /usr/sbin/ip6tables
|
38
|
-
|
39
|
-
###############################################################################
|
40
|
-
#
|
41
|
-
# Dvash configures ipfw for mac using the binaries according to the paths
|
42
|
-
# you configure here.
|
43
|
-
#
|
44
|
-
###############################################################################
|
45
|
-
[ipfw]
|
46
|
-
ipfw = /sbin/ipfw
|
47
|
-
ip6fw = /sbin/ip6fw
|
48
|
-
|