tinyhoneypot 0.4.6-10 / etc / thpot / thp.conf

# /usr/local/thp/thp.conf version 0.4.5
#
# variables for use in thp - Tiny Honeypot
#
# Copyright George Bakos - gbakos@ists.dartmouth.edu
# Feb06, 2003
# This is free software, released under the terms of the GNU General 
# Public License avaiable at http://www.fsf.org/licenses/gpl.txt

# Interface to listen on
$intf = "eth0";

# Session timeout - wouldja believe that some systems
# just don't cleanup stale sockets?
$timeout = "300"; # seconds

# Hostname to use in responses:
$hostname = "localhost.localdomain";

# ip address to state for incoming connections, ie: ftp data channel
# NOTE: if commented out, thp will try to determine it from the
# interface specified above. This will fail if thp user (nobody, by default)
# doesn't have permission to read /proc/net/dev

#$thpaddr = "127.0.0.1";

# Domain name to use in responses:
$domain = "localdomain";

# location of thp scripts, libs, etc.
$thpdir = "/usr/share/thpot";

# Directory for all logging.  Should be mode 0700 nobody:nobody
$logdir = "/var/log/thpot";

# Specific name for the master logfile.
$logfile = "$logdir/captures";
# Specific name for errors
$errfile = "$logdir/errors";

# Log format - "single" or "multi".  Single line format is easier to parse, but
# does not make any entry into the capture log until the session is complete.
# Multiline gives you separate "start" & "end" lines, but is a pain in the toches
# to do anything with.
$logtype = "single";

# Program to run to generate the shell MOTD. I like fortune.
#$greetbin = "/usr/games/fortune";
$greetbin = "/bin/false";

# The home directory of the virtual root user
$homedir = "/root";

# If a shell prompt is to be returned, here ye go. NOTE: this may be 
# changed later as the intruder changes working directory.
$prompt = "[root\@$hostname root]# ";

# ftp server version choices (edit them if you like)
my @fver;
$fver[1] = "FTP server (Version wu-2.6.0(1))";
$fver[2] = "FTP server (Version wu-2.6.1(2))";
$fver[3] = "FTP server (Version wu-2.6.1-16)";
$fver[4] = "FTP server (BSDI Version 7.00LS)";
$fver[5] = "FTP server (PFTP 0.13)";
$fver[6] = "NcFTPd Server";
$fver[7] = "Microsoft FTP Service (Version 5.0)";
$fver[8] = "Microsoft FTP Service (Version 4.0)";

# ftp version to emulate:
$ftpver = $fver[int(rand(@fver-1))+1];

# Should we allow ftp data connections?
# 0 = no
# 1 = yes
$allowftpdata = "1";

# Do you want to specify a port for passive (PASV) ftp data transfer?
# Leave this commented out if you prefer thp to select a random port. If you 
# choose a specific port here, it is a great idea to un-disable xinetd.d/thp.pasv
# and edit it listen on that port.
$pasvport = 33701;

# the http vendor is emulated via selecting the appropriate directory of responses

#$httpdvend = "Microsoft-IIS";
$httpdvend = "Apache";

# http version is reported in headers, responses, etc. and SHOULD be a sensible
# match with the $httpdvend. If your server reports itself as IIS/1.3.9, that 
# might raise an eyebrow.

#$httpdver = "5.0";
#$httpdver = "6.0";
$httpdver = "1.3.9";
#$httpdver = "1.3.19";

# sshd version to emulate:
my @sver;
$sver[1] = "SSH-1.5-1.2.26";
$sver[2] = "SSH-1.5-1.2.27";
$sver[3] = "SSH-2.0-OpenSSH_3.4p1";
$sshver = $sver[int(rand(@sver-1))+1];

#smtp version to emulate
my @smver;
$smver[1] ="ESMTP Sendmail 8.12.2/8.12.2/SuSE Linux 0.6;";
$smver[2] ="ESMTP Exim 3.12 #1";
$smver[3] ="ESMTP Sendmail 8.9.3/8.9.3/Debian 8.9.3-21;";
$smver[4] ="ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13)";
$smver[5] ="ESMTP Sendmail 8.11.6/8.11.6;";
$smtpver = $smver[int(rand(@smver-1)) + 1];


# If an attacker is looking for Windows files specifically, should thp accommodate
# them, even if your $httpdvend (above) is something else?

$chameleon = "yes";

# If you do wish to be a chameleon, what should your fake version be?

$chamelver = "5.0";