「kippoをFreeBSDにインストールする」の版間の差分
提供: セキュリティ
(ページの作成:「 __TOC__ == 概要 == * kippo は、 /usr/local/share/kippo にインストールされます。 * kippoの設定ファイルは、 /usr/local/share/kippo/kipp...」) |
|||
| 行1: | 行1: | ||
| − | |||
__TOC__ | __TOC__ | ||
| 行91: | 行90: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo sysrc kippo_enable=YES | sudo sysrc kippo_enable=YES | ||
| + | </syntaxhighlight> | ||
| + | === sshdの鍵の作成 === | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | sudo /usr/bin/ssh-keygen -t rsa -f /usr/local/share/kippo/private.key -N '' | ||
| + | sudo mv /usr/local/share/kippo/private.key.pub /usr/local/share/kippo/public.key | ||
| + | sudo chown kippo:kippo /usr/local/share/kippo/*.key | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | == スタートやストップ == | ||
{{rc.d|kippo}} | {{rc.d|kippo}} | ||
| + | == エラー == | ||
| + | === Permission denied: public key === | ||
| + | [[sshd]]の[[鍵ペア]]がないと起動しません。 | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | % sudo /usr/local/etc/rc.d/kippo onestart | ||
| + | Starting kippo. | ||
| + | Generating RSA keypair... | ||
| + | Unhandled Error | ||
| + | Traceback (most recent call last): | ||
| + | File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 642, in run | ||
| + | runApp(config) | ||
| + | File "/usr/local/lib/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp | ||
| + | _SomeApplicationRunner(config).run() | ||
| + | File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 376, in run | ||
| + | self.application = self.createOrGetApplication() | ||
| + | File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 441, in createOrGetApplication | ||
| + | application = getApplication(self.config, passphrase) | ||
| + | --- <exception caught here> --- | ||
| + | File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 452, in getApplication | ||
| + | application = service.loadApplication(filename, style, passphrase) | ||
| + | File "/usr/local/lib/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication | ||
| + | application = sob.loadValueFromFile(filename, 'application', passphrase) | ||
| + | File "/usr/local/lib/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile | ||
| + | exec fileObj in d, d | ||
| + | File "/usr/local/share/kippo/kippo.tac", line 31, in <module> | ||
| + | pubKeyString, privKeyString = honeypot.getRSAKeys() | ||
| + | File "/usr/local/share/kippo/kippo/core/honeypot.py", line 465, in getRSAKeys | ||
| + | file(public_key, 'w+b').write(publicKeyString) | ||
| + | exceptions.IOError: [Errno 13] Permission denied: 'public.key' | ||
| + | |||
| + | Failed to load application: [Errno 13] Permission denied: 'public.key' | ||
| + | |||
| + | /usr/local/etc/rc.d/kippo: WARNING: failed to start kippo | ||
| + | </syntaxhighlight> | ||
== 関連項目 == | == 関連項目 == | ||
{{honeypot}} | {{honeypot}} | ||
<!-- vim: filetype=mediawiki --> | <!-- vim: filetype=mediawiki --> | ||
2014年1月9日 (木) 00:15時点における版
目次
概要
インストール
FreeBSDにインストールする場合
ports コレクションからインストールする場合
cd /usr/ports/net/kippo sudo make install clean
pkgコマンドでインストールする場合
sudo pkg install kippo
portmasterコマンドでインストールする場合
sudo portmaster -y -d /usr/ports/net/kippo
portinstallコマンドでインストールする場合
sudo portinstall /usr/ports/net/kippo
===> Installing for kippo-0.5 ===> Generating temporary packing list ===> Checking if net/kippo already installed ===> Creating users and/or groups. Creating group `kippo' with gid `969'. Creating user `kippo' with uid `969'. ===> Staging rc.d startup script(s) ======UNIQb16bdcaaa4275c37-h-2--QINU================================================================== kippo has been installed in the following directory: /usr/local/share/kippo Before starting kippo you need to perform the following steps: 1) Edit kippo's configuration file to suit your needs: $EDITOR /usr/local/share/kippo/kippo.cfg Please keep in mind when editing the configuration file that kippo can't be run as root and is started by the 'kippo' unprivileged user instead. This implies that the following folders hierarchy must be created and made writable to the 'kippo' user: dl/ data/ log/tty/ 2) Add the following line to your rc.conf: kippo_enable="YES" Note that you can also set the 'kippo_logfile' and 'kippo_pidfile' variables to specify the path to the log file and pid file that will be used by kippo. The default values for those variables are '/tmp/kippo.log' and '/tmp/kippo.pid' respectively. Then you can start kippo by issuing the following command: /usr/local/etc/rc.d/kippo start ======UNIQb16bdcaaa4275c37-h-3--QINU================================================================== ===> Correct pkg-plist sequence to create group(s) and user(s) ===> Registering installation for kippo-0.5 ===>>> pkg-message for kippo-0.5 ======UNIQb16bdcaaa4275c37-h-4--QINU================================================================== kippo has been installed in the following directory: /usr/local/share/kippo Before starting kippo you need to perform the following steps: 1) Edit kippo's configuration file to suit your needs: $EDITOR /usr/local/share/kippo/kippo.cfg Please keep in mind when editing the configuration file that kippo can't be run as root and is started by the 'kippo' unprivileged user instead. This implies that the following folders hierarchy must be created and made writable to the 'kippo' user: dl/ data/ log/tty/ 2) Add the following line to your rc.conf: kippo_enable="YES" Note that you can also set the 'kippo_logfile' and 'kippo_pidfile' variables to specify the path to the log file and pid file that will be used by kippo. The default values for those variables are '/tmp/kippo.log' and '/tmp/kippo.pid' respectively. Then you can start kippo by issuing the following command: /usr/local/etc/rc.d/kippo start ======UNIQb16bdcaaa4275c37-h-5--QINU==================================================================
設定
/etc/rc.conf
sudo sysrc kippo_enable=YES
sshdの鍵の作成
sudo /usr/bin/ssh-keygen -t rsa -f /usr/local/share/kippo/private.key -N '' sudo mv /usr/local/share/kippo/private.key.pub /usr/local/share/kippo/public.key sudo chown kippo:kippo /usr/local/share/kippo/*.key
スタートやストップ
kippo の制御
以下は、FreeBSD で制御する場合です。
kippo サービスの開始。
sudo /usr/local/etc/rc.d/kippo start
kippo サービスの停止。
sudo /usr/local/etc/rc.d/kippo stop
kippo サービスの再起動。
sudo /usr/local/etc/rc.d/kippo restart
エラー
Permission denied: public key
% sudo /usr/local/etc/rc.d/kippo onestart Starting kippo. Generating RSA keypair... Unhandled Error Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 642, in run runApp(config) File "/usr/local/lib/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp _SomeApplicationRunner(config).run() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 376, in run self.application = self.createOrGetApplication() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 441, in createOrGetApplication application = getApplication(self.config, passphrase) --- <exception caught here> --- File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 452, in getApplication application = service.loadApplication(filename, style, passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication application = sob.loadValueFromFile(filename, 'application', passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile exec fileObj in d, d File "/usr/local/share/kippo/kippo.tac", line 31, in <module> pubKeyString, privKeyString = honeypot.getRSAKeys() File "/usr/local/share/kippo/kippo/core/honeypot.py", line 465, in getRSAKeys file(public_key, 'w+b').write(publicKeyString) exceptions.IOError: [Errno 13] Permission denied: 'public.key' Failed to load application: [Errno 13] Permission denied: 'public.key' /usr/local/etc/rc.d/kippo: WARNING: failed to start kippo