I have just finished work on the first version of my automatic honeypot setup script. This script will turn a vanilla install of Ubuntu 12.04 into a fully functioning honeypot in under 3 minutes.
I have two main issues that I have encountered when playing around with honeypot software.
Firstly, you often won't find out that there are problems with your
configuration until an attacker hits. And this can sometimes take hours.
Nothing is more frustrating than coming back to a honeypot after a week to find
a log file full of
Access Denied messages.
Secondly, honeypot software is designed with technical users in mind. Installing
Apache Web Server is a matter of
apt-get install apache2, it will start on system start up and come with helpful
defaults. Whereas if you want to install kippo, you
need to check out the subversion repository and it certainly won't set itself up
to run on startup.
This script is my solution to these problems: https://github.com/andrewmichaelsmith/honeypot-setup-script/
Running the script will install the following services:
All of these services will:
- run straight out of the box with no additional configuration
- start on system start up and log to
- have useful and secure defaults
You will be prompted for exactly one piece of information:
- the network interface you want these services to run on
This the first release and testing has been limited to Ubuntu 12.04. This script does all sorts of things as a super user, so please, for now, only run it on a clean install.
Feature requests, bug reports and pull requests are encouraged on the Github.
If you have any other queries, please feel free to contact me.
Here's a video of a 3 minute install: