Installing Conpot on Ubuntu 12.04

From Zam Wiki

Conpot is a low interactive server side Industrial Control Systems (ICS) honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.


For more info, you can refer at [1]


1. After that, update your OS:

sudo apt-get update && sudo apt-get upgrade

2. Go to your preferable folder to install Conpot:

cd /opt

3. Get Conpot source code from Github:

git clone https://github.com/mushorg/conpot.git

4. Edit your apt list like below:

sudo nano /etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu precise main restricted universe
deb http://archive.ubuntu.com/ubuntu precise-updates main restricted universe
deb http://security.ubuntu.com/ubuntu precise-security main restricted universe multiverse
deb http://archive.canonical.com/ubuntu precise partner

deb http://archive.ubuntu.com/ubuntu/ precise multiverse
deb-src http://archive.ubuntu.com/ubuntu/ precise multiverse
deb http://archive.ubuntu.com/ubuntu/ precise-updates multiverse
deb-src http://archive.ubuntu.com/ubuntu/ precise-updates multiverse

5. Update your OS:

sudo apt-get update && sudo apt-get upgrade

6. Install required dependencies:

sudo apt-get install libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev libxslt1-dev libxml2-dev

7. Upgrade Python Pip:

sudo pip install --upgrade setuptools pip

8. Go to Conpot source code folder:

cd /opt/conpot

9. Install Conpot to your system:

sudo pip install --upgrade -r requirements.txt
  • Ensure you meet the requirement. If not, make sure you install the required dependencies until complete.
sudo python setup.py build
sudo python setup.py install

10. Edit Conpot config file:

sudo nano /opt/conpot/conpot/conpot.cfg

The config file should looks like this:

[common]
sensorid = default

[session]
timeout = 30

[daemon]
;user = conpot
;group = conpot

[sqlite]
enabled = False

[mysql]
enabled = False
device = /tmp/mysql.sock
host = localhost
port = 3306
db = conpot
username = conpot
passphrase = conpot
socket = tcp        ; tcp (sends to host:port), dev (sends to mysql device/socket file)

[syslog]
enabled = False
device = /dev/log
host = localhost
port = 514
facility = local0
socket = dev        ; udp (sends to host:port), dev (sends to device)

[hpfriends]
enabled = False
host = 127.0.0.0
port = 10000
ident =
secret =
channels = ["conpot.events", ]

[taxii]
enabled = False
host = taxiitest.mitre.org
port = 80
inbox_path = /services/inbox/default/
use_https = False

[fetch_public_ip]
enabled = True
urls = ["http://www.telize.com/ip", "http://queryip.net/ip/", "http://ifconfig.me/ip"]

[change_mac_addr]
enabled = False
iface = eth0
addr = 00:de:ad:be:ef:00

11. Start Conpot honeypot:

sudo conpot --template default >> conpot.log &
disown