honeypot_installscripts/kippo_installation.sh at master · psy/honeypot_installscripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#! /bin/bash

KIPPO_INSTALL_DIR="/opt/kippo/"
APT_CMD=$(which apt-get)
APT_OPTS="--yes --no-install-recommends"

$APT_CMD $APT_OPTS install curl python-twisted python-mysqldb iptables-persistent rinetd pwgen

# download kippo
cd /tmp/
wget http://kippo.googlecode.com/files/kippo-0.8.tar.gz

tar -xvzf kippo-0.8.tar.gz

# move it to /opt/
mv kippo-0.8/ ${KIPPO_INSTALL_DIR}
cd ${KIPPO_INSTALL_DIR}

dpkg -s mysql-server &> /dev/null

if [ $? -ne 0 ]
then
	read -p "Installing mysql-server, remember password! Hit [ENTER] to continue."
	$APT_CMD $APT_OPTS install mysql-server
fi

read -s -p "Please enter your mysql root password: " MYSQL_ROOT_PW

kippo_pw=$(pwgen 30 1)

echo "CREATE DATABASE kippo; GRANT ALL ON kippo.* TO 'kippo'@'localhost' IDENTIFIED BY '${kippo_pw}';" | mysql -u root -h localhost --password="${MYSQL_ROOT_PW}"

mysql -u root -h localhost --password="${MYSQL_ROOT_PW}" kippo < ${KIPPO_INSTALL_DIR}doc/sql/mysql.sql

cat >> ${KIPPO_INSTALL_DIR}kippo.cfg <<EOL

[database_mysql]
host = localhost
database = kippo
username = kippo
password = ${kippo_pw}
port = 3306
EOL

adduser --system --home ${KIPPO_INSTALL_DIR} --disabled-login kippo
chown -R kippo:nogroup ${KIPPO_INSTALL_DIR}

cat > /etc/init.d/kippo <<EOF
#!/bin/bash

### BEGIN INIT INFO
# Provides:          kippo
# Required-Start:    \$remote_fs \$network \$syslog
# Required-Stop:     \$remote_fs \$syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start kippo
# Description:       Kippo is a SSH honeypot.
### END INIT INFO

NAME="kippo"
DESC="Kippo Honeypot"
PIDDIR="/var/run/\$NAME"
PIDFILE="\$PIDDIR/\$NAME.pid"
SCRIPTNAME="/etc/init.d/\$NAME"

DAEMON_PATH="${KIPPO_INSTALL_DIR}"
DAEMON="$(which twistd)"
DAEMON_ARGS="-y kippo.tac -l log/kippo.log --pidfile \$PIDFILE"

[ -d "\$PIDDIR" ] || mkdir -p "\$PIDDIR" && chown kippo "\$PIDDIR"


case "\$1" in

start)
        echo -n "Starting \$DESC: "
        start-stop-daemon --start --chdir \$DAEMON_PATH --chuid kippo --background --pidfile \$PIDFILE --exec \$DAEMON -- \$DAEMON_ARGS && echo "OK"
        ;;

stop)
        echo -n "Stopping \$DESC: "
        start-stop-daemon --stop --pidfile \$PIDFILE && echo "OK"
        ;;

restart)
        echo "Restarting \$DESC: "
        \$0 stop
        sleep 1
        \$0 start
        ;;

*)
        echo "Usage: \$0 {start|stop|restart}"
        exit 1
        ;;

esac

exit 0
EOF

chmod +x /etc/init.d/kippo
update-rc.d kippo defaults


# move ssh port away from port 22
sed -i "s/^Port 22$/Port 4711/" /etc/ssh/sshd_config
/etc/init.d/ssh restart

# redirecting now done with rinetd
# BAD IDEA! rinetd is dropping source ip adress!
#sed -i "s/\(# *bindadress *bindport *connectaddress *connectport.*\)/\1\n$(curl ifconfig.me) 22 localhost 2222/" /etc/rinetd.conf
#update-rc.d rinetd defaults
#/etc/init.d/rinetd restart
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222

# Prevent kippo port from showing up on portscans
# Better do this with your (external) firewall!
#iptables -A INPUT -p tcp -s localhost --dport 2222 -j ACCEPT
#iptables -A INPUT -p tcp --dport 2222 -j REJECT

iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

/etc/init.d/kippo start

echo "Kippo installation done. Your kippo is now listening on port 22, your real sshd is listening on port 4711 now!"