******************************************************************* Debian 3.1 modified Xen Image with Honeytrap 0.6.5 by Alexandros Manakos HOWTO Install Image: Use with eisXen (easiest way): # wget template to /data/xen/templates # Create a new virtual machine with eisXen setup. ## eisXen: http://www.eisxen.org Manually with Xen 3.0.4 (Debian): * mkdir /etc/xen/templates * mkdir /etc/xen/images # download image to /etc/xen/templates * cd /etc/xen/images * dd if=/dev/zero of=/etc/xen/images/honeytrap.img bs=1024k count=2000 * dd if=/dev/zero of=/etc/xen/images/honeytrap.swap bs=1024k count=500 * mkfs.ext3 /etc/xen/images/honeytrap.img ## /etc/xen/images/honeytrap.img is not a block special device. ## Proceed anyway? (y,n) <-- y * mkswap /etc/xen/images/honeytrap.swap * mount -o loop /etc/xen/images/honeytrap.img /mnt * cd /mnt * tar xzvf /etc/xen/templates/honeytrap-domU.tar.gz . * chroot /mnt * passwd * base-config * vi /etc/network/interfaces * vi /etc/resolv.conf * exit * cp /mnt/boot/vmlinuz-2.6.16.33-xenU /boot/ * cd / * umount /mnt * vi /etc/xen/xmhoneytrap ----------------------------------------------------------------- Configure virtual machinefile: # Paste this into the Honeytrap configuration file: # Kernel is needed in dom0 kernel = '/boot/vmlinuz-2.6.16.33-xenU' memory = 64 name = 'Honeytrap' vif = [ '' ] disk =[ 'file:/data/xen/images/honeytrap.img,hda1,w','file:/data/xen/images/honeytrap.swap,hda2,w' ] root = '/dev/hda1 ro' ----------------------------------------------------------------- Start your Honeytrap domU with „xm create -c /etc/xen/xmhoneytrap Build your own domU kernel: You need the included kernel to get the Honeytrap with IPTables and the NFQUEUE modules working. But if you want to run it with your own domU kernel just add the following into the kernel: Networking ---> Networking options ---> [*] Network packet filtering (replaces ipchains) ---> Core Netfilter Configuration ---> (*) Netfilter netlink interface (*) Netfilter NFQUEUE over NFNETLINK interface (*) Netfilter LOG over NFNETLINK interface (M) Netfilter Xtables support (M) MARK target Support (M) NFQUEUE target Support (and other for IPTables needed Modules like state etc.) (M) Netfilter Xtables support Networking ---> Networking options ---> [*] Network packet filtering (replaces ipchains) ---> IP: Netfilter Configuration ---> IP tables support (and other for IPTables needed modules) --------------------- # instruction ## info * command (*) build into the kernel statically. (M) build as a kernel module. Contact: manakos@s3curity.de