How to Install

Before you continue with this HowTo you should be aware that this system is completely FREE and there are NO licence restrictions.

Its free for you to use as you please but there are Terms and conditions you should read. In a nutshell you can use this system to make money for yourself or your clients but you are not to sell my work in any way as a product for your benefit. Also I am not responsible for any damages that you may have.

This HowTo will help you install everything from scratch in the fastest and most secure Linux ever.... Slackware.

If you need any help installing Slackware then this HowTo is not for you and you should go ahead and take a look at the Demo on this site or just download the VM. It requires a fair use of Linux console, nothing fancy but still, there will be no GUI till we reach mikrotik configuration.

If you are switching from easy-to-install Linuxes like CentOS or Ubuntu and are new to Slackware this HowTo might help you:

http://docs.slackware.com/slackware:install

Use the Slackware 13.37 ISO instead of any newer version. Newer versions of Slackware have PHP 5.4 preinstalled. If you feel confident to remove PHP 5.4 and compile 5.3 go ahead but for the sake of this HowTo we need to keep it simple.

I assume you have allready installed a clean Slackware 13.37 Linux box so

lets get started ...

1. Prepare MySQL

 

mysql_install_db
chown -R mysql:mysql /var/lib/mysql
chmod +x /etc/rc.d/rc.mysqld
/etc/rc.d/rc.mysqld start
/usr/bin/mysqladmin -u root password 'yourmysqlrootpassword'
mysql -p <enter your password>
create database radius;
grant all on *.* to 'honeyspot'@'localhost' identified by 'yourhoneyspotmysqlpassword';
flush privileges;
exit

 

2. Prepare Apache+PHP

 

edit /etc/httpd/httpd.conf and uncomment:

Include /etc/httpd/mod_php.conf

also add DirectoryIndex index.php

<IfModule dir_module>
    DirectoryIndex index.html
    DirectoryIndex index.php
</IfModule>


and restart apache

/etc/rc.d/rc.httpd restart



3. Time is VERY important so make sure that ntpdate will correct the time

 I have been using NASA's NTP servers for years.

ntpdate ntp.nasa.gov
echo "ntpdate ntp.nasa.gov" > /etc/cron.hourly/ntptouch
chmod +x /etc/cron.hourly/ntptouch

 

4. Download, install and configure freeRADIUS

 

mkdir /downloads
cd /downloads
wget http://ftp.cc.uoc.gr/mirrors/ftp.freeradius.org/freeradius-server-2.2.0.tar.gz
tar -xpvf freeradius-server-2.2.0.tar.gz
cd freeradius-server-2.2.0
./configure \
  --prefix=/usr/local/radius \
  --disable-static \
  --with-system-libltdl \
  --with-system-libtool
make
make install
/usr/local/radius/etc/raddb/certs/bootstrap
groupadd radius
useradd radius -g radius
cd /usr/local/radius
chown -R radius:radius *

we need to make sure that the RADIUS subtracts the time spent from the available time so we need to configure the stop query to do one more thing for us. so we

nano /usr/local/radius/etc/raddb/sql/mysql/dialup.conf

and add to the accounting_stop_query in line 247 to say from:

AND nasipaddress      = '%{NAS-IP-Address}'"

to:

AND nasipaddress      = '%{NAS-IP-Address}'; \
UPDATE ${authreply_table} SET value = value - '%{Acct-Session-Time}' where username = '%{SQL-User-Name}' and attribute = 'Session-Timeout'"

 

Now everytime the user disconnects his available time will be decreased by his online time.

Next we need to tell RADIUS to use MySQL wherever possible so we need to uncomment "sql" from

nano /usr/local/radius/etc/raddb/sites-available/default

 

in lines : 177,406, 454 and 475.

We will also instruct RADIUS to send a custom message to the Mikrotik Portal when there is no available time for the client. So in the same file we find line 223 and make it look like from :

#       Autz-Type Status-Server {
#
#       }
}

to:

#       Autz-Type Status-Server {
#
#       }
if("%{sql:SELECT value FROM `radreply` WHERE attribute = 'Session-Timeout' AND UserName ='%{SQL-User-Name}'}" == 0){
        update reply {
                reply-message := "Please top up the account\r\n"
        }
      reject
        }
}

 

Since there is some latency between the Mikrotik Portal and the RADIUS processing the message (specially when you use a low end pc or a VM) we need to tell RADIUS to increase the maximum time required to process a message. so we edit

nano /usr/local/radius/etc/raddb/radiusd.conf

and change max_request_time in line 186, from 30 to 300. That should do the trick.
Also in the same file uncomment SQL instances in lines 700 and 712.
Also uncomment the lines for the user and group in lines 167 and 168.

 

now we must put our MySQL credentials for our RADIUS.
If this is a clean install then all we need to change is the username and password.
 
nano /usr/local/radius/etc/raddb/sql.conf
        login = "honeyspot"
        password = "yourhoneyspotmysqlpassword"
 
 
 
 
and give RADIUS our Mikrotik information by editing clients.conf
 
nano /usr/local/radius/etc/raddb/clients.conf
 
and add at the end:

client mikrotik {
       ipaddr = 192.168.2.100
       secret          = mymikrotikpassword
       shortname       = captive portal
}
 
Done!
If you have multiple portals for your RADIUS then now is the time to put them.
 

at this point the server should be able to run even without the SQL schema so go ahead and give it a try by running it :

/usr/local/radius/sbin/radiusd -X

If the server ends its run by saying "Ready to process requests" then Ctrl+C and you are good to go to the next step. If not then you need to doublecheck the configuration.

 

 5. Download and configure the Honeyspot

 
cd /root
wget http://the.packet.gr/uploads/projectfiles/honeyspot/honeyspot-6.0.1.tar.bz2
tar -xpvf honeyspot-6.0.1.tar.bz2
cd honeyspot
mysql -u honeyspot -pyourhoneyspotmysqlpassword radius < honeyspot.sql
mv honeyspot /var/www/htdocs
chown -R apache:apache /var/www/htdocs/
chmod -R 755 /var/www/htdocs/honeyspot/_lib
chmod -R 755 /var/www/htdocs/honeyspot/prod
chmod -R 755 /var/www/htdocs/honeyspot/tmp

 

And that should do the trick.... all you need to do now is configure the DB. If you choose to use a different distro that has a different directory convection you could just change the environment from the DB admin.

Open the DB admin in the following URL from your browser

http://your-honeyspot-ip/honeyspot/prod

 
the default username is admin. You should probably change that  after you login.
 
Edit the connection "honeyspot" and enter your MySQL credentials here. Don't forget to select your radius database from the dropdown menu and click Save.
 
 

6. Configuring MikroTik

 
I assume you have allready installed RouterOS and have basic IP connectivity.
It's easier to use your winbox.exe to configure the rest, so I'll just give you a walkthrough in the menu.
 
First some basic configuration
 
a. Under System configure your identity, Clock and NTP Client
b. Under IP - Services disable all services except winbox
c. Under IP - DNS enter your ISP DNS servers and check Allow Remote Requests
 
Use the basic setup to configure basic Hotspot functionality
 
d. Goto  IP - Hotspot and click Hotspot Setup under the Servers tab:
  1. Use your outside interface as HotSpot Interface (e.g. Mikrotik Wlan interface or ethernet)
  2. Use the local IP of your outside interface along with the prefix for the address(e.g. 192.168.1.1/24)
  3. Use a reasonable address pool of network (e.g. 192.168.1.100-192.168.1.254)
  4. Select your certificate. This is VERY important if you want to use billing in your system.
  5. You don't really need to use an SMTP server so leave it blank
  6. Enter your DNS server. If you don't have a DNS server then just use the IP of the outside interface
 
e. Now do some tweaking to make it work properly
  1. Double click your fresh Hotspot and change the idle-timeout to 2 minutes.This should take care of stale connections.
  2. Change Addresses Per MAC into 1. Means 1 Device per username.
  3. Make a note of the used Profile name and use it in the next step
  4. Under the Server Profiles tab, double click your profile and under the Login tab check MAC, Cookie and HTTPS (If you don't use billing then just click HTTP-CHAP). Also set HTTP Cookie Lifetime to 1d.
  5. Under the RADIUS tab check Use RADIUS and Accounting. Click OK
  6. Under the Service Ports tab now disable all ports.
 
f. Final configuration. Click on the Radius button on the left.
  1. Click the Incoming button and make sure Accept is checked.
  2. Now click on the "plus" sign, check hotspot and add your RADIUS server IP address and secret credentials.
 
 
 
Congradulations! You just configured a Honeyspot.
 
You are ready to start billing your clients
 
 

Previous page: Live Demo
Next page: Download