Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/betheroot/sticky_elephant
medium interaction postgresql honeypot
https://github.com/betheroot/sticky_elephant
Last synced: about 1 month ago
JSON representation
medium interaction postgresql honeypot
- Host: GitHub
- URL: https://github.com/betheroot/sticky_elephant
- Owner: betheroot
- License: mit
- Created: 2017-03-12T00:44:19.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2024-08-06T17:17:05.000Z (4 months ago)
- Last Synced: 2024-10-06T22:19:05.033Z (2 months ago)
- Language: Ruby
- Size: 65.4 KB
- Stars: 10
- Watchers: 1
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-honeypots - sticky_elephant - Medium interaction postgresql honeypot. (Honeypots)
- awesome-honeypots - sticky_elephant - Medium interaction postgresql honeypot. (Honeypots)
- fucking-awesome-honeypots - sticky_elephant - Medium interaction postgresql honeypot. (Honeypots)
- awesome-honeypot - **6**星
README
# Sticky Elephant
Sticky Elephant is a [medium-interaction](https://pdfs.semanticscholar.org/9d46/8fa983b844c76a07b1e3ea63d6f7a9cae294.pdf)
PostgreSQL honeypot.```
sticky_elephant [options]
-c, --config CONFIG Configuration file to read
-h, --help Display this screen
```## Usage
Either install the gem and
```
% sticky_elephant
```or clone the repo and
```
% ./bin/sticky_elephant
```## Configuration
`sticky_elephant.conf` is a YAML file that defines Sticky Elephant's behavior.
You can tell Sticky Elephant what configuration file to use with `-c`. The
configuration file looks like this:```
:log_path: "./sticky_elephant.log"
:port: 5432
:host: 0.0.0.0
:debug: true
:abort_on_exception: false
:use_hpf: true
:hpf_host: 127.0.0.1
:hpf_port: 10000
:hpf_ident: 24b6875e-03f1-4c2a-b5b0-11af1f49e2bb
:hpf_secret: woofwoofcharlesisagooddog
```
`host` and `port` define the host address and port to which Sticky Elephant
should bind. `log_path` is the log to which Sticky Elephant will write. Do
note that HPFeeds logs go to `stdout` and are separate from Sticky Elephant
application logs. `debug` turns on debug-level logging; `abort_on_exception`
kills threads when they encounter an exception. The `hpf`-prefixed options are
for configuring the HPFeeds server to which Sticky Elephant should report
queries and connections.## Installation
You can just run sticky_elephant in a tmux session, that certainly works. If you
prefer to set things up a bit nicer, make a `sticky_elephant` user and give them
a home directory. Put your config file in
`/etc/sticky_elephant/sticky_elephant.conf` and ensure that the
`sticky_elephant` user can read it. Then you can use this systemd service
definition to run sticky_elephant at boot:
```
[Unit]
Description=sticky_elephant postgres honeypot
Documentation=https://github.com/ffleming/sticky_elephant
After=network.target[Service]
WorkingDirectory=/home/sticky_elephant/
User=sticky_elephant
ExecStart=/usr/local/bin/sticky_elephant -c /etc/sticky_elephant/sticky_elephant.conf
SyslogIdentifier=sticky_elephant
StandardOutput=syslog
StandardError=syslog
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
KillMode=process[Install]
WantedBy=default.target
Alias=sticky_elephant.service
```## Development
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
## Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/betheroot/sticky_elephant.
## To do
* Support [md5 authentication](https://www.postgresql.org/docs/9.6/static/auth-methods.html)
* Anti-fingerprinting
* Mimic commands
* `\l`
* `\d`
* `\dt`
* Log user-selected database in handshake
* Remove argument to `Payload#to_s`
* Break up `Payload` into separate objects