openvz实现的honeypot
2016-08-17 20:43
309 查看
Operating System:
• CentOS 5.4
Partitioning – 100GB hard drive
• / (system and scripts): 47Gb
• /vz (OpenVZ hosts): 50GB
IP Configuration
• eth0: Honeypots 10.0.1.[1-5]/16
• eth1: Management 10.1.1.[1-5]/16
• Default Gateway: 10.0.0.2
• DNS Server: 210.33.88.1
Administrator Account
• Login: root
• Password: admin123
OpenVZ Setup
1. Install OpenVZ:
yum install vzquota vzctl
2. Download the following OVZ Kernel:
http://download.openvz.org/kernel/branches/rhel5-2.6.18/028stab068.9/ovzkernel-2.6.18-164.15.1.el5.028stab068.9.i686.rpm
3. Install the OVZ Kernel
rpm –ivh ovzkernel-2.6.18-164.15.1.el5.028stab068.9.i686.rpm
4. Modify GRUB to make sure to boot the right kernel
OpenVZ Template
1. Download and copy in /vz/template/cache the template file fedora-12-x86.tar.gz:
http://download.openvz.org/template/precreated/unsupported/fedora-12-x86.tar.gz
To modify OpenVZ Template:
• Tar zxvf fedora-12-x86.tar.gz
• Modify filesystem…
• tar –numeric-owner –zcvf fedora-12-x86.tar.gz
• Place new file in /vz/template/cache
Sysctl (/etc/sysctl.conf)
• net.ipv4.ip_forward = 1
• net.ipv4.conf.default.proxy_arp = 0
• net.ipv4.conf.default.send_redirects = 1
• net.ipv4.conf.all.send_redirects = 0
• net.ipv4.icmp_echo_ignore_broadcasts = 1
• net.ipv4.conf.default.forwarding = 1
• kernel.panic = 1
Sebek
1. Untar archive , run sbk_install.sh and make sure to run it at boot
Sbk_install.sh contains the Sebek Server IP, MAC addresses and source/destination ports.
Scripts
• revert: Stop, back up and re-create honeypots. Sebek has to be disabled before!
• traffic_control: Apply traffic limitation on eth0
• install_ssh_key: Called during the honeypot deployment phase. Install the SSH keys to allow public key
Authentication from the Gateway to the honeypot. Used for the first session only.
o Copy authorized_keys in the honeypot’s user directory
• install_banner: Install the SSH banner to the honeypot. Called during the honeypot deployment phase.
o Copy one of the banner from ./banner directory to /etc/motd of the honeypot. Banner filename is the
honeypot type.
Crontab
## Every hour, update time with collector
0 * * * * /usr/sbin/ntpdate 10.1.0.1 2>&1
Autostart program
# Start Sebek Client
cd /cybercrime/sebek
./sbk_install.sh
# Start Traffic Contr
• CentOS 5.4
Partitioning – 100GB hard drive
• / (system and scripts): 47Gb
• /vz (OpenVZ hosts): 50GB
IP Configuration
• eth0: Honeypots 10.0.1.[1-5]/16
• eth1: Management 10.1.1.[1-5]/16
• Default Gateway: 10.0.0.2
• DNS Server: 210.33.88.1
Administrator Account
• Login: root
• Password: admin123
OpenVZ Setup
1. Install OpenVZ:
yum install vzquota vzctl
2. Download the following OVZ Kernel:
http://download.openvz.org/kernel/branches/rhel5-2.6.18/028stab068.9/ovzkernel-2.6.18-164.15.1.el5.028stab068.9.i686.rpm
3. Install the OVZ Kernel
rpm –ivh ovzkernel-2.6.18-164.15.1.el5.028stab068.9.i686.rpm
4. Modify GRUB to make sure to boot the right kernel
OpenVZ Template
1. Download and copy in /vz/template/cache the template file fedora-12-x86.tar.gz:
http://download.openvz.org/template/precreated/unsupported/fedora-12-x86.tar.gz
To modify OpenVZ Template:
• Tar zxvf fedora-12-x86.tar.gz
• Modify filesystem…
• tar –numeric-owner –zcvf fedora-12-x86.tar.gz
• Place new file in /vz/template/cache
Sysctl (/etc/sysctl.conf)
• net.ipv4.ip_forward = 1
• net.ipv4.conf.default.proxy_arp = 0
• net.ipv4.conf.default.send_redirects = 1
• net.ipv4.conf.all.send_redirects = 0
• net.ipv4.icmp_echo_ignore_broadcasts = 1
• net.ipv4.conf.default.forwarding = 1
• kernel.panic = 1
Sebek
1. Untar archive , run sbk_install.sh and make sure to run it at boot
Sbk_install.sh contains the Sebek Server IP, MAC addresses and source/destination ports.
Scripts
• revert: Stop, back up and re-create honeypots. Sebek has to be disabled before!
• traffic_control: Apply traffic limitation on eth0
• install_ssh_key: Called during the honeypot deployment phase. Install the SSH keys to allow public key
Authentication from the Gateway to the honeypot. Used for the first session only.
o Copy authorized_keys in the honeypot’s user directory
• install_banner: Install the SSH banner to the honeypot. Called during the honeypot deployment phase.
o Copy one of the banner from ./banner directory to /etc/motd of the honeypot. Banner filename is the
honeypot type.
Crontab
## Every hour, update time with collector
0 * * * * /usr/sbin/ntpdate 10.1.0.1 2>&1
Autostart program
# Start Sebek Client
cd /cybercrime/sebek
./sbk_install.sh
# Start Traffic Contr
相关文章推荐
- MVC Jquery 实现Checkbox全选
- 调用Google接口实现英汉翻译
- cp命令强制覆盖方式实现
- 一个Windows C++的线程池的实现
- 字符串处理是许多程序中非常重要的一部分,它们可以用于文本显示,数据表示,查找键和很多目的.在Unix下,用户可以使用正则表达式的强健功能实现这些 目的,从Java1.4起,Java核心API就引入了java.util.regex程序包,它是一种有价值的基础
- D2010 RTTI + Attribute 简单实现ORM
- Java中单链表的实现和单链表的反转(倒置)
- 动手实现数据库系统概要思路
- 编写自己的CMFCEditBrowseCtrl,实现打开指定类型的文件
- <四>基于Fourinone实现集群管理demo
- jsp传统自定义实现年月日输出格式
- android 实现左右拖动的网页焦点图
- js实现简单的计算器代码
- 实现以虚拟用户登录vsftps
- Win32全局钩子在Delphi下实现的关键技术
- 编程珠玑--第二章变位词程序的实现
- ajax实现原理
- 也谈qt中QMdiArea和QSubWindow(实现子窗口管理)
- 插入排序算法的PHP实现