Installing your own honeypot
CowrieCowrie is the simplest of the two to install as it is available as a docker container. That means that the first thing we do is to start docker by opening up a command prompt and running –
Next we need to download and run the docker image with Cowrie in it, and this is done by typing at the command prompt –
$ service docker start
This will pull down Cowrie and run it automatically, listening on port 2222. We can now log into the system as if it were a real machine by typing in –
$ docker run -p 2222:2222 cowrie/cowrie
And we can now look around at what appears to be a complete Linux file system. If we look at the terminal where we launched Cowrie from, we can see details of exactly what is being typed. The files are dummy files and in the default state do not contain any information, but Cowrie does let you add real files to the image so you can seed it with tempting targets (eg an /etc/shadow file full with fake passwords).
$ ssh -p 2222 root@localhost
OpenCanaryCowrie is good if all you are interested in is SSH intercepts, but what if you want something more complex? This is where OpenCanary comes in. This is a more complex system that allows you to emulate a wide range of servers. Its installation is slightly more complex because of that, but it’s still relatively painless.
Want to keep
Coventry University online course,
Note the full stop on the fourth line – that isn’t a typo and is meant to be there. To run OpenCanary type in
$ apt-get install python-dev python-pip python-virtualenv
$ apt-get install -y build-essential libssl-dev libffi-dev
$ virtualenv env/
$ . env/bin/activate
$ pip install rdpy
$ pip install opencanary
The first time it runs, it will give you instructions on how to copy the config file and how to alter it. Do so, and change the config file so it’s obvious that you are using your own version (changing the banner for the FTP or Telnet server is a good way of testing this, but don’t forget to enable the service in the config file – I’d recommend enabling http, ftp, and telnet initially to get a feel for the system). To see what’s going on, look at the log file in /var/tmp/opencanary.log. You can monitor this continually by opening up a command prompt and typing –
$ opencanaryd –start
(In reality, you would want to send this information to a logger such as ElkStack.) Finally, open up another command prompt and try to log in or open up a web browser and try to log in through the web.
$ tail -f /var/tmp/opencanary.log
Our purpose is to transform access to education.
We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.
We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.