[gentoo-user] Honeypot distro?

[gentoo-user] Honeypot distro?

[Pandu Poluan]

My company ended up with several 'ancient' HP ProLiant G4 servers.

We're thinking of setting up honeypots there.

Although I know Gentoo is perfectly capable of becoming a honeypot, we
currently prefer something... less involving in deployment :-D

Now, since this mailing list unarguably contains the 'creme de la
creme' of Linux users in the world... maybe you can help me in
choosing a honeypot distro?

I've been looking at several, such as "ADHD" or "Stratagem" or
"Honeydrive", also stalwarts such as BackTrack ... but I still can't
make up my mind yet.

TIA!

Rgds,
-- 
FdS Pandu E Poluan
~ IT Optimizer ~

 • LOPSA Member #15248
 • Blog : http://pandu.poluan.info/blog/
 • Linked-In : http://id.linkedin.com/in/pepoluan

Re: [gentoo-user] Honeypot distro?

[hasufell]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Gentoo.
-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJTPS7RXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMDlCNDQ4NjEyNDI4NjA5REVEMDI3MzIy
MjBDRDFDNUJERUVEMDIwAAoJECIM0cW97tAgEE4QAJwEDQaUdUbzIu1Yr+vN94qN
fNlz9dydP7fEHhh+ohkxRMT1fP736KpSelmIMRqdV8PpF6Rw/MbsD55zGt5v3JVP
9S4Bx5bMizovtHreDv2RhPnsjQos5OV2tpaSnCU84OEbF5ojzI+e8nrOE6aGyJ6t
gcXmOlyjlugxPjRxdkPC+IiAVe5KAoDpMZhdNJy+e34FtyZDiYPjGt+7bTwHNNvq
rm8iZiq/vMksicXXw4zxGjQRcdLykkIZ2HN1rjl+7Q9o4K/rRId0UncLynybj7dc
3y04MvL5BZUE9uXKTNVgtrd7CJ1ARCq7n8ILqH4q74v4Jd0WSn0YnwOZzdQwEYGa
erav+OwJ0KsHDsfSusD4by2nTx/halpnZo8Z8y3OjqROMBoSluV1I2WkxVS8L8b4
0lEz4lyuHBXFktNjyQyZzFSfz6zzyKVo3MgLi5xxj64V1XZPq3rIW9PYwt0NTlH3
ZkBtFZTMd5RRrBZzVcxugjE6V+XzQwK3lVKKL8Rz9yhXH52ReBxlMI2WxL1UXYiL
zGsxc2abSWgROy7oi+Dvtj9E5carM7r/gNm/mZSQL/zlGUzyqNDAv33/5mBToAPW
EoQx35iXyAILmPJEZ2a+NHc+OGRH9bwXY03XDCWrgUTR9KQq3v6z2xbCWpYBMnAC
6ssLl35I1YGtAdkSH1hv
=kpA4
-----END PGP SIGNATURE-----

Re: [gentoo-user] Honeypot distro?

[Volker Armin Hemmann]

Am 03.04.2014 11:25, schrieb Pandu Poluan:
> My company ended up with several 'ancient' HP ProLiant G4 servers.
>
> We're thinking of setting up honeypots there.
>
> Although I know Gentoo is perfectly capable of becoming a honeypot, we
> currently prefer something... less involving in deployment :-D
>
> Now, since this mailing list unarguably contains the 'creme de la
> creme' of Linux users in the world... maybe you can help me in
> choosing a honeypot distro?
>
> I've been looking at several, such as "ADHD" or "Stratagem" or
> "Honeydrive", also stalwarts such as BackTrack ... but I still can't
> make up my mind yet.
>
> TIA!
>
> Rgds,
well, a honeypot is a trap. So you want it to look like a normal distro,
in best case, something corporate-y like RHEL or SLES that is something
completely different in reality.

So... gentoo?

[gentoo-user] Re: Honeypot distro?

[James]

Volker Armin Hemmann <volkerarmin <at> googlemail.com> writes:


> > We're thinking of setting up honeypots there.

> So... gentoo?

Pentoo?
(Kojoney - A Honeypot For The SSH Service)


hth,
James

Re: [gentoo-user] Re: Honeypot distro?

[Peter Humphrey]

On Sunday 06 Apr 2014 13:04:21 James wrote:

> Pentoo?
> (Kojoney - A Honeypot For The SSH Service)

Have you ever managed to install Kojoney on a Gentoo box, James? I got various 
errors when I tried it just now.

-- 
Regards
Peter

[gentoo-user] Re: Honeypot distro?

[James]

Peter Humphrey <peter <at> prh.myzen.co.uk> writes:


> > Pentoo?
> > (Kojoney - A Honeypot For The SSH Service)

> Have you ever managed to install Kojoney on a Gentoo box, James? 
> I got various errors when I tried it just now.


Nope, but I remeber some pentoo folks talking about it. It sounded
interesting, but my efforts on pentoo have stalled due to other,
more pressing work. I got a pentoo box fully installed and up,
but there is quite a bit of customization, under the hood. For me,
it'll take some time to fully flesh out pentoo, a security oriented
gentoo distro, before I'm fully compfortable with it. Pentoo is
an interesting work and their is an installation CD I talked about
on Gentoo User, some weeks/months ago.


Here is a fork of Kojoney; that MAY be easier to work with:

https://code.google.com/p/kojoney-patch/downloads/list

And a gentoo ebuild:
https://bugs.gentoo.org/show_bug.cgi?id=460066

or kippo:

https://code.google.com/p/gentoo-vaca-overlay/source/browse/tru
nk/net-analyzer/kippo

hth,
James

Re: [gentoo-user] Re: Honeypot distro?

[Peter Humphrey]

On Monday 07 Apr 2014 01:30:03 James wrote:

> Here is a fork of Kojoney; that MAY be easier to work with:
> 
> https://code.google.com/p/kojoney-patch/downloads/list
> 
> And a gentoo ebuild:
> https://bugs.gentoo.org/show_bug.cgi?id=460066
> 
> or kippo:
> 
> https://code.google.com/p/gentoo-vaca-overlay/source/browse/tru
> nk/net-analyzer/kippo

That's interesting - thanks James. I'll look into those.

-- 
Regards
Peter