Added patches submitted by Janne Snabb:

* New config option "ssh_addr", which can be used to be bind kippo to a
   specific IP 
 * New config option "out_addr", which tells kippo to bind to a specific IP
   for outgoing connections (wget)
 * wget now sends a fake user-agent
 * anydbm .iterkeys() isn't necessarily available (passwd, last)


git-svn-id: https://kippo.googlecode.com/svn/trunk@143 951d7100-d841-11de-b865-b3884708a8e2

kippo.cfg.dist

@@ -1,4 +1,5 @@
 [honeypot]
+;ssh_addr = 0.0.0.0
 ssh_port = 2222
 hostname = sales
 log_path = log
@@ -10,6 +11,7 @@ filesystem_file = fs.pickle
 public_key = public.key
 private_key = private.key
 password = 123456
+;out_addr = 0.0.0.0
 ;sensor_name=myhostname
 
 ;[database]

kippo.tac

@@ -33,9 +33,16 @@ factory.portal.registerChecker(honeypot.HoneypotPasswordChecker(factory))
 factory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=pubKeyString)}
 factory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=privKeyString)}
 
+cfg = config()
+if cfg.has_option('honeypot', 'ssh_addr'):
+    ssh_addr = cfg.get('honeypot', 'ssh_addr')
+else:
+    ssh_addr = '0.0.0.0'
+
 application = service.Application('honeypot')
 service = internet.TCPServer(
-    int(config().get('honeypot', 'ssh_port')), factory)
+    int(cfg.get('honeypot', 'ssh_port')), factory,
+    interface=ssh_addr)
 service.setServiceParent(application)
 
 # vim: set ft=python sw=4 et:

kippo/commands/base.py

@@ -246,7 +246,7 @@ class command_passwd(HoneyPotCommand):
         data_path = self.honeypot.env.cfg.get('honeypot', 'data_path')
         passdb = anydbm.open('%s/pass.db' % (data_path,), 'c')
         if len(self.password) and self.password not in passdb:
-            passdb[self.password] = None
+            passdb[self.password] = ''
         passdb.close()
 
         self.writeln('passwd: password updated successfully')

kippo/commands/last.py

@@ -14,7 +14,7 @@ class command_last(HoneyPotCommand):
         db = anydbm.open('%s/lastlog.db' % \
             config().get('honeypot', 'data_path'), 'c')
         count = 0
-        for k in sorted(db.iterkeys(), reverse=True):
+        for k in sorted(db.keys(), reverse=True):
             self.writeln(db[k])
             count += 1
             if count >= 25:

kippo/commands/wget.py

@@ -83,7 +83,11 @@ class command_wget(HoneyPotCommand):
 
         factory = HTTPProgressDownloader(
             self, fakeoutfile, url, outputfile, *args, **kwargs)
-        self.connection = reactor.connectTCP(host, port, factory)
+        out_addr = None
+        if self.honeypot.env.cfg.has_option('honeypot', 'out_addr'):
+            out_addr = (self.honeypot.env.cfg.get('honeypot', 'out_addr'), 0)
+        self.connection = reactor.connectTCP(
+            host, port, factory, bindAddress=out_addr)
         return factory.deferred
 
     def ctrl_c(self):
@@ -106,7 +110,8 @@ commands['/usr/bin/wget'] = command_wget
 # from http://code.activestate.com/recipes/525493/
 class HTTPProgressDownloader(client.HTTPDownloader):    
     def __init__(self, wget, fakeoutfile, url, outfile, headers=None):
-        client.HTTPDownloader.__init__(self, url, outfile, headers=headers)
+        client.HTTPDownloader.__init__(self, url, outfile, headers=headers,
+            agent='Wget/1.11.4')
         self.status = None
         self.wget = wget
         self.fakeoutfile = fakeoutfile

utils/passdb.py

@@ -10,7 +10,7 @@ if __name__ == '__main__':
         sys.exit(1)
     db = anydbm.open(sys.argv[1], 'c')
     if sys.argv[2] == 'list':
-        for password in db:
+        for password in db.keys():
             print password
     elif sys.argv[2] == 'add':
         db[sys.argv[3]] = None