All for Joomla All for Webmasters

Honeypot for SSH – Kojoney Installation and Configuration


In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers.
STEP 1: First we must change the default SSH server port on our server because Kojoney must be run as a default SSH server to capture the Hackers.
# vim /etc/ssh/sshd_config
Change Port 22 to Port 2222
Save and exit the file.
# /etc/init.d/sshd restart or # service sshd restart
Also install required packages,

# yum install gcc python python-devel -y

STEP 2: Download latest version of Kojoney from http://kojoney.sourceforge.net/
# cd /tmp
# wget http://biznetnetworks.dl.sourceforge.net/project/kojoney/kojoney-0.0.4.2.tar.gz
# tar -xvfz kojoney-0.0.4.2.tar.gz
Also I will suggest you to update IP-Country and Geography Countries for better country detection.

# cd  /tmp

# wget http://www.honeynet.ir/software/kojoney-update/TwisteConch-0.6.0.tar.gz

# wget http://www.honeynet.ir/software/kojoney-update/IP-Country-2.27.tar.gz

# wget http://www.honeynet.ir/software/kojoney-update/Geography-Countries-2009041301.tar.gz

# wget http://www.honeynet.ir/software/kojoney-update/kojreport


# /bin/cp -vf /tmp/TwisteConch-0.6.0.tar.gz /tmp/kojoney/libs/

# /bin/cp -vf /tmp/kojreport /tmp/kojoney/reports/

# rm -rfv /tmp/kojoney/reports/ip_country/*

# /bin/cp -vf /tmp/IP-Country-2.27.tar.gz /tmp/kojoney/reports/ip_country/

# /bin/cp -vf /tmp/Geography-Countries-2009041301.tar.gz /tmp/kojoney/reports/ip_country/
STEP 3: Installation of Kojoney Server and start it by,

# cd /tmp/kojoney

# sh INSTALL.sh

# echo “/etc/init.d/kojoney start” >> /etc/rc.local
# /etc/init.d/kojoney start
STEP 4: By default kojoney daemon output will be redirected to the file /var/log/honeypot.log.
# vim /var/log/honeypot.log
Note: Use ‘kojreport‘ and ‘kojreport-filter‘ tools to get some additional details about attackers as follows:

# /usr/share/kojoney/kojreport /var/log/honeypot.log 0 0 1 > /tmp/Attackers.txt

# cat /tmp/ Attackers.txt

STEP 5: If you want to uninstall it,

# cd /tmp/kojoney

# sh UNINSTALL.sh
STEP 6: Final Testing by Connecting to Kojoney SSH server on port 22 by using admin as username and admin as password.
# ssh 127.0.0.1 -p 22 -l admin
You must see the following banner after successful login.
Welcome to Linux webtest 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 i686 i386 GNU/Linux!

 


Like it? Share with your friends!

1 SHARES
0
1 SHARES, 0 points

Honeypot for SSH – Kojoney Installation and Configuration

log in

Become a part of our community!

reset password

Back to
log in
Choose A Format
Personality quiz
Trivia quiz
Poll
Story
List
Meme
Video
Audio
Image