蜜罐与内网安全从0到1(五)
字数 1400
更新时间 2026-02-06 14:35:03
MHN蜜罐与内网安全部署指南
一、MHN安装疑难解决
1. 安装报错:xz compression not available
错误信息:
Error: xz compression not available
解决方法:
rm -rf /var/cache/yum/x86_64/6/epel
yum remove epel-release
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
2. Honeymap进程错误
错误信息:
honeymap FATAL can't find command '/opt/honeymap/server/server'
原因分析:
安装honeymap过程中缺少go语言依赖包golang.org/x/net/websocket
解决方法:
git clone https://github.com/golang/net.git net
cd /usr/local/go/src/
mkdir golang.org
cd golang.org
mkdir x
mv net /usr/local/go/src/golang.org/x/
3. 单独安装python-pip-7.1.0
wget ftp://fr2.rpmfind.net/linux/epel/6/i386/python-pip-7.1.0-1.el6.noarch.rpm
rpm -ivh python-pip-7.1.0-1.el6.noarch.rpm
4. Kippo节点安装错误
错误信息:
iptables v1.4.7: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
解决方法:
vim /etc/modprobe.d/nf_conntrack.conf
修改内容:
options nf_conntrack hashsize=131072
service ufw restart
5. MHN Server地图链接404错误
解决方法:
编辑/opt/mhnserver/server/config.py
修改HONEYMAP_URL配置:
HONEYMAP_URL = 'http://10.0.0.1:3000'
重启服务:
supervisorctl restart mhn-uwsgi
6. Supervisor进程错误
错误信息:
mhn-celery-worker FATAL Exited too quickly (process log may have details)
排查步骤:
cd /var/log/mhn/
tail -f mhn-celery-worker.err
错误内容:
IOError: [Errno 13] Permission denied: '/opt/mhnserver/server/y'
解决方法:
- 修改
/opt/mhnserver/server/config.py中的日志文件路径:
LOG_FILE_PATH = '/var/log/mhn/mhn.log'
- 修改文件权限:
chown nginx.nginx /var/log/mhn/mhn.log
二、MHN Server核心组件说明
1. Web服务框架
- 主文件:
/opt/mhnserver/server/mhn.py - 运行方式:
/opt/mhnserver/env/bin/python2.7 mhn.py - 框架:Flask
2. 必要Python模块安装
pip install sqlalchemy
pip install flask-sqlalchemy
pip install flask-security
pip install celery
pip install xmltodict
3. Nginx配置
- 配置文件目录:
/etc/nginx/conf.d/default.conf - 主配置文件:
/etc/nginx/nginx.conf - 配置方法:在nginx.conf中包含default.conf
4. 数据库配置
- MongoDB数据目录:
/data/db
三、蜜罐节点配置说明
1. Kippo蜜罐节点
- 安装目录:
/opt/kippo - 配置文件:
/opt/kippo/kippo.cfg - 启动命令:
/usr/bin/python /usr/bin/twistd -n -y kippo.tac -l log/kippo.log --pidfile kippo.pid
2. Dionaea蜜罐节点
- 配置文件:
/etc/dionaea/dionaea.conf
3. Glastopf蜜罐节点
- 安装目录:
/opt/Glastopf - 配置文件:
/opt/Glastopf/Glastopf.cfg - 启动命令:
/usr/bin/python /usr/local/bin/glastopf-runner
四、MHN安全配置
1. MongoDB权限加固
步骤1:启用认证
编辑/etc/mongod.conf文件:
auth=True
步骤2:创建管理员用户
use admin
db.createUser({
user: "admin",
pwd: "goodluckxxx@@111",
roles: [{role: "userAdminAnyDatabase", db: "admin"}]
})
步骤3:授予读写权限
use admin
db.grantRolesToUser("admin", ["readWrite"])
步骤4:授予特定数据库权限
use admin
db.grantRolesToUser("admin", [{role: "readWrite", db: "hpfeeds"}])
db.grantRolesToUser("admin", [{role: "readWrite", db: "mnemosyne"}])
步骤5:重启MongoDB服务
/usr/bin/mongod -f /etc/mongod.conf --auth
五、Splunk配置说明
1. 服务端口配置
- Splunk启动端口:18090
- Splunk Web访问端口:8000
- Splunkforwarder Web端口:8088
2. 安装目录
- Splunk主目录:
/opt/splunk/bin - Splunkforwarder主目录:
/opt/splunkforwarder/bin/
3. 磁盘空间错误处理
错误信息:
Disk Monitor: Cannot write data to index path '/opt/splunk/var/lib/splunk/audit/db' because you are low on disk space on partition '/'. Indexing has been paused. Free disk space above 5000MB to resume indexing.
解决方法:
将索引目录修改到空间充足的路径(如/letv/)
六、注意事项
- 安装过程中遇到的错误可能与具体系统环境相关,上述解决方案需根据实际情况调整
- 所有路径和IP地址需要根据实际部署环境进行相应修改
- 安全配置部分应结合实际安全需求进行定制化调整
- 定期检查日志文件,及时发现和处理异常情况