v0.0.3
Beta release
Changes
- Added
event_uuid
,collected_method
(passive or responsive) andcreated_by_node_id
(aa uuid) columns tohoney
table - Extended
bad_actor
data structure to provide above - Added
libuuid
library requirement forcreated_by_node_id
andevent_uuid
column ofhoney
table - Memory leak fix with bad_actor not being destroyed
- Added libmicrohttpd, curl and jansson to provide a RESTful API for honeypot data
- Added build requirement for libmicrohttpd and jansson
- Added syslog support for use with Fail2Ban as per feature request
- Logging to syslog is enabled via
-s
flag. Default is off - Log
Source IP
to sqlite db and syslog (if enabled) to track probes that aren't SIP compliant - systemd service file for SentryPeer for Debian/Ubuntu and Fedora
- Debian packaging placeholder branch
- Handle starting up when Web API port is already in use
- Ran
autoscan
andautoupdate
from autoconf to update configure.ac - API and Web UI are now available at
http://<host>:8082/
. With a Content-Type ofapplication/json
SentryPeer responds with JSON as a RESTful API, otherwise it responds with HTML, i.e. the Web UI - Health check endpoint is now available at
http://<host>:8082/health-check
- Developer option --with-asan added to configure.ac for ASAN (AddressSanitizer) support during
make check
- Added environment variable support for all command line options
- The sqlite
sentrypeer.db
database (call it what you like) location is now configurable via the-f
flag andSENTRYPEER_DB_FILE
environment variable. Default is the current working directory./sentrypeer.db
- Updated man page
- Add SentryPeer to Sonatype Lift static analysis
- API RESTful resources available are:
/
/health-check
/ip-addresses
/ip-addresses/{ip_address}
- OpenAPI specification repo is available at https://github.com/SentryPeer/API-Specification with the openapi.json file
to be served athttp://<host>:8082/openapi.json
(TODO) - New headers added to API responses:
X-Powered-By
:SentryPeer
X-SentryPeer-Version
:0.0.3
ip_addresses
API endpoint also now shows total number of distinct IP addresses in the databasePCRE2
library is now required for building SentryPeer- All IP address queries now use
inet_pton
to validate IPv4 or IPv6 addresses
What can you do at the moment?
The same as in v0.0.2 plus all of above, namely the RESTful API :-)