anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

merge testing->tomerge/main #7

Open
anti wants to merge 242 commits from testing into tomerge/main
pull from: testing
merge into: anti:tomerge/main
Conversation 0 Commits 242 Files Changed 513 +6
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a5d6860124 - Show all commits

6
templates/ssh/capture.sh
View File

@@ -1,6 +1,12 @@
#!/bin/bash #!/bin/bash
# SSH honeypot file-catcher. # SSH honeypot file-catcher.
# #
# `lastpipe` runs the tail of `inotify | while` in the current shell, so
# `ps aux` shows one bash instead of two. Job control must be off for
# lastpipe to apply — non-interactive scripts already have it off.
shopt -s lastpipe
set +m
#
# Watches attacker-writable paths with inotifywait. On close_write/moved_to, # Watches attacker-writable paths with inotifywait. On close_write/moved_to,
# copies the file to the host-mounted quarantine dir, writes a .meta.json # copies the file to the host-mounted quarantine dir, writes a .meta.json
# with attacker attribution, and emits an RFC 5424 syslog line. # with attacker attribution, and emits an RFC 5424 syslog line.