如何在CentOS 5.5上设置Kippo SSHHoneypot

如何在CentOS 5.5上设置Kippo SSH Honeypot

Kippo是一种中等的交互式SSHHoneypot,旨在记录暴力攻击,最重要的是攻击者执行的整个shell交互。 Kippo是灵感,但不是基于Kojoney。 如果您需要更多有关Kippo的信息,请访问其官方网站http://code.google.com/p/kippo/ 。 本教程将介绍如何在CentOS 5.5服务器上编译和安装Kippo。

我不会保证这将为您工作!

Python 2.6安装

如您所知,CentOS只附带了Python 2.4,因此您需要使用以下链接中的教程安装Python 2.6:

http://www.geekymedia.com/tech-articles/rhel5-centos5-rpms-for-python-2-5-and-2-6/

重要笔记!:

1)只需安装所需版本的RPM。 您至少需要基本的python版本包和libs包。
2)要启动Python 2.6,在命令行中键入python26而不是python。 (您原来的Python 2.4仍然安装。)
3)如果要使用setuptools安装软件包,请确保使用正确的python版本。 (ie python26 setup.py install)

双绞线,Zope接口和Pycrypto安装

Twisted是以Python编写的事件驱动的网络引擎,并根据MIT许可证进行许可。 扭曲的项目各种支持TCP,UDP,SSL / TLS,组播,Unix套接字,大量协议(包括HTTP,NNTP,IMAP,SSH,IRC,FTP等)等等。

cd /tmp
wget http://twistedmatrix.com/Releases/Twisted/10.2/Twisted-10.2.0.tar.bz2
tar -xvf Twisted-10.2.0.tar.bz2
cd Twisted-10.2.0
python26 setup.py build
python26 setup.py install

Zope是一种主要用Python编程语言编写的开源Web应用服务器。

cd /tmp
wget http://www.zope.org/Products/ZopeInterface/3.3.0/zope.interface-3.3.0.tar.gz
tar -xvf zope.interface-3.3.0.tar.gz
cd zope.interface-3.3.0
python26 setup.py build
python26 setup.py install

Pycrypto是一个加密算法和协议的集合,可以从Python中实现。

cd /tmp
wget wget http://www.amk.ca/files/python/crypto/pycrypto-2.0.1.tar.gz
tar -xvf pycrypto-2.0.1.tar.gz
cd pycrypto-2.0.1
python26 setup.py build
python26 setup.py install

ASN.1类型和编解码器(BER,CER,DER)在Python编程语言中的实现。

cd /tmp
wget http://sourceforge.net/projects/pyasn1/files/pyasn1-devel/0.0.12a/pyasn1-0.0.12a.tar.gz/download
tar -xvf pyasn1-0.0.12a.tar.gz
cd pyasn1-0.0.12a
python26 setup.py build
python26 setup.py install

创建常规用户

Kippo不能在root用户下运行! 所以我们必须创建一个普通用户。

useradd kippouser

下载Kippo源码包

您需要从http://kippo.googlecode.com下载最新版本的Kippo源码包。

su - kippouser 
wget http://kippo.googlecode.com/files/kippo-0.5.tar.gz
tar -xvf kippo-0.5.tar.gz
cd kippo-0.5

配置Kippo

vi kippo.cfg
#
# Kippo configuration file (kippo.cfg)
#
[honeypot]
# IP addresses to listen for incoming SSH connections.
#
# (default: 0.0.0.0) = any address
#ssh_addr = 0.0.0.0
# Port to listen for incoming SSH connections.
#
# (default: 2222)
ssh_port = 2222
# Hostname for the honeypot. Displayed by the shell prompt of the virtual
# environment.
#
# (default: sales)
hostname = sales
# Directory where to save log files in.
#
# (default: log)
log_path = log
# Directory where to save downloaded (malware) files in.
#
# (default: dl)
download_path = dl
# Directory where virtual file contents are kept in.
#
# This is only used by commands like 'cat' to display the contents of files.
# Adding files here is not enough for them to appear in the honeypot - the
# actual virtual filesystem is kept in filesystem_file (see below)
#
# (default: honeyfs)
contents_path = honeyfs
# File in the python pickle format containing the virtual filesystem. 
#
# This includes the filenames, paths, permissions for the whole filesystem,
# but not the file contents. This is created by the createfs.py utility from
# a real template linux installation.
#
# (default: fs.pickle)
filesystem_file = fs.pickle
# Directory for miscellaneous data files, such as the password database.
#
# (default: data_path)
data_path = data
# Directory for creating simple commands that only output text.
#
# The command must be placed under this directory with the proper path, such
# as:
#   txtcmds/usr/bin/vi
# The contents of the file will be the output of the command when run inside
# the honeypot.
#
# In addition to this, the file must exist in the virtual
# filesystem {filesystem_file}
#
# (default: txtcmds)
txtcmds_path = txtcmds
# Public and private SSH key files. If these don't exist, they are created
# automatically.
#
# (defaults: public.key and private.key)
public_key = public.key
private_key = private.key
# Initial root password. Future passwords will be stored in
# {data_path}/pass.db
#
# (default: 123456)
password = 123456
# IP address to bind to when opening outgoing connections. Used exclusively by
# the wget command.
#
# (default: not specified)
#out_addr = 0.0.0.0
# Sensor name use to identify this honeypot instance. Used by the database
# logging modules such as mysql.
#
# If not specified, the logging modules will instead use the IP address of the
# connection as the sensor name.
#
# (default: not specified)
#sensor_name=myhostname
# Fake address displayed as the address of the incoming connection.
# This doesn't affect logging, and is only used by honeypot commands such as
# 'w' and 'last'
#
# If not specified, the actual IP address is displayed instead (default
# behaviour).
#
# (default: not specified)
#fake_addr = 192.168.66.254
# MySQL logging module
#
# Database structure for this module is supplied in doc/sql/mysql.sql
#
# To enable this module, remove the comments below, including the
# [database_mysql] line.
#[database_mysql]
#host = localhost
#database = kippo
#username = kippo
#password = secret

开始Kippo

./start.sh

日志文件

默认情况下,kippo输出将被重定向到文件log / kippo.log 。 要查看Kippo日志记录数据,请使用以下命令:

tail -f log/kippo.log

注意:如何使Kippo能够访问世界!

默认情况下,Kippo正在端口2222上运行。如果在Windows上运行,端口22通常是免费的,并且可以在该端口上运行kippo。 在linux上,仅限root用户端口22,除非您这样做(引用#twisted):

iptables -t nat -A PREROUTING -i IN_IFACE -p tcp --dport 22 -j REDIRECT --to-port 2222

将IN_IFACE替换为真实的接口名称,如eth0!

测试

使用root用户名和123456作为密码连接到端口2222上的Kippo服务器。

ssh 127.0.0.1 -p 2222 -l root

成功登录后,您必须看到以下横幅:

sales:~#

链接

Honeynet项目: http//www.honeynet.org/
Honeypot: http : //en.wikipedia.org/wiki/Honeypot_(computing)
Kippo项目: http : //kippo.googlecode.com/
伊朗Honeynet项目: http//www.honeynet.ir/
CentOS: http : //www.centos.org/

赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏