hfish前言
HFish是一款社区型免费蜜罐,侧重企业安全场景,从内网失陷检测、外网威胁感知、威胁情报生产三个场景出发,为用户提供可独立操作且实用的功能,通过安全、敏捷、可靠的中低交互蜜罐增加用户在失陷感知和威胁情报领域的能力。
HFish具有超过40种蜜罐环境、提供免费的云蜜网、可高度自定义的蜜饵能力、一键部署、跨平台多架构、国产操作系统和CPU支持、极低的性能要求、邮件/syslog/webhook/企业微信/钉钉/飞书告警等多项特性,帮助用户降低运维成本,提升运营效率。
为什么选择HFish
-
免费、简单、安全的蜜罐产品
蜜罐通常被定义为具有轻量级检测能力、低误报率的检测产品,同时它也是企业生产本地威胁情报的优质来源之一。HFish可以帮助中小型企业用户在日常安全运营中进行避免告警洪水、低成本的增加威胁感知和情报生产能力。目前,社区的力量正在不断帮助HFish完善自身,共同探索欺骗防御的最佳实践。
-
安全、敏捷的威胁感知节点
HFish被广泛应用于感知办公内网、生产环境、云内网及其他环境失陷主机横向移动、员工账号外泄、扫描和探测行为、私有情报生产甚至内部演练和安全意识培训,HFish的多种告警输出形式与态感、NDR、XDR或日志平台结合,极大拓展检测视野。
HFish架构
HFish采用B/S架构,系统由管理端和节点端组成,管理端用来生成和管理节点端,并接收、分析和展示节点端回传的数据,节点端接受管理端的控制并负责构建蜜罐服务。
在HFish中,管理端只用于数据的分析和展示,节点端进行虚拟蜜罐,最后由蜜罐来承受攻击。
hfish download
| hfish download | hfish 文档 |
| Linux x64 Windows x64 Docker(Linux x86) | HFish部署方案 |
| HFish处置手册 |
一键部署hfish
- 安装位置/opt/hfish
- 端口4433,4434
- 账号:admin 默认密码:HFish2021
vi hfish_install.sh#!/bin/bash
# -*- coding: utf-8 -*-
# Author: CIASM
# update 2023/10/10
# increase indent:Tab
# decrease indent:Shift+Tab
# install source hfish
<<!
# ubuntu To execute this script
ln -sf bash /bin/sh
!
HFISH_PREFIX=/opt/hfish
#download hfish
hfish_url=https://hfish.cn-bj.ufileos.com/
hfish_gz=hfish-3.3.4-linux-amd64.tgz
install_basics() {
# Check if the script is being run as root
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root."
exit 1
fi
# Check the CentOS/Red Hat version
if [[ -f /etc/redhat-release ]]; then
OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
# Check the oralce Linux version
elif [[ -f /etc/oracle-release ]]; then
OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
# Check the Rock Linux version
elif [[ -f /etc/rocky-release ]]; then
OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
# Check the AlmaLinux version
elif [[ -f /etc/almalinux-release ]]; then
OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
# Check the ubuntu version
elif [[ -f /etc/os-release ]]; then
OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
# Check the suse version
elif [[ -f /etc/SuSE-release ]]; then
OS=$( cat /etc/*release* | grep "^PRETTY_NAME=" | cut -d'=' -f2- | tr -d '"')
VERSION=$(cat /etc/*release* | grep -oE '[0-9]+\.[0-9]+' | head -n1)
# Check the Debian version
elif [[ -f /etc/os-release ]]; then
OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
VERSION=$(cat /etc/*release* | grep -oE '[0-9]+' | head -n1)
# Check the Fedora version
elif [[ -f /etc/fedora-release ]]; then
OS=$(cat /etc/*release* | grep "^NAME=" | cut -d'=' -f2- | tr -d '"')
VERSION=$(cat /etc/*release* | grep -oE '[0-9]+' | head -n1)
else
echo -e "\033[31mThis script only supports $OS $VERSION...\033[0m"
exit 1
fi
# Check the hfish version
if [ ! -d ${HFISH_PREFIX} ];then
echo -e "\033[32m Installing hfish for $OS $VERSION...\033[0m"
case $VERSION in
# CentOS/RedHat/oracle 7 install
7.?)
echo Installing basics...
yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y net-tools wget
install_centos_hfish
;;
# CentOS/RedHat/oracle/RockLinux/AlmaLinux 8 install
8.?)
echo Installing basics...
yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
yum install -y net-tools wget
install_centos_hfish
;;
# CentOS/RedHat/oracle/RockLinux/AlmaLinux 9 install
9.?)
echo Installing basics...
yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
yum install -y net-tools wget
install_centos_hfish
;;
# ubuntu 20.04 Linux install
20.04)
echo Installing basics...
sudo apt install -y net-tools vim wget firewalld
install_ubuntu_hfish
;;
# ubuntu 21 Linux install
21.04|21.10)
echo Installing basics...
sudo apt install -y net-tools vim wget firewalld
install_ubuntu_hfish
;;
# ubuntu 22 Linux install
22.04)
echo Installing basics...
sudo apt install -y net-tools vim wget firewalld
install_ubuntu_hfish
;;
# Debian 10, 11 , 12
10)
echo Installing basics...
sudo apt install -y net-tools vim wget firewalld
install_ubuntu_hfish
;;
11)
echo Installing basics...
sudo apt install -y net-tools vim wget firewalld
install_ubuntu_hfish
;;
12)
echo Installing basics...
sudo apt install -y net-tools vim wget firewalld
install_ubuntu_hfish
;;
# Fedora 31,32,33
36|37|38)
echo Installing basics...
yum install -y net-tools wget
install_centos_hfish
;;
# SUSE 12 install
12.?)
echo Installing basics...
sudo SUSEConnect -p sle-sdk/12.4/x86_64
zypper in -y net-tools vim wget
install_suse_hfish
;;
# SUSE 15 install
15.?)
echo Installing basics...
sudo SUSEConnect -p sle-sdk/15.3/x86_64
zypper in -y net-tools vim wget
install_suse_hfish
;;
*)
echo -e "\033[31m Unsupported $OS $VERSION...\033[0m"
exit 1
;;
esac
echo -e "\033[32m hfish for $OS $VERSION successfully installed...\033[0m"
else
echo -e "\033[33m hfish for $OS $VERSION already installed...\033[0m"
fi
}
install_centos_hfish() {
echo "install hfish"
#Firewall port development
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
firewall-cmd --zone=public --add-port=4433/tcp --add-port=4434/tcp --permanent && firewall-cmd --reload
echo "system Maximum number of connections"
echo "fs.file-max=65535" >> /etc/sysctl.conf
#download hfish
mkdir -p $HFISH_PREFIX
wget -N -P $HFISH_PREFIX $hfish_url$hfish_gz
#decompression hfish
tar -zxf $HFISH_PREFIX/$hfish_gz -C $HFISH_PREFIX
#install hfish
cd $HFISH_PREFIX && sh install.sh
#Deleting an installation package
rm -rf $HFISH_PREFIX/$hfish_gz
}
install_ubuntu_hfish() {
echo "install hfish"
#Firewall port development
sudo systemctl stop apparmor.service && sudo systemctl disable apparmor.service
firewall-cmd --zone=public --add-port=4433/tcp --add-port=4434/tcp --permanent && firewall-cmd --reload
echo "system Maximum number of connections"
echo "fs.file-max=65535" >> /etc/sysctl.conf
#download hfish
mkdir -p $HFISH_PREFIX
wget -N -P $HFISH_PREFIX $hfish_url$hfish_gz
#decompression hfish
tar -zxf $HFISH_PREFIX/$hfish_gz -C $HFISH_PREFIX
#install hfish
cd $HFISH_PREFIX && sh install.sh
#Deleting an installation package
rm -rf $HFISH_PREFIX/$hfish_gz
}
install_suse_hfish() {
echo "install hfish"
#Firewall port development
firewall-cmd --zone=public --add-port=4433/tcp --add-port=4434/tcp --permanent && firewall-cmd --reload
echo "system Maximum number of connections"
echo "fs.file-max=65535" >> /etc/sysctl.conf
#download hfish
mkdir -p $HFISH_PREFIX
wget -N -P $HFISH_PREFIX $hfish_url$hfish_gz
#decompression hfish
tar -zxf $HFISH_PREFIX/$hfish_gz -C $HFISH_PREFIX
#install hfish
cd $HFISH_PREFIX && sh install.sh
#Deleting an installation package
rm -rf $HFISH_PREFIX/$hfish_gz
}
main (){
install_basics
}
main执行安装
sh /hfish_install.sh登陆web界面
登陆链接:https://[ip]:4433/web/
账号:admin
密码:HFish2021
选择需要的库
设备登录成功
节点添加
客户端安装
Linux节点安装
linux 客户端自启动配置
echo 'sh -c "$(curl -k https://192.168.19.240:4434/tmp/VmthOGFZfoN7.sh)"' >> /etc/rc.local
chmod +x /etc/rc.local
sh -c "$(curl -k https://192.168.19.240:4434/tmp/VmthOGFZfoN7.sh)"Windows 节点客户端安装,无需配置
Windows,Linux 节点添加成功
大屏显示
