TracNav menu
-
Definitions
-
Terms
- honeyclient
- internal network
- firewall
- host
- dmz network
- remote resource
-
Components
- HoneyClient::Agent
- HoneyClient::Manager
- HoneyClient::Util
-
FAQ
- General
- Licensing
- Troubleshooting
- Related Work
-
User Guide
- Setup Host
- Setup Firewall VM
- Setup Honeyclient VM
- Setup Drone
- Startup
- Notes
- Troubleshooting
-
Developer Guide
- Repository Layout
- Code Stability Status
- Anonymous Checkout
- Authenticated Checkout
- Committing Code
- Packaging
-
Methodologies
- Lockdown VM Guide
- Registry Parsing
- Scanning Active Content
- Scoring HTML Links
Frequently Asked Questions
General
What is the difference between Honeyclient and HoneyClient?
Honeyclient will always refer to the abstract network term, as defined here.
HoneyClient (with a capital 'C') will always refer to the MITRE Honeyclient code implementation — in other words, HoneyClient is only used to refer to the actual HoneyClient Perl package and all HoneyClient::* sub-packages, which together forms an implementation of Honeyclients.
Why can't I edit any wiki pages directly?
All edits to site content are currently locked. If you'd like to contribute, contact us at honeyclient@mitre.org to discuss further.
We acknowledge that our documentation is not perfect. If you come across any errors or typos, feel free to open a new documentation bug and we will have a look at it.
Does your code support feature X?
We're still in the process of compiling a comprehensive feature list. In the meantime, please see the User Guide and Developer Guide. If you can't find it and have checked our issue list, then feel free to add the new feature as a wish.
I'd like to contribute! How can I help?
Check out the User Guide. You can download the latest HoneyClient packages from here. For sporadic contributors, feel free to help resolve any open issues. For in-depth contributors, contact us at honeyclient@mitre.org to discuss further.
Is there a mailing list I can join?
Yes, we have a public honeyclient mailing list to which you can subscribe. Subscribers will receive updates upon new releases of the code and can participate in general honeyclient discussions.
Licensing
How is this code licensed?
Unless otherwise specified, all code is distributed using the GNU General Public License (GPL) Version 2.
For more information, please see the GNU website and read the GPL FAQ.
Installation
Do you have any documentation on how to install VMware Server on my Linux distribution?
For Ubuntu users, we do have an example Ubuntu VMware Server installation guide. We don't have extensive installation help for any other Linux distribution; however, you can check VMware's website for more detailed support.
Troubleshooting
Error message: Could not open DHCP log file (/var/log/messages)
By default, the DHCP daemon provided by VMware Server writes its log messages into the default syslog file. On most Linux systems, these syslog messages are usually stored in /var/log/messages, as specified in the etc/honeyclient.xml file. This default log file needs to be readable by the HoneyClient::Manager code.
As such, this error indicates that proper permissions were not set for /var/log/messages. You can fix this by issuing the following command as root:
chmod 644 /var/log/messages
Note: If the Linux server performs any syslog rotation on /var/log/messages, then you also need to make sure that newly rotated versions of this file also have global read/write permissions.
Error message: Unable to close file: fw-output/ruleset* at HoneyClient/Manager/FW.pm
When the HoneyClient::Manager issues this error message on the host system, it indicates that the root partition inside the firewall VM has filled up with fw-output logs. You can fix this by logging onto the firewall VM, switching to root, and issuing the following command:
# rm -rf /honeyclient/sandbox/fw-output/*
Note: Make sure you kill all StartManager.pl processes on the host system first. Once you issue the above command on the firewall VM, you should be able to re-run StartManager.pl on the host system.
Warning message: Cannot encode … Will be encoded as 'map' instead
While running the Manager, you may get warning messages such as this:
Cannot encode unnamed element as 'hash'. Will be encoded as 'map' instead
Ignore warning messages like this, as they are generated by SOAP::Lite — a dependency library.
Related Work
What other projects have been developed related to this work?
The information is available on our RelatedWork page.
