Exercise 2: Installing the Honeypot
You can find more detailed instructions at our Github repository. These instructions are tailored to the Tech Tuesday event.
Step 1: Prerequisites
- You have the latest version of Raspberry OS Lite or Ubuntu 20.04 LTS Server installed on the system
- The system time is reasonably close to "real time"
- You are logged in using an account that is able to "sudo"
You followed the steps outlined in the pre-install exercise:
sudo apt install -y git git clone https://github.com/DShield-ISC/dshield.git sudo dshield/bin/prep.sh sudo reboot
You registered for a DShield/Internet Storm Center account and you do have the API key handy.
Step 2: Run the Installer
Run the installer:
The installer will prompt you for various settings. For the most part, just accept the defaults, but note any errors and verify the network configuration
Reboot after the install completes.
Step 3: Verify install
After you are done, you can run the "status" script to make sure everything is configured right
The output should look like:
OK: /var/log/dshield.log (<--- THIS MAY SHOW AN ERROR RIGHT AFTER INSTALL ) OK: /etc/cron.d/dshield OK: /etc/dshield.ini OK: /srv/cowrie/cowrie.cfg OK: /etc/cron.d/dshield OK: /etc/rsyslog.d/dshield.conf OK: firewall rules OK: webserver exposed
The first line "/var/log/dshield.log" may show an error if you have not yet received any attacks.
It may take 30-60 minutes for the first logs to show up in the Internet Storm Center website.