HoneyTrap蜜罐系统实践操作@FreeBSD

HoneyTrap介绍

HoneyTrap是一个可扩展的开源系统，用于运行、监控和管理蜜罐。
HoneyTrap蜜罐系统通过在网络中部署感应节点，实时感知周边网络环境，并将感应节点的日志进行实时存储和可视化分析，从而实现对网络环境中威胁情况的感知。该系统旨在通过模拟潜在攻击目标，吸引并捕获攻击者的活动，为安全团队提供有关攻击者行为、工具和意图的宝贵信息。

 HoneyTrap在FreeBSD ports和pkg系统里面，安装非常方便。最新版本为2021版本。

honeytrap-g20210510_20         Framework for running, monitoring and managing honeypots

官网源码：https://github.com/honeytrap/honeytrap gitcode源码：https://gitcode.com/honeytrap/honeytrap

 HoneyTrap手册：FreeBSD下安装 Install HoneyTrap on FreeBSD | HoneyTrap 配置蜜罐服务：Services | HoneyTrap

安装使用

安装

在FreeBSD系统下，直接使用pkg安装即可：

pkg install honeytrap
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    honeytrap: g20210510_20

Number of packages to be installed: 1

The process will require 16 MiB more space.
5 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching honeytrap-g20210510_20.pkg: 100%    5 MiB   1.3MB/s    00:04    
Checking integrity... done (0 conflicting)
[1/1] Installing honeytrap-g20210510_20...
===> Creating groups.
Creating group 'honeytrap' with gid '333'.
===> Creating users
Creating user 'honeytrap' with uid '333'.
[1/1] Extracting honeytrap-g20210510_20: 100%

启动

在root账户下，直接运行命令honeytrap即可

root@fbhost:~ # honeytrap 
2024/05/26 08:44:09 Failed to read config file config.toml: open config.toml: no such file or directory
2024/05/26 08:44:09 Failed to read config file /usr/local/etc/honeytrap/honeytrap/config.toml: open /usr/local/etc/honeytrap/honeytrap/config.toml: no such file or directory
2024/05/26 08:44:09 Using config file /usr/local/etc/honeytrap/honeytrap.toml

 _   _                       _____