You've already forked ssh-tarpit
56 lines
1.3 KiB
Markdown
56 lines
1.3 KiB
Markdown
# SSH-Tarpit
|
|
|
|
SSH honeypot capable of reading GeoIP databases and to output the informations in a SQLite or MySQL database. It can also be used as a [tarpit](https://nullprogram.com/blog/2019/03/22/) to block hackers for some time.
|
|
|
|
## Deployment
|
|
|
|
### SQLite
|
|
|
|
Change user/pass and port if needed in the docker-compose.yml, create the database file, and then start the container:
|
|
|
|
```bash
|
|
git clone https://git.rznet.fr/razian/ssh-tarpit.git
|
|
cd ssh-tarpit
|
|
vim docker-compose.yml
|
|
touch logs.db
|
|
docker-compose up -d
|
|
```
|
|
|
|
### MySQL
|
|
|
|
Same as SQLite, but using the docker-compose-mysql.yml file:
|
|
|
|
```bash
|
|
git clone https://git.rznet.fr/razian/ssh-tarpit.git
|
|
cd ssh-tarpit
|
|
vim docker-compose-mysql.yml
|
|
docker-compose -f docker-compose-mysql.yml up -d
|
|
```
|
|
|
|
### GeoIP
|
|
|
|
I use [geoipupdate](https://github.com/maxmind/geoipupdate)
|
|
|
|
## Usage
|
|
|
|
```
|
|
Usage of ssh-tarpit:
|
|
--db string
|
|
Path to SQLite database (default "./logs.db")
|
|
--geoip string
|
|
Path to GeoIP databases
|
|
--mysql_db string
|
|
MySQL database (default "sshtarpit")
|
|
--mysql_host string
|
|
MySQL host (default "localhost")
|
|
--mysql_pass string
|
|
MySQL password
|
|
--mysql_port string
|
|
MySQL port (default "3306")
|
|
--mysql_user string
|
|
MySQL username
|
|
--port string
|
|
Port to listen on (default "2222")
|
|
--tarpit
|
|
Tarpit connections (default "false")
|
|
``` |