[gentoo-user] Honeypot distro?

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] Honeypot distro?
@ 2014-04-03  9:25 Pandu Poluan
  2014-04-03  9:50 ` hasufell
  2014-04-06  0:04 ` Volker Armin Hemmann
  0 siblings, 2 replies; 7+ messages in thread
From: Pandu Poluan @ 2014-04-03  9:25 UTC (permalink / raw
  To: gentoo-user

My company ended up with several 'ancient' HP ProLiant G4 servers.

We're thinking of setting up honeypots there.

Although I know Gentoo is perfectly capable of becoming a honeypot, we
currently prefer something... less involving in deployment :-D

Now, since this mailing list unarguably contains the 'creme de la
creme' of Linux users in the world... maybe you can help me in
choosing a honeypot distro?

I've been looking at several, such as "ADHD" or "Stratagem" or
"Honeydrive", also stalwarts such as BackTrack ... but I still can't
make up my mind yet.

TIA!

Rgds,
-- 
FdS Pandu E Poluan
~ IT Optimizer ~

 • LOPSA Member #15248
 • Blog : http://pandu.poluan.info/blog/
 • Linked-In : http://id.linkedin.com/in/pepoluan

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Honeypot distro?
  2014-04-03  9:25 [gentoo-user] Honeypot distro? Pandu Poluan
@ 2014-04-03  9:50 ` hasufell
  2014-04-06  0:04 ` Volker Armin Hemmann
  1 sibling, 0 replies; 7+ messages in thread
From: hasufell @ 2014-04-03  9:50 UTC (permalink / raw
  To: gentoo-user

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Gentoo.
-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJTPS7RXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMDlCNDQ4NjEyNDI4NjA5REVEMDI3MzIy
MjBDRDFDNUJERUVEMDIwAAoJECIM0cW97tAgEE4QAJwEDQaUdUbzIu1Yr+vN94qN
fNlz9dydP7fEHhh+ohkxRMT1fP736KpSelmIMRqdV8PpF6Rw/MbsD55zGt5v3JVP
9S4Bx5bMizovtHreDv2RhPnsjQos5OV2tpaSnCU84OEbF5ojzI+e8nrOE6aGyJ6t
gcXmOlyjlugxPjRxdkPC+IiAVe5KAoDpMZhdNJy+e34FtyZDiYPjGt+7bTwHNNvq
rm8iZiq/vMksicXXw4zxGjQRcdLykkIZ2HN1rjl+7Q9o4K/rRId0UncLynybj7dc
3y04MvL5BZUE9uXKTNVgtrd7CJ1ARCq7n8ILqH4q74v4Jd0WSn0YnwOZzdQwEYGa
erav+OwJ0KsHDsfSusD4by2nTx/halpnZo8Z8y3OjqROMBoSluV1I2WkxVS8L8b4
0lEz4lyuHBXFktNjyQyZzFSfz6zzyKVo3MgLi5xxj64V1XZPq3rIW9PYwt0NTlH3
ZkBtFZTMd5RRrBZzVcxugjE6V+XzQwK3lVKKL8Rz9yhXH52ReBxlMI2WxL1UXYiL
zGsxc2abSWgROy7oi+Dvtj9E5carM7r/gNm/mZSQL/zlGUzyqNDAv33/5mBToAPW
EoQx35iXyAILmPJEZ2a+NHc+OGRH9bwXY03XDCWrgUTR9KQq3v6z2xbCWpYBMnAC
6ssLl35I1YGtAdkSH1hv
=kpA4
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Honeypot distro?
  2014-04-03  9:25 [gentoo-user] Honeypot distro? Pandu Poluan
  2014-04-03  9:50 ` hasufell
@ 2014-04-06  0:04 ` Volker Armin Hemmann
  2014-04-06 13:04   ` [gentoo-user] " James
  1 sibling, 1 reply; 7+ messages in thread
From: Volker Armin Hemmann @ 2014-04-06  0:04 UTC (permalink / raw
  To: gentoo-user

Am 03.04.2014 11:25, schrieb Pandu Poluan:
> My company ended up with several 'ancient' HP ProLiant G4 servers.
>
> We're thinking of setting up honeypots there.
>
> Although I know Gentoo is perfectly capable of becoming a honeypot, we
> currently prefer something... less involving in deployment :-D
>
> Now, since this mailing list unarguably contains the 'creme de la
> creme' of Linux users in the world... maybe you can help me in
> choosing a honeypot distro?
>
> I've been looking at several, such as "ADHD" or "Stratagem" or
> "Honeydrive", also stalwarts such as BackTrack ... but I still can't
> make up my mind yet.
>
> TIA!
>
> Rgds,
well, a honeypot is a trap. So you want it to look like a normal distro,
in best case, something corporate-y like RHEL or SLES that is something
completely different in reality.

So... gentoo?


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [gentoo-user] Re: Honeypot distro?
  2014-04-06  0:04 ` Volker Armin Hemmann
@ 2014-04-06 13:04   ` James
  2014-04-06 14:36     ` Peter Humphrey
  0 siblings, 1 reply; 7+ messages in thread
From: James @ 2014-04-06 13:04 UTC (permalink / raw
  To: gentoo-user

Volker Armin Hemmann <volkerarmin <at> googlemail.com> writes:


> > We're thinking of setting up honeypots there.

> So... gentoo?

Pentoo?
(Kojoney - A Honeypot For The SSH Service)


hth,
James





^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Re: Honeypot distro?
  2014-04-06 13:04   ` [gentoo-user] " James
@ 2014-04-06 14:36     ` Peter Humphrey
  2014-04-07  1:30       ` James
  0 siblings, 1 reply; 7+ messages in thread
From: Peter Humphrey @ 2014-04-06 14:36 UTC (permalink / raw
  To: gentoo-user

On Sunday 06 Apr 2014 13:04:21 James wrote:

> Pentoo?
> (Kojoney - A Honeypot For The SSH Service)

Have you ever managed to install Kojoney on a Gentoo box, James? I got various 
errors when I tried it just now.

-- 
Regards
Peter



^ permalink raw reply	[flat|nested] 7+ messages in thread

* [gentoo-user] Re: Honeypot distro?
  2014-04-06 14:36     ` Peter Humphrey
@ 2014-04-07  1:30       ` James
  2014-04-07  8:51         ` Peter Humphrey
  0 siblings, 1 reply; 7+ messages in thread
From: James @ 2014-04-07  1:30 UTC (permalink / raw
  To: gentoo-user

Peter Humphrey <peter <at> prh.myzen.co.uk> writes:

> > Pentoo?
> > (Kojoney - A Honeypot For The SSH Service)

> Have you ever managed to install Kojoney on a Gentoo box, James? 
> I got various errors when I tried it just now.

Nope, but I remeber some pentoo folks talking about it. It sounded
interesting, but my efforts on pentoo have stalled due to other,
more pressing work. I got a pentoo box fully installed and up,
but there is quite a bit of customization, under the hood. For me,
it'll take some time to fully flesh out pentoo, a security oriented
gentoo distro, before I'm fully compfortable with it. Pentoo is
an interesting work and their is an installation CD I talked about
on Gentoo User, some weeks/months ago.

Here is a fork of Kojoney; that MAY be easier to work with:

https://code.google.com/p/kojoney-patch/downloads/list

And a gentoo ebuild:
https://bugs.gentoo.org/show_bug.cgi?id=460066

or kippo:

https://code.google.com/p/gentoo-vaca-overlay/source/browse/tru
nk/net-analyzer/kippo

hth,
James

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Re: Honeypot distro?
  2014-04-07  1:30       ` James
@ 2014-04-07  8:51         ` Peter Humphrey
  0 siblings, 0 replies; 7+ messages in thread
From: Peter Humphrey @ 2014-04-07  8:51 UTC (permalink / raw
  To: gentoo-user

On Monday 07 Apr 2014 01:30:03 James wrote:

> Here is a fork of Kojoney; that MAY be easier to work with:
> 
> https://code.google.com/p/kojoney-patch/downloads/list
> 
> And a gentoo ebuild:
> https://bugs.gentoo.org/show_bug.cgi?id=460066
> 
> or kippo:
> 
> https://code.google.com/p/gentoo-vaca-overlay/source/browse/tru
> nk/net-analyzer/kippo

That's interesting - thanks James. I'll look into those.

-- 
Regards
Peter



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2014-04-07  8:51 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-03  9:25 [gentoo-user] Honeypot distro? Pandu Poluan
2014-04-03  9:50 ` hasufell
2014-04-06  0:04 ` Volker Armin Hemmann
2014-04-06 13:04   ` [gentoo-user] " James
2014-04-06 14:36     ` Peter Humphrey
2014-04-07  1:30       ` James
2014-04-07  8:51         ` Peter Humphrey

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox