Monday, April 5, 2010

Dionaea XMPP function

Dionaea has used XMPP for the distributed sensor setup and secure messaging purpose. The implementation has code by Markus, the author of Dionaea and commited the overall code at Feb 2010. The configuration as shown :

Dionaea --> XMPP server (Prosody) --> Backend (Store the streamed data into disk or postgre)

The Dionaea sensor will act as the client connect to XMPP server. The sensor will auto-join the specific Groupchat channel which is "anon-events" and "anon-files". With the JABBER/XMPP client such as Psi joined the channel, we may obtain the dionaea event log from the distributed network. Love this idea very much.

I have try to setup XMPP server for local use. I followed the guideline which blogged by Markus http://carnivore.it/?btng[post][tags]=xmpp Several modification I have made to suit my local environment

Simple note :

1. Dionaea will only support for Legacy SSL in XMPP connection. Port 5223 must in listening state for the complete connection. Port 5222 which is the default XMPP port will not be the focus.

I found that the port 5223 not listening at first. After some simple modification, it appeared. The different of my prosody.cft.lua with the blogged as below :

////////////////////////////
Host "*"
-- neglected

ssl = {
key = "/opt/prosody//etc/prosody/certs/localhost.key";
certificate = "/opt/prosody//etc/prosody/certs/localhost.cert";
}

pidfile = "/opt/prosody/var/run/prosody.pid"
legacy_ssl_ports = { 5223 }

--neglected

Host "localhost"
-- Remove the following line to activate this host!
enabled = true -- This will disable the host, preserving the config, but denying connections

-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "/opt/prosody/etc/prosody/certs/localhost.key";
certificate = "/opt/prosody/etc/prosody/certs/localhost.cert";
}


-- Set up a MUC (multi-user chat) room server on conference.example.com:
Component "dionaea.localhost" "muc"

/////////////////////////////////////////

2. My dionaea.conf as below :

logxmpp = {
/**
* this section defines a single xmpp logging target
* you can have multiple
*/
carnviore = {
server = "localhost"

/**
* as dionaea does not support starttls (xmpp on port 5223),
* we rely on 'legacy ssl' for the xmpp connection (port 5222)
*/
port = "5223"
muc = "dionaea.localhost"

/**
* if the server exists, this is a valid account
*/
username = "user@localhost"
password = "user"

3. In dionaea, the "logxmpp" in ihandler must enable for the XMPP support. This spend me quite some time to fix this before the sensor able connect to server.

4. My Psi setting


The end result of the success XMPP connection between sensor and server in GroupChat

To do : The debug info has filled all the terminal space. The polishing and slimming work should be continued.

Thank Markus for the help!

1 comment:

  1. If you still around is there anyway to fix the images?

    ReplyDelete