openvz实现的honeypot

Operating System:
•  CentOS 5.4
Partitioning – 100GB hard drive
•  / (system and scripts): 47Gb
•  /vz (OpenVZ hosts): 50GB
IP Configuration
•  eth0: Honeypots 10.0.1.[1-5]/16
•  eth1: Management 10.1.1.[1-5]/16
•  Default Gateway: 10.0.0.2
•  DNS Server: 210.33.88.1
Administrator Account
•  Login: root
•  Password: admin123
OpenVZ Setup
1.  Install OpenVZ:
yum install vzquota vzctl
2.  Download the following OVZ Kernel:
http://download.openvz.org/kernel/branches/rhel5-2.6.18/028stab068.9/ovzkernel-2.6.18-164.15.1.el5.028stab068.9.i686.rpm
3.  Install the OVZ Kernel
rpm –ivh ovzkernel-2.6.18-164.15.1.el5.028stab068.9.i686.rpm
4.  Modify GRUB to make sure to boot the right kernel
OpenVZ Template
1.  Download and copy in /vz/template/cache the template file fedora-12-x86.tar.gz:
http://download.openvz.org/template/precreated/unsupported/fedora-12-x86.tar.gz
To modify OpenVZ Template:
•  Tar zxvf fedora-12-x86.tar.gz
•  Modify filesystem…
•  tar –numeric-owner –zcvf fedora-12-x86.tar.gz
•  Place new file in /vz/template/cache
Sysctl (/etc/sysctl.conf)
•  net.ipv4.ip_forward = 1
•  net.ipv4.conf.default.proxy_arp = 0
•  net.ipv4.conf.default.send_redirects = 1
•  net.ipv4.conf.all.send_redirects = 0
•  net.ipv4.icmp_echo_ignore_broadcasts = 1
•  net.ipv4.conf.default.forwarding = 1
•  kernel.panic = 1
Sebek
1.  Untar archive , run sbk_install.sh and make sure to run it at boot
Sbk_install.sh contains the Sebek Server IP, MAC addresses and source/destination ports.
Scripts
•  revert: Stop, back up and re-create honeypots. Sebek has to be disabled before!
•  traffic_control: Apply traffic limitation on eth0
•  install_ssh_key: Called during the honeypot deployment phase. Install the SSH keys to allow public key
Authentication from the Gateway to the honeypot. Used for the first session only.
o  Copy authorized_keys in the honeypot’s user directory
•  install_banner: Install the SSH banner to the honeypot. Called during the honeypot deployment phase.
o  Copy one of the banner from ./banner directory to /etc/motd of the honeypot. Banner filename is the
honeypot type.
Crontab
## Every hour, update time with collector
0 * * * * /usr/sbin/ntpdate 10.1.0.1 2>&1
Autostart program
# Start Sebek Client
cd /cybercrime/sebek
./sbk_install.sh
# Start Traffic Contr