Saturday, January 24, 2004

Building honeyd

Following isn't really a howto for getting honeyd up and running but it should help. I'm posting it here as I plan on rebuilding my home system and want to keep track of how it did it. I'll blog the process here just in case anyone else wants to follow my breadcrumbs. Please note that setting up urpmi for network downloads, using CPAN, and compiling code are beyond the scope of this document. (Hint: For the external urpmi setup, Google for "easy urpmi" and look for the Penguin Liberation Front!)

The various code packages below are either installed via urpmi (if the package is available) or built from source code. Remember to run "ldconfig" between library installs! The URL's for all of the below was available either in the comments made by "configure" or on the honeyd site itself.

Process:
1) installed byacc, (which is required by flex) (via urpmi)
2) installed flex (which is required by libpcap)
3) installed bison (which is required by libpcap) (via urpmi)
4) installed libpcap (which is required by honeyd)
5) installed libdnet (which is required by honeyd) (see honeyd site)
6) installed libevent (which is required by honeyd) (see honeyd site)
7) installed honeyd
8) added IP address to interface via:
ifconfig eth0:1 192.168.123.10 netmask 255.255.255.255 broadcast 192.168.123.255

9) installed Mail::Sendmail from CPAN (for the smtp.pl script). Please note: had to force the install as it was hanging on a "send" test. (Note:fix later.)
10) installed Net::DNS from CPAN (for the smtp.pl script).
11) installed arpd
12) wrote a simple start-up script consisting of:
#!/bin/sh
killall honeyd
killall arpd
arpd -i eth0:1 192.168.123.10
ifconfig eth0:1 inet 192.168.123.10 netmask 255.255.255.0 broadcast 192.168.123.255
honeyd -l log.honeyd -f honeyd.conf -i eth0:1 192.168.123.10

13) ran ./run-honyd (the start-up script above)


Comments:
1) The libevent site has some links to some other interesting projects.