README - honeypot - A custom version of kippo used for SSH honeypot analysis and reporting.
HTML git clone git://jay.scot/honeypot
DIR Log
DIR Files
DIR Refs
DIR README
---
README (1251B)
---
1
2 __ ___ __ __ ___
3 |__| / \ |\ | |__ \ / |__) / \ |
4 | | \__/ | \| |___ | | \__/ |
5
6
7 ---
8
9
10 This is the source code I used for my honeypot project. A lot of it is
11 hacked together but hopefully someone will find it useful! To get the
12 Ruby scripts to work you will need to install mysql and gruff gems.
13
14
15 $ gem install mysql
16 $ gem install gruff
17
18
19 The script to report an IP address uses PEAR mail but this is actually
20 not needed, I only used it to send mail via gmail. You can simply
21 change this to PHP's mail() function.
22
23
24 > blacklist.rb
25
26 Generates list of IP's that have been carrying out SSH attacks, useful
27 for creating blacklists for IPTables, IOS etc
28
29
30 > report.php
31
32 Gets the IP address from the kippo DB and reports the IP for abuse if
33 certain conditions are met. Then saves the information to a 'report'
34 table for displaying the information at a later date.
35
36
37 > dump.php
38
39 This was used to output the UML blobs in the Kippo DB to a file to be
40 read by ajaxterm.
41
42
43 > current-charts.rb
44
45 Ruby script I used to create the graphs for the front page.
46
47
48 > snippets.php
49
50 This is just wee snippets of code I used through-out my code that
51 I think might be useful to some people :-)