Skip to content

Instalasi Sensor Dionaea

Jump to bottom
Rahmat Agung Wibowo edited this page Mar 10, 2019 · 1 revision

Setup Sensor Dionaea

git clone https://github.com/DinoTools/dionaea.git
cd  dionaea
sudo apt-get install \
    build-essential \
    cmake \
    check \
    cython3 \
    libcurl4-openssl-dev \
    libemu-dev \
    libev-dev \
    libglib2.0-dev \
    libloudmouth1-dev \
    libnetfilter-queue-dev \
    libnl-3-dev \
    libnl-route-3-dev\
    libpcap-dev \
    libssl-dev \
    libtool \
    libudns-dev \
    python3 \
    python3-dev \
    python3-bson \
    python3-yaml \
    ttf-liberation

$mkdir build
$cd build
$cmake -DCMAKE_INSTALL_PREFIX:PATH=/opt/dionaea ..
$make
$sudo make install

Membuat konfigurasi systemd untuk dionaea sudo nano /etc/systemd/system/dionaea.service Isi dengan konfigurasi berikut.

[Unit]
Description=dionaea

[Service]
ExecStart=/opt/dionaea/bin/dionaea

[Install]
WantedBy=multi-user.target

Lalu jalankan perintah berikut.

sudo systemctl start dionaea
sudo systemctl enable dionaea

Tweaking (Opsional)

Konfigurasi berikut hanya opsional jika ingin membuat sensor honeypot lebih terlihat seperti service production.

  1. Layanan SMB Ubah konfigurasi berikut dengan melakukan uncomment menjadi seperti berikut. sudo nano /opt/dionaea/etc/dionaea/services-enabled/smb.yaml |
- name: smb 
  config: 
 
    ## Generic setting ## 
 
    # 1:"Windows XP Service Pack 0/1", 
    # 2:"Windows XP Service Pack 2", 
    # 3:"Windows XP Service Pack 3", 
    # 4:"Windows 7 Service Pack 1", 
    # 5:"Linux Samba 4.3.11" 
    os_type: 4 
 
     # Additional config 
    primary_domain: Development 
    oem_domain_name: Development 
    server_name: Development-Server 
 
     ## Windows 7 ## 
    native_os: Windows 7 Professional 7600 
    native_lan_manager: Windows 7 Professional 6.1 
    shares: 
      ADMIN$: 
        comment: Remote Admin 
        path: C:\\Windows 
        type: disktree 
      C$: 
        coment: Default Share 
        path: C:\\ 
        type: 
          - disktree 
          - special 
      IPC$: 
        comment: Remote IPC 
        type: ipc 
      Printer: 
        comment: Microsoft XPS Document Writer 
        type: printq 
 
     ## Samba ## 
#    native_os: Windows 6.1 
#    native_lan_manager: Samba 4.3.11 
#    shares: 
#      admin: 
#        comment: Remote Admin 
#        path: \\home\\admin 
#        type: disktree 
#      share: 
#        coment: Default Share 
#        path: \\share 
#        type: disktree 
#      IPC$: 
#        comment: Remote IPC 
#        path: IPC Service 
#        type: ipc 
#      Printer: 
#        comment: Printer Drivers 
#        type: printq
  1. Layanan MS-SQL

Konfigurasi ini agar MSSQL tidak tedeteksi sebagai honeypot saat scanning melalui website. Pada bagian r.VersionToken.TokenType (line 147) ubah 0x00 menjadi 0x001 (atau lainnya,terserah).

sudo nano -c /opt/dionaea/lib/dionaea/python/dionaea/mssql/mssql.py

Lalu, untuk mengaktifkan json logging, copy atau buat symlink file log_json.yaml dari ihandler-available ke ihandler-enabled pada direktori /opt/dionaea/etc/dionaea.

sudo ln -s ../ihandlers-available/log_json.yaml ihandlers-enabled/log_json.yaml

Clone this wiki locally