Thursday, 9 May 2013

Setting up dionaea on raspberry pi

Get started



Get wheezy image
http://www.raspberrypi.org/downloads


Installing dionaea

echo "deb http://packages.s7t.de/raspbian wheezy main" >> /etc/apt/sources.list
apt-get update
apt-get install libglib2.0-dev
apt-get install libssl-dev
apt-get install libcurl4-openssl-dev
apt-get install libreadline-dev
apt-get install libsqlite3-dev
apt-get install libtool
apt-get install automake
apt-get install autoconf
apt-get install build-essential (already have)
apt-get install subversion
apt-get install git-core
apt-get install flex
apt-get install bison
apt-get install pkg-config (already have)
apt-get install libnl-3-dev
apt-get install libnl-genl-3-dev
apt-get install libnl-nf-3-dev
apt-get install libnl-route-3-dev
apt-get install liblcfg (already have)
apt-get install libemu (s7t.de)
apt-get install libev (s7t.de)
apt-get install dionaea-python
apt-get install dionaea-cython
apt-get install libpcap
apt-get install udns
apt-get install dionaea
apt-get install liblcfg

Configuring dionaea
cp /opt/dionaea/etc/dionaea/dionaea.conf.dist /opt/dionaea/etc/dionaea/dionaea.conf
chown nobody:nogroup /opt/dionaea/var/dionaea -R
Starting dionaea
export PATH=$PATH:/opt/dionaea/bin
dionaea -u nobody -g nogroup -r /opt/dionaea -w /opt/dionaea -p /opt/dionaea/var/dionaea.pid

Passive identification with p0f
apt-get install p0f
p0f -i any -u root -Q /tmp/p0f.sock -q -l -d -o /dev/null -c 1024
chown nobody:nogroup /tmp/p0f.sock

Reference: http://maniactwister.de/b/aazlvr/en
                 http://dionaea.carnivore.it/


8 comments:

  1. Can MHN itself run on a Pi? I tried the install script and all went well until one borked trying to get mongodb...

    ReplyDelete
  2. Chris, I ran into same issue; I added
    'deb http://downloads-distro.mongodb.org/repo/debian-sysvinit dist 10gen' to pi's /etc/apt/sources.list - it helped me clean up the 'broken' one with the script mentioned here:
    https://stackoverflow.com/questions/10733201/mongodb-is-not-starting-in-ubuntu

    It was a HUGE pain until I found those suggestions, hope this is what helps your Pi.

    ReplyDelete
  3. Thanks for the pointer but i386 or AMD64 only, I regret...

    ReplyDelete
  4. I can not seem to get Dionaea to complete the installation. It keeps hanging here:

    deny
    # protocol ftpdata ftpdatacon xmppclient # type

    I have tried multiple PIs and multiple installation configurations. Any ideas?

    ReplyDelete
    Replies
    1. I have this same issue. Have you found a fix for this by change? It has been troubling me for some time now

      Delete
    2. has anybody finds solution to above problem?

      Delete
  5. I have put together several honeypots into raspberry pi. Please check out this out
    https://redmine.honeynet.org/projects/honeeepi/wiki

    ReplyDelete
    Replies
    1. Thank you. I never did find a solution. Recently I decided to revisit the pipot and saw this. I will give it a shot. Thank you.

      Delete