Raspberry Pi 4 https://www.amazon.com/gp/product/B07TC2BK1X Argon One Pi 4 V2 kit https://www.amazon.com/gp/product/B07WP9P8VW SanDisk Max Endurance 32 Gb microSD card https://www.amazon.com/gp/product/B084CJLNM4
Download Ubuntu Server 20.04.1 LTS 64-bit from https://ubuntu.com/download/raspberry-pi and burn it to a microSD card with Raspberry Pi Imager 1.3 from https://www.raspberrypi.org/blog/raspberry-pi-imager-imaging-utility/ using the Select Custom option.
Mount the boot filesystem of the fresh microSD card and modify cmdline.txt
to append something like smsc95xx.macaddr=00:4F:49:f0:00:01
. This makes the NIC appear to be something from Realtek instead of Raspberry Pi. That should make the honeypot sweeter. Also, it'll give you the chance to setup a DHCP reservation in advance.
After first boot, the system will spend quite a while doing unattended upgrades. So, wait until it's finished:
watch -n 5 'ps -ef | grep [u]nattended'
The system will want a reboot, so give it a sudo shutdown -r now
and then do the usual patching:
sudo apt update -y
sudo apt upgrade -y
sudo shutdown -r now
Add some Python stuff:
sudo apt install -y python3-dev python3-pip python3-venv
Add some libraries and utilities:
sudo apt install -y build-essential libssl-dev libffi-dev libpcap-dev net-tools
Reboot and rub a rabbit's foot.
As the user who will run OpenCanary, create a virtual environment:
mkdir ~/opencanary; cd ~/opencanary; python3 -m venv env
Activate the environment and install the stuff:
source env/bin/activate
pip install wheel
pip install rdpy
pip install opencanary
pip install scapy pcapy
Create a template configuration:
opencanaryd --copyconfig
Move ~/.opencanary.conf
to ~/opencanary/opencanary.conf
and edit the file. Try enabling the honeypot web server by setting http.enabled
to true.
From the ~/opencanary
directory, start starting the daemon:
opencanaryd --start
The OpenCanary daemon should be listening for HTTP connections on TCP 80. Verify that python3 is listening:
sudo netstat -tunlp -4
Try loading the juicy honeypot web page at http://opencanary/index.html and see a login screen.
Edit the ~/opencanary/opencanary.conf
file and inject the following into the logger.kwargs.handlers
JSON path:
"SMTP": {
"class": "logging.handlers.SMTPHandler",
"mailhost": ["your.mail.server", 587],
"fromaddr": "opencanary@your.domain",
"toaddrs": ["administrator@your.domain"],
"subject": "OpenCanary Alert",
"credentials": ["username", "password"],
"secure": []
}
- Evaluate the OpenCanary Correlator at https://github.com/thinkst/opencanary-correlator
- Write a systemd unit to start the OpenCanary properly
- Configure Samba and wait for someone to browse smb://opencanary/financial-documents