Awesome

multi-honeypot-ansible

Set up various honeypot servers

Supported softwares

• iplog - TCP/IP traffic logger.
• Cowrie - SSH and Telnet honeypot (port 22, 23).
• Mailoney - SMTP-AUTH honeypot (port 587).
• Postfix - SMTP open relay mail server (port 25).
• Wordpot - Wordpress honeypot (port 80 via Nginx).
• UDPot - DNS honeypot (port 53).

Requirements

• CentOS 7.x
• sshd is running without port 22
• Ansible 2.2+

For local development environment:

• VirtualBox
• Vagrant 1.5+

Usage

production

First of all, install CentOS 7.x to the server.

Change ssh port in /etc/ssh/sshd_config.

Port 10022

Create Ansible inventory file.

$ ${EDITOR} production/inventory
[default]
honeypot.example.com ansible_user=root ansible_port=10022

Run ansible playbook.

$ ansible-playbook -i production/inventory site.yml

local vagrant

Run ansible playbook.

$ vagrant up
$ vagrant provision

View results

• iplog: /var/log/iplog/iplog
• cowrie log: /var/log/cowrie/
• UDPot log: /var/log/udpot/db.sqlite3
• Maildir: /home/honeypot/Maildir/new/
• webmail: http://honeypot.example.com:10081/
  • password: /home/honeypot/.password