README - ssh_honeypot - a custom version of kippo for ssh honeypot analysis and reporting, obsolete. (HTM) git clone git://jay.scot/ssh_honeypot.git (DIR) Log (DIR) Files (DIR) Refs (DIR) README --- README (1097B) --- 1 2 |> ssh_honeypot 3 4 This is the source code I used for my honeypot project. A lot of it is 5 hacked together but hopefully someone will find it useful! To get the 6 Ruby scripts to work you will need to install mysql and gruff gems. 7 8 $ gem install mysql 9 $ gem install gruff 10 11 The script to report an IP address uses PEAR mail but this is actually 12 not needed, I only used it to send mail via gmail. You can 13 simply change this to PHP's mail() function. 14 15 > blacklist.rb 16 17 Generates list of IP's that have been carrying out SSH attacks useful 18 for creating blacklists for IPTables, IOS etc 19 20 > report.php 21 22 Gets the IP address from the kippo DB and reports the IP for abuse if 23 certain conditions are met. Then saves the information to a 'report' 24 table for displaying the information at a later date. 25 26 > dump.php 27 28 This was used to output the UML blobs in the Kippo DB to a file to be 29 read by ajaxterm. 30 31 32 > current-charts.rb 33 34 Ruby script I used to create the graphs for the front page. 35 36 # snippets.php 37 38 This is just wee snippets of code I used through-out my code that 39 I think might be useful to some people :-)