Ubuntu安装conpot蜜罐系列——（2）安装mysql

sun/

已于 2024-04-10 23:22:54 修改

阅读量774

点赞数 18

文章标签： ubuntu 网络安全

于 2023-12-05 22:48:20 首次发布

本文链接：https://blog.csdn.net/qq_43629220/article/details/134818199

版权

0 前言

（本文来自CSDN 作者/sun，禁止转载，原文链接Ubuntu安装conpot蜜罐系列——（2）安装mysql_conpot日志文件-CSDN博客）

本系列教程实现环境如下：

Ubuntu 18.04/20.04 + conpot0.6 + python3.6

（尝试在Ubuntu 22.04上安装暂时没有成功）

实现目标如下：

安装conpot + 日志存入mysql + 数据库GUI + Nmap对蜜罐进行指纹扫描 + 修改蜜罐指纹

1 安装mysql

（1）先安装mysql-server

sudo apt-get install mysql-server

（2）然后开启mysql

service mysql start

（3）设置下mysql，对于设置细节，参考 Ubuntu20.04安装MySQL及配置MySQL workbench_mysql workbench ubuntu-CSDN博客

sudo mysql_secure_installation

（4）进入mysql数据库，用root用户启动mysql，输入密码按回车就行，此时进入mysql状态下

sudo mysql -u root -p

2 创建数据库

（在mysql命令状态下执行）

（1）创建名叫conpot的数据库

CREATE DATABASE conpot;

（2）创建一个名为user，密码为root的用户

create user 'user'@'%' identified by  'root';

（3）用户user没有权限，给user权限

grant all privileges on conpot.* to 'user'@'%' with grant option;

（4）ctrl+z退出命令状态，再进入到user用户下的mysql

sudo mysql -u user -p

（5）输入密码为root，创建conpot数据库

create database conpot;

（6）看看成功了没

show databases;

3 创建数据表

虽然下面提供的mysql_log.py有创建数据表的功能，但是执行不成功，这里手动执行

先执行，切换到conpot数据库

use conpot;

执行下面代码，在conpot数据库下创建名为events的表

"""CREATE TABLE IF NOT EXISTS `events` (
                        `id` bigint(20) NOT NULL AUTO_INCREMENT,
                        `sensorid` text NOT NULL,
                        `session` text NOT NULL,
                        `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
                        `remote` text NOT NULL,
                        `protocol` text NOT NULL,
                        `request` text NOT NULL,
                        `response` text NOT NULL,
                        PRIMARY KEY (`id`)
                        ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
                       """)

4 将conpot日志输出到mysql中

以下将对conpot文件进行修改，Ubuntu安装conpot（1）仅仅是conpot原始版本，对于下面的修改，读者可以用两种方式操作：

先跟着这一节修改conpot本地文件再安装
安装好conpot后进入conpot环境下修改，路径参考如下

（/home/syr/桌面/conpot/conpot-env/lib/python3.6/site-packages/conpot）

（1）创建mysql_log.py

相对路径为（conpot/core/loggers/mysql_log.py），如果安装好了conpot，请在python虚拟环境下找路径。

这是我在conpot 0.5中找到的文件，改了改拿过来。

# Copyright (C) 2014  Daniel creo Haslinger <creo-conpot@blackmesa.at>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.


import MySQLdb
import gevent
import logging

from warnings import filterwarnings
filterwarnings('ignore', category=MySQLdb.Warning)

logger = logging.getLogger(__name__)


class MySQLlogger(object):

    def __init__(self, host, port, db, username, passphrase, logdevice, logsocket, sensorid):
        self.host = host
        self.port = port
        self.db = db
        self.username = username
        self.passphrase = passphrase
        self.logdevice = logdevice
        self.logsocket = logsocket
        self.sensorid = sensorid
        #add a method
        self.conn = MySQLdb.connect(host=self.host,
                                    port=self.port,
                                    user=self.username,
                                    passwd=self.passphrase,
                                    db=self.db)

        self._connect()

    def _connect(self):
        try:
            if str(self.logsocket).lower() == 'tcp':
                self.conn = MySQLdb.connect(host=self.host,
                                            port=self.port,
                                            user=self.username,
                                            passwd=self.passphrase,
                                            db=self.db)
                self._create_db()
            elif str(self.logsocket).lower() == 'dev':
                self.conn = MySQLdb.connect(unix_socket=self.logdevice,
                                            user=self.username,
                                            passwd=self.passphrase,
                                            db=self.db)
                self._create_db()
        except (AttributeError, MySQLdb.OperationalError):
            logger.error('Could not create a stable database connection for logging. Check database and credentials.')

    def _create_db(self):
        cursor = self.conn.cursor()
        cursor.execute("""CREATE TABLE IF NOT EXISTS `events` (
                        `id` bigint(20) NOT NULL AUTO_INCREMENT,
                        `sensorid` text NOT NULL,
                        `session` text NOT NULL,
                        `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
                        `remote` text NOT NULL,
                        `protocol` text NOT NULL,
                        `request` text NOT NULL,
                        `response` text NOT NULL,
                        PRIMARY KEY (`id`)
                        ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
                       """)

    def log(self, event, retry=1):
        cursor = self.conn.cursor()

        try:
            if( event["data_type"] == "http" ):
                cursor.execute("""INSERT INTO
                                    events (sensorid, session, remote, protocol, request, response)
                                  VALUES
                                    (%s, %s, %s, %s, %s, %s)""", (str(self.sensorid),
                                                                  str(event["id"]),
                                                                  str(event["remote"]),
                                                                  event["data_type"],
                                                                  event["data"].get('request'),
                                                                  event["data"].get('response')))
            else:
                cursor.execute("""INSERT INTO
                                    events (sensorid, session, remote, protocol, request, response)
                                  VALUES
                                    (%s, %s, %s, %s, %s, %s)""", (str(self.sensorid),
                                                                  str(event["id"]),
                                                                  str(event["remote"]),
                                                                  event["data_type"],
                                                                  "null",
                                                                  "null"))
            self.conn.commit()
        except (AttributeError, MySQLdb.OperationalError):
            self._connect()

            if retry == 0:
                logger.error('Logging failed. Database connection not available.')
                return False
            else:
                logger.debug('Logging failed: Database connection lost. Retrying (%s tries left)...', retry)
                retry -= 1
                gevent.sleep(float(0.5))
                return self.log(event, retry)

        return cursor.lastrowid

    def log_session(self, session):
        pass

    def select_data(self):
        cursor = self.conn.cursor()
        cursor.execute("SELECT * FROM events")
        print (cursor.fetchall())

    def select_session_data(self, sessionid):
        cursor = self.conn.cursor()
        cursor.execute("SELECT * FROM events WHERE session = %s", [str(sessionid)])
        return cursor.fetchall()

    def truncate_table(self, table):
        cursor = self.conn.cursor()
        try:
            affected = cursor.execute("TRUNCATE TABLE %s", [str(table)])
            self.conn.commit()
        except (AttributeError, MySQLdb.IntegrityError, MySQLdb.OperationalError):
            return False

        return affected

（2）在上一步的py文件中，我们引入了一个库叫MySQLdb，python3中已经不支持这个库了，所以需要手动安装。（可能是因为conpot 0.6升级后支持python3，所以舍弃了日志的mysql输出方法）mysqlclient下载链接如下：

https://pypi.org/project/mysqlclient/2.0.0/#files

下载后，在conpot-env环境下执行命令（注意mysqlclient所在的目录是否在命令目录下）

pip install mysqlclient-2.0.0.tar.gz

（3）修改配置文件testing.cfg，参考路径如下

/home/syr/桌面/conpot/conpot-env/lib/python3.6/site-packages/conpot/testing.cfg

将以下内容加入到testing.cfg中

[mysql]
enabled = True  
device = /tmp/mysql.sock  
host = localhost  
port = 3306  
db = conpot  
username = 自己设置的用户名 
passphrase = 自己设置的密码
socket = tcp        ; tcp (sends to host:port), dev (sends to mysql device/socket file)

用户名之前是设置user，密码root

（4）修改log_worker.py文件，共三处问题，路径如下

/home/syr/桌面/conpot/conpot-env/lib/python3.6/site-packages/conpot/core/log_worker.py

参考下面的三张图，添加代码

（5）启动conpot日志写入mysql

conpot -f -t default -c testing.cfg

打开本地浏览器，输入127.0.0.8800/index.html

可以在数据库中查看

（6）pycharm pro自带数据库GUI

以上是我在pycharm中执行和查看，可以自行在Ubuntu商店安装pycharm

sun/

关注

18
点赞
踩
20

收藏

觉得还不错? 一键收藏
0
评论
Ubuntu安装conpot蜜罐系列——（2）安装mysql

（本文来自CSDN 作者/sun，禁止转载，原文链接（尝试在Ubuntu 22.04上安装暂时没有成功）安装conpot + 日志存入mysql + 数据库GUI + Nmap对蜜罐进行指纹扫描 + 修改蜜罐指纹。
复制链接

扫一扫