#!/bin/bash
#===============================================================================
# DIRECTORY:
# /media/LOGTARGET/
#
# FILE:
# remnux5_inetsim_script
#
# USAGE:
# $ [...]
# # bash remnux5_inetsim_script start
# # [...]
# # bash remnux5_inetsim_script stop
# # [...]
#
# OPTIONS:
# none (use configuration!)
#
# DESCRIPTION:
# This script check some necessary requirements before it
# - switch from auto to manual network configuration
# - config and start the "inetsim"-service (incl. iptables)
# - config and start a dhcp-service
# - save all collected data before exit
# (for more there is an german PDF!)
#
# REQUIREMENTS:
# remnux-5.0-live-cd.iso
# (from https://sourceforge.net/projects/remnux/files/version5/)
#
# BUGS:
# ---
#
# NOTES:
# Does run on REMnux 4 and 5.
# Does NOT run on REMnux <= 3 or => 6!
#
# AUTHOR:
# Patrick Neumann, patrick@neumannsland.de
#
# COMPANY:
# (privately)
#
# VERSION:
# 0.9 (Beta)
#
# LINK TO THE MOST CURRENT VERSION:
# https://raw.githubusercontent.com/casualscripter/remnux-stuff/master/remnux5_inetsim_script
#
# CREATED:
# 02.07.2016
#
# COPYRIGHT (C):
# 2015-2016 - Patrick Neumann
#
# LICENSE:
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# WARRANTY:
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
# HISTORY:
# 0.6 (Alpha) - Patrick Neumann - Initial (public) release
# 0.9 (Beta) - Patrick Neumann - added network capturing
#===============================================================================
#=== CONFIGURATION =============================================================
# VMWare + shared folder + automount: "/mnt/hgst"
readonly MOUNT_DIRECTORY="/media"
# VirtualBox + shared folder + automount: "sf_"
readonly PUSHING_IN_BETWEEN="sf_"
readonly LOG_TARGET_LABEL="LOGTARGET"
# The result after automount should look like this:
# USB: /media/LOGTARGET
# VirtualBox: /media/sf_LOGTARGET (default)
# VMware: /mnt/hgst/LOGTARGET
# (That is the reason why manually mount should be preferred!)
# Choose the right on after have a look at "ip link show".
# Most commonly it will be: "eth0".
readonly ETHDEV="eth0"
# Custom timezone (the default in REMnux is "EST5EDT")
readonly TIMEZONE="Europe/Berlin"
#-------------------------------------------------------------------------------
# Check for root privileges.
#-------------------------------------------------------------------------------
if [[ 0 -ne "$( /usr/bin/id --user )" ]] ; then
/bin/echo
/bin/echo " You need to be root:"
/bin/echo
/bin/echo -e " remnux@remnux:~$ \e[1;31;40msudo -s\e[0m"
/bin/echo -e " (The password is: \"\e[1;32;40mmalware\e[0m\")"
/bin/echo
exit 1
fi
#-------------------------------------------------------------------------------
# Check for LABEL.
#-------------------------------------------------------------------------------
if ! /bin/ls -1 "${MOUNT_DIRECTORY}" \
| /bin/grep --fixed-strings --word-regexp \
"${PUSHING_IN_BETWEEN}${LOG_TARGET_LABEL}" \
> /dev/null 2>&1 ; then
/bin/echo
/bin/echo " Convention:"
/bin/echo " USB-Stick (physical): \"/media/LOGTARGET\" or"
/bin/echo " VirtualBox (shared folder): \"/media/sf_LOGTARGET\" or "
/bin/echo " VMWare (shared folder): \"/mnt/hgst/LOGTARGET)!\""
/bin/echo
/bin/echo " Unfortunately not accessible to an appropriate file system under:"
/bin/echo -e " \"\e[1;31;40m${MOUNT_DIRECTORY}/${PUSHING_IN_BETWEEN}${LOG_TARGET_LABEL}\e[0m\""
/bin/echo
/bin/echo " (But you can change the convention by editing the configuration!)"
/bin/echo
exit 1
fi
#-------------------------------------------------------------------------------
# Check for NTFS in a USB flash drive.
#-------------------------------------------------------------------------------
readonly FSCHECK=$( /sbin/blkid \
| /bin/grep --fixed-strings "LABEL=\"$LOG_TARGET_LABEL\"" )
if [[ -n "${FSCHECK}" ]] ; then
if [[ "${FSCHECK}" != *ntfs* ]] ; then
/bin/echo
/bin/echo " To avoid confusing error messages,"
/bin/echo " in case of a USB flash drive is the recommended file system:"
/bin/echo -e " \e[1;31;40mNTFS\e[0m!"
/bin/echo
exit 1
fi
fi
readonly LOG_TARGET="${MOUNT_DIRECTORY}/${PUSHING_IN_BETWEEN}${LOG_TARGET_LABEL}"
#-------------------------------------------------------------------------------
# Check if configured NIC exists.
#-------------------------------------------------------------------------------
if ! /bin/grep "${ETHDEV}" <( /bin/ls -1 "/sys/class/net" ) \
> /dev/null 2>&1 ; then
/bin/echo
/bin/echo -e " \e[1;31;40mNIC \"${ETHDEV}\" does not exist! - EXIT!\e[0m"
/bin/echo
exit 1
fi
/bin/echo
case "${1}" in
start)
#-------------------------------------------------------------------------------
# Check if the script is already running.
#-------------------------------------------------------------------------------
if [ -f "${LOG_TARGET}/running" ] ; then
/bin/echo -e " \e[1;31;40m\"inetsim\" already running? - EXIT!\e[0m"
/bin/echo
exit 1
fi
#-------------------------------------------------------------------------------
# Configuring custom timezone.
#-------------------------------------------------------------------------------
if [ ! -L "/etc/localtime" ] ; then
/bin/rm "/etc/localtime"
/bin/ln -s "/usr/share/zoneinfo/${TIMEZONE}" "/etc/localtime"
fi
#-------------------------------------------------------------------------------
# Deactivating automatic network configuration.
#-------------------------------------------------------------------------------
if [ -f "/etc/init.d/network-manager" ] ; then
if [[ "$( /usr/sbin/service network-manager status )" == *running* ]] ; then
/usr/sbin/service network-manager stop
fi
fi
if /usr/bin/pgrep dhclient > /dev/null 2>&1 ; then
/bin/kill -INT "$( /usr/bin/pgrep dhclient )"
fi
/sbin/ip link set "${ETHDEV}" down
/sbin/ip addr flush dev "${ETHDEV}"
#-------------------------------------------------------------------------------
# Manual network configuration.
#-------------------------------------------------------------------------------
/sbin/ip addr add 10.20.30.1/24 dev "${ETHDEV}"
/sbin/ip link set "${ETHDEV}" promisc on up
#-------------------------------------------------------------------------------
# Configuring and starting the "inetsim" service.
#-------------------------------------------------------------------------------
/bin/cp "/etc/inetsim/inetsim.conf"{,_backup}
/bin/sed --in-place "s/redirect_external_address[[:space:]]10\.10\.10\.1/#&/" \
"/etc/inetsim/inetsim.conf"
/bin/sed --in-place "s/redirect_exclude_port[[:space:]]*tcp:22/#&/" \
"/etc/inetsim/inetsim.conf"
/bin/cat <> "/etc/inetsim/inetsim.conf"
start_service dns
start_service tftp
start_service irc
start_service ntp
start_service finger
start_service ident
start_service syslog
start_service time_tcp
start_service time_udp
start_service daytime_tcp
start_service daytime_udp
start_service echo_tcp
start_service echo_udp
start_service discard_tcp
start_service discard_udp
start_service quotd_tcp
start_service quotd_udp
start_service chargen_tcp
start_service chargen_udp
start_service dummy_tcp
start_service dummy_udp
service_bind_address 10.20.30.1
dns_default_ip 10.20.30.1
create_reports yes
report_language de
redirect_enabled yes
redirect_ignore_bootp yes
EOF
/bin/sed --in-place "s/ENABLED=0/ENABLED=1/" "/etc/default/inetsim"
/usr/sbin/service inetsim start
if [ ! -f "/var/run/inetsim.pid" ] ; then
/bin/echo -e " \e[1;31;40m\"inetsim\" start failed - EXIT!\e[0m"
/bin/echo
exit 1
fi
#-------------------------------------------------------------------------------
# Configuring and starting the "udhcpd" service.
#-------------------------------------------------------------------------------
if /usr/bin/pgrep -f "/bin/busybox udhcpd" > /dev/null 2>&1 ; then
/bin/kill -INT "$( /usr/bin/pgrep -f "/bin/busybox udhcpd" )"
/bin/echo
exit 1
fi
if [ -d "${LOG_TARGET}/udhcpd" ] ; then
rm --recursive --force "${LOG_TARGET}/udhcpd/"*
else
/bin/mkdir "${LOG_TARGET}/udhcpd"
fi
/usr/bin/touch "${LOG_TARGET}/udhcpd/udhcpd.leases"
/bin/cat < "${LOG_TARGET}/udhcpd/udhcpd.conf"
interface ${ETHDEV}
lease_file ${LOG_TARGET}/udhcpd/udhcpd.leases
start 10.20.30.20
end 10.20.30.254
option subnet 255.255.255.0
option router 10.20.30.1
option dns 10.20.30.1
EOF
/bin/busybox udhcpd -S "${LOG_TARGET}/udhcpd/udhcpd.conf"
/bin/sleep 1
if [ ! -f "/var/run/udhcpd.pid" ] ; then
/bin/echo -e " \e[1;31;40m\"udhcpd\" start/reload failed - EXIT!\e[0m"
/bin/echo
exit 1
fi
#-------------------------------------------------------------------------------
# Start (simple) sniffing.
#-------------------------------------------------------------------------------
if [ ! -d "${LOG_TARGET}/tcpdump" ] ; then
/bin/mkdir "${LOG_TARGET}/tcpdump"
fi
/usr/bin/nohup /usr/sbin/tcpdump \
-s 0 -B 4096 -w "${LOG_TARGET}/tcpdump/capture.pcap" \
> "${LOG_TARGET}/tcpdump/out.txt" 2>&1 &
/bin/sleep 1
if [ ! -f "${LOG_TARGET}/tcpdump/capture.pcap" ] ; then
/bin/echo -e " \e[1;31;40m\"starting tcpdump failed - EXIT!\e[0m"
/bin/echo
exit 1
fi
#-------------------------------------------------------------------------------
# Ready for collecting...
#-------------------------------------------------------------------------------
/usr/bin/touch "${LOG_TARGET}/running"
/bin/echo
/bin/echo -e "\e[1;32;40m REMnux + inetsim is ready for collecting data from"
/bin/echo -e " other connected (physical or virtual) machines. :-)\e[0m"
/bin/echo
;;
stop)
#-------------------------------------------------------------------------------
# Check, if already running.
#-------------------------------------------------------------------------------
if [ ! -f "${LOG_TARGET}/running" ] ; then
/bin/echo -e " \e[1;31;40m\"inetsim\" is not running? - EXIT!\e[0m"
/bin/echo
exit 1
fi
#-------------------------------------------------------------------------------
# Save firewall configuration (MS-Windows friendly).
#-------------------------------------------------------------------------------
if [ -d "${LOG_TARGET}/iptables" ] ; then
rm --recursive --force "${LOG_TARGET}/iptables/"*
else
/bin/mkdir "${LOG_TARGET}/iptables"
fi
/sbin/iptables-save > "${LOG_TARGET}/iptables/save"
/bin/sed --in-place 's/$/\r/' "${LOG_TARGET}/iptables/save"
#-------------------------------------------------------------------------------
# Stop sniffing (MS-Windows friendly).
#-------------------------------------------------------------------------------
/bin/kill -INT $( /usr/bin/pgrep "tcpdump" )
/bin/sed --in-place 's/$/\r/' "${LOG_TARGET}/tcpdump/out.txt"
#-------------------------------------------------------------------------------
# Stopping "inetsim" service, save data (MS-Windows friendly) and cleanup.
#-------------------------------------------------------------------------------
/usr/sbin/service inetsim stop
if [ -f "/var/run/inetsim.pid" ] ; then
/bin/echo -e " \e[1;31m\"inetsim\" stop failed - EXIT!\e[0m"
/bin/echo
exit 1
fi
if [ -d "${LOG_TARGET}/inetsim" ] ; then
rm --recursive --force "${LOG_TARGET}/inetsim"
fi
/bin/cp --recursive "/var/log/inetsim" "${LOG_TARGET}/"
/bin/rm "/var/log/inetsim/"*".log"
/bin/rm "/var/log/inetsim/report/"* 2> /dev/null
/bin/sed --in-place 's/$/\r/' "${LOG_TARGET}/inetsim/debug.log"
/bin/sed --in-place 's/$/\r/' "${LOG_TARGET}/inetsim/main.log"
/bin/sed --in-place 's/$/\r/' "${LOG_TARGET}/inetsim/service.log"
/bin/sed --in-place \
's/$/\r/' "${LOG_TARGET}/inetsim/report/report."*".txt" \
2> /dev/null
/bin/mv "/etc/inetsim/inetsim.conf"{_backup,}
#-------------------------------------------------------------------------------
# Stopping "udhcpd" service and save data (MS-Windows friendly).
#-------------------------------------------------------------------------------
readonly UDHCPD_PID="$( cat /var/run/udhcpd.pid )"
/bin/kill -INT "${UDHCPD_PID}"
/bin/sleep 1
if /usr/bin/pgrep -f "/bin/busybox udhcpd" > /dev/null 2>&1 ; then
/bin/echo -e " \e[1;31;40m\"udhcpd\" stop failed - EXIT!\e[0m"
/bin/echo
exit 1
fi
/bin/rm "/var/run/udhcpd.pid"
/bin/grep --fixed-strings "udhcpd[${UDHCPD_PID}]" "/var/log/syslog" \
> "${LOG_TARGET}/udhcpd/udhcpd.log"
/bin/sed --in-place 's/$/\r/' "${LOG_TARGET}/udhcpd/udhcpd.log"
#-------------------------------------------------------------------------------
# Force save data to the "LOGTARGET".
#-------------------------------------------------------------------------------
/bin/sync
#-------------------------------------------------------------------------------
# Loosen rights for non-administrators.
#-------------------------------------------------------------------------------
/bin/chmod -R +r "${LOG_TARGET}"
#-------------------------------------------------------------------------------
# ... stopped.
#-------------------------------------------------------------------------------
/bin/rm "${LOG_TARGET}/running"
/bin/echo
#-------------------------------------------------------------------------------
# Last instructions.
#-------------------------------------------------------------------------------
if [ -n "$FSCHECK" ] ; then
/bin/echo " You can unmount the USB flash drive:"
/bin/echo
/bin/echo -e " root@remnux:~$ \e[1;31;40mumount ${LOG_TARGET}\e[0m"
/bin/echo
/bin/echo " and disconnect it from the PC."
/bin/echo
fi
/bin/echo -e "\e[1;32;40m Now you can have a look at the collected data!"
/bin/echo " (Also under a Microsoft Operating System!)"
/bin/echo
/bin/echo -e " Have fun!\e[0m"
;;
status)
#-------------------------------------------------------------------------------
# Check, if running.
#-------------------------------------------------------------------------------
if [ -f "${LOG_TARGET}/running" ] ; then
/bin/echo -e " \e[1;32;40mSeemingly running!?\e[1;0m"
else
/bin/echo -e " \e[1;31;40mSeemingly NOT running!?\e[1;0m"
fi
;;
*)
#-------------------------------------------------------------------------------
# Display usage.
#-------------------------------------------------------------------------------
/bin/echo " Usage:"
/bin/echo
/bin/echo " Start collecting data:"
/bin/echo -e " root@remnux:~# \e[1;32;40mbash ${0} start\e[0m"
/bin/echo
/bin/echo " Check status (running or not):"
/bin/echo -e " root@remnux:~# \e[1;33;40mbash ${0} status\e[0m"
/bin/echo
/bin/echo " Stop collection data:"
/bin/echo -e " root@remnux:~# \e[1;31;40mbash ${0} stop\e[0m"
/bin/echo
exit 1
esac
/bin/echo
exit 0