README - ssh_honeypot - a custom version of kippo for ssh honeypot analysis and reporting, obsolete.
 (HTM) git clone git://jay.scot/ssh_honeypot.git
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
       ---
       README (1097B)
       ---
            1 
            2 |> ssh_honeypot
            3 
            4 This is the source code I used for my honeypot project. A lot of it is
            5 hacked together but hopefully someone will find it useful! To get the
            6 Ruby scripts to work you will need to install mysql and gruff gems.
            7 
            8         $ gem install mysql
            9         $ gem install gruff
           10 
           11 The script to report an IP address uses PEAR mail but this is actually
           12 not needed, I only used it to send mail via gmail. You can
           13 simply change this to PHP's mail() function.
           14 
           15 > blacklist.rb
           16 
           17 Generates list of IP's that have been carrying out SSH attacks useful
           18 for creating blacklists for IPTables, IOS etc
           19 
           20 > report.php
           21 
           22 Gets the IP address from the kippo DB and reports the IP for abuse if
           23 certain conditions are met. Then saves the information to a 'report'
           24 table for displaying the information at a later date.
           25 
           26 > dump.php
           27 
           28 This was used to output the UML blobs in the Kippo DB to a file to be
           29 read by ajaxterm.
           30 
           31 
           32 > current-charts.rb
           33 
           34 Ruby script I used to create the graphs for the front page.
           35 
           36 # snippets.php
           37 
           38 This is just wee snippets of code I used through-out my code that
           39 I think might be useful to some people :-)