There are a lot of guides out there that advise you on how to install kippo on Ubuntu and Debian servers but very few complete guides on how to get Kippo HoneyPot working with a CentOS WHM/cPanel server.
This tutorial assumes the following:
1) You have root
2) Its CentOS 6.4 with WHM/cPanel installed
Phase 1. Change the default SSH port
First think you need to do is change the default port you SSH in on. You should be doing this by default for security reasons. Its stops 99% of SSH brute force hacking attempts.
To do this you need to edit:
# nano /etc/ssh/sshd_config
You need to change the default to a high number random port:
Port 26903
Save the file and restart you SSH service. You may need to relogin.
Phase 2 - Create a user for kippo.
I want to be able to look at graphs, so I create a user in WHM. The username I create is also going to be the username that runs the Kippo HoneyPot. Once the user is created in cPanel, login to cPanel and create a MySQL database and a MySQL username. Add the user to the database. It is advisable you download a copy of Kippo and using PHPMyAdmin import the sql file that comes with Kippo (You can find the sql file in the doc directory).
Phase 3 - Install requirements
As root, install Twisted packages
# yum install twisted
When I tried to run Kippo with a MYSQL database connection, I kept getting the following error:
"Failed to load application: No module named MySQLdb". When I tried installing the package through yum I got, "No package MySQL-python available.". So what I did was download the file directly :
https://pypi.python.org/pypi/MySQL-python/1.2.5
Unzip the file:
# unzip MySQL-python-1.2.5.zip
And run the following commands:
# cd MySQL-python-1.2.5
# python setup.py build
# python setup.py install
Phase 4- Download and configure Kippo
SSH into your server as your Kippo username. Download Kippo (be sure to download the latest version) :
# wget https://kippo.googlecode.com/files/kippo-0.8.tar.gz
Unzip the file:
# tar -xvf kippo-0.8.tar.gz
# cd kippo-0.8
Then you need to edit your Kippo config file
# nano kippo.cfg
Most of the default configuration settings should be fine. However you are going to want to change the mysql settings to reflect the mysql username and database you created in cPanel earlier. Save the file and you should be ready to run kippo.
Assuming you did everything I recommended you should get something like this:
Phase 5 - Firewall redirection
We have Kippo running but right now its only running on port 2222. Since we changed the default port earlier we can now use that port. So what we want to do is create a firewall rule that redirects port 22 to port 2222. As root you do this by running the following command:
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222
It is important the eth0 is the network interface you want to run Kippo on.
Phase 6 - Graphs
If you are like me and want cool graphs to quickly get an overview on what is happening with your honeypot, you can download kippo-graphs:
http://bruteforce.gr/kippo-graph
Install it in your public_html directory and change the config file so it points to where you have kippo and be sure to include the MySQL database credentials you created earlier. Browsing to that directory should display some useful graphs:
This tutorial assumes the following:
1) You have root
2) Its CentOS 6.4 with WHM/cPanel installed
Phase 1. Change the default SSH port
First think you need to do is change the default port you SSH in on. You should be doing this by default for security reasons. Its stops 99% of SSH brute force hacking attempts.
To do this you need to edit:
# nano /etc/ssh/sshd_config
You need to change the default to a high number random port:
Port 26903
Save the file and restart you SSH service. You may need to relogin.
Phase 2 - Create a user for kippo.
I want to be able to look at graphs, so I create a user in WHM. The username I create is also going to be the username that runs the Kippo HoneyPot. Once the user is created in cPanel, login to cPanel and create a MySQL database and a MySQL username. Add the user to the database. It is advisable you download a copy of Kippo and using PHPMyAdmin import the sql file that comes with Kippo (You can find the sql file in the doc directory).
Phase 3 - Install requirements
As root, install Twisted packages
# yum install twisted
When I tried to run Kippo with a MYSQL database connection, I kept getting the following error:
"Failed to load application: No module named MySQLdb". When I tried installing the package through yum I got, "No package MySQL-python available.". So what I did was download the file directly :
https://pypi.python.org/pypi/MySQL-python/1.2.5
Unzip the file:
# unzip MySQL-python-1.2.5.zip
And run the following commands:
# cd MySQL-python-1.2.5
# python setup.py build
# python setup.py install
Phase 4- Download and configure Kippo
SSH into your server as your Kippo username. Download Kippo (be sure to download the latest version) :
# wget https://kippo.googlecode.com/files/kippo-0.8.tar.gz
Unzip the file:
# tar -xvf kippo-0.8.tar.gz
# cd kippo-0.8
Then you need to edit your Kippo config file
# nano kippo.cfg
Most of the default configuration settings should be fine. However you are going to want to change the mysql settings to reflect the mysql username and database you created in cPanel earlier. Save the file and you should be ready to run kippo.
Assuming you did everything I recommended you should get something like this:
# ./start.shCongradulations! Kippo should be running.
Starting kippo in background...Removing stale pidfile /home/kippouser/kippo/kippo.pid
/usr/lib64/python2.6/site-packages/twisted/conch/ssh/keys.py:13: DeprecationWarning: the sha module is deprecated; use the hashlib module instead
import sha, md5
/usr/lib64/python2.6/site-packages/twisted/conch/ssh/keys.py:13: DeprecationWarning: the md5 module is deprecated; use hashlib instead
import sha, md5
Loading dblog engine: mysql
# ps -ax | grep "kippo"
484614 pts/2 S 0:00 su kippo
484660 ? Sl 0:00 /usr/bin/python /usr/bin/twistd -y kippo.tac -l log/kippo.log --pidfile kippo.pid
485746 pts/2 S+ 0:00 grep kippo
Phase 5 - Firewall redirection
We have Kippo running but right now its only running on port 2222. Since we changed the default port earlier we can now use that port. So what we want to do is create a firewall rule that redirects port 22 to port 2222. As root you do this by running the following command:
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222
It is important the eth0 is the network interface you want to run Kippo on.
Phase 6 - Graphs
If you are like me and want cool graphs to quickly get an overview on what is happening with your honeypot, you can download kippo-graphs:
http://bruteforce.gr/kippo-graph
Install it in your public_html directory and change the config file so it points to where you have kippo and be sure to include the MySQL database credentials you created earlier. Browsing to that directory should display some useful graphs:
