##################################################################### # This file is the Honeywall import file (aka "honeywall.conf"). # It is a list of VARIABLE=VALUE tuples (including comments as # necessary, # such as this) and whitespace lines. # # note: DO NOT surround values in quotation marks # ##################################################################### # To save the state of the variables in /var/hw/conf specify the floppy device # [Valid argument: /dev/fd0 | no] HwSAVE_ETC_FLOPPY=no # Specify whether or not the Honeywall will operate as either a bridge or NAT # [Valid modes: bridge | nat] HwMODE=bridge # This Honeywall's public IP address(es) # [Valid argument: IP address | space delimited IP addresses] HwPUBLIC_IP=216.168.225.193 # DNS servers honeypots are allowed to communicate with # [Valid argument: IP address | space delimited IP addresses] HwDNS_SVRS=216.168.225.194 # To restrict DNS access to a specific honeypot or group of honeypots, list # them here, otherwise leave this variable blank # [Valid argument: IP address | space delimited IP addresses | blank] HwDNS_HOST=216.168.225.193 # The name of the externally facing network interface # [Valid argument: eth* | br* | ppp*] HwINET_IFACE=eth0 # The name of the internally facing network interface # [Valid argument: eth* | br* | ppp*] HwLAN_IFACE=eth1 # The IP internal connected to the internally facing interface # [Valid argument: IP network in CIDR notation] HwLAN_IP_RANGE=10.10.10.0/24 # The IP broadcast address for internal network # [Valid argument: IP broadcast address] HwLAN_BCAST_ADDRESS=216.168.225.255 # Enable QUEUE support to integrate with Snort-Inline filtering # [Valid argument: yes | no] HwQUEUE=yes # The unit of measure for setting oubtbound connection limits # [Valid argument: second, minute, hour, day, week, month, year] HwSCALE=hour # The number of TCP connections per unit of measure (HwScale) # [Valid argument: integer] HwTCPRATE=25 # The number of UDP connections per unit of measure (HwSCALE) # [Valid argument: integer] HwUDPRATE=25 # The number of ICMP connections per unit of measure (HwSCALE) # [Valid argument: integer] HwICMPRATE=25 # The number of other IP connections per unit of measure (HwSCALE) # [Valid argument: integer] HwOTHERRATE=10 # Enable the SEBEK collector which delivers keystroke and files # to a remote system even if an attacker replaces daemons such as sshd # [Valid argument: yes | no] HwSEBEK=yes # Specify whether whether to drop SEBEK packets or allow them to be sent # outside of the Honeynet. # [Valid argument: ACCEPT | DROP] HwSEBEK_FATE=DROP # Specify the SEBEK destination host IP address # [Valid argument: IP address] HwSEBEK_DST_IP=216.168.225.254 # Specify the SEBEK destination port # [Valid argument: port] HwSEBEK_DST_PORT=1101 # Enable SEBEK logging in the Honeywall firewall logs # [Valid argument: yes | no] HwSEBEK_LOG=yes # Specify the IP netmask for interface alises. One aliases will be created # on the external interface for each Honeypot # [Valid argument: IP netmask] HwALIAS_MASK=255.255.255.0 # Space delimited list of Honeypot ips # NOTE: MUST HAVE SAME NUMBER OF IPS AS PUBLIC_IP VARIABLE. # [Valid argument: IP address] HwHPOT_IP=10.10.10.3 # Specify the IP address of the honeywall's internal ip address. This is # used in nat mode. # [Valid argument: IP address] HwPRIV_IP=10.0.0.1 # Specy the network interface for remote management. If set to br0, it will # assign MANAGE_IP to the logical bridge interface and allow its use as a # management interface. Set to none to disable the management interface. # [Valid argument: eth* | br* | ppp* | none] HwMANAGE_IFACE=eth2 # IP of management Interface # [Valid argument: IP address] HwMANAGE_IP=172.16.1.30 # Netmask of management Interface # [Valid argument: IP netmask] HwMANAGE_NETMASK=255.255.255.0 # Default Gateway of management Interface # [Valid argument: IP address] HwMANAGE_GATEWAY=172.16.1.254 # DNS Servers of management Interface # [Valid argument: space delimited IP addresses] HwMANAGE_DNS=172.16.1.20 # TCP ports allowed into the management interface. If SSH is used this list # must include the port SSHD is listening on. # [Valid argument: space delimited list of TCP ports] HwALLOWED_TCP_IN=22 # Specify the IP address(es) and/or networks that are allowed to connect # to the management interface. Specify any to allow unrestricted access. # [Valid argument: IP address(es) | IP network(s) in CIDR notation | any] HwMANAGER=172.16.3.20 172.16.1.12 # Specify whether or not the Honeywall will restrict outbound network # connections to specific destination ports. When bridge mode is utilized, # a management interface is required to restrict outbound network connections. # [Valid argument: yes | no] HwRESTRICT=yes # Specity the TCP destination ports Honeypots can send network traffic to. # [Valid argument: space delimited list of UDP ports] HwALLOWED_TCP_OUT=22 25 # Specity the UDP destination ports Honeypots can send network traffic to. # [Valid argument: space delimited list of UDP ports] HwALLOWED_UDP_OUT=53 123 # Specify the port on which SSHD will listen # [Valid argument: TCP (port 0 - 65535)] HwSSHD_PORT=22 # Specify whether or not root can login remotely over SSH # [Valid argument: yes | no] HwSSHD_REMOTE_ROOT_LOGIN=no # Specify whether or not to start SSHD at startup. # [Valid argument: yes | no] HwSSHD_STARTUP=yes # Specify whether or not to start swatch and email alerting. # [Valid argument: yes | no] HwALERT=yes # Specify email address to use for email alerting. # [Valid argument: any email address] HwALERT_EMAIL=project@honeynet.org # Specify the system hostname # [Valid argument: any hostname] HwHOSTNAME=honeywall # # Newly defined variables as of Fri Apr 16 03:01:36 UTC 2004 # HwDISK_INIT=done HwHONEYWALL_RUN=yes HwINIT_SETUP=done HwMANAGE_STARTUP=yes HwSWAP=yes