Table of Contents
Service Personas
Every service plugin receives an optional service_cfg dict built from the
INI persona block [decky.<slug>]. This page lists only the knobs the
plugin source actually reads. Anything you find elsewhere and don't see here
is not wired in; file an issue or a plugin PR instead.
See also:
- INI format — top-level INI schema
- Services catalog — slugs, ports, build context
- Custom services — BYOS knobs
- Writing a plugin — adding new knobs
Every snippet below is a [<decky-name>.<slug>] INI subsection — drop it
alongside the matching [<decky-name>] block (or [<archetype>] group
block) in your deployment INI. See INI format for the
subsection-inheritance rules.
Services with no INI knobs
These plugins do not read anything from service_cfg in source. Declaring
them under [decky.<name>] with services = <slug> is enough; no persona
block is required.
rdpvncsmbftptftppostgresmssqlmongodbelasticsearchimappop3ldapconpotmqttsipsnmpdocker_apik8sllmnrsniffer
ssh
Reads from service_cfg:
password— root password baked into the sshd image (defaultadmin)hostname— override container hostname (shown to attacker in the shell prompt /uname -n)
[decky-01.ssh]
password = P@ssw0rd2019!
hostname = mail-gw-03
telnet
Reads from service_cfg:
password— root password (defaultadmin)hostname— override container hostname
[decky-02.telnet]
password = cisco
hostname = edge-rtr-07
http
Reads from service_cfg:
server_header— value of the HTTPServer:response headerresponse_code— default status code for the root pathfake_app— label for the pretend application (served via the template)extra_headers— dict or JSON-encoded string of additional response headerscustom_body— override response body textfiles— host path to a directory bind-mounted read-only at/opt/html_filesinside the container
[decky-03.http]
server_header = Apache/2.4.41 (Ubuntu)
response_code = 200
fake_app = phpMyAdmin 4.9.5
custom_body = <html><body><h1>It works!</h1></body></html>
files = /srv/decnet/fake-www/corp-intranet
https
Reads from service_cfg — same as http, plus TLS overrides:
server_headerresponse_codefake_appextra_headerscustom_bodyfilestls_cert— path or PEM material for the TLS certificatetls_key— path or PEM material for the TLS keytls_cn— Common Name for a self-signed cert generated at startup
[decky-04.https]
server_header = nginx/1.18.0
response_code = 403
fake_app = Jenkins 2.387.3
tls_cn = portal.corp.local
mysql
Reads from service_cfg:
version— advertised MySQL server version string
[decky-05.mysql]
version = 5.7.38-log
redis
Reads from service_cfg:
version— advertised Redis versionos_string— advertised OS string inINFO serveroutput
[decky-06.redis]
version = 6.2.7
os_string = Linux 5.15.0-101-generic x86_64
smtp
Reads from service_cfg:
banner— SMTP220greeting bannermta— advertised MTA software / version
[decky-07.smtp]
banner = mail.corp.local ESMTP Postfix (Debian/GNU)
mta = Postfix 3.5.13
smtp_relay
Inherits the smtp template with SMTP_OPEN_RELAY=1 hard-wired. Reads from
service_cfg:
banner— SMTP220greeting bannermta— advertised MTA software / version
[decky-08.smtp_relay]
banner = relay.corp.local ESMTP
mta = Sendmail 8.15.2
DECNET
User docs
- Quick-Start
- Installation
- Requirements-and-Python-Versions
- CLI-Reference
- INI-Config-Format
- Custom-Services
- Services-Catalog
- Service-Personas
- Archetypes
- Distro-Profiles
- OS-Fingerprint-Spoofing
- Networking-MACVLAN-IPVLAN
- Deployment-Modes
- SWARM-Mode
- MazeNET
- Remote-Updates
- Environment-Variables
- Teardown-and-State
- Database-Drivers
- Systemd-Setup
- Logging-and-Syslog
- Service-Bus
- Web-Dashboard
- REST-API-Reference
- Mutation-and-Randomization
- Troubleshooting
Developer docs
DECNET — honeypot deception-network framework. Pre-1.0, active development — use with caution. See Sponsors to support the project. Contact: samuel@securejump.cl