Difference between revisions of "Installing Glastopf web honeypot on Ubuntu Server 14.04"
From Zam Wiki
(Created page with " = Prerequisites = Install the dependencies apt-get update apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make liblapack-...") |
|||
Line 26: | Line 26: | ||
Open the php.ini file and add bfr.so accordingly to the build output: | Open the php.ini file and add bfr.so accordingly to the build output: | ||
− | zend_extension = /usr/lib/php5/ | + | zend_extension = /usr/lib/php5/20121212/bfr.so |
== Download glastopf source code from git == | == Download glastopf source code from git == |
Latest revision as of 15:20, 3 November 2014
Prerequisites
Install the dependencies
apt-get update apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make liblapack-dev libmysqlclient-dev python-chardet python-requests python-sqlalchemy python-lxml python-beautifulsoup mongodb python-pip python-dev python-numpy python-setuptools python-numpy-dev python-scipy libatlas-dev g++ git php5 php5-dev gfortran mysql-server python-mysqldb libxml2 libxslt-dev libffi-dev -y pip install --upgrade distribute pip install --upgrade gevent webob pyopenssl chardet lxml sqlalchemy jinja2 beautifulsoup requests requires cssselect pymongo MySQL-python pylibinjection libtaxii greenlet
Install HpFeeds
cd /opt git clone https://github.com/rep/hpfeeds.git cd hpfeeds python setup.py build python setup.py install
Install and configure the PHP sandbox
Download using git:
cd /opt git clone git://github.com/glastopf/BFR.git cd BFR sudo phpize sudo ./configure --enable-bfr sudo make sudo make install
Open the php.ini file and add bfr.so accordingly to the build output:
zend_extension = /usr/lib/php5/20121212/bfr.so
Download glastopf source code from git
cd /opt sudo git clone https://github.com/glastopf/glastopf.git
Install Pylinjection
cd /opt git clone --recursive https://github.com/glastopf/pylibinjection.git rm /opt/pylibinjection/src/pylibinjection.c cd pylibinjection/ python setup.py build python setup.py install
Install distribute manually
sudo rm -rf /usr/local/lib/python2.7/dist-packages/distribute-0.7.3-py2.7.egg-info/ sudo rm -rf /usr/local/lib/python2.7/dist-packages/setuptools*
cd /opt sudo wget https://pypi.python.org/packages/source/d/distribute/distribute-0.6.35.tar.gz sudo tar -xzvf distribute-0.6.35.tar.gz cd distribute-0.6.35 sudo python setup.py build sudo python setup.py install
Install glastopf
cd /opt/glastopf sudo python setup.py build sudo python setup.py install
Configuration
Prepare glastopf environment:
cd /opt sudo mkdir glaspot cd glaspot sudo glastopf-runner
A new default glastopf.cfg has been created in glastopf, which can be customized as required.
Testing the Honeypot
Start Glastopf (from your 'myhoneypot' directory):
sudo glastopf-runner
Use your web browser to visit your honeypot. You should see the following output on your command line:
2013-05-21 08:34:08,129 (glastopf.glastopf) Initializing Glastopf using "/opt/myhoneypot" as work directory. 2013-05-21 08:34:08,130 (glastopf.glastopf) Connecting to main database with: sqlite:///db/glastopf.db 2013-05-21 08:34:08,152 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connecting to feed broker. 2013-05-21 08:34:08,227 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connected to hpfeed broker. 2013-05-21 08:34:11,265 (glastopf.glastopf) Glastopf started and privileges dropped.
Advance
Google Index
As described above, we can "advertise" our glastopf "weaknesses" to Google (for Google Dorks). So that attackers are aware of your honeypot, you must include your web server in the Google index.
Enter the glastopf URL to [Google Webmaster Tools] to register your web site for Google bot crawl. Now, just sit back and wait for the first attacks shows...
Log to MySQL
If you prefer a MySQL database instead of SQLite, install a MySQL server:
sudo apt-get install mysql-server python-mysqldb
Then create new db & user with its privileges:
mysql -u root -p mysql> create database glaspot; Query OK, 1 row affected (0.00 sec) mysql> create user 'glaspot'@'localhost' identified by 'glaspot'; Query OK, 0 rows affected (0.00 sec) mysql> grant all privileges on glaspot.* to 'glaspot'@'localhost'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> exit Bye
During the installation of the system and the user account you are prompted for a password. Make sure you use a strong password, because the database is in an open network.
Configure glastopf.conf file
We need to configure the glastopf.conf file that located at /opt/glastopf. Inside this file, there are many setting that you can change accordingly.
- First, we change our glastopf to run at port 80 instead of port 8080:
Beware: Please ensure you not running apache service at port 80. Bind it to another port.
[webserver] host = 0.0.0.0 port = 80 uid = nobody gid = nogroup proxy_enabled = False
We do this to make our honeypot to look like real web app.
- Change the database option to log to mysql instead to sqlite:
[main-database] #If disabled a sqlite database will be created (db/glastopf.db) #to be used as dork storage. enabled = True #mongodb or sqlalchemy connection string, ex: #mongodb://localhost:27017/glastopf #mongodb://james:bond@localhost:27017/glastopf #mysql://james:[email protected]/glastopf #connection_string = sqlite:///db/glastopf.db connection_string = mysql://glaspot:glaspot@localhost/glaspot
Fire Up!
- Start your glastopf by run this command on your terminal:
cd /opt/glastopf/ python /usr/local/bin/glastopf-runner
If you want to run glastopf at background, run with this argument:
cd /opt/glastopf/ python /usr/local/bin/glastopf-runner & disown
Troubleshooting
- If you get this kind of error:
fatal error: libinjection.h: No such file or directory
during the glastopf installation, please do this:
sudo git clone --recursive https://github.com/glastopf/pylibinjection.git sudo rm /opt/pylibinjection/src/pylibinjection.c cd pylibinjection/ sudo python setup.py build sudo python setup.py install
Then try to run the glastopf setup again.