Monday 26 March 2012

Kippo SSH Honeypot on Ubuntu 11.04

Rough install guide:

sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get autoremove && sudo apt-get autoclean
sudo apt-get install subversion python-twisted-conch
sudo useradd -r -s /bin/false --uid 497 kippo
svn checkout http://kippo.googlecode.com/svn/trunk/ ./kippo
sudo mv kippo/ /opt/
cd /opt/kippo/
cp kippo.cfg.dist kippo.cfg
sudo chown -R kippo:kippo /opt/kippo

Upstart job:

/etc/init/kippo.conf
start on started networking

pre-start script
  iptables -N SSH_FAKE || iptables -F SSH_FAKE
  iptables -A INPUT -p tcp --dport 2222 -m state --state NEW -j SSH_FAKE
  iptables -A SSH_FAKE -m recent --name ssh_attempt --rcheck --seconds 60 --hitcount 3 -j DROP
  iptables -A SSH_FAKE -m recent --name ssh_attempt --set
end script

script
  exec start-stop-daemon -S -c kippo -d /opt/kippo -x /usr/bin/twistd -- -ny kippo.tac -l log/kippo.log
end script

post-stop script
  iptables -D INPUT -p tcp --dport 2222 -m state --state NEW -j SSH_FAKE || true
  iptables -F SSH_FAKE && iptables -X SSH_FAKE || true
end script

No comments:

Post a Comment