splunk/DECEIVE
1
0
Fork 0
mirror of https://github.com/splunk/DECEIVE.git synced 2025-07-01 16:47:28 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
32441dc4c0f88f27656641c8537701f0e9fcfee2
DECEIVE/SSH/config.ini.TEMPLATE
David J. Bianco cda3c5496b Streamline the prompting 
The config file now contains a new "system_prompt" value in the [llm] section. This would be the same for all DECEIVE instances, and configures how the emulation itself will act. The honeypot administrator should mostly keep this intact. The prompt.txt file now focuses more on what type of system to emulate, and optional details such as valid users, contents to stage on the system, etc.
2025-01-17 14:37:07 -05:00

83 lines
3.3 KiB
Plaintext
Raw Blame History

# THIS IS A TEMPLATE CONFIG FILE FOR HADES
# We provide reasonable defaults for most configuration items, but you should
# review this before using it in production.
[honeypot]
# The name of the file you wish to write the honeypot log to.
log_file = ssh_log.log
# Settings for the SSH honeypot
[ssh]
# The port the SSH honeypot will listen on. You will probably want to set
# this to 22 for production use.
port = 8022
# The host key to use for the SSH server. This should be a private key.
# See the README for how to generate this key.
host_priv_key = ssh_host_key
# The server version string to send to clients.
server_version_string = SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
# Settings to configure which LLM backend to use. Only one stanza
# should be uncommented at a time.
[llm]
##### OpenAI
llm_provider = openai
model_name = gpt-4o
##### Any model via Amazon Bedrock
# Valid AWS model names can be found here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html
#llm_provider = AWS
#model_name = anthropic.claude-3-5-sonnet-20240620-v1:0
# NOTE: Bedrock is not supported on all AWS regions.
#aws_region = us-east-1
#aws_credentials_profile = default
##### Google Gemini
#llm_provider = gemini
#model_name = gemini-1.5-pro
# The maximum number of tokens to send to the LLM backend in a single
# request. This includes the message history for the session, so should
# be fairly high. Not all models support large token counts, so be sure
# to test this with your model.
trimmer_max_tokens = 64000
# System prompt for the LLM. This will be the same for any running instance.
# Change this if you need to tweak behaviors of the simulation itself.
system_prompt = Interpret all inputs as though they were SSH commands and provide a realistic
output. Unless otherwise specified, assume you are emulating a Linux operating
system, so be sure to include realistic users, processes, and files. Do not
include extraneous formatting in your responses. Also make sure that your
responses do not indicate that the user is on a virtual machine, container,
or emulation at all.
On the first call, be sure to include a realistic MOTD.
End all responses with a realistic shell prompt to display to the user,
including a space at the end.
Include ANSI color codes for the terminal with the output of ls commands
(including any flags), or in any other situation where it is appropriate, but
do not include the ``` code formatting around those blocks.
Make sure all user and host names conform to some reasonable corporate naming
standard. Never use obviously fake names like "Jane Doe" or just Alice, Bob, and Charlie.
If at any time the user's input would cause the SSH session to close (e.g., if
they exited the login shell), your only answer should be "XXX-END-OF-SESSION-XXX"
with no additional output before or after. Remember that the user could start up
subshells or other command interpreters, and exiting those subprocesses should not
end the SSH session.
Assume the username is {username}.
# The valid user accounts and passwords for the SSH server, in the
# form "username = password". Note that you can enable login without
# a password by leaving that field blank (e.g., "guest =" on a line by
# itself)
[user_accounts]
guest =
user1 = secretpw
user2 = password123
Reference in New Issue View Git Blame Copy Permalink