paulmataruso/deceptifeed
1
0
Fork 0
mirror of https://github.com/r-smith/deceptifeed.git synced 2025-10-23 00:12:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
deceptifeed/configs/default-config.xml
Ryan Smith fd02995f52 chore: add proxy options to default config 
Adds proxy-related options to the default configuration file, with options set to disabled by default. This makes the features more discoverable for new users.
2025-05-15 17:13:32 -07:00

98 lines
3.8 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!-- Deceptifeed Configuration -->
<config>
<!-- The default log path for honeypot servers -->
<defaultLogPath>/opt/deceptifeed/logs/honeypot.log</defaultLogPath>
<!-- Threat Feed Configuration -->
<threatFeed>
<enabled>true</enabled>
<port>9000</port>
<databasePath>/opt/deceptifeed/logs/threatfeed.csv</databasePath>
<threatExpiryHours>336</threatExpiryHours>
<includePrivateIPs>false</includePrivateIPs>
<excludeListPath></excludeListPath>
<enableTLS>false</enableTLS>
<certPath>/opt/deceptifeed/certs/threatfeed-cert.pem</certPath>
<keyPath>/opt/deceptifeed/certs/threatfeed-key.pem</keyPath>
</threatFeed>
<!-- Honeypot Server Configuration -->
<honeypotServers>
<!-- SSH honeypot server on port 2222 -->
<server type="ssh">
<enabled>true</enabled>
<port>2222</port>
<logEnabled>true</logEnabled>
<sendToThreatFeed>true</sendToThreatFeed>
<useProxyProtocol>false</useProxyProtocol>
<keyPath>/opt/deceptifeed/certs/ssh-key.pem</keyPath>
<banner>SSH-2.0-OpenSSH_9.6</banner>
</server>
<!-- HTTP honeypot server on port 8080 -->
<server type="http">
<enabled>true</enabled>
<port>8080</port>
<logEnabled>true</logEnabled>
<sendToThreatFeed>true</sendToThreatFeed>
<sourceIpHeader></sourceIpHeader>
<rules>
<!-- Update the threat feed if any of the following rules match: -->
<include target="path" negate="true">(?i)^(/|/index\.html|/favicon\.ico|/robots\.txt|/sitemap\.xml|/\.well-known/\w+\.txt)$</include>
<include target="query">(?i)(action|conf|dns|file|form|http|id=|json|login|php|q=|url|user|\.\.)</include>
<include target="authorization">.*</include>
<include target="method" negate="true">(?i)^(GET|HEAD|OPTIONS)$</include>
<include target="user-agent">(?i)(curl|go-http-client|httpclient|java|libwww|nikto|nmap|php|python|wget)</include>
<include target="user-agent">^$</include>
</rules>
</server>
<!-- HTTPS honeypot server on port 8443 -->
<server type="https">
<enabled>true</enabled>
<port>8443</port>
<logEnabled>true</logEnabled>
<sendToThreatFeed>true</sendToThreatFeed>
<sourceIpHeader></sourceIpHeader>
<certPath>/opt/deceptifeed/certs/https-cert.pem</certPath>
<keyPath>/opt/deceptifeed/certs/https-key.pem</keyPath>
<rules>
<!-- Update the threat feed if any of the following rules match: -->
<include target="path" negate="true">(?i)^(/|/index\.html|/favicon\.ico|/robots\.txt|/sitemap\.xml|/\.well-known/\w+\.txt)$</include>
<include target="query">(?i)(action|conf|dns|file|form|http|id=|json|login|php|q=|url|user|\.\.)</include>
<include target="authorization">.*</include>
<include target="method" negate="true">(?i)^(GET|HEAD|OPTIONS)$</include>
<include target="user-agent">(?i)(curl|go-http-client|httpclient|java|libwww|nikto|nmap|php|python|wget)</include>
<include target="user-agent">^$</include>
</rules>
</server>
<!-- DISABLED: -->
<!-- Example TCP honeypot server to simulate a Cisco router -->
<server type="tcp">
<enabled>false</enabled>
<port>2323</port>
<logEnabled>true</logEnabled>
<sendToThreatFeed>true</sendToThreatFeed>
<useProxyProtocol>false</useProxyProtocol>
<banner>\nUser Access Verification\n\n</banner>
<prompts>
<prompt log="username">Username: </prompt>
<prompt log="password">Password: </prompt>
</prompts>
</server>
<!-- DISABLED: -->
<!-- Example UDP honeypot server to capture SIP scans -->
<server type="udp">
<enabled>false</enabled>
<port>5060</port>
<logEnabled>true</logEnabled>
</server>
</honeypotServers>
</config>
Reference in New Issue View Git Blame Copy Permalink