This morning I cause myself a problem. Annoyingly it was foreseeable and avoidable, this is my excuse (not great, but I’ll stick to it). But as every problem is merely an opportunity in disguise whist I’m re-building systems I might as well document the process. The original InfoSanity guide for installing Kippo was based off of the latest stable version, but I rapidly migrated to the development SVN on learning of the MySQL logging capabilities, so this guide covers that.
As I’m using a Debian system a lot of the system pre-requisites are packaged, this aren’t all needed immediately but we might as well grab them all at once.
apt-get install subversion #for svn
apt-get install python-twisted python-mysqldb # Python and required modules
apt-get install mysql-server #
Basic Kippo setup
Grab Kippo direct from svn, at time of writing I got version 160. (latest instructions):
svn checkout http://kippo.googlecode.com/svn/trunk/ /opt/kippo-svn
Now we can start the honeypot system:
That’s it, all that is required to get the system running. To confirm you can ssh locally with ssh -p2222 firstname.lastname@example.org, unless you’ve jumped ahead and edited the config, password will be 123456.
Log into MySQL via commanline, assuming you’ve not modified the kippo.cfg database directives build the database:
create database kippo;
grant all on kippo.* to ‘kippo’@’localhost’ identified by ‘secret’;
Next edit the kippo.cfg accordingly you database/user/password and uncomment the [database] configuration directives. REMEBER to uncomment ;[database] line not just the parameters, that has now caught me out twice.
Finally, build the database structure with the script that can be found in <kippo>/doc/sql/:
doc/sql/# mysql -ukippo -psecret kippo < mysql.sql
Restart your Kippo process and you should be good; re-test access to the shell and view the database tables to confirm that logs are being written to the database.