Awesome
multi-honeypot-ansible
Set up various honeypot servers
Supported softwares
- iplog - TCP/IP traffic logger.
- Cowrie - SSH and Telnet honeypot (port 22, 23).
- Mailoney - SMTP-AUTH honeypot (port 587).
- Postfix - SMTP open relay mail server (port 25).
- Wordpot - Wordpress honeypot (port 80 via Nginx).
- UDPot - DNS honeypot (port 53).
Requirements
- CentOS 7.x
- sshd is running without port 22
- Ansible 2.2+
For local development environment:
- VirtualBox
- Vagrant 1.5+
Usage
production
First of all, install CentOS 7.x to the server.
Change ssh port in /etc/ssh/sshd_config
.
Port 10022
Create Ansible inventory file.
$ ${EDITOR} production/inventory
[default]
honeypot.example.com ansible_user=root ansible_port=10022
Run ansible playbook.
$ ansible-playbook -i production/inventory site.yml
local vagrant
Run ansible playbook.
$ vagrant up
$ vagrant provision
View results
- iplog:
/var/log/iplog/iplog
- cowrie log:
/var/log/cowrie/
- UDPot log:
/var/log/udpot/db.sqlite3
- Maildir:
/home/honeypot/Maildir/new/
- webmail: http://honeypot.example.com:10081/
- password:
/home/honeypot/.password
- password: