Skip main navigation

Installing your own honeypot

How to install two commonly used honeypots
© Coventry University. CC BY-NC 4.0
We will look at more detail in honeypots later, when we look at the information gathering aspect of honeypots. However, so you can see how a honeypot might be useful, we will talk you through installing two commonly used low interaction honeypots, Cowrie and OpenCanary.
You will find a video in the next step to accompany these instructions.

Cowrie

Cowrie is the simplest of the two to install as it is available as a docker container. That means that the first thing we do is to start docker by opening up a command prompt and running –
$ service docker start
Next we need to download and run the docker image with Cowrie in it, and this is done by typing at the command prompt –
$ docker run -p 2222:2222 cowrie/cowrie
This will pull down Cowrie and run it automatically, listening on port 2222. We can now log into the system as if it were a real machine by typing in –
$ ssh -p 2222 root@localhost
And we can now look around at what appears to be a complete Linux file system. If we look at the terminal where we launched Cowrie from, we can see details of exactly what is being typed. The files are dummy files and in the default state do not contain any information, but Cowrie does let you add real files to the image so you can seed it with tempting targets (eg an /etc/shadow file full with fake passwords).

OpenCanary

Cowrie is good if all you are interested in is SSH intercepts, but what if you want something more complex? This is where OpenCanary comes in. This is a more complex system that allows you to emulate a wide range of servers. Its installation is slightly more complex because of that, but it’s still relatively painless.
OpenCanary is Python based so the first thing we need to do is install Python. To do this, open up the command prompt and type –
$ apt-get install python-dev python-pip python-virtualenv

$ apt-get install -y build-essential libssl-dev libffi-dev

$ virtualenv env/

$ . env/bin/activate

$ pip install rdpy

$ pip install opencanary
Note the full stop on the fourth line – that isn’t a typo and is meant to be there.
To run OpenCanary type in
$ opencanaryd –start
The first time it runs, it will give you instructions on how to copy the config file and how to alter it. Do so, and change the config file so it’s obvious that you are using your own version (changing the banner for the FTP or Telnet server is a good way of testing this, but don’t forget to enable the service in the config file – I’d recommend enabling http, ftp, and telnet initially to get a feel for the system). To see what’s going on, look at the log file in /var/tmp/opencanary.log. You can monitor this continually by opening up a command prompt and typing –
$ tail -f /var/tmp/opencanary.log
(In reality, you would want to send this information to a logger such as ElkStack.)
Finally, open up another command prompt and try to log in or open up a web browser and try to log in through the web.
© Coventry University. CC BY-NC 4.0
This article is from the free online

Security Operations

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education