MHN(Modern Honey Network),是一个用于管理和收集蜜罐数据的中心服务器。通过MHN,可以实现快速部署多种类型的蜜罐并且通过web可视化界面显示蜜罐收集的数据,目前支持的蜜罐类型有捕蝇草(Dionaea), Snort, Cowrie, glastopf等。据官方说法,目前经测试支持部署MHN服务器的系统有Ubuntu 14.04, Ubuntu 16.04, Centos 6.9。
我是这里选择了ubuntu12.04虚拟机进行部署。
一、安装
git clone https://github.com/threatstream/mhn.git cd mhn/
执行安装脚本
sudo ./install.sh
二、配置
安装过程中按提示进行相关配置
=========================================================== MHN Configuration =========================================================== Do you wish to run in Debug mode?: y/n n Superuser email: name@example.com /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */ Superuser password: Superuser password: (again): Server base url [“http://1.2.3.4″]: http://192.168.5.3 Honeymap url [http://1.2.3.4:3000]: http://192.168.5.3:3000 Mail server address [“localhost”]: Mail server port [25]: Use TLS for email?: y/n y Use SSL for email?: y/n y Mail server username [“”]: Mail server password [“”]: Mail default sender [“”]: Path for log file [“mhn.log”]:
三、启动
sudo /etc/init.d/nginx status sudo /etc/init.d/supervisor status sudo supervisorctl status
正常情况各服务的状态如下:
geoloc RUNNING pid 31443, uptime 0:00:12 honeymap RUNNING pid 30826, uptime 0:08:54 hpfeeds-broker RUNNING pid 10089, uptime 0:36:42 mhn-celery-beat RUNNING pid 29909, uptime 0:18:41 mhn-celery-worker RUNNING pid 29910, uptime 0:18:41 mhn-collector RUNNING pid 7872, uptime 0:18:41 mhn-uwsgi RUNNING pid 29911, uptime 0:18:41 mnemosyne RUNNING pid 28173, uptime 0:30:08
但是经常会出现honeymap 与mhn-celery-worker 的状态为FATAL,解决方法如下
honeymap 异常:
安装golang,如果apt-get install golang安装,后面会因为golang版本低而报错,所以直接下载编译后的包
wget https://storage.googleapis.com/golang/go1.9.linux-amd64.tar.gz
解压,然后进行以下配置
export GOROOT=yourpath/go export GOARCH=amd64 export GOOS=linux export GOBIN=$GOROOT/bin/ export GOTOOLS=$GOROOT/pkg/tool/ export PATH=$GOBIN:$GOTOOLS:$PATH
解决honeymap的问题
cd /opt/honeymap/server export GOPATH=/opt/honeymap/server go get github.com/golang/net mkdir -p golang.org/x cp -rf src/github.com/golang/net/ ./golang.org/x/ cp -rf golang.org/ /usr/local/go/src/ go build sudo supervisorctl restart all
mhn-celery-worker的异常
cd /var/log/mhn/ sudo chmod 777 mhn.log sudo supervisorctl start mhn-celery-worker
如果还不行
cd /var/log/mhn/ #查看celery-worker的错误日志 tail -f mhn-celery-worker.err 提示的具体错误内容如下:worker.err supervisor: couldn't chdir to /root/mhn/server: EACCES supervisor: child process was not spawned chmod 777 -R /root # 改下权限