potd.git - A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.

honey[potd]aemon
================

This project is part of a BA thesis. It is currently in a pre-alpha state.

Dependencies
============

Kernel/libc requirements: Cgroups, Namespaces (UTS, IPC, PID, NET, CGROUPS)

Required: libssh, pthread
Optional: libseccomp

A chroot'able directory that contains an executable named '/bin/sh'.

HowTo
=====

Build:
  - ./autogen.sh
  - ./configure
  - make

Run:
  - Example:
    ./src/potd --redirect 0.0.0.0:2222:127.0.0.1:22222 \
               --protocol 127.0.0.1:22222:127.0.0.1:33333 \
               --jail 127.0.0.1:33333
    This will process, filter and redirect all traffic incoming from 0.0.0.0:2222 to the
    protocol handler at 127.0.0.1:22222 and if the protocol accepts it, it will forward
    all traffic to the jail/sandbox at 127.0.0.1:33333.
    (clunky atm, will be simplified in the future)
  - Do not forget to set the --rootfs <directory> which contains an executable /bin/sh.
  - see ./src/potd --help

Features
========

The server supports currently only shell channels but exec and direct-tcp channels are coming soon!

Supported protocols (at the moment):
  - ssh with libssh

Protocols to implement:
  - HTTP
  - ssh with openssh
  - SCADA
  - MySQL

Suits perfect for your favoured Desktop/Server/OpenWrt Linux system.

TODOs
=====

- RESTful listener for output sampled data from different processes
    (send (real-time)statistics about protocols/jails/etc to higher level apps)
- ptrace support for jailed processes (trace syscalls)
- improved event handling (maybe libevent?)

Software Architecture
=====================

see data/potd-arch.{svg,dia}