0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

CentOS6にKippoを入れてみた時の覚書

Last updated at Posted at 2018-08-15

CentOS6にKippoを入れてみた時の覚書

だいぶ前だけど、CentOS6にKippoを入れた時のメモ
cowrieに乗り換えるので、過去の覚書として残しておく
ダウンロード元について現在はgithubに移行しており、記載しているURLは404が返ってくる

環境

  • CentOS release 6.9 (Final)
  • kippo-0.8

パッケージのインストール

必要なパッケージをインストールしておく

$ sudo yum install python-devel,python-twisted,python-zope-interface,python-pyasn1,pycrypto

ユーザーの作成

kippoを起動するユーザを作成する
万が一kippoのバグで乗っ取られた場合を想定してrootでは起動しない

$ sudo useradd kippo

kippoの入手

基本的にダウンロードして解凍するだけ

$ sudo su - kippo
$ wget http://kippo.googlecode.com/files/kippo-0.8.tar.gz
$ tar zxvf kippo-0.8.tar.gz
$ cd kippo-0.8
$ ls
data  dl  doc  fs.pickle  honeyfs  kippo  kippo.cfg  kippo.tac  log  start.sh  txtcmds  utils

設定ファイルの修正

$ vi kippo.cfg 
# Hostname for the honeypot. Displayed by the shell prompt of the virtual
# environment.
#
# (default: nas3)
hostname = seagull		<= 修正

~~~省略~~~

# Fake address displayed as the address of the incoming connection.
# This doesn't affect logging, and is only used by honeypot commands such as
# 'w' and 'last'
#
# If not specified, the actual IP address is displayed instead (default
# behaviour).
#
# (default: not specified)
fake_addr = 192.168.99.100		<= コメントイン

~~~省略~~~

# Text based logging module
#
# While this is a database logging module, it actually just creates a simple
# text based log. This may not have much purpose, if you're fine with the
# default text based logs generated by kippo in log/
#
# To enable this module, remove the comments below, including the
# [database_textlog] line.

#[database_textlog]
logfile = kippo-textlog.log		<= コメントイン
$ 

起動

start.shを実行するだけ

$ ./start.sh 

デフォルトだとエラーがでて起動できなかったので修正

$ sudo vi /usr/lib64/python2.6/site-packages/Crypto/Util/number.py

~~~省略~~~

# You need libgmp v5 or later to get mpz_powm_sec.  Warn if it's not available.
#if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:
#    _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)u
	<= コメントアウト


~~~省略~~~

# Use the accelerator if available
#    if _fastmath is not None:
#        return _fastmath.getStrongPrime(long(N), long(e), false_positive_prob,
#            randfunc)
	<= コメントアウト


~~~省略~~~

$ 

起動後にエラーがでてうまくログをとれていなかったので修正

$ vi /home/kippo/kippo-0.8/kippo/core/honeypot.py
~~~省略~~~
from copy import deepcopy, copy
#import sys, os, random, pickle, time, stat, shlex, anydbm
import sys, os, random, pickle, time, stat, shlex, anydbm, struct	<= 修正
~~~省略~~~
    def resume(self):
        self.honeypot.setInsertMode()
        self.runCommand()

        if (self.honeypot.execcmd != None):
            return	<= 追記
~~~省略~~~
class HoneyPotProtocol(recvline.HistoricRecvLine):
    #def __init__(self, user, env):
    def __init__(self, user, env, execcmd = None):	<= 修正
        self.user = user
        self.env = env
        self.execcmd = execcmd 	<= 追記
~~~省略~~~
        self.keyHandlers.update({
            '\x04':     self.handle_CTRL_D,
            '\x15':     self.handle_CTRL_U,
            '\x03':     self.handle_CTRL_C,
            '\x09':     self.handle_TAB,
            })

        if self.execcmd != None:
            print 'Running exec cmd "%s"' % self.execcmd
            self.cmdstack[0].lineReceived(self.execcmd)
            self.terminal.transport.session.conn.sendRequest(self.terminal.transport.session, 'exit-status', struct.pack('>L', 0))
            self.terminal.transport.session.conn.sendClose(self.terminal.transport.session)
            self.execcmd = None
            return
            # self.terminal.transport.session.conn.sendEOF(self)
            # self.terminal.transport.session.conn.transport.loseConnection()	<= 追記
~~~省略~~~
    def execCommand(self, protocol, cmd):
        cfg = config()
        if cfg.has_option('honeypot', 'exec_enabled'):
            if ( cfg.get('honeypot', 'exec_enabled') != "true" ):
                print 'exec disabled not executing command: "%s"' % cmd
                raise os.OSError
 
        print 'Executing command: "%s"' % cmd
        serverProtocol = LoggingServerProtocol(HoneyPotProtocol, self, self.env, cmd)
        serverProtocol.makeConnection(protocol)
        protocol.makeConnection(session.wrapProtocol(serverProtocol))	<= 追記
        raise NotImplementedError	<= 削除
~~~省略~~~
$ 
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?