Wednesday, 15 May 2013

Install Dionaea on Ubuntu 12.04 LTS:

Dionaea is a low interaction honeypot which offers the following services SMB, HTTP, FTP and TFTP. It's pretty easy to install (once you know how) but it helps to know a few quick tricks.

For alternative install instructions, see: dionaea.carnivore.it/#compiling

Add the Dionaea repositories:

:~$ sudo add-apt-repository ppa:honeynet/nightly
:~$ sudo apt-get update

Install Dionaea:

:~$ sudo apt-get install dionaea

After you've installed Dionaea, set up the directories:

:~$ sudo mkdir -p /var/dionaea/wwwroot
:~$ sudo mkdir -p /var/dionaea/binaries
:~$ sudo mkdir -p /var/dionaea/bitstreams
:~$ sudo mkdir -p /var/dionaea/log
:~$ sudo chown -R nobody:nogroup /var/dionaea/

Update the Config file with the new Directories:

:~$ sudo mv /etc/dionaea/dionaea.conf.dist /etc/dionaea/dionaea.conf
:~$ sudo sed -i 's/var\/dionaea\///g' /etc/dionaea/dionaea.conf
:~$ sudo sed -i 's/log\//\/var\/dionaea\/log\//g' /etc/dionaea/dionaea.conf

Before starting Dionaea, edit the Configuration which is located at /etc/dionaea/dionaea.conf. First I suggest that you reduce the amount of logging. Set the levels from all to warning,error:

logging = {
    default = {
      file = "/var/dionaea/log/dionaea.log"
      levels = "warning,error"
      domains = "*"
    }
 
    errors = {
       file = "/var/dionaea/log/dionaea-errors.log"
       levels = "warning,error"
       domains = "*"
   }
}

Next, edit the listen dection. Change the mode from getifaddrs (automatic) to manual, to ensure your install is reachable from the Internet:

listen =
{
   mode = "manual"
   addrs = { eth0 = ["::"] }
}

Finally, start Dionaea as Deamon:

:~$ sudo dionaea -c /etc/dionaea/dionaea.conf -w /var/dionaea -u nobody -g nogroup -D