diff --git a/openwrt/package/kismet/Makefile b/openwrt/package/kismet/Makefile index 20b7fed2006..23d9eb34529 100644 --- a/openwrt/package/kismet/Makefile +++ b/openwrt/package/kismet/Makefile @@ -94,6 +94,9 @@ $(PKG_BUILD_DIR)/kismet_server $(PKG_BUILD_DIR)/kismet_drone $(PKG_BUILD_DIR)/ki $(IPKG_SERVER): $(PKG_BUILD_DIR)/kismet_server $(SCRIPT_DIR)/make-ipkg-dir.sh $(IDIR_SERVER) kismet-server.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH) + mkdir -p $(IDIR_SERVER)/etc + cp ./files/kismet.conf $(IDIR_SERVER)/etc/ + echo '/etc/kismet.conf' > $(IDIR_SERVER)/CONTROL/conffiles mkdir -p $(IDIR_SERVER)/usr/sbin cp $< $(IDIR_SERVER)/usr/sbin/ $(STRIP) $(IDIR_SERVER)/usr/sbin/* @@ -105,6 +108,9 @@ $(INFO_SERVER): $(IPKG_SERVER) $(IPKG_DRONE): $(PKG_BUILD_DIR)/kismet_drone $(SCRIPT_DIR)/make-ipkg-dir.sh $(IDIR_DRONE) kismet-drone.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH) + mkdir -p $(IDIR_DRONE)/etc + cp ./files/kismet_drone.conf $(IDIR_DRONE)/etc/ + echo '/etc/kismet_drone.conf' > $(IDIR_DRONE)/CONTROL/conffiles mkdir -p $(IDIR_DRONE)/usr/sbin cp $< $(IDIR_DRONE)/usr/sbin/ $(STRIP) $(IDIR_DRONE)/usr/sbin/* @@ -116,6 +122,9 @@ $(INFO_DRONE): $(IPKG_DRONE) $(IPKG_CLIENT): $(PKG_BUILD_DIR)/kismet_client $(SCRIPT_DIR)/make-ipkg-dir.sh $(IDIR_CLIENT) kismet-client.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH) + mkdir -p $(IDIR_CLIENT)/etc + cp ./files/kismet.conf $(IDIR_CLIENT)/etc/ + echo '/etc/kismet.conf' > $(IDIR_CLIENT)/CONTROL/conffiles mkdir -p $(IDIR_CLIENT)/usr/sbin cp $< $(IDIR_CLIENT)/usr/sbin/ $(STRIP) $(IDIR_CLIENT)/usr/sbin/* diff --git a/openwrt/package/kismet/files/kismet.conf b/openwrt/package/kismet/files/kismet.conf new file mode 100644 index 00000000000..4291989b56a --- /dev/null +++ b/openwrt/package/kismet/files/kismet.conf @@ -0,0 +1,323 @@ +# Kismet config file +# Most of the "static" configs have been moved to here -- the command line +# config was getting way too crowded and cryptic. We want functionality, +# not continually reading --help! + +# Version of Kismet config +version=2004.10.R1 + +# Name of server (Purely for organiational purposes) +servername=Kismet + +# User to setid to (should be your normal user) +suiduser=root + +# Sources are defined as: +# source=cardtype,interface,name[,initialchannel] +# Card types and required drivers are listed in the README. +# The initial channel is optional, if hopping is not enabled it can be used +# to set the channel the interface listens on. +# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE +source=none,none,addme + +# Comma-separated list of sources to enable. This is only needed if you defined +# multiple sources and only want to enable some of them. By default, all defined +# sources are enabled. +# For example: +# enablesources=prismsource,ciscosource + +# Do we channelhop? +channelhop=true + +# How many channels per second do we hop? (1-10) +channelvelocity=5 + +# By setting the dwell time for channel hopping we override the channelvelocity +# setting above and dwell on each channel for the given number of seconds. +#channeldwell=10 + +# Do we split channels between cards on the same spectrum? This means if +# multiple 802.11b capture sources are defined, they will be offset to cover +# the most possible spectrum at a given time. This also controls splitting +# fine-tuned sourcechannels lines which cover multiple interfaces (see below) +channelsplit=true + +# Basic channel hopping control: +# These define the channels the cards hop through for various frequency ranges +# supported by Kismet. More finegrain control is available via the +# "sourcechannels" configuration option. +# +# Don't change the IEEE80211 identifiers or channel hopping won't work. + +# Users outside the US might want to use this list: +# defaultchannels=IEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12 +defaultchannels=IEEE80211b:1,6,11,2,7,3,8,4,9,5,10 + +# 802.11g uses the same channels as 802.11b... +defaultchannels=IEEE80211g:1,6,11,2,7,3,8,4,9,5,10 + +# 802.11a channels are non-overlapping so sequential is fine. You may want to +# adjust the list depending on the channels your card actually supports. +# defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153,157,161,184,188,192,196,200,204,208,212,216 +defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64 + +# Combo cards like Atheros use both 'a' and 'b/g' channels. Of course, you +# can also explicitly override a given source. You can use the script +# extras/listchan.pl to extract all the channels your card supports. +defaultchannels=IEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64 + +# Fine-tuning channel hopping control: +# The sourcechannels option can be used to set the channel hopping for +# specific interfaces, and to control what interfaces share a list of +# channels for split hopping. This can also be used to easily lock +# one card on a single channel while hopping with other cards. +# Any card without a sourcechannel definition will use the standard hopping +# list. +# sourcechannels=sourcename[,sourcename]:ch1,ch2,ch3,...chN + +# ie, for us channels on the source 'prism2source' (same as normal channel +# hopping behavior): +# sourcechannels=prism2source:1,6,11,2,7,3,8,4,9,5,10 + +# Given two capture sources, "prism2a" and "prism2b", we want prism2a to stay +# on channel 6 and prism2b to hop normally. By not setting a sourcechannels +# line for prism2b, it will use the standard hopping. +# sourcechannels=prism2a:6 + +# To assign the same custom hop channel to multiple sources, or to split the +# same custom hop channel over two sources (if splitchannels is true), list +# them all on the same sourcechannels line: +# sourcechannels=prism2a,prism2b,prism2c:1,6,11 + +# Port to serve GUI data +tcpport=2501 +# People allowed to connect, comma seperated IP addresses or network/mask +# blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or as +# numbers (/24) +allowedhosts=127.0.0.1 +# Maximum number of concurrent GUI's +maxclients=5 + +# Do we have a GPS? +gps=true +# Host:port that GPSD is running on. This can be localhost OR remote! +gpshost=localhost:2947 +# Do we lock the mode? This overrides coordinates of lock "0", which will +# generate some bad information until you get a GPS lock, but it will +# fix problems with GPS units with broken NMEA that report lock 0 +gpsmodelock=false + +# Packet filtering options: +# filter_tracker - Packets filtered from the tracker are not processed or +# recorded in any way. +# filter_dump - Packets filtered at the dump level are tracked, displayed, +# and written to the csv/xml/network/etc files, but not +# recorded in the packet dump +# filter_export - Controls what packets influence the exported CSV, network, +# xml, gps, etc files. +# All filtering options take arguments containing the type of address and +# addresses to be filtered. Valid address types are 'ANY', 'BSSID', +# 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' before +# the address. For example, +# filter_tracker=ANY(!00:00:DE:AD:BE:EF) +# has the same effect as the previous mac_filter config file option. +# filter_tracker=... +# filter_dump=... +# filter_export=... + +# Alerts to be reported and the throttling rates. +# alert=name,throttle/unit,burst +# The throttle/unit describes the number of alerts of this type that are +# sent per time unit. Valid time units are second, minute, hour, and day. +# Burst describes the number of alerts sent before throttling takes place. +# For example: +# alert=FOO,10/min,5 +# Would allow 5 alerts through before throttling is enabled, and will then +# limit the number of alerts to 10 per minute. +# A throttle rate of 0 disables throttling of the alert. +# See the README for a list of alert types. +alert=NETSTUMBLER,5/min,2 +alert=WELLENREITER,5/min,2 +alert=LUCENTTEST,5/min,2 +alert=DEAUTHFLOOD,5/min,4 +alert=BCASTDISCON,5/min,4 +alert=CHANCHANGE,5/min,4 +alert=AIRJACKSSID,5/min,2 +alert=PROBENOJOIN,5/min,2 +alert=DISASSOCTRAFFIC,5/min,2 +alert=NULLPROBERESP,5/min,5 +alert=BSSTIMESTAMP,5/min,5 + +# Known WEP keys to decrypt, bssid,hexkey. This is only for networks where +# the keys are already known, and it may impact throughput on slower hardware. +# Multiple wepkey lines may be used for multiple BSSIDs. +# wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900 + +# Is transmission of the keys to the client allowed? This may be a security +# risk for some. If you disable this, you will not be able to query keys from +# a client. +allowkeytransmit=true + +# How often (in seconds) do we write all our data files (0 to disable) +writeinterval=300 + +# Do we use sound? +# Not to be confused with GUI sound parameter, this controls wether or not the +# server itself will play sound. Primarily for headless or automated systems. +sound=false +# Path to sound player +soundplay=/usr/bin/play +# Optional parameters to pass to the player +# soundopts=--volume=.3 +# New network found +sound_new=/tmp/share/kismet/wav/new_network.wav +# Wepped new network +# sound_new_wep=${prefix}/com/kismet/wav/new_wep_network.wav +# Network traffic sound +sound_traffic=/tmp/share/kismet/wav/traffic.wav +# Network junk traffic found +sound_junktraffic=/tmp/share/kismet/wav/junk_traffic.wav +# GPS lock aquired sound +# sound_gpslock=/tmp/share/kismet/wav/foo.wav +# GPS lock lost sound +# sound_gpslost=/tmp/share/kismet/wav/bar.wav +# Alert sound +sound_alert=/tmp/share/kismet/wav/alert.wav + +# Does the server have speech? (Again, not to be confused with the GUI's speech) +speech=false +# Server's path to Festival +festival=/usr/bin/festival +# How do we speak? Valid options: +# speech Normal speech +# nato NATO spellings (alpha, bravo, charlie) +# spell Spell the letters out (aye, bee, sea) +speech_type=nato +# speech_encrypted and speech_unencrypted - Speech templates +# Similar to the logtemplate option, this lets you customize the speech output. +# speech_encrypted is used for an encrypted network spoken string +# speech_unencrypted is used for an unencrypted network spoken string +# +# %b is replaced by the BSSID (MAC) of the network +# %s is replaced by the SSID (name) of the network +# %c is replaced by the CHANNEL of the network +# %r is replaced by the MAX RATE of the network +speech_encrypted=New network detected, s.s.i.d. %s, channel %c, network encrypted. +speech_unencrypted=New network detected, s.s.i.d. %s, channel %c, network open. + +# Where do we get our manufacturer fingerprints from? Assumed to be in the +# default config directory if an absolute path is not given. +ap_manuf=ap_manuf +client_manuf=client_manuf + +# Use metric measurements in the output? +metric=false + +# Do we write waypoints for gpsdrive to load? Note: This is NOT related to +# recent versions of GPSDrive's native support of Kismet. +waypoints=false +# GPSMap waypoint file. This WILL be truncated. +waypointdata=%h/.gpsdrive/way_kismet.txt + +# How many alerts do we backlog for new clients? Only change this if you have +# a -very- low memory system and need those extra bytes, or if you have a high +# memory system and a huge number of alert conditions. +alertbacklog=50 + +# File types to log, comma seperated +# dump - raw packet dump +# network - plaintext detected networks +# csv - plaintext detected networks in CSV format +# xml - XML formatted network and cisco log +# weak - weak packets (in airsnort format) +# cisco - cisco equipment CDP broadcasts +# gps - gps coordinates +logtypes=dump,network,csv,xml,weak,cisco,gps + +# Do we track probe responses and merge probe networks into their owners? +# This isn't always desireable, depending on the type of monitoring you're +# trying to do. +trackprobenets=true + +# Do we log "noise" packets that we can't decipher? I tend to not, since +# they don't have anything interesting at all in them. +noiselog=false + +# Do we log corrupt packets? Corrupt packets have enough header information +# to see what they are, but someting is wrong with them that prevents us from +# completely dissecting them. Logging these is usually not a bad idea. +corruptlog=true + +# Do we log beacon packets or do we filter them out of the dumpfile +beaconlog=true + +# Do we log PHY layer packets or do we filter them out of the dumpfile +phylog=true + +# Do we mangle packets if we can decrypt them or if they're fuzzy-detected +mangledatalog=true + +# Do we do "fuzzy" crypt detection? (byte-based detection instead of 802.11 +# frame headers) +# valid option: Comma seperated list of card types to perform fuzzy detection +# on, or 'all' +fuzzycrypt=wtapfile,wlanng,wlanng_legacy,wlanng_avs,hostap,wlanng_wext + +# What type of dump do we generate? +# valid option: "wiretap" +dumptype=wiretap +# Do we limit the size of dump logs? Sometimes ethereal can't handle big ones. +# 0 = No limit +# Anything else = Max number of packets to log to a single file before closing +# and opening a new one. +dumplimit=0 + +# Do we write data packets to a FIFO for an external data-IDS (such as Snort)? +# See the docs before enabling this. +#fifo=/tmp/kismet_dump + +# Default log title +logdefault=Kismet + +# logtemplate - Filename logging template. +# This is, at first glance, really nasty and ugly, but you'll hardly ever +# have to touch it so don't complain too much. +# +# %n is replaced by the logging instance name +# %d is replaced by the current date as Mon-DD-YYYY +# %D is replaced by the current date as YYYYMMDD +# %t is replaced by the starting log time +# %i is replaced by the increment log in the case of multiple logs +# %l is replaced by the log type (dump, status, crypt, etc) +# %h is replaced by the home directory +# ie, "netlogs/%n-%d-%i.dump" called with a logging name of "Pok" could expand +# to something like "netlogs/Pok-Dec-20-01-1.dump" for the first instance and +# "netlogs/Pok-Dec-20-01-2.%l" for the second logfile generated. +# %h/netlots/%n-%d-%i.dump could expand to +# /home/foo/netlogs/Pok-Dec-20-01-2.dump +# +# Other possibilities: Sorting by directory +# logtemplate=%l/%n-%d-%i +# Would expand to, for example, +# dump/Pok-Dec-20-01-1 +# crypt/Pok-Dec-20-01-1 +# and so on. The "dump", "crypt", etc, dirs must exist before kismet is run +# in this case. +logtemplate=%n-%d-%i.%l + +# Where do we store the pid file of the server? +piddir=/var/run/ + +# Where state info, etc, is stored. You shouldnt ever need to change this. +# This is a directory. +configdir=%h/.kismet/ + +# cloaked SSID file. You shouldn't ever need to change this. +ssidmap=ssid_map + +# Group map file. You shouldn't ever need to change this. +groupmap=group_map + +# IP range map file. You shouldn't ever need to change this. +ipmap=ip_map + diff --git a/openwrt/package/kismet/files/kismet_drone.conf b/openwrt/package/kismet/files/kismet_drone.conf new file mode 100644 index 00000000000..865278ab7a0 --- /dev/null +++ b/openwrt/package/kismet/files/kismet_drone.conf @@ -0,0 +1,120 @@ +# Kismet drone config file + +version=Feb.04.01a + +# Name of server (Purely for organiational purposes) +servername=Kismet + +# User to setid to (should be your normal user) +suiduser=your_user_here + +# Port to serve packet data... This probably shouldn't be the same as the port +# you configured kismet_server for, or else you'll have problems running them +# on the same system. +tcpport=3501 +# People allowed to connect, comma seperated IP addresses or network/mask +# blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or as +# numbers (/24) +allowedhosts=127.0.0.1 +# Maximum number of concurrent stream attachments +maxclients=5 + +# Packet sources: +# source=capture_cardtype,capture_interface,capture_name +# Card type - Specifies the type of device. It can be one of: +# cisco - Cisco card with Linux Kernel drivers +# cisco_cvs - Cisco card with CVS Linux drivers +# cisco_bsd - Cisco on *BSD +# prism2 - Prism2 using wlan-ng drivers with pcap support (all +# current versions support pcap) +# prism2_hostap - Prism2 using hostap drivers +# prism2_legacy - Prism2 using wlan-ng drivers without pcap support (0.1.9) +# prism2_bsd - Prism2 on *BSD +# orinoco - Orinoco cards using Snax's patched driers +# generic - Generic card with no specific support. You will have +# to put this into monitor mode yourself! +# wsp100 - WSP100 embedded remote sensor. +# wtapfile - Saved file of packets readable by libwiretap +# ar5k - ar5k 802.11a using the vt_ar5k drivers +# Capture interface - Specifies the network interface Kismet will watch for +# packets to come in on. Typically "ethX" or "wlanX". For the WSP100 capture +# engine, the WSP100 device sends packets via a UDP stream, so the capture +# interface should be in the form of host:port where 'host' is the WSP100 and +# 'port' is the local UDP port that it will send data to. +# Capture Name - The name Kismet uses for this capture source. This is the +# name used to specify what sources to enable. +# +# To enable multiple sources, specify a source line for each and then use the +# enablesources line to enable them. For example: +# source=prism2,wlan0,prism +# source=cisco,eth0,cisco + +source=generic,prism0,Kismet-Drone + +# Comma-separated list of sources to enable. This is only needed if you wish +# to selectively enable multiple sources. +# enablesources=prism,cisco + +# Do we channelhop? +channelhop=true + +# How many channels per second do we hop? (1-10) +channelvelocity=5 + +# By setting the dwell time for channel hopping we override the channelvelocity +# setting above and dwell on each channel for the given number of seconds. +#channeldwell=10 + +# Do we split channels between cards on the same spectrum? This means if +# multiple 802.11b capture sources are defined, they will be offset to cover +# the most possible spectrum at a given time. This also controls splitting +# fine-tuned sourcechannels lines which cover multiple interfaces (see below) +splitchannels=true + +# Basic channel hopping control: +# These define the channels the cards hop through for various frequency ranges +# supported by Kismet. More finegrain control is available via the +# "sourcechannels" configuration option. +# +# Don't change the IEEE80211 identifiers or channel hopping won't work. + +# Users outside the US might want to use this list: +# defaultchannels=IEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12 +defaultchannels=IEEE80211b:1,6,11,2,7,3,8,4,9,5,10 + +# 802.11g uses the same channels as 802.11b... +defaultchannels=IEEE80211g:1,6,11,2,7,3,8,4,9,5,10 + +# 802.11a channels are non-overlapping so sequential is fine. You may want to +# adjust the list depending on the channels your card actually supports. +# defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153,157,161,184,188,192,196,200,204,208,212,216 +defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64 + +# Combo cards like Atheros use both 'a' and 'b/g' channels. Of course, you +# can also explicitly override a given source. You can use the script +# extras/listchan.pl to extract all the channels your card supports. +defaultchannels=IEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64 + +# Fine-tuning channel hopping control: +# The sourcechannels option can be used to set the channel hopping for +# specific interfaces, and to control what interfaces share a list of +# channels for split hopping. This can also be used to easily lock +# one card on a single channel while hopping with other cards. +# Any card without a sourcechannel definition will use the standard hopping +# list. +# sourcechannels=sourcename[,sourcename]:ch1,ch2,ch3,...chN + +# ie, for us channels on the source 'prism2source' (same as normal channel +# hopping behavior): +# sourcechannels=prism2source:1,6,11,2,7,3,8,4,9,5,10 + +# Given two capture sources, "prism2a" and "prism2b", we want prism2a to stay +# on channel 6 and prism2b to hop normally. By not setting a sourcechannels +# line for prism2b, it will use the standard hopping. +# sourcechannels=prism2a:6 + +# To assign the same custom hop channel to multiple sources, or to split the +# same custom hop channel over two sources (if splitchannels is true), list +# them all on the same sourcechannels line: +# sourcechannels=prism2a,prism2b,prism2c:1,6,11 +