Continuing on the bind RPZ stuff. If you need to build a walled garden, Inetsim would be great for that. It runs fake services and will serve up anything you ask it for. Great for studying malware.
CentOS 7 this time.
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/netwwork-scripts/ifcfg-eth0:0
Edit eth0:0 and change the IP address and iface name.
Install the following:
yum install perl
wget http://search.cpan.org/CPAN/authors/id/R/RH/RHANDOM/Net-Server-2.007.tar.gz && tar -zxf Net-Server-2.007.tar.gz && cd Net-Server-2.007 && perl Makefile.PL && make && make install && cd ..
wget http://search.cpan.org/CPAN/authors/id/N/NL/NLNETLABS/Net-DNS-0.72.tar.gz && tar -zxf Net-DNS-0.72.tar.gz && cd Net-DNS-0.72 && perl Makefile.PL && make && make install && cd ..
wget http://search.cpan.org/CPAN/authors/id/M/MS/MSOUTH/IPC-Shareable-0.61.tar.gz && tar -zxf IPC-Shareable-0.61.tar.gz && cd IPC-Shareable-0.61 && perl Makefile.PL && make && make install && cd ..
wget http://search.cpan.org/CPAN/authors/id/M/MS/MSHELOR/Digest-SHA-5.95.tar.gz && tar zxvf Digest-SHA-5.95.tar.gz && cd Digest-SHA-5.95 && perl Makefile.PL && make && make install && cd ..
wget http://search.cpan.org/CPAN/authors/id/M/MI/MIKEM/Net-SSLeay-1.46.tar.gz && tar zxvf Net-SSLeay-1.46.tar.gz && cd Net-SSLeay && perl Makefile.PL && make && make install
wget http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-1.953.tar.gz && tar -zxf IO-Socket-SSL-1.953.tar.gz && cd IO-Socket-SSL-1.953 && perl Makefile.PL && make && make install && cd ..
cd /opt && wget http://www.inetsim.org/downloads/inetsim-1.2.5.tar.gz && tar -zxf inetsim-1.2.5.tar.gz && cd inetsim-1.2.5 && groupadd inetsim && sh setup.sh && cd .. && chown -R nobody:inetsim inetsim-1.2.5/
Edit /opt/inetsim-1.2.5/conf/inetsim.conf and comment out services you don’t want to run, change the IP addresses to your virtual eth0:0, and modify the DNS IP midway through the config.
Test run via /opt/inetsim-1.2.5/inetsim with no options.
To run as a daemon, add this script to /etc/init.d/inetsim, then chmod +x /etc/init.d/inetsim && chkconfig inetsim on && service inetsim start
#!/bin/bash
#
# InetSim Init Script
#
# chkconfig: 345 20 80
# Source function library.
. /etc/init.d/functions
INETSIM_HOST=`hostname -a`
INETSIM_DIR=/opt/inetsim-1.2.5
PIDFILE=$INETSIM_DIR/logs/pid
STARTPIDFILE=$INETSIM_DIR/logs/startpid
start() {
echo -n “Starting InetSim: “
if [ -f $STARTPIDFILE ]; then
PID=`cat $STARTPIDFILE`
echo InetSim already running: $PID
exit 2;
elif [ -f $PIDFILE ]; then
PID=`cat $PIDFILE`
echo InetSim already running: $PID
exit 2;
else
cd $INETSIM_DIR
daemon ./inetsim $OPTIONS &
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/inetsim
return $RETVAL
fi
}
stop() {
echo -n “Shutting down InetSim: “
echo
killproc inetsim
echo
rm -f /var/lock/subsys/inetsim
return 0
}
case “$1” in
start)
start
;;
stop)
stop
;;
status)
status inetsim
;;
restart)
stop
start
;;
*)
echo “Usage: {start|stop|status|restart}”
exit 1
;;
esac
exit $?
0 Comments