This guide explains how to install a sensor network patched prosody xmpp server on a server called “sensors.example.com”.
My prosody repository is not meant to be a 'fork' of prosody, it is just a convenience repository, so you do not have to merge patches yourself.
This way, sensors can't read messages from other sensors (vistors), but can receive files from other sensors, in a channel where the sensor user is a participant, and the sensors never get their own messages replied from the xmpp server.
As it is unlikely you can run a service on sensors.example.com, just replace sensors.example.com with the domain you want to use.
Furthermore, you will want to replace all occurrences of email@example.com with yourusername@yourdomain.
Installing the mentioned dependencies:
aptitude install lua5.1 liblua5.1-expat0 liblua5.1-socket2 liblua5.1-filesystem0
To compile you have to install some development packages, which can be removed after proper installation:
aptitude install libssl-dev libidn11-dev liblua5.1-0-dev
The LuaSec dependency is special, you can either grab the debian packages from here or compile luasec from source.
Compiling from source requires some changes to the Makefile, here is the patch, and the steps to download, patch, compile, install:
tar xfz luasec-0.4.tar.gz
wget http://p.carnivore.it/HauemS?download | patch -p1
Prosody was chosen in favor of others, as prosody is written in lua, and very easy to customize. Additionally, prosody does not support rate limiting, which is exactly what we need to transfer base64 files via xmpp.
git clone git://git.carnivore.it/users/common/prosody.git
./configure --prefix=/opt/prosody --with-lua-include=/usr/include/lua5.1/
If you clone http://github.com/bjc/prosody.git instead, youÄ'll get plain prosody without the sensor patches
Before messing with the config, lets backup the files:
cp etc/prosody/prosody.cfg.lua etc/prosody/prosody.cfg.lua.orig
Adjust the config, here are my changes, this is the full config.
Now, create some required directories:
mkdir -p /opt/prosody/var/log/prosody
mkdir -p /opt/prosody/var/run
chown prosody /opt/prosody/ -R
Add two users, one for you, and one for all your sensors:
/opt/prosody/bin/prosodyctl adduser firstname.lastname@example.org
/opt/prosody/bin/prosodyctl adduser email@example.com
Fixate the credentials file for the anonymous user, so the password can not be changed:
chmod 440 /opt/prosody/var/lib/prosody/sensors%2eexample%2ecom/accounts/anonymous.dat
Start the prosody service:
Join the channels anon-events and anon-files on your new xmpp service with your psi xmpp client, set the channels permanent and moderated.
Add firstname.lastname@example.org to the list of Members on the anon-files channel.
Adjust your sensors configuration, basically add this section to the logxmpp section:
server = "sensors.example.com"
port = "5223"
muc = "dionaea.sensors.example.com"
username = "email@example.com"
password = "anonymous"
events = ["^dionaea\x5c.connection\x5c..*",
anonymous = "yes"
events = ["^dionaea\x5c.download\x5c.complete\x5c.unique"]
Start the sensor, it should connect the service and join the channels.
Don't forget, you can have multiple xmpp targets, so even if you run your own network, you can still join the sensors.carnivore.it network.
Create a new account on the server for your backend, grant the backend member privileges on anon-files and anon-events.
One could run prosody with luaevent-prosody, but as long as you are not serving some hundred clients, it's not worth the effort.
Current versions of prosody support XEP-0175 - SASL ANONYMOUS, which allows running sensors without providing them an account.
Currently dionaea does not support SASL ANONYMOUS, patches are welcome.
Create three accounts on your psi client:
On anon-events the anonymous accounts should not see their own messages, and the messages of the other anonymous account, but your admin account (who owns the room) should see all messages.
On anon-files, the anon accounts should be able to see each others messages, but not their own.