Kippo是一个虚拟的交互式的SSH环境模拟,以Python 语言编写,攻击者连接ssh时会被欺骗到蜜罐中,攻击者的口令
猜测记录、执行命令、下载文件和IP地址都会被记录下来。
安装要求:
# Python 2.5+
# Twisted 8.0+
# PyCrypto
# Zope Interface yum安装Python26,rpm安装请参考:http://www.geekymedia.com/tech-articles/rhel5-centos5-rpms-for-python-2-5-and-2-6/
yum -y install python26 python26-devel安装Twisted:
cd /usr/local/src/
wget http://twistedmatrix.com/Releases/Twisted/10.2/Twisted-10.2.0.tar.bz2
tar -xvf Twisted-10.2.0.tar.bz2
cd Twisted-10.2.0
python26 setup.py build
python26 setup.py install
cd ../安装zope:
wget http://www.zope.org/Products/ZopeInterface/3.3.0/zope.interface-3.3.0.tar.gz
tar -xvf zope.interface-3.3.0.tar.gz
cd zope.interface-3.3.0
python26 setup.py build
python26 setup.py install
cd ../安装pycrypto:
wget https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.0.1.tar.gz
tar zxvf pycrypto-2.0.1.tar.gz
cd pycrypto-2.0.1
python26 setup.py build
python26 setup.py install
cd ../安装pyasn1:
wget http://sourceforge.net/projects/pyasn1/files/pyasn1/0.0.13/pyasn1-0.0.13.tar.gz
tar zxvf pyasn1-0.0.13.tar.gz
cd pyasn1-0.0.13
python26 setup.py build
python26 setup.py install
cd ../Centos6安装以上环境比较简单:
yum install twisted python-zope-interface python-pyasn1Kippo安装,以非root用户运行:
useradd kippo
su -l kippo
wget http://kippo.googlecode.com/files/kippo-0.5.tar.gz
tar zxvf kippo-0.5.tar.gz
cd kippo-0.5
./start.sh kippo默认监听2222端口,可以更改ssh端口为非22,利用iptables重定向端口2222到22:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222kippo配置文件:
kippo.cfg 登录及命令记录日志:
kippo.log 标签:centos, ssh, 蜜罐, centos安装ssh蜜罐kippo