honeypot-setup-script.sh

1. #!/bin/bash
2.  
3. # update apt repositories
4. sudo apt-get update
5.  
6. #user iface choice
7. sudo apt-get -y install python-pip gcc python-dev
8. sudo pip install netifaces
9. sudo wget https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/scripts/iface-choice.py -O /tmp/iface-choice.py
10. python /tmp/iface-choice.py
11. iface=$(<~/.honey_iface)
12.  
13.  
14. # Move SSH server from Port 22 to Port 66534
15. sudo sed -i 's:Port 22:Port 65534:g' /etc/ssh/sshd_config
16. sudo service ssh reload
17.  
18.  
19. ## install p0f ##
20.  
21. sudo apt-get install -y p0f
22. sudo mkdir /var/p0f/
23.  
24. # dependency for add-apt-repository
25. sudo apt-get install -y python-software-properties
26.  
27. ## install dionaea ##
28.  
29. #add dionaea repo
30. sudo add-apt-repository -y ppa:honeynet/nightly
31. sudo apt-get update
32. sudo apt-get install -y dionaea
33.  
34. #make directories
35. sudo mkdir -p /var/dionaea/wwwroot
36. sudo mkdir -p /var/dionaea/binaries
37. sudo mkdir -p /var/dionaea/log
38. sudo mkdir -p /var/dionaea/bistreams
39. sudo chown -R nobody:nogroup /var/dionaea/
40.  
41. #edit config
42. sudo wget https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/templates/dionaea.conf.tmpl -O /etc/dionaea/dionaea.conf
43. #note that we try and strip :0 and the like from interface here
44. sudo sed -i "s|%%IFACE%%|${iface%:*}|g" /etc/dionaea/dionaea.conf
45.  
46. ## install kippo - we want the latest so we have to grab the source ##
47.  
48. #kippo dependencies
49. sudo apt-get install -y subversion python-dev openssl python-openssl python-pyasn1 python-twisted iptables
50.  
51. #install kippo to /opt/kippo
52. sudo mkdir /opt/kippo/
53. sudo svn checkout http://kippo.googlecode.com/svn/trunk/ /opt/kippo/
54.  
55. sudo wget https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/templates/kippo.cfg.tmpl -O /opt/kippo/kippo.cfg
56.  
57. #add kippo user that can't login
58. sudo useradd -r -s /bin/false kippo
59.  
60. #set up log dirs
61. sudo mkdir -p /var/kippo/dl
62. sudo mkdir -p /var/kippo/log/tty
63. sudo mkdir -p /var/run/kippo
64.  
65. #delete old dirs to prevent confusion
66. sudo rm -rf /opt/kippo/dl
67. sudo rm -rf /opt/kippo/log
68.  
69. #set up permissions
70. sudo chown -R kippo:kippo /opt/kippo/
71. sudo chown -R kippo:kippo /var/kippo/
72. sudo chown -R kippo:kippo /var/run/kippo/
73.  
74. #point port 22 at port 2222
75. #we should have -i $iface here but it was breaking things with virtual interfaces
76. sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
77.  
78. #persist iptables config
79. sudo iptables-save > /etc/iptables.rules
80.  
81. #setup iptables restore script
82. sudo echo '#!/bin/sh' >> /etc/network/if-up.d/iptablesload
83. sudo echo 'iptables-restore < /etc/iptables.rules' >> /etc/network/if-up.d/iptablesload
84. sudo echo 'exit 0' >> /etc/network/if-up.d/iptablesload
85. #enable restore script
86. sudo chmod +x /etc/network/if-up.d/iptablesload
87.  
88. #download init files and install them
89. sudo wget https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/templates/p0f.init.tmpl -O /etc/init.d/p0f
90. sudo sed -i "s|%%IFACE%%|$iface|g" /etc/init.d/p0f
91.  
92. sudo wget https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/init/dionaea -O /etc/init.d/dionaea
93. sudo wget https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/init/kippo -O /etc/init.d/kippo
94.  
95. #install system services
96. sudo chmod +x /etc/init.d/p0f
97. sudo chmod +x /etc/init.d/dionaea
98. sudo chmod +x /etc/init.d/kippo
99.  
100. sudo update-rc.d p0f defaults
101. sudo update-rc.d dionaea defaults
102. sudo update-rc.d kippo defaults
103.  
104. #start the honeypot software
105. sudo /etc/init.d/kippo start
106. sudo /etc/init.d/p0f start
107. sudo /etc/init.d/dionaea start