本文为苏尚武老师运维安全课程课程笔记
- 蜜罐
本质上是一种对攻击方的欺骗捕获分析,了解攻击者使用方法和意图 - cowrie
一款伪装成ssh的蜜罐,可以获取攻击者的字典 - 搭建
useradd cowrie
passwd cowrie
yum install -y git python-virtualenv bzip2-devel libffi-devel vim net-tools mysql-devel
yum groupinstall "Development Tools"
git clone https://github.com/cowrie/cowrie.git
创建虚拟环境
virtualenv -p python2.7 cowrie-env
source cowrie-env/bin/activate
pip install six packaging appdirs
pip install -r requirements.txt
cp cowrie.cfg.dist cowrie.cfg
chown -R cowrie /opt/cowrie/
修改系统ssh端口
vim /etc/ssh/sshd_config
#Port 22为Port 222
修改蜜罐端口
cowrie.cfg文件修改
listen_port = 2222
配置firewalld防火墙
firewall-cmd --permanent --add-port=222/tcp
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --add-forward-port=port=22:proto=tcp:toport=2222 --permanent
firewall-cmd --permanent --list-all
firewall-cmd --reload
systemctl restart sshd
需要在蜜罐中配置mysql数据库
. cowrie-env/bin/activate
pip install mysql-python
导入/opt/cowrie/docs/sql/mysql.sql
修改配置文件/etc/cowrie.cfg
[output_mysql]
enabled = true
host = localhost
database = cowrie
username = cowrie
password = Root123…
port = 3306
- elastichoney