I've built a basic kippo Debian package and dropped it into my personal Debian repository, http://debian.mig5.net .

If you're not aware, Kippo is an SSH honeypot written in Python (using Twisted). Read more at http://code.google.com/p/kippo/

It's pretty basic to install by hand, but I wanted to build some systems to install Kippo automatically using Puppet, so I wrote a deb.

Disclaimer!

This is not at all a proper Debian deb package that plays by all the rules you'd expect of a package in the main Debian repositories, and I don't pretend it is. It cuts some corners because it's not trying to meet those standards: it just gets it done.

Maybe down the track when I can bring myself to do things the 'proper' way I'll write a better one. I also don't make any promises that it'll work for you or that I won't break it in the future, but I'll do my best not to, and even apply updates from upstream :)

For now, it Just Works tested on Debian Squeeze on both i386 and amd64 architecture.

Installing

Add this line to /etc/apt/sources.list or /etc/apt/sources.list.d/mig5.list

deb http://debian.mig5.net/debian/ squeeze main

My repo is signed with my GPG public key. To fetch the key:

wget http://debian.mig5.net/key.asc
apt-key add key.asc
apt-get update

Now install Kippo:

apt-get install kippo

Using

The kippo.cfg is dropped into /etc/kippo/. Remember to adjust it to your needs before starting kippo.

A kippo user is added to the system.

To start Kippo after editing the config file to suit, you must edit

/etc/default/kippo

and set START_DAEMON to yes

Then you can run

sudo /etc/init.d/kippo start

as yourself or as root. The necessary steps are taken to ensure the actual honeypot is started as the 'kippo' unprivileged user.

Logs are in /var/log/kippo/ . You'll find the various utils etc in /usr/share/kippo and data that changes (e.g programs downloaded by victims) in /var/lib/kippo/. The utility programs (playlog.py etc) are renamed with kippo prefixes (e.g kippo-playlog) and stored in /usr/bin so that they're on your $PATH.

Anyway, that might be useful to someone else other than me. If you encounter problems installing the package, let me know.

@ TODO

Depend on whatever's needed for the optional XMPP addon stuff. I haven't actually tried that yet (sorry Markus) so I don't know what the dependencies are in Debian: if you do, let me know.

Note that upgrading deliberately doesn't clobber /var/lib/kippo/so your userdb.txt, downloads etc should remain intact.