https://github.com/rosehgal/clientpot
High Interaction LXC based Active HoneyPot
https://github.com/rosehgal/clientpot
honeypot lxc ubuntu
Last synced: 6 months ago
JSON representation
High Interaction LXC based Active HoneyPot
- Host: GitHub
- URL: https://github.com/rosehgal/clientpot
- Owner: rosehgal
- Created: 2016-08-22T09:24:47.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2016-12-08T08:49:10.000Z (over 9 years ago)
- Last Synced: 2024-12-29T16:58:11.114Z (over 1 year ago)
- Topics: honeypot, lxc, ubuntu
- Language: C
- Size: 102 KB
- Stars: 1
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
Awesome Lists containing this project
README
# ClientPot:
## What is Clientpot?
Honeypots are security devices whose value lie in being probed and compromised. Traditional honeypots are servers (or devices that expose server services) that wait passively to be attacked. **Client Honeypots** are active security devices in search of malicious servers that attack clients. The client honeypot poses as a client and interacts with the server to examine whether an attack has occurred.
**Clientpot** is a kind a client honeypot for the linux systems, which crawls the potentially malicious web servers and log all the suspicious activity occured on the client side. Based on the changes occured in linux **file system** and linux **process tree**, logging server decides if the web server is malicous or not.
___
## Installation steps(using Ubuntu or any debian distro)
1. Make your system conatiners workable.
```
sudo apt-get install lxc lxc-templates
```
2. create a lxc guest machine name it ub1
```
sudo lxc-create -n ub1 -t ubuntu
```
Create a lxc machine for ubuntu named ub1
The name must be **ub1** as it is hardcoded in the system
Make sure the ip allocated to **lxcbr0** is from the NAT **10.0.3.0/24** else we need to change the system service files
3. install necessary utils in lxc_guest
```
sudo lxc-start -n ub1 && sudo lxc-console -n ub1
```
**login**-ubuntu
**passwrod**-ubuntu
```
sudo apt-get install less gcc g++ make zip tar wget curl lynx
```
4. Copy ./server in current machine on which lxc-host runs(**This is our logging Server**).
```
build the server
cd ./server
make
cd build
./server $PORT_NUMBER
```
For setting up log location, change the value of variable LOG_LOCATION in server.h before make,*Make sure that folder exist*.
you should start logging_server with the default port 8080 else need to change the system service file a bit
**Server need to be started before the request is sent from the cralwer.**
5. Copy the servcices in the service folder to lxc_guest ub1
**filemonitor.service**
If the defualt of port of logging server is different than 8080, change in the argument given in EXECSTART of this service
Default watches are addded to /tmp/ and / directory, that can be added with more watches by specifying in EXECSTART:
```
syntax : [directory_name]/,[PERMISSIONS_FOR_WATCH],[PERMISSIONS_FOR_WATCH], ...
```
PERMISSIONS_FOR_WATCH includes : ACCESS CREATE DELETE MODIFY ISDIR OPEN
If server(lxc host belongs to different NAT) change the server IP relapce it with 10.0.3.1
**forkmonitor.service**
If Applicable : Apply changes to server IP and PORT in EXECSTART
**crawler.service**
Invokes crawler service that runs default on port 7070, dont change this
*make sure to give all permissions to service files after copying*
6. stop the lxc_guest ub1
```
sudo lxc-stop -n ub1
```
This will be treated as the safe copy, that will be restored after every request
7. In the Host machine. Goto lxc-scripts folder and run
```
sudo python3 lxc_server.py 7070 **
```
**remember 7070 is harcoded default port for web_crawler service**
8. logs will be created to the log location specified.
Analyse the logs manually.