4.1. haka¶

haka is the main program of the collection. It allows to capture packets using either pcap or nfqueue and to filter/alter them according to the specified Haka policy file.

haka is usually launched as a daemon to monitor packets in the background, but it can also be launched from the command line to debug Haka scripts.

4.1.1. Options¶

haka takes the following options:

-h, --help¶: Display usage and options information.

--version¶: Display version information.

-d, --debug¶: Display debug output.

-l, --loglevel [<module>=]<level>[,<module>=<level>[,...]]¶

Set the logging level globally and per module. Available levels are :

debug
info
warning
error
fatal

--no-daemon¶: Do not run haka as daemon, do not detach from the command line.

-c, --config <config>¶: Read setup configuration from given file.

-r, --rule <rules>¶: Override the configuration rule file.

--debug-lua¶: Start haka with debugger capability.

--opt <section>:<key>=<value>¶: Override a parameter value of the configuration.

4.1.2. Configuration file¶

The configuration file is divided into three main sections general, packet, alert and log.

General directives¶

configuration: Set the Haka policy file.

thread: Set the number of threads to use. By default, Haka will use as many threads as cpu-cores.

pass-through=[yes|no]: Activate pass-through mode. Haka will only monitor traffic and will not allow blocking or modification of packets. The overall performence of Haka will be greatly improved.

Packet directives¶

module: Set the packet capture module to use.

See also

Packet capture modules contains a list of all available modules and their options

Alert directives¶

alert_on_stdout=[yes|no]: Enable output of alert on stdout when haka is not run as a daemon. Default to yes.

module: Set the alert module to use.

See also

Alert modules contains the list of all available modules and their options

Log directives¶

level=[<module>=]<level>[,<module>=<level>[,...]]: Set the logging level globally and per module.

module: Set the logging module to use.

See also

Logging modules contains the list of all available modules and their options

Example¶

[general]
# Select the haka script file
configuration = "gettingstarted.lua"

[packet]
# Select the capture method: nfqueue or pcap
module = "packet/nfqueue"

# Select the interfaces to listen to
interfaces = "eth0"

[log]
# Set log level
level = "warn,tcp_connection=error,ipv4=debug"

# Select the log module
module = "log/syslog"

[alert]
# Select the alert module
module = "alert/syslog"

4.1.3. Service¶

On debian, haka is installed as a system service by the .deb package. Unless otherwise specified using the -c command line option, haka will load the default configuration file <haka_install_path>/etc/haka/haka.conf.

Starting Haka service
$ sudo service haka start
Stopping Haka service
$ sudo service haka stop
Restarting Haka service
$ sudo service haka restart
Getting status of Haka service
$ sudo service haka status