services: add WordPress

[CapacitorSet]

Fixes #255, depends on honeytrap/honeytrap-services-wordpress#1.

Implements a dummy WordPress blog with a homepage and a /wp-login.php, and logs login attempts. Can be expanded in the future to implement many specific vulnerabilities.

[sammynx]

@CapacitorSet Regarding your commit, services: pass data dir , there is a key value store to use in storage/storage.go

Giving different services acces to the same directory will become an issue sooner or later.

[CapacitorSet]

This was discussed in chat with Remco, I think that storing all assets in a folder is the best solution - the alternative we explored was using assetfs, but that increases the size of the binary. Consider that using a kv store makes it harder for the final users to edit the files (for example, one might want to add a few lines to pretend that a vulnerable plugin is installed). Also, where would the information be fetched from the first time?

…

On March 17, 2018 3:07:57 PM GMT+01:00, sammynx ***@***.***> wrote: @CapacitorSet Regarding your commit, `services: pass data dir` , there is a key value store to use in `storage/storage.go` Giving different services acces to the same directory will become an issue sooner or later. -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #256 (comment)

[sammynx]

I didn't know this was discussed already, just wanted to point you to the kv store.

But I still think this is an accident waiting to happen. What if you configure multiple services of the same type, like service.smtp01, service.smtp02, etc.?

[CapacitorSet]

For the time being I don't expect such an issue to occur with WordPress, since I think one would rarely need to have two different WordPress honeypots running on the same server. Even then, one might add a key in the configuration to specify a different root folder (eg. root="/var/www/wordpress01"?).

Ping @nl5887 for additional feedback on the issue

[sammynx]

I agree that is not a big issue for now. But making this directory available to all services will make it the goto place to store things in the future.

Having a filesystem to play with would be a nice feature though.
I would want to point you to services/filesystem which gives you a private piece of diskspace. But I am working now on a virtual filesystem, so the interface might change.

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@674ac4f). Click here to learn what that means.
The diff coverage is 4%.

@@            Coverage Diff            @@
##             master     #256   +/-   ##
=========================================
  Coverage          ?   43.41%           
=========================================
  Files             ?       71           
  Lines             ?     8365           
  Branches          ?        0           
=========================================
  Hits              ?     3632           
  Misses            ?     4317           
  Partials          ?      416

Impacted Files	Coverage Δ
services/tftp.go	0% <0%> (ø)
services/eos/eos.go	79.1% <0%> (ø)
services/http.go	0% <0%> (ø)
services/ldap/ldap.go	0% <0%> (ø)
services/copy.go	0% <0%> (ø)
server/honeytrap.go	3.18% <0%> (ø)
services/cwmp-tr069.go	0% <0%> (ø)
services/counterstrike.go	0% <0%> (ø)
services/ipp/ipp.go	0% <0%> (ø)
services/dns-proxy.go	0% <0%> (ø)
... and 11 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 674ac4f...8d5e2eb. Read the comment docs.