Rough install guide:
sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get autoremove && sudo apt-get autoclean
sudo apt-get install subversion python-twisted-conch
sudo useradd -r -s /bin/false --uid 497 kippo
svn checkout http://kippo.googlecode.com/svn/trunk/ ./kippo
sudo mv kippo/ /opt/
cd /opt/kippo/
cp kippo.cfg.dist kippo.cfg
sudo chown -R kippo:kippo /opt/kippo
Upstart job:
/etc/init/kippo.conf
start on started networking
pre-start script
iptables -N SSH_FAKE || iptables -F SSH_FAKE
iptables -A INPUT -p tcp --dport 2222 -m state --state NEW -j SSH_FAKE
iptables -A SSH_FAKE -m recent --name ssh_attempt --rcheck --seconds 60 --hitcount 3 -j DROP
iptables -A SSH_FAKE -m recent --name ssh_attempt --set
end script
script
exec start-stop-daemon -S -c kippo -d /opt/kippo -x /usr/bin/twistd -- -ny kippo.tac -l log/kippo.log
end script
post-stop script
iptables -D INPUT -p tcp --dport 2222 -m state --state NEW -j SSH_FAKE || true
iptables -F SSH_FAKE && iptables -X SSH_FAKE || true
end script
No comments:
Post a Comment