Short update on xmpp, I setup prosody (again), and connected two clients:
it works, still hacked the reporting to be no xml, else psi does not render it
This is the part of the config which is meant to control the xmpp logging:
logxmpp = { /** * this section defines a single xmpp logging target * you can have multiple */ carnviore = { server = "sensors.carnivore.it" /** * as dionaea does not support starttls (xmpp on port 5223), * we rely on 'legacy ssl' for the xmpp connection (port 5222) */ port = "5223" muc = "dionaea.sensors.carnivore.it" /** * this is a valid account */ username = "anonymous@sensors.carnivore.it" password = "anonymous" /** * setting a resource is possible, but you should not do it * the default resource is a random string of 8 chars */ // resource = "theresource" config = { /** * this defines a muc channel */ anon-events = { /** * incidents matching these events will get relayed to the channel */ events = ["^dionaea\x5c.connection\x5c..*", "^dionaea\x5c.modules\x5c.python\x5c.smb.dcerpc\x5c.*", "^dionaea\x5c.download\x5c.offer$", "^dionaea\x5c.download\x5c.complete\x5c.hash$", "^dionaea\x5c.module\x5c.emu\x5c.profile$"] /** * anonymous removes the local host information from all connection messages * so you can report without getting identified */ anonymous = "yes" } anon-files = { events = ["^dionaea\x5c.download\x5c.complete\x5c.unique"] } } } }
excerpt from dionaea.conf pythons section
Some features I want to point out, even if mentioned already:
As mentioned previously, prosody got the shot to serve as xmpp server:
For my own convenience, some notes about installing prosody:
aptitude install liblua5.1-0 liblua5.1-0-dev liblua5.1-expat0 liblua5.1-filesystem0 liblua5.1-socket2 lua5.1 wget http://prosody.im/downloads/debian/liblua5.1-sec0_0.3.2-2prosody1_amd64.deb dpkg -i liblua5.1-sec0_0.3.2-2prosody1_amd64.deb
First checkout:
git clone git://github.com/bjc/prosody.git cd prosody
patch:
wget "http://lxmppd.googlecode.com/issues/attachment?aid=-6963302146837151594&name=prosody_vistors_muc.diff" patch -p1 < prosody_vistors_muc.diff
Compile & install
./configure --ostype=debian --prefix=/opt/prosody/ make make install
Create some missing directories:
mkdir -p /opt/prosody/var/run mkdir -p /opt/prosody/var/log/prosody
Adjust the config to serve a muc room via legacy ssl for our domain
Host "*" -- skip modules_enabled = { -- skip -- Other specific functionality "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. "console"; -- Opens admin telnet interface on localhost port 5582 log = { -- debug logging helps -- { levels = { min = "debug" }, to = "file", filename = "/opt/prosody/var/log/prosody/prosody.debug" }; } pidfile = "/opt/prosody/var/run/prosody.pid" legacy_ssl_ports = { 5223 } Host "sensors.carnivore.it" -- Remove the following line to activate this host! enabled = true -- This will disable the host, preserving the config, but denying connections -- Assign this host a certificate for TLS, otherwise it would use the one -- set in the global section (if any). -- Note that old-style SSL on port 5223 only supports one certificate, and will always -- use the global one. ssl = { key = "/opt/prosody/etc/prosody/certs/localhost.key"; certificate = "/opt/prosody/etc/prosody/certs/localhost.cert"; } -- Set up a MUC (multi-user chat) room server on conference.example.com: Component "dionaea.sensors.carnivore.it" "muc"
The backend is basically some xmpp client, joining the reporting channels with elevated privileges, receiving the data, writing it to a database or filesystem.
Currently there is none, current plans include
As I'd be glad to run a server and backend myself, I already made my minds about operations.
The xmpp server will take some cycles for the xmpp connections encryption and good connectivity.
A backend will need diskspace for the database and memory when querying the database.
