Installing Kippo on Ubuntu 10.04


For those of you that don't know Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

The below are instrcution on how to install Kippo on Ubuntu 10.04 LTS, the steps will be similar for any Ubuntu system. There is also a Video of installing Kippo: http://www.vimeo.com/17472890

The first step to install the prerequisite.

apt-get update
apt-get install subversion
apt-get install python-twisted python-mysqldb
apt-get install mysql-server

You will only need to install the mysql-server if you intend to log attempts into a MySql Database.

Download the latest version of Kippo from googlecode

svn checkout http://kippo.googlecode.com/svn/trunk/ /home/kippo

I'm useing the directory /home/kippo you can replace this with your own directory

create the default Kippo config file

cp /home/kippo/kippo.cfg.dist /home/kippo/kippo.cfg

Configuring kippo to log into a MySql database

mysql -u root -p
create database kippo;
grant all privileges on kippo.* to 'kippo'@localhost identified by 'secret';
exit;
mysql -ukippo -psecret kippo < /home/kippo/doc/sql/mysql.sql

Enabling logging to the MySql database through th Kippo config file

[database_mysql] host = localhost
databse = kippo
username = kippo
password = secret

Start Kippo running

./start.sh

Kippo by default runs on port 2222, if you want it to accept connection to the default SSH port you can enable the below iptables rule

iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 22 -j REDIRECT -to-port 2222

You are now up and running with the Kippo Honeypot. Want to add gather more information from your ssh honeypot, why not try using out our CountryCode lookup script


Share this Tutorial:
[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]


Author:


MySSHLog
Twitter: @mysshlog
500

Other Comments: