Skip to content

Exercise 2: Installing the Honeypot

You can find more detailed instructions at our Github repository. These instructions are tailored to the Tech Tuesday event.

https://github.com/DShield-ISC/dshield

Step 1: Prerequisites

  • You have the latest version of Raspberry OS Lite or Ubuntu 20.04 LTS Server installed on the system
  • The system time is reasonably close to "real time"
  • You are logged in using an account that is able to "sudo"

You followed the steps outlined in the pre-install exercise:

sudo apt install -y git
git clone https://github.com/DShield-ISC/dshield.git
sudo dshield/bin/prep.sh
sudo reboot

You registered for a DShield/Internet Storm Center account and you do have the API key handy.

Step 2: Run the Installer

Run the installer:

sudo dshield/bin/install.sh

The installer will prompt you for various settings. For the most part, just accept the defaults, but note any errors and verify the network configuration

Reboot after the install completes.

sudo reboot

Step 3: Verify install

After you are done, you can run the "status" script to make sure everything is configured right

sudo dshield/bin/status.sh

The output should look like:

OK: /var/log/dshield.log  (<--- THIS MAY SHOW AN ERROR RIGHT AFTER INSTALL )
OK: /etc/cron.d/dshield
OK: /etc/dshield.ini
OK: /srv/cowrie/cowrie.cfg
OK: /etc/cron.d/dshield
OK: /etc/rsyslog.d/dshield.conf
OK: firewall rules
OK: webserver exposed

The first line "/var/log/dshield.log" may show an error if you have not yet received any attacks.

It may take 30-60 minutes for the first logs to show up in the Internet Storm Center website.