«

»

Dec 20 2013

Vagrant configuration for Dionaea malware honeypot

I am happy to announce another small side-project. This time, I decided to make a Dionaea malware honeypot VM available with one command (no kidding!)

Lately, I have been playing around with Vagrant which is a fantastic tool to include in your development workflow. Apart from others, Vagrant allows you to create virtual machines and provision them using simple shell scripts or configuration management software like Chef, Puppet, etc. You can then package and distribute a VM among your team so everyone starts with the same base (no more worries about missing dependencies, different versions or platforms) or create baselines for various systems in your environment. Read here for more benefits.

In any case, I have created some simple shell scripts to automate the installation, configuration and execution of Dionaea. These three are included in a so-called Vagrantfile (Vagrant’s configuration file) which is applied to a VM upon launch. To use it, first install VirtualBox and Vagrant itself for your OS version.

The files are located in a GitHub repo here: https://github.com/ikoniaris/dionaea-vagrant

So, you can now have a working Dionaea VM up and running in minutes by simply issuing:

git clone https://github.com/ikoniaris/dionaea-vagrant && cd dionaea-vagrant
vagrant up

This will download (only the first time) a virtual disk, create a new Ubuntu 12.04 LTS VM on the fly and start it, install Dionaea and all of its dependencies and execute it as daemon along with p0f. And that’s it!

You can then login into the machine by typing “vagrant ssh” or using an SSH client (e.g. PuTTY) and connect to localhost:2222 — username: vagrant, password: vagrant. Once inside the VM, type “ifconfig” to find out the IP address assigned to the bridged adapter (eth1), which you can use to forward ports from your home router back to the VM. For a list of ports used by Dionaea type “sudo netstat -antp | grep dionaea”.

If you want to stop the machine type “vagrant halt” (on the outer terminal, not inside the machine). Every time you want to start the honeypot VM a simple “vagrant up” issued inside the dionaea-vagrant directory is enough! (hint: see the list of CLI commands for more)

Enjoy and if you have any feedback let me know!

PS. If you want to refer to this project you can use this dedicated page (will be updated soon): http://bruteforce.gr/dionaea-vagrant

More in Blog News, DevOps, Honeypots, Malware, Virtualization
Case Study: 10 Steps to Agile Development without Compromising Enterprise Security
BlackHat USA 2012 – Owning Bad Guys (and Mafia) with Javascript Botnets
Christiaan008: The Honey project and CIC News Engine
Kippo-Graph: version 0.9 is out!
Honeypot Workshop @ BruCON 2013
Close