Previous Page Next Page

5.8. Honeydctl

Honeydctl, which stands for Honeyd control, is the secret doorway into the inner workings of Honeyd. With it, you can change Honeyd's configuration while the system is running and use it to create dynamic honeypots that adapt to almost any situation. For example, you can add new honeypots, remove existing ones, or add new services to an IP address. It can also be used to retrieve status information on any of your honeypots or to inspect the currently loaded configuration.

When you start honeydctl, it will connect to the running instance of Honeyd and present you with a console that looks similar to the following output. After some initial information about the system, the user is presented with a prompt. The prompt includes two numbers that characterize the current activity of the honeypots: the number of active connections and the number of active processes. To update the statistics, just press return.

Honeyd 1.5 Management Console
Copyright (c) 2005 Niels Provos. All rights reserved.
See LICENSE for licensing information.
Up for 320014 seconds.
101C 5P honeydctl>


At the moment, honeydctl supports all commands used in the regular configuration file described in Section 4.5, plus a small number of additional commands. The additional commands are as follows:

We can see commands that can be used to retrieve various configuration information and even to delete currently existing connections and templates. To get a terse description for these functions, you can issue the following command: ! honeyd.help().

Access to the console is easily controlled by realizing that communication between Honeydctl and Honeyd happens via a name socket at /var/run/ honeyd.sock. Honeyd creates this file on startup. You can use regular Unix filesystem permission to control which individuals can connect to it. By default, only root is allowed access to the console. Instead of interactively interacting with Honeydctl, it's also possible to script it and configure Honeyd completely dynamically without using a configuration file.

Previous Page Next Page