Simple Pseudo honeypot (Walled Garden)

Continuing on the bind RPZ stuff.  If you need to build a walled garden, Inetsim would be great for that.  It runs fake services and will serve up anything you ask it for.  Great for studying malware.
 
CentOS 7 this time.

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/netwwork-scripts/ifcfg-eth0:0

Edit eth0:0 and change the IP address and iface name.

Install the following:

yum install perl

wget http://search.cpan.org/CPAN/authors/id/R/RH/RHANDOM/Net-Server-2.007.tar.gz && tar -zxf Net-Server-2.007.tar.gz && cd Net-Server-2.007 && perl Makefile.PL && make && make install && cd ..

wget http://search.cpan.org/CPAN/authors/id/N/NL/NLNETLABS/Net-DNS-0.72.tar.gz && tar -zxf Net-DNS-0.72.tar.gz && cd Net-DNS-0.72 && perl Makefile.PL && make && make install && cd ..

wget http://search.cpan.org/CPAN/authors/id/M/MS/MSOUTH/IPC-Shareable-0.61.tar.gz && tar -zxf IPC-Shareable-0.61.tar.gz && cd IPC-Shareable-0.61 && perl Makefile.PL && make && make install && cd ..

wget http://search.cpan.org/CPAN/authors/id/M/MS/MSHELOR/Digest-SHA-5.95.tar.gz && tar zxvf Digest-SHA-5.95.tar.gz && cd Digest-SHA-5.95 && perl Makefile.PL && make && make install && cd ..

wget http://search.cpan.org/CPAN/authors/id/M/MI/MIKEM/Net-SSLeay-1.46.tar.gz && tar zxvf Net-SSLeay-1.46.tar.gz && cd Net-SSLeay && perl Makefile.PL && make && make install

wget http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-1.953.tar.gz && tar -zxf IO-Socket-SSL-1.953.tar.gz && cd IO-Socket-SSL-1.953 && perl Makefile.PL && make && make install && cd ..

cd  /opt && wget http://www.inetsim.org/downloads/inetsim-1.2.5.tar.gz && tar -zxf inetsim-1.2.5.tar.gz && cd inetsim-1.2.5 && groupadd inetsim && sh setup.sh && cd .. && chown -R nobody:inetsim inetsim-1.2.5/

Edit /opt/inetsim-1.2.5/conf/inetsim.conf and comment out services you don’t want to run, change the IP addresses to your virtual eth0:0, and modify the DNS IP midway through the config.

Test run via /opt/inetsim-1.2.5/inetsim with no options.

To run as a daemon, add this script to /etc/init.d/inetsim, then chmod +x /etc/init.d/inetsim && chkconfig inetsim on && service inetsim start

#!/bin/bash
#
# InetSim Init Script
#
# chkconfig: 345 20 80

# Source function library.
. /etc/init.d/functions

INETSIM_HOST=`hostname -a`
INETSIM_DIR=/opt/inetsim-1.2.5
PIDFILE=$INETSIM_DIR/logs/pid
STARTPIDFILE=$INETSIM_DIR/logs/startpid

start() {
        echo -n “Starting InetSim: “
        if [ -f $STARTPIDFILE ]; then
                PID=`cat $STARTPIDFILE`
                echo InetSim already running: $PID
                exit 2;
        elif [ -f $PIDFILE ]; then
                PID=`cat $PIDFILE`
                echo InetSim already running: $PID
                exit 2;
        else
                cd $INETSIM_DIR
                daemon  ./inetsim $OPTIONS &
                RETVAL=$?
                echo
                [ $RETVAL -eq 0 ] && touch /var/lock/subsys/inetsim
                return $RETVAL
        fi

}

stop() {
        echo -n “Shutting down InetSim: “
        echo
        killproc inetsim
        echo
        rm -f /var/lock/subsys/inetsim
        return 0
}

case “$1” in
    start)
        start
        ;;
    stop)
        stop
        ;;
    status)
        status inetsim
        ;;
    restart)
        stop
        start
        ;;
    *)
        echo “Usage:  {start|stop|status|restart}”
        exit 1
        ;;
esac
exit $?