Difference between revisions of "Installing Conpot on Ubuntu 12.04"
From Zam Wiki
(Created page with "Conpot is a low interactive server side Industrial Control Systems (ICS) honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting...") |
(No difference)
|
Latest revision as of 00:13, 19 June 2016
Conpot is a low interactive server side Industrial Control Systems (ICS) honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.
For more info, you can refer at [1]
1. After that, update your OS:
sudo apt-get update && sudo apt-get upgrade
2. Go to your preferable folder to install Conpot:
cd /opt
3. Get Conpot source code from Github:
git clone https://github.com/mushorg/conpot.git
4. Edit your apt list like below:
sudo nano /etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu precise main restricted universe deb http://archive.ubuntu.com/ubuntu precise-updates main restricted universe deb http://security.ubuntu.com/ubuntu precise-security main restricted universe multiverse deb http://archive.canonical.com/ubuntu precise partner deb http://archive.ubuntu.com/ubuntu/ precise multiverse deb-src http://archive.ubuntu.com/ubuntu/ precise multiverse deb http://archive.ubuntu.com/ubuntu/ precise-updates multiverse deb-src http://archive.ubuntu.com/ubuntu/ precise-updates multiverse
5. Update your OS:
sudo apt-get update && sudo apt-get upgrade
6. Install required dependencies:
sudo apt-get install libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev libxslt1-dev libxml2-dev
7. Upgrade Python Pip:
sudo pip install --upgrade setuptools pip
8. Go to Conpot source code folder:
cd /opt/conpot
9. Install Conpot to your system:
sudo pip install --upgrade -r requirements.txt
- Ensure you meet the requirement. If not, make sure you install the required dependencies until complete.
sudo python setup.py build sudo python setup.py install
10. Edit Conpot config file:
sudo nano /opt/conpot/conpot/conpot.cfg
The config file should looks like this:
[common] sensorid = default [session] timeout = 30 [daemon] ;user = conpot ;group = conpot [sqlite] enabled = False [mysql] enabled = False device = /tmp/mysql.sock host = localhost port = 3306 db = conpot username = conpot passphrase = conpot socket = tcp ; tcp (sends to host:port), dev (sends to mysql device/socket file) [syslog] enabled = False device = /dev/log host = localhost port = 514 facility = local0 socket = dev ; udp (sends to host:port), dev (sends to device) [hpfriends] enabled = False host = 127.0.0.0 port = 10000 ident = secret = channels = ["conpot.events", ] [taxii] enabled = False host = taxiitest.mitre.org port = 80 inbox_path = /services/inbox/default/ use_https = False [fetch_public_ip] enabled = True urls = ["http://www.telize.com/ip", "http://queryip.net/ip/", "http://ifconfig.me/ip"] [change_mac_addr] enabled = False iface = eth0 addr = 00:de:ad:be:ef:00
11. Start Conpot honeypot:
sudo conpot --template default >> conpot.log & disown