kippo.cfg.dist

#
# Kippo configuration file (kippo.cfg)
#

[dirtybastard]

# Bash commands for if dirtybastard gets root on a box
# Use the semi-colon to string commands together.  
#
# (default: "mkdir DIRTYBASTARD_WAS_HERE; ls -lah")
root_command = "mkdir DIRTYBASTARD_WAS_HERE; ls -lah"

# If we get access to any other user account, run this command:
#
# (default: "mkdir REGULAR_USER_ACCT; ls -lah")
not_root_command = "mkdir REGULAR_USER_ACCT; ls -lah"

# Perform port scan on an attacker who successfully logged into the honeypot.
#
# (default: False)
port_scan = False
# Setup nmap commandline args, e.g. "-sS"
# NOTE: For many nmap options you'll have to be running kippo-dirtybastard as root...
#
# (default: "-A --unprivileged")
nmap_args = "-A --unprivileged"

# On attacker login attempt bruteforce using Hydra on root.
#
# (default: False)
bruteforce_ssh_on_login = False

# (default: /usr/local/bin/hydra)
hydra_location = /usr/local/bin/hydra
# http://xato.net/passwords/more-top-worst-passwords/
password_list = /home/you/passwords.txt


[honeypot]

# IP addresses to listen for incoming SSH connections.
#
# (default: 0.0.0.0) = any address
#ssh_addr = 0.0.0.0

# Port to listen for incoming SSH connections.
#
# (default: 2222)
ssh_port = 2222

# Hostname for the honeypot. Displayed by the shell prompt of the virtual
# environment.
#
# (default: w1)
hostname = w1

# Email Alerts
# Set email_alerts to True to enable email alerts. You can ignore the rest of the email settings if this is false.
#
# (default: False)
email_alerts = False
# Your smtp.
#
# (default: localhost)
smtp_server = localhost
# Your email address
#
# (default: you@example.com)
to_email = you@example.com
# The email address kippo-dirtybastard sends from.
#
# (default: kippo-dirtybastard@localhost)
from_email = kippo-dirtybastard@localhost
#

# Directory where to save log files in.
#
# (default: log)
log_path = log

# Directory where to save downloaded (malware) files in.
#
# (default: dl)
download_path = dl

# Maximum file size for downloaded files. A value of 0 means no limit.
# If the file size is known to be too big from the start, the file will not be
# stored on disk at all.
#
# (default: 0)
#download_limit_size = 100000

# Directory where virtual file contents are kept in.
#
# This is only used by commands like 'cat' to display the contents of files.
# Adding files here is not enough for them to appear in the honeypot - the
# actual virtual filesystem is kept in filesystem_file (see below)
#
# (default: honeyfs)
contents_path = honeyfs

# File in the python pickle format containing the virtual filesystem. 
#
# This includes the filenames, paths, permissions for the whole filesystem,
# but not the file contents. This is created by the createfs.py utility from
# a real template linux installation.
#
# (default: fs.pickle)
filesystem_file = fs.pickle

# Directory for miscellaneous data files, such as the password database.
#
# (default: data_path)
data_path = data

# Directory for creating simple commands that only output text.
#
# The command must be placed under this directory with the proper path, such
# as:
#   txtcmds/usr/bin/vi
# The contents of the file will be the output of the command when run inside
# the honeypot.
#
# In addition to this, the file must exist in the virtual
# filesystem {filesystem_file}
#
# (default: txtcmds)
txtcmds_path = txtcmds

# Public and private SSH key files. If these don't exist, they are created
# automatically.
#
# (defaults: public.key and private.key)
public_key = public.key
private_key = private.key

# Initial root password. NO LONGER USED!
# Instead, see {data_path}/userdb.txt
#password = 123456

# IP address to bind to when opening outgoing connections. Used exclusively by
# the wget command.
#
# (default: not specified)
#out_addr = 0.0.0.0

# Sensor name use to identify this honeypot instance. Used by the database
# logging modules such as mysql.
#
# If not specified, the logging modules will instead use the IP address of the
# connection as the sensor name.
#
# (default: not specified)
#sensor_name=myhostname

# Fake address displayed as the address of the incoming connection.
# This doesn't affect logging, and is only used by honeypot commands such as
# 'w' and 'last'
#
# If not specified, the actual IP address is displayed instead (default
# behaviour).
#
# (default: not specified)
#fake_addr = 192.168.66.254

# Banner file to be displayed before the first login attempt.
#
# (default: not specified)
#banner_file =

# Session management interface.
#
# This is a telnet based service that can be used to interact with active
# sessions. Disabled by default.
#
# (default: false)
interact_enabled = false
# (default: 5123)
interact_port = 5123

# MySQL logging module
#
# Database structure for this module is supplied in doc/sql/mysql.sql
#
# To enable this module, remove the comments below, including the
# [database_mysql] line.

#[database_mysql]
#host = localhost
#database = kippo
#username = kippo
#password = secret
#port = 3306

# XMPP Logging
#
# Log to an xmpp server.
# For a detailed explanation on how this works, see: <add url here>
#
# To enable this module, remove the comments below, including the
# [database_xmpp] line.

#[database_xmpp]
#server = sensors.carnivore.it
#user = anonymous@sensors.carnivore.it
#password = anonymous
#muc = dionaea.sensors.carnivore.it
#signal_createsession = kippo-events
#signal_connectionlost = kippo-events
#signal_loginfailed = kippo-events
#signal_loginsucceeded = kippo-events
#signal_command = kippo-events
#signal_clientversion = kippo-events
#debug=true

# Text based logging module
#
# While this is a database logging module, it actually just creates a simple
# text based log. This may not have much purpose, if you're fine with the
# default text based logs generated by kippo in log/
#
# To enable this module, remove the comments below, including the
# [database_textlog] line.

#[database_textlog]
#logfile = kippo-textlog.log