README
¶
#+options: ':nil *:t -:t ::t <:t H:3 \n:nil ^:t arch:headline author:t #+options: broken-links:nil c:nil creator:nil d:(not "LOGBOOK") date:t e:t #+options: email:nil f:t inline:t num:nil p:nil pri:nil prop:nil stat:t tags:t #+options: tasks:t tex:t timestamp:t title:t toc:t todo:t |:t #+title: Decepto - Sentinel #+author: Daniele Santoro #+email: dsantoro@fbk.eu #+language: en #+select_tags: export #+exclude_tags: noexport #+creator: Emacs 28.1 (Org mode 9.5.4) #+cite_export: Sentinel is a tiny and simple service which is injected as a sidecar into any decoys created by Decepto with the sole objective to raise an alert if any unwanted communication reaches it. Given that a decoy should not receive any traffic by its nature so it considers possibly harmful any connection that reaches any decoy Pod. Once a possible thread is discovered, Sentinel collects useful information such as the source IP, the timestamp and other packet low level details, which are crafted into a message and sent to the Decepto manager via the HTTP API notifying a possible lateral movement in action. * Build sentinel Build the container locally #+begin_src sh docker build -t gitlab-registry.fbk.eu/cyber-deception/decepto/sentinel . #+end_src Use the below command to create a cross-architecture image and push it to the Docker registry. Note that in this case the image will not be pushed also locally. #+begin_src sh docker buildx build \ --push \ --platform linux/arm/v7,linux/arm64/v8,linux/amd64 \ --tag gitlab-registry.fbk.eu/cyber-deception/decepto/sentinel:latest . #+end_src * Run sentinel You may need to use =sudo= to listen on an interface in promiscuous mode. If not specified the default interface will be used. #+begin_src sh sudo go run . --decepto-api-url="127.0.0.1:8000" --iface=lo0 --port 9999 #+end_src
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.