domingo, fevereiro 15, 2009

Instalação do honeyd 1.5c no CentOS 5.2 via compilação

wget http://www.citi.umich.edu/u/provos/honeyd/honeyd-1.5c.tar.gz
tar -zxvf honeyd-1.5c.tar.gz
yum install pcre pcre-devel libpcap libpcap-devel rrdtool
wget http://monkey.org/~provos/libevent-1.4.8-stable.tar.gz
tar -zxvf libevent-1.4.8-stable.tar.gz
yum install gcc
cd libevent-1.4.8-stable
./configure --prefix=/usr/local/libevent
make
make install
cd ..
wget http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz?download
tar -zxvf libdnet-1.11.tar.gz
cd libdnet-1.11
yum install gcc-c++
./configure --prefix=/usr/local/libdnet
make
make install
cd ..
cd honeyd-1.5c
yum install libtool readline-devel zlib-devel python-devel
./configure --prefix=/usr/local/honeyd --with-libevent=/usr/local/libevent --with-libdnet=/usr/local/libdnet --with-python
make
make install
cp -r scripts/ /usr/local/honeyd/

cd /usr/local/honeyd/share
mkdir honeydstats
cd honeydstats
touch spammer_report.honeydstats
touch country_report.honeydstats
touch port_report.honeydstats
touch os_report.honeydstats
touch checkpoint.honeydstats
#defina um usuário e senha para o honeydstats
#define an user and password for honeydstats
echo "user:password" > configfile.honeydstats

cd ..
mkdir logs
cd logs
touch logfile.txt
touch servicelog.txt
chmod 766 *
cd ..

# personalize a faixa de ips para o seu caso
# customize the IPs range for your case
/usr/local/sbin/arpd -i eth0 192.168.1.10-192.168.1.35

#use an user e password definida no 'echo' para configfile.honeystats
#use an user and password defined in 'echo' for configfile.honeystats as showed above
/usr/local/honeyd/bin/honeyd -f /usr/local/honeyd/config.sample --rrdtool-path=/usr/bin/rrdtool -c 127.0.0.1:41000:user:password -l /usr/local/honeyd/share/honeyd/logs/logfile.txt -s /usr/local/honeyd/share/honeyd/logs/servicelog.txt

/usr/local/honeyd/bin/honeydstats -p 41000 \
-f /usr/local/honeyd/share/honeyd/honeydstats/configfile.honeydstats \
-c /usr/local/honeyd/share/honeyd/honeydstats/checkpoint.honeydstats \
--os_report /usr/local/honeyd/share/honeyd/honeydstats/os_report.honeydstats \
--port_report /usr/local/honeyd/share/honeyd/honeydstats/port_report.honeydstats \
--country_report /usr/local/honeyd/share/honeyd/honeydstats/country_report.honeydstats \
--spammer_report /usr/local/honeyd/share/honeyd/honeydstats/spammer_report.honeydstats

# References:
http://hi.baidu.com/xaliyan/blog/item/c3c8bbd0dd58aa1ec9c33.html





6 comentários:

Lokie disse...

hi leonardo, i am following your guide exactly from the arpd installation.. everything is fine during arpd installation.

but during this part, i'm stuck after

#use an user and password defined in 'echo' for configfile.honeystats as showed above
/usr/local/honeyd/bin/honeyd -f /usr/local/honeyd/config.sample --rrdtool-path=/usr/bin/rrdtool -c 127.0.0.1:41000:user:password -l /usr/local/honeyd/share/honeyd/logs/logfile.txt -s /usr/local/honeyd/share/honeyd/logs/servicelog.txt

error tells me theres no config.sample find..

can u hit me back via email?
luqmanawawi@yahoo.co.uk

Leonardo Andrade disse...

Hi Lokie.

I fell that this response is too late for you... however, let's go.

config.sample is a sample configuration file for honeyd distributed with honeyd's package. But, you can write your own honyed's config file and appointed to it with the '-f' command line parameter.

Good luck!

Anônimo disse...

Hi
I get this error:

./configure --prefix=/usr/local/honeyd --with-libevent=/usr/local

configure: error: dnet-config not found

how can I fix it?

Leonardo Andrade disse...

Hi,

If you followed the previous commands successfully, try:

./configure --prefix=/usr/local/honeyd --with-libevent=/usr/local/libevent --with-libdnet=/usr/local/libdnet --with-python

It's a unique command line. Maybe the automatic 'breakline' on Blogger confused you.

If doubts remains, only reply this post.

Regards,

Leonardo Andrade.

lazytran disse...
Este comentário foi removido pelo autor.
lazytran disse...

hi, i get errors like this when running honeyd

honeyd[16363]: started with -d -i eth0 -f ./nenet
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[16363]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:0c:29:ba:18:39
honeyd[16363]: HTTP server listening on 127.0.0.1:80
honeyd[16363]: HTTP server root at /usr/local/honeyd/share/honeyd/webserver/htdocs
honeyd[16363]: registering plugin 'Honeycomb' (0.7)
honeycomb.c/72: Initializing Honeycomb 0.7
hc_file_logger.c/83: Honeycomb logging to /tmp/honeycomb.log
honeyd[16363]: Demoting process privileges to uid 99, gid 99
honeyd[16363]: update_check: failed to resolve host.
honeyd[16363]: webserver: require read access to /usr/local/honeyd/share/honeyd/webserver/htdocs/styles: Permission denied
[root@dhcppc3 honeyd]# chmod 777 /usr/local/honeyd/share/honeyd/ebserver/htdocs/styles
chmod: cannot access `/usr/local/honeyd/share/honeyd/ebserver/htdocs/styles': No such file or directory

how can i fix it?