[操作文]chroot honeyd
writer: demonalex[at]dark2s[dot]org
实验环境:
操作系统:Linux alex5 2.6.5-1.358 #1 Sat May 8 09:04:50 EDT 2004
i686 i686 i386 GNU/Linux
honeyd版本:honeyd_kit-1.0c-a
真实机器:192.168.10.6/24
虚拟蜜罐:192.168.10.101/24
honeyd的主要文件/目录:
[root@alex5 /]# mkdir honeyd
[root@alex5 /]# cd honeyd
[root@alex5 honeyd]# mkdir -p usr/local/sbin
[root@alex5 honeyd]# cd /usr/local/sbin
[root@alex5 sbin]# cp -R honeyd /honeyd/usr/local/sbin
[root@alex5 sbin]# chown -R nobody
/honeyd/usr/local/sbin/honeyd
系统附带文件:
[root@alex5 sbin]# mkdir -p /honeyd/etc
[root@alex5 sbin]# cp /etc/services /honeyd/etc
[root@alex5 sbin]# cp /etc/resolv.conf /honeyd/etc
[root@alex5 sbin]# cp /etc/protocols /honeyd/etc
[root@alex5 sbin]# cp /etc/hosts /honeyd/etc
[root@alex5 sbin]# mkdir -p /honeyd/dev
[root@alex5 sbin]# mknod /honeyd/dev/null c 1 3
[root@alex5 sbin]# mknod /honeyd/dev/tty c 5 0
用户文件:
[root@alex5 sbin]# cp /etc/passwd /honeyd/etc
[root@alex5 sbin]# cp /etc/shadow /honeyd/etc
[root@alex5 sbin]# cp /etc/group /honeyd/etc
日志文件:
[root@alex5 sbin]# mkdir -p /honeyd/var/log/honeyd
[root@alex5 sbin]# touch /honeyd/var/log/honeyd/honeyd
[root@alex5 sbin]# touch /honeyd/var/log/honeyd/services
[root@alex5 sbin]# chown -R nobody /honeyd/var/log/honeyd
arpd需要读写的文件/目录:
[root@alex5 sbin]# mkdir -p /honeyd/var/run
[root@alex5 sbin]# cp /etc/localtime /honeyd/etc
honeyd需要读写的文件/目录:
[root@alex5 sbin]# mknod /honeyd/dev/urandom c 1 9
[root@alex5 sbin]# cp /etc/nsswitch.conf /honeyd/etc
[root@alex5 sbin]# cp /etc/ld.so.cache /honeyd/etc
[root@alex5 sbin]# mkdir -p /honeyd/lib
[root@alex5 sbin]# cp /lib/libnss_files-2.3.3.so
/honeyd/lib/libnss_files.so.2
[root@alex5 sbin]# mkdir -p /honeyd/lib/tls
[root@alex5 sbin]# cp /lib/tls/libc-2.3.3.so
/honeyd/lib/tls/libc.so.6
[root@alex5 sbin]# cp /lib/ld-2.3.3.so
/honeyd/lib/ld-linux.so.2
shell程序:
[root@alex5 sbin]# mkdir -p /honeyd/bin
[root@alex5 sbin]# cp /bin/bash /honeyd/bin/sh
[root@alex5 sbin]# cp /lib/libtermcap.so.2.0.8
/honeyd/lib/libtermcap.so.2
[root@alex5 sbin]# cp /lib/libdl-2.3.3.so
/honeyd/lib/libdl.so.2
start-arpd.sh文件的内容:
#!/bin/sh
set -x
/honeyd/usr/local/sbin/honeyd/arpd 192.168.10.0/24
honeyd.conf文件的内容:
create default
set default personality "Microsoft Windows XP Home Edition"
set default default tcp action reset
set default default udp action reset
set default default icmp action open
add default tcp port 23 proxy 192.168.10.3:23
add default tcp port 80 "sh scripts/win32/win2k/iis.sh $ipsrc
$sport $ipdst $dport"
add default tcp port 139 open
add default tcp port 445 open
add default tcp port 1433 open
add default tcp port 135 open
add default udp port 137 open
add default udp port 138 open
add default udp port 1434 open
bind 192.168.10.101 default
start-honeyd.sh文件的内容:
#!/bin/sh
set -x
/honeyd/usr/local/sbin/honeyd/honeyd -f
/honeyd/usr/local/sbin/honeyd/honeyd.conf -p \
/honeyd/usr/local/sbin/honeyd/nmap.prints -x
/honeyd/usr/local/sbin/honeyd/xprobe2.conf -a \
/honeyd/usr/local/sbin/honeyd/nmap.assoc -0
/honeyd/usr/local/sbin/honeyd/pf.os \
-l /var/log/honeyd/honeyd -s /var/log/honeyd/services
192.168.10.101
建立启动文件:
[root@alex5 sbin]# vi /honeyd/honeyd_start.sh
#!/bin/sh
/usr/local/sbin/honeyd/start-arpd.sh
/usr/local/sbin/honeyd/start-honeyd.sh
[ESC]:wq
[root@alex5 sbin]# chmod a+x /honeyd/honeyd_start.sh
启动honeyd:
[root@alex5 sbin]# chroot /honeyd /honeyd_start.sh
订阅数:131967
标签:安全技术 | 浏览数(1386) | 评论数(0) | 2007-01-06
http://www.i170.com/Article/53990/trackback