diff --git a/kippo/core/ssh.py b/kippo/core/ssh.py index adc1546..919d5c2 100644 --- a/kippo/core/ssh.py +++ b/kippo/core/ssh.py @@ -97,6 +97,27 @@ class HoneyPotSSHFactory(factory.SSHFactory): log.startLoggingWithObserver(dblogger.emit, setStdout=False) self.dbloggers.append(dblogger) + # load new output modules + self.output_plugins = []; + for x in cfg.sections(): + if not x.startswith('output_'): + continue + engine = x.split('_')[1] + output = 'output_' + engine + lcfg = ConfigParser.ConfigParser() + lcfg.add_section(output) + for i in cfg.options(x): + lcfg.set(output, i, cfg.get(x, i)) + lcfg.add_section('honeypot') + for i in cfg.options('honeypot'): + lcfg.set('honeypot', i, cfg.get('honeypot', i)) + log.msg( 'Loading output engine: %s' % (engine,) ) + output = __import__( + 'kippo.output.%s' % (engine,), + globals(), locals(), ['output']).Output(lcfg) + log.startLoggingWithObserver(output.emit, setStdout=False) + self.output_plugins.append(output) + def buildProtocol(self, addr): """ Create an instance of the server side of the SSH protocol. diff --git a/kippo/output/README.md b/kippo/output/README.md new file mode 100644 index 0000000..dbdfdeb --- /dev/null +++ b/kippo/output/README.md @@ -0,0 +1,17 @@ +To create additional output plugins, place Python modules in this directory. + +Plugins need to subclass kippo.core.output.Output and define at least the +methods 'start', 'stop' and 'handleLog' + + import kippo.core.output + + class Output(kippo.core.output.Output): + + def start(self, cfg): + + def stop(self): + + def handleLog( self, event ): + + + diff --git a/kippo/output/__init__.py b/kippo/output/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/kippo/output/jsonlog.py b/kippo/output/jsonlog.py new file mode 100644 index 0000000..534126e --- /dev/null +++ b/kippo/output/jsonlog.py @@ -0,0 +1,54 @@ +# Copyright (c) 2015 Michel Oosterhof +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The names of the author(s) may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import abc +import json + +import kippo.core.output + +class Output(kippo.core.output.Output): + + def start(self, cfg): + self.outfile = file(cfg.get('output_jsonlog', 'logfile'), 'a') + + def stop(self): + pass + + def write(self, session, logentry): + _meta = { + 'session' : session, + } + logentry.update( _meta ) + json.dump( logentry, self.outfile ) + self.outfile.write( '\n' ) + self.outfile.flush() + + def handleLog( self, session, event ): + self.write( session, event ) + +# vim: set sw=4 et: