Skip to content
A set of tools for creating a honeypot that alerts in the real world
HTML Other
  1. HTML 99.7%
  2. Other 0.3%
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
img
startupScripts
static
templates
README.md
honeyBot.sql3
honeyBotMon.py
honeyMqtt.py
honeyWeb.py
sampleIptables

README.md

honeyBot

A set of tools for creating a honeypot that alerts in the real world .

Setup

This is designed around a RaspberryPi using a PiRelay Hat to raise a physical alarm. First we will need to make the Pi require ssh keys and log iptables.

vi /etc/sshd_config
#PasswordAuthentication yes
PasswordAuthentication no

Then restart sshd.

sudo service ssh restart

Next install iptables-persistent and modify iptables.

apt-get install iptables-persistent

vi /etc/iptables/rules.v4

Add the line:

-A INPUT -m limit --limit 30/min -j LOG --log-prefix "iptables: "

There is a sample list of rules in the repo called sampleIptables, you could copy that in to place, modifying the 443 line with your subnet.

Modify rsyslog.conf to create a iptables.log

vi /etc/rsyslog.d/10-iptables.conf :msg,contains,"iptables: " /var/log/iptables.log

Restart rsyslog .

Install a lot of prereqs:

apt-get install python3-rpi.gpio \
 daemonize mosquitto \
 mosquitto-clients

pip3 paho-mqtt flask maxminddb-geolite2l \
  geopandas pyshp shapely \
  plotly  psutil

Copy the files from the repo in to /var/honeyBoy. Then move the startup scripts in to place and start

cp startupScripts/*.service /lib/systemd/system
systemctl enable honeyBotMon.service
systemctl enable honeyMqtt.service
systemctl enable honeyWeb.service

Modular

You can deploy this on multiple systems as it was desinged to be modular.

honeyBotMon.py

usage: honeyBotMon.py [-h] [--pid] [--server SERVER] [--log] [--relay RELAY]
                      [--delay DELAY]

HoneyBot Log Monitor

optional arguments:
  -h, --help       show this help message and exit
  --pid            Create a pid file in /var/run/honeyBotMon.pid
  --server SERVER  Server to send alerts to, default 127.0.0.1
  --log            Create a log file in /var/log/honeyBotMon.log
  --relay RELAY    Which relay to activate, default 1
  --delay DELAY    Number of seconds to wait between readings, default 1

honeyMqtt.py

usage: honeyMqtt.py [-h] [--pid] [--dbPath DBPATH]

HoneyMQTT Event Monitor

optional arguments:
  -h, --help       show this help message and exit
  --pid            Create a pid file in /var/run/honeyMqtt.pid
  --dbPath DBPATH  Create a sqlite db file in specified path, defaults to
                   /var/honeyBot

honeyWeb.py

usage: honeyBotMon.py [-h] [--pid] [--server SERVER] [--log] [--relay RELAY]
                      [--delay DELAY]

HoneyBot Log Monitor Web Front End

optional arguments:
  -h, --help       show this help message and exit
  --pid            Create a pid file in /var/run/honeyBotMon.pid
  --server SERVER  Server to send alerts to, default 127.0.0.1
  --log            Create a log file in /var/log/honeyBotMon.log
  --relay RELAY    Which relay to activate, default 1
  --delay DELAY    Number of seconds to wait between readings, default 1

Parts

I used a regular RPi and a Pi Relay Hat from Amazon: https://www.amazon.com/Raspberry-Pi-Expansion-Module-XYGStudy/dp/B01G05KLIE/

You can’t perform that action at this time.