We’re happy to release a minor update to CHN, version 1.9.1. This version brings a couple small bug fixes (such as P2P hpfeeds3 sharing), and two new features:
- chn-intel-feeds now supports generating a feed from the API of a CHN-Server
- Two new honeypots: Big-HP and elasticpot
For those currently using chn-intel-feeds, please consult the documentation because without adding at least one new
ENABLED configuration item, you won’t get any data! With this latest release of this container, you can now generate feeds from a CIF server, upload safelist items specifically for you to a CIF instance, or generate a feed by querying a local CHN-Server instance. This last option is a convenient way for those running CHN (but not connected to the STINGAR repository) to provide pre-formatted feeds to protection devices. For those already connected to the STINGAR repository, this option is not recommended as it won’t get you the data any faster.
This release includes Elasticpot, maintained by Vesselin Bontchev, and Big-HP, the first exemplar of a new web honeypot framework by Alexander Merck emulating F5 Networks BigIP management interface. These two honeypots provide two new web interface honeypots that should provide useful additional telemetry for users.
One change made to our deployment scripts in this version, and reflected in the documentation, is the removal of web ports from Dionaea configurations. We no longer recommend that these ports be exposed to the internet, as we’ve discovered a false positive condition with these ports for Dionaea. The documentation for P2P hpfeeds3 full data sharing has been updated to reflect the changes in 1.9 to command locations, etc.
Upgrading from 1.9 should be as simple as updating the tags in your
docker-compose.yml, with the exception for users of chn-intel-feeds who should consult the documentation for the new
chn-intel-feeds.env configuration option. For most users, simply adding a
CIF-SAFELIST) should be enough to keep you instance running properly.
Hopefully everyone will upgrade to this latest version, and let us know via Github of any issues you encounter or features you’d like to see.
Stay safe out there!