« Previous - Version 6/28 (diff) - Next » - Current version
Tan Kean Siong, 11/17/2013 04:11 am


Introduction

This project is about setting up honeypots with Raspberry Pi - a credit card sized ARM Linux box.

Raspberry Pi

The Raspberry Pi is a credit sized single board computer developed by Raspberry Pi Foundation. With the initial intention of promoting the teaching of basic computer science in school, this ARM linux box would be one of the good candidates for deploying honeypot sensors. Low cost, low power consumption with headless setup. It could simply turn into a powerful honeypot or attack detector.

Honeeepi

Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS. It is pre-installed with Dionaea honeypot and would contribute to HPFeeds data feeds.

Download

We have released the Honeeepi image (version 2013.10). You can download the latest Honeeepi image from https://sourceforge.net/projects/honeeepi/

Filename: honeeepi-201310.7z
SHA1 Checksum: 0f94455f9456c2a92e5ffd4b51637cc88ce8e333

What you need to setup Honeeepi

- a Raspberry Pi
- SD card (e.g. 32GB space)
- SD card reader
- keyboard and network connectivity (for headless setup)

Simple Installation

You should be able to use the Honeeepi image with headless setup easily. The installation process is similiar to the common raw images (e.g. Raspbian, OpenELEC)

1. Prepare the SD Card

(a) Prior the installation, umount any current mounted SD Card partition (in this case, the SD Card is mounted as /dev/sdb1 and /dev/sdb2)

[email protected]:~/Downloads$ sudo umount /dev/sdb1

[email protected]:~/Downloads$ sudo umount /dev/sdb2

(b) Delete the existing partitions on the SD Card. Also, create single partition for entire SD Card

[email protected]:~/Downloads$ sudo fdisk /dev/sdb

Command (m for help): d
Partition number (1-4): 1

Command (m for help): d
Selected partition 2

Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-60866559, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-60866559, default 60866559):
Using default value 60866559

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

[email protected]:~/Downloads$ sudo fdisk -l /dev/sdb

Disk /dev/sdb: 31.2 GB, 31163678720 bytes
64 heads, 32 sectors/track, 29720 cylinders, total 60866560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00014d34

Device Boot Start End Blocks Id System
/dev/sdb1 2048 60866559 30432256 83 Linux

2. Download the Honeeepi image and unzip it

[email protected]:~/Downloads$ 7z e honeeepi-201310.7z

3. Write the Honeeepi image into the SD Card (e.g. using unix tool dd).

[email protected]:~/Downloads$ sudo dd bs=2M if=honeeepi-201310.img of=/dev/sdb
925+0 records in
925+0 records out
1939865600 bytes (1.9 GB) copied, 588.255 s, 3.3 MB/s

4. Insert the SD Card into the Raspberry Pi. Power it up and connect to the wired network. Honeeepi image is started with 'dhcpd' and 'sshd' as default

5. Once you locate the Honeeepi network address, login to Honeeepi with SSH (Port TCP/22).

Default login: pi / raspberry

Useful commands:

(a) raspi-config

This Raspberry Pi Software Configuration tool provides various configuration features.
For example, after the installation, we use it to expand the file system to entire SD Card (32GB space) for Honeeepi usage

(b) apt-get update / apt-get upgrade

all of us should familiar with this ; )

Current supported honeypots

- Dionaea (http://dionaea.carnivore.it)

Misc

We could setup and deploy various sensors e.g. Kippo, 6Guard (IPv6 attack detector) on Honeeepi (based Raspberry Pi). Feel free to contact Honeeepi Dev Team if any feedback