上周去听了一下51cto的第四期沙龙,主要讲蜜罐系统和追踪黑客这两块。在听蜜罐系统的时候,学到个新技术:kippo。kippo是什么了?kippo和honeyd都是蜜罐系统。由于刚研究过honeyd,所以对kippo很感兴趣。刚好有时间就装了一下kippo。
下面看过程:
实验环境:rhel5/centos5.5
一:需要的软件包
python需要2.5或2.6版本的,我这里用的是2.6的。
python26-2.6-geekymedia1.i386.rpm
python26-2.6-geekymedia1.src.rpmpython26-debuginfo-2.6-geekymedia1.i386.rpmpython26-devel-2.6-geekymedia1.i386.rpmpython26-libs-2.6-geekymedia1.i386.rpmpython26-test-2.6-geekymedia1.i386.rpmpython26-tools-2.6-geekymedia1.i386.rpmtkinter26-2.6-geekymedia1.i386.rpm
Twisted-10.2.0.tar.bz2
zope.interface-3.3.0.tar.gz
pycrypto-2.0.1.tar.gz
pyasn1-0.0.12a.tar.gz
把所有文件保存到/tmp/haha中。(大家可自己定义)
二:安装软件包1.安装python包
rpm -ivh *.rpm
出错:libTix8.4.so is needed by tkinter26-2.6-geekymedia1.i386
解决:yum install tix tcl tk
2.安装其它包
tar-xvfTwisted-10.2.0.tar.bz2 cdTwisted-10.2.0 python26setup.pybuild python26setup.pyinstall tar-xvfzope.interface-3.3.0.tar.gz cdzope.interface-3.3.0 python26setup.pybuild python26setup.pyinstall tar-xvfpycrypto-2.0.1.tar.gz cdpycrypto-2.0.1 python26setup.pybuild python26setup.pyinstall tar-xvfpyasn1-0.0.12a.tar.gz cdpyasn1-0.0.12a python26setup.pybuild python26setup.pyinstall
三.运行kippo 首先,kippo需要把数据存放到数据库中,所以单独创建一个kippo的库。
mysql-uroot-p createdatabasekippo; grantallprivilegesonkippo.*tokippo@'localhost'identifiedby'kippo'; flushprivileges;
生成表
cdkippo-0.5/doc/sql/ mysql-ukippo-pkippo mysql.sql
解压kippo
tarzxvfkippo-0.5.tar.gz cdkippo-0.5
编辑kippo.cfg
vikippo.cfg catkippo.cfg
内容如下:
[honeypot]
ssh_port = 2222 ———- 端口号(做好是默认的2222,我改了之后不成功,改成2222就可以了)
hostname = hello ———- 主机名
log_path = log
download_path = dl
contents_path = honeyfs
filesystem_file = fs.pickle
data_path = data
txtcmds_path = txtcmds
public_key = public.keyprivate_key = private.key
password = 123456 ——— ssh密码
[database_mysql]host = localhostdatabase = kippousername = kippopassword = kippo
现在就基本配置完了。
这里不要以root省份运行start.sh,不然会报错:
ERROR: You must not run kippo as root!
创建kippo用户,并给于权限
useraddkippouser chown-Rkippouser.kippouser/tmp/haha
以kippouser的身份运行
su-kippouser ssh-keygen-trsa mvprivate.key.pubpublic.key
[kippouser@node2 kippo-0.5]$ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/kippouser/.ssh/id_rsa): ./private.keyEnter passphrase (empty for no passphrase): 这不填Enter same passphrase again: 不填Your identification has been saved in ./private.key.Your public key has been saved in ./private.key.pub.The key fingerprint is:28:a5:58:10:78:39:ee:ed:69:1c:9e:c1:b8:9f:81:57 kippouser@node2
执行start.sh脚本
sh start.sh
出错:
import MySQLdb, uuidexceptions.ImportError: No module named MySQLdb
Failed to load application: No module named MySQLdb
解决办法:
wgethttp://pypi.python.org/packages/source/s/setuptools/setuptools-0.6c11.tar.gz tarzxvfsetuptools-0.6c11.tar.gz cdsetuptools-0.6c11 python26setup.pybuild python26setup.pyinstall wgethttp://cdnetworks-kr-2.dl.sourceforge.net/project/mysql-python/mysql-python/1.2.3/MySQL-python-1.2.3.tar.gz tarzxvfMySQL-python-1.2.3.tar.gz cdMySQL-python-1.2.3 python26setup.pybuild python26setup.pyinstall
如果出现如下错误,是因为没有安装setuptools。应该先装setuptools,再装MySQL-python。
错误:
Traceback (most recent call last): File setup.py , line 5, in ? from setuptools import setup, ExtensionImportError: No module named setuptools
测试
执行start.sh后,查看是否正常运行。
在客户机上进行远程登录
[root@localhost ~]# ssh root@192.168.211.147 -p 2222The authenticity of host ‘192.168.211.147 (192.168.211.147)’ can’t be established.RSA key fingerprint is 28:a5:58:10:78:39:ee:ed:69:1c:9e:c1:b8:9f:81:57.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘192.168.211.147’ (RSA) to the list of known hosts.Password:hello:~# whoami roothello:~# pwd /roothello:~# usert bash: usert: command not found hello:~# uname -r Linuxhello:~# uname -ra Linuxhello:~# uname -a Linux hello 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009 i686 GNU/Linux
有点不好的是backspa键不好用,而且很多地方和真实机还是存在差异的,很多命令都不支持。比如我创建一个用户就相当的麻烦。
四.通过日志或数据库查看记录
tail -10 kippo-0.5/log/kippo.log
或者
到了这里,基本上就大功告成了。
安装参考文档:http://www.howtoforge.com/how-to-set-up-kippo-ssh-honeypot-on-centos-5.5
http://sh4rk.6.ql.bz/?p=593
离开睁眼闭眼看见的城市,逃离身边的纷纷扰扰,