linux下安装kippo【原创】推荐

上周去听了一下51cto的第四期沙龙，主要讲蜜罐系统和追踪黑客这两块。在听蜜罐系统的时候，学到个新技术：kippo。kippo是什么了？kippo和honeyd都是蜜罐系统。由于刚研究过honeyd，所以对kippo很感兴趣。刚好有时间就装了一下kippo。

下面看过程：

实验环境：rhel5/centos5.5

一：需要的软件包

python需要2.5或2.6版本的，我这里用的是2.6的。

python26-2.6-geekymedia1.i386.rpm

python26-2.6-geekymedia1.src.rpmpython26-debuginfo-2.6-geekymedia1.i386.rpmpython26-devel-2.6-geekymedia1.i386.rpmpython26-libs-2.6-geekymedia1.i386.rpmpython26-test-2.6-geekymedia1.i386.rpmpython26-tools-2.6-geekymedia1.i386.rpmtkinter26-2.6-geekymedia1.i386.rpm

Twisted-10.2.0.tar.bz2

zope.interface-3.3.0.tar.gz

pycrypto-2.0.1.tar.gz

pyasn1-0.0.12a.tar.gz

把所有文件保存到/tmp/haha中。(大家可自己定义)

二：安装软件包1.安装python包

rpm -ivh *.rpm

出错：libTix8.4.so is needed by tkinter26-2.6-geekymedia1.i386

解决：yum install tix tcl tk

2.安装其它包

tar-xvfTwisted-10.2.0.tar.bz2 cdTwisted-10.2.0 python26setup.pybuild python26setup.pyinstall tar-xvfzope.interface-3.3.0.tar.gz cdzope.interface-3.3.0 python26setup.pybuild python26setup.pyinstall tar-xvfpycrypto-2.0.1.tar.gz cdpycrypto-2.0.1 python26setup.pybuild python26setup.pyinstall tar-xvfpyasn1-0.0.12a.tar.gz cdpyasn1-0.0.12a python26setup.pybuild python26setup.pyinstall

三.运行kippo 首先，kippo需要把数据存放到数据库中，所以单独创建一个kippo的库。

mysql-uroot-p createdatabasekippo; grantallprivilegesonkippo.*tokippo@'localhost'identifiedby'kippo'; flushprivileges;

生成表

cdkippo-0.5/doc/sql/ mysql-ukippo-pkippo mysql.sql

解压kippo

tarzxvfkippo-0.5.tar.gz cdkippo-0.5

编辑kippo.cfg

vikippo.cfg catkippo.cfg

内容如下：

[honeypot]

ssh_port = 2222 ———- 端口号(做好是默认的2222，我改了之后不成功，改成2222就可以了)

hostname = hello ———- 主机名

log_path = log

download_path = dl

contents_path = honeyfs

filesystem_file = fs.pickle

data_path = data

txtcmds_path = txtcmds

public_key = public.keyprivate_key = private.key

password = 123456 ——— ssh密码

[database_mysql]host = localhostdatabase = kippousername = kippopassword = kippo

现在就基本配置完了。

这里不要以root省份运行start.sh，不然会报错：

ERROR: You must not run kippo as root!

创建kippo用户，并给于权限

useraddkippouser chown-Rkippouser.kippouser/tmp/haha

以kippouser的身份运行

su-kippouser ssh-keygen-trsa mvprivate.key.pubpublic.key 

[kippouser@node2 kippo-0.5]$ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/kippouser/.ssh/id_rsa): ./private.keyEnter passphrase (empty for no passphrase): 这不填Enter same passphrase again: 不填Your identification has been saved in ./private.key.Your public key has been saved in ./private.key.pub.The key fingerprint is:28:a5:58:10:78:39:ee:ed:69:1c:9e:c1:b8:9f:81:57 kippouser@node2

执行start.sh脚本

sh start.sh

出错：

import MySQLdb, uuidexceptions.ImportError: No module named MySQLdb

Failed to load application: No module named MySQLdb

解决办法：

wgethttp://pypi.python.org/packages/source/s/setuptools/setuptools-0.6c11.tar.gz tarzxvfsetuptools-0.6c11.tar.gz cdsetuptools-0.6c11 python26setup.pybuild python26setup.pyinstall wgethttp://cdnetworks-kr-2.dl.sourceforge.net/project/mysql-python/mysql-python/1.2.3/MySQL-python-1.2.3.tar.gz tarzxvfMySQL-python-1.2.3.tar.gz cdMySQL-python-1.2.3 python26setup.pybuild python26setup.pyinstall

如果出现如下错误，是因为没有安装setuptools。应该先装setuptools，再装MySQL-python。

错误：

Traceback (most recent call last): File setup.py , line 5, in ? from setuptools import setup, ExtensionImportError: No module named setuptools

测试

执行start.sh后，查看是否正常运行。

在客户机上进行远程登录

[root@localhost ~]# ssh root@192.168.211.147 -p 2222The authenticity of host ‘192.168.211.147 (192.168.211.147)’ can’t be established.RSA key fingerprint is 28:a5:58:10:78:39:ee:ed:69:1c:9e:c1:b8:9f:81:57.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘192.168.211.147’ (RSA) to the list of known hosts.Password:hello:~# whoami roothello:~# pwd /roothello:~# usert bash: usert: command not found hello:~# uname -r Linuxhello:~# uname -ra Linuxhello:~# uname -a Linux hello 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009 i686 GNU/Linux

有点不好的是backspa键不好用，而且很多地方和真实机还是存在差异的，很多命令都不支持。比如我创建一个用户就相当的麻烦。

四.通过日志或数据库查看记录

tail -10 kippo-0.5/log/kippo.log

或者

到了这里，基本上就大功告成了。

安装参考文档：http://www.howtoforge.com/how-to-set-up-kippo-ssh-honeypot-on-centos-5.5

http://sh4rk.6.ql.bz/?p=593

离开睁眼闭眼看见的城市，逃离身边的纷纷扰扰，