MHN(Modern Honey Network),是一個用於管理和收集蜜罐數據的中心服務器。通過MHN,可以實現快速部署多種類型的蜜罐並且通過web可視化界面顯示蜜罐收集的數據,目前支持的蜜罐類型有捕蠅草(Dionaea), Snort, Cowrie, glastopf等。據官方說法,目前經測試支持部署MHN服務器的系統有Ubuntu 14.04, Ubuntu 16.04, Centos 6.9。
我是這里選擇了ubuntu12.04虛擬機進行部署。
一、安裝
git clone https://github.com/threatstream/mhn.git cd mhn/
執行安裝腳本
sudo ./install.sh
二、配置
安裝過程中按提示進行相關配置
=========================================================== MHN Configuration =========================================================== Do you wish to run in Debug mode?: y/n n Superuser email: name@example.com /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */ Superuser password: Superuser password: (again): Server base url [“http://1.2.3.4″]: http://192.168.5.3 Honeymap url [http://1.2.3.4:3000]: http://192.168.5.3:3000 Mail server address [“localhost”]: Mail server port [25]: Use TLS for email?: y/n y Use SSL for email?: y/n y Mail server username [“”]: Mail server password [“”]: Mail default sender [“”]: Path for log file [“mhn.log”]:
三、啟動
sudo /etc/init.d/nginx status sudo /etc/init.d/supervisor status sudo supervisorctl status
正常情況各服務的狀態如下:
geoloc RUNNING pid 31443, uptime 0:00:12 honeymap RUNNING pid 30826, uptime 0:08:54 hpfeeds-broker RUNNING pid 10089, uptime 0:36:42 mhn-celery-beat RUNNING pid 29909, uptime 0:18:41 mhn-celery-worker RUNNING pid 29910, uptime 0:18:41 mhn-collector RUNNING pid 7872, uptime 0:18:41 mhn-uwsgi RUNNING pid 29911, uptime 0:18:41 mnemosyne RUNNING pid 28173, uptime 0:30:08
但是經常會出現honeymap 與mhn-celery-worker 的狀態為FATAL,解決方法如下
honeymap 異常:
安裝golang,如果apt-get install golang安裝,后面會因為golang版本低而報錯,所以直接下載編譯后的包
wget https://storage.googleapis.com/golang/go1.9.linux-amd64.tar.gz
解壓,然后進行以下配置
export GOROOT=yourpath/go export GOARCH=amd64 export GOOS=linux export GOBIN=$GOROOT/bin/ export GOTOOLS=$GOROOT/pkg/tool/ export PATH=$GOBIN:$GOTOOLS:$PATH
解決honeymap的問題
cd /opt/honeymap/server export GOPATH=/opt/honeymap/server go get github.com/golang/net mkdir -p golang.org/x cp -rf src/github.com/golang/net/ ./golang.org/x/ cp -rf golang.org/ /usr/local/go/src/ go build sudo supervisorctl restart all
mhn-celery-worker的異常
cd /var/log/mhn/ sudo chmod 777 mhn.log sudo supervisorctl start mhn-celery-worker
如果還不行
cd /var/log/mhn/ #查看celery-worker的錯誤日志 tail -f mhn-celery-worker.err 提示的具體錯誤內容如下:worker.err supervisor: couldn't chdir to /root/mhn/server: EACCES supervisor: child process was not spawned chmod 777 -R /root # 改下權限