All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Called Number RESTful API resource live at (
http://x.x.x.x:8082/numbers/{number}
) - Called Numbers RESTful API resource live at (
http://x.x.x.x:8082/numbers
)
- Fix rpm build on Fedora due to wrongly defined libcurl callback definition issue causing
make check
to fail
- Switched from 404 to Error 400 on invalid request data at
/ip-addresses/{blah}
- Handle packets sent that are 0 bytes (discovered by nmap probing port 5060)
- Only parse SIP packets if UDP packet payload is > 0 bytes
- Fedora and Debian packaging now available for each release
- HTTP regex route memory leak fix
- vue.js SPA is now in for start web gui
- Remove duplicate uuid_generate call in bad_actor structure
- Add CORS header to all API responses
- Add more header checks to configure.ac
- Switch to
recvmsg
for receiving UDP packets, so we can save the destination IP address of probes - SIP responsive mode can be enabled to reply to SIP probes. This will prompt INVITE's from bad actors for phone call attempts, so you can collect the phone numbers
- API mode can be set to enable replies to RESTful API requests. Depending on your node deployment type, you may not want to enable this
- Web GUI mode can be set to enable the Vue.js SPA. Depending on your node deployment type, you might not want this
- Add
seen_last
andseen_count
bad_actor data structure for use inip_addresses
RESTful API resource ip_addresses
RESTful API resource results sorted byseen_last
descending- Add AC_USE_SYSTEM_EXTENSIONS to configure.ac
- Web GUI mode needs the API to be enabled, so if you don't set API mode, we automatically set it
- Clean up test RESTful API code to fix test suite crashes on macOS
- Highly recommend v5+ of libosip2 via
./configure
- Correct homebrew installation instructions for SentryPeer
- Major test suite refactor for memory leak fixes
- Replies with json no longer leak memory
- Updated README.md copy and paste example for installation instructions from this repository
- Fixed memory leak in route regex matching
- Removed global sqlite error log callback which caused segfaults when trying to show error messages (threads)
- Added an index to the database to speed up searching for IP addresses
- Fixed a segfault when trying to search for IP address/s in an empty database due to global error log bug above
- Better error messages on API responses
- Removed some unnecessary jansson usage
- Dockerfile and now listed on Docker Hub
- Added
event_uuid
,collected_method
(passive or responsive) andcreated_by_node_id
(aa uuid) columns tohoney
table - Extended
bad_actor
data structure to provide above - Added
libuuid
library requirement forcreated_by_node_id
andevent_uuid
column ofhoney
table - Memory leak fix with bad_actor not being destroyed
- Added libmicrohttpd, curl and jansson to provide a RESTful API for honeypot data
- Added build requirement for libmicrohttpd and jansson
- Added syslog support for use with Fail2Ban as per feature request
- Logging to syslog is enabled via
-s
flag. Default is off - Log
Source IP
to sqlite db and syslog (if enabled) to track probes that aren't SIP compliant - systemd service file for SentryPeer for Debian/Ubuntu and Fedora
- Debian packaging placeholder branch
- Handle starting up when Web API port is already in use
- Ran
autoscan
andautoupdate
from autoconf to update configure.ac - API and Web UI are now available at
http://<host>:8082/
. With a Content-Type ofapplication/json
SentryPeer responds with JSON as a RESTful API, otherwise it responds with HTML, i.e. the Web UI - Health check endpoint is now available at
http://<host>:8082/health-check
- Developer option --with-asan added to configure.ac for ASAN (AddressSanitizer) support during
make check
- Added environment variable support for all command line options
- The sqlite
sentrypeer.db
database (call it what you like) location is now configurable via the-f
flag andSENTRYPEER_DB_FILE
environment variable. Default is the current working directory./sentrypeer.db
- Updated man page
- Add SentryPeer to Sonatype Lift static analysis
- API RESTful resources available are:
/
/health-check
/ip-addresses
/ip-addresses/{ip_address}
- OpenAPI specification repo is available at https://github.com/SentryPeer/API-Specification with the openapi.json file
to be served at
http://<host>:8082/openapi.json
(TODO) - New headers added to API responses:
X-Powered-By
:SentryPeer
X-SentryPeer-Version
:0.0.3
ip_addresses
API endpoint also now shows total number of distinct IP addresses in the databasePCRE2
library is now required for building SentryPeer- All IP address queries now use
inet_pton
to validate IPv4 or IPv6 addresses
- Properly exit when
sentrypeer -h
is called - Correct string errors discovered when building RPMs on Fedora
- RPM specfile
- Man page
- README.md additions
- Initial release
- SentryPeer can listen on all interfaces for SIP probes/messages on UDP port 5060 and save them to its sqlite database (sentrypeer.db)