T-Pot is a honeypot platform built on Ubuntu with Dock technology. Latest version is 17.10 and OS is Ubuntu 16.04. The minimum system requirement is at least 2GB RAM and 40GB disk space.

There are some other posts online to show how to install T-Pot into cloud virtual machine instance. Unfortunately, I failed so many times and got a error message ‘could not find authrized_keys at .ssh folder’. Eventually I found issue is with the user I were using. If I create a new user and add it into sudo group, and install T-Pot after log in as that new user, the installation process is quite smooth.

Here is all steps I did. Hopefully it helps when you try this awesome honeypot.

1. Create a VM

2. Update your Ubuntu instance

jon_netsec@tpot:~$ sudo apt-get update
jon_netsec@tpot:~$ sudo apt-get upgrade
jon_netsec@tpot:~$ sudo apt-get dist-upgrade

3. Add a new user into sudo

#sudo su
#adduser john
Set password prompts:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
User information prompts:
Changing the user information for username
Enter the new value, or press ENTER for the default
    Full Name []:
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n]


#usermod -aG sudo john

#su - john

4. Generate ssh key for user john
Once logged in as user john, stay at the same folder , which is home folder for John and type following command to generate ssh key. If it is asking a name to save your key files, type identity.

#ssh-keygen
#cd .ssh
#touch authorized_keys
#cat identity.pub >> authorized_keys

5. Install T-Pot

One done step 4, you can stay at same folder which is .ssh folder to do following steps to install T-Pot.

#git clone https://github.com/dtag-dev-sec/t-pot-autoinstall.git
#cd t-pot-autoinstall/
#sudo su
#./install.sh


##########################################################                                                           
#                                                        #                                                           
#     How do you want to proceed? Enter your choice.     #                                                           
#                                                        #                                                           
#     Required: 4GB RAM, 64GB disk                       #                                                           
#     Recommended: 8GB RAM, 128GB SSD                    #                                                           
#                                                        #                                                           
# 1 - T-Pot's STANDARD INSTALLATION                      #                                                           
#     Standard Honeypots, Suricata & ELK                 #                                                           
#                                                        #                                                           
# 2 - T-Pot's HONEYPOTS ONLY                             #                                                           
#     Honeypots only, w/o Suricata & ELK                 #                                                           
#                                                        #                                                           
# 3 - T-Pot's INDUSTRIAL EDITION                         #                                                           
#     Conpot, eMobility, Suricata & ELK                  #                                                           
#                                                        #                                                           
# 4 - T-Pot's FULL INSTALLATION                          #                                                           
#     Everything                                         #                                                           
#                                                        #                                                           
##########################################################                                                                                                                                                                        
Your choice: 4     

You will be prompted twice for inputs. One is for username which is john, and the other is the password for T-Pot user john’s access.

#

.
.
.
### Removing NGINX default website. 
### Please enter a password for your user john for web access. 
Password: 
Repeat password: 
Adding password for user john
 
.
.
.
.
[MAIN]
ip = 35.237.41.220
MY_EXTIP=35.237.41.220
MY_INTIP=10.142.0.2
MY_HOSTNAME=crazyring
### Thanks for your patience. Now rebooting. Remember to login on SSH port 64295 next time or visit the dashboard on port 64297!         

Both port numbers, 64295 and 64297,  are important for you. You will need them later to log into your HoneyPot system.

6. Configure Firewall
It is important to restrict the access to your ssh port 64295 and web gui admin portal 64297.

Name Type Targets Filters Protocols/ports Action Priority Network

Ingress

Apply to all

IP ranges: 0.0.0.0

tcp:64298-65535



udp



icmp


Allow

1000

Ingress

Apply to all

IP ranges: 0.0.0.0/0

tcp:0-64294



udp



icmp


Allow

1000

Ingress

http-server

IP ranges: 0.0.0.0/0

tcp:80

Allow

1000

Ingress

https-server

IP ranges: 0.0.0.0/0

tcp:443

Allow

1000

Ingress

Apply to all

IP ranges: 204.197.180.204/32

tcp:64295

Allow

1000

Ingress

Apply to all

IP ranges: 204.197.180.204/32

tcp:64297

Allow

1000

Ingress

Apply to all

IP ranges: 0.0.0.0/0

icmp

Allow

65534

Ingress

Apply to all

IP ranges: 10.128.0.0/9

tcp:0-65535
udp:0-65535
icmp

Allow

65534

Ingress

Apply to all

IP ranges: 0.0.0.0/0

tcp:3389

Allow

65534

Ingress

Apply to all

IP ranges: 0.0.0.0/0

tcp:22

Allow

65534

7. Check Web Access from Internet

8. Videos
8.1 T-Pot Honeypot Installation through ISO file on ESXi Platform

8.2 T-pot HoneypotInstallation on GCP Ubuntu VM instance

References:

By Jonny

Leave a Reply