-
Notifications
You must be signed in to change notification settings - Fork 24
Home
If adding Shockpot to an existing version of MHN you will need to follow some of the steps outlined here:
When deploying this new code make sure the new channel name (e.g. shockpot.events) is appended to the channel variable in mnemosyne's config file /opt/mnemosyne/mnemosyne.cfg
. If this is not done mnemosyne will not even see these new events.
When deploying this new code, make sure to update the /opt/mhn/server/config.py
with the mapping of the honeypot to the channels it is allowed to publish to. Example:
HONEYPOT_CHANNELS = {
'dionaea': [
'mwbinary.dionaea.sensorunique',
'dionaea.capture',
'dionaea.capture.anon',
'dionaea.caputres',
'dionaea.connections'
],
'conpot': ['conpot.events'],
'snort': ['snort.alerts'],
'kippo': ['kippo.sessions'],
'thug': ['thug.files', 'thug.events'],
'glastopf': ['glastopf.files', 'glastopf.events'],
'amun': ['amun.events'],
'shockpot': ['shockpot.events'], # <-- Needed to add this line for shockpot
}
Most new honeypots will publish data to their own honeypot specific hpfeeds channels. Because of this, you need to be sure to update the accounts associated with mnemosyne and the geoloc process. Mnemosyne is responsible for indexing and storing the honeypot data so it need to be able subscribe to the honeypot's channel. Geoloc is responsible for normalizing and IP Geolocating events for honeymap and it needs to be able to subscribe to the honeypot's channel. Here are the MongoDB commands to accomplish this:
Open the mongodb console and connect to the "hpfeeds" database:
$ mongo hpfeeds
MongoDB shell version: 2.6.2
connecting to: hpfeeds
Append the new honeypot's channel name to mnemosyne's "subscribe" field.
> db.auth_key.update({"identifier": "mnemosyne"}, {"$push": {"subscribe": "shockpot.events"} })
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
Append the new honeypot's channel name to geoloc's "subscribe" field.
> db.auth_key.update({"identifier": "geoloc"}, {"$push":{ "subscribe": "shockpot.events" }})
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
See https://github.com/Pwnlandia/mhn/wiki/Howto:-Add-Support-for-New-Sensors-to-the-MHN for more info on adding new sensors to MHN.