-
Notifications
You must be signed in to change notification settings - Fork 1
8. Enable attack reports from other machines
CortexVacua edited this page Mar 24, 2022
·
1 revision
If you want to run MTDDeployerClient.py from another machine then the Pi itself you have two options.
In the config file set "AllowAllExternalReports": true or ternatively you can also choose to provide some IP addresses which should be whitelisted:
{
"AttackTypes": [
{
"Type": "CnC",
"MTDSolutions": [
{
"Priority": 1,
"ScriptName": "ChangeIpAddress.py",
"AbsolutePath": "/opt/MTDFramework/CnC/",
"RunWithPrefix": "python3"
}
]
},
{
"Type": "Rootkit",
"MTDSolutions": [
{
"Priority": 1,
"ScriptName": "RemoveRootkit.py",
"AbsolutePath": "/opt/MTDFramework/Rootkit/",
"RunWithPrefix": "python3"
}
]
},
{
"Type": "Ransomware",
"MTDSolutions": [
{
"Priority": 1,
"ScriptName": "CreateDummyFiles.py",
"AbsolutePath": "/opt/MTDFramework/Ransomware/",
"RunWithPrefix": "python3",
"Params": "--path /home/ --numberOfDummyFiles 30 --numberOfDummyFilesPerSubdirectory 15 --size 10 --extension pdf"
},
{
"Priority": 2,
"ScriptName": "ChangeFileTypes.py",
"AbsolutePath": "/opt/MTDFramework/Ransomware/",
"RunWithPrefix": "python3",
"Params": "--path /home/ --extensions pdf png so docx --recursive"
}
]
}
],
"AllowAllExternalReports": false,
"WhiteListForExternalReports": ["192.168.1.55", "192.168.1.57"],
"PortToUse": 1234
}