One month ago, Johannes released a beta version of a DShield sensor for the Raspberry Pi. The Pi is a cool computer to run such kind of tools but you must have a spare one and it requires extra cables and power (ok, not so much). Building and maintaining a virtual machine for an application with low requirements in CPU, memory and bandwidth is a bit overkill. Why not use a container?
I re-used Johannes’s installation script, restricted the installation to the bare minimum. The goal is just to run a cowrie instance and enable the DShield output module. To report collected data to DShield, you need an account.
Building the container is very easy:
# git clone https://github.com/xme/dshield-docker # cd dshield-docker # docker build -t dshield/honeypot
The container performs a check of your DShield credentials at boot time. You can pass them to the container using a text file (keep it in a safe place!)
# cat <<_END_ >env.txt DSHIELD_UID=xxxxx DSHIELD_APIKEY=xxxxx DSHIELD_EMAIL=xxxxx _END_ # docker run -d -p 2222:2222 —env=env.txt —restart=always —name dshield dshield/honeypot
Interested? More information and sources are available here. Happy hunting!
Mar 15th 2016
1 year ago
There is a dot (.) missing in the docker build command.
Does one need a specific model of the Raspberry Pi to use this system?
Aug 23rd 2017
4 weeks ago