https://github.com/ldilley/linulator

:penguin: The Linux Simulator
https://github.com/ldilley/linulator

audit auditing emulator hack hacker hacking honeypot information-security java linux log logging network network-monitoring penetration penetration-testing security security-tools simulator virtual-machine

Last synced: 14 days ago
JSON representation

:penguin: The Linux Simulator

• Host: GitHub
• URL: https://github.com/ldilley/linulator
• Owner: ldilley
• License: gpl-3.0
• Created: 2013-11-05T11:07:09.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2023-03-23T05:42:06.000Z (almost 2 years ago)
• Last Synced: 2025-01-03T05:30:22.307Z (19 days ago)
• Topics: audit, auditing, emulator, hack, hacker, hacking, honeypot, information-security, java, linux, log, logging, network, network-monitoring, penetration, penetration-testing, security, security-tools, simulator, virtual-machine
• Language: Java
• Homepage:
• Size: 2.93 MB
• Stars: 14
• Watchers: 3
• Forks: 2
• Open Issues: 13
• Metadata Files:
  • Readme: README.md
  • License: license.txt

Awesome Lists containing this project

README

        
Linulator

=========

[![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](http://www.gnu.org/licenses/gpl-3.0)

[![Build Status](https://travis-ci.org/ldilley/linulator.svg?branch=master)](https://travis-ci.org/ldilley/linulator)

### About

The goal of this project is to create a fake Linux environment with configurable network ports that

can be opened. Linulator can be used as a learning or training environment or even as a honeypot.

While operating as a honeypot, it will hopefully attract potential attackers so that their methods

can be learned. The environment can be frozen and saved to disk for forensic analysis. Extensive

logging can also be employed.

**Note:** This project is still very much a work in progress! There is no virtual filesystem in place yet,

SSH is not implemented, and many commands still need to be added.

Since the network services Linulator uses typically run on privileged ports and it is not recommended

that you run Linulator as root, you should run the services on ports >1024 and configure your firewall

to forward or redirect the traffic to the higher-numbered ports. You may also want to run the program

within a virtual machine, container, zone, jail, or chroot environment for added security on the host

system.

### Installation

**Prerequisites:** [Apache Ant](http://ant.apache.org) and a [JDK](http://openjdk.java.net)

1.) Build the jar:  

```

$ ant

```

2.) Change to the dist directory:  

```

$ cd dist

```

3.) Modify the configuration file to your liking:  

```

$ vi linulator.properties

```

4.) Optionally modify the security policy to meet your needs (the default should suffice):  

```

$ vi linulator.policy

```

5.) Forward or redirect any ports you want to use with Linulator. If you have a firewall/NAT appliance

or broadband router, you can simply have Linulator listen on higher-numbered ports and forward the

standard port numbers. For example: outside:23 -> inside:10023 for telnet. If the host is reachable

from the Internet and Linulator is listening on nonstandard unprivileged ports, you will want to

redirect traffic from the standard ports. This can be done using iptables, ipfw, or similar. Replace

the addresses, interfaces, and ports in the examples below with your own.

**FreeBSD**  

Modify */etc/rc.conf* and add the following line:  

```

pf_enable="YES"

```

Add similar lines for each service to */etc/pf.conf*:  

```

rdr pass on em0 proto tcp from any to 192.168.1.7 port 10023 -> 192.168.1.7 port 23

```

Start the packet filter:  

```

# /etc/rc.d/pf start

```

Confirm the rules are in memory:  

```

# pfctl -sn

```

**Linux**  

Run similar commands for each service (see the documentation for your distribution to make the rule persistent):  

```

# iptables -t nat -I PREROUTING --src 0/0 --dst 192.168.1.7 -p tcp --dport 23 -j REDIRECT --to-ports 10023

```

Confirm the rules are in memory:  

```

# iptables -L

```

**OS X <= 10.6 (Snow Leopard)**  

Run similar commands for each service (and replace the rule numbers with your own):  

```

$ sudo ipfw add 101 fwd 192.168.1.7,10023 tcp from any to me 23

```

Confirm the rules are in memory:  

```

$ sudo ipfw list

```

To make the rules persistent, you can add them to */etc/ipfw.conf* and create a launch agent or daemon

to load them automatically (use a search engine for details.)

**OS X 10.7 (Lion), 10.8 (Mountain Lion), and 10.9 (Mavericks)**  

Note: *ipfw* was deprecated in 10.7 (Lion). Use *pf* instead.

Add similar lines for each service to */etc/pf.conf*:  

```

rdr on en0 inet proto tcp to 192.168.1.7 port 23 -> 192.168.1.7 port 10023

```

Load the changes:  

```

$ sudo pfctl -f /etc/pf.conf

```

Enable the packet filter:  

```

$ sudo pfctl -e

```

Confirm the rules are in memory:  

```

$ sudo pfctl -sn

```

**Solaris**  

Add similar lines for each service to */etc/ipf/ipnat.conf*:  

```

rdr e1000g0 from any to 192.168.1.7 port = 23 -> 192.168.1.7 port 10023 tcp

```

Enable the IP filter:

```

# svcadm enable ipfilter

```

Confirm the rules are in memory:  

```

# ipnat -l

```

6.) Launch Linulator (where X.X.X is the version and YYYYMMDD is the build date):  

```

$ java -jar linulator-X.X.X-YYYYMMDD.jar

```

7.) Enjoy!

### FAQ

**Why create a fake Linux environment when you can have a real one?**

This project was mainly created for learning purposes. The aim was to also create something even

more disposable than a virtual machine with less setup time.

**If used as a honeypot, how can an attacker gain access to the Linulator environment?**

The idea is to allow the attacker access via FTP and telnet (and later SSH) after they discover a

user/password combination with the password being intentionally weak. They can then navigate around

the artificial system while Linulator logs their moves to the host system. They may attempt to remove

log files, modify files, plant rootkits, and perform other malicious activities. All of this behavior

can be tracked and does not harm the host operating system.

**Why Java?**

C was originally intended to be used for this project, but Java has some benefits worth taking

advantage of. Java has a large API. As a result, there is unlikely a need to go in search of

third-party libraries or re-invent the wheel. Java is also more portable and eliminates the

requirement for things like #ifdef and cmake.

Another very important and particularly applicable aspect for Linulator is security. Java performs

bounds checking on arrays which can significantly reduce the risk of buffer overflows (unless there

is a vulnerability in the JVM of course.) The SecurityManager class is additionally essential since

it limits what users can do within Linulator. Lastly, a consequence of automatic memory management

is that there are no explicit pointers. This increases safety by preventing dangling/wild pointers

and defends against memory leaks.