「kippoをFreeBSDにインストールする」の版間の差分
提供: セキュリティ
(→= wget でエラーが出た) |
|||
(同じ利用者による、間の2版が非表示) | |||
行96: | 行96: | ||
sudo mv /usr/local/share/kippo/private.key.pub /usr/local/share/kippo/public.key | sudo mv /usr/local/share/kippo/private.key.pub /usr/local/share/kippo/public.key | ||
sudo chown kippo:kippo /usr/local/share/kippo/*.key | sudo chown kippo:kippo /usr/local/share/kippo/*.key | ||
+ | </syntaxhighlight> | ||
+ | === ディレクトリの作成 === | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | cd /usr/local/share/kippo | ||
+ | sudo mkdir dl | ||
+ | sudo chown kippo:kippo dl | ||
+ | sudo mkdir data; sudo chown kippo:kippo data; | ||
+ | sudo mkdir log; sudo chown kippo:kippo log; | ||
+ | sudo -u kippo log/tty | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | === pass.db の作成 === | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | sudo -u kippo python ./utils/passdb.py ./data/pass.db add 123456 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
行135: | 行149: | ||
/usr/local/etc/rc.d/kippo: WARNING: failed to start kippo | /usr/local/etc/rc.d/kippo: WARNING: failed to start kippo | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | == bsddb value type must be string == | ||
+ | 下記は、pass.dbにエントリが追加できない場合のエラーです。 | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | % sudo -u kippo python ../utils/passdb.py ./pass.db add password | ||
+ | Traceback (most recent call last): | ||
+ | File "../utils/passdb.py", line 16, in <module> | ||
+ | db[sys.argv[3]] = None | ||
+ | TypeError: bsddb value type must be string | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | passdb.py で value に None を設定しているのが問題です。 | ||
+ | |||
+ | 問題の行は、下記のNoneです。 | ||
+ | <syntaxhighlight lang="python"> | ||
+ | elif sys.argv[2] == 'add': | ||
+ | db[sys.argv[3]] = None | ||
+ | elif sys.argv[2] == 'remove': | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | 文字列であればいいので、空文字列にしてしまいます。 | ||
+ | <syntaxhighlight lang="python"> | ||
+ | db[sys.argv[3]] = '' | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | pass.dbにエントリを追加する例です。 | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | % sudo -u kippo python utils/passdb.py data/pass.db add password | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | listコマンドで確認する例です。 | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | % sudo -u kippo python utils/passdb.py data/pass.db list | ||
+ | password | ||
+ | 123456 | ||
+ | </syntaxhighlight> | ||
+ | == ssh で kippo にログインする == | ||
+ | 2222 ポートで kippo が待っているので、[[ssh]] コマンドで試しにつないでみましょう。 | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | ssh root@localhost -p 2222 | ||
+ | </syntaxhighlight> | ||
+ | == wget が実行できない == | ||
+ | kippo のソースコードに [[wget]] のパスが /usr/bin/wget とハードコードされています。しかたがないので、シンボリックリンクを張っておくと簡単でしょう。 | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | sudo ln -s /usr/local/bin/wget /usr/bin/wget | ||
+ | </syntaxhighlight> | ||
+ | == wget でエラーが出た == | ||
+ | どうやら、ポートを指定しないとエラーになるようです。[[wget]]は、以下の状態で停止します。 | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | nas3:~# wget http://www.yahoo.co.jp/ | ||
+ | http://www.yahoo.co.jp/ | ||
+ | --2015-12-08 23:46:11-- http://www.yahoo.co.jp/ | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | 以下は正常系です。 | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | nas3:~# wget http://www.yahoo.co.jp:80/ | ||
+ | http://www.yahoo.co.jp:80/ | ||
+ | --2015-12-09 00:06:50-- http://www.yahoo.co.jp:80/ | ||
+ | Connecting to www.yahoo.co.jp:80... connected. | ||
+ | HTTP request sent, awaiting response... 200 OK | ||
+ | Length: unspecified [text/html; charset=UTF-8] | ||
+ | Saving to: `index.html | ||
+ | |||
+ | 100%[======================================>] 0 8K/s eta 0s | ||
+ | |||
+ | 2015-12-09 00:06:50 (8 KB/s) - `index.html' saved [19072/0] | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | 以下は、 kippo のエラーログの出力です。こうなると C-c とかでどうにもならないので、 ssh を一時停止して、kill しました。 | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | 2015-12-08 23:47:45+0900 [-] CMD: wget http://www.yahoo.co.jp/ | ||
+ | 2015-12-08 23:47:45+0900 [-] Command found: wget http://www.yahoo.co.jp/ | ||
+ | 2015-12-08 23:47:45+0900 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,127.0.0.1] Unhandled Error | ||
+ | Traceback (most recent call last): | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 118, in callWithContext | ||
+ | return self.currentContext().callWithContext(ctx, func, *args, **kw) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 81, in callWithContext | ||
+ | return func(*args,**kw) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/service.py", line 44, in packetReceived | ||
+ | return f(packet) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/connection.py", line 242, in ssh_CHANNEL_DATA | ||
+ | log.callWithLogger(channel, channel.dataReceived, data) | ||
+ | --- <exception caught here> --- | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/python/log.py", line 101, in callWithLogger | ||
+ | return callWithContext({"system": lp}, func, *args, **kw) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/python/log.py", line 84, in callWithContext | ||
+ | return context.call({ILogContext: newCtx}, func, *args, **kw) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 118, in callWithContext | ||
+ | return self.currentContext().callWithContext(ctx, func, *args, **kw) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 81, in callWithContext | ||
+ | return func(*args,**kw) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/session.py", line 109, in dataReceived | ||
+ | self.client.transport.write(data) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/session.py", line 160, in write | ||
+ | self.proto.dataReceived(data) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/conch/insults/insults.py", line 435, in dataReceived | ||
+ | self.terminalProtocol.keystrokeReceived(ch, None) | ||
+ | File "/usr/local/share/kippo/kippo/core/honeypot.py", line 343, in keystrokeReceived | ||
+ | recvline.HistoricRecvLine.keystrokeReceived(self, keyID, modifier) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/conch/recvline.py", line 201, in keystrokeReceived | ||
+ | m() | ||
+ | File "/usr/local/share/kippo/kippo/core/honeypot.py", line 370, in handle_RETURN | ||
+ | return recvline.RecvLine.handle_RETURN(self) | ||
+ | File "/usr/local/lib/python2.7/site-packages/twisted/conch/recvline.py", line 259, in handle_RETURN | ||
+ | self.lineReceived(line) | ||
+ | File "/usr/local/share/kippo/kippo/core/honeypot.py", line 336, in lineReceived | ||
+ | self.cmdstack[-1].lineReceived(line) | ||
+ | File "/usr/local/share/kippo/kippo/core/honeypot.py", line 73, in lineReceived | ||
+ | self.runCommand() | ||
+ | File "/usr/local/share/kippo/kippo/core/honeypot.py", line 126, in runCommand | ||
+ | self.honeypot.call_command(cmdclass, *rargs) | ||
+ | File "/usr/local/share/kippo/kippo/core/honeypot.py", line 363, in call_command | ||
+ | obj.start() | ||
+ | File "/usr/local/share/kippo/kippo/commands/wget.py", line 76, in start | ||
+ | self.deferred = self.download(url, outfile, self.safeoutfile) | ||
+ | File "/usr/local/share/kippo/kippo/commands/wget.py", line 110, in download | ||
+ | self.writeln('Connecting to %s:%d... connected.' % (host, port)) | ||
+ | exceptions.TypeError: %d format: a number is required, not NoneType | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | == kippo のログファイル == | ||
+ | インストール時のログにも出ていますが、 [[kippo]] のログは、 | ||
+ | /tmp/kippo.log | ||
+ | です。 | ||
== 関連項目 == | == 関連項目 == | ||
{{honeypot}} | {{honeypot}} | ||
− | <!-- vim: filetype=mediawiki --> | + | <!-- vim: filetype=mediawiki |
+ | --> |
2015年12月11日 (金) 20:45時点における最新版
目次
概要
インストール
FreeBSDにインストールする場合
ports コレクションからインストールする場合
cd /usr/ports/net/kippo sudo make install clean
pkgコマンドでインストールする場合
sudo pkg install kippo
portmasterコマンドでインストールする場合
sudo portmaster -y -d /usr/ports/net/kippo
portinstallコマンドでインストールする場合
sudo portinstall /usr/ports/net/kippo
===> Installing for kippo-0.5 ===> Generating temporary packing list ===> Checking if net/kippo already installed ===> Creating users and/or groups. Creating group `kippo' with gid `969'. Creating user `kippo' with uid `969'. ===> Staging rc.d startup script(s) ======UNIQ1c870695d5f569bd-h-2--QINU================================================================== kippo has been installed in the following directory: /usr/local/share/kippo Before starting kippo you need to perform the following steps: 1) Edit kippo's configuration file to suit your needs: $EDITOR /usr/local/share/kippo/kippo.cfg Please keep in mind when editing the configuration file that kippo can't be run as root and is started by the 'kippo' unprivileged user instead. This implies that the following folders hierarchy must be created and made writable to the 'kippo' user: dl/ data/ log/tty/ 2) Add the following line to your rc.conf: kippo_enable="YES" Note that you can also set the 'kippo_logfile' and 'kippo_pidfile' variables to specify the path to the log file and pid file that will be used by kippo. The default values for those variables are '/tmp/kippo.log' and '/tmp/kippo.pid' respectively. Then you can start kippo by issuing the following command: /usr/local/etc/rc.d/kippo start ======UNIQ1c870695d5f569bd-h-3--QINU================================================================== ===> Correct pkg-plist sequence to create group(s) and user(s) ===> Registering installation for kippo-0.5 ===>>> pkg-message for kippo-0.5 ======UNIQ1c870695d5f569bd-h-4--QINU================================================================== kippo has been installed in the following directory: /usr/local/share/kippo Before starting kippo you need to perform the following steps: 1) Edit kippo's configuration file to suit your needs: $EDITOR /usr/local/share/kippo/kippo.cfg Please keep in mind when editing the configuration file that kippo can't be run as root and is started by the 'kippo' unprivileged user instead. This implies that the following folders hierarchy must be created and made writable to the 'kippo' user: dl/ data/ log/tty/ 2) Add the following line to your rc.conf: kippo_enable="YES" Note that you can also set the 'kippo_logfile' and 'kippo_pidfile' variables to specify the path to the log file and pid file that will be used by kippo. The default values for those variables are '/tmp/kippo.log' and '/tmp/kippo.pid' respectively. Then you can start kippo by issuing the following command: /usr/local/etc/rc.d/kippo start ======UNIQ1c870695d5f569bd-h-5--QINU==================================================================
設定
/etc/rc.conf
sudo sysrc kippo_enable=YES
sshdの鍵の作成
sudo /usr/bin/ssh-keygen -t rsa -f /usr/local/share/kippo/private.key -N '' sudo mv /usr/local/share/kippo/private.key.pub /usr/local/share/kippo/public.key sudo chown kippo:kippo /usr/local/share/kippo/*.key
ディレクトリの作成
cd /usr/local/share/kippo sudo mkdir dl sudo chown kippo:kippo dl sudo mkdir data; sudo chown kippo:kippo data; sudo mkdir log; sudo chown kippo:kippo log; sudo -u kippo log/tty
pass.db の作成
sudo -u kippo python ./utils/passdb.py ./data/pass.db add 123456
スタートやストップ
kippo の制御
以下は、FreeBSD で制御する場合です。
kippo サービスの開始。
sudo /usr/local/etc/rc.d/kippo start
kippo サービスの停止。
sudo /usr/local/etc/rc.d/kippo stop
kippo サービスの再起動。
sudo /usr/local/etc/rc.d/kippo restart
エラー
Permission denied: public key
% sudo /usr/local/etc/rc.d/kippo onestart Starting kippo. Generating RSA keypair... Unhandled Error Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 642, in run runApp(config) File "/usr/local/lib/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp _SomeApplicationRunner(config).run() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 376, in run self.application = self.createOrGetApplication() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 441, in createOrGetApplication application = getApplication(self.config, passphrase) --- <exception caught here> --- File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 452, in getApplication application = service.loadApplication(filename, style, passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication application = sob.loadValueFromFile(filename, 'application', passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile exec fileObj in d, d File "/usr/local/share/kippo/kippo.tac", line 31, in <module> pubKeyString, privKeyString = honeypot.getRSAKeys() File "/usr/local/share/kippo/kippo/core/honeypot.py", line 465, in getRSAKeys file(public_key, 'w+b').write(publicKeyString) exceptions.IOError: [Errno 13] Permission denied: 'public.key' Failed to load application: [Errno 13] Permission denied: 'public.key' /usr/local/etc/rc.d/kippo: WARNING: failed to start kippo
bsddb value type must be string
下記は、pass.dbにエントリが追加できない場合のエラーです。
% sudo -u kippo python ../utils/passdb.py ./pass.db add password Traceback (most recent call last): File "../utils/passdb.py", line 16, in <module> db[sys.argv[3]] = None TypeError: bsddb value type must be string
passdb.py で value に None を設定しているのが問題です。
問題の行は、下記のNoneです。
elif sys.argv[2] == 'add': db[sys.argv[3]] = None elif sys.argv[2] == 'remove':
文字列であればいいので、空文字列にしてしまいます。
db[sys.argv[3]] = ''
pass.dbにエントリを追加する例です。
% sudo -u kippo python utils/passdb.py data/pass.db add password
listコマンドで確認する例です。
% sudo -u kippo python utils/passdb.py data/pass.db list password 123456
ssh で kippo にログインする
2222 ポートで kippo が待っているので、ssh コマンドで試しにつないでみましょう。
ssh root@localhost -p 2222
wget が実行できない
kippo のソースコードに wget のパスが /usr/bin/wget とハードコードされています。しかたがないので、シンボリックリンクを張っておくと簡単でしょう。
sudo ln -s /usr/local/bin/wget /usr/bin/wget
wget でエラーが出た
どうやら、ポートを指定しないとエラーになるようです。wgetは、以下の状態で停止します。
nas3:~# wget http://www.yahoo.co.jp/ http://www.yahoo.co.jp/ --2015-12-08 23:46:11-- http://www.yahoo.co.jp/
以下は正常系です。
nas3:~# wget http://www.yahoo.co.jp:80/ http://www.yahoo.co.jp:80/ --2015-12-09 00:06:50-- http://www.yahoo.co.jp:80/ Connecting to www.yahoo.co.jp:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html; charset=UTF-8] Saving to: `index.html 100%[======================================>] 0 8K/s eta 0s 2015-12-09 00:06:50 (8 KB/s) - `index.html' saved [19072/0]
以下は、 kippo のエラーログの出力です。こうなると C-c とかでどうにもならないので、 ssh を一時停止して、kill しました。
2015-12-08 23:47:45+0900 [-] CMD: wget http://www.yahoo.co.jp/ 2015-12-08 23:47:45+0900 [-] Command found: wget http://www.yahoo.co.jp/ 2015-12-08 23:47:45+0900 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,127.0.0.1] Unhandled Error Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 81, in callWithContext return func(*args,**kw) File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/service.py", line 44, in packetReceived return f(packet) File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/connection.py", line 242, in ssh_CHANNEL_DATA log.callWithLogger(channel, channel.dataReceived, data) --- <exception caught here> --- File "/usr/local/lib/python2.7/site-packages/twisted/python/log.py", line 101, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/usr/local/lib/python2.7/site-packages/twisted/python/log.py", line 84, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 81, in callWithContext return func(*args,**kw) File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/session.py", line 109, in dataReceived self.client.transport.write(data) File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/session.py", line 160, in write self.proto.dataReceived(data) File "/usr/local/lib/python2.7/site-packages/twisted/conch/insults/insults.py", line 435, in dataReceived self.terminalProtocol.keystrokeReceived(ch, None) File "/usr/local/share/kippo/kippo/core/honeypot.py", line 343, in keystrokeReceived recvline.HistoricRecvLine.keystrokeReceived(self, keyID, modifier) File "/usr/local/lib/python2.7/site-packages/twisted/conch/recvline.py", line 201, in keystrokeReceived m() File "/usr/local/share/kippo/kippo/core/honeypot.py", line 370, in handle_RETURN return recvline.RecvLine.handle_RETURN(self) File "/usr/local/lib/python2.7/site-packages/twisted/conch/recvline.py", line 259, in handle_RETURN self.lineReceived(line) File "/usr/local/share/kippo/kippo/core/honeypot.py", line 336, in lineReceived self.cmdstack[-1].lineReceived(line) File "/usr/local/share/kippo/kippo/core/honeypot.py", line 73, in lineReceived self.runCommand() File "/usr/local/share/kippo/kippo/core/honeypot.py", line 126, in runCommand self.honeypot.call_command(cmdclass, *rargs) File "/usr/local/share/kippo/kippo/core/honeypot.py", line 363, in call_command obj.start() File "/usr/local/share/kippo/kippo/commands/wget.py", line 76, in start self.deferred = self.download(url, outfile, self.safeoutfile) File "/usr/local/share/kippo/kippo/commands/wget.py", line 110, in download self.writeln('Connecting to %s:%d... connected.' % (host, port)) exceptions.TypeError: %d format: a number is required, not NoneType
kippo のログファイル
インストール時のログにも出ていますが、 kippo のログは、
/tmp/kippo.log
です。