Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a 'first-cut' analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time.
Attaching ebuild that works on ~amd64.
Created attachment 119611 [details]
Initial honeypot ebuild
Tested on ~amd64. Feedback would be appreciated.
1. The current release is 220.127.116.11.
2. The SRC_URI in the submitted ebuild is wrong.
3. The license field is empty.
4. There is some confusion over DEPEND and RDEPEND (e.g. is libpcap only a runtime dependency?).
5. There is no PYTHON_MODNAME (not sure whether this is relevant though).
6. The ebuild installs redundant file; /usr/share/doc/honeysnap-18.104.22.168/PKG-INFO.bz2.
7. There is no amd64 keyword whatsoever for dev-python/python-irclib, so the ebuild can hardly be ~amd64 as such.
This is an useful tool and therefore I hope you have time check some of the above issues.