Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/FSecureLABS/honeypot_recipes
A chef cookbook which can be used to quickly deploy a high interaction honeypot, using the sysdig and falco tools
https://github.com/FSecureLABS/honeypot_recipes
Last synced: 26 days ago
JSON representation
A chef cookbook which can be used to quickly deploy a high interaction honeypot, using the sysdig and falco tools
- Host: GitHub
- URL: https://github.com/FSecureLABS/honeypot_recipes
- Owner: FSecureLABS
- License: other
- Created: 2016-12-08T17:57:00.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2017-01-04T09:54:38.000Z (almost 8 years ago)
- Last Synced: 2024-08-03T23:06:31.436Z (4 months ago)
- Language: Ruby
- Homepage: https://labs.mwrinfosecurity.com/blog/high-interaction-honeypots-with-sysdig-and-falco/
- Size: 6.84 KB
- Stars: 43
- Watchers: 8
- Forks: 13
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-honeypot - **39**星
README
# High Interaction Honeypots with Sysdig and Falco #
Sysdig is an open source tool, which can capture and save system state and activity from a running Linux machine. Falco, an open source tool as well, is a behavioral activity monitor designed to detect anomalous activity in applications. Falco can detect and alert on any behavior that involves making Linux system calls.
## Description ##
The honeypot_recipes repository contains a chef cookbook which can be used to quickly deploy a high interaction honeypot, using the sysdig and falco tools. The cookbook can be deployed under Red Hat, CentOS, Fedora, Ubuntu and Debian operating systems.
The cookbook installs sysdig and falco tools. In addition it creates an init script under /etc/init.d/ directory which starts sysdig in file roration mode for continuous capture. All the files that sysdig produces are written under the /local/usr/src/ directory, which can be changed by modifing the init scirpt.
## How to run the cookbook ##
In order to run the cookbook you should install:
* git
* chefdkCreate a directory named **cookbooks** and clone the repository in the new directory:
* `mkdir cookbooks && cd cookbooks`
* `git clone https://github.com/mwrlabs/honeypot_recipes sysdig-falco`Run the cookbook with the following command:
* `chef-client --local-mode --runlist 'recipe[sysdig-falco]'`
## License ##
The cookbook is released under a 3-clause BSD License and maintained by [MWR Info-Security](https://mwrinfosecurity.com/). See the `LICENSE` file for details.
## Contact ##
Please submit any bugs on the Github project page at:
or give me a shout on twitter [@den_n1s](https://twitter.com/den_n1s)