A lightweight honeypot that contributes threat intelligence data to SANS Internet Storm Center (ISC) for research purposes.

一种轻巧的蜜罐，可将威胁情报数据提供给SANS Internet Storm Center(ISC)进行研究。

DShield Honeypot is a lightweight honeypot intended to mimic a vulnerable system to gather threat intelligence. This data is then sent to SANS ISC’s vast data repository for research purposes.

DShield Honeypot是一种轻型蜜罐，旨在模仿易受攻击的系统来收集威胁情报。 然后将这些数据发送到SANS ISC的庞大数据存储库中以进行研究。

Honeypots are not intended to hold any valuable data that can be compromised. Instead, these systems are used to attract attackers to learn more about their techniques, patterns, and the way they operate.

蜜罐不打算保存任何可能被泄露的有价值的数据。 取而代之的是，这些系统被用来吸引攻击者，以更多地了解其技术，模式和操作方式。

In this article, we will walk through the steps to install and configure DShield Honeypot on a Raspberry Pi running Raspberry Pi OS Lite.

在本文中，我们将逐步介绍在运行Raspberry Pi OS Lite的Raspberry Pi上安装和配置DShield Honeypot的步骤。

Prerequisites

先决条件

• Raspberry Pi 2, 3, or 4 running Raspberry Pi OS Lite运行Raspberry Pi OS Lite的Raspberry Pi 2、3或4
• Internet Connection网络连接

Other versions of Raspberry Pi OS should work as well, but Lite has the smallest footprint

其他版本的Raspberry Pi OS也应该可以使用，但是Lite占用的空间最小

1. SSH到您的Raspberry Pi (1. SSH to your Raspberry Pi)

You can use PuTTY or your favorite SSH client.

您可以使用PuTTY或您喜欢的SSH客户端。

Type in your Raspberry Pi’s IP address and click Open.

输入您的Raspberry Pi的IP地址，然后单击“打开”。

The default username is “pi” and the default password is “raspberry”. You should update the password to something more secure.

默认的用户名是“ pi”，默认的密码是“ raspberry”。 您应该将密码更新为更安全的密码。

2.运行“ date”命令以检查Raspberry Pi上的时间和日期。 (2. Run the “date” command to check the time and date on your Raspberry Pi.)

pi@raspberrypi:~ $ dateMon 29 Jun 01:55:54 BST 2020pi@raspberrypi:~ $ 

You can adjust your timezone by using the raspi-config command.

您可以使用raspi-config命令调整时区。

sudo raspi-config

Choose option 4 Localisation Options from the menu.

从菜单中选择选项4本地化选项。

Select option I2 Change Time Zone from the menu.

从菜单中选择选项I2更改时区。

Select your geographic area in which you live.

选择您居住的地理区域。

Select the city or region corresponding to your time zone.

选择与您的时区相对应的城市或地区。

Select Finish to apply your new time zone settings.

选择完成以应用新的时区设置。

Your new time zone will now be displayed.

现在将显示您的新时区。

Current default time zone: 'America/Chicago'Local time is now:      Sun Jun 28 20:03:48 CDT 2020.Universal Time is now:  Mon Jun 29 01:03:48 UTC 2020.pi@raspberrypi:~ $

3.更新Raspberry Pi (3. Update Raspberry Pi)

Run the following commands to update your Raspberry Pi.

运行以下命令以更新Raspberry Pi。

Note: Times can vary on updates due to OS version, internet speed, and Raspberry Pi hardware specs.

注意：由于操作系统版本，互联网速度和Raspberry Pi硬件规格的不同，更新时间可能会有所不同。

pi@raspberrypi:~ $ sudo apt-get update...Fetched 13.5 MB in 11s (1,212 kB/s)Reading package lists... Donepi@raspberrypi:~ $ sudo apt-get -uy dist-upgrade...0 added, 0 removed; done.Running hooks in /etc/ca-certificates/update.d...done.

4.重新启动Raspberry Pi (4. Reboot Raspberry Pi)

Run the following command to reboot your Raspberry Pi. SSH back in when the system is back up and running.

运行以下命令以重新启动Raspberry Pi。 当系统备份并运行时，SSH重新登录。

pi@raspberrypi:~ $ sudo reboot

5.安装GIT (5. Install GIT)

GIT does not come installed by default on Raspberry Pi OS Lite. You’ll need to install it using the following command.

默认情况下，Raspberry Pi OS Lite上未安装GIT。 您需要使用以下命令进行安装。

pi@raspberrypi:~ $ sudo apt-get install -y gitReading package lists... Done...Setting up git (1:2.20.1-2+deb10u3) ...Processing triggers for man-db (2.8.5-2) ...Processing triggers for libc-bin (2.28-10+rpi1) ...pi@raspberrypi:~ $

You can ensure it’s been installed by running the following command.

您可以通过运行以下命令来确保已安装它。

pi@raspberrypi:~ $ which git/usr/bin/git

6.创建安装目录 (6. Create Installation Directory)

You’ll need to create a directory called install. This directory will be where we clone the GIT repository. Run the following command to make a directory.

您需要创建一个名为install的目录。 该目录将是我们克隆GIT存储库的位置。 运行以下命令创建目录。

pi@raspberrypi:~ $ mkdir installpi@raspberrypi:~ $ ls -ltotal 4drwxr-xr-x 2 pi pi 4096 Jun 28 20:24 installpi@raspberrypi:~ $

Change into the directory using the following command.

使用以下命令进入目录。

pi@raspberrypi:~ $ cd installpi@raspberrypi:~/install $ pwd/home/pi/installpi@raspberrypi:~/install $

7.克隆DShield GIT存储库 (7. Clone the DShield GIT Repository)

Run the following command to clone the dshield.git repository to the install folder.

运行以下命令将dshield.git存储库克隆到安装文件夹。

pi@raspberrypi:~/install $ git clone https://github.com/DShield-ISC/dshield.gitCloning into 'dshield'......Receiving objects: 100% (2476/2476), 1.14 MiB | 9.00 MiB/s, done.Resolving deltas: 100% (1480/1480), done.pi@raspberrypi:~/install $

You can verify the dhsield.git repository has been cloned to the install folder by running the following command.

您可以通过运行以下命令来验证dhsield.git存储库是否已克隆到安装文件夹。

pi@raspberrypi:~/install $ ls -ltotal 4drwxr-xr-x 8 pi pi 4096 Jun 28 20:27 dshieldpi@raspberrypi:~/install $

8.运行安装脚本 (8. Run the Install Script)

You’ll need to change into the dshield/bin directory using the following command.

您需要使用以下命令进入dshield / bin目录。

pi@raspberrypi:~/install $ cd dshield/bin/pi@raspberrypi:~/install/dshield/bin $

Run the following command to execute the install script in the bin folder.

运行以下命令以执行bin文件夹中的安装脚本。

pi@raspberrypi:~/install/dshield/bin $ sudo ./install.sh

The installation script will now begin to run.

现在，安装脚本将开始运行。

You will be prompted with a WARNING message asking you to acknowledge you know that you are turning your Raspberry Pi into a honeypot.

系统将提示您警告消息，要求您确认您知道将Raspberry Pi变成蜜罐。

Select Yes.

选择是。

The next screen will ask if you’d like updates to be done automatically or manually. It’s recommended you choose automatic.

下一个屏幕将询问您是否要自动或手动完成更新。 建议您选择自动。

Select OK.

选择确定。

9.创建DShield帐户 (9. Create DShield Account)

The next screen requires that you enter your E-Mail Address and API Key to move forward. You will need to create a DShield account to get this information.

下一个屏幕要求您输入电子邮件地址和API密钥才能前进。 您将需要创建一个DShield帐户来获取此信息。

Click the following link to create a DShield account https://dshield.org/login.html

单击以下链接创建一个DShield帐户https://dshield.org/login.html

Select Register as new user.

选择注册为新用户。

Enter in an E-Mail address and create a password. Select the checkbox after reading the content.

输入电子邮件地址并创建密码。 阅读内容后，选中复选框。

Click Register.

单击注册。

Check your E-Mail and click the link provided to validate your account.

检查您的电子邮件，然后单击提供的链接以验证您的帐户。

You will need to enter your E-Mail address to complete the validation.

您将需要输入您的电子邮件地址以完成验证。

Type in your email address and click Submit Query.

输入您的电子邮件地址，然后单击提交查询。

Your account is now validated. Use the link provided to log into your account.

您的帐户现已验证。 使用提供的链接登录到您的帐户。

10.获取API密钥 (10. Get API Key)

Now that you have an account you will need to get the API key.

现在您已经拥有一个帐户，您将需要获取API密钥。

Log into your DShield Account. You’ll be brought to your dashboard by default.

登录到您的DShield帐户。 默认情况下，您将被带到仪表板。

Click My Account in the top-right corner.

点击右上角的我的帐户。

Your API key will be displayed.

您的API密钥将会显示。

This page also has the option to set up 2FA and a Recovery Phone. It is highly recommended you set these up.

该页面还可以选择设置2FA和故障恢复电话。 强烈建议您进行设置。

11.输入DShield帐户信息 (11. Enter DShield Account Information)

Type or copy/paste your E-Mail Address into the E-Mail Address field.

在“电子邮件地址”字段中键入或复制/粘贴您的电子邮件地址。

Copy/paste your API key into the API Key field.

将您的API密钥复制/粘贴到“ API密钥”字段中。

Hit the enter key to Verify the information.

点击输入键以验证信息。

Your API Key will be verified and you’ll be allowed to move to the next step.

您的API密钥将通过验证，然后您可以继续执行下一步。

Select OK.

选择确定。

12.选择默认接口 (12. Select Default Interface)

A wired Ethernet connection is preferred. The Raspberry Pi has one network interface. We will leave the default option selected.

首选有线以太网连接。 Raspberry Pi具有一个网络接口。 我们将保留默认选项。

Select OK.

选择确定。

13.本地网络和访问 (13. Local Network and Access)

The next step will configure admin access. By default, the SSH port will be changed from port 22 to 12222.

下一步将配置管理员访问权限。 默认情况下，SSH端口将从端口22更改为12222。

You will need to enter the local network range you want to be allowed to have access.

您将需要输入要允许其访问的本地网络范围。

You can also enter in other trusted IPs and networks in the “Further IPs” field.

您也可以在“其他IP”字段中输入其他受信任的IP和网络。

Note: Your local network will vary from the screenshot. Your local network may use 10.x or 192.x. Be sure to check your network settings before proceeding.

注意：您的本地网络将与屏幕截图有所不同。 您的本地网络可能使用10.x或192.x。 在继续操作之前，请务必检查您的网络设置。

Select OK.

选择确定。

Select OK.

选择确定。

14.忽略防火墙日志的IP (14. IPs to Ignore for Firewall Log)

The next step allows you to enter in a network that the firewall will not log and will not redirect to the honeypot ports.

下一步，您可以输入防火墙不会记录并且不会重定向到蜜罐端口的网络。

Ensure your local network is entered in the field.

确保在该字段中输入了本地网络。

Select OK.

选择确定。

Select OK.

选择确定。

15.禁用蜜罐的IP /端口 (15. IPs/Ports to Disable Honeypot)

The next option allows you to disable the honeypot to prevent reporting internal access attempts.

下一个选项允许您禁用蜜罐，以防止报告内部访问尝试。

Ensure your network from above is entered in the field.

确保从上方输入您的网络。

I left the Honeypot Ports at their default.

我将Honeypot Ports保留为默认设置。

Select OK.

选择确定。

Select OK.

选择确定。

Configurations and installations will continue.

配置和安装将继续。

16.创建SSL证书 (16. Create SSL Certificate)

You’ll need to enter your details to create an SSL certificate.

您需要输入详细信息以创建SSL证书。

The script can create a Certificate Authority (CA) to sign the certificate or you can select No and send the certificate to another CA for signing.

该脚本可以创建证书颁发机构(CA)来对证书进行签名，也可以选择“否”并将证书发送到另一个CA进行签名。

I recommend you select Yes and have the script create a CA.

我建议您选择“是”，并让脚本创建一个CA。

Select Yes.

选择是。

Your SSL certificate will be created.

您的SSL证书将被创建。

17.重新启动Raspberry Pi (17. Reboot the Raspberry Pi)

Run the following command to reboot your Raspberry Pi.

运行以下命令以重新启动Raspberry Pi。

pi@raspberrypi:~ $ sudo reboot

Note: Your SSH port will change from 22 to 12222.

注意：您的SSH端口将从22更改为12222。

18.将您的Raspberry Pi公开到Internet (18. Expose Your Raspberry Pi to the Internet)

Note: This step exposes your device to the public internet. While this is the intended purpose, please be aware of what you are doing in this step and be sure to revert these steps if you choose to take down your honeypot.

注意：此步骤将您的设备公开到公共互联网。 虽然这是预期的目的，但是请注意您在此步骤中所做的事情，如果您选择取下蜜罐，请确保还原这些步骤。

Currently, your Raspberry Pi is running DShield but it’s not accessible from the public internet.

当前，您的Raspberry Pi正在运行DShield，但无法从公共Internet访问。

This step can vary based on your network setup and devices. Essentially, you need to configure your router to use the Raspberry Pi as your DMZ.

此步骤可能会因您的网络设置和设备而异。 本质上，您需要配置路由器以将Raspberry Pi用作DMZ。

You will need to enter your Raspberry Pi as the DMZ server.

您将需要输入Raspberry Pi作为DMZ服务器。

After your settings have been applied you can use a free online port scanner to scan your public IP address. You should see something similar to the image below.

应用设置后，您可以使用免费的在线端口扫描程序来扫描您的公共IP地址。 您应该看到类似于下图的内容。

Your honeypot is now exposing these ports to the public internet.

您的蜜罐现在将这些端口公开给公共互联网。

结语 (Wrapping Up)

Congrats! You now have DShield running on your Raspberry Pi.

恭喜！ 现在，您可以在Raspberry Pi上运行DShield。

Logs will be sent to DShield every 30 minutes. You can check out the DShield dashboard at https://secure.dshield.org/dashboard.html. You can search by IP address to see any reports associated with your IP address. Your data will also be aggregated into summaries with other data sent to DShield.

日志将每30分钟发送到DShield。 您可以在https://secure.dshield.org/dashboard.html检出DShield仪表板。 您可以按IP地址搜索以查看与您的IP地址相关的任何报告。 您的数据还将与发送到DShield的其他数据汇总在一起。

Choosing to install DShield helps ISC by contributing data to their research. Know that your contribution does help.

选择安装DShield可以通过为研究贡献数据来帮助ISC。 知道您的贡献确实有帮助。

If you have any questions feel free to Tweet or PM me @mrkmety

如果您有任何疑问，请随时发推文或PM @mrkmety