sjinks/mysql-honeypotd
GitHub: sjinks/mysql-honeypotd
轻量级低交互 MySQL 蜜罐,用 C 语言编写,用于捕获和记录针对 MySQL 服务的未授权访问与爆破尝试。
Stars: 36 | Forks: 15
# mysql-honeypotd
[](https://travis-ci.org/sjinks/mysql-honeypotd)
[](https://scan.coverity.com/projects/14112)
低交互式 MySQL 蜜罐,使用 C 语言编写
## 依赖项
[libev](http://software.schmorp.de/pkg/libev.html)
## 用法
`mysql-honeypotd [options]...`
长选项的必选参数对于短选项也是必选的。
* `-b`, `--address ADDRESS` 绑定的 IP 地址(默认:0.0.0.0)。可以指定多次
* `-p`, `--port PORT` 绑定的端口(默认:3306)
* `-P`, `--pid FILE` PID 文件
* `-n`, `--name NAME` 用于 syslog 的守护进程名称(默认:`mysql-honeypotd`)
* `-u`, `--user USER` 降权并切换到此 `USER`(默认:`daemon` 或 `nobody`)
* `-g`, `----group GROUP` 降权并切换到此 `GROUP`(默认:`daemon` 或 `nogroup`)
* `-c`, `--chroot DIR` chroot() 到指定的 `DIR`
* `-s`, `--setver VER` 将 MySQL 服务器版本设置为 `VER`(默认:5.7.19)
* `-d`, `--delay DELAY` 在每次登录尝试后增加 `DELAY` 秒延迟
* `-f`, `--foreground` 不以守护进程方式运行(如果未指定 PID 文件则强制启用)
* `-x`, `--no-syslog` 仅将错误记录到 stderr;如果未指定 `-f` 则忽略此选项
* `-h`, `--help` 显示此帮助信息并退出
* `-v`, `--version` 输出版本信息并退出
**注意:**
1. `--user`、`--group` 和 `--chroot` 选项仅在以 `root` 用户运行 mysql-honeypotd 时生效
2. PID 文件可以位于 chroot 目录之外
3. 使用 `--name` 和/或 `--group` 时,请确保目标用户能够删除 PID 文件
## 示例输出
```
Oct 20 22:06:45 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4240 to x.x.x.146:3306 (using password: YES)
Oct 20 22:06:45 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4281 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:46 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4570 to x.x.x.146:3306 (using password: YES)
Oct 20 22:06:46 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4644 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:46 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4949 to x.x.x.146:3306 (using password: YES)
Oct 20 22:06:47 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4998 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:47 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:1238 to x.x.x.146:3306 (using password: YES)
Oct 20 22:06:47 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:1264 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:48 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:1537 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:49 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:2370 to x.x.x.135:3306 (using password: YES)
```
标签:Chroot, CISA项目, Cobalt Strike, Daemon, libev, Open Source, Syslog, 低交互蜜罐, 协议分析, 威胁情报, 客户端加密, 客户端加密, 开发者工具, 插件系统, 攻击诱捕, 权限提升, 端口监听, 网络安全, 蜜罐, 规避防御, 证书利用, 隐私保护