Linux Shell 实现一键部署hfish

hfish前言

HFish是一款社区型免费蜜罐，侧重企业安全场景，从内网失陷检测、外网威胁感知、威胁情报生产三个场景出发，为用户提供可独立操作且实用的功能，通过安全、敏捷、可靠的中低交互蜜罐增加用户在失陷感知和威胁情报领域的能力。

HFish具有超过40种蜜罐环境、提供免费的云蜜网、可高度自定义的蜜饵能力、一键部署、跨平台多架构、国产操作系统和CPU支持、极低的性能要求、邮件/syslog/webhook/企业微信/钉钉/飞书告警等多项特性，帮助用户降低运维成本，提升运营效率。

为什么选择HFish

• 免费、简单、安全的蜜罐产品

  蜜罐通常被定义为具有轻量级检测能力、低误报率的检测产品，同时它也是企业生产本地威胁情报的优质来源之一。HFish可以帮助中小型企业用户在日常安全运营中进行避免告警洪水、低成本的增加威胁感知和情报生产能力。目前，社区的力量正在不断帮助HFish完善自身，共同探索欺骗防御的最佳实践。

• 安全、敏捷的威胁感知节点

  HFish被广泛应用于感知办公内网、生产环境、云内网及其他环境失陷主机横向移动、员工账号外泄、扫描和探测行为、私有情报生产甚至内部演练和安全意识培训，HFish的多种告警输出形式与态感、NDR、XDR或日志平台结合，极大拓展检测视野。

HFish架构

HFish采用B/S架构，系统由管理端和节点端组成，管理端用来生成和管理节点端，并接收、分析和展示节点端回传的数据，节点端接受管理端的控制并负责构建蜜罐服务。

在HFish中，管理端 只用于数据的分析和展示 ，节点端 进行虚拟蜜罐 ，最后由蜜罐来承受攻击。

hfish download

|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------|
| hfish download | hfish 文档 |
| Linux x64 Windows x64 Docker（Linux x86） | HFish部署方案 |
| Linux x64 Windows x64 Docker（Linux x86） | HFish处置手册 |

一键部署hfish

• 安装位置/opt/hfish
• 端口4433,4434
• 账号：admin 默认密码：HFish2021

vi hfish_install.sh

#!/bin/bash
# -*- coding: utf-8 -*-
# Author: CIASM
# update 2023/10/10
# increase indent：Tab
# decrease indent：Shift+Tab
# install source hfish

<<!
# ubuntu To execute this script 
ln -sf bash /bin/sh
!

HFISH_PREFIX=/opt/hfish

#download hfish
hfish_url=https://hfish.cn-bj.ufileos.com/
hfish_gz=hfish-3.3.4-linux-amd64.tgz

install_basics() {

# Check if the script is being run as root
if [ "$(id -u)" != "0" ]; then
  echo "This script must be run as root."
  exit 1
fi

  # Check the CentOS/Red Hat version
if [[ -f /etc/redhat-release ]]; then
    OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
    VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)

  # Check the oralce Linux version
elif [[ -f /etc/oracle-release ]]; then
    OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
    VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)

  # Check the Rock Linux version
elif [[ -f /etc/rocky-release ]]; then
  OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
  VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
  
  # Check the AlmaLinux version 
elif [[ -f /etc/almalinux-release ]]; then
  OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
  VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)

  # Check the ubuntu version
elif [[ -f /etc/os-release ]]; then
	OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
    VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)

  # Check the suse version
elif [[ -f /etc/SuSE-release ]]; then
    OS=$( cat /etc/*release* | grep "^PRETTY_NAME=" | cut -d'=' -f2- | tr -d '"')
    VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
	
  # Check the Debian version
elif [[ -f /etc/os-release ]]; then
  OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
  VERSION=$(cat /etc/*release* | grep -oE '[0-9]+' | head -n1)
	
  # Check the Fedora version
elif [[ -f /etc/fedora-release ]]; then
  OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
  VERSION=$(cat /etc/*release* | grep -oE '[0-9]+' | head -n1)

else
  echo -e "\033[31mThis script only supports $OS $VERSION...\033[0m"
  exit 1
fi

# Check the hfish version
if [ ! -d ${HFISH_PREFIX} ];then
  echo -e "\033[32m Installing hfish for $OS $VERSION...\033[0m"
  case $VERSION in
 
# CentOS/RedHat/oracle 7 install
    7.?)
	echo Installing basics...
	yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
	yum install -y net-tools wget
	install_centos_hfish
   ;;

# CentOS/RedHat/oracle/RockLinux/AlmaLinux 8 install 
    8.?)
	echo Installing basics...
	yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
	yum install -y net-tools wget
	install_centos_hfish
   ;;

# CentOS/RedHat/oracle/RockLinux/AlmaLinux 9 install
   9.?) 
	echo Installing basics...
	yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
	yum install -y net-tools wget
	install_centos_hfish
   ;;
   
  # ubuntu 20.04 Linux install
   20.04)
	echo Installing basics...
	sudo apt install -y  net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;

 # ubuntu 21 Linux install
   21.04|21.10)
	echo Installing basics...
	sudo apt install -y  net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;

 # ubuntu 22 Linux install
   22.04)
	echo Installing basics...
	sudo apt install -y  net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;
  
  # Debian 10, 11 , 12
  10)
    echo Installing basics...
	sudo apt install -y net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;
   
   11)
	echo Installing basics...
	sudo apt install -y net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;
   
  12)
	echo Installing basics...
	sudo apt install -y net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;
   
   
  # Fedora 31,32,33
  36|37|38)
   	echo Installing basics...
	yum install -y net-tools wget
	install_centos_hfish
   ;;

  # SUSE 12 install
  12.?)
	echo Installing  basics...
	sudo SUSEConnect -p sle-sdk/12.4/x86_64
	zypper in -y net-tools vim wget
	install_suse_hfish
   ;;

  # SUSE 15 install
  15.?)
	echo Installing  basics...
	sudo SUSEConnect -p sle-sdk/15.3/x86_64
	zypper in -y net-tools vim wget
	install_suse_hfish
   ;;
    *)
	
    echo -e "\033[31m Unsupported $OS $VERSION...\033[0m" 
    exit 1
    ;;
esac
	
    echo -e "\033[32m hfish for $OS $VERSION successfully installed...\033[0m"
else
    echo -e "\033[33m hfish for $OS $VERSION already installed...\033[0m"
fi

}

install_centos_hfish() {
echo "install hfish"

#Firewall port development
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
firewall-cmd --zone=public --add-port=4433/tcp --add-port=4434/tcp --permanent && firewall-cmd --reload

echo "system Maximum number of connections"
echo "fs.file-max=65535" >> /etc/sysctl.conf

#download hfish
mkdir -p $HFISH_PREFIX
wget -N -P $HFISH_PREFIX $hfish_url$hfish_gz
 
#decompression hfish
tar -zxf $HFISH_PREFIX/$hfish_gz -C $HFISH_PREFIX

#install hfish
cd $HFISH_PREFIX && sh install.sh

#Deleting an installation package
rm -rf $HFISH_PREFIX/$hfish_gz
}

install_ubuntu_hfish() {
echo "install hfish"
#Firewall port development
sudo systemctl stop apparmor.service && sudo systemctl disable apparmor.service
firewall-cmd --zone=public --add-port=4433/tcp --add-port=4434/tcp --permanent && firewall-cmd --reload

echo "system Maximum number of connections"
echo "fs.file-max=65535" >> /etc/sysctl.conf

#download hfish
mkdir -p $HFISH_PREFIX
wget -N -P $HFISH_PREFIX $hfish_url$hfish_gz
 
#decompression hfish
tar -zxf $HFISH_PREFIX/$hfish_gz -C $HFISH_PREFIX

#install hfish
cd $HFISH_PREFIX && sh install.sh

#Deleting an installation package
rm -rf $HFISH_PREFIX/$hfish_gz
}

install_suse_hfish() {
echo "install hfish"
#Firewall port development
firewall-cmd --zone=public --add-port=4433/tcp --add-port=4434/tcp --permanent && firewall-cmd --reload

echo "system Maximum number of connections"
echo "fs.file-max=65535" >> /etc/sysctl.conf

#download hfish
mkdir -p $HFISH_PREFIX
wget -N -P $HFISH_PREFIX $hfish_url$hfish_gz
 
#decompression hfish
tar -zxf $HFISH_PREFIX/$hfish_gz -C $HFISH_PREFIX

#install hfish
cd $HFISH_PREFIX && sh install.sh

#Deleting an installation package
rm -rf $HFISH_PREFIX/$hfish_gz
}

main (){
	install_basics
}

main

执行安装

sh /hfish_install.sh

登陆web界面

登陆链接：https://[ip]:4433/web/
账号：admin
密码：HFish2021

​

选择需要的库

​

设备登录成功

​

节点添加

​

客户端安装

Linux节点安装

​

linux 客户端自启动配置

echo 'sh -c "$(curl -k https://192.168.19.240:4434/tmp/VmthOGFZfoN7.sh)"' >> /etc/rc.local
chmod +x /etc/rc.local
sh -c "$(curl -k https://192.168.19.240:4434/tmp/VmthOGFZfoN7.sh)"

Windows 节点客户端安装，无需配置

​

​

Windows,Linux 节点添加成功

​

大屏显示

​