Installation of the Webhoneypot
2010-01-12 21:50
555 查看
http://sites.google.com/site/webhoneypotsite/home/installation-of-the-webhoneypot
Supported Operating Systems
The Webhoneypot should work on all operating systems with a Webserver capable of PHP and something like mod_rewrite or mod_alias and PHP5 including commandline-supportPackages
Packages are available for some operatingsystemsDebian:
Install Debian Ubuntu: Install Debian
First Thoughts
The first thing you need to decide is if you wish to install it on a dedicate domain (using virtual hosts) or in a subdirectory. Recommendation is to use a dedicated domain.There are several considerations:
adding a new virtual host usually requires administrative privileges for the server (this might not always be the case, since in some cases you might have the ability to add new virtual hosts trough a web interface like cPanel).
adding a new virtual host requires you to posess a given domain. You can circumvent this requirement by using a dynamic DNS provider (which gives you a free DNS name) or by using a subdomain
using the honeypot in a subdirectory is a security risk. While we try our best to make sure that our code is secure, you might want to reconsider deploying it in a production environment. One risk you might expose yourself to is XSS vulnerabilities in the served up templates. Even though we try hard to remove exploitable code from the templates, some things might slip through. This is also relevant to the subdomain scenario.
Prerequisites
Mandatory
a Webserver capable of PHP and something like mod_rewrite or mod_aliasPHP5 with commandline-support
This guide supposes that you already have functional webserver and PHP set up with your webserver. If you don't have PHP set up, please refer to the documentation of your webserver (or the documentation of PHP - http://www.php.net/install) on how to do so.
Optional
A dshield account. This can be configured after installation.Installation from source (tar or svn)
The installation from the tarball is the most flexible version - but most things must be done manually. All installation tasks must normally be done as root/Administrator.*nix:
Dedicated Domain
Unpack the archive (tar -xzf <tarfile>, unzip <zip>) e.g. to /opt/webhoneypotFor security reasons, the honeypot checks if the used directories (templates, lib, log, etc) are outside of the document root. Keep this in mind when extracting it (ie. you should extract it somewhere other than the document root for your webserver)
Set the appropriate permissions (see table below)
Configure your webserver with the document root pointing to the html-directory or copy the index.php file to the present document root. Modify $sBaseDir if needed: see here.
Configure your Rewrite Rules:
Apache with mod_rewrite here
Apache with mod_alias here
lighttpd here
nginx here
Run lib/config.php
Filessystem Linux (e.g. below /opt/webhoneypot):
Directory | Contents | Description |
---|---|---|
Html | index.php | This directory is the DOCUMENT_ROOT |
Logs | Logfiles | This Directory may be linked e.g. to /var/log/webhoneypot or configured with config.local (see below) |
Etc | config.local | This Directory may be linked to /etc/webhoneypot |
templates | template files and directories | |
Lib | config.php common_functions.php update-client.php | |
updates | update files |
owner:group | permissions | |
---|---|---|
all directories # all files Exceptions: logs html/index.php | root:root root:root www:www www:www | 755 644 640 440 |
Subdirectory, Subdomain
Remember the webhoneypot is optimized for virtual host usecase.Copy index.php from the "html" directory to the directory where you want to use it (you might also want to rename it to something else). Note: on systems which they support it, you might want to use a symlink to the original file, so that you can update it in one place and you don't have to remember updating it in all the places you've copied it to.
Modify $sBaseDir: see here
Installation IIS
Dedicated domain
It is recommended that you install the free IIS 7 URL rewriting module from Microsoft (http://blogs.iis.net/ruslany/archive/2008/11/10/url-rewrite-module-release-to-web.aspx ). It will work even without it, but having it installed can give a much more authentic looking result.Subdirectory
Remember the webhoneypot is optimized for virtual host usecase.Add a virtual directory pointing to the html directory of the honeypot
If you don't have the URL rewriting module installed, the URL will look like this: http://example.com/wh/index.php/PHPBB (where wh is assumed to be the name of the virtual directory)
If you have URL rewriting, add the following rule: pattern: .*, rewrite url: /wh/index.php
Modify $sBaseDir: see here
Subdomain
Remember the webhoneypot is optimized for virtual host usecase.Add a new site with the physical path set to the html directory
If you have URL rewriting, add the same rules as above
Modify $sBaseDir: see here
Non-Regular Base-Dir
Edit it and replace the $sBaseDir=realpath(dirname(__FILE__) . '/../'); line with the absolute path of your webhoneypot directory (the parent directory of html, lib, logs, etc). For example:$sBaseDir=”/opt/webhoneypot”; //for *nix $sBaseDir=”c://weboneypot”; //for windows
Configuration
Webhoneyport config.local
For a complete list of variable options within etc/config.local see Local Configuration Options.All user-configuration is done with etc/config.local. The syntax is as follows:
# this is a comment [config] # dshield username - mandatory userid=<dshield username (Email-Adress)> # password of user - one entry is mandatory - if password is provided the hash will be computed # and written to the log-file. copy it from the logfile to config.local and remove the # password-entry password=<password> hashpassword=<hashofpassoword> # path to logfiles (default:logs) logdir=<path to logdirectory> # loglevel (default: 1) # 1: error # 9: DEBUG loglevel=<loglevel>
Rewrite Rules
Configuration of various Webservers.Apache with mod_rewrite
Make sure that mod_rewrite is loaded (in many configuration it is not by default). You should see a line like the following in your apache configuration file: LoadModule rewrite_module modules/mod_rewrite.soAdd the following configuration options for mod_rewrite. They can be placed either in your apache configuration file directly or in a .htaccess file:
RewriteEngine on RewriteRule ^(?!index.php)(.*) index.php/$1
Apache with mod_alias
Mod_alias has the advantage of being enabled by default on more servers, however it cannot be configured from the .htaccess file (configuration must be done directly in the Apache configuration files), which makes this solution unfeasible if you don't have access to the configuration files. The needed configuration directive is:AliasMatch ^/.* /opt/webhoneypot/html/index.php # unix AliasMatch ^/.* C:/webhoneypot/html/index.php # windows
lighttpd
Enable the mod_rewrite module (make sure that it is present in the server.modules list and not commented out). Add the following configuration line:url.rewrite-once = ( "(.*.)" => "/index.php/$1" )
nginx
Quick tip: if you get "no input file specified" with nginx + fastcgi + PHP, check that fastcgi_param is set correctly. It should be set like this:fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name;
where /var/www/nginx-default is the document root for the particular site
Add the following rewrite rule:
rewrite ^/.* /index.php last;
IIS +mod-rewrite
Troubleshooting
No URL rewriting available
If URL rewriting is not available for your webserver, you still might be able to use the honeypot, because most webservers will traverse the path up until they find a part which is actionable. So for example, given the following url: http://example.com/wh.php/PHPBB/index.php, the webserver goes up the path until it arrives to wh.php and executes it. The honeypot is coded to handle this situationPermission Problems
If the user who extracted/installed the webhoneypot is not the same as the one the webserver is running under, you need the following permissions for the webserver user:read on etc
read on html/index.php
read on lib
read/write on logs
read on templates
相关文章推荐
- The Handbook of Human Factors in Web Design
- [Android] Use Jsoup to grab the web data and process the data with string.indexOf()
- The state of Web Components
- The server does not support version 3.1 of the JEE Web module specification.
- The web application [/HOTEL] created a ThreadLocal with key of type
- The content of element type "web-app" must match……问题之解决办法
- 《Syngress - The Basics of Web Hacking》Practice Result -Chapter1&Chapter2
- The Ultimate List Of Online Color Tools For Web Developers
- How Browsers Work:Behind the Scenes of Modern Web Browser(I)
- The Semantic Web : A Guide to the Future of XML, Web Services, and Knowledge Management
- The solution of html <input type = "file "> in webview not work
- What events are fired as part of the ASP.NET System.Web.UI.Page lifecycle?
- (转载)How browsers work--Behind the scenes of modern web browsers (前端必读)
- The Evolution of the web and web applications
- Determining the informational, navigational and transactional intent of web queries
- The content of element type "web-app" must match "(icon?,display-name?,description?,distributable?,c
- 前端必读:浏览器内部工作原理-How Browsers Work: Behind the Scenes of Modern Web Browsers
- 【转载】How browsers work--Behind the scenes of modern web browsers (前端必读)
- (System.Web.UI.HtmlControls.HtmlIframe) is not compatible with the type of control (System.Web.UI.Ht
- [Ubuntu] The action would require the installation of packages from not authenticated sources.