/etc/thpot/thp.conf is in tinyhoneypot 0.4.6-10.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | # /usr/local/thp/thp.conf version 0.4.5
#
# variables for use in thp - Tiny Honeypot
#
# Copyright George Bakos - gbakos@ists.dartmouth.edu
# Feb06, 2003
# This is free software, released under the terms of the GNU General
# Public License avaiable at http://www.fsf.org/licenses/gpl.txt
# Interface to listen on
$intf = "eth0";
# Session timeout - wouldja believe that some systems
# just don't cleanup stale sockets?
$timeout = "300"; # seconds
# Hostname to use in responses:
$hostname = "localhost.localdomain";
# ip address to state for incoming connections, ie: ftp data channel
# NOTE: if commented out, thp will try to determine it from the
# interface specified above. This will fail if thp user (nobody, by default)
# doesn't have permission to read /proc/net/dev
#$thpaddr = "127.0.0.1";
# Domain name to use in responses:
$domain = "localdomain";
# location of thp scripts, libs, etc.
$thpdir = "/usr/share/thpot";
# Directory for all logging. Should be mode 0700 nobody:nobody
$logdir = "/var/log/thpot";
# Specific name for the master logfile.
$logfile = "$logdir/captures";
# Specific name for errors
$errfile = "$logdir/errors";
# Log format - "single" or "multi". Single line format is easier to parse, but
# does not make any entry into the capture log until the session is complete.
# Multiline gives you separate "start" & "end" lines, but is a pain in the toches
# to do anything with.
$logtype = "single";
# Program to run to generate the shell MOTD. I like fortune.
#$greetbin = "/usr/games/fortune";
$greetbin = "/bin/false";
# The home directory of the virtual root user
$homedir = "/root";
# If a shell prompt is to be returned, here ye go. NOTE: this may be
# changed later as the intruder changes working directory.
$prompt = "[root\@$hostname root]# ";
# ftp server version choices (edit them if you like)
my @fver;
$fver[1] = "FTP server (Version wu-2.6.0(1))";
$fver[2] = "FTP server (Version wu-2.6.1(2))";
$fver[3] = "FTP server (Version wu-2.6.1-16)";
$fver[4] = "FTP server (BSDI Version 7.00LS)";
$fver[5] = "FTP server (PFTP 0.13)";
$fver[6] = "NcFTPd Server";
$fver[7] = "Microsoft FTP Service (Version 5.0)";
$fver[8] = "Microsoft FTP Service (Version 4.0)";
# ftp version to emulate:
$ftpver = $fver[int(rand(@fver-1))+1];
# Should we allow ftp data connections?
# 0 = no
# 1 = yes
$allowftpdata = "1";
# Do you want to specify a port for passive (PASV) ftp data transfer?
# Leave this commented out if you prefer thp to select a random port. If you
# choose a specific port here, it is a great idea to un-disable xinetd.d/thp.pasv
# and edit it listen on that port.
$pasvport = 33701;
# the http vendor is emulated via selecting the appropriate directory of responses
#$httpdvend = "Microsoft-IIS";
$httpdvend = "Apache";
# http version is reported in headers, responses, etc. and SHOULD be a sensible
# match with the $httpdvend. If your server reports itself as IIS/1.3.9, that
# might raise an eyebrow.
#$httpdver = "5.0";
#$httpdver = "6.0";
$httpdver = "1.3.9";
#$httpdver = "1.3.19";
# sshd version to emulate:
my @sver;
$sver[1] = "SSH-1.5-1.2.26";
$sver[2] = "SSH-1.5-1.2.27";
$sver[3] = "SSH-2.0-OpenSSH_3.4p1";
$sshver = $sver[int(rand(@sver-1))+1];
#smtp version to emulate
my @smver;
$smver[1] ="ESMTP Sendmail 8.12.2/8.12.2/SuSE Linux 0.6;";
$smver[2] ="ESMTP Exim 3.12 #1";
$smver[3] ="ESMTP Sendmail 8.9.3/8.9.3/Debian 8.9.3-21;";
$smver[4] ="ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13)";
$smver[5] ="ESMTP Sendmail 8.11.6/8.11.6;";
$smtpver = $smver[int(rand(@smver-1)) + 1];
# If an attacker is looking for Windows files specifically, should thp accommodate
# them, even if your $httpdvend (above) is something else?
$chameleon = "yes";
# If you do wish to be a chameleon, what should your fake version be?
$chamelver = "5.0";
|