In this section you will find several tools commonly used for Honeynet implementations.

Any software developed by the Spanish Honeynet Project is OpenSource and falls under the Revised BSD License. Any other software is at a minimum OpenSource. If you are deploying a honeynet, we assume you have read and understand the concepts, risks and issues disscussed in KYE: Honeynets.

NOTE: The Spanish Honeynet Project makes no warranties, nor can it be held responsibe for damages caused by any tools on this website.

Honeywall scripts

The scripts below have been written to make easier the management of the most common tools used in a Honeywall. The logging directories and log file name formats used are similar to the ones used by the Honeywall CDROM tool to preserve compatibility. These scripts are also included in the paper “Building a GenII Honeynet Gateway”.
honeywall.conf: The main configuration file. It is an improved version of honeywall.conf config file included in the Honeywall CDROM by The Honeynet Project. It has two new options: LAN_BLOCK and LAN_ALLOWDED_IP.

rc.firewall: Script for loading iptables firewall. It is an improved version of the rc.firewall script v0.8 found in Honeywall CDROM that supports the new LAN_BLOCK option. On the other hand, the handlers’ section has been simplified.

snort.sh: Script for managing snort NIDS (config file not provided).

snort_inline.sh: Script for managing snort-inline (config file not provided).

snort_pcap.sh: Script for recording network traffic in binary format using snort in logging mode.

tcpdump.sh: Script for recording network traffic in binary format using tcpdump.

swatch.sh: Script for managing Swatch, used to provide basic alerting capabilites.

swatch.conf: Swatch elemental configuration file.