There are a lot of guides out there that advise you on how to install kippo on Ubuntu and Debian servers but very few complete guides on how to get Kippo HoneyPot working with a CentOS WHM/cPanel server.
This tutorial assumes the following:
1) You have root
2) Its CentOS 6.4 with WHM/cPanel installed
Phase 1. Change the default SSH port
First think you need to do is change the default port you SSH in on. You should be doing this by default for security reasons. Its stops 99% of SSH brute force hacking attempts.
To do this you need to edit:
# nano /etc/ssh/sshd_config
You need to change the default to a high number random port:
Port 26903
Save the file and restart you SSH service. You may need to relogin.
Phase 2 - Create a user for kippo.
I want to be able to look at graphs, so I create a user in WHM. The username I create is also going to be the username that runs the Kippo HoneyPot. Once the user is created in cPanel, login to cPanel and create a MySQL database and a MySQL username. Add the user to the database. It is advisable you download a copy of Kippo and using PHPMyAdmin import the sql file that comes with Kippo (You can find the sql file in the doc directory).
Phase 3 - Install requirements
As root, install Twisted packages
# yum install twisted
When I tried to run Kippo with a MYSQL database connection, I kept getting the following error:
"Failed to load application: No module named MySQLdb". When I tried installing the package through yum I got, "No package MySQL-python available.". So what I did was download the file directly :
https://pypi.python.org/pypi/MySQL-python/1.2.5
Unzip the file:
# unzip MySQL-python-1.2.5.zip
And run the following commands:
# cd MySQL-python-1.2.5
# python setup.py build
# python setup.py install
Phase 4- Download and configure Kippo
SSH into your server as your Kippo username. Download Kippo (be sure to download the latest version) :
# wget https://kippo.googlecode.com/files/kippo-0.8.tar.gz
Unzip the file:
# tar -xvf kippo-0.8.tar.gz
# cd kippo-0.8
Then you need to edit your Kippo config file
# nano kippo.cfg
Most of the default configuration settings should be fine. However you are going to want to change the mysql settings to reflect the mysql username and database you created in cPanel earlier. Save the file and you should be ready to run kippo.
Assuming you did everything I recommended you should get something like this:
Phase 5 - Firewall redirection
We have Kippo running but right now its only running on port 2222. Since we changed the default port earlier we can now use that port. So what we want to do is create a firewall rule that redirects port 22 to port 2222. As root you do this by running the following command:
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222
It is important the eth0 is the network interface you want to run Kippo on.
Phase 6 - Graphs
If you are like me and want cool graphs to quickly get an overview on what is happening with your honeypot, you can download kippo-graphs:
http://bruteforce.gr/kippo-graph
Install it in your public_html directory and change the config file so it points to where you have kippo and be sure to include the MySQL database credentials you created earlier. Browsing to that directory should display some useful graphs:
This tutorial assumes the following:
1) You have root
2) Its CentOS 6.4 with WHM/cPanel installed
Phase 1. Change the default SSH port
First think you need to do is change the default port you SSH in on. You should be doing this by default for security reasons. Its stops 99% of SSH brute force hacking attempts.
To do this you need to edit:
# nano /etc/ssh/sshd_config
You need to change the default to a high number random port:
Port 26903
Save the file and restart you SSH service. You may need to relogin.
Phase 2 - Create a user for kippo.
I want to be able to look at graphs, so I create a user in WHM. The username I create is also going to be the username that runs the Kippo HoneyPot. Once the user is created in cPanel, login to cPanel and create a MySQL database and a MySQL username. Add the user to the database. It is advisable you download a copy of Kippo and using PHPMyAdmin import the sql file that comes with Kippo (You can find the sql file in the doc directory).
Phase 3 - Install requirements
As root, install Twisted packages
# yum install twisted
When I tried to run Kippo with a MYSQL database connection, I kept getting the following error:
"Failed to load application: No module named MySQLdb". When I tried installing the package through yum I got, "No package MySQL-python available.". So what I did was download the file directly :
https://pypi.python.org/pypi/MySQL-python/1.2.5
Unzip the file:
# unzip MySQL-python-1.2.5.zip
And run the following commands:
# cd MySQL-python-1.2.5
# python setup.py build
# python setup.py install
Phase 4- Download and configure Kippo
SSH into your server as your Kippo username. Download Kippo (be sure to download the latest version) :
# wget https://kippo.googlecode.com/files/kippo-0.8.tar.gz
Unzip the file:
# tar -xvf kippo-0.8.tar.gz
# cd kippo-0.8
Then you need to edit your Kippo config file
# nano kippo.cfg
Most of the default configuration settings should be fine. However you are going to want to change the mysql settings to reflect the mysql username and database you created in cPanel earlier. Save the file and you should be ready to run kippo.
Assuming you did everything I recommended you should get something like this:
# ./start.shCongradulations! Kippo should be running.
Starting kippo in background...Removing stale pidfile /home/kippouser/kippo/kippo.pid
/usr/lib64/python2.6/site-packages/twisted/conch/ssh/keys.py:13: DeprecationWarning: the sha module is deprecated; use the hashlib module instead
import sha, md5
/usr/lib64/python2.6/site-packages/twisted/conch/ssh/keys.py:13: DeprecationWarning: the md5 module is deprecated; use hashlib instead
import sha, md5
Loading dblog engine: mysql
# ps -ax | grep "kippo"
484614 pts/2 S 0:00 su kippo
484660 ? Sl 0:00 /usr/bin/python /usr/bin/twistd -y kippo.tac -l log/kippo.log --pidfile kippo.pid
485746 pts/2 S+ 0:00 grep kippo
Phase 5 - Firewall redirection
We have Kippo running but right now its only running on port 2222. Since we changed the default port earlier we can now use that port. So what we want to do is create a firewall rule that redirects port 22 to port 2222. As root you do this by running the following command:
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222
It is important the eth0 is the network interface you want to run Kippo on.
Phase 6 - Graphs
If you are like me and want cool graphs to quickly get an overview on what is happening with your honeypot, you can download kippo-graphs:
http://bruteforce.gr/kippo-graph
Install it in your public_html directory and change the config file so it points to where you have kippo and be sure to include the MySQL database credentials you created earlier. Browsing to that directory should display some useful graphs:
you can't install mysql packages with yum on cpanel because cpanel adds a mysql* line to the exclude line in /etc/yum.conf.
ReplyDeleteralph lauren factory store
ReplyDeletesalvatore ferragamo
christian louboutin outlet
polo shirts
new balance shoes
jordan 12
abercrombie and fitch outlet
tods outlet
michael kors purses cheap
dior outlet
ugg boots on sale 70% off
coach purses outlet
ugg boots on sale
coach handbags
salvatore ferragamo shoes
nike air jordan shoes
toms outlet
prada shoes
chanel outlet
nike outlet
burberry sale
ferragamo belts
jordan 6s
girls north face jackets
jordan 11
coach wallets
salomon shoes
timberland boots for women
juicy couture outlet
gucci shoes for men
canada goose coats
north face jackets for women
burberry handbags
nike nfl jresey
timberland shoes
north face outlet
michael kors outlet store
20151029yxj-2