Linux Shell 实现一键部署hfish

CIAS2023-10-12 18:56

hfish前言

HFish是一款社区型免费蜜罐,侧重企业安全场景,从内网失陷检测、外网威胁感知、威胁情报生产三个场景出发,为用户提供可独立操作且实用的功能,通过安全、敏捷、可靠的中低交互蜜罐增加用户在失陷感知和威胁情报领域的能力。

HFish具有超过40种蜜罐环境、提供免费的云蜜网、可高度自定义的蜜饵能力、一键部署、跨平台多架构、国产操作系统和CPU支持、极低的性能要求、邮件/syslog/webhook/企业微信/钉钉/飞书告警等多项特性,帮助用户降低运维成本,提升运营效率。

为什么选择HFish

  • 免费、简单、安全的蜜罐产品

    蜜罐通常被定义为具有轻量级检测能力、低误报率的检测产品,同时它也是企业生产本地威胁情报的优质来源之一。HFish可以帮助中小型企业用户在日常安全运营中进行避免告警洪水、低成本的增加威胁感知和情报生产能力。目前,社区的力量正在不断帮助HFish完善自身,共同探索欺骗防御的最佳实践。

  • 安全、敏捷的威胁感知节点

    HFish被广泛应用于感知办公内网、生产环境、云内网及其他环境失陷主机横向移动、员工账号外泄、扫描和探测行为、私有情报生产甚至内部演练和安全意识培训,HFish的多种告警输出形式与态感、NDR、XDR或日志平台结合,极大拓展检测视野。

HFish架构

HFish采用B/S架构,系统由管理端和节点端组成,管理端用来生成和管理节点端,并接收、分析和展示节点端回传的数据,节点端接受管理端的控制并负责构建蜜罐服务。

在HFish中,管理端 只用于数据的分析和展示节点端 进行虚拟蜜罐 ,最后由蜜罐来承受攻击

hfish download

|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------|
| hfish download | hfish 文档 |
| Linux x64 Windows x64 Docker(Linux x86) | HFish部署方案 |
| Linux x64 Windows x64 Docker(Linux x86) | HFish处置手册 |

一键部署hfish

  • 安装位置/opt/hfish
  • 端口4433,4434
  • 账号:admin 默认密码:HFish2021
bash 复制代码 
vi hfish_install.sh
bash 复制代码 
#!/bin/bash
# -*- coding: utf-8 -*-
# Author: CIASM
# update 2023/10/10
# increase indent:Tab
# decrease indent:Shift+Tab
# install source hfish

<<!
# ubuntu To execute this script 
ln -sf bash /bin/sh
!

HFISH_PREFIX=/opt/hfish

#download hfish
hfish_url=https://hfish.cn-bj.ufileos.com/
hfish_gz=hfish-3.3.4-linux-amd64.tgz

install_basics() {

# Check if the script is being run as root
if [ "$(id -u)" != "0" ]; then
  echo "This script must be run as root."
  exit 1
fi

  # Check the CentOS/Red Hat version
if [[ -f /etc/redhat-release ]]; then
    OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
    VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)

  # Check the oralce Linux version
elif [[ -f /etc/oracle-release ]]; then
    OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
    VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)

  # Check the Rock Linux version
elif [[ -f /etc/rocky-release ]]; then
  OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
  VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
  
  # Check the AlmaLinux version 
elif [[ -f /etc/almalinux-release ]]; then
  OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
  VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)

  # Check the ubuntu version
elif [[ -f /etc/os-release ]]; then
	OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
    VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)

  # Check the suse version
elif [[ -f /etc/SuSE-release ]]; then
    OS=$( cat /etc/*release* | grep "^PRETTY_NAME=" | cut -d'=' -f2- | tr -d '"')
    VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
	
  # Check the Debian version
elif [[ -f /etc/os-release ]]; then
  OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
  VERSION=$(cat /etc/*release* | grep -oE '[0-9]+' | head -n1)
	
  # Check the Fedora version
elif [[ -f /etc/fedora-release ]]; then
  OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
  VERSION=$(cat /etc/*release* | grep -oE '[0-9]+' | head -n1)

else
  echo -e "\033[31mThis script only supports $OS $VERSION...\033[0m"
  exit 1
fi

# Check the hfish version
if [ ! -d ${HFISH_PREFIX} ];then
  echo -e "\033[32m Installing hfish for $OS $VERSION...\033[0m"
  case $VERSION in
 
# CentOS/RedHat/oracle 7 install
    7.?)
	echo Installing basics...
	yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
	yum install -y net-tools wget
	install_centos_hfish
   ;;

# CentOS/RedHat/oracle/RockLinux/AlmaLinux 8 install 
    8.?)
	echo Installing basics...
	yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
	yum install -y net-tools wget
	install_centos_hfish
   ;;

# CentOS/RedHat/oracle/RockLinux/AlmaLinux 9 install
   9.?) 
	echo Installing basics...
	yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
	yum install -y net-tools wget
	install_centos_hfish
   ;;
   
  # ubuntu 20.04 Linux install
   20.04)
	echo Installing basics...
	sudo apt install -y  net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;

 # ubuntu 21 Linux install
   21.04|21.10)
	echo Installing basics...
	sudo apt install -y  net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;

 # ubuntu 22 Linux install
   22.04)
	echo Installing basics...
	sudo apt install -y  net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;
  
  # Debian 10, 11 , 12
  10)
    echo Installing basics...
	sudo apt install -y net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;
   
   11)
	echo Installing basics...
	sudo apt install -y net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;
   
  12)
	echo Installing basics...
	sudo apt install -y net-tools vim wget firewalld
	install_ubuntu_hfish
   ;;
   
   
  # Fedora 31,32,33
  36|37|38)
   	echo Installing basics...
	yum install -y net-tools wget
	install_centos_hfish
   ;;

  # SUSE 12 install
  12.?)
	echo Installing  basics...
	sudo SUSEConnect -p sle-sdk/12.4/x86_64
	zypper in -y net-tools vim wget
	install_suse_hfish
   ;;

  # SUSE 15 install
  15.?)
	echo Installing  basics...
	sudo SUSEConnect -p sle-sdk/15.3/x86_64
	zypper in -y net-tools vim wget
	install_suse_hfish
   ;;
    *)
	
    echo -e "\033[31m Unsupported $OS $VERSION...\033[0m" 
    exit 1
    ;;
esac
	
    echo -e "\033[32m hfish for $OS $VERSION successfully installed...\033[0m"
else
    echo -e "\033[33m hfish for $OS $VERSION already installed...\033[0m"
fi

}

install_centos_hfish() {
echo "install hfish"

#Firewall port development
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
firewall-cmd --zone=public --add-port=4433/tcp --add-port=4434/tcp --permanent && firewall-cmd --reload

echo "system Maximum number of connections"
echo "fs.file-max=65535" >> /etc/sysctl.conf

#download hfish
mkdir -p $HFISH_PREFIX
wget -N -P $HFISH_PREFIX $hfish_url$hfish_gz
 
#decompression hfish
tar -zxf $HFISH_PREFIX/$hfish_gz -C $HFISH_PREFIX

#install hfish
cd $HFISH_PREFIX && sh install.sh

#Deleting an installation package
rm -rf $HFISH_PREFIX/$hfish_gz
}

install_ubuntu_hfish() {
echo "install hfish"
#Firewall port development
sudo systemctl stop apparmor.service && sudo systemctl disable apparmor.service
firewall-cmd --zone=public --add-port=4433/tcp --add-port=4434/tcp --permanent && firewall-cmd --reload

echo "system Maximum number of connections"
echo "fs.file-max=65535" >> /etc/sysctl.conf

#download hfish
mkdir -p $HFISH_PREFIX
wget -N -P $HFISH_PREFIX $hfish_url$hfish_gz
 
#decompression hfish
tar -zxf $HFISH_PREFIX/$hfish_gz -C $HFISH_PREFIX

#install hfish
cd $HFISH_PREFIX && sh install.sh

#Deleting an installation package
rm -rf $HFISH_PREFIX/$hfish_gz
}

install_suse_hfish() {
echo "install hfish"
#Firewall port development
firewall-cmd --zone=public --add-port=4433/tcp --add-port=4434/tcp --permanent && firewall-cmd --reload

echo "system Maximum number of connections"
echo "fs.file-max=65535" >> /etc/sysctl.conf

#download hfish
mkdir -p $HFISH_PREFIX
wget -N -P $HFISH_PREFIX $hfish_url$hfish_gz
 
#decompression hfish
tar -zxf $HFISH_PREFIX/$hfish_gz -C $HFISH_PREFIX

#install hfish
cd $HFISH_PREFIX && sh install.sh

#Deleting an installation package
rm -rf $HFISH_PREFIX/$hfish_gz
}

main (){
	install_basics
}

main

执行安装

bash 复制代码 
sh /hfish_install.sh

登陆web界面

登陆链接:https://[ip]:4433/web/
账号:admin
密码:HFish2021

选择需要的库

设备登录成功

节点添加

客户端安装

Linux节点安装

linux 客户端自启动配置
bash 复制代码 
echo 'sh -c "$(curl -k https://192.168.19.240:4434/tmp/VmthOGFZfoN7.sh)"' >> /etc/rc.local
chmod +x /etc/rc.local
sh -c "$(curl -k https://192.168.19.240:4434/tmp/VmthOGFZfoN7.sh)"

Windows 节点客户端安装,无需配置

Windows,Linux 节点添加成功

大屏显示

相关推荐
陈苏同学3 分钟前
4. 将pycharm本地项目同步到(Linux)服务器上——深度学习·科研实践·从0到1
linux·服务器·ide·人工智能·python·深度学习·pycharm
Ambition_LAO8 分钟前
解决:进入 WSL(Windows Subsystem for Linux)以及将 PyCharm 2024 连接到 WSL
linux·pycharm
Pythonliu725 分钟前
茴香豆 + Qwen-7B-Chat-Int8
linux·运维·服务器
你疯了抱抱我26 分钟前
【RockyLinux 9.4】安装 NVIDIA 驱动,改变分辨率,避坑版本。(CentOS 系列也能用)
linux·运维·centos
追风赶月、26 分钟前
【Linux】进程地址空间(初步了解)
linux
栎栎学编程27 分钟前
Linux中环境变量
linux
我是哈哈hh41 分钟前
专题十_穷举vs暴搜vs深搜vs回溯vs剪枝_二叉树的深度优先搜索_算法专题详细总结
服务器·数据结构·c++·算法·机器学习·深度优先·剪枝
郭二哈44 分钟前
C++——模板进阶、继承
java·服务器·c++
挥剑决浮云 -1 小时前
Linux 之 安装软件、GCC编译器、Linux 操作系统基础
linux·服务器·c语言·c++·经验分享·笔记
立秋67891 小时前
Python的defaultdict详解
服务器·windows·python
热门推荐
01分享几个惊艳的 Three.js 个人站点02【经验分享】Ubuntu22.04安装微信(linux官方版)032024年高教社杯数学建模国赛C题超详细解题思路分析04组基轨迹建模 GBTM的介绍与实现(Stata 或 R)05安卓系列机型永久去除data分区加密 详细步骤解析06【2024数模国赛赛题思路公开】国赛B题思路丨附可运行代码丨无偿自提07CTF网络安全大赛简单的web抓包题目:HEADache08Ubuntu24.04安装中文输入法09【2024高教社杯全国大学生数学建模竞赛】B题 生产过程中的决策问题——解题思路 代码 论文10springer 在线投稿编译踩坑