Awesome
mysql-honeypotd
Low interaction MySQL honeypot written in C
Dependencies
Usage
mysql-honeypotd [options]...
Mandatory arguments to long options are mandatory for short options too.
-b
,--address ADDRESS
the IP address to bind to (default: 0.0.0.0). Can be specified several times-p
,--port PORT
the port to bind to (default: 3306)-P
,--pid FILE
the PID file-n
,--name NAME
the name of the daemon for syslog (default:mysql-honeypotd
)-u
,--user USER
drop privileges and switch to thisUSER
(default:daemon
ornobody
)-g
,--group GROUP
drop privileges and switch to thisGROUP
(default:daemon
ornogroup
)-c
,--chroot DIR
chroot() into the specifiedDIR
-s
,--setver VER
set MySQL server version toVER
(default: 5.7.19)-d
,--delay DELAY
AddDELAY
seconds after each login attempt-f
,--foreground
do not daemonize (forced if no PID file specified)-x
,--no-syslog
log errors to stderr only; ignored if-f
is not specified-h
,--help
display this help and exit-v
,--version
output version information and exit
Notes:
--user
,--group
, and--chroot
options are honored only if mysql-honeypotd is run asroot
- PID file can be outside of chroot
- When using
--name
and/or--group
, please make sure that the PID file can be deleted by the target user
Sample output
Oct 20 22:06:45 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4240 to x.x.x.146:3306 (using password: YES)
Oct 20 22:06:45 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4281 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:46 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4570 to x.x.x.146:3306 (using password: YES)
Oct 20 22:06:46 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4644 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:46 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4949 to x.x.x.146:3306 (using password: YES)
Oct 20 22:06:47 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:4998 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:47 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:1238 to x.x.x.146:3306 (using password: YES)
Oct 20 22:06:47 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:1264 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:48 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:1537 to x.x.x.135:3306 (using password: YES)
Oct 20 22:06:49 server mysql-honeypotd[22363]: Access denied for user 'root' from 222.186.61.231:2370 to x.x.x.135:3306 (using password: YES)