dvash 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +0 -0
- data/dvash.gemspec +3 -3
- data/etc/dvash-baseline.conf +45 -0
- data/lib/dvash.rb +0 -0
- data/lib/dvash/application.rb +1 -1
- data/lib/dvash/honeyports/ipv4/http.rb +3 -1
- data/lib/dvash/honeyports/ipv6/http.rb +3 -1
- data/lib/dvash/os/linux.rb +31 -3
- data/lib/dvash/os/mac.rb +7 -0
- data/lib/dvash/os/windows.rb +0 -0
- data/lib/dvash/validation.rb +0 -0
- metadata +3 -2
data/Gemfile
CHANGED
File without changes
|
data/dvash.gemspec
CHANGED
@@ -2,15 +2,15 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = "dvash"
|
5
|
-
s.version = "0.0.
|
5
|
+
s.version = "0.0.2"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Ari Mizrahi"]
|
9
|
-
s.date = "2013-04-
|
9
|
+
s.date = "2013-04-26"
|
10
10
|
s.description = "Part honeypot, part defense system. Opens up ports and simulates services in order to look like an attractive target. Hosts that try to connect to the fake services are considered attackers and blocked from all access."
|
11
11
|
s.email = "codemunchies@gmail.com"
|
12
12
|
s.executables = ["dvash"]
|
13
|
-
s.files = ["lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/validation.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
|
13
|
+
s.files = ["etc/dvash-baseline.conf", "lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/validation.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
|
14
14
|
s.homepage = "http://github.com/codemunchies/dvash"
|
15
15
|
s.require_paths = ["lib"]
|
16
16
|
s.rubygems_version = "1.8.25"
|
@@ -0,0 +1,45 @@
|
|
1
|
+
###############################################################################
|
2
|
+
#
|
3
|
+
# Dvash Configuration File
|
4
|
+
#
|
5
|
+
###############################################################################
|
6
|
+
|
7
|
+
###############################################################################
|
8
|
+
#
|
9
|
+
# Honeyports are listed here according to the filename of the module in the
|
10
|
+
# honeyports path. Dvash will automatically look for the honeyport load it
|
11
|
+
# if it is enabled here.
|
12
|
+
#
|
13
|
+
# Enabled:
|
14
|
+
# ipv4_http = true
|
15
|
+
#
|
16
|
+
# Disabled:
|
17
|
+
# ipv4_http = false
|
18
|
+
#
|
19
|
+
###############################################################################
|
20
|
+
[honeyports]
|
21
|
+
ipv4_http = true
|
22
|
+
ipv6_http = false
|
23
|
+
ipv4_ssh = false
|
24
|
+
ipv6_ssh = false
|
25
|
+
ipv4_telnet = false
|
26
|
+
|
27
|
+
###############################################################################
|
28
|
+
#
|
29
|
+
# Dvash configures iptables and ip6tables for linux using the binaries
|
30
|
+
# according to the paths you configure here.
|
31
|
+
#
|
32
|
+
###############################################################################
|
33
|
+
[iptables]
|
34
|
+
ipv4 = /usr/sbin/iptables
|
35
|
+
ipv6 = /usr/sbin/ip6tables
|
36
|
+
|
37
|
+
###############################################################################
|
38
|
+
#
|
39
|
+
# Dvash configures ipfw for mac using the binaries according to the paths
|
40
|
+
# you configure here.
|
41
|
+
#
|
42
|
+
###############################################################################
|
43
|
+
[ipfw]
|
44
|
+
ipfw = /sbin/ipfw
|
45
|
+
|
data/lib/dvash.rb
CHANGED
File without changes
|
data/lib/dvash/application.rb
CHANGED
@@ -18,7 +18,9 @@ module Dvash
|
|
18
18
|
Thread.fork(server.accept) do |client|
|
19
19
|
# send the client junk data
|
20
20
|
client.puts(random_data)
|
21
|
-
|
21
|
+
if valid_ip?(client_ip(client)) then
|
22
|
+
@@os.block_ip(client_ip(client))
|
23
|
+
end
|
22
24
|
client.close
|
23
25
|
end
|
24
26
|
end
|
@@ -18,7 +18,9 @@ module Dvash
|
|
18
18
|
Thread.fork(server.accept) do |client|
|
19
19
|
# send the client junk data
|
20
20
|
client.puts(random_data)
|
21
|
-
|
21
|
+
if valid_ip?(client_ip(client)) then
|
22
|
+
@@os.block_ip(client_ip(client))
|
23
|
+
end
|
22
24
|
client.close
|
23
25
|
end
|
24
26
|
end
|
data/lib/dvash/os/linux.rb
CHANGED
@@ -1,15 +1,43 @@
|
|
1
1
|
module Dvash
|
2
2
|
|
3
|
-
class Linux
|
3
|
+
class Linux < Validation
|
4
4
|
|
5
5
|
def initialize
|
6
|
+
unless File.exist?(@@cfgfile['iptables']['ipv4'])
|
7
|
+
puts "can't find iptables"
|
8
|
+
exit
|
9
|
+
end
|
6
10
|
|
7
|
-
#
|
11
|
+
# do not create if it has already been created
|
12
|
+
unless `"#{@@cfgfile['iptables']['ipv4']}" -L INPUT`.include?('DVASH')
|
13
|
+
# create a new chain
|
14
|
+
system("#{@@cfgfile['iptables']['ipv4']} -N DVASH")
|
15
|
+
# flush the new chain
|
16
|
+
system("#{@@cfgfile['iptables']['ipv4']} -F DVASH")
|
17
|
+
# associate new chain to INPUT chain
|
18
|
+
system("#{@cfgfile['iptables']['ipv4']} -I INPUT -j DVASH")
|
19
|
+
end
|
20
|
+
|
21
|
+
# do not create if it has already been created
|
22
|
+
unless `"#{@@cfgfile['iptables']['ipv6']}" -L INPUT`.include?('DVASH')
|
23
|
+
# create a new chain
|
24
|
+
system("#{@@cfgfile['iptables']['ipv6']} -N DVASH")
|
25
|
+
# flush the new chain
|
26
|
+
system("#{@@cfgfile['iptables']['ipv6']} -F DVASH")
|
27
|
+
# associate new chain to INPUT chain
|
28
|
+
system("#{@@cfgfile['iptables']['ipv6']} -I INPUT -j DVASH")
|
29
|
+
end
|
8
30
|
end
|
9
31
|
|
10
32
|
def block_ip(address)
|
11
33
|
|
12
|
-
#
|
34
|
+
if IPAddr.new("#{address}").ipv4? then
|
35
|
+
system("#{@@cfgfile['iptables']['ipv4']} -I DVASH -s #{badip} -j DROP")
|
36
|
+
end
|
37
|
+
|
38
|
+
if IPAddr.new("#{address}").ipv6? then
|
39
|
+
system("#{@@cfgfile['iptables']['ipv6']} -I DVASH -s #{badip} -j DROP")
|
40
|
+
end
|
13
41
|
end
|
14
42
|
|
15
43
|
end
|
data/lib/dvash/os/mac.rb
CHANGED
@@ -2,6 +2,13 @@ module Dvash
|
|
2
2
|
|
3
3
|
class Mac < Validation
|
4
4
|
|
5
|
+
def initialize
|
6
|
+
unless File.exist?(@@cfgfile['ipfw']['ipfw'])
|
7
|
+
puts "can't find ipfw"
|
8
|
+
exit
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
5
12
|
def block_ip(address)
|
6
13
|
system("#{@@cfgfile['ipfw']['ipfw']} -q add deny src-ip #{address}")
|
7
14
|
end
|
data/lib/dvash/os/windows.rb
CHANGED
File without changes
|
data/lib/dvash/validation.rb
CHANGED
File without changes
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dvash
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-04-
|
12
|
+
date: 2013-04-26 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: parseconfig
|
@@ -52,6 +52,7 @@ executables:
|
|
52
52
|
extensions: []
|
53
53
|
extra_rdoc_files: []
|
54
54
|
files:
|
55
|
+
- etc/dvash-baseline.conf
|
55
56
|
- lib/dvash/honeyports/ipv4/http.rb
|
56
57
|
- lib/dvash/honeyports/ipv6/http.rb
|
57
58
|
- lib/dvash/os/linux.rb
|