beeswarm icon indicating copy to clipboard operation
beeswarm copied to clipboard
verified publisher icon honeynet

Allow specification of drop_privileges user and group in configuration

Open cmsmith1977 opened this issue 11 years ago • 4 comments

It would be nice to be able to specify the drop_privileges user and group in the beeswarmcfg.json

cmsmith1977 avatar Sep 09 '14 00:09 cmsmith1977

Dropping privileges has been removed in the latest release, in essence the problem is that if we drop privileges on the drones they cannot bind to ports below 1024 anymore. One workaround would be using linux capabilities as described in #199.

johnnykv avatar Sep 13 '14 12:09 johnnykv

That will work!

You can also setup iptables rules (in Linux) to forward the low number ports to high number ports and set beeswarm to use high number ports.

cmsmith1977 avatar Sep 13 '14 20:09 cmsmith1977

One of the problems with port forwarding is that the Beeswarm system will loose track of the original ports - and that will make it impossible for the Beeswarm server to correlate honeypot sessions and client session.

johnnykv avatar Sep 19 '14 21:09 johnnykv

using iptables is not really port forwarding, rather port re-writing so the source ports remain unchanged.

cmsmith1977 avatar Sep 11 '17 15:09 cmsmith1977