4.1. haka

haka is the main program of the collection. It allows to capture packets using either pcap or nfqueue and to filter/alter them according to the specified lua policy file.

haka is usually launched as a daemon to monitor packets in the background, but it can also be launched from the command line to debug lua scripts.

4.1.1. Options

haka takes the following options:

-h, --help

Display usage and options information.

--version

Display version information.

-d, --debug

Display debug output.

--no-daemon

Do not run haka as daemon, do not detach from the command line.

-c, --config

Read setup configuration from given file.

--lua-debug

Start haka and immediately attach the Lua debugger.

4.1.2. Configuration file

The configuration file is divided into three main sections general, packet, alert and log.

General directives

configuration

Set the Lua policy file.

thread

Set the number of threads to use. By default, haka will use as many threads as cpu-cores.

pass-through=[yes|no]

Activate pass-through mode. haka will only monitor traffic and will not allow blocking or modification of packets. The overall performence of haka will be greatly improved.

Packet directives

module

Set the packet capture module to use.

See also

Packet capture modules contains a list of all available modules and their options

Alert directives

module

Set the alert module to use.

See also

Alert modules contains the list of all available modules and their options

Log directives

module

Set the logging module to use.

See also

Logging modules contains the list of all available modules and their options

Example

[general]
# Select the haka script detailing the filtering rules
configuration = "gettingstarted.lua"

[packet]
# Select the capture method, nfqueue or pcap
module = "packet/nfqueue"

# Select the interfaces to listen to
interfaces = "eth0"

[log]
# Select the log module
module = "log/syslog"

[alert]
# Select the alert module
module = "alert/syslog"

4.1.3. Modules

Packet capture modules

• Netfilter queue packet/nfqueue
• Pcap packet/pcap

Alert modules

• Syslog alert alert/syslog

Logging modules

• Syslog logging log/syslog

4.1.4. Service

On debian, haka is installed as a system service by the .deb package. Unless otherwise specified using the -c command line option, haka will load the default configuration file <haka_install_path>/etc/haka/haka.conf.

• Starting haka service

  $ sudo service haka start
  

• Stopping haka service

  $ sudo service haka stop
  

• Restarting haka service

  $ sudo service haka restart
  

• Getting status of haka service

  $ sudo service haka status