dvash 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. data/Gemfile +0 -0
  2. data/dvash.gemspec +3 -3
  3. data/etc/dvash-baseline.conf +45 -0
  4. data/lib/dvash.rb +0 -0
  5. data/lib/dvash/application.rb +1 -1
  6. data/lib/dvash/honeyports/ipv4/http.rb +3 -1
  7. data/lib/dvash/honeyports/ipv6/http.rb +3 -1
  8. data/lib/dvash/os/linux.rb +31 -3
  9. data/lib/dvash/os/mac.rb +7 -0
  10. data/lib/dvash/os/windows.rb +0 -0
  11. data/lib/dvash/validation.rb +0 -0
  12. metadata +3 -2
data/Gemfile CHANGED
File without changes
data/dvash.gemspec CHANGED
@@ -2,15 +2,15 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = "dvash"
5
- s.version = "0.0.1"
5
+ s.version = "0.0.2"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Ari Mizrahi"]
9
- s.date = "2013-04-01"
9
+ s.date = "2013-04-26"
10
10
  s.description = "Part honeypot, part defense system. Opens up ports and simulates services in order to look like an attractive target. Hosts that try to connect to the fake services are considered attackers and blocked from all access."
11
11
  s.email = "codemunchies@gmail.com"
12
12
  s.executables = ["dvash"]
13
- s.files = ["lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/validation.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
13
+ s.files = ["etc/dvash-baseline.conf", "lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/validation.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
14
14
  s.homepage = "http://github.com/codemunchies/dvash"
15
15
  s.require_paths = ["lib"]
16
16
  s.rubygems_version = "1.8.25"
data/etc/dvash-baseline.conf ADDED
@@ -0,0 +1,45 @@
1
+ ###############################################################################
2
+ #
3
+ # Dvash Configuration File
4
+ #
5
+ ###############################################################################
6
+
7
+ ###############################################################################
8
+ #
9
+ # Honeyports are listed here according to the filename of the module in the
10
+ # honeyports path. Dvash will automatically look for the honeyport load it
11
+ # if it is enabled here.
12
+ #
13
+ # Enabled:
14
+ # ipv4_http = true
15
+ #
16
+ # Disabled:
17
+ # ipv4_http = false
18
+ #
19
+ ###############################################################################
20
+ [honeyports]
21
+ ipv4_http = true
22
+ ipv6_http = false
23
+ ipv4_ssh = false
24
+ ipv6_ssh = false
25
+ ipv4_telnet = false
26
+
27
+ ###############################################################################
28
+ #
29
+ # Dvash configures iptables and ip6tables for linux using the binaries
30
+ # according to the paths you configure here.
31
+ #
32
+ ###############################################################################
33
+ [iptables]
34
+ ipv4 = /usr/sbin/iptables
35
+ ipv6 = /usr/sbin/ip6tables
36
+
37
+ ###############################################################################
38
+ #
39
+ # Dvash configures ipfw for mac using the binaries according to the paths
40
+ # you configure here.
41
+ #
42
+ ###############################################################################
43
+ [ipfw]
44
+ ipfw = /sbin/ipfw
45
+
data/lib/dvash.rb CHANGED
File without changes
data/lib/dvash/application.rb CHANGED
@@ -10,6 +10,7 @@ module Dvash
10
10
  @honey_threads = Array.new
11
11
  @paths = paths
12
12
 
13
+ load_conf
13
14
  validate_os
14
15
  end
15
16
 
@@ -19,7 +20,6 @@ module Dvash
19
20
  exit
20
21
  end
21
22
 
22
- load_conf
23
23
  load_honeyport
24
24
  @honey_threads.each { |thr| thr.join }
25
25
  end
data/lib/dvash/honeyports/ipv4/http.rb CHANGED
@@ -18,7 +18,9 @@ module Dvash
18
18
  Thread.fork(server.accept) do |client|
19
19
  # send the client junk data
20
20
  client.puts(random_data)
21
- @@os.block_ip(client_ip(client))
21
+ if valid_ip?(client_ip(client)) then
22
+ @@os.block_ip(client_ip(client))
23
+ end
22
24
  client.close
23
25
  end
24
26
  end
data/lib/dvash/honeyports/ipv6/http.rb CHANGED
@@ -18,7 +18,9 @@ module Dvash
18
18
  Thread.fork(server.accept) do |client|
19
19
  # send the client junk data
20
20
  client.puts(random_data)
21
- @@os.block_ip(client_ip(client))
21
+ if valid_ip?(client_ip(client)) then
22
+ @@os.block_ip(client_ip(client))
23
+ end
22
24
  client.close
23
25
  end
24
26
  end
data/lib/dvash/os/linux.rb CHANGED
@@ -1,15 +1,43 @@
1
1
  module Dvash
2
2
 
3
- class Linux
3
+ class Linux < Validation
4
4
 
5
5
  def initialize
6
+ unless File.exist?(@@cfgfile['iptables']['ipv4'])
7
+ puts "can't find iptables"
8
+ exit
9
+ end
6
10
 
7
- # TODO: prepare iptables
11
+ # do not create if it has already been created
12
+ unless `"#{@@cfgfile['iptables']['ipv4']}" -L INPUT`.include?('DVASH')
13
+ # create a new chain
14
+ system("#{@@cfgfile['iptables']['ipv4']} -N DVASH")
15
+ # flush the new chain
16
+ system("#{@@cfgfile['iptables']['ipv4']} -F DVASH")
17
+ # associate new chain to INPUT chain
18
+ system("#{@cfgfile['iptables']['ipv4']} -I INPUT -j DVASH")
19
+ end
20
+
21
+ # do not create if it has already been created
22
+ unless `"#{@@cfgfile['iptables']['ipv6']}" -L INPUT`.include?('DVASH')
23
+ # create a new chain
24
+ system("#{@@cfgfile['iptables']['ipv6']} -N DVASH")
25
+ # flush the new chain
26
+ system("#{@@cfgfile['iptables']['ipv6']} -F DVASH")
27
+ # associate new chain to INPUT chain
28
+ system("#{@@cfgfile['iptables']['ipv6']} -I INPUT -j DVASH")
29
+ end
8
30
  end
9
31
 
10
32
  def block_ip(address)
11
33
 
12
- # TODO
34
+ if IPAddr.new("#{address}").ipv4? then
35
+ system("#{@@cfgfile['iptables']['ipv4']} -I DVASH -s #{badip} -j DROP")
36
+ end
37
+
38
+ if IPAddr.new("#{address}").ipv6? then
39
+ system("#{@@cfgfile['iptables']['ipv6']} -I DVASH -s #{badip} -j DROP")
40
+ end
13
41
  end
14
42
 
15
43
  end
data/lib/dvash/os/mac.rb CHANGED
@@ -2,6 +2,13 @@ module Dvash
2
2
 
3
3
  class Mac < Validation
4
4
 
5
+ def initialize
6
+ unless File.exist?(@@cfgfile['ipfw']['ipfw'])
7
+ puts "can't find ipfw"
8
+ exit
9
+ end
10
+ end
11
+
5
12
  def block_ip(address)
6
13
  system("#{@@cfgfile['ipfw']['ipfw']} -q add deny src-ip #{address}")
7
14
  end
data/lib/dvash/os/windows.rb CHANGED
File without changes
data/lib/dvash/validation.rb CHANGED
File without changes
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dvash
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-04-01 00:00:00.000000000 Z
12
+ date: 2013-04-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: parseconfig
@@ -52,6 +52,7 @@ executables:
52
52
  extensions: []
53
53
  extra_rdoc_files: []
54
54
  files:
55
+ - etc/dvash-baseline.conf
55
56
  - lib/dvash/honeyports/ipv4/http.rb
56
57
  - lib/dvash/honeyports/ipv6/http.rb
57
58
  - lib/dvash/os/linux.rb