Andy Smith's Blog

Automatic Honeypot Setup Script

I have just finished work on the first version of my automatic honeypot setup script. This script will turn a vanilla install of Ubuntu 12.04 into a fully functioning honeypot in under 3 minutes.

I have two main issues that I have encountered when playing around with honeypot software.

Firstly, you often won't find out that there are problems with your configuration until an attacker hits. And this can sometimes take hours. Nothing is more frustrating than coming back to a honeypot after a week to find a log file full of Access Denied messages.

Secondly, honeypot software is designed with technical users in mind. Installing Apache Web Server is a matter of apt-get install apache2, it will start on system start up and come with helpful defaults. Whereas if you want to install kippo, you need to check out the subversion repository and it certainly won't set itself up to run on startup.

This script is my solution to these problems:

Running the script will install the following services:

All of these services will:

  • run straight out of the box with no additional configuration
  • start on system start up and log to /var/log
  • have useful and secure defaults

You will be prompted for exactly one piece of information:

  • the network interface you want these services to run on

This the first release and testing has been limited to Ubuntu 12.04. This script does all sorts of things as a super user, so please, for now, only run it on a clean install.

Feature requests, bug reports and pull requests are encouraged on the Github.

If you have any other queries, please feel free to contact me.

Here's a video of a 3 minute install:

Comments !