This is a follow up to my previous post on the initial deployment of TelnetLogger and HoneyNetIPCed. Typically while I do one of these sort of projects I keep notes at each step, things went a bit differently this time. I was quite giddy while initially setting things up so it took me a bit to retrace my steps. So let’s kick things off.
As typical let’s get things updated and downloaded.
sudo apt-get update -y && sudo apt-get upgrade -y
If you don’t have git already installed go ahead and knock that out as well. This will also make you life much easier in the future.
sudo apt-get install git -y
As for the two scripts, which directory you clone them is up to you, but I recommend you clone them into /opt/.
sudo git clone https://github.com/robertdavidgraham/telnetlogger.git
sudo git clone https://github.com/danielmiessler/HoneyCredIPTracker.git
Robert is nice enough to help out some of us newbies on how to get TelNetLogger complied and ready to go. So first thing is to change directories to where TelnetLogger resides. Then as Robert recommends run the following string.
gcc telnetlogger.c -o telnetlogger -lpthread
If this fails on you make sure you have gcc installed.
sudo apt-get install gcc
Once you have gcc and TelnetLogger installed you can go ahead and run TelNetLogger and get the output right on you screen. It will also output the information to ips.txt and passwords.txt. Get things up and running with
Now we can incorporate the bash script from Daniel Meissler. This is a great addition to the whole process because it cleans up the output from TelNetLogger into sorted lists. In my haste I didn’t clone this script directly into the TelNetLogger so I went ahead and edited the script to point to the full file path of the TelNetLogger output. At this point I set up a few cron jobs. Two of them copy the output of TelNetLogger to a archive folder on the same server and the other to run HoneyCredIPTracker.
0 * * * * cp /opt/telnetlogger/ips.txt /telnetlogger_logs/ips-$(date +%Y.%m.%d-%H.%M.%S).txt
0 * * * * cp /opt/telnetlogger/passwords.txt /telnetlogger_logs/passwords-$(date +%Y.%m.%d-%H.%M.%S).txt
0 * * * * ./opt/HoneyCredIPTracker/HoneyCredIPTracker.sh
At this point it is was time to automate the startup of TelNetLogger. This was as simple as adding a entry to rc.local.
sudo vi /etc/rc.local
I like to add a note in rc.local so I don’t forget what it is for, so mine looks like the following.
</pre> #Start telnet logger ./opt/telnetlogger/telnetlogger
So at this point you could restart the server and all the tasks would kick off and you would get an updated ips.txt and passwords.txt file every hour on the hour. In my case I didn’t want to restart the server because I am concerned with maintaining my current uptime. So in order to start the process and keep it running when I close my terminal I disown the process when I start it.
./opt/telnetlogger/telnetlogger & disown
At this point it should all be up and running. You can see the output from my servers at the following links:
Thanks for taking the time to read this and i hope it was helpful. Let me know if there is anything I should do differently.