标签归档:opencanary

【蜜罐】低交互式蜜罐opencanary安装部署

源码:
https://github.com/thinkst/opencanary
https://github.com/thinkst/opencanary-correlator

文档:
https://opencanary.readthedocs.io/en/latest/

1)安装部署

首先需要更换SSH端口为222,需要注意一定要关闭Selinux,不然222端口无法监听成功。
项目要求为Python2.7的环境
而CentOs6.5自带的是2.6.6,可以创建python虚拟沙盒。

pip install virtualenv
wget https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgz
tar zxvf Python-2.7.8.tgz
cd Python-2.7.8
./configure --prefix=/usr/local/python/
make && make install
virtualenv venv --python=/usr/local/python/bin/python2.7
. venv/bin/activate
(venv) [root@vincent ~]# python -V
Python 2.7.8
pip install opencanary

opebcanary附带一个默认配置,我们可以复制和编辑,这是一个json文件
opencanaryd –copyconfig
##############################
报错:
cp: 无法获取”/root/venv/bin/../lib/python2.7/site-packages/opencanary/data/settings.json” 的文件状态(stat): 没有那个文件或目录
然后按照这个帖子
https://github.com/thinkst/opencanary/commit/809b1836dee2d6d066ecf66d39f98e2ca3a14eea
去掉这行:

cp "${DIR}/../lib/python2.7/site-packages/opencanary/data/settings.json" ~/.opencanary.conf

添加两行:

defaultconf=$(python -c "from pkg_resources import resource_filename; print resource_filename('opencanary', 'data/settings.json')")
cp "${defaultconf}" ~/.opencanary.conf
##############################

然后:

(venv) [root@vincent ~]# venv/bin/opencanaryd --copyconfig
[*] A sample config file is ready (/root/.opencanary.conf)

[*] Edit your configuration, then launch with "opencanaryd --start"

通过查看配置文件可以模拟ftp、http、httpproxy、smb、mysql、mssql、ssh、rdp、telnet等服务
日志文件为/var/tmp/opencanary.log。我们先将SSH端口修改为222.
修改配置文件如下:

{
"device.node_id": "opencanary-1",
"ftp.banner": "FTP server ready",
"ftp.enabled": true,
"ftp.port":21,
"http.banner": "Apache/2.2.22 (Ubuntu)",
"http.enabled": true,
"http.port": 80,
"http.skin": "nasLogin",
"http.skin.list": [
{
"desc": "Plain HTML Login",
"name": "basicLogin"
},
{
"desc": "Synology NAS Login",
"name": "nasLogin"
}
],
"logger": {
"class" : "PyLogger",
"kwargs" : {
"formatters": {
"plain": {
"format": "%(message)s"
}
},
"handlers": {
"file": {
"class": "logging.FileHandler",
"filename": "/var/tmp/opencanary.log"
}
}
}
},
"mysql.banner": "5.5.43-0ubuntu0.14.04.1",
"mysql.port": 3306,
"mysql.enabled": true,
"ssh.enabled": true,
"ssh.port": 22,
"ssh.version": "SSH-2.0-OpenSSH_5.1p1 Debian-4",
"portscan.synrate": "5"
}

(venv) [root@vincent ~]# venv/bin/opencanaryd --start
[-] Failed to open opencanary.conf for reading ([Errno 2] No such file or directory: 'opencanary.conf')
[-] Using config file: /root/.opencanary.conf

然后看看监听端口

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN off (0.00/0/0)

2)测试
测试访问22端口

{"dst_host": "172.16.100.167", "dst_port": 22, "local_time": "2016-06-30 10:35:24.064880", "logdata": {"SESSION": "0"}, "logtype": 4000, "node_id": "opencanary-1", "src_host": "172.16.100.128", "src_port": 56893}

访问21端口:

{"dst_host": "172.16.100.167", "dst_port": 21, "local_time": "2016-06-30 10:38:58.554103", "logdata": {"PASSWORD": "123456", "USERNAME": "root"}, "logtype": 2000, "node_id": "opencanary-1", "src_host": "172.16.100.128", "src_port": 35910}

访问3306端口:

{"dst_host": "172.16.100.167", "dst_port": 3306, "local_time": "2016-06-30 10:39:35.553673", "logdata": {"PASSWORD": "5cc73e54153a4a0322f75d5d2ad4322ab464c1b5", "USERNAME": "root"}, "logtype": 8001, "node_id": "opencanary-1", "src_host": "172.16.100.128", "src_port": 35935}

访问80端口:

123

{"dst_host": "172.16.100.167", "dst_port": 80, "local_time": "2016-06-30 10:40:30.727750", "logdata": {"HOSTNAME": "172.16.100.167", "PASSWORD": "123456", "PATH": "/index.html", "SKIN": "nasLogin", "USERAGENT": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36", "USERNAME": "admin"}, "logtype": 3001, "node_id": "opencanary-1", "src_host": "172.16.100.1", "src_port": 51582}