honey[potd]aemon

This project is part of a BA thesis. It is currently in a pre-alpha state.

Dependencies

Kernel/libc requirements: Cgroups, Namespaces (UTS, IPC, PID, NET, CGROUPS)

Required: libssh, pthread

Optional: libseccomp

A chroot'able directory that contains an executable named '/bin/sh'.

HowTo

Build:

• ./autogen.sh
• ./configure
• make

Run:

• Example:

      ./src/potd --redirect 0.0.0.0:2222:127.0.0.1:22222
                 --protocol 127.0.0.1:22222:127.0.0.1:33333
                 --jail 127.0.0.1:33333
  

  This will process, filter and redirect all traffic incoming from 0.0.0.0:2222 to the protocol handler at 127.0.0.1:22222 and if the protocol accepts it, it will forward all traffic to the jail/sandbox at 127.0.0.1:33333.

  (clunky atm, will be simplified in the future)

• Do not forget to set the --rootfs <directory> which contains an executable /bin/sh.

• see ./src/potd --help

Features

The ssh server currently supports only shell channels. But exec and direct-tcp channels are coming soon!

Supported protocols (at the moment):

• ssh with libssh

Protocols to implement:

• HTTP
• ssh with openssh
• SCADA
• MySQL

Suits perfect for your favoured Desktop/Server/OpenWrt Linux system.

TODOs

• RESTful listener for output sampled data from different processes (send (real-time)statistics about protocols/jails/etc to higher level apps)
• ptrace support for jailed processes (trace syscalls)
• improved event handling (maybe libevent?)

Software Architecture