Most of this config and documentation comes from CloudDeploy. This new repo config implements pushing the actual honeypot containers out and registering them with the CHNServer
This repository contains tools to provision and configure infrastructure for CommunityHoneyNetwork honeypots and management servers in cloud hosting services like Amazon Webservices.
Infrastructure is described and created using a Terraform configuration, and the resulting instances/servers are setup with Ansible playbooks.
- Terraform >= v0.10.6
- Ansible >= 2.4.0.0
- Terraform-Inventory >= 0.6.1.
- A cloud provider account
Currently only AWS is supported, but support for other providers is comming.
Set a couple environment variables to authenticate against AWS:
export AWS_ACCESS_KEY=YOUR_ACCESS_KEY
export AWS_SECRET_KEY=YOUR_SECRET_KEY
More options on AWS credentials can be found here:
Terraform AWS Provider Credentials documentation
If you have a greenfield (no existing AWS infrastructure), just hit go (see
below). Otherwise, customize the default.tfvars to fit within your environment.
Special care should be taken with the VPC CIDR (making sure it doesn't overlap
with any existing AWS infrastructure you may have) and traffic ingress rules.
Most importantly, set the ssh_ingress_blocks variable to be an array
containing the IPs or Subnets (in CIDR notation) from which your hosts should
allow SSH connections. This must include the host that will perform the
Ansible configuration.
Note that any files matching *.auto.tfvars can be automatically loaded as
var-files
An example default.auto.tfvars file:
trusted_network = "1.2.3.4/24"
authorized_keys = [
"ssh-ed25519 my-key-blahblah user@example.com"
]
Pull in submodules using the following command:
git submodule update --init --recursive
Build the infrastructure by running:
terraform apply
This will run through the process of creating the VPC, Subnets, Security groups and EC2 instances described in the Terraform configuration files.
You can view a list of your honeypots using the terraform-inventory tool, like so:
terraform-inventory --list | jq
This will give you a nice view of each honeypot group and IP
By default, the real ssh port for each honeypot is 4222. If you would like to change this, add the following to your custom tfvars file:
real_ssh_port = 2323
CHN-Server will be listning on port 80 (for now). To retrieve the default username/password and IP of this host, run the following ansible playbook:
ansible-playbook -i $(which terraform-inventory) ./admin_password.yaml
In addition to the CHN Server, this setup will deploy the following honeypot types (more coming soon!):
-
Cowrie
-
Dionaea