Installing Conpot on Ubuntu 12.04

From Zam Wiki
Jump to: navigation, search

Conpot is a low interactive server side Industrial Control Systems (ICS) honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.

For more info, you can refer at [1]

1. After that, update your OS:

sudo apt-get update && sudo apt-get upgrade

2. Go to your preferable folder to install Conpot:

cd /opt

3. Get Conpot source code from Github:

git clone

4. Edit your apt list like below:

sudo nano /etc/apt/sources.list
deb precise main restricted universe
deb precise-updates main restricted universe
deb precise-security main restricted universe multiverse
deb precise partner

deb precise multiverse
deb-src precise multiverse
deb precise-updates multiverse
deb-src precise-updates multiverse

5. Update your OS:

sudo apt-get update && sudo apt-get upgrade

6. Install required dependencies:

sudo apt-get install libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev libxslt1-dev libxml2-dev

7. Upgrade Python Pip:

sudo pip install --upgrade setuptools pip

8. Go to Conpot source code folder:

cd /opt/conpot

9. Install Conpot to your system:

sudo pip install --upgrade -r requirements.txt
  • Ensure you meet the requirement. If not, make sure you install the required dependencies until complete.
sudo python build
sudo python install

10. Edit Conpot config file:

sudo nano /opt/conpot/conpot/conpot.cfg

The config file should looks like this:

sensorid = default

timeout = 30

;user = conpot
;group = conpot

enabled = False

enabled = False
device = /tmp/mysql.sock
host = localhost
port = 3306
db = conpot
username = conpot
passphrase = conpot
socket = tcp        ; tcp (sends to host:port), dev (sends to mysql device/socket file)

enabled = False
device = /dev/log
host = localhost
port = 514
facility = local0
socket = dev        ; udp (sends to host:port), dev (sends to device)

enabled = False
host =
port = 10000
ident =
secret =
channels = ["", ]

enabled = False
host =
port = 80
inbox_path = /services/inbox/default/
use_https = False

enabled = True
urls = ["", "", ""]

enabled = False
iface = eth0
addr = 00:de:ad:be:ef:00

11. Start Conpot honeypot:

sudo conpot --template default >> conpot.log &