« Previous - Version 18/28 (diff) - Next » - Current version
Lek Christopher, 01/25/2015 05:03 pm


Introduction

This project is about setting up honeypots with Raspberry Pi - a credit card sized ARM Linux box. !!

Raspberry Pi

The Raspberry Pi is a credit sized single board computer developed by Raspberry Pi Foundation. With the initial intention of promoting the teaching of basic computer science in school, this ARM linux box would be one of the good candidates for deploying honeypot sensors. Low cost, low power consumption with headless setup. It could simply turn into a powerful honeypot or attack detector.

Honeeepi

Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS. The first release (v201310) consist of Dionaea honeypot which only operate on Raspberry pi B Model.

The latest release (v201501) was pre-installed with several honeypot packages (Dionaea, Kippo, Conpot, Glastopf) and run on both Raspberry pi B and B+ Model.
It also run the ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

Download

First version of honeeepi image was release in Oct 2013 (Version 2013.10).
Latest version of honeeepi image was release in Jan 2015 (Version 2015.01).

You can download the latest Honeeepi image from https://sourceforge.net/projects/honeeepi/

Filename: honeeepi-201501.img.7z
SHA1 Checksum: 0b62460b668e78ccd2a2cc4b55781d23

What you need to setup Honeeepi

- a Raspberry Pi
- SD card (Minimum 4GB space, 32GB recommended)
- SD card reader
- keyboard and network connectivity (for headless setup)

Simple Installation

You should be able to use the Honeeepi image with headless setup easily. The installation process is similiar to the common raw images (e.g. Raspbian, OpenELEC)

1. Prepare the SD Card

(a) Prior the installation, umount any current mounted SD Card partition (in this case, the SD Card is mounted as /dev/sdb1 and /dev/sdb2)

[email protected]:~/Downloads$ sudo umount /dev/sdb1

[email protected]:~/Downloads$ sudo umount /dev/sdb2

(b) Delete the existing partitions on the SD Card. Also, create single partition for entire SD Card

[email protected]:~/Downloads$ sudo fdisk /dev/sdb

Command (m for help): d
Partition number (1-4): 1

Command (m for help): d
Selected partition 2

Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-60866559, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-60866559, default 60866559):
Using default value 60866559

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

[email protected]:~/Downloads$ sudo fdisk -l /dev/sdb

Disk /dev/sdb: 31.2 GB, 31163678720 bytes
64 heads, 32 sectors/track, 29720 cylinders, total 60866560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00014d34

Device Boot Start End Blocks Id System
/dev/sdb1 2048 60866559 30432256 83 Linux

2. Download the Honeeepi image and unzip it

[email protected]:~/Downloads$ 7z e honeeepi-201501.img.7z

3. Write the Honeeepi image into the SD Card (e.g. using unix tool dd).
[email protected]:~/Downloads$ sudo dd bs=2M if=honeeepi-201501.img of=/dev/sdb

4. Insert the SD Card into the Raspberry Pi. Power it up and connect to the wired network. Honeeepi image is started with 'dhcpd' and 'sshd' as default

5. Once you locate the Honeeepi network address, login to Honeeepi with SSH (Port TCP/22).

Default login: pi
Password : honeeepi

Useful commands:

(a) raspi-config

This Raspberry Pi Software Configuration tool provides various configuration features.
For example, after the installation, we use it to expand the file system to entire SD Card (32GB space) for Honeeepi usage

(b) apt-get update / apt-get upgrade

all of us should familiar with this ; )

Running honeypots (suggested method. You could run in any other methods as desired)

Conpot

1) Login as pi
2) cd /honeeepi/conpot
3) To start for Siemens S7-200
sudo conpot --template default

4) start kamstrup_382 (smart meter)
sudo conpot --template kamstrup_382

Dionaea

1) Login as pi
2) cd /honeeepi/dionaea-honeypot
3) sudo ./start.sh & (start as background)
5) To start OS fingerprinting
sudo ./start-p0f.sh & (start as background)

Glastopf

1) Login as pi
2) sudo glastopf-runner & (start as background)

Kippo

1) Edit your ssh to different port number
2) sudo vi /etc/ssh/sshd_config
Edit SSH port to other port of your choice (make sure use different port from honeypot services) # What ports, IPs and protocols we listen for
Port 22 <-----change port number ensure it does not clashes with other honeypot services
restart SSH
sudo /etc/init.d/ssh restart
3) sudo su kippo
4) cd /honeeepi/kippo
5) ./start.sh

Running Network monitoring

Ntop

1) Login as pi
2) cd /opt/ntop-5.0.1
3) sudo ntop & (Start as background)
4) First time startup will prompt for admin user password
5) go to browser access , http://&lt;IP address of honeeepi>:3000/

Remote Packet Capture (rpcapd)

1) Login as pi
2) sudo passwd root -> set root password
3) cd /opt/rpcap
4) sudo start.sh & (start as background)
5) Configure remote capture using wireshark

Current supported honeypots

- Conpot (http://conpot.org/)
- Dionaea (http://dionaea.carnivore.it)
- Glastopf (http://glastopf.org/)
- Kippo (https://github.com/desaster/kippo)

Misc

Other tools
- Snort (https://www.snort.org/)
- ntop (http://www.ntop.org/)
- Remote packet capture (https://github.com/frgtn/rpcapd-linux)

Feel free to contact Honeeepi Dev Team if any feedback