如何在CentOS 5.5上安裝Kippo蜜罐
原創(chuàng)【51CTO.com 獨(dú)家譯稿】Kippo是一個可交互的SSH蜜罐,旨在記錄暴力攻擊行為,最重要的是可以記錄攻擊者的shell交互行為,如果你需要了解有關(guān)Kippo更多信息,請?jiān)L問它的官方網(wǎng)站http://code.google.com/p/kippo/,本教程只教你如何在CentOS 5.5服務(wù)器上編譯和安裝Kippo,但我不保證你照做也能成功。
安裝Python 2.6
你可能已經(jīng)知道,CentOS自帶的是Python 2.4,因此你需要安裝Python 2.6,具體的安裝教程請?jiān)L問下面這個鏈接:
http://www.geekymedia.com/tech-articles/rhel5-centos5-rpms-for-python-2-5-and-2-6/.
重要提示:
1)安裝你需要的RPM包,包括Python基礎(chǔ)包和libs包。
2)在命令行輸入python26啟動Python 2.6,注意不是輸入python(系統(tǒng)自帶的Python 2.4仍然保留在系統(tǒng)中)。
3)如果你使用setuptolls安裝軟件包,確保使用正確的python版本(如python26 setup.py安裝)
Twisted,Zope和Pycrypto安裝
Twisted是一個事件驅(qū)動的網(wǎng)絡(luò)引擎,使用Python編寫,基于MIT許可協(xié)議發(fā)布,Twisted項(xiàng)目支持TCP,UDP,SSL/TLS,多播,Unix套接字和其它許多協(xié)議(包括HTTP,NNTP,IMAP,SSH,IRC和FTP等)。
- cd /tmp
- wget http://twistedmatrix.com/Releases/Twisted/10.2/Twisted-10.2.0.tar.bz2
- tar -xvf Twisted-10.2.0.tar.bz2
- cd Twisted-10.2.0
- python26 setup.py build
- python26 setup.py install
Zope是一個開源的Web應(yīng)用程序服務(wù)器,主要用Python寫成。
- cd /tmp
- wget http://www.zope.org/Products/ZopeInterface/3.3.0/zope.interface-3.3.0.tar.gz
- tar -xvf zope.interface-3.3.0.tar.gz
- cd zope.interface-3.3.0
- python26 setup.py build
- python26 setup.py install
Pycrypto是一套使用Python實(shí)現(xiàn)的加密算法和協(xié)議集合。
- cd /tmp
- wget wget http://www.amk.ca/files/python/crypto/pycrypto-2.0.1.tar.gz
- tar -xvf pycrypto-2.0.1.tar.gz
- cd pycrypto-2.0.1
- python26 setup.py build
- python26 setup.py install
ASN.1類型和編碼(BER,CER,DER)也是使用Python編程語言實(shí)現(xiàn)的。
- cd /tmp
- wget http://sourceforge.net/projects/pyasn1/files/pyasn1-devel/0.0.12a/pyasn1-0.0.12a.tar.gz/download
- tar -xvf pyasn1-0.0.12a.tar.gz
- cd pyasn1-0.0.12a
- python26 setup.py build
- python26 setup.py install
創(chuàng)建用戶
Kippo不能以root用戶運(yùn)行,因此我們必須創(chuàng)建一個正規(guī)的用戶。
useradd kippouser
你需要從http://kippo.googlecode.com下載最新的Kippo源代碼包。
#p#
- su - kippouser
- wget http://kippo.googlecode.com/files/kippo-0.5.tar.gz
- tar -xvf kippo-0.5.tar.gz
- cd kippo-0.5
配置Kippo
- vi kippo.cfg
- #
- # Kippo configuration file (kippo.cfg)
- #
- [honeypot]
- # IP addresses to listen for incoming SSH connections.
- #
- # (default: 0.0.0.0) = any address
- #ssh_addr = 0.0.0.0
- # Port to listen for incoming SSH connections.
- #
- # (default: 2222)
- ssh_port = 2222
- # Hostname for the honeypot. Displayed by the shell prompt of the virtual
- # environment.
- #
- # (default: sales)
- hostname = sales
- # Directory where to save log files in.
- #
- # (default: log)
- log_path = log
- # Directory where to save downloaded (malware) files in.
- #
- # (default: dl)
- download_path = dl
- # Directory where virtual file contents are kept in.
- #
- # This is only used by commands like 'cat' to display the contents of files.
- # Adding files here is not enough for them to appear in the honeypot - the
- # actual virtual filesystem is kept in filesystem_file (see below)
- #
- # (default: honeyfs)
- contents_path = honeyfs
- # File in the python pickle format containing the virtual filesystem.
- #
- # This includes the filenames, paths, permissions for the whole filesystem,
- # but not the file contents. This is created by the createfs.py utility from
- # a real template linux installation.
- #
- # (default: fs.pickle)
- filesystem_file = fs.pickle
- # Directory for miscellaneous data files, such as the password database.
- #
- # (default: data_path)
- data_path = data
- # Directory for creating simple commands that only output text.
- #
- # The command must be placed under this directory with the proper path, such
- # as:
- # txtcmds/usr/bin/vi
- # The contents of the file will be the output of the command when run inside
- # the honeypot.
- #
- # In addition to this, the file must exist in the virtual
- # filesystem {filesystem_file}
- #
- # (default: txtcmds)
- txtcmds_path = txtcmds
- # Public and private SSH key files. If these don't exist, they are created
- # automatically.
- #
- # (defaults: public.key and private.key)
- public_key = public.key
- private_key = private.key
- # Initial root password. Future passwords will be stored in
- # {data_path}/pass.db
- #
- # (default: 123456)
- password = 123456
- # IP address to bind to when opening outgoing connections. Used exclusively by
- # the wget command.
- #
- # (default: not specified)
- #out_addr = 0.0.0.0
- # Sensor name use to identify this honeypot instance. Used by the database
- # logging modules such as mysql.
- #
- # If not specified, the logging modules will instead use the IP address of the
- # connection as the sensor name.
- #
- # (default: not specified)
- #sensor_name=myhostname
- # Fake address displayed as the address of the incoming connection.
- # This doesn't affect logging, and is only used by honeypot commands such as
- # 'w' and 'last'
- #
- # If not specified, the actual IP address is displayed instead (default
- # behaviour).
- #
- # (default: not specified)
- #fake_addr = 192.168.66.254
- # MySQL logging module
- #
- # Database structure for this module is supplied in doc/sql/mysql.sql
- #
- # To enable this module, remove the comments below, including the
- # [database_mysql] line.
- #[database_mysql]
- #host = localhost
- #database = kippo
- #username = kippo
- #password = secret
#p#
啟動Kippo
- ./start.sh
日志文件
默認(rèn)情況下,kippo的輸出將會被重定向到日志文件log/kippo.log,使用下面的命令查看Kippo的日志:
- tail -f log/kippo.log
提示:如何訪問Kippo
默認(rèn)情況下,Kippo運(yùn)行在2222端口上,如果運(yùn)行在Windows上,端口22通常是空閑的,可以將Kippo運(yùn)行在這個端口上,在Linux上,端口22有所限制,只能由root使用,但可以使用下面的命令進(jìn)行端口映射:
- iptables -t nat -A PREROUTING -i IN_IFACE -p tcp --dport 22 -j REDIRECT --to-port 2222
使用你真實(shí)的接口名如eth0替換這里的IN_IFACE。
測試
使用root用戶連接到Kippo服務(wù)器的2222端口:
- ssh 127.0.0.1 -p 2222 -l root
如果成功登錄,你一定會看到下面的banner:
- sales:~#
原文出處:http://www.howtoforge.com/how-to-set-up-kippo-ssh-honeypot-on-centos-5.5
原文名:How To Set Up Kippo SSH Honeypot On CentOS 5.5
【51CTO.com獨(dú)家譯稿,非經(jīng)授權(quán)謝絕轉(zhuǎn)載!合作媒體轉(zhuǎn)載請注明原文出處及出處!】
【編輯推薦】
