经过一上午的不懈努力,终于把honeyd给装上了,虽然途中报错无数,但我还是成功了。之所以能成功,还是多亏baidu和google的帮忙,更重要的是那些肯分享技术的人。正所谓取之于网络,回报于网络。所以我也就把我的经验拿出来和大家分享。
一. 安装环境:centos 5.5
需要的软件:
honeyd-1.5c.tar.gz
libdnet-1.11.tar.gz
libevent-1.4.14b-stable.tar.gz
libdnsres-0.1a.tar.gz
libpcap-1.1.1.tar.gz
arpd-0.2.tar.gz
honeyd_kit-1.0c-a.tgz
二. 下载上边的软件包,可以点击下载,也可以到附件中下载。
三. 安装
tar zxvf honeyd-1.5c.tar.gz
cd honeyd-1.5c
./configure
出错了:configure: error: libpcap not found
原因是没有安装libpcap包,现在开始安装。
tar zxvf libpcap-1.1.1.tar.gz
cd libpcap-1.1.1
./configure ;make;make install
安装完libpcap后再回来安装honeyd。
./configure
又出错了:
checking for dnet-config… noconfigure: error: dnet-config not found
缺少libdnet包。
tar zxvf libdnet-1.11.tar.gz
cd libdnet-1.11
./configure ;make;make install
再回来安装honeyd。
./configure
出错:
checking for libevent… noconfigure: error: libevent not found
缺少libevent包。
tar zxvf libevent-1.4.14b-stable.tar.gz
cd libevent-1.4.14b-stable
./configure ;make;make install
再回来安装honeyd。
./configure
出错了:configure: error: need either libedit or libreadline; install one of them
解决办法:
yum install -y readline readline-devel
再回来安装honeyd。
./configure ;make;make install
安装完honeyd后接下来安装arpd包。
tar zxvf arpd-0.2.tar.gz
cd arpd
./configure
make
make的时候出错了:
arpd.c: In function ‘arpd_send’:arpd.c:268: error: expected ‘)’ before string constantarpd.c: In function ‘arpd_lookup’:arpd.c:285: error: expected ‘)’ before string constantarpd.c:294: error: expected ‘)’ before string constantarpd.c:297: error: expected ‘)’ before string constantarpd.c: In function ‘arpd_recv_cb’:arpd.c:426: error: expected ‘)’ before string constantmake: *** [arpd.o] Error 1
解决方法:
在arpd/arpd.c文件中添加 #define __FUNCTION__
然后在编译
make;make install
现在基本上就安装成功了。
四. 还容易遇到的问题
arpd包编译成功后,连接生成arpd二进制程序,在linux下运行时,出现如下错误:[root@linux lib]# arpd ./arpd/arpd: error while loading shared libraries: libevent-1.4.so.2: cannot open shared object file: No such file or directo
解决方法:方法一:直接把libevent-1.4.so.2文件拷贝到系统指定的/usr/lib库文件目录中。或者做符合连接
方法二:设置/etc/ld.so.conf文件,编辑该文件,在文件中加入libevent-1.4.so.2所在的目录,保存后退出。需要注意的是,每次改动ld.so.conf之后需要运行ldconfing来确认刷新。
原因分析:arpd运行时,需要libevent库的支持,所以在运行arpd前,要先编译好libevent包,并把产生的libevent-1.4.so.2文件拷贝到系统默认的库文件目录下,以便arpd运行时能够连接到。
五. Honeyd的简单配置使用
Honeyd 的命令格式如下: honeyd [-dP] [-l logfile] [-s servicelog] [-p fingerprints] [-0 p0f-file] [-x xprobe] [-a assoc] [-f file] [-i interface] [-u uid] [-g gid] [–webserver-address address] [–webserver-port port] [–webserver-root path] [–rrdtool-path path] [–disable-webserver] [–disable-update] [–verify-config] [–fix-webserver-permissions] [-V|–version] [-h|–help] [–include-dir] [–data-dir] [net …]
各选项的含义如下: -d :非守护程序的形式,允许冗长的调试信息。
-P :在一些系统中,pcap 不能通过 select(2)来获得事件通知是不可能的,在这种情况下,honeyd 需要在轮训模式下工作,这个标志位是使论询位有效的。 -l logfile:对日志包和日志文件的连接是被日志文件指定的。
-s servicelog:将honeyd记录的服务层日志写入到指定的服务日志文件中。
-x xprobe:读 xprobe 类型的指纹,这个文件决定了 honeyd 如何响应 ICMP 指纹工具。
-a assoc:读联系 nmap 风格指纹和 xprobe 指纹风格的文件。
-f file:读取名为 file 的配置文件。
-i interface:指定侦听的接口,可以指定多个接口。
[ V|–version:打印出版本信息同时退出。
-include-dir:用作插件开发,指定 honeyd 存贮它的头文件的位置。
[–webserver-address address] [–webserver-port port] [–webserver-root path] [–rrdtool-path path] [–fix-webserver-permissions]指定Honeyd软件内建Web服务的地址、端口和根目录,以及Web服务依赖的RRDTool的位置,–fix-webserver-permissions修正Web目录权限设置导致网页不可读取问题。
net:指定IP地址或者网络或者IP地址范围,如果没有指定,honeyd将监视它能看见的任何IP地址的流量。
在Honeyd软件宿主主机上运行arpd绑定同一网段中某个空闲IP地址,然后运行Honeyd软件在此空闲IP地址上构建虚拟蜜罐。[root@linux opt]#arpd 192.168.100.5
[root@linux opt]#mkdir /var/log/honeyd[root@linux opt]#touch /var/log/honeyd/honeyd.log[root@linux opt]#touch /var/log/honeyd/service.log[root@linux opt]#chown nobody.nobody /var/log/honeyd/*.log[root@linux opt]# ll /var/log/honeyd总计 8-rw-r–r– 1 nobody nobody 2617 12-09 17:44 honeyd.log-rw-r–r– 1 nobody nobody 102 12-09 17:44 service.log
[root@linux honeyd-1.5c]# honeyd -d -l /var/log/honeyd/honeyd.log -s /var/log/honeyd/service.log –fix-webserver-permissions 192.168.100.100Honeyd V1.5c Copyright (c) 2002-2007 Niels Provoshoneyd[20090]: started with -d -l /var/log/honeyd/honeyd.log -s /var/log/honeyd/service.log –fix-webserver-permissions 192.168.100.100Warning: Impossible SI range in Class fingerprint IBM OS/400 V4R2M0 Warning: Impossible SI range in Class fingerprint Microsoft Windows NT 4.0 SP3 honeyd[20090]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 192.168.100.100))) and not ether src 00:0c:29:51:b7:f3honeyd[20090]: Demoting process privileges to uid 99, gid 99honeyd[20090]: update_check: failed to resolve host.honeyd[20090]: Sending ICMP Echo Reply: 192.168.100.100 – 192.168.100.1honeyd[20090]: Sending ICMP Echo Reply: 192.168.100.100 – 192.168.100.1honeyd[20090]: Sending ICMP Echo Reply: 192.168.100.100 – 192.168.100.1honeyd[20090]: Sending ICMP Echo Reply: 192.168.100.100 – 192.168.100.1
如果上面的内容还不能解决您的问题,可以与我qq联系。qq:297020555
出错:configure: error: libdnsres not found
解决办法:
wget http://www.monkey.org/~provos/libdnsres-0.1a.tar.gz
tar zxvf libdnsres-0.1a.tar.gz
cd libdnsres-0.1a
./configure ;make;make install
错误:
yacc -d ./parse.ymake: yacc: Command not foundmake: *** [parse.c] Error 127
解决办法:
yum install -y byacc
编译libpcap时出错:
configure: error: Your operating system’s lex is insufficient to compilelibpcap. flex is a lex replacement that has many advantages, includingbeing able to compile libpcap. For more information, seehttp://www.gnu.org/software/flex/flex.html .
问题:
缺少flex包
解决办法:
yum install -y flex
出错:
make all-recursive make[1]: Entering directory `/home/jlawre23/Desktop/honeyd-1.5c’ Making all in . make[2]: Entering directory `/home/jlawre23/Desktop/honeyd-1.5c’ gcc -DHAVE_CONFIG_H -I. -I. -I. -I./compat/libdnet -I./compat -I/usr/local/include -I/usr/include/pcap -I/usr/include -O2 -Wall -g -DPATH_HONEYDINCLUDE= \ /usr/local/include/honeyd\ -DPATH_HONEYDDATA= \ /usr/local/share/honeyd\ -DPATH_HONEYDLIB= \ /usr/local/lib/honeyd\ -DHONEYD_PLUGINS_DECLARE= -DHONEYD_PLUGINS= -DPATH_RRDTOOL= \ \ -c honeyd.c In file included from honeyd.c:97: tagging.h:89: error: expected declaration specifiers or … before ( token tagging.h:89: error: expected declaration specifiers or … before ( token In file included from stats.h:36, from honeyd.c:98: ./compat/sha1.h:23: warning: __bounded__ attribute directive ignored ./compat/sha1.h:23: warning: __bounded__ attribute directive ignored ./compat/sha1.h:26: warning: __bounded__ attribute directive ignored ./compat/sha1.h:28: warning: __bounded__ attribute directive ignored ./compat/sha1.h:30: warning: __bounded__ attribute directive ignored ./compat/sha1.h:32: warning: __bounded__ attribute directive ignored ./compat/sha1.h:35: warning: __bounded__ attribute directive ignored ./compat/sha1.h:35: warning: __bounded__ attribute directive ignored make[2]: *** [honeyd.o] Error 1 make[2]: Leaving directory `/home/jlawre23/Desktop/honeyd-1.5c’ make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/jlawre23/Desktop/honeyd-1.5c’ make: *** [all] Error 2
解决办法:
卸掉其他版本的libevent包,安装本文提供的libevent-1.4.14b-stable。
附件:http://down.51cto.com/data/2357903
经验是由痛苦中粹取出来的
