kippoをFreeBSDにインストールする
提供: セキュリティ
スポンサーリンク
目次
概要
インストール
FreeBSDにインストールする場合
ports コレクションからインストールする場合
cd /usr/ports/net/kippo sudo make install clean
pkgコマンドでインストールする場合
sudo pkg install kippo
portmasterコマンドでインストールする場合
sudo portmaster -y -d /usr/ports/net/kippo
portinstallコマンドでインストールする場合
sudo portinstall /usr/ports/net/kippo
===> Installing for kippo-0.5 ===> Generating temporary packing list ===> Checking if net/kippo already installed ===> Creating users and/or groups. Creating group `kippo' with gid `969'. Creating user `kippo' with uid `969'. ===> Staging rc.d startup script(s) ======UNIQ9a2f8a58ffc57b52-h-2--QINU================================================================== kippo has been installed in the following directory: /usr/local/share/kippo Before starting kippo you need to perform the following steps: 1) Edit kippo's configuration file to suit your needs: $EDITOR /usr/local/share/kippo/kippo.cfg Please keep in mind when editing the configuration file that kippo can't be run as root and is started by the 'kippo' unprivileged user instead. This implies that the following folders hierarchy must be created and made writable to the 'kippo' user: dl/ data/ log/tty/ 2) Add the following line to your rc.conf: kippo_enable="YES" Note that you can also set the 'kippo_logfile' and 'kippo_pidfile' variables to specify the path to the log file and pid file that will be used by kippo. The default values for those variables are '/tmp/kippo.log' and '/tmp/kippo.pid' respectively. Then you can start kippo by issuing the following command: /usr/local/etc/rc.d/kippo start ======UNIQ9a2f8a58ffc57b52-h-3--QINU================================================================== ===> Correct pkg-plist sequence to create group(s) and user(s) ===> Registering installation for kippo-0.5 ===>>> pkg-message for kippo-0.5 ======UNIQ9a2f8a58ffc57b52-h-4--QINU================================================================== kippo has been installed in the following directory: /usr/local/share/kippo Before starting kippo you need to perform the following steps: 1) Edit kippo's configuration file to suit your needs: $EDITOR /usr/local/share/kippo/kippo.cfg Please keep in mind when editing the configuration file that kippo can't be run as root and is started by the 'kippo' unprivileged user instead. This implies that the following folders hierarchy must be created and made writable to the 'kippo' user: dl/ data/ log/tty/ 2) Add the following line to your rc.conf: kippo_enable="YES" Note that you can also set the 'kippo_logfile' and 'kippo_pidfile' variables to specify the path to the log file and pid file that will be used by kippo. The default values for those variables are '/tmp/kippo.log' and '/tmp/kippo.pid' respectively. Then you can start kippo by issuing the following command: /usr/local/etc/rc.d/kippo start ======UNIQ9a2f8a58ffc57b52-h-5--QINU==================================================================
設定
/etc/rc.conf
sudo sysrc kippo_enable=YES
sshdの鍵の作成
sudo /usr/bin/ssh-keygen -t rsa -f /usr/local/share/kippo/private.key -N '' sudo mv /usr/local/share/kippo/private.key.pub /usr/local/share/kippo/public.key sudo chown kippo:kippo /usr/local/share/kippo/*.key
ディレクトリの作成
cd /usr/local/share/kippo sudo mkdir dl sudo chown kippo:kippo dl sudo mkdir data; sudo chown kippo:kippo data; sudo mkdir log; sudo chown kippo:kippo log; sudo -u kippo log/tty
pass.db の作成
sudo -u kippo python ./utils/passdb.py ./data/pass.db add 123456
スタートやストップ
kippo の制御
以下は、FreeBSD で制御する場合です。
kippo サービスの開始。
sudo /usr/local/etc/rc.d/kippo start
kippo サービスの停止。
sudo /usr/local/etc/rc.d/kippo stop
kippo サービスの再起動。
sudo /usr/local/etc/rc.d/kippo restart
エラー
Permission denied: public key
% sudo /usr/local/etc/rc.d/kippo onestart Starting kippo. Generating RSA keypair... Unhandled Error Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 642, in run runApp(config) File "/usr/local/lib/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp _SomeApplicationRunner(config).run() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 376, in run self.application = self.createOrGetApplication() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 441, in createOrGetApplication application = getApplication(self.config, passphrase) --- <exception caught here> --- File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 452, in getApplication application = service.loadApplication(filename, style, passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication application = sob.loadValueFromFile(filename, 'application', passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile exec fileObj in d, d File "/usr/local/share/kippo/kippo.tac", line 31, in <module> pubKeyString, privKeyString = honeypot.getRSAKeys() File "/usr/local/share/kippo/kippo/core/honeypot.py", line 465, in getRSAKeys file(public_key, 'w+b').write(publicKeyString) exceptions.IOError: [Errno 13] Permission denied: 'public.key' Failed to load application: [Errno 13] Permission denied: 'public.key' /usr/local/etc/rc.d/kippo: WARNING: failed to start kippo
bsddb value type must be string
下記は、pass.dbにエントリが追加できない場合のエラーです。
% sudo -u kippo python ../utils/passdb.py ./pass.db add password Traceback (most recent call last): File "../utils/passdb.py", line 16, in <module> db[sys.argv[3]] = None TypeError: bsddb value type must be string
passdb.py で value に None を設定しているのが問題です。
問題の行は、下記のNoneです。
elif sys.argv[2] == 'add': db[sys.argv[3]] = None elif sys.argv[2] == 'remove':
文字列であればいいので、空文字列にしてしまいます。
db[sys.argv[3]] = ''
pass.dbにエントリを追加する例です。
% sudo -u kippo python utils/passdb.py data/pass.db add password
listコマンドで確認する例です。
% sudo -u kippo python utils/passdb.py data/pass.db list password 123456
関連項目
ツイート
スポンサーリンク