上周去听了一下51cto的第四期沙龙,主要讲蜜罐系统和追踪黑客这两块.在听蜜罐系统的时候,学到个新技术:kippo.kippo是什么了?kippo和honeyd都是蜜罐系统. 刚研究过honeyd, 对kippo很感兴趣.刚好有时间就装了一下kippo.
下面看过程:
实验环境:rhel5/centos5.5
一:需要的软件包
python需要2.5或2.6版本的,我这里用的是2.6的.
python26-2.6-geekymedia1.i386.rpm
python26-2.6-geekymedia1.src.rpm
python26-debuginfo-2.6-geekymedia1.i386.rpm
python26-devel-2.6-geekymedia1.i386.rpm
python26-libs-2.6-geekymedia1.i386.rpm
python26-test-2.6-geekymedia1.i386.rpm
python26-tools-2.6-geekymedia1.i386.rpm
tkinter26-2.6-geekymedia1.i386.rpm
Twisted-10.2.0.tar.bz2
zope.interface-3.3.0.tar.gz
pycrypto-2.0.1.tar.gz
pyasn1-0.0.12a.tar.gz
把所有文件保存到/tmp/haha中.(大家可自己定义)
二:安装软件包
1.安装python包
rpm -ivh *.rpm
出错:libTix8.4.so is needed by tkinter26-2.6-geekymedia1.i386
解决:yum install tix tcl tk
2.安装其它包
- tar -xvf Twisted-10.2.0.tar.bz2
- cd Twisted-10.2.0
- python26 setup.py build
- python26 setup.py install
- tar -xvf zope.interface-3.3.0.tar.gz
- cd zope.interface-3.3.0
- python26 setup.py build
- python26 setup.py install
- tar -xvf pycrypto-2.0.1.tar.gz
- cd pycrypto-2.0.1
- python26 setup.py build
- python26 setup.py install
- tar -xvf pyasn1-0.0.12a.tar.gz
- cd pyasn1-0.0.12a
- python26 setup.py build
- python26 setup.py install
三.运行kippo
 ,kippo需要把数据存放到数据库中,单独创建一个kippo的库.
- mysql -uroot -p
- create database kippo;
- grant all privileges on kippo.* to kippo@''localhost'' identified by ''kippo'';
- flush privileges;
生成表
- cd kippo-0.5/doc/sql/
- mysql -u kippo -p kippo <mysql.sql
解压kippo
- tar zxvf kippo-0.5.tar.gz
- cd kippo-0.5
编辑kippo.cfg
- vi kippo.cfg
- cat kippo.cfg
内容如下:
[honeypot]
ssh_port = 2222 ---------->端口号(做好是默认的2222,我改了之后不成功,改成2222就可以了)
hostname = hello ---------->主机名
log_path = log
download_path = dl
contents_path = honeyfs
filesystem_file = fs.pickle
data_path = data
txtcmds_path = txtcmds
public_key = public.key
private_key = private.key
password = 123456 --------->ssh密码
[database_mysql]
host = localhost
database = kippo
username = kippo
password = kippo
现在就基本配置完了.
这里不要以root省份运行start.sh,不然会报错:
ERROR: You must not run kippo as root!
创建kippo用户,并给于权限
- useradd kippouser
- chown -R kippouser.kippouser /tmp/haha
以kippouser的身份运行
- su - kippouser
- ssh-keygen -t rsa
- mv private.key.pub public.key
[kippouser@node2 kippo-0.5]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kippouser/.ssh/id_rsa): ./private.key
Enter passphrase (empty for no passphrase): 这不填
Enter same passphrase again: 不填
Your identification has been saved in ./private.key.
Your public key has been saved in ./private.key.pub.
The key fingerprint is:
28:a5:58:10:7 |
