20161219 08:51——09:30
这篇博文记录oneyDrive_3_Royal_Jelly(1)系统应用整体的简介和(2)初期准备或相关具体功能的介绍说明,和(3)基本使用或基础理论。
一、系统应用整体的简介
参考: http://bruteforce.gr/honeydrive-3-royal-jelly-edition.html
HoneyDrive is the premier honeypot Linux distro. It is a virtual
appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It
contains over 10 pre-installed and pre-configured honeypot software
packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots,
Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot,
Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients and more. Additionally it includes many useful pre-configured scripts and
utilities to analyze, visualize and process the data it can capture,
such as Kippo-Graph, Honeyd-Viz, DionaeaFR, an ELK stack and much more. Lastly, almost 90 well-known malware analysis, forensics and network
monitoring related tools are also present in the distribution.
20161219 11:10——12:39
What you need to know (PLEASE READ):
1) HoneyDrive 3 has been created entirely from scratch. It is based
on Xubuntu Desktop 12.04.4 LTS edition and it is distributed as a
standalone OVA file that can be easily imported as a virtual machine
using virtualization software such as VirtualBox and VMware.
2) All the honeypot programs from the previous version
of HoneyDrive are included, while they have also been upgraded to their
latest versions and converted almost entirely to cloned git repos for
easier maintenance and updating. This latter fact on its own could be
considered reason enough to release the new version.
3) Many new honeypot programs have been installed that really make
HoneyDrive 3 “complete” in terms of honeypot technology, plus around
50(!) new security related tools in the fields of malware analysis,
forensics and network monitoring.
4) The main honeypot software packages and BruteForce Lab’s projects
reside in /honeydrive. The rest of the programs reside in /opt. The
location of all software can be found inside the README.txt file on the
desktop.
5) HoneyDrive 3 doesn’t make itself as known to the outside world as
the previous version. There are no descriptive messages and apart from
Kippo-Graph and Honeyd-Viz every other piece of software is not
accessible from the outside (unless if you configure them otherwise, or
even lock down Kippo-Graph and Honeyd-Viz as well).
A note on versioning: previous versions of HoneyDrive started with a
zero (0.1 and 0.2) which seemed confusing to some. I didn’t like it
either and in the end I decided to “renumber” those as versions 1 and 2,
essentially making this new version HoneyDrive 3, .i.e the third
official release.
二、初期准备或相关具体功能的介绍说明
参考:HoneyDrive 3 VMware guide
https://bruteforce.gr/honeydrive-3-vmware-guide.html
Here is a step by step guide for converting the HoneyDrive 3 OVA file to a VMware-compatible virtual machine. The procedure should be the same for all the other VMware products as well (Workstation, ESXi, etc). Instructions:
2.1 HoneyDrive_3在VMware中使用的前期准备工序:
(1).下载OVF Tool (:Download OVF Tool 3.5.2 (needs a free account registration)from: https://my.vmware.com/web/vmware/details?downloadGroup=OVFTOOL352&productId=352
(2). 安装、运行OVF Tool,将OVA格式文件转换为VMX格式,(Convert HoneyDrive OVA to VMX)
(3).将VMX格式文件(Honey)导入到vmware中,通过双击.vmx文件的方式(Import/open the new virtual machine by double clicking the .vmx file.)。
(4).在HoneyDrive virtual machine中的终端界面里卸载VirtualBox Guest Additions(Inside the HoneyDrive virtual machine, open Terminator (on the desktop)
and type the following to uninstall the VirtualBox Guest Additions):
$ sudo aptitude purge -P virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11
$ sudo reboot
(5).Once HoneyDrive is running again, click on “Virtual
Machine” –> “Install VMware Tools” from the menu. This will mount a
virtual disk with VMware Tools. Open Terminator again and type:
$ cp /media/VMware\ Tools/VMwareTools-<version>.tar.gz ~/
$ tar zxvf VMwareTools-<version>.tar.gz
$ cd vmware-tools-distrib
$ sudo ./vmware-install.pl -d
$ sudo reboot
That’s it, enjoy HoneyDrive in VMware!
2.2 工序中,关于在windows中OVF Tool的使用
关于详尽的ovf的信息,参考:https://www.vmware.com/support/developer/ovf/
本次实践中,是在windows的dos终端界面使用的ovf tool。用法如下:
(1)快捷键win+R打开“运行”交互界面输入“cmd”进入dos界面
(2)命令行中输入 D:\software\vm-convert-tool\ovftool.exe --lax -st=ova D:\tmp\HoneyDrive_3_Royal_Jelly.ova D:\tmp2\HoneyDrive_3_Royal_Jelly.vmx,直接回车,即进入格式转换模式。如下图:
备注:(1)关于命令中选项和参数的含义可以通过执行命令 D:\software\vm-convert-tool\ovftool.exe --help来了解。(2)命令中,D:\software\vm-convert-tool\ovftoolD:\tmp是存放HoneyDrive_3_Royal_Jelly.ova的路径, D:\tmp2是新建的空的用于存放转换vmx格式文件的路径。(3)上述命令行之所以要使用绝对路径,是因为该应用没有加入windows的全局环境配置,或说没有加入成功,关于win7中全局环境变量的配置参考如下链接(本次实践中没有配置成功):
OVFTool 4.1 vmdk格式换成OVF格式
http://blog.csdn.net/hanzheng260561728/article/details/51345481
Adding the OVF Tool to your Path Environment Variable
The following instructions are for Windows 7, but the steps are similar on other Windows systems.
Right-click My Computer.
Select Properties.
Select Advanced system settings.
Select Environment Variables.
Highlight (select) the Path variable from the System variable (lower) pane.
Click the Edit button and then type the path to the folder where you installed the OVF Tool (at the end of the existing path).
2.3 工序中,将VMX格式文件导入到vmware中的操作
通过双击HoneyDrive_3_Royal的“.vmx”文件的方式,将HoneyDrive的系统名HoneyDrive_3_Royal导入到vmware的虚拟机列表中,然后在vmware的虚拟机列表中选中该系统名称,单机菜单栏下方的“开启此客户机操作系统”绿色按钮就可以开启该操作系统。即是说,HoneyDrive_3应用套件是预安装在ubuntu操作系统中的,HoneyDrive_3_Royal_Jelly.ova文件是现成的组装好后生成的虚拟机文件(而不是需要先安装ubuntu系统而后手工将套件安装放置到ubuntu中),直接可以使用,只是为了在Vmware中使用所以要将其格式转换为vmx。
