Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/FSecureLABS/honeypot_recipes

A chef cookbook which can be used to quickly deploy a high interaction honeypot, using the sysdig and falco tools
https://github.com/FSecureLABS/honeypot_recipes

Last synced: 3 months ago
JSON representation

A chef cookbook which can be used to quickly deploy a high interaction honeypot, using the sysdig and falco tools

Host: GitHub
URL: https://github.com/FSecureLABS/honeypot_recipes
Owner: FSecureLABS
License: other
Created: 2016-12-08T17:57:00.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2017-01-04T09:54:38.000Z (almost 8 years ago)
Last Synced: 2024-07-17T11:54:38.550Z (4 months ago)
Language: Ruby
Homepage: https://labs.mwrinfosecurity.com/blog/high-interaction-honeypots-with-sysdig-and-falco/
Size: 6.84 KB
Stars: 43
Watchers: 8
Forks: 13
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

awesome-honeypot - **39**星

README

# High Interaction Honeypots with Sysdig and Falco #

Sysdig is an open source tool, which can capture and save system state and activity from a running Linux machine. Falco, an open source tool as well, is a behavioral activity monitor designed to detect anomalous activity in applications. Falco can detect and alert on any behavior that involves making Linux system calls.

## Description ##

The honeypot_recipes repository contains a chef cookbook which can be used to quickly deploy a high interaction honeypot, using the sysdig and falco tools. The cookbook can be deployed under Red Hat, CentOS, Fedora, Ubuntu and Debian operating systems.

The cookbook installs sysdig and falco tools. In addition it creates an init script under /etc/init.d/ directory which starts sysdig in file roration mode for continuous capture. All the files that sysdig produces are written under the /local/usr/src/ directory, which can be changed by modifing the init scirpt.

## How to run the cookbook ##

In order to run the cookbook you should install:
* git
* chefdk

Create a directory named **cookbooks** and clone the repository in the new directory:

* `mkdir cookbooks && cd cookbooks`
* `git clone https://github.com/mwrlabs/honeypot_recipes sysdig-falco`

Run the cookbook with the following command:

* `chef-client --local-mode --runlist 'recipe[sysdig-falco]'`

## License ##

The cookbook is released under a 3-clause BSD License and maintained by [MWR Info-Security](https://mwrinfosecurity.com/). See the `LICENSE` file for details.

## Contact ##

Please submit any bugs on the Github project page at:

or give me a shout on twitter [@den_n1s](https://twitter.com/den_n1s)