This is a basic guide how to install Kippo SSH Honeypot on OpenBSD 5.5 using chroot.
Please remember that this might be dangerous since the hacker depending of the skill set might find a way to escape from the honeypot or tries to find other service that are related to you. Only run a honeypot if you know what you are doing since the offender might retaliate
More information about Kippo can be found here: https://code.google.com/p/kippo/
Don’t run Kippo as root and use ports above 1024 (non privileged ports). Use port forwarding if you want to listen on port 22
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# Install dependencies for Kippo pkg_add python-2.7.6p0 py-twisted-conch-11.1.0.tgz py-twisted-web-11.1.0.tgz py-asn1-0.1.7v0.tgz wget ln -sf /usr/local/bin/python2.7 /usr/local/bin/python ln -sf /usr/local/bin/python2.7-2to3 /usr/local/bin/2to3 ln -sf /usr/local/bin/python2.7-config /usr/local/bin/python-config ln -sf /usr/local/bin/pydoc2.7 /usr/local/bin/pydoc # Download Kippo and copy them to the chroot folder cd ~/ wget https://kippo.googlecode.com/files/kippo-0.8.tar.gz tar -xzvf kippo-0.8.tar.gz rm kippo-0.8.tar.gz cd kippo-0.8 mkdir -p /var/kippo cp -R * /var/kippo cd /var/kippo # Create skeleton for Kippo chroot mkdir -p usr/local/bin usr/local/lib usr/lib/ usr/libexec/ var/run/ bin sbin dev # Copy binaries to Kippo chroot cp -R /bin/sh bin/ cp -R /usr/local/bin/twistd usr/local/bin/ cp -R /usr/local/bin/python usr/local/bin/ cp -R /usr/local/bin/python2.7 usr/local/bin/ cp -R /usr/local/bin/python2.7-config usr/local/bin/ cp -R /usr/local/bin/python-config usr/local/bin/ cp -R /usr/local/bin/pydoc2.7 usr/local/bin/ cp -R /usr/local/bin/pydoc usr/local/bin/ cp -R /sbin/ldconfig sbin/ # Copy libraries for Kippo chroot cp -R /usr/local/lib/libpython2.7.so.0.0 usr/local/lib/ cp -R /usr/lib/libpthread.so.18.0 usr/lib/ cp -R /usr/lib/libutil.so.12.0 usr/lib/ cp -R /usr/lib/libstdc++.so.57.0 usr/lib/ cp -R /usr/lib/libm.so.9.0 usr/lib/ cp -R /usr/lib/libc.so.73.1 usr/lib/ cp -R /usr/libexec/ld.so usr/libexec/ cp -R /usr/lib/libz.so.5.0 usr/lib/ cp -R /usr/lib/libssl.so.20.0 usr/lib/ cp -R /usr/lib/libcrypto.so.23.0 usr/lib/ cp -R /usr/local/lib/python2.7 usr/local/lib/ # Make devices that Kippo need cp -R /dev/MAKEDEV /var/kippo/dev cd /var/kippo/dev ./MAKEDEV *random std rm MAKEDEV cd .. # Add chroot user for Kippo useradd -d /nonexistent -s /sbin/nologin kippo # Change owner to Kippo user chown -R kippo:kippo /var/kippo # Generate ls.do.hints chroot /var/kippo ldconfig /usr/local/lib/ /usr/local/lib/python2.7/lib-dynload/ /usr/local/lib/python2.7/site-packages/twisted/python # Remove ldconfig since we don't need it anymore rm -rf /var/kippo/sbin # Start Kippo chroot -ukippo -gkippo /var/kippo ./start.sh |
brand new install of openBSD 5.5 on ramnode.
I step outside these steps above was to add
“export PKG_PATH=ftp://openbsd.cs.toronto.edu/pub/OpenBSD/5.5/packages/
machine -a
/” to my .profile.Fails to start:
http://pastiebin.com/538cbc0a49ab3
Any suggestions?
Oh, you probably don’t have any /dev/?random devices in your chroot.
try this dry run.
cp -R /dev/MAKEDEV /var/kippo/dev
chroot /var/kippo
cd /dev
./MAKEDEV *random std
rm MAKEDEV
exit
If this works I will have to modify the guide since I must have missed to document to chroot when creating devices.
// Johan
Hi Johan,
I think you’re close…
cp -R /dev/MAKEDEV /var/kippo/dev
# chroot /var/kippo
chroot: /bin/ksh: No such file or directory
# whereis chroot
/usr/sbin/chroot
chroot -ukippo -gkippo /var/kippo ./start.sh
found this error :
Failed to load application: No secure random source available