{ "info": { "author": "Philip Hane", "author_email": "secynic AT gmail DOT com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Information Technology", "Intended Audience :: Science/Research", "Intended Audience :: System Administrators", "License :: OSI Approved :: BSD License", "Operating System :: Unix", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.0", "Programming Language :: Python :: 3.1", "Programming Language :: Python :: 3.2", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Unix Shell", "Topic :: Internet", "Topic :: Security", "Topic :: System :: Monitoring", "Topic :: System :: Networking" ], "description": "==========\nnfsinkhole\n==========\n\n.. image:: https://img.shields.io/badge/license-BSD%202--Clause-blue.svg\n :target: https://github.com/secynic/nfsinkhole/tree/master/LICENSE.txt\n.. image:: https://img.shields.io/badge/python-2.6%2C%202.7%2C%203.0+-blue.svg\n.. image:: https://img.shields.io/badge/os-RHEL%2FCentOS%206%2F7-blue.svg\n\n.. warning::\n\n This version is considered experimental. Do not attempt to use this\n library in production until tests via travis and docker are setup, stable,\n and sufficiently covered.\n\n.. attention::\n\n You are responsible for rotating log files (/var/log/nfsinkhole*), and\n syslog forwarding must be configured manually (automation pending).\n\nnfsinkhole is a Python library and scripts for setting up a Unix server\nas a sinkhole (monitor, log/capture, and drop all traffic to a secondary\ninterface).\n\nThe default setup arguments monitor/capture all traffic. Setup arguments are\nprovided to configure protocols, ports, rate limiting, logging,\nsource IP/CIDR exclusions from logging, and optional packet capture.\n\nAll sinkhole events are written to /var/log/nfsinkhole-events.log. Optionally,\nyou can enable tcpdump to output packet capture text to\n/var/log/nfsinkhole-pcap.log if your version of tcpdump supports packet\nprinting; otherwise reverts to /var/log/nfsinkhole.pcap.\n\nFeatures\n========\n\n* Simple install script\n* Installs as a init.d/systemctl service\n* Service modifies iptables on start/stop, no need to persist iptables\n* rsyslog and syslog-ng (pending) supported\n* RedHat/CentOS 6/7 tested\n* Python 2.6+ and 3.0+ supported\n* Built-in support for dealing with SELinux/AppArmor\n* Packet capture of sinkhole traffic (printed output to log for tcpdump v4.5+)\n* Useful set of utilities\n* Detailed logging to /var/log/nfsinkhole-*\n* Syslog forwarding configuration (pending)\n* BSD license\n\nPlanned Improvements\n====================\n\n* API/class documentation\n* syslog-ng support (currently partially built; unused)\n* Tests via travis-ci/docker\n* Coverage via coverage.io\n* Exception handling overhaul\n* Set logging level (currently debug)\n* BIND/Microsoft/etc DNS server configuration documentation/examples\n* Monitoring use case examples\n* Automatic configuration for syslog forwarding\n* SIEM parsers/apps/plugins\n* Official support/testing for more OS environments\n* Support handling exceptions for HIPS and other endpoint security products\n* Intelligent handling/handshakes (inspired by iptrap -\n https://github.com/jedisct1/iptrap)\n\nLinks\n=====\n\nDocumentation\n-------------\n\nRelease v0.1.0\n^^^^^^^^^^^^^^\n\nhttps://nfsinkhole.readthedocs.io/en/v0.1.0\n\nGitHub master\n^^^^^^^^^^^^^\n\nhttps://nfsinkhole.readthedocs.io/en/latest\n\nGitHub dev\n^^^^^^^^^^\n\nhttps://nfsinkhole.readthedocs.io/en/dev\n\nExamples\n--------\n\nPending\n\nGithub\n------\n\nhttps://github.com/secynic/nfsinkhole\n\nPypi\n----\n\nhttps://pypi.python.org/pypi/nfsinkhole\n\nChanges\n-------\n\nhttps://nfsinkhole.readthedocs.io/en/latest/CHANGES.html\n\nDependencies\n============\n\nOS::\n\n iptables (likely already included in base OS)\n tcpdump (optional - likely already included in base OS)\n\nPython 2.6::\n\n argparse\n\nPython 2.7, 3.0+::\n\n None!\n\nInstalling\n==========\n\n.. attention::\n\n The nfsinkhole service, iptables rules, and tcpdump must run as root.\n You can still use user/virtualenv Python environments, for the library,\n but ultimately, the core sinkhole will be run as root.\n\n.. note::\n\n Replace any below occurence of with the name of your\n sinkhole network interface name.\n\nBase OS (pip) -- RECOMMENDED\n----------------------------\n\nIf pip is not installed, you will first need to add the EPEL repo and install::\n\n sudo yum install epel-release\n sudo yum install python-pip\n\nRHEL/CentOS 6/7\n^^^^^^^^^^^^^^^\n\nBasic::\n\n pip install --user --upgrade nfsinkhole\n python ~/.local/bin/nfsinkhole-setup.py --interface --install --pcap\n\nvirtualenv::\n\n pip install virtualenv\n virtualenv nfsinkhole\n source nfsinkhole/bin/activate\n nfsinkhole/bin/pip install nfsinkhole\n nfsinkhole/bin/python nfsinkhole/bin/nfsinkhole-setup.py --interface --install --pcap\n\nBase OS (no pip)\n----------------\n\nRHEL/CentOS 6\n^^^^^^^^^^^^^\n\nGitHub - Stable::\n\n wget -O argparse.tar.gz https://github.com/ThomasWaldmann/argparse/tarball/master\n tar -C argparse -zxvf argparse.tar.gz\n cd argparse\n python setup.py install --user prefix=\n cd ..\n rm -Rf argparse\n wget -O nfsinkhole.tar.gz https://github.com/secynic/nfsinkhole/tarball/master\n tar -C nfsinkhole -zxvf nfsinkhole.tar.gz\n cd nfsinkhole\n python setup.py install --user prefix=\n cd ..\n rm -Rf nfsinkhole\n python ~/.local/bin/nfsinkhole-setup.py --interface --install --pcap\n\nRHEL/CentOS 7\n^^^^^^^^^^^^^\n\nGitHub - Stable::\n\n wget -O nfsinkhole.tar.gz https://github.com/secynic/nfsinkhole/tarball/master\n tar -C nfsinkhole -zxvf nfsinkhole.tar.gz\n cd nfsinkhole\n python setup.py install --user prefix=\n cd ..\n rm -Rf nfsinkhole\n python ~/.local/bin/nfsinkhole-setup.py --interface --install --pcap\n\nService\n=======\n\nOnce installed you need to start the nfsinkhole service.\n\nRHEL/CentOS 6\n-------------\n\n::\n\n sudo service nfsinkhole start\n\nRHEL/CentOS 7\n-------------\n\n::\n\n sudo systemctl start nfsinkhole.service\n\nAPI\n===\n\nAppArmor\n--------\n\nAppArmor documentation:\n\nhttps://nfsinkhole.readthedocs.io/en/latest/apparmor.html\n\niptables\n--------\n\niptables documentation:\n\nhttps://nfsinkhole.readthedocs.io/en/latest/iptables.html\n\nrsyslog\n-------\n\nrsyslog documentation:\n\nhttps://nfsinkhole.readthedocs.io/en/latest/rsyslog.html\n\nSELinux\n-------\n\nSELinux documentation:\n\nhttps://nfsinkhole.readthedocs.io/en/latest/selinux.html\n\nService\n-------\n\nService (systemd/init.d) documentation:\n\nhttps://nfsinkhole.readthedocs.io/en/latest/service.html\n\nsyslog-ng\n---------\n\nsyslog-ng documentation:\n\nhttps://nfsinkhole.readthedocs.io/en/latest/syslog_ng.html\n\ntcpdump\n-------\n\ntcpdump documentation:\n\nhttps://nfsinkhole.readthedocs.io/en/latest/tcpdump.html\n\nUtilities\n---------\n\nUtilities documentation:\n\nhttps://nfsinkhole.readthedocs.io/en/latest/utils.html\n\nContributing\n============\n\nhttps://nfsinkhole.readthedocs.io/en/latest/CONTRIBUTING.html\n\nSpecial Thanks\n==============\n\nThank you JetBrains for the `PyCharm `_\nopen source support!\n\n\nChangelog\n=========\n\n0.1.0 (2016-08-29)\n------------------\n\n- Initial release", "description_content_type": null, "docs_url": null, "download_url": "https://github.com/secynic/nfsinkhole/tarball/master", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/secynic/nfsinkhole", "keywords": "Python", "license": "Copyright (c) 2016 Philip Hane\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met: \n\n1. Redistributions of source code must retain the above copyright notice, this\n list of conditions and the following disclaimer. \n2. Redistributions in binary form must reproduce the above copyright notice,\n this list of conditions and the following disclaimer in the documentation\n and/or other materials provided with the distribution. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\nON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", "maintainer": null, "maintainer_email": null, "name": "nfsinkhole", "package_url": "https://pypi.org/project/nfsinkhole/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/nfsinkhole/", "project_urls": { "Download": "https://github.com/secynic/nfsinkhole/tarball/master", "Homepage": "https://github.com/secynic/nfsinkhole" }, "release_url": "https://pypi.org/project/nfsinkhole/0.1.0/", "requires_dist": null, "requires_python": null, "summary": "nfsinkhole is a Python library and scripts for setting up a Unix server as a sinkhole (monitor, log/capture, and drop all traffic to a secondary interface).", "version": "0.1.0" }, "last_serial": 2356451, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "f6b9b9e7a216649cc4ccb494c4ffa262", "sha256": "8bfafe6874fc28755e9af047c5a71b1d6ea709ba0c731e7c7322f1c847e77099" }, "downloads": -1, "filename": "nfsinkhole-0.1.0.zip", "has_sig": false, "md5_digest": "f6b9b9e7a216649cc4ccb494c4ffa262", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 37093, "upload_time": "2016-09-22T03:04:23", "url": "https://files.pythonhosted.org/packages/d3/94/a11f4777a2c16fac39964d855c103b34432a9b47d1ce1398507c5279dff8/nfsinkhole-0.1.0.zip" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "f6b9b9e7a216649cc4ccb494c4ffa262", "sha256": "8bfafe6874fc28755e9af047c5a71b1d6ea709ba0c731e7c7322f1c847e77099" }, "downloads": -1, "filename": "nfsinkhole-0.1.0.zip", "has_sig": false, "md5_digest": "f6b9b9e7a216649cc4ccb494c4ffa262", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 37093, "upload_time": "2016-09-22T03:04:23", "url": "https://files.pythonhosted.org/packages/d3/94/a11f4777a2c16fac39964d855c103b34432a9b47d1ce1398507c5279dff8/nfsinkhole-0.1.0.zip" } ] }