-
Notifications
You must be signed in to change notification settings - Fork 2
/
dshieldwebinstall.sh~
executable file
·217 lines (185 loc) · 6.96 KB
/
dshieldwebinstall.sh~
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
#!/bin/bash
#10 December 2014
# Shell script to install dshield web application honeypot
# Will prompt user for install path and username and password -
# password will be hashed on the end of the script
# Gotta run as sudo
fd=0
if [ ! -t "$fd" ]; then
echo "This script needs to run on an interactive shell."
exit
fi
if [ `whoami` != "root" ]; then
echo "you need to run this script as root (e.g. using 'sudo') "
exit
fi
if [ ! -x /usr/bin/dialog ] ; then
echo "you need to install 'dialog'. Please run 'apt-get dialog' as root."
exit
fi
if [ ! -x /usr/bin/git ] ; then
echo "you need to install 'git'. Please run 'apt-get git' as root."
exit
fi
ask() {
# http://djm.me/ask
while true; do
if [ "${2:-}" = "Y" ]; then
prompt="Y/n"
default=Y
elif [ "${2:-}" = "N" ]; then
prompt="y/N"
default=N
else
prompt="y/n"
default=
fi
# Ask the question
read -p "$1 [$prompt] " REPLY
# Default?
if [ -z "$REPLY" ]; then
REPLY=$default
fi
# Check if the reply is valid
case "$REPLY" in
Y*|y*) return 0 ;;
N*|n*) return 1 ;;
esac
done
}
get_dshieldCreds(){
read "Please enter dshield account username: " duser
read -s -p "Password: " dpassw
echo "[config]" > config.local
echo "username=$duser" >> config.local
echo "hashpassword=$dpassw" >> config.local
}
unzip_tar() {
#wget 'https://webhoneypot.googlecode.com/files/webhoneypot.0.1.r123.tgz'
#tar -xvf webhoneypot.0.1.r123.tgz -C $arg1/
git clone https://github.com/mweeks9989/dshieldwebhoneypot $arg1/
git clone https://github.com/mweeks9989/dshieldwebsignatures $arg1/templates/
}
get_distribution_type() {
local dtype
# Assume unknown
dtype="unknown"
# First test against Fedora / RHEL / CentOS / generic Redhat derivative
if [ -r /etc/rc.d/init.d/functions ]; then
source /etc/rc.d/init.d/functions
[ zz`type -t passed 2>/dev/null` == "zzfunction" ] && dtype="redhat"
# Then test against SUSE (must be after Redhat,
# I've seen rc.status on Ubuntu I think? TODO: Recheck that)
elif [ -r /etc/rc.status ]; then
source /etc/rc.status
[ zz`type -t rc_reset 2>/dev/null` == "zzfunction" ] && dtype="suse"
# Then test against Debian, Ubuntu and friends
elif [ -r /lib/lsb/init-functions ]; then
source /lib/lsb/init-functions
[ zz`type -t log_begin_msg 2>/dev/null` == "zzfunction" ] && dtype="debian"
# Then test against Gentoo
elif [ -r /etc/init.d/functions.sh ]; then
source /etc/init.d/functions.sh
[ zz`type -t ebegin 2>/dev/null` == "zzfunction" ] && dtype="gentoo"
# For Slackware we currently just test if /etc/slackware-version exists
# and isn't empty (TODO: Find a better way :)
elif [ -s /etc/slackware-version ]; then
dtype="slackware"
fi
echo $dtype
}
run_apache() {
if [ "$arg1" != "" ]; then
#echo -n "What port would you like to run Apache2 on?"
#read port
sudo sed '/Listen/a Listen $arg1' /etc/apache2/ports.conf
fi
if [ $apacherunning == "root" ]; then
www-data=$(cat /etc/passwd | grep www-data:/var/www)
if [ $www-data == "" ]; then
sudo useradd -g www-data -s /usr/sbin/nologin -m -d /var/www/
fi
export HTTPD_ENV_NAME="www-data"
fi
apachectl start
sudo /etc/init.d/apache2 reload
#sudo /sbin/service httpd graceful
#apacherunning=$(ps aux | grep apache | wc -l)
if [ $apacherunning -le 1 ]; then
echo "Apache2 not started correctly check environment variables"
echo "apache2 does not appear to have started as a service - you may want to look at some of your settings in your .conf file."
echo "or you're not running debian based OS, which the script should have caught, sorry."
fi
}
echo "Hello,this script will install the dshield honeypot for you."
if ask "Do you have credentials from https://www.dshield.org? (Y/n)" Y; then
get_dshieldCreds
else
echo "OK you will need to get those to provide data to dshield, however you can still use this as a personal honeypot."
fi
if ask "Is this a dedicated server for the webhoneypot(no other web applications)? (Y/n)" Y; then
installdir="/var/www"
else
read -p "OK, what is the name of the virtual host?" host
installdir="/var/www/$host"
fi
read -p "Please specify an installation directory. ($installdir)" dir
if [ $installdir == "" ]; then
dir = "/var/www"
echo "Installing dshield webhoneypot in $installdir"
unzip_tar $installdir
else
if [ -d $installdir ]; then
echo "Installing dshield webhoneypot in $installdir"
unzip_tar $installdir
else
if ask "The directory does not exist would you like to create it? (Y/n)" Y; then
echo "Creating Directory $installdir"
sudo mkdir $installdir
unzip_tar $installdir
else
echo "ok exiting, try again when your ready."
exit 1
fi
fi
fi
echo "Verifying dependencies, commands will be run as sudo."
if [ $(get_distribution_type) == "debian" ]; then
sudo apt-get update
sudo apt-get install apache2 php5 php5-mysql mysql-client mysql-server
elif [ $(get_distribution_type) == "redhat" ]; then
sudo sh -c "yum install httpd httpd-devel mysql mysql-server mysql-devel php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml -y; service mysqld start && mysql_secure_installation && service mysqld restart && service httpd start && chkconfig httpd on && chkconfig mysqld on &&iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /etc/init.d/iptables save"
elif [ $(get_distribution_type) == "suse" ]; then
sudo zypper install apache2 php5 php5-mysql apache2-mod_php5 mysql mysql-client mysql-community-server \
php5-soap php5-mbstring php5-gd php5-mcrypt php5-ldap php5-curl php5-xml php5-soap php5-cli
elif [ $(get_distribution_type) == "gentoo" ]; then
echo "dev-lang/php xml" >> /etc/portage/package.use
emerge -av dev-lang/php
/etc/init.d/apache2 restart
elif [ $(get_distribution_type) == "slackware" ]; then
slackpkg install httpd
httpd -k start
else
if ask "Can't seem to find linux version, would you like to continue with installation?" N; then
break
fi
fi
if [ -d config.local ]; then
sudo mv -f config.local $dir/etc/config.local
fi
#Find out who's running the web app
#mv -f /opt/webhoneypot/html/index.php /var/www/html/index.php
currentuser=$(whoami)
apacherunning=$(ps aux | grep apache | wc -l)
apacheuser=$(ps aux | grep apache | awk '{ print $1 }' | sort | uniq | grep -v root | grep -v $currentuser)
if [ $apacherunning -lt 1 ]; then
run_apache
elif [ "$apacheuser" == "root" ]; then
if ask "You are running apache as root, this is dangerous would you like to run as another user?" Y; then
run_apache
fi
else
echo -n "What port would you like to run Apache2 on?"
read port
run_apache $port
fi