-
Notifications
You must be signed in to change notification settings - Fork 631
Incorporate an already deployed Honeypot into MHN
This page explains how you can take a honeypot that is already deployed and bring it under MHN's management.
Note: it is often easier to just redeploy the honeypot using MHN than it is to manually integrate an existing sensor since some sensors don't come with hpfeeds support.
General Steps:
Go to the MHN add sensor page and add your sensor: http://<YOUR_MHN_SERVER>/ui/add-sensor/. This will provide you with a UUID you will need for the next step.
Add an identifier and secret (and channels) to the hpfeeds auth_key database. Here's how:
IDENT=<UUID FROM MHN>
SECRET=<CHOOSE A RANDOM STRING OF LETTERS AND NUMBERS, THE LONGER THE BETTER>
PUBLISH_CHANNELS=<COMMA SEPARATED LIST OF CHANNELS>
SUBSCRIBE_CHANNELS=""
cd /opt/hpfeeds/broker
source env/bin/activate
python add_user.py "$IDENT" "$SECRET" "$PUBLISH_CHANNELS" "$SUBSCRIBE_CHANNELS"
Configure the honeypot's hfeeds section to use your MHN server's IP, identifier, secret, and channels. The deploy_*.sh scripts in https://github.com/Pwnlandia/mhn/tree/master/scripts/ have the specific steps for specific sensor. Please look at these scripts to see which configs need to be modified.
Restart the honeypot and make sure data is flowing. If your sensors was pre-deployed, then steps for restarting are up to you. MHN uses supervisord for managing honeypots and supervisorctl restart <HONEYPOT> is how we do it.