T-Pot is a honeypot platform built on Ubuntu with Dock technology.
Latest version is 17.10 and OS is Ubuntu 16.04. The minimum system
requirement is at least 2GB RAM and 40GB disk
space.
There are some other posts online to show how to install T-Pot into
cloud virtual machine instance. Unfortunately, I failed so many
times and got a error message 'could not find authrized_keys at
.ssh folder'. Eventually I found issue is with the user I were
using. If I create a new user and add it into sudo group, and
install T-Pot after log in as that new user, the installation
process is quite smooth.
Here is all steps I did. Hopefully it helps when you try this
awesome honeypot.
1. Create a VM
2. Update your Ubuntu instance
jon_netsec@tpot:~$sudo apt-get updatejon_netsec@tpot:~$sudo apt-get upgradejon_netsec@tpot:~$sudo apt-get dist-upgrade
3. Add a new user into sudo
#sudo su#adduser johnSet password prompts:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
User information prompts:
Changing the user information for username
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
#usermod -aG sudo john#su - john
4. Generate ssh key for user john
Once logged in as user john, stay at the same folder , which is
home folder for John and type following command to generate ssh
key. If it is asking a name to save your key files,
typeidentity.
#ssh-keygen#cd .ssh#touch authorized_keys#cat identity.pub >> authorized_keys
5. Install T-Pot
One done step 4, you can stay at same folder which is .ssh folder
to do following steps to install T-Pot.
#git clone https://github.com/dtag-dev-sec/t-pot-autoinstall.git#cd t-pot-autoinstall/#sudo su#./install.sh
##########################################################
# #
# How do you want to proceed? Enter your choice. #
# #
# Required: 4GB RAM, 64GB disk #
# Recommended: 8GB RAM, 128GB SSD #
# #
# 1 - T-Pot's STANDARD INSTALLATION #
# Standard Honeypots, Suricata & ELK #
# #
# 2 - T-Pot's HONEYPOTS ONLY #
# Honeypots only, w/o Suricata & ELK #
# #
# 3 - T-Pot's INDUSTRIAL EDITION #
# Conpot, eMobility, Suricata & ELK #
# #
# 4 - T-Pot's FULL INSTALLATION #
# Everything #
# #
##########################################################
Your choice: 4
You will be prompted twice for inputs. One is for username which is
john, and the other is the password for T-Pot user john's
access.
#
.
.
.
### Removing NGINX default website.
### Please enter a password for your user john for web access.
Password:
Repeat password:
Adding password for user john
.
.
.
.
[MAIN]
ip = 35.237.41.220
MY_EXTIP=35.237.41.220
MY_INTIP=10.142.0.2
MY_HOSTNAME=crazyring### Thanks for your patience. Now rebooting. Remember to login on SSH port64295next time or visit the dashboard on port64297!
Both port numbers, 64295 and 64297, are important
for you. You will need them later to log into your HoneyPot
system.
6. Configure Firewall
It is important to restrict the access to your ssh port 64295 and
web gui admin portal 64297.
Ingress
Apply to all
IP
ranges: 0.0.0.0
tcp:64298-65535
udp
icmp
Allow
1000
Ingress
Apply to all
IP
ranges: 0.0.0.0/0
tcp:0-64294
udp
icmp
Allow
1000
Ingress
http-server
IP ranges: 0.0.0.0/0
tcp:80
Allow
1000
Ingress
https-server
IP ranges: 0.0.0.0/0
tcp:443
Allow
1000
Ingress
Apply to all
IP
ranges: 204.197.180.204/32
tcp:64295
Allow
1000
Ingress
Apply to all
IP
ranges: 204.197.180.204/32
tcp:64297
Allow
1000
Ingress
Apply to all
IP ranges: 0.0.0.0/0
icmp
Allow
65534
Ingress
Apply to all
IP ranges: 10.128.0.0/9
tcp:0-65535
udp:0-65535
icmp
Allow
65534
Ingress
Apply to all
IP ranges: 0.0.0.0/0
tcp:3389
Allow
65534
Ingress
Apply to all
IP ranges: 0.0.0.0/0
tcp:22
Allow
65534
7. Check Web Access from Internet
8. Videos
8.1 T-Pot Honeypot Installation through ISO file on ESXi
Platform
8.2 T-pot HoneypotInstallation on GCP Ubuntu VM
instance
References: