splunk/DECEIVE
1
0
Fork 0
mirror of https://github.com/splunk/DECEIVE.git synced 2025-07-02 00:57:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: splunk:config-files
Branches Tags
splunk:main splunk:conversation-history splunk:temperature splunk:command-line-options splunk:wildcard-passwords splunk:ssh-execute-arg splunk:multiplatform-compat splunk:config-files splunk:user-system-prompt
splunk:deceive-1.1 splunk:deceive-1.0
..
compare: splunk:multiplatform-compat
Branches Tags
splunk:main splunk:conversation-history splunk:temperature splunk:command-line-options splunk:wildcard-passwords splunk:ssh-execute-arg splunk:multiplatform-compat splunk:config-files splunk:user-system-prompt
splunk:deceive-1.1 splunk:deceive-1.0

2 Commits
config-fil ... multiplatf

Author SHA1 Message Date
David J. Bianco
7be73a7dff Make peername and sockname calls more robust across platforms 
For whatever reason, MacOS returns 4 values from conn.get_extra_info('peername') and conn.get_extra_info('sockname'), but Linux systems only return 2.  On the Mac, it's only the first two that we need anyway. Now we retrieve them all, no matter how many there are, and just use the first two so it will work on both platforms.
 2025-01-28 10:39:12 -05:00
David J. Bianco
788bd26845 Now print exceptions to console when SSH connection is lost 2025-01-28 10:21:27 -05:00
1 changed files with 104 additions and 86 deletions
Expand all files Collapse all files

22
SSH/ssh_server.py
View File

@ -8,6 +8,7 @@ import threading
import sys import sys
import json import json
import os import os
import traceback
from typing import Optional from typing import Optional
import logging import logging
import datetime import datetime
@ -48,8 +49,18 @@ class MySSHServer(asyncssh.SSHServer):
def connection_made(self, conn: asyncssh.SSHServerConnection) -> None: def connection_made(self, conn: asyncssh.SSHServerConnection) -> None:
# Get the source and destination IPs and ports # Get the source and destination IPs and ports
(src_ip, src_port, _, _) = conn.get_extra_info('peername') peername = conn.get_extra_info('peername')
(dst_ip, dst_port, _, _) = conn.get_extra_info('sockname') sockname = conn.get_extra_info('sockname')
if peername is not None:
src_ip, src_port = peername[:2]
else:
src_ip, src_port = '-', '-'
if sockname is not None:
dst_ip, dst_port = sockname[:2]
else:
dst_ip, dst_port = '-', '-'
# Store the connection details in thread-local storage # Store the connection details in thread-local storage
thread_local.src_ip = src_ip thread_local.src_ip = src_ip
@ -63,6 +74,7 @@ class MySSHServer(asyncssh.SSHServer):
def connection_lost(self, exc: Optional[Exception]) -> None: def connection_lost(self, exc: Optional[Exception]) -> None:
if exc: if exc:
logger.error('SSH connection error', extra={"error": str(exc)}) logger.error('SSH connection error', extra={"error": str(exc)})
traceback.print_exception(exc)
else: else:
logger.info("SSH connection closed") logger.info("SSH connection closed")
# Ensure session summary is called on connection loss if attributes are set # Ensure session summary is called on connection loss if attributes are set
@ -312,6 +324,7 @@ def get_prompts(prompt: Optional[str], prompt_file: Optional[str]) -> dict:
#### MAIN #### #### MAIN ####
try:
# Parse command line arguments # Parse command line arguments
parser = argparse.ArgumentParser(description='Start the SSH honeypot server.') parser = argparse.ArgumentParser(description='Start the SSH honeypot server.')
parser.add_argument('-c', '--config', type=str, default='config.ini', help='Path to the configuration file') parser.add_argument('-c', '--config', type=str, default='config.ini', help='Path to the configuration file')
@ -399,3 +412,8 @@ asyncio.set_event_loop(loop)
loop.run_until_complete(start_server()) loop.run_until_complete(start_server())
loop.run_forever() loop.run_forever()
except Exception as e:
print(f"Error: {e}", file=sys.stderr)
traceback.print_exc()
sys.exit(1)