Torjus Håkestad
8ff029fcb7
Add an 80s-style green-on-black bank terminal shell ("banking") using
charmbracelet/bubbletea for full-screen TUI rendering over SSH.
Screens: login, main menu, account summary, account detail with
transactions, wire transfer wizard (6-step form capturing routing
number, destination, beneficiary, amount, memo, auth code), transaction
history with pagination, secure messages with breadcrumb content (fake
internal IPs, vault codes), change PIN, and hidden admin access (99)
that locks after 3 failed attempts with COBOL-style error output.
All key actions (login, navigation, wire transfers, admin attempts) are
logged to the session store. Wire transfer data is the honeypot gold.
Configurable via [shell.banking] in TOML: bank_name, terminal_id, region.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
85 lines
2.6 KiB
Markdown
85 lines
2.6 KiB
Markdown
# Oubliette
|
||
|
||
An SSH honeypot that logs login attempts, presents fake shells to "successful" logins, and tries to detect when a real human is poking around.
|
||
|
||
Named after the medieval dungeon - a place you throw people into and forget about them.
|
||
|
||
## Status
|
||
|
||
Early development. See `PLAN.md` for the roadmap.
|
||
|
||
## Usage
|
||
|
||
### Build
|
||
|
||
```sh
|
||
# With Nix
|
||
nix build
|
||
|
||
# With Go
|
||
nix develop -c go build ./cmd/oubliette
|
||
```
|
||
|
||
### Configure
|
||
|
||
Copy and edit the example config:
|
||
|
||
```sh
|
||
cp oubliette.toml.example oubliette.toml
|
||
```
|
||
|
||
Key settings:
|
||
- `ssh.listen_addr` — listen address (default `:2222`)
|
||
- `ssh.host_key_path` — Ed25519 host key, auto-generated if missing
|
||
- `auth.accept_after` — accept login after N failures per IP (default `10`)
|
||
- `auth.credential_ttl` — how long to remember accepted credentials (default `24h`)
|
||
- `auth.static_credentials` — always-accepted username/password pairs (optional `shell` field routes to a specific shell)
|
||
- Available shells: `bash` (fake Linux shell), `fridge` (Samsung Smart Fridge OS), `banking` (80s-style bank terminal TUI)
|
||
- `storage.db_path` — SQLite database path (default `oubliette.db`)
|
||
- `storage.retention_days` — auto-prune records older than N days (default `90`)
|
||
- `storage.retention_interval` — how often to run retention (default `1h`)
|
||
- `shell.hostname` — hostname shown in shell prompts (default `ubuntu-server`)
|
||
- `shell.banner` — banner displayed on connection
|
||
- `shell.fake_user` — override username in prompt; empty uses the authenticated user
|
||
- `web.enabled` — enable the web dashboard (default `false`)
|
||
- `web.listen_addr` — web dashboard listen address (default `:8080`)
|
||
- Session detail pages at `/sessions/{id}` include terminal replay via xterm.js
|
||
- `detection.enabled` — enable human detection scoring (default `false`)
|
||
- `detection.threshold` — score threshold (0.0–1.0) for flagging sessions (default `0.6`)
|
||
- `detection.update_interval` — how often to recompute scores (default `5s`)
|
||
- `notify.webhooks` — list of webhook endpoints for notifications (see example config)
|
||
|
||
### Run
|
||
|
||
```sh
|
||
./oubliette -config oubliette.toml
|
||
```
|
||
|
||
Test with:
|
||
|
||
```sh
|
||
ssh -o StrictHostKeyChecking=no -p 2222 root@localhost
|
||
```
|
||
|
||
### NixOS Module
|
||
|
||
Add the flake as an input and enable the service:
|
||
|
||
```nix
|
||
{
|
||
services.oubliette = {
|
||
enable = true;
|
||
package = inputs.oubliette.packages.${system}.default;
|
||
settings = {
|
||
ssh.listen_addr = ":2222";
|
||
auth.accept_after = 10;
|
||
auth.static_credentials = [
|
||
{ username = "root"; password = "toor"; }
|
||
];
|
||
};
|
||
};
|
||
}
|
||
```
|
||
|
||
Alternatively, use `configFile` to pass a pre-written TOML file instead of `settings`.
|