Introduction

This project is about setting up honeypots with Raspberry Pi - a credit card sized ARM Linux box. !!

Raspberry Pi

The Raspberry Pi is a credit sized single board computer developed by Raspberry Pi Foundation. With the initial intention of promoting the teaching of basic computer science in school, this ARM linux box would be one of the good candidates for deploying honeypot sensors. Low cost, low power consumption with headless setup. It could simply turn into a powerful honeypot or attack detector.

Honeeepi

Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.

The first release (v201310) consist of Dionaea honeypot which only operate on Raspberry pi B Model.
The second release (v201501) was pre-installed with several honeypot packages (Dionaea, Kippo, Conpot, Glastopf) and run on both Raspberry pi B and B+ Model.
Third release (v201509) was pre-installed with multiple honeypot packages (Dionaea, Kippo, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 2, B and B+.
Fourth release (v201610) was pre-installed with updated honeypot packages (Dionaea, Cowrie, Conpot, Glastopf)and in additional of classic like honeypot honeyd, amun that run on Raspberry pi 3 model B.

It also run the ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

Download

First version of honeeepi image was release in Oct 2013 (Version 2013.10). (support Raspberry pi b model)
Second version of honeeepi image was release in Jan 2015 (Version 2015.01). (support Raspberry pi b and b+ model)
Third version of honeeepi image was release in Sep 2015 (Version 2015.09). (support Raspberry pi 2, b and b+ model)
Fourth version of honeeepi image was release in Oct 2016 (Version 2016.10). (support Raspberry pi 3 model B)

You can download the latest Honeeepi image from https://sourceforge.net/projects/honeeepi/

Filename: honeeepi-201610.img.7z
MD5 Checksum: 1da9c1752b619a14eb2f13f50ab43337

Filename: honeeepi-201509.img.7z
MD5 Checksum: be8a6d619ef447f40fd79058ba2e2941

What you need to setup Honeeepi

- a Raspberry Pi
- SD card (Minimum 8GB space, 32GB recommended)
- SD card reader
- keyboard and network connectivity (for headless setup)

Simple Installation

You should be able to use the Honeeepi image with headless setup easily. The installation process is similiar to the common raw images (e.g. Raspbian, OpenELEC)

1. Prepare the SD Card

(a) Prior the installation, umount any current mounted SD Card partition (in this case, the SD Card is mounted as /dev/sdb1 and /dev/sdb2)

[email protected]:~/Downloads$ sudo umount /dev/sdb1

[email protected]:~/Downloads$ sudo umount /dev/sdb2

(b) Delete the existing partitions on the SD Card. Also, create single partition for entire SD Card

[email protected]:~/Downloads$ sudo fdisk /dev/sdb

Command (m for help): d
Partition number (1-4): 1

Command (m for help): d
Selected partition 2

Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-60866559, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-60866559, default 60866559):
Using default value 60866559

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

[email protected]:~/Downloads$ sudo fdisk -l /dev/sdb

Disk /dev/sdb: 31.2 GB, 31163678720 bytes
64 heads, 32 sectors/track, 29720 cylinders, total 60866560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00014d34

Device Boot Start End Blocks Id System
/dev/sdb1 2048 60866559 30432256 83 Linux

2. Download the Honeeepi image and unzip it

[email protected]:~/Downloads$ 7z e honeeepi-201501.img.7z

3. Write the Honeeepi image into the SD Card (e.g. using unix tool dd).
[email protected]:~/Downloads$ sudo dd bs=2M if=honeeepi-201501.img of=/dev/sdb

4. Insert the SD Card into the Raspberry Pi. Power it up and connect to the wired network. Honeeepi image is started with 'dhcpd' and 'sshd' as default

5. Once you locate the Honeeepi network address, login to Honeeepi with SSH.

SSH port by default : TCP/9002 (version 2016.10) & TCP/22 (all other versions)

Default login : pi
Password : honeeepi

Useful commands:

(a) raspi-config

This Raspberry Pi Software Configuration tool provides various configuration features.
For example, after the installation, we use it to expand the file system to entire SD Card (32GB space) for Honeeepi usage

(b) apt-get update / apt-get upgrade

all of us should familiar with this ; )

Running honeypots

(Suggested method only. You could run in any other methods of your choice!!)

Conpot

1) Login as pi
2) cd /honeeepi/conpot
3) To start for Siemens S7-200 (start as background)
sudo conpot --template default &

4) start kamstrup_382 (smart meter) (start as background)
sudo conpot --template kamstrup_382 &

(new)
5) start ipmi (start as background)
sudo conpot --template ipmi &

6) start proxy (start as background)
sudo conpot --template proxy &

7) start Guardian AST tank monitoring system
sudo conpot --template guardian_ast &

Dionaea (start as background)

1) Login as pi
2) cd /honeeepi/dionaea-honeypot
3) sudo ./start.sh &
5) To start OS fingerprinting (start as background)
sudo ./start-p0f.sh &

Glastopf (start as background)

1) Login as pi
2) sudo glastopf-runner &

Cowrie

1) Edit your ssh to different port number
2) sudo vi /etc/ssh/sshd_config
Edit SSH port to other port of your choice (make sure use different port from honeypot services) # What ports, IPs and protocols we listen for
Port 22 <-----change port number ensure it does not clashes with other honeypot services
restart SSH
sudo /etc/init.d/ssh restart
3) sudo su cowrie
4) cd /honeeepi/cowrie
5) ./start.sh (script start process as background)

Kippo

1) Edit your ssh to different port number
2) sudo vi /etc/ssh/sshd_config
Edit SSH port to other port of your choice (make sure use different port from honeypot services) # What ports, IPs and protocols we listen for
Port 22 <-----change port number ensure it does not clashes with other honeypot services
restart SSH
sudo /etc/init.d/ssh restart
3) sudo su kippo
4) cd /honeeepi/kippo
5) ./start.sh (script start process as background)

Running Network monitoring

Ntop (Start as background)

1) Login as pi
2) cd /opt/ntop-5.0.1
3) sudo ntop &
4) First time startup will prompt for admin user password
5) go to browser access , http://IP address of honeeepi:3000/

Remote Packet Capture (rpcapd)

1) Login as pi
2) sudo passwd root -> set root password
3) cd /opt/rpcapd
4) sudo start.sh (script start process as background)
5) Configure remote capture using wireshark

Current supported honeypots

- Conpot (http://conpot.org/)
- Dionaea (https://github.com/gento/dionaea, with IoT honeypot feature - Internet of Things)
- Glastopf (http://glastopf.org/)
- Cowrie (https://github.com/micheloosterhof/cowrie)
- Kippo (https://github.com/desaster/kippo)
- honeyd (https://github.com/DataSoft/Honeyd)
- amun (http://amunhoney.sourceforge.net/)

Misc

Other tools
- Snort (https://www.snort.org/)
- ntop (http://www.ntop.org/)
- Remote packet capture (https://github.com/frgtn/rpcapd-linux)

Feel free to contact Honeeepi Dev Team if any feedback