communityhoneynetwork / dionaea Goto Github PK

When we released personalities it was tested against version 0.7. After integration, Dionaea was upgraded to 0.8, which changed where file paths for various service options.

https://github.com/DinoTools/dionaea/blob/dc257224e0137d8d0ea232c07958c343259e81ac/doc/source/migration.rst

Currently, the example dionaea personality "debian" is broken.

Create a new sample personality for debian with correct paths which can be used as a starting point for other Dionaea custom personalities.

This line:

https://github.com/CommunityHoneyNetwork/dionaea/blob/master/dionaea.run#L48

fails when the container has previously started. The workaround is to down the containers, but ideally containers could be issued a stop command and work properly on a subsequent start.

Container does not start sip-tls

UPnP is enabled, but there are no processes listening on 1900 or 5000 for UPnP in the container.

Working with Dionaea container tagged 1.8, 8fe6108

Currently deployments are identifiable via the TLS cert Issuer contents.

It appears that when dionaea is run in a container, it will immediately spike to 100% of CPU usage. Using strace on the process reveals that some piece of code fails nearly continuously:

epoll_wait(5, [], 64, 0)                = 0
recvfrom(0, 0x7ffddb3f8940, 2048, 0, NULL, NULL) = -1 ENOTSOCK (Socket operation on non-socket)
epoll_wait(5, [], 64, 0)                = 0
recvfrom(0, 0x7ffddb3f8940, 2048, 0, NULL, NULL) = -1 ENOTSOCK (Socket operation on non-socket)
epoll_wait(5, [], 64, 0)                = 0
recvfrom(0, ^C0x7ffddb3f8940, 2048, 0, NULL, NULL) = -1 ENOTSOCK (Socket operation on non-socket)

However, giving the container the NET_ADMIN capabilities in docker-compose.yml resolves the issue:

version: '2'
services:
  dionaea:
    image: stingar/dionaea:1.8-pre
    volumes:
      - ./dionaea.sysconfig:/etc/default/dionaea:z
      - ./dionaea/dionaea:/etc/dionaea/:z
    ports:
      - "21:21"
      - "23:23"
      - "69:69"
      - "80:80"
      - "123:123"
      - "135:135"
      - "443:443"
      - "445:445"
      - "1433:1433"
      - "1723:1723"
      - "1883:1883"
      - "1900:1900"
      - "3306:3306"
      - "5000:5000"
      - "5060:5060"
      - "5061:5061"
      - "11211:11211"
      - "27017:27017"
    cap_add:
      - NET_ADMIN

Ideally it would not be required to give this requirement, as this breaks security boundaries and would make running dionaea incompatible with K8s/OpenShift/etc.

There is no NTP service listening in the container, despite being enabled and started.

Working with Dionaea container tagged 1.8, 8fe6108

New code here:

https://github.com/DinoTools/dionaea/tree/0.8.0

Hi,

When updating FEEDS_SERVER_PORT in dionaea/dionaea.sysconfig to a different port number, Dionaea will continue to use the default port 10000.

I was able to change ports after adding the following to /etc/runit/runsvdir/default/dionaea/run:

sed -i "s/port:.*/port: ${FEEDS_SERVER_PORT}/g" /opt/dionaea/etc/dionaea/ihandlers-available/hpfeeds.yaml

Thanks!

When using tags that include a colon, dionaea tries to interpret the tags as valid YAML and fails in unexpected ways.