DECNET

anti/DECNET

Fork 0

Commit Graph

Author	SHA1	Message	Date
anti	d4ac53c0c9	feat(ssh): replace Cowrie with real OpenSSH + rsyslog logging pipeline Scraps the Cowrie emulation layer. The real_ssh template now runs a genuine sshd backed by a three-layer logging stack forwarded to stdout as RFC 5424 for the DECNET collector: auth,authpriv.* → rsyslogd → named pipe → stdout (logins/failures) user.* → rsyslogd → named pipe → stdout (PROMPT_COMMAND cmds) sudo syslog=auth → rsyslogd → named pipe → stdout (privilege escalation) sudo logfile → /var/log/sudo.log (local backup with I/O) The ssh.py service plugin now points to templates/real_ssh and drops all COWRIE_* / NODE_NAME env vars, sharing the same compose fragment shape as real_ssh.py.	2026-04-11 19:12:54 -04:00
anti	988732f4f9	Fix all ruff lint errors across decnet/, templates/, and tests/ Some checks failed CI / Test (pytest) (3.11) (push) Has been cancelled Details CI / Test (pytest) (3.12) (push) Has been cancelled Details Security / SAST (bandit) (push) Has been cancelled Details Security / Dependency audit (pip-audit) (push) Has been cancelled Details CI / Lint (ruff) (push) Has been cancelled Details	2026-04-04 17:36:16 -03:00
anti	7aff040579	Add deaddeck: real interactive SSH entry-point machine Introduces the 'real_ssh' service plugin backed by a genuine OpenSSH server (not cowrie), and the 'deaddeck' archetype that uses it. The container ships with a lived-in Linux environment and a deliberately weak root:admin credential to invite exploitation. - templates/real_ssh/: Dockerfile + entrypoint (configurable via env) - decnet/services/real_ssh.py: BaseService plugin, service_cfg supports password and hostname overrides - decnet/archetypes.py: deaddeck archetype added - tests/test_real_ssh.py: 17 tests covering registration, compose fragment structure, overrides, and archetype Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-04 13:42:19 -03:00

Author

SHA1

Message

Date

anti

d4ac53c0c9

feat(ssh): replace Cowrie with real OpenSSH + rsyslog logging pipeline

Scraps the Cowrie emulation layer. The real_ssh template now runs a
genuine sshd backed by a three-layer logging stack forwarded to stdout
as RFC 5424 for the DECNET collector:

  auth,authpriv.*  → rsyslogd → named pipe → stdout  (logins/failures)
  user.*           → rsyslogd → named pipe → stdout  (PROMPT_COMMAND cmds)
  sudo syslog=auth → rsyslogd → named pipe → stdout  (privilege escalation)
  sudo logfile     → /var/log/sudo.log               (local backup with I/O)

The ssh.py service plugin now points to templates/real_ssh and drops all
COWRIE_* / NODE_NAME env vars, sharing the same compose fragment shape as
real_ssh.py.

2026-04-11 19:12:54 -04:00

anti

988732f4f9

Fix all ruff lint errors across decnet/, templates/, and tests/

CI / Test (pytest) (3.11) (push) Has been cancelled

Details

CI / Test (pytest) (3.12) (push) Has been cancelled

Details

Security / SAST (bandit) (push) Has been cancelled

Details

Security / Dependency audit (pip-audit) (push) Has been cancelled

Details

CI / Lint (ruff) (push) Has been cancelled

Details

2026-04-04 17:36:16 -03:00

anti

7aff040579

Add deaddeck: real interactive SSH entry-point machine

Introduces the 'real_ssh' service plugin backed by a genuine OpenSSH
server (not cowrie), and the 'deaddeck' archetype that uses it. The
container ships with a lived-in Linux environment and a deliberately
weak root:admin credential to invite exploitation.

- templates/real_ssh/: Dockerfile + entrypoint (configurable via env)
- decnet/services/real_ssh.py: BaseService plugin, service_cfg supports
  password and hostname overrides
- decnet/archetypes.py: deaddeck archetype added
- tests/test_real_ssh.py: 17 tests covering registration, compose
  fragment structure, overrides, and archetype

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-04 13:42:19 -03:00

3 Commits