「kippoをFreeBSDにインストールする」の版間の差分

提供: セキュリティ
移動: 案内検索
行96: 行96:
 
sudo mv /usr/local/share/kippo/private.key.pub /usr/local/share/kippo/public.key
 
sudo mv /usr/local/share/kippo/private.key.pub /usr/local/share/kippo/public.key
 
sudo chown kippo:kippo /usr/local/share/kippo/*.key
 
sudo chown kippo:kippo /usr/local/share/kippo/*.key
 +
</syntaxhighlight>
 +
=== ディレクトリの作成 ===
 +
<syntaxhighlight lang="bash">
 +
cd /usr/local/share/kippo
 +
sudo mkdir dl
 +
sudo chown kippo:kippo dl
 +
sudo mkdir data; sudo chown kippo:kippo data;
 +
sudo mkdir log; sudo chown kippo:kippo log;
 +
sudo -u kippo log/tty
 +
</syntaxhighlight>
 +
 +
=== pass.db の作成 ===
 +
<syntaxhighlight lang="bash">
 +
sudo -u kippo python ./utils/passdb.py ./data/pass.db add 123456
 
</syntaxhighlight>
 
</syntaxhighlight>
  
行135: 行149:
 
/usr/local/etc/rc.d/kippo: WARNING: failed to start kippo
 
/usr/local/etc/rc.d/kippo: WARNING: failed to start kippo
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
== bsddb value type must be string ==
 +
下記は、pass.dbにエントリが追加できない場合のエラーです。
 +
<syntaxhighlight lang="bash">
 +
% sudo -u kippo python ../utils/passdb.py ./pass.db add password
 +
Traceback (most recent call last):
 +
  File "../utils/passdb.py", line 16, in <module>
 +
    db[sys.argv[3]] = None
 +
TypeError: bsddb value type must be string
 +
</syntaxhighlight>
 +
 +
passdb.py で value に None を設定しているのが問題です。
 +
 +
問題の行は、下記のNoneです。
 +
<syntaxhighlight lang="python">
 +
    elif sys.argv[2] == 'add':
 +
        db[sys.argv[3]] = None
 +
    elif sys.argv[2] == 'remove':
 +
</syntaxhighlight>
 +
 +
文字列であればいいので、空文字列にしてしまいます。
 +
<syntaxhighlight lang="python">
 +
        db[sys.argv[3]] = ''
 +
</syntaxhighlight>
 +
 +
pass.dbにエントリを追加する例です。
 +
<syntaxhighlight lang="bash">
 +
% sudo -u kippo python utils/passdb.py data/pass.db add password
 +
</syntaxhighlight>
 +
 +
listコマンドで確認する例です。
 +
<syntaxhighlight lang="bash">
 +
% sudo -u kippo python utils/passdb.py data/pass.db list
 +
password
 +
123456
 +
</syntaxhighlight>
 +
 
== 関連項目 ==
 
== 関連項目 ==
 
{{honeypot}}
 
{{honeypot}}
 
<!-- vim: filetype=mediawiki -->
 
<!-- vim: filetype=mediawiki -->

2014年1月10日 (金) 00:51時点における版

概要

  • kippo は、 /usr/local/share/kippo にインストールされます。
  • kippoの設定ファイルは、 /usr/local/share/kippo/kippo.cfg です。

インストール

FreeBSDにインストールする場合

ports コレクションからインストールする場合

cd /usr/ports/net/kippo
sudo make install clean

pkgコマンドでインストールする場合

sudo pkg install kippo

portmasterコマンドでインストールする場合

sudo portmaster -y -d /usr/ports/net/kippo

portinstallコマンドでインストールする場合

sudo portinstall /usr/ports/net/kippo
===>  Installing for kippo-0.5
===>   Generating temporary packing list
===>  Checking if net/kippo already installed
===> Creating users and/or groups.
Creating group `kippo' with gid `969'.
Creating user `kippo' with uid `969'.
===> Staging rc.d startup script(s)
======UNIQ16f27eaca6b1739b-h-2--QINU==================================================================
kippo has been installed in the following directory:
 
        /usr/local/share/kippo
 
Before starting kippo you need to perform the following steps:
 
1) Edit kippo's configuration file to suit your needs:
 
        $EDITOR /usr/local/share/kippo/kippo.cfg
 
   Please keep in mind when editing the configuration file that kippo
   can't be run as root and is started by the 'kippo' unprivileged
   user instead. This implies that the following folders hierarchy
   must be created and made writable to the 'kippo' user:
 
        dl/
        data/
        log/tty/
 
2) Add the following line to your rc.conf:
 
        kippo_enable="YES"
 
   Note that you can also set the 'kippo_logfile' and 'kippo_pidfile'
   variables to specify the path to the log file and pid file that
   will be used by kippo. The default values for those variables are
   '/tmp/kippo.log' and '/tmp/kippo.pid' respectively.
 
Then you can start kippo by issuing the following command:
 
        /usr/local/etc/rc.d/kippo start
======UNIQ16f27eaca6b1739b-h-3--QINU==================================================================
===> Correct pkg-plist sequence to create group(s) and user(s)
===>   Registering installation for kippo-0.5
 
===>>> pkg-message for kippo-0.5
======UNIQ16f27eaca6b1739b-h-4--QINU==================================================================
kippo has been installed in the following directory:
 
        /usr/local/share/kippo
 
Before starting kippo you need to perform the following steps:
 
1) Edit kippo's configuration file to suit your needs:
 
        $EDITOR /usr/local/share/kippo/kippo.cfg
 
   Please keep in mind when editing the configuration file that kippo
   can't be run as root and is started by the 'kippo' unprivileged
   user instead. This implies that the following folders hierarchy
   must be created and made writable to the 'kippo' user:
 
        dl/
        data/
        log/tty/
 
2) Add the following line to your rc.conf:
 
        kippo_enable="YES"
 
   Note that you can also set the 'kippo_logfile' and 'kippo_pidfile'
   variables to specify the path to the log file and pid file that
   will be used by kippo. The default values for those variables are
   '/tmp/kippo.log' and '/tmp/kippo.pid' respectively.
 
Then you can start kippo by issuing the following command:
 
        /usr/local/etc/rc.d/kippo start
======UNIQ16f27eaca6b1739b-h-5--QINU==================================================================

設定

/etc/rc.conf

sudo sysrc kippo_enable=YES

sshdの鍵の作成

sudo /usr/bin/ssh-keygen -t rsa -f /usr/local/share/kippo/private.key -N ''
sudo mv /usr/local/share/kippo/private.key.pub /usr/local/share/kippo/public.key
sudo chown kippo:kippo /usr/local/share/kippo/*.key

ディレクトリの作成

cd /usr/local/share/kippo
sudo mkdir dl
sudo chown kippo:kippo dl
sudo mkdir data; sudo chown kippo:kippo data;
sudo mkdir log; sudo chown kippo:kippo log;
sudo -u kippo log/tty

pass.db の作成

sudo -u kippo python ./utils/passdb.py ./data/pass.db add 123456

スタートやストップ

kippo の制御

以下は、FreeBSD で制御する場合です。

kippo サービスの開始。

sudo /usr/local/etc/rc.d/kippo start

kippo サービスの停止。

sudo /usr/local/etc/rc.d/kippo stop

kippo サービスの再起動。

sudo /usr/local/etc/rc.d/kippo restart

エラー

Permission denied: public key

sshd鍵ペアがないと起動しません。

% sudo /usr/local/etc/rc.d/kippo onestart
Starting kippo.
Generating RSA keypair...
Unhandled Error
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 642, in run
    runApp(config)
  File "/usr/local/lib/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp
    _SomeApplicationRunner(config).run()
  File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 376, in run
    self.application = self.createOrGetApplication()
  File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 441, in createOrGetApplication
    application = getApplication(self.config, passphrase)
--- <exception caught here> ---
  File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 452, in getApplication
    application = service.loadApplication(filename, style, passphrase)
  File "/usr/local/lib/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication
    application = sob.loadValueFromFile(filename, 'application', passphrase)
  File "/usr/local/lib/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile
    exec fileObj in d, d
  File "/usr/local/share/kippo/kippo.tac", line 31, in <module>
    pubKeyString, privKeyString = honeypot.getRSAKeys()
  File "/usr/local/share/kippo/kippo/core/honeypot.py", line 465, in getRSAKeys
    file(public_key, 'w+b').write(publicKeyString)
exceptions.IOError: [Errno 13] Permission denied: 'public.key'
 
Failed to load application: [Errno 13] Permission denied: 'public.key'
 
/usr/local/etc/rc.d/kippo: WARNING: failed to start kippo

bsddb value type must be string

下記は、pass.dbにエントリが追加できない場合のエラーです。

% sudo -u kippo python ../utils/passdb.py ./pass.db add password
Traceback (most recent call last):
  File "../utils/passdb.py", line 16, in <module>
    db[sys.argv[3]] = None
TypeError: bsddb value type must be string

passdb.py で value に None を設定しているのが問題です。

問題の行は、下記のNoneです。

    elif sys.argv[2] == 'add':
        db[sys.argv[3]] = None
    elif sys.argv[2] == 'remove':

文字列であればいいので、空文字列にしてしまいます。

        db[sys.argv[3]] = ''

pass.dbにエントリを追加する例です。

% sudo -u kippo python utils/passdb.py data/pass.db add password

listコマンドで確認する例です。

% sudo -u kippo python utils/passdb.py data/pass.db list
password
123456

関連項目