{"id":13796148,"url":"https://github.com/mrschyte/dockerpot","last_synced_at":"2025-05-13T00:30:42.603Z","repository":{"id":31525890,"uuid":"35090373","full_name":"mrschyte/dockerpot","owner":"mrschyte","description":"A docker based honeypot.","archived":false,"fork":false,"pushed_at":"2015-05-05T09:48:54.000Z","size":132,"stargazers_count":147,"open_issues_count":0,"forks_count":14,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-08-03T23:06:26.350Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrschyte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-05-05T09:30:28.000Z","updated_at":"2024-01-22T19:37:54.000Z","dependencies_parsed_at":"2022-09-09T13:21:16.690Z","dependency_job_id":null,"html_url":"https://github.com/mrschyte/dockerpot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrschyte%2Fdockerpot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrschyte%2Fdockerpot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrschyte%2Fdockerpot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrschyte%2Fdockerpot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrschyte","download_url":"https://codeload.github.com/mrschyte/dockerpot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225159846,"owners_count":17430191,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T23:01:06.764Z","updated_at":"2024-11-18T10:31:06.129Z","avatar_url":"https://github.com/mrschyte.png","language":"Shell","readme":"# Description\n\nDockerpot is docker based honeypot. For a better summary visit\nhttp://www.itinsight.hu/blog/posts/2015-05-04-creating-honeypots-using-docker.html\n\n# Installation\n\n## Install the necessary software\n\n~~~ shell\n$ sudo apt-get update\n$ sudo apt-get install docker.io socat xinetd auditd\n\n$ # for installing nsenter\n$ docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter\n~~~\n\n## Install the honeypot scripts \n\nCopy `honeypot` to `/usr/bin/honeypot` and `honeypot.clean` to\n`/usr/bin/honeypot.clean` and make them executable. You may have to\ncustomize the ports in the iptables rules, the memory limit of the\ncontainer and the network quota if you want to run anything other than\nan SSH honeypot on port 22.\n\n## Configure crond, xinetd and auditd\n\n### crond\n\nAdd the following line to `/etc/crontab`. This runs the cleanup script\nto check for old containers every 5 minutes.\n\n~~~ shell\n*/5 * * * * /usr/honeypot/honeypot.clean\n~~~\n\n### xinetd\n\nCreate the following service file in `/etc/xinetd.d/honeypot` and add\nthe line `honeypot 22/tcp` to `/etc/services` to keep xinetd happy.\n\n~~~ shell\n# Container launcher for an SSH honeypot\nservice honeypot\n{\n        disable         = no\n        instances       = UNLIMITED\n        server          = /usr/bin/honeypot\n        socket_type     = stream\n        protocol        = tcp\n        port            = 22\n        user            = root\n        wait            = no\n        log_type        = SYSLOG authpriv info\n        log_on_success  = HOST PID\n        log_on_failure  = HOST\n}\n~~~\n\n### auditd\n\nEnable logging the execve systemcall in auditd by appending the following lines to `/etc/audit/audit.rules`.\n\n~~~ shell\n-a exit,always -F arch=b64 -S execve\n-a exit,always -F arch=b32 -S execve\n~~~\n\n## Create a base image for the honeypot\n\nCreate and configure a base image for the honeypot. The container will\nbe run using the command /sbin/init so place your initialization\nscript there or configure an init system of your choice. Make sure to\ncommit the image as \"honeypot:latest\". You should also create an\naccount named `user` and give it a weak password like `123456` to let\nbrute-force attackers crack your host. The ip address of the\nattacker's host is passed to the container in the environment variable\n\"REMOTE_HOST\". For logging you might want to additionally configure an\nrsyslog instance to forward logs to the host machine at 172.17.42.1.\n\n","funding_links":[],"categories":["\u003ca id=\"2e3aed6e2eb3c766dfc9fc9e2366822a\"\u003e\u003c/a\u003eDocker","Honeypots"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrschyte%2Fdockerpot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrschyte%2Fdockerpot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrschyte%2Fdockerpot/lists"}