# /etc/honeytrap/honeytrap.conf # # This is a sample honeytrap configuration file. # However, the default values below should work in most installations. # # Copyright (C) 2006 Tillmann Werner # # # allowed keywords are: # # keyword values description # ---------------------------------------------------------------------------------- # pidfile path full pid file path (defaults to /var/run/honeytrap.pid if not given) # logfile path full logfile path (defaults to /var/log/honeytrap.log if not given) # user username user from /etc/passwd under which honeytrap should run # group groupname group from /etc/group under which honeytrap should run # promisc - tells honeytrap to sniff in promiscuous mode # mirror - tells honeytrap to run in mirror mode # response_dir path path to directory with default responses (defaults to /etc/honeytrap/responses) # plugin_dir path path to directory with honeytrap plugins (defaults to /usr/src/honeytrap_dynamicsrc) # attacks_dir path where to save attack strings (default is /var/log/honeytrap) # dlsave_dir path where to save downloaded files (default is /var/log/honeytrap) # read_limt number max. bytes to read from a socket - prevents honeytrap from memory exhaustion # Sane defaults for Gentoo logfile = /var/log/honeytrap/honeytrap.log response_dir = /etc/honeytrap/responses plugin_dir = /usr/src/honeytrap_dynamicsrc attacks_dir = /var/log/honeytrap/attacks dlsave_dir = /var/log/honeytrap/downloads # run in mirror mode - mirror connections back to the initiator (use with caution!) # mirror # put network interface into promiscuous mode - only available when using the pcap connection monitor # promisc # max bytes to read from an attack connection (10MB = 10485760) read_limit = 10485760 # use this host (ip address) to listen for FTP data connections (you would need the htm_ftpDownload plugin version 3) # ftp_host = example.com # include explicit port configuration # include = /etc/honeytrap/ports.conf