Tag Archives: openvz

Honeypot after 1 week hosted..

So, I spend my holiday installing & configuring honeypot at my new vps.
I managed to installed Dionaea, Kippo, p0f (still has error permission denied T__T) & thug.
And for the interfaces, I install DionaeaFR and Kippo-Graph on my honeypot.

Currently I still on research for smtp honeypot. If you have 1, please do suggest to me. 🙂

 Dionaea. 4 unique URL for malware download. 9 malware binaries captured.

Kippo. Total login attempts : 7478. Distinct source IP addresses : 19

Script to install Thug honeypot on Ubuntu 12.04

Thug is a Python low-interaction honeyclient aimed at mimicking the behaviour of a web browser in order to detect and emulate malicious contents. It based on Python + V8 JS engine. You can go to the website or google to understands more about this awesome application.

So, here I share to you a script that automate the building and compiling Thug honeypot + V8 on Ubuntu machine:

#!/bin/bash

#Install some dependencies for the building process
sudo apt-get install -y autoconf build-essential git-core scons subversion libboost-dev libboost-python-dev libboost-thread-dev libboost-system-dev libtool mongodb python-bs4 python-chardet python-cssutils python-dev python-html5lib python-httplib2 python-zope.interface python-pymongo python-pefile python-setuptools

sudo easy_install beautifulsoup4

#Obtaining libemu via Git
cd /tmp/
git clone git://git.carnivore.it/libemu.git

#Configure and install
cd /tmp/libemu/
autoreconf -v -i
./configure –enable-python-bindings –prefix=/opt/libemu
sudo make install
sudo ldconfig -n /opt/libemu/lib

#Obtaining pylibemu via Git
cd /tmp/
git clone https://github.com/buffer/pylibemu.git

#Build and install
cd /tmp/pylibemu/
sudo sh -c “echo /opt/libemu/lib > /etc/ld.so.conf.d/pylibemu.conf”
python setup.py build
sudo python setup.py install

#Obtain the codes via svn and git
cd ~
git clone https://github.com/buffer/thug.git
cd ~/thug/
svn checkout http://v8.googlecode.com/svn/trunk/ v8

#Apply the Thug’s patch for V8
cp patches/V8-patch* .
patch -p0 < V8-patch1.diff
rm V8-patch*

#Build and compile python wrapper for V8. This process will compile the V8 engine at the same time
cd /tmp/
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
export V8_HOME=$HOME/thug/v8
cd pyv8
python setup.py build
sudo python setup.py install

I really appreciate if you can share with me your experience using this software in production/real-life. 🙂 

Error when installing python2.7-dev on Ubuntu 12.04 (OpenVZ)

As the title above, I think you will encounter the same problem when trying to install software on vps that using OpenVZ

I encounter this problem during my honeypot installation on my new vps when I try to install python2.7-dev onto Ubuntu 12.04.

The error shows something like this;

libc6-dev : Depends: libc6 (= 2.15-0ubuntu10.2) but 2.15-0ubuntu10+openvz0 is to be installed
E: Unable to correct problems, you have held broken packages.

To solve it, modify the file at /etc/apt/preferences.d/99ovz-libc-pin

Replace from this line:

libc-bin libc6

become this line;

libc-bin libc6 libc6-dev libc-dev-bin

Save it, update & enjoy. 🙂