虚拟蜜罐-honeyd安装部署
honeyd安装部署
- centos部署成功(测试失败segmentation fault)
- 安装 ARPD网络遇到问题
- make honeyd时候遇到的问题
- 使用arpd问题
- xprobe2.conf
- centos测试
- 参考:(从上到下阅读可提高效率)
- ubuntu 部署(成功部署+测试)
- ubuntu 测试
centos部署成功(测试失败segmentation fault)
官网:http://www.honeyd.org/(软件+依赖)
参考:https://www.jianshu.com/p/9fc03166beac
环境Centos7_x86
各依赖包及honeyd版本
所有包资源下载处(https://download.csdn.net/download/weixin_44309300/80840858)
将各依赖包分别编译安装(方法类似)
tar -zxf libevent-1.1b-stable.tar.gz
cd libevent-1.1b-stable/
./configure --prefix=/usr # --prefix=/usr 指定安装目录下,可加可不加参数
make
make install
安装 ARPD网络遇到问题
~/arpd$ sudo ./configure
当直接执行 $ sudo make 时会报错,错误以下所示:
~/arpd$ sudo make
arpd.c: In function ‘arpd_send’:
arpd.c:268:34: error: expected ‘)’ before string constantsyslog(LOG_DEBUG, __FUNCTION__ ": who-has %s tell %s",^~~~~~~~~~~~~~~~~~~~~~
arpd.c: In function ‘arpd_lookup’:
arpd.c:285:34: error: expected ‘)’ before string constantsyslog(LOG_DEBUG, __FUNCTION__ ": %s at %s",^~~~~~~~~~~~
arpd.c:294:34: error: expected ‘)’ before string constantsyslog(LOG_DEBUG, __FUNCTION__ ": no entry for %s",^~~~~~~~~~~~~~~~~~~
arpd.c:297:34: error: expected ‘)’ before string constantsyslog(LOG_DEBUG, __FUNCTION__ ": %s at %s",^~~~~~~~~~~~
arpd.c: In function ‘arpd_recv_cb’:
arpd.c:426:35: error: expected ‘)’ before string constantsyslog(LOG_DEBUG, __FUNCTION__ ": %s at %s",^~~~~~~~~~~~
Makefile:195: recipe for target 'arpd.o' failed
make: *** [arpd.o] Error 1
解决办法:
在 arpd.c 文件中添加:
#define __FUNCTION__ ""
make honeyd时候遇到的问题
honeydstats-analyze.o: In function `analyze_init':
/root/Desktop/honey1.5/honeyd-1.5c/analyze.c:285: undefined reference to `evdns_init'
honeydstats-analyze.o: In function `analyze_country_enter':
/root/Desktop/honey1.5/honeyd-1.5c/analyze.c:436: undefined reference to `evdns_resolve_reverse'
注释掉analyze.c文件以下两行(但可能导致后面Segmentation fault)
436行 //evdns_resolve_reverse
285行 //evdns_init();
2.honeyd: interface_new: intf_get: No such device
解决: -i 参数 指定ens33网卡设备
3./configure
configure: error: need either libedit or libreadline; install one of them
解决: yum install libedit.i686 libedit-devel.i686
yum install -y readline readline-devel
4.sudo ./configure
configure: error: dnet-config not found
解决:yum install libdnet-devel
5.出现新问题:configure: error: zlib ismissing - you need to install it
解决: yum install zlib-devel
make遇到问题
dhcpclient.c:475:28: error: lvalue required as left operand of assignmenteth = (struct eth_hdr *)p = buf;^
dhcpclient.c: In function ‘_unicast’:
dhcpclient.c:527:28: error: lvalue required as left operand of assignmenteth = (struct eth_hdr *)p = buf;解决:修改代码(成功了,但上面error提示,阅读了源码上下文不知道为什么错误!!)
eth = (struct eth_hdr *)p;
7.fatal error: Python.h: No such file or directory
解决:
sudo yum install python-devel # for python2.x installs
sudo yum install python3-devel # for python3.x installs
使用arpd问题
ioctl(SIOCGIFINDEX) failed: No such device"
解决(换替代软件 或者 重装其他版本):
https://github.com/quinot/choparp
xprobe2.conf
在honeyd目录下有内容,直接cp复制
centos测试
[root@localhost honeyd-1.5c]# arpd 192.168.163.222
[root@localhost honeyd-1.5c]# ./honeyd -d -i ens33 -f /usr/local/share/honeyd/first_task.conf 192.168.163.222
segmentation fault:
(参考原因:https://github.com/sefcom/honeyplc/issues/2)
honeyd: interface_new: intf_get: No such device
解决: -i 参数 指定ens33
参考:(从上到下阅读可提高效率)
https://www.jianshu.com/p/9fc03166beac
https://blog.csdn.net/weixin_43901998/article/details/100604281
https://manpages.org/honeyd/8 (手册案例)
https://blog.51cto.com/297020555/538183(centos5.5)
https://cloud.tencent.com/developer/article/1019325
ubuntu 部署(成功部署+测试)
一、
环境:
ubuntu20.04LTS
honeyd-1.5c.tar.gz
依赖包:
libevent-1.4.14b-stable.tar.gz
libdnet-1.11.tar.gz
libpcap-1.1.1.tar.gz
arpd-0.2.tar.gz
所有包打包下载地址:https://download.csdn.net/download/weixin_44309300/80840581
二、安装步骤(过程全一样)
- libevent-1.4.14b-stable.tar.gz
tar -zxf libevent-1.4.14b-stable.tar.gz
cd libevent-1.4.14b-stable/
./configure --prefix=/usr
make
sudo make install # 这里一定要带上sudo
- libdnet-1.11.tar.gz
tar -zxvf libdnet-1.11.tar.gz
cd libdnet-1.11/
./configure
make
sudo make install
- libpcap-1.1.1.tar.gz
tar -zxvf libpcap-1.1.1.tar.gz
cd libpcap-1.1.1/
./configure
make
sudo make install
Error解决:
sudo apt-get install flex
sudo apt-get install byacc
pcap-linux.c文件1555行把 SIOCGSTAMP换成SIOCGIWAP
- arpd-0.2.tar.gz
tar -zxvf arpd-0.2.tar.gz
cd arpd-0.2/
./configure
make
sudo make install
arpd运行错误解决:
1.arpd启动问题
chao@ubuntu20:~/Desktop/hontydtool$ arpd 192.168.163.200
arpd: error while loading shared libraries: libevent-1.4.so.2: cannot open shared object file: No such file or directory
chao@ubuntu20:~/Desktop/hontydtool$ locate libevent-1.4.so.2解决(添加个读取配置):
# cd /etc/ld.so.conf.d
# echo "/home/chao/Desktop/hontydtool/libevent-1.4.14b-stable/.libs/libevent-1.4.so.2" >> libpcap.conf# sudo /sbin/ldconfig (更新配置生效)成功运行后再次运行arpd可能会出现:arpd: pcap_lookupdev: no suitable device found.这是因为权限不够,你只需要运行
# sudo arpd。
- honeyd-1.5c.tar.gz
tar -zxvf honeyd-1.5c.tar.gz
cd honeyd-1.5c/
./configure
make
sudo make install
解决问题:
1.
Error: Couldn't figure out how to access libc
解决:
# locate libc.so (找到路径,然后)
# sudo ln -s /lib/x86_64-linux-gnu/libc.so.6 /usr/lib/libc.so2.
Error: need either libedit or libreadline; install one of them
解决:apt-get install libedit-dev3.
honeyd: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
这是由于共享库文件在 /usr/local/lib下,而默认动态库都只会搜索/usr/lib
我们直接把 honeyd 需要的 libdnet.1 复制到 /usr/lib下就可以了,libdnet.1 默认在 /usr/local/lib 目录下:
执行命令:
# sudo cp /usr/local/lib/libdnet.1 /usr/lib
# sudo ldconfig
完成安装出现
sudo honeyd成功出现的回显如下:
chao@ubuntu20:~/Desktop/hontydtool/honeyd-1.5c$ sudo honeyd
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[92722]: started with
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[92722]: listening promiscuously on ens33: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:0c:29:8b:10:59
Honeyd starting as background processubuntu 测试
[root@localhost honeyd-1.5c]# arpd 192.168.163.222
[root@localhost honeyd-1.5c]# ./honeyd -d -i ens33 -f /usr/local/share/honeyd/first_task.conf 192.168.163.222配置文件sudo vim /usr/local/share/honeyd/first_task.conf
create windows # 创建一个模板,名为windows;名字可以随便取
set windows personality "Microsoft Windows NT 4.0 SP6a" # 为这个模板分配一个指纹
set windows default tcp action reset # 默认设置tcp协议而下端口为reset模式
add windows tcp port 80 open # 开放tcp协议的80端口
bind 192.168.70.222 windows # 为虚拟主机绑定一个IP地址# 无注释版本
create windows
set windows personality "Microsoft Windows NT 4.0 SP6a"
set windows default tcp action reset
add windows tcp port 80 open
bind 192.168.70.222 windows
成功测试效果:
(用同一个局域网内的另一台主机去 ping 192.168.163.222)
chao@ubuntu20:~/Desktop/hontydtool/honeyd-1.5c$ sudo honeyd -d -i ens33 -f /usr/local/share/honeyd/first_task.conf 192.168.163.222
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[92478]: started with -d -i ens33 -f /usr/local/share/honeyd/first_task.conf 192.168.163.222
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[92478]: listening promiscuously on ens33: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 192.168.163.222))) and not ether src 00:0c:29:8b:10:59
honeyd[92478]: Demoting process privileges to uid 65534, gid 65534
honeyd[92478]: Sending ICMP Echo Reply: 192.168.163.222 -> 192.168.163.55
honeyd[92478]: Sending ICMP Echo Reply: 192.168.163.222 -> 192.168.163.55
honeyd[92478]: Sending ICMP Echo Reply: 192.168.163.222 -> 192.168.163.55
honeyd[92478]: Sending ICMP Echo Reply: 192.168.163.222 -> 192.168.163.55
honeyd[92478]: Sending ICMP Echo Reply: 192.168.163.222 -> 192.168.163.55
honeyd[92478]: Sending ICMP Echo Reply: 192.168.163.222 -> 192.168.163.55
honeyd[92478]: Sending ICMP Echo Reply: 192.168.163.222 -> 192.168.163.55
honeyd[92478]: Sending ICMP Echo Reply: 192.168.163.222 -> 192.168.163.55
^Choneyd[92478]: exiting on signal 2
配置日志文件等
mkdir /var/log/honeyd
touch /var/log/honeyd/honeyd.log
touch /var/log/honeyd/service.log
chown nobody:nogroup /var/log/honeyd/*.log
ll /var/log/honeyd/
./honeyd -d -l /var/log/honeyd/honeyd.log -s /var/log/honeyd/service.log --fix-webserver-permissions 192.168.0.5