Run the Trap! How to Setup your own Honeypot to collect Malware samples

tutorial

#21

This is a great point as well.
The log file takes up a bunch of space. If you’ve done any admin work, you’ll know this is a common issue.

Reduce or removing logs will allow you to have more space for malware<3


#22

Agreed. I would pull the logs off the instances to centralized location. I am not sure what the policies of data retention is or how far back you need to go in case you need to do forensics.


#23

I’m having trouble getting this set up…

firstly i’m running this on an ubuntu 14.04 box…
when I run the cmake command following the steps exactly I get " the source directory "/home/machine/…"does not exist

then i tried to run the same from within the dionaea dir and I got “In-source build detected. It is not allowed to build out-of-source! remove /home/machine/dionaea/CMakeCache.txt” and try again from another foler …

rm CMakeCache.txt
mkdir build
cd build
cmake …

the problem here is that file does not even exist under the dionaea dir. also, making that directory underneath the dionaea directory then running that cmake command does not work. I am running the commands verbatim as they are written on this page however I will be honest I do not fully understand them. Can someone help me
A. figure out where I am failing
B. explain the argument we are passing to the cmake -DCMAKE_INSTALL_PREFIX:PATH=/opt/dionaea … command, and why it has three dots at the end. (i think understanding this will hep me really understand what is going on here. As you can probably tell I am a linux noob but i’m here to learn.


(THC_Minister) #24

A. The build directory needs to be created in the dionaea folder. This is where it will build from the source. After you create the build directory in that folder, cd to it. from there continue on.

B. the cmake -DCMAKE_INSTALL_PREFIX:PATH=/opt/dionaea … should actually be cmake -DCMAKE_INSTALL_PREFIX:PATH=/opt/dionaea … Notice the 2 periods. The -DCMAKE_INSTALL_PREFIX:PATH=/opt/dionaea portion tells cmake where to install the compiled version. the “…” tell cmake where the source is located, “…” as in “cd …”. This tells cmake that the source is in one directory back in the “dionaea” directory.


#25

this^ as well as the manual instalation of cmake resolved my setup issues


#26

Happy you got it resolved!
Let me know how your collection goes!


(system) #27

This topic was automatically closed after 30 days. New replies are no longer allowed.