Difference between revisions of "Installing Glastopf web honeypot on Ubuntu Server 12.04"

From Zam Wiki
Jump to: navigation, search
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
  
 
Install the dependencies
 
Install the dependencies
<syntaxhighlight lang=text>
+
sudo apt-get update
sudo apt-get update
+
sudo apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make liblapack-dev libmysqlclient-dev python-chardet python-requests python-sqlalchemy python-lxml python-beautifulsoup mongodb python-pip python-dev python-numpy python-setuptools python-numpy-dev python-scipy libatlas-dev g++ git php5 php5-dev gfortran
 
+
sudo apt-get install libxml2-dev libxslt1-dev python-dev python-lxml libffi-dev
sudo apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make liblapack-dev libmysqlclient-dev python-chardet python-requests python-sqlalchemy python-lxml python-beautifulsoup mongodb python-pip python-dev python-numpy python-setuptools python-numpy-dev python-scipy libatlas-dev g++ git php5 php5-dev gfortran
+
sudo pip install --upgrade distribute
 
+
sudo pip install --upgrade gevent webob pyopenssl chardet lxml sqlalchemy jinja2 beautifulsoup requests cssselect pymongo MySQL-python pylibinjection libtaxii greenlet psutil
sudo apt-get install libxml2-dev libxslt1-dev python-dev python-lxml libffi-dev
 
 
 
sudo pip install --upgrade distribute
 
 
 
sudo pip install --upgrade gevent webob pyopenssl chardet lxml sqlalchemy jinja2 beautifulsoup requests cssselect pymongo MySQL-python pylibinjection libtaxii greenlet psutil
 
</syntaxhighlight>
 
  
 
== Install and configure the PHP sandbox ==
 
== Install and configure the PHP sandbox ==

Latest revision as of 20:21, 28 May 2014

Prerequisites

Install the dependencies

sudo apt-get update
sudo apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make liblapack-dev libmysqlclient-dev python-chardet python-requests python-sqlalchemy python-lxml python-beautifulsoup mongodb python-pip python-dev python-numpy python-setuptools python-numpy-dev python-scipy libatlas-dev g++ git php5 php5-dev gfortran
sudo apt-get install libxml2-dev libxslt1-dev python-dev python-lxml libffi-dev
sudo pip install --upgrade distribute
sudo pip install --upgrade gevent webob pyopenssl chardet lxml sqlalchemy jinja2 beautifulsoup requests cssselect pymongo MySQL-python pylibinjection libtaxii greenlet psutil

Install and configure the PHP sandbox

Download using git:

cd /opt
sudo git clone git://github.com/glastopf/BFR.git
cd BFR
sudo phpize
sudo ./configure --enable-bfr
sudo make && sudo make install

Open the php.ini file and add bfr.so accordingly to the build output:

zend_extension = /usr/lib/php5/20090626+lfs/bfr.so

Install glastopf

Install latest stable release from pip:

sudo pip install glastopf

Or install latest development version from the repository:

cd /opt
sudo git clone https://github.com/glastopf/glastopf.git
cd glastopf
sudo python setup.py install

Configuration

Prepare glastopf environment:

cd /opt
sudo mkdir glastopf
cd glastopf
sudo glastopf-runner

A new default glastopf.cfg has been created in glastopf, which can be customized as required.

Testing the Honeypot

Start Glastopf (from your 'myhoneypot' directory):

sudo glastopf-runner

Use your web browser to visit your honeypot. You should see the following output on your command line:

2013-05-21 08:34:08,129 (glastopf.glastopf) Initializing Glastopf using "/opt/myhoneypot" as work directory.
2013-05-21 08:34:08,130 (glastopf.glastopf) Connecting to main database with: sqlite:///db/glastopf.db
2013-05-21 08:34:08,152 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connecting to feed broker.
2013-05-21 08:34:08,227 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connected to hpfeed broker.
2013-05-21 08:34:11,265 (glastopf.glastopf) Glastopf started and privileges dropped.

Advance

Upgrade

You can upgrade glastopf (if you instaling using pip) by running this command:

pip install --upgrade glastopf

Google Index

As described above, we can "advertise" our glastopf "weaknesses" to Google (for Google Dorks). So that attackers are aware of your honeypot, you must include your web server in the Google index.

Enter the glastopf URL to [Google Webmaster Tools] to register your web site for Google bot crawl. Now, just sit back and wait for the first attacks shows...

Log to MySQL

If you prefer a MySQL database instead of SQLite, install a MySQL server:

sudo apt-get install mysql-server python-mysqldb

Then create new db & user with its privileges:

mysql -u root -p

mysql> create database glaspot;
Query OK, 1 row affected (0.00 sec)

mysql> create user 'glaspot'@'localhost' identified by 'glaspot';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on glaspot.* to 'glaspot'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye

During the installation of the system and the user account you are prompted for a password. Make sure you use a strong password, because the database is in an open network.

Configure glastopf.conf file

We need to configure the glastopf.conf file that located at /opt/glastopf. Inside this file, there are many setting that you can change accordingly.

  • First, we change our glastopf to run at port 80 instead of port 8080:

Beware: Please ensure you not running apache service at port 80. Bind it to another port.

[webserver]
host = 0.0.0.0
port = 80
uid = nobody
gid = nogroup
proxy_enabled = False

We do this to make our honeypot to look like real web app.

  • Change the database option to log to mysql instead to sqlite:
[main-database]
#If disabled a sqlite database will be created (db/glastopf.db)
#to be used as dork storage.
enabled = True
#mongodb or sqlalchemy connection string, ex:
#mongodb://localhost:27017/glastopf
#mongodb://james:[email protected]:27017/glastopf
#mysql://james:[email protected]/glastopf
#connection_string = sqlite:///db/glastopf.db
connection_string = mysql://glaspot:[email protected]/glaspot

Fire Up!

  • Start your glastopf by run this command on your terminal:
cd /opt/glastopf/
python /usr/local/bin/glastopf-runner

If you want to run glastopf at background, run with this argument:

cd /opt/glastopf/
python /usr/local/bin/glastopf-runner > /dev/null 2>&1 &

Troubleshooting

  • If you get this kind of error:
fatal error: libinjection.h: No such file or directory

during the glastopf installation, please do this:

cd /opt
sudo git clone --recursive https://github.com/glastopf/pylibinjection.git
cd /opt/pylibinjection
sudo python setup.py build
sudo python setup.py install

Then try to run the glastopf setup again.

blog comments powered by Disqus