http://wiki.khairulazam.net/index.php?title=Installing_Glastopf_web_honeypot_on_Ubuntu_Server_14.04&feed=atom&action=history
Installing Glastopf web honeypot on Ubuntu Server 14.04 - Revision history
2024-03-28T18:48:35Z
Revision history for this page on the wiki
MediaWiki 1.33.1
http://wiki.khairulazam.net/index.php?title=Installing_Glastopf_web_honeypot_on_Ubuntu_Server_14.04&diff=101&oldid=prev
Zam: /* Install and configure the PHP sandbox */
2014-11-03T07:20:42Z
<p><span dir="auto"><span class="autocomment">Install and configure the PHP sandbox</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 07:20, 3 November 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l26" >Line 26:</td>
<td colspan="2" class="diff-lineno">Line 26:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Open the php.ini file and add bfr.so accordingly to the build output:</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Open the php.ini file and add bfr.so accordingly to the build output:</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> zend_extension = /usr/lib/php5/<del class="diffchange diffchange-inline">20090626</del>/bfr.so</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> zend_extension = /usr/lib/php5/<ins class="diffchange diffchange-inline">20121212</ins>/bfr.so</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Download glastopf source code from git ==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Download glastopf source code from git ==</div></td></tr>
</table>
Zam
http://wiki.khairulazam.net/index.php?title=Installing_Glastopf_web_honeypot_on_Ubuntu_Server_14.04&diff=97&oldid=prev
Zam: Created page with " = Prerequisites = Install the dependencies apt-get update apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make liblapack-..."
2014-10-29T15:54:46Z
<p>Created page with " = Prerequisites = Install the dependencies apt-get update apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make liblapack-..."</p>
<p><b>New page</b></p><div><br />
= Prerequisites =<br />
<br />
Install the dependencies<br />
apt-get update<br />
apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make liblapack-dev libmysqlclient-dev python-chardet python-requests python-sqlalchemy python-lxml python-beautifulsoup mongodb python-pip python-dev python-numpy python-setuptools python-numpy-dev python-scipy libatlas-dev g++ git php5 php5-dev gfortran mysql-server python-mysqldb libxml2 libxslt-dev libffi-dev -y<br />
pip install --upgrade distribute<br />
pip install --upgrade gevent webob pyopenssl chardet lxml sqlalchemy jinja2 beautifulsoup requests requires cssselect pymongo MySQL-python pylibinjection libtaxii greenlet<br />
<br />
== Install HpFeeds ==<br />
cd /opt<br />
git clone https://github.com/rep/hpfeeds.git<br />
cd hpfeeds<br />
python setup.py build<br />
python setup.py install<br />
<br />
== Install and configure the PHP sandbox ==<br />
Download using git:<br />
cd /opt<br />
git clone git://github.com/glastopf/BFR.git<br />
cd BFR<br />
sudo phpize<br />
sudo ./configure --enable-bfr<br />
sudo make<br />
sudo make install<br />
<br />
Open the php.ini file and add bfr.so accordingly to the build output:<br />
zend_extension = /usr/lib/php5/20090626/bfr.so<br />
<br />
== Download glastopf source code from git ==<br />
cd /opt<br />
sudo git clone https://github.com/glastopf/glastopf.git<br />
<br />
== Install Pylinjection ==<br />
cd /opt<br />
git clone --recursive https://github.com/glastopf/pylibinjection.git<br />
rm /opt/pylibinjection/src/pylibinjection.c<br />
cd pylibinjection/<br />
python setup.py build<br />
python setup.py install<br />
<br />
== Install distribute manually ==<br />
sudo rm -rf /usr/local/lib/python2.7/dist-packages/distribute-0.7.3-py2.7.egg-info/<br />
sudo rm -rf /usr/local/lib/python2.7/dist-packages/setuptools*<br />
<br />
cd /opt<br />
sudo wget https://pypi.python.org/packages/source/d/distribute/distribute-0.6.35.tar.gz<br />
sudo tar -xzvf distribute-0.6.35.tar.gz<br />
cd distribute-0.6.35<br />
sudo python setup.py build<br />
sudo python setup.py install <br />
<br />
== Install glastopf ==<br />
cd /opt/glastopf<br />
sudo python setup.py build<br />
sudo python setup.py install<br />
<br />
== Configuration ==<br />
Prepare glastopf environment:<br />
cd /opt<br />
sudo mkdir glaspot<br />
cd glaspot<br />
sudo glastopf-runner<br />
<br />
A new default glastopf.cfg has been created in glastopf, which can be customized as required.<br />
<br />
== Testing the Honeypot ==<br />
Start Glastopf (from your 'myhoneypot' directory):<br />
sudo glastopf-runner<br />
Use your web browser to visit your honeypot. You should see the following output on your command line:<br />
2013-05-21 08:34:08,129 (glastopf.glastopf) Initializing Glastopf using "/opt/myhoneypot" as work directory.<br />
2013-05-21 08:34:08,130 (glastopf.glastopf) Connecting to main database with: sqlite:///db/glastopf.db<br />
2013-05-21 08:34:08,152 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connecting to feed broker.<br />
2013-05-21 08:34:08,227 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connected to hpfeed broker.<br />
2013-05-21 08:34:11,265 (glastopf.glastopf) Glastopf started and privileges dropped.<br />
<br />
= Advance =<br />
== Google Index ==<br />
As described above, we can "advertise" our glastopf "weaknesses" to Google (for Google Dorks). So that attackers are aware of your honeypot, you must include your web server in the Google index.<br />
<br />
Enter the glastopf URL to [[http://www.google.com/addurl/ Google Webmaster Tools]] to register your web site for Google bot crawl.<br />
Now, just sit back and wait for the first attacks shows...<br />
<br />
== Log to MySQL ==<br />
If you prefer a MySQL database instead of SQLite, install a MySQL server:<br />
sudo apt-get install mysql-server python-mysqldb<br />
<br />
Then create new db & user with its privileges:<br />
mysql -u root -p<br />
<br />
mysql> create database glaspot;<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> create user 'glaspot'@'localhost' identified by 'glaspot';<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> grant all privileges on glaspot.* to 'glaspot'@'localhost';<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> flush privileges;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
During the installation of the system and the user account you are prompted for a password. Make sure you use a strong password, because the database is in an open network.<br />
<br />
== Configure glastopf.conf file ==<br />
We need to configure the glastopf.conf file that located at /opt/glastopf.<br />
Inside this file, there are many setting that you can change accordingly.<br />
<br />
* First, we change our glastopf to run at port 80 instead of port 8080:<br />
<font color=red>Beware: Please ensure you not running apache service at port 80. Bind it to another port.</font color><br />
[webserver]<br />
host = 0.0.0.0<br />
port = '''80'''<br />
uid = nobody<br />
gid = nogroup<br />
proxy_enabled = False<br />
We do this to make our honeypot to look like real web app.<br />
<br />
* Change the database option to log to mysql instead to sqlite:<br />
[main-database]<br />
#If disabled a sqlite database will be created (db/glastopf.db)<br />
#to be used as dork storage.<br />
enabled = True<br />
#mongodb or sqlalchemy connection string, ex:<br />
#mongodb://localhost:27017/glastopf<br />
#mongodb://james:bond@localhost:27017/glastopf<br />
#mysql://james:bond@somehost.com/glastopf<br />
#connection_string = sqlite:///db/glastopf.db<br />
'''connection_string = mysql://glaspot:glaspot@localhost/glaspot'''<br />
<br />
= Fire Up! =<br />
* Start your glastopf by run this command on your terminal:<br />
cd /opt/glastopf/<br />
python /usr/local/bin/glastopf-runner<br />
<br />
If you want to run glastopf at background, run with this argument:<br />
cd /opt/glastopf/<br />
python /usr/local/bin/glastopf-runner '''&'''<br />
'''disown'''<br />
<br />
= Troubleshooting =<br />
* If you get this kind of error:<br />
fatal error: libinjection.h: No such file or directory<br />
during the glastopf installation, please do this:<br />
<br />
sudo git clone --recursive https://github.com/glastopf/pylibinjection.git<br />
sudo rm /opt/pylibinjection/src/pylibinjection.c<br />
cd pylibinjection/<br />
sudo python setup.py build<br />
sudo python setup.py install<br />
<br />
Then try to run the glastopf setup again.<br />
<br />
<disqus></disqus></div>
Zam