本文详细介绍了如何一步步搭建开源蜜罐系统MHN,包括从安装依赖到配置,再到集成Splunk和ELK,以及解决权限问题和安装不同类型的蜜罐。在完成部署后,通过MHN监控和分析了网络攻击情况,展示了攻击源和攻击端口的Top 5,以及蜜罐和传感器的排名。
cd opt
curl -O https://bootstrap.pypa.io/get-pip.py
pip install pyOpenSSL ndg-httpsclient pyasn1
apt-get install git
git clone https://github.com/threatstream/mhn
cd mhn
./install.sh
进入配置
echo ’ MHN Configuration’
MHN Configuration
echo ===========================================================
===========================================================
- python generateconfig.py
Do you wish to run in Debug mode?: y/n y
Superuser email: admin@qq.com
Superuser password: admin@2018
Superuser password: (again):
Server base url [“http://95.179.164.233“]:
两个ssl选no
Use TLS for email?: y/n n
Use SSL for email?: y/n n
其他的默认按下去enter就可以了
询问是否集合splunk
选择是
输入host 127.0.0.1
端口10086
- echo -n ‘Would you like to integrate with Splunk? (y/n) ’
Would you like to integrate with Splunk? (y/n) + read SPLUNK
y
‘[’ y == y -o y == Y ‘]’
echo -n ‘Splunk Forwarder Host: ’
Splunk Forwarder Host: + read SPLUNK_HOST
127.0.0.1
- echo -n ‘Splunk Forwarder Port: ’
Splunk Forwarder Port: + read SPLUNK_PORT
10086
询问是否安装elk
- echo -n ‘Would you like to install ELK? (y/n) ’
Would you like to install ELK? (y/n) + read ELK
选择yes
(我的磁盘是50G,内存2G)
如果出现
./install_elk.sh: line 11: add-apt-repository: command not found
apt-get install software-properties-common
Cd scripts
./install_elk.sh
root@vultr:/opt/mhn/scripts# ./install_elk.sh
中间如果出现选择安装jdk,选择两个yes
最
扫一扫
6138
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
