Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a 'first-cut' analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time.
Attaching ebuild that works on ~amd64.
Created attachment 119611 [details] Initial honeypot ebuild Tested on ~amd64. Feedback would be appreciated.
Hi. Some notes: 1. The current release is 1.0.6.10. 2. The SRC_URI in the submitted ebuild is wrong. 3. The license field is empty. 4. There is some confusion over DEPEND and RDEPEND (e.g. is libpcap only a runtime dependency?). 5. There is no PYTHON_MODNAME (not sure whether this is relevant though). 6. The ebuild installs redundant file; /usr/share/doc/honeysnap-1.0.6.10/PKG-INFO.bz2. 7. There is no amd64 keyword whatsoever for dev-python/python-irclib, so the ebuild can hardly be ~amd64 as such. This is an useful tool and therefore I hope you have time check some of the above issues.