12 May 2017

Installing conpot on debian Jessie (8) for the lazy:

Prerequisites:
Update your box and sync your clock:
# apt-get update && apt-get upgrade
# apt-get install ntpdate libmysqlclient-dev gcc libpython27-dev

Then do a time update :
# ntpdate -v time.nist.gov

Now install pip :
# wget https://bootstrap.pypa.io/get-pip.py
# python get-pip.py
Then you should get something like this :
root@debian-dev:~# pip -V
pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)

nice. Now on to
Conpot itself:
# pip install conpot
But if you run it it fails with this error:
[...] from bacpypes import LocalDeviceObjectImportError: cannot import name LocalDeviceObject

Awww snap !
That’s because conpot is a bit outdated and looks for a class in the bacpypes package where it used to be several versions ago, but the author moved it. So all your lazy ass has to do is change
IN FILE: /usr/local/lib/python2.7/dist-packages/conpot/protocols/bacnet/bacnet_server.py
Look for: from bacpypes.app import LocalDeviceObject
Change to: from bacpypes.service.device import LocalDeviceObject

And what do you know: magic happens :
# conpot --help
[...]  Version 0.5.1  MushMush Foundation [...]

Now run it test if it actually listens :
# conpot --template default

And Surely enough, it does :
[...]
2017-05-12 16:21:15,204 IPMI BMC initialized.
2017-05-12 16:21:15,204 Conpot IPMI initialized using /usr/lib64/python2.7/site-packages/conpot/templates/default/ipmi/ipmi.xml template
2017-05-12 16:21:15,204 Found and enabled ('ipmi', ) protocol.
2017-05-12 16:21:15,204 No proxy template found. Service will remain unconfigured/stopped.
2017-05-12 16:21:15,204 Modbus server started on: ('0.0.0.0', 502)
2017-05-12 16:21:15,204 S7Comm server started on: ('0.0.0.0', 102)
2017-05-12 16:21:15,205 HTTP server started on: ('0.0.0.0', 80)
2017-05-12 16:21:15,275 SNMP server started on: ('0.0.0.0', 161)
2017-05-12 16:21:15,275 Bacnet server started on: ('0.0.0.0', 47808)
2017-05-12 16:21:15,276 IPMI server started on: ('0.0.0.0', 623)
2017-05-12 16:21:20,206 Privileges dropped, running as "nobody:nogroup"
[...]

Right, so you told python to do it’s thing, and surely it now listens :
root@debian-dev:~# netstat -antlup | grep -i list
tcp        0      0 0.0.0.0:502             0.0.0.0:*               LISTEN      11642/python  
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      403/sshd      
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      667/exim4      
tcp        0      0 0.0.0.0:57657           0.0.0.0:*               LISTEN      386/rpc.statd  
tcp        0      0 0.0.0.0:102             0.0.0.0:*               LISTEN      11642/python  
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      373/rpcbind    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      11642/python  
tcp6       0      0 :::22                   :::*                    LISTEN      403/sshd      
tcp6       0      0 ::1:25                  :::*                    LISTEN      667/exim4      
tcp6       0      0 :::42332                :::*                    LISTEN      386/rpc.statd  
tcp6       0      0 :::111                  :::*                    LISTEN      373/rpcbind     

Mind you, this box be much new, very basic.

Here’s how it looks like from a browser on port 80:
















Such conpot, much http !
Now get configuring. This guide doesn't cover that since it's plainly written here : https://mushorg.github.io/conpot/usage/index.html

Installing conpot on Centos 7 easy for the lazy:

Prerequisites:
First of all, I am talking about a fresh install, so read between the lines if that’s not the case, mkay mkay. Make sure your system is updated and your clock is set properly:
# yum -y update
# yum -y install ntpdate

then ln -sf /usr/share/zoneinfo/[Your_Region]/Your_Capital_City /etc/localtime
For example

# ln -sf /usr/share/zoneinfo/Europe/Bucharest /etc/localtime
Then do a time update :
# ntpdate -v time.nist.gov

Now install pip :
# curl -O https://bootstrap.pypa.io/get-pip.py
# python get-pip.py 
Then you should get something like this :
[root@centos7development ~]# pip -V
pip 9.0.1 from /usr/lib/python2.7/site-packages (python 2.7)

Dependencies:
# yum install mariadb-devel gcc python-devel
nice. Now on to
Conpot itself:
# pip install conpot
But if you run it it fails with this error:
[...] from bacpypes import LocalDeviceObjectImportError: cannot import name LocalDeviceObject

Awww snap !
That’s because conpot is a bit outdated and looks for a class in the bacpypes package where it used to be several versions ago, but the author moved it. So all your lazy ass has to do is change
IN FILE: /usr/lib64/python2.7/site-packages/conpot/protocols/bacnet/bacnet_server.py
Look for: from bacpypes.app import LocalDeviceObject
Change to: from bacpypes.service.device import LocalDeviceObject

And what do you know: magic happens :
# conpot --help
[...]  Version 0.5.1  MushMush Foundation [...]

Now run it test if it actually listens :
# conpot --template default

And Surely enough, it does :
[...]
2017-05-12 16:21:15,204 IPMI BMC initialized.
2017-05-12 16:21:15,204 Conpot IPMI initialized using /usr/lib64/python2.7/site-packages/conpot/templates/default/ipmi/ipmi.xml template
2017-05-12 16:21:15,204 Found and enabled ('ipmi', ) protocol.
2017-05-12 16:21:15,204 No proxy template found. Service will remain unconfigured/stopped.
2017-05-12 16:21:15,204 Modbus server started on: ('0.0.0.0', 502)
2017-05-12 16:21:15,204 S7Comm server started on: ('0.0.0.0', 102)
2017-05-12 16:21:15,205 HTTP server started on: ('0.0.0.0', 80)
2017-05-12 16:21:15,275 SNMP server started on: ('0.0.0.0', 161)
2017-05-12 16:21:15,275 Bacnet server started on: ('0.0.0.0', 47808)
2017-05-12 16:21:15,276 IPMI server started on: ('0.0.0.0', 623)
2017-05-12 16:21:20,206 Privileges dropped, running as "nobody:nobody"
[...]

Right, so you told python to do it’s thing, and surely it now listens :
[root@centos7development ~]# netstat -antlup | grep -i list
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      18362/python    
tcp        0      0 0.0.0.0:502             0.0.0.0:*               LISTEN      18362/python    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      896/sshd        
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      991/master      
tcp        0      0 0.0.0.0:102             0.0.0.0:*               LISTEN      18362/python    
tcp6       0      0 :::22                   :::*                    LISTEN      896/sshd        
tcp6       0      0 ::1:25                  :::*                    LISTEN      991/master        

Mind you, this box be much new, very basic.
Being Centos and all that you need to setup some firewall permissions, but for the sake of argument, and since this is not a "how-to firewalld yourself", I just disabled it :
Here’s how it looks like from a browser on port 80:
















Such conpot, much http !
Now get configuring. This guide doesn't cover that since it's plainly written here : https://mushorg.github.io/conpot/usage/index.html

27 January 2017

Building curl (7.52.1) rpms on CentOS 6 and 7

Greetings,

Let's save you the trouble of trial and error figuring out how to make this thing work in a somewhat elegant manner, by having rpms and being able to up/down-grade at any time, and eventually ending up with something like this:

[root@centos6 build]# curl --version
curl 7.52.1 (x86_64-redhat-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.1e zlib/1.2.3 libssh2/1.4.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets HTTPS-proxy 
[root@centos6 build]# rpm -q curl
curl-7.52.1-1.x86_64
[root@centos6 build]# rpm -q libcurl
libcurl-7.52.1-1.x86_64
[root@centos6 build]# 

First, prepare your environment and sync the clocks. You don't want to know the ammount of wierd errors happening because your clock isn't in sync.

For CentOS 6:
sudo yum -y update && yum -y groupinstall "Development Tools" 
sudo yum -y install groff krb5-devel libidn-devel libssh2-devel nss-devel openldap-devel openssh-clients openssh-server pkgconfig stunnel zlib-devel rpm-build ntpdate perl-Time-HiRes 
sudo ntpdate -v time.nist.gov  

For CentOS 7:

sudo yum -y update
sudo yum group mark-install "Development Tools"
sudo yum group update
sudo yum -y install groff krb5-devel libidn-devel libssh2-devel nss-devel openldap-devel openssh-clients openssh-server pkgconfig stunnel zlib-devel rpm-build ntpdate perl-Time-HiRes perl-Digest-MD5
sudo ntpdate -v time.nist.gov

Now setup the actual build:

sudo adduser build

Login as user "build"

sudo su - build -
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

Now you will need the source package for curl 7.52.1 and this spec file which is "borrowed" and modified from the official centos srpm.

Copy this paste to a file and call it curl.spec, save it in the homedir of user "build" : Curl 7.52.1 spec

Paste this to rpmbuild/SOURCES/curlbuild.h (create it as it does not yet exist) : curlbuild.h

Download the sources :

wget https://curl.haxx.se/download/curl-7.52.1.tar.lzma -O rpmbuild/SOURCES/curl-7.52.1.tar.lzma

Then build :

cd && rpmbuild -ba curl.spec

It should work and the final files are these:

ls rpmbuild/RPMS/x86_64/ -lah
total 1.2M
drwxr-xr-x. 2 build build 4.0K Jan 27 20:33 .
drwxrwxr-x. 3 build build 4.0K Jan 27 20:33 ..
-rw-rw-r--. 1 build build 261K Jan 27 20:33 curl-7.52.1-1.x86_64.rpm
-rw-rw-r--. 1 build build  24K Jan 27 20:33 curl-debuginfo-7.52.1-1.x86_64.rpm
-rw-rw-r--. 1 build build 200K Jan 27 20:33 libcurl-7.52.1-1.x86_64.rpm
-rw-rw-r--. 1 build build 654K Jan 27 20:33 libcurl-devel-7.52.1-1.x86_64.rpm

Now install them :

rpm -Uvh /home/build/rpmbuild/RPMS/x86_64/curl-7.52.1-1.x86_64.rpm /home/build/rpmbuild/RPMS/x86_64/libcurl-7.52.1-1.x86_64.rpm 

Preparing...                ########################################### [100%]
   1:libcurl                ########################################### [ 50%]
   2:curl                   ########################################### [100%]

And you have it :

curl 7.52.1 (x86_64-redhat-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.1e zlib/1.2.3 libssh2/1.4.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets HTTPS-proxy

Yay :D Happy downloading !
Big thanks to whoever maintains hilite.me !