[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed

discuss: Honeypot Howto

Previous by date: 12 Jul 2002 06:44:20 -0000 Re: Masquerading-made-simple howto update, Greg Ferguson
Next by date: 12 Jul 2002 06:44:20 -0000 Re: Honeypot Howto, Alexander Bartolich
Previous in thread:
Next in thread: 12 Jul 2002 06:44:20 -0000 Re: Honeypot Howto, Alexander Bartolich
Subject: Honeypot Howto
From: "Alan Evans" ####@####.####
Date: 12 Jul 2002 06:44:20 -0000
Message-Id: <001a01c2296f$8e611170$0b01a8c0@aidanpride> 
Hello all, my name is Alan Evans and I am a recent graduate of Rochester
Institute of Technology (RIT) in Rochester NY.  I figure I have taken
enough from various HOWTOs around the net and it is time to give back to
my Linux User community.

 

While at school I took a class called Computer System Security which was
offered for the first time and one of the projects we took on as a class
was to create a Linux-Linux VMWare Virtual Honeypot for another class
(System Admin II) to er um evaluate (cough cough hack into).  Well
myself and the class all learned a lot though I think I learned the most
as I was kind of the lead of that project.

 

Anyway I am writing to put forth an idea for a HOWTO I would like to
author and submit.  The HOWTO would be a general Honeypot HOWTO based
mostly on what I did for that class.  I would then include a section,
probably a rather significant section on doing a Linux-Linux VMWare
honeypot.  I figure it would be best to make it a Honeypot HOWTO and
include VMWare as a section in the HOWTO because most of the tricks we
or I rather applied to the VMWare honeypot  would work just as well on a
plain old Honeypot.

 

Here is a list of some of the things I think I would discuss in the form
of a general outline.

 

Introduction

  Disclaimer

  Legal implications ??

 

What is a honeypot?

 

Why a honeypot?

 

Where can I learn more?

  Honeynet project

  Search <insert search engine here>

 

Syslog

  Using an alternate configuration file

    Logging to normal log file locations

    Logging to a secondary location

      Hiding your new logs (modify atime, ctime and mtime)

    Network logging

    Serial port logging (don't know much about this!! May need help
here)

 

Logging bash_history to the syslog

 

Snort

 

Physical Security

 

VMWare Linux-Linux Honeypot

  Why VMWare

  Why Linux-Linux

  Choosing/Building a box

    Two NICs

    Two Hard Drives

  VMWare

  Choosing a Host OS

  Securing the Host OS

  Snort on the Host OS

  Syslog

    Alternate config logging

    Network logging

  Really secure logs!! (Copying them to the host OS)

  Physical Security

 

That's all I can come up with at the moment but I have a lot of ideas
that I have been running around in my head.

 

I look forward to comments and to hearing if this is a good idea.

 

Thanks,

-Alan
Previous by date: 12 Jul 2002 06:44:20 -0000 Re: Masquerading-made-simple howto update, Greg Ferguson
Next by date: 12 Jul 2002 06:44:20 -0000 Re: Honeypot Howto, Alexander Bartolich
Previous in thread:
Next in thread: 12 Jul 2002 06:44:20 -0000 Re: Honeypot Howto, Alexander Bartolich
[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed
  ©The Linux Documentation Project, 2014. Listserver maintained by dr Serge Victor on ibiblio.org servers. See current spam statz.