This is an Ansible playbook to install Kippo on Debian hosts.
The playbook will setup a node as a database server for Kippo hosts to log incoming attacks and will also setup multiple Kippo hosts.
Process:
- setup a database server so all kippo hosts log to that server
- create a
kippouseraccount to run kippo - download the latest Kippo version from a git repo (desaster's by default)
- configure Kippo
- change sshd port to 22422 (it's a variable, so it's easy to change)
- add an iptable rule to forward traffic from port 2222 to 22
- run kippo
This is a very basic skeleton, feel free to mess around with it. I've only tested it with Debian Wheezy and it seems to work. Keep in mind this is a proof of concept playbook, so some stuff could be improved (e.g. mysql security).
Edit the vars db_host and db_password in group_vars/all to reflect your
setup and run the playbook.