71 lines
2.9 KiB
Markdown
71 lines
2.9 KiB
Markdown
# Honeypot Cowrie
|
||
# ssh
|
||
apt install openssh-server
|
||
sudo nano /etc/ssh/sshd_config (ganti port ssh)
|
||
systemctl restart sshd
|
||
# honeypot
|
||
sudo apt update && sudo apt upgrade -y
|
||
sudo apt-get install git python3-virtualenv libssl-dev libffi-dev build-essential libpython3-dev python3-minimal authbind virtualenv
|
||
sudo apt install python3-venv && sudo apt install python-is-python3
|
||
sudo adduser --disabled-password cowrie
|
||
sudo su – cowrie
|
||
git clone http://github.com/cowrie/cowrie
|
||
cd cowrie
|
||
python -m venv cowrie-env
|
||
source cowrie-env/bin/activate
|
||
python -m pip install --upgrade pip & python -m pip install --upgrade -r requirements.txt
|
||
# konfigurasi
|
||
cd /home/cowrie/cowrie/etc
|
||
cp cowrie.cfg.dist cowrie.cfg && cp /cowrie/etc/userdb.example userdb.txt
|
||
nano cowrie.cfg (ganti hostname, tambahkan api telegram dan chat id)
|
||
exit
|
||
sudo apt-get install authbind
|
||
sudo touch /etc/authbind/byport/22
|
||
sudo chown cowrie:cowrie /etc/authbind/byport/22
|
||
sudo chmod 770 /etc/authbind/byport/22
|
||
sudo apt install supervisor -y
|
||
nano /etc/supervisor/conf.d/cowrie.conf
|
||
# Port Knocking
|
||
apt install knockd
|
||
nano /etc/default/knockd (ganti menjadi seperti ini. start knockd=1 knockd_opt"- (interface network)")
|
||
nano /etc/knockd.conf (ganti --dport 22 menjadi port ssh)
|
||
systemctl start knockd && systemctl enable knockd
|
||
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||
sudo iptables -A INPUT -p tcp --dport (port ssh) -j REJECT
|
||
apt install iptables-persistent
|
||
iptables-save -c > /etc/iptables/rules.v4
|
||
# Snort
|
||
mkdir snort && cd snort
|
||
apt install -y gcc libpcre3-dev zlib1g-dev libluajit-5.1-dev libpcap-dev openssl libssl-dev libnghttp2-dev libdumbnet-dev bison flex libdnet autoconf libtool
|
||
wget https://snort.org/downloads/snort/daq-2.0.7.tar.gz
|
||
tar -xvzf daq-2.0.7.tar.gz && cd daq-2.0.7
|
||
autoreconf -f -i
|
||
./configure && make && sudo make install
|
||
apt install snort -y
|
||
sudo nano /etc/snort/snort.conf
|
||
sudo nano /etc/snort/rules/local.rules
|
||
sudo nano /etc/snort/rules/nmap.rules
|
||
sudo nano /etc/snort/snort.debian.conf
|
||
sudo snort -T -c /etc/snort/snort.conf
|
||
# telegram
|
||
Buat bot telegram dengan bot father dan chat bot yang sudah dibuat untuk mendapatkan chat id
|
||
https://api.telegram.org/bot(token bot anda)/getUpdates
|
||
https://api.telegram.org/bot(token bot)/sendMessage?chat_id=(chat id)&text=Coba aja
|
||
# konfigurasi telegram
|
||
git clone https://github.com/gagaltotal/Snort-Bot- Telegram-Shell
|
||
cd Snort-Bot-Telegram-Shell
|
||
chmod 777 bot-tele.sh
|
||
nano bot-tele.sh
|
||
nano src/cowrie/output/telegram.py
|
||
cd /home/(user)/ Snort-Bot-Telegram-Shell
|
||
./bot-tele.sh
|
||
sudo snort -i enp0s3 -c /etc/snort/snort.conf -l /var/log/snort -d -A console > /home/kz/log-tele.txt
|
||
sudo apt install cockpit
|
||
systemctl start cockpit && systemctl enable cockpit
|
||
ufw allow 9090/tcp
|
||
# mikrotik
|
||
konfigurasi awal mikrotik (cari aja di google)
|
||
# open vpn mikrotik
|
||
https://web.tunnel.my.id/
|
||
buat akun dan buat profil vpn
|
||
konfigurasi nat buat port forwarding |