forked from mattymcfatty/HoneyPi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
honeyPiInstaller.sh
112 lines (98 loc) · 4.48 KB
/
honeyPiInstaller.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/bin/bash
#check root
if [ $UID -ne 0 ]
then
echo "Please run this script as root: sudo honeyPI.sh"
exit 1
fi
####Disclaimer!###
if whiptail --yesno "Hey Hey! You're about to install honeyPi to turn this Raspberry Pi into an IDS/honeypot. Congratulations on being so clever. This install process will change some things on your Pi. Most notably, it will flush your iptables and turn up logging. Select 'Yes' if you're cool with all that or 'No' to stop now." 20 60
then
echo "continue"
else
exit 1
fi
####Change password if you haven't yet###
if [ $SUDO_USER == 'pi' ]
then
if whiptail --yesno "You're currently logged in as default pi user. If you haven't changed the default password 'raspberry' would you like to do it now?" 20 60
then
passwd
fi
fi
####Install Debian updates ###
if whiptail --yesno "Let's install some updates. Answer 'no' if you are just experimenting and want to save some time (updates might take 15 minutes or more). Otherwise, shall we update now?" 20 60
then
apt-get update
apt-get upgrade
fi
####Name the host something enticing ###
sneakyname=$(whiptail --inputbox "Let's name your honeyPi something enticing like 'SuperSensitiveServer'. Well maybe not that obvious, but you get the idea. Remember, hostnames cannot contain spaces or most special chars. Best to keep it to just alphanumeric and less thaann 24 characters." 20 60 3>&1 1>&2 2>&3)
echo $sneakyname > /etc/hostname
echo "127.0.0.1 $sneakyname" >> /etc/hosts
####Install PSAD ###
whiptail --infobox "Installing a bunch of software like the log monitoring service and other dependencies...\n" 20 60
apt-get -y install psad ssmtp python-twisted iptables-persistent libnotify-bin fwsnort
###Choose Notification Option###
OPTION=$(whiptail --menu "Choose how you want to get notified:" 20 60 5 "email" "Send me an email" "script" "Execute a script" "blink" "Blink a light on your Raspberry Pi" 3>&2 2>&1 1>&3)
enablescript=N
externalscript=/bin/true
alertingmethod=ALL
check=1
case $OPTION in
email)
emailaddy=$(whiptail --inputbox "Mmmkay. Email is a pain to set up. We have defaults for gmail so use that if you have it. What's your email address?" 20 60 3>&1 1>&2 2>&3)
sed -i "s/xemailx/$emailaddy/g" ssmtp.conf
cp ssmtp.conf /etc/ssmtp/ssmtp.conf
check=30
whiptail --msgbox "Now, create an 'App Password' for your gmail account (google it if you don't know how). Because we don't want to assign your password to any variables, you have to manually edit the smtp configuration file on the next screen. 'AuthUser' is the first part of your email address before the @. Save and exit the editor and I'll see you back here." 20 60
pico /etc/ssmtp/ssmtp.conf
whiptail --msgbox "Welcome back! Well Done! Here comes a test message to your email address..." 20 60
echo "test message from honeyPi" | ssmtp -vvv $emailaddy
if whiptail --yesno "Cool. Now wait a couple minutes and see if that test message shows up. 'Yes' to continue or 'No' to exit and mess with your smtp config." 20 60
then
echo "Continue"
else
exit 1
fi
;;
script)
externalscript=$(whiptail --inputbox "Enter the full path and name of the script you would like to execute when an alert is triggered:" 20 60 3>&1 1>&2 2>&3)
enablescript=Y
alertingmethod=noemail
;;
blink)
enablescript=Y
alertingmethod=noemail
externalscript="/usr/bin/python /root/honeyPi/blinkonce.py"
;;
esac
###update vars in configuration files
sed -i "s/xhostnamex/$sneakyname/g" psad.conf
sed -i "s/xemailx/$emailaddy/g" psad.conf
sed -i "s/xenablescriptx/$enablescript/g" psad.conf
sed -i "s/xalertingmethodx/$alertingmethod/g" psad.conf
sed -i "s=xexternalscriptx=$externalscript=g" psad.conf
sed -i "s/xcheckx/$check/g" psad.conf
###Wrap up everything and exit
whiptail --msgbox "Configuration files created. Next we will move those files to the right places." 20 60
mkdir /root/honeyPi
cp blink*.* /root/honeyPi
cp psad.conf /etc/psad/psad.conf
iptables --flush
iptables -A INPUT -p igmp -j DROP
#too many IGMP notifications. See if that prevents it
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
service netfilter-persistent save
service netfilter-persistent restart
psad --sig-update
service psad restart
cp $confname /etc/honeypot/honeyd.conf
/etc/init.d/honeyd restart
cp mattshoneypot.py /root/honeyPi
(crontab -l 2>/dev/null; echo "@reboot python /root/honeyPi/mattshoneypot.py &") | crontab -
python /root/honeyPi/mattshoneypot.py &
ifconfig
printf "\n \n ok. should be good to go. Now go portscan this honeyPi and see if you get an alert!\n"