Tuesday, October 2, 2018

Install T-Pot into Google Cloud Platform VM Instance

T-Pot is a honeypot platform built on Ubuntu with Dock technology. Latest version is 17.10 and OS is Ubuntu 16.04. The minimum system requirement is at least 2GB RAM and 40GB disk space.

There are some other posts online to show how to install T-Pot into cloud virtual machine instance. Unfortunately, I failed so many times and got a error message 'could not find authrized_keys at .ssh folder'. Eventually I found issue is with the user I were using. If I create a new user and add it into sudo group, and install T-Pot after log in as that new user, the installation process is quite smooth.

Here is all steps I did. Hopefully it helps when you try this awesome honeypot.


1. Create a VM


2. Update your Ubuntu instance


[email protected]:~$ sudo apt-get update
[email protected]:~$ sudo apt-get upgrade
[email protected]:~$ sudo apt-get dist-upgrade




3. Add a new user into sudo

#sudo su
#adduser john
Set password prompts:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
User information prompts:
Changing the user information for username
Enter the new value, or press ENTER for the default
    Full Name []:
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n]


#usermod -aG sudo john

#su - john



4. Generate ssh key for user john
Once logged in as user john, stay at the same folder , which is home folder for John and type following command to generate ssh key. If it is asking a name to save your key files, type identity.


#ssh-keygen
#cd .ssh
#touch authorized_keys
#cat identity.pub >> authorized_keys



5. Install T-Pot

One done step 4, you can stay at same folder which is .ssh folder to do following steps to install T-Pot.

#git clone https://github.com/dtag-dev-sec/t-pot-autoinstall.git
#cd t-pot-autoinstall/
#sudo su
#./install.sh


##########################################################                                                           
#                                                        #                                                           
#     How do you want to proceed? Enter your choice.     #                                                           
#                                                        #                                                           
#     Required: 4GB RAM, 64GB disk                       #                                                           
#     Recommended: 8GB RAM, 128GB SSD                    #                                                           
#                                                        #                                                           
# 1 - T-Pot's STANDARD INSTALLATION                      #                                                           
#     Standard Honeypots, Suricata & ELK                 #                                                           
#                                                        #                                                           
# 2 - T-Pot's HONEYPOTS ONLY                             #                                                           
#     Honeypots only, w/o Suricata & ELK                 #                                                           
#                                                        #                                                           
# 3 - T-Pot's INDUSTRIAL EDITION                         #                                                           
#     Conpot, eMobility, Suricata & ELK                  #                                                           
#                                                        #                                                           
# 4 - T-Pot's FULL INSTALLATION                          #                                                           
#     Everything                                         #                                                           
#                                                        #                                                           
##########################################################                                                                                                                                                                        
Your choice: 4     


You will be prompted twice for inputs. One is for username which is john, and the other is the password for T-Pot user john's access.

#

.
.
.
### Removing NGINX default website. 
### Please enter a password for your user john for web access. 
Password: 
Repeat password: 
Adding password for user john
 
.
.
.
.
[MAIN]
ip = 35.237.41.220
MY_EXTIP=35.237.41.220
MY_INTIP=10.142.0.2
MY_HOSTNAME=crazyring
### Thanks for your patience. Now rebooting. Remember to login on SSH port 64295 next time or visit the dashboard on port 64297!         


Both port numbers, 64295 and 64297,  are important for you. You will need them later to log into your HoneyPot system.


6. Configure Firewall
It is important to restrict the access to your ssh port 64295 and web gui admin portal 64297.

NameTypeTargetsFiltersProtocols/portsActionPriorityNetwork
Ingress
Apply to all
IP ranges: 0.0.0.0

tcp:64298-65535

udp

icmp
Allow
1000
Ingress
Apply to all
IP ranges: 0.0.0.0/0

tcp:0-64294

udp

icmp
Allow
1000
Ingress
http-server
IP ranges: 0.0.0.0/0
tcp:80
Allow
1000
Ingress
https-server
IP ranges: 0.0.0.0/0
tcp:443
Allow
1000
Ingress
Apply to all
IP ranges: 204.197.180.204/32
tcp:64295
Allow
1000
Ingress
Apply to all
IP ranges: 204.197.180.204/32
tcp:64297
Allow
1000
Ingress
Apply to all
IP ranges: 0.0.0.0/0
icmp
Allow
65534
Ingress
Apply to all
IP ranges: 10.128.0.0/9

tcp:0-65535
udp:0-65535
icmp
Allow
65534
Ingress
Apply to all
IP ranges: 0.0.0.0/0
tcp:3389
Allow
65534
Ingress
Apply to all
IP ranges: 0.0.0.0/0
tcp:22
Allow
65534


7. Check Web Access from Internet

8. Videos
8.1 T-Pot Honeypot Installation through ISO file on ESXi Platform


8.2 T-pot HoneypotInstallation on GCP Ubuntu VM instance




References:













No comments:

Post a Comment