Cowrie ແມ່ນ Honeypot ສຳລັບເກັບ Log ຂອງ SSH ແລະ TELNETຈາກການໂຈມຕີ ຂອງຜູ້ບໍ່ຫວັງດີ ມີຂັ້ນຕອນການຕິດຕັ້ງ ດັ່ງນີ້:
1. ຕິດຕັ້ງ dependencies ຕ່າງໆ
sudo apt-get install git python-virtualenv libssl-dev libffi-dev build-essential libpython-dev python2.7-minimal authbind
2. ສ້າງຊື່ຜູ້ໃຊ້ໃຫ້ Cowrie
sudo adduser --disabled-password cowrie
ຜົນອອກມາ
Adding user `cowrie’ …
Adding new group `cowrie’ (1002) …
Adding new user `cowrie’ (1002) with group `cowrie’ …
Changing the user information for cowrie
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
sudo su - cowrie
3. Checkout the code
git clone http://github.com/micheloosterhof/cowrie
Cloning into ‘cowrie’…
remote: Counting objects: 2965, done.
remote: Compressing objects: 100% (1025/1025), done.
remote: Total 2965 (delta 1908), reused 2962 (delta 1905), pack-reused 0
Receiving objects: 100% (2965/2965), 3.41 MiB | 2.57 MiB/s, done.
Resolving deltas: 100% (1908/1908), done.
Checking connectivity… done.
ແລ້ວເຂົ້າຫາໂຟນເດີ cowrie
cd cowrie
4. ຕັ້ງຄ່າ Virtual Environment
ເບີ່ງ path
pwd
/home/cowrie/cowrie
ໃຊ້ຄຳສັ່ງ
virtualenv cowrie-env
ຜົນອອກມາ
New python executable in ./cowrie/cowrie-env/bin/python
Installing setuptools, pip, wheel…done.
ເປີດ virtual environment ແລະ ຕິດຈັ້ງ packages
source cowrie-env/bin/activate (cowrie-env) $ pip install -r requirements.txt
5. ຕິດຕັ້ງ configuration file
ໄຟລ config ຊອງ cowrie ແມ່ນ cowrie.cfg.dist ແລະ cowrie.cfg ສະນັ້ນສ້າງໄຟລ cowrie.cfg ແລະ ເພີ່ມ
[telnet] enabled = true
6. ສ້າງ DSA key
ຂັ້ນຕອນນີ້ ອາດບໍ່ຈຳເປັນ ແຕ່ບາງເວິຊັນຂອງ twisted ອາດບໍ່ເຂົ້າກັນໄດ້ ເພື່ອຫລິກຫລ້ຽງບັນຫາ
$ cd data $ ssh-keygen -t dsa -b 1024 -f ssh_host_dsa_key $ cd ..
7. Turning on cowrie
# or another path to the top-level cowrie folder $ export PYTHONPATH=/home/cowrie/cowrie
Start Cowrie with the cowrie command.
$ bin/cowrie start Activating virtualenv "cowrie-env" Starting cowrie with extra arguments [] ...
8. ກຳນົດ Port redirection
ໂດຍປົກກະຕີ Cowrie ແລ່ນໂດຍໃຊ້ port 2222 ສະນັ້ນເຮົາກຳນົດດ້ວຍ firewall ເພື່ອ ສົ່ງຂໍ້ມູນທັງໝົດທີ່ເຂົ້າໃຫ້ Port 22 ໄປຫາ Port 2222
sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
ສະນັ້ນທ່ານຄວນທົດສອບລະບົບນີ້ ຈາກເຄື່ອງອື່ນ ເພາະມັນບໍ່ສາມາດໃຊ້ການເຊື່ອມຕໍ່ຢ້ອນກັບ ສະນັ້ນເຮົາມີອີກທາງເລືອກໜຶ່ງ ໂດຍການຕັ້ງ authbind
ມີຂັ້ນຕອນຄື
$ apt-get install authbind $ touch /etc/authbind/byport/22 $ chown cowrie:cowrie /etc/authbind/byport/22 $ chmod 770 /etc/authbind/byport/22
ຫລື ສຳລັບ Telnet
$ apt-get install authbind $ sudo touch /etc/authbind/byport/23 $ sudo chown cowrie:cowrie /etc/authbind/byport/23 $ sudo chmod 770 /etc/authbind/byport/23
- Edit bin/cowrie and modify the AUTHBIND_ENABLED setting
- Change listen_port to 22 in cowrie.cfg
Source: https://github.com/micheloosterhof/cowrie/blob/master/INSTALL.md
