Honeypot configuration files

Honeypot docker-compose.yml

The honeypot Docker enviroment is defined by the docker-compose.yml file which defines the ports and various parameters of the honeypot and the local fluentbit container.

Example docker-compose.yml

# example of cowrie docker-compose.yml with healthchecks 
# execute on honeypot vm with "% docker-compose --env-file stingar-hp.env -f docker-compose.yml up -d"
version: '3.3'
services:
  cowrie:
    depends_on:
    - fluentbit
    env_file: stingar-hp.env
    image: 4warned/cowrie:healthcheck
    links:
    - fluentbit:fluentbit
    ports:
    - 2222:2222
    - 2223:2223
    healthcheck:
      test: ["CMD", "python3", "/opt/checkin.py", "-i", "$HONEYPOT_IDENT", "-n", "$HONEYPOT_HOST", "-a", "$HONEYPOT_IP", "-t", "cowrie", "--tags", "$TAGS", "--fluent-host", "$FLUENTBIT_HOST", "--fluent-port", "$FLUENTBIT_PORT", "--fluent-app", "$FLUENTBIT_APP"]
      interval: $HONEYPOT_HEALTHCHECK_INTERVAL
      timeout: $HONEYPOT_HEALTHCHECK_TIMEOUT
      retries: 1

  fluentbit:
    env_file: stingar-hp.env
    image: 4warned/fluentbit
    ports:
      - 127.0.0.1:24284:24284
      - 127.0.0.1:24284:24284/udp

Honeypot Configuration Parameters

The honeypot is configured using a separate settings file stingar-hp.env which provides the various settings to the Honeypot container and Fluentbit container image running together inside docker on the Honeypot host.

Example stingar-hp.env

FLUENTD_HOST=main-stingar-server.duke.edu
FLUENTD_PORT=24224
FLUENTD_KEY=PQUhjqTvhIWY9GofNiu4o40zUlrk1234
FLUENTD_APP=stingar
FLUENTBIT_HOST=fluentbit
FLUENTBIT_PORT=24284
FLUENTBIT_APP=stingar
FLUENTBIT_HOSTNAME=flb.local
HONEYPOT_IDENT=a82be2b776ab4161911eb9114b8b1234
HONEYPOT_IP=100.99.98.97 
HONEYPOT_HOST=my_honeypot_host
HONEYPOT_ASN=
HONEYPOT_HEALTHCHECK_INTERVAL=60m
HONEYPOT_HEALTHCHECK_TIMEOUT=60s
TAGS=