File: logthis

package info (click to toggle)
thp 0.4.6-9
  • links: PTS
  • area: main
  • in suites: wheezy
  • size: 260 kB
  • sloc: perl: 1,088; sh: 154; makefile: 56
file content (122 lines) | stat: -rwxr-xr-x 3,244 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
#!/usr/bin/perl -X

package thp;
# /usr/local/thp/logthis version 0.4.4
# A Perl script to log input from nonspecified tcp connections 
# that are managed by xinetd/inetd.  A component of the thp
# honeypot kit.
#
# Copyright George Bakos - alpinista@bigfoot.com
# July 29, 2002
# This is free software, released under the terms of the GNU General 
# Public License avaiable at http://www.fsf.org/licenses/gpl.txt

use POSIX qw(strftime);
use Getopt::Std;
# Options:
# - d  : debug
getopts('d');
$svcname = $ARGV[0];
$procid = $$;
$ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
@nsdata = split(" ",`netstat -tnp 2>/dev/null | grep $procid/perl`);
($saddr, $sport) = split /:/,$nsdata[4];

# TODO, consider setting up debug if $sport or $saddr are undefined
# (calling from the command line)

# We create a new descriptor for debugging purposes
if ( $opt_d ) {
	*DEBUG = *STDOUT;
} else {
	open(DEBUG, ">/dev/null");
}
if ( defined ( $saddr ) && defined ( $sport ) ) {
	print DEBUG "DEBUG: Called with process id $procid (source address: $saddr, source port: $port), arguments: @ARGV\n";
} else {
	print DEBUG "DEBUG: Called with process id $procid (possibly from command line), with arguments: @ARGV\n";
}

$return = do "/etc/thpot/thp.conf";
# TODO: This error checking should be sent somewhere if not running
# from the CLI.
print DEBUG "DEBUG: Could not read the configuration file $file: $!\n"    unless defined $return;

# Define thpdir direclty:
$thpdir = "/usr/share/thpot";
# Use only for testing (locally) purposes:
#$thpdir=".";


foreach $file (<$thpdir/lib/*.pl>) { 
     $return = do $file;
     print DEBUG "DEBUG: Couldn't parse $file: $@\n" if $@;
# TODO: Should these be considered?
#           warn "couldn't do $file: $!"    unless defined $return;
#           warn "couldn't run $file"       unless $return;
}

alarm $timeout;

if ($allowftpdata == "0") {
	$thpaddr="127.0.0.1";
} elsif (!"$thpaddr") {
	$thpaddr = getip();
}

if ( ! $errfile ) {
	print DEBUG "DEBUG: Error file is not defined, aborting.\n";
	exit (1);
}
if ( ! $logfile ) {
	print DEBUG "DEBUG: Log file is not defined, aborting.\n";
	exit (1);
}

open(ERRLOG, ">>$errfile");
open(CAPLOG, ">>$logfile");
opncaplog();

# Redirect STDOUT to lessen the liklihood of an attacker fooling thp into
# returning something useful to him. 

open(NEWOUT, ">/dev/null") || die;
*STDOUT = *NEWOUT;

$null  = 0;
$error = "";
# Check if this is a known service ( there is a function with that
# name in the library)
print DEBUG "DEBUG: Will call service $svcname\n";
if ($svcname =~ /shell|ftp|http|mssql|smtp|pop3|ssh/ ) {
  if ( defined(&$svcname) ) {
	  &$svcname();
  } else {
      $error="Function $svcname is not defined, there might have occured an error loading the modules, will call nullresp()\n";
      $null = 1;
  }
} else {
	$null = 1 ;
}
if (!"$svcname") {
	$null = 1 ;
	$error = "Service is undefined\n";
}

# Call nullresponse if needed
if ( $null == 1 ) {
  print DEBUG "DEBUG: $error\n";
  print ERRORLOG "ERROR: $error\n";
  print DEBUG "DEBUG: Calling nullresponse\n";
  nullresp();
} 

# Close file descriptors in use
close NEWOUT;
close DEBUG;

clcaplog();
close(CAPLOG);
close(ERRLOG);
exit (0);