参考资料
https://github.com/mushorg/glastopf/blob/master/docs/source/installation/installation_ubuntu.rst
指导安装步骤
sudo apt-get update
sudo apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make
sudo apt-get install python-chardet python-requests python-sqlalchemy python-lxml
sudo apt-get install python-beautifulsoup mongodb python-pip python-dev python-setuptools
sudo apt-get install g++ git php5 php5-dev liblapack-dev gfortran libmysqlclient-dev
sudo apt-get install libxml2-dev libxslt-dev
sudo pip install –upgrade distribute

注意：安装php5 和php5-dev 不成功的，改成php php-dev 会自动安装php7 和php7-dev

cd /opt
sudo git clone git://github.com/mushorg/BFR.git
cd BFR
sudo phpize
sudo ./configure –enable-bfr
sudo make && sudo make install

Install and configure the PHP sandbox
这些都没问题一步一步走
root@vultr:/opt/BFR# find / -name “php.ini”
/etc/php/7.2/apache2/php.ini
/etc/php/7.2/cli/php.ini
找到php.ini 文件
/etc/php/7.2/apache2/php.ini
找到bfr.so
root@vultr:/opt/BFR# find / -name “bfr.so”
/usr/lib/php/20170718/bfr.so
/opt/BFR/.libs/bfr.so
/opt/BFR/modules/bfr.so
选择
/usr/lib/php/20170718/bfr.so
在
/etc/php/7.2/apache2/php.ini中增加
zend_extension =/usr/lib/php/20170718/bfr.so

安装glastopf
cd /opt
sudo git clone https://github.com/mushorg/glastopf.git
cd glastopf
sudo python setup.py install

Configuration

Prepare glastopf environment:

cd /opt
sudo mkdir myhoneypot
cd myhoneypot
sudo glastopf-runner

出现下面的图示，表示运行成功

root@vultr:/opt/myhoneypot# sudo glastopf-runner
2018-07-03 12:01:25,810 (glastopf.glastopf) Initializing Glastopf 3.1.3-dev using “/opt/myhoneypot” as work directory.
2018-07-03 12:01:26,187 (glastopf.glastopf) Connecting to main database with: sqlite:///db/glastopf.db
2018-07-03 12:01:26,227 (glastopf.modules.handlers.emulators.dork_list.dork_page_generator) Bootstrapping dork database.
2018-07-03 12:01:29,651 (glastopf.glastopf) Generating initial dork pages - this can take a while.
2018-07-03 12:01:29,756 (glastopf.glastopf) Glastopf started and privileges dropped.

目录包括
root@vultr:/opt/myhoneypot# ls
data db glastopf.cfg log
修改 glastopf.cfg
[webserver] # 这部分是web相关服务
host = 0.0.0.0
port = 80
uid = nobody
gid = nogroup
proxy_enabled = False

[ssl]
enabled = False
certfile =
keyfile =

[logging]
consolelog_enabled = True
filelog_enabled = True
logfile = log/glastopf.log

[dork-db]
enabled = True
pattern = rfi
mnem_service = False

[hpfeed]
“glastopf.cfg” 101L, 1658C 4,1 Top

[logstash] # 支持已logstash形式发送日志到SOC
enabled = False
host = localhost
port = 5659
handler = AMQP/TCP/UDP

[taxii] # 这部分是蜜罐网络相关信息，在这里定义虚假网站的目录，然后设置弱口令账户密码
enabled = False
host = taxiitest.mitre.org
port = 80
inbox_path = /services/inbox/default/
use_https = False
use_auth_basic = False
auth_basic_username = your_username
auth_basic_password = your_password
use_auth_certificate = False
auth_certificate_keyfile = full_path_to_keyfile
auth_certificate_certfile = full_path_to_certfile
include_contact_info = False
contact_name = …
contact_email = …

然后启动
然后就可以看到所有人的访问日志
2018-07-03 12:17:17,889 (glastopf.glastopf) ×.66.×.162 requested GET / on vultr.guest:80
2018-07-03 12:17:18,915 (glastopf.glastopf) ×.66.×.162 requested GET / on vultr.guest:80
2018-07-03 12:17:19,774 (glastopf.glastopf) ×.66.×.162 requested GET /style.css on vultr.guest:80
2018-07-03 12:17:20,637 (glastopf.glastopf) ×.66.×.162 requested GET /favicon.ico on vultr.guest:80

设置一个弱口令 admin admin
攻击者登陆后，就能获取到所有的日志信息