PATH:
opt
/
bitninja-waf3
/
coreruleset
/
util
/
honeypot-sensor
# # Add in honeypot ports. # - These are common proxy ports used by attackers # - All traffic accepted on these ports are suspicious. # Listen 8000 Listen 8080 Listen 8888 # # Create basic virtual host containers that will forward all traffic received # to the official ModSecurity Project honeypot logging host. # # - You should adjust the Document root location to an empty directory on your server # - Also adjust the path to your local ModSecurity mlogc program and for the # mlogc-honeypot-sensor.conf file. # - Make sure you main SecAuditLogType is set to concurrent mode. # <VirtualHost *:8000 *:8080 *:8888> ServerName www.example1.com DocumentRoot "/usr/local/apache/honeypot-htdocs" <Directory "/usr/local/apache/honeypot-htdocs"> Options none AllowOverride None Order allow,deny Allow from all </Directory> SecAuditEngine On SecAuditLog "|/usr/local/apache/bin/mlogc /usr/local/apache/conf/mlogc-honeypot-sensor.conf" </VirtualHost>
[-] modsecurity_crs_10_honeypot.conf
[edit]
[+]
..
[-] mlogc-honeypot-sensor.conf
[edit]
[-] README.md
[edit]