Submitted by mig5 on
I've built a basic kippo Debian package and dropped it into my personal Debian repository, http://debian.mig5.net .
If you're not aware, Kippo is an SSH honeypot written in Python (using Twisted). Read more at http://code.google.com/p/kippo/
It's pretty basic to install by hand, but I wanted to build some systems to install Kippo automatically using Puppet, so I wrote a deb.
Disclaimer!
This is not at all a proper Debian deb package that plays by all the rules you'd expect of a package in the main Debian repositories, and I don't pretend it is. It cuts some corners because it's not trying to meet those standards: it just gets it done.
Maybe down the track when I can bring myself to do things the 'proper' way I'll write a better one. I also don't make any promises that it'll work for you or that I won't break it in the future, but I'll do my best not to, and even apply updates from upstream :)
For now, it Just Works tested on Debian Squeeze on both i386 and amd64 architecture.
Installing
Add this line to /etc/apt/sources.list or /etc/apt/sources.list.d/mig5.list
deb http://debian.mig5.net/debian/ squeeze main
My repo is signed with my GPG public key. To fetch the key:
wget http://debian.mig5.net/key.asc apt-key add key.asc apt-get update
Now install Kippo:
apt-get install kippo
Using
The kippo.cfg is dropped into /etc/kippo/. Remember to adjust it to your needs before starting kippo.
A kippo user is added to the system.
To start Kippo after editing the config file to suit, you must edit
/etc/default/kippo
and set START_DAEMON to yes
Then you can run
sudo /etc/init.d/kippo start
as yourself or as root. The necessary steps are taken to ensure the actual honeypot is started as the 'kippo' unprivileged user.
Logs are in /var/log/kippo/ . You'll find the various utils etc in /usr/share/kippo and data that changes (e.g programs downloaded by victims) in /var/lib/kippo/. The utility programs (playlog.py etc) are renamed with kippo prefixes (e.g kippo-playlog) and stored in /usr/bin so that they're on your $PATH.
Anyway, that might be useful to someone else other than me. If you encounter problems installing the package, let me know.
@ TODO
Depend on whatever's needed for the optional XMPP addon stuff. I haven't actually tried that yet (sorry Markus) so I don't know what the dependencies are in Debian: if you do, let me know.
Note that upgrading deliberately doesn't clobber /var/lib/kippo/so your userdb.txt, downloads etc should remain intact.