Friday, April 01, 2011

Dionea - Honeypot

Copy N Paste from
http://networkdefense.com.au/2010/06/12/first-experiences-with-dionaea/
After a lot of reading, a few very late nights, and a fair bit of indecision I decided to install Dionaea. It was down to mwcollectd or Dionaea as my next choice for a 30 day test, but I had quite a few issues getting mwcollectd running properly. I think this is mostly due to my lack of experience compiling stuff in linux, and also not understanding what to do when things fail or don't compile as expected. So I moved on and began to follow Markus' extensive Dionaea install documentation.

My first few attempts failed, in epic fashion. Initially for some unknown reason I decided to install Python 3 from testing... even though the documentation says to compile it. This brought up issues with sqlite3, again frustrating but a good learning experience. Follow the doco! In the end I had to make a slight modification to the ./configure script when compiling Dionaea, as Cython was not being found. Other than that the install was very smooth. I installed Dionaea under Debian 64bit, chose KDE graphical install and left the 'Standard System' and 'Desktop Environment' options checked.

I thought it would be a good idea to post the steps I took to install Dionaea, not sure if it is of use to anyone else. It's basically just a rehash of Markus' documentation.

1. Stuff from APT
apt-get install libglib2.0-dev libssl-dev libcurl4-openssl-dev libreadline-dev libsqlite3-dev python-dev libtool automake autoconf build-essential subversion git-core flex bison pkg-config

2. gettext / glib
apt-get install gettext
wget http://ftp.gnome.org/pub/gnome/sources/glib/2.20/glib-2.20.4.tar.bz2
tar xfj glib-2.20.4.tar.bz2
rm glib-2.20.4.tar.bz2
cd glib-2.20.4/
./configure --prefix=/opt/dionaea
make
make install
cd ..

3. liblcfg
git clone git://git.carnivore.it/liblcfg.git liblcfg
cd liblcfg/code
autoreconf -vi
./configure --prefix=/opt/dionaea
make install
cd /usr/local/src

4. libemu
git clone git://git.carnivore.it/libemu.git libemu
cd libemu
autoreconf -vi
./configure --prefix=/opt/dionaea
make install
cd ..

5. libnl (optional)
git clone git://git.kernel.org/pub/scm/libs/netlink/libnl.git
cd libnl
autoreconf -vi
export LDFLAGS=-Wl,-rpath,/opt/dionaea/lib
./configure --prefix=/opt/dionaea
make
make install
cd ..

6. libev
wget http://dist.schmorp.de/libev/Attic/libev-3.9.tar.gz
tar xfz libev-3.9.tar.gz
rm libev-3.9.tar.gz
cd libev-3.9
./configure --prefix=/opt/dionaea
make install
cd ..

7. Cython
wget http://cython.org/release/Cython-0.12.1.tar.gz
tar xfz Cython-0.12.1.tar.gz
rm Cython-0.12.1.tar.gz
cd Cython-0.12.1
python setup.py build
python setup.py install

8. sqlite3
apt-get install sqlite3

9. Python 3.1.2
wget http://python.org/ftp/python/3.1.2/Python-3.1.2.tgz
tar xfz Python-3.1.2.tgz
rm Python-3.1.2.tgz
cd Python-3.1.2/
./configure --enable-shared --prefix=/opt/dionaea --with-computed-gotos \
--enable-ipv6 LDFLAGS="-Wl,-rpath=/opt/dionaea/lib/"
make
make install
cd ..

10. libxml2-dev
apt-get install libxml2-dev

11. libxslt1-dev
aptitude install libxslt1-dev

12. lxml
wget http://codespeak.net/lxml/lxml-2.2.6.tgz
tar xfz lxml-2.2.6.tgz
rm lxml-2.2.6.tgz
cd lxml-2.2.6
/opt/dionaea/bin/2to3 -w src/lxml/html/_diffcommand.py
/opt/dionaea/bin/2to3 -w src/lxml/html/_html5builder.py
/opt/dionaea/bin/python3 setup.py build
/opt/dionaea/bin/python3 setup.py install
cd ..

13. udns
wget http://www.corpit.ru/mjt/udns/udns_0.0.9.tar.gz
tar xfz udns_0.0.9.tar.gz
rm udns_0.0.9.tar.gz
cd udns-0.0.9/
./configure
make shared
cp udns.h /opt/dionaea/include/
cp *.so* /opt/dionaea/lib/
cd /opt/dionaea/lib
ln -s libudns.so.0 libudns.so
cd /usr/local/src

14. Curl & C-ares
wget http://c-ares.haxx.se/c-ares-1.7.3.tar.gz
tar xfz c-ares-1.7.3.tar.gz
cd c-ares-1.7.3
./configure --prefix=/opt/dionaea
make
make install
cd ..

wget http://curl.haxx.se/download/curl-7.20.0.tar.bz2
tar xfj curl-7.20.0.tar.bz2
rm curl-7.20.0.tar.bz2
cd curl-7.20.0
./configure --prefix=/opt/dionaea
make
make install
cd ..

15. libpcap
wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz
tar xfz libpcap-1.1.1.tar.gz
rm libpcap-1.1.1.tar.gz
cd libpcap-1.1.1
./configure --prefix=/opt/dionaea
make
make install
cd ..

16. Dionaea (with my own changes on the Cython line from '/usr/local/bin' to '/usr/bin')
git clone git://git.carnivore.it/dionaea.git dionaea

cd dionaea
autoreconf -vi

./configure --with-lcfg-include=/opt/dionaea/include/ \
--with-lcfg-lib=/opt/dionaea/lib/ \
--with-python=/opt/dionaea/bin/python3.1 \
--with-cython-dir=/usr/bin \
--with-udns-include=/opt/dionaea/include/ \
--with-udns-lib=/opt/dionaea/lib/ \
--with-emu-include=/opt/dionaea/include/ \
--with-emu-lib=/opt/dionaea/lib/ \
--with-gc-include=/usr/include/gc \
--with-ev-include=/opt/dionaea/include \
--with-ev-lib=/opt/dionaea/lib \
--with-nl-include=/opt/dionaea/include \
--with-nl-lib=/opt/dionaea/lib/ \
--with-curl-config=/opt/dionaea/bin/ \
--with-pcap-include=/opt/dionaea/include \
--with-pcap-lib=/opt/dionaea/lib/ \
--with-glib=/opt/dionaea

make
make install

Running Dionaea
cd /opt/dionaea/bin/
./dionaea -l all,-debug -L '*'

Within moments of launching Dionaea connection attempts began pouring in, mostly rejected attempts. After around 30 minutes the first sample was received along with some interesting colours flying past - looking forward to going through the logs later this evening. Now all that's left to do is get the p0f ihandler turned on. So far things are looking promising.

Getting Dionaea up and running has been a great experience. I've learned a lot about compiling, dependencies, issues, and Debian in general. I'm very keen to see what kind of information it can produce over the coming month.

- Cooper

*update: 27th November 2010 - Updated Dionaea Install Instructions

No comments:

5 Faedah RTOS Linux Kernel - Apa Itu Sistem Operasi Masa Nyata (RTOS) di Malaysia

Di VIENNA dimana selepas 20 Tahun, Real-Time Linux Akhirnya Masuk ke Dalam Kernel Utama Linux. Itulah pada yang memahami bagaimana berkemban...