Ansible Automation For OpenCanary Honeypot Deployment | BPC-AKR project 2020

Prerequisites

• Kali Linux 2020.3, there's a problem with the new 2020.4 -> broken repos for Ansible
• Ansible
• Python

How to run

1) Set up vars and secrets

Before running anything, you have to create your own user.yml and mail_secret.yml config files. Don't worry, you don't have to create anything on your own, in order to generate these files, you can use the script called set_up_vars.sh that is located in the root directory of this repository.

How to use the set_up_vars.sh script

This script requires 3 arguments - the name of your gmail account, password to your gmail account and an email account that the alert mails should be sent to.
Please keep in mind, that it is crucial to enter those variables in the exact order as they were stated in the previous sentence.
This is how you call the script:

./set_up_vars.sh [email protected] example_passwd [email protected]

After that you are prompted to give a password for Ansible Vault encryption of the mail_secret.yml file.

New Vault password: 

And finally just re-enter your chosen Ansible Vault password.

Confirm New Vault password: 

2) Service vars

By default these services are enabled and supported by this repository: ssh, ftp, http, telnet. If you desire to deploy different services, edit the vars/services.yml file to your liking. Just pay attenttion to the OpenCanary documentation because some of the services require a special setup which this repository isn't supporting yet.

enable_ftp: "true"
enable_ssh: "true"
enable_http: "true"
enable_telnet: "true"
enable_httpproxy: "false"
enable_portscan: "false"
enable_mysql: "false"
enable_redis: "false"
enable_rdp: "false"
enable_sip: "false"
enable_snmp: "false"
enable_ntp: "false"
enable_tftp: "false"
enable_mssql: "false"
enable_vnc: "false"
enable_git: "false"

3) Deploy OpenCanary honeypot

To do that make sure to be in the root directory of this repository and simply run the following command:

./main.sh

After the deployment, the last task of the Ansible playbook will show you what services were enabled during the deployment.

TASK [Print the to-deploy services] ******************************************************************
changed: [localhost] => (item=enable_ftp)
changed: [localhost] => (item=enable_ssh)
changed: [localhost] => (item=enable_http)
changed: [localhost] => (item=enable_telnet)

How to run with added or removed services without scraping the whole honeypot

To do that simply use restart_and_deploy.yml playbook located in the playbooks directory.

sudo ansible-playbook --ask-vault-pass playbooks/restart_and_deploy.yml

What if I want to manually deactivate the honeypot?

Just run this helper script with the path to the virtual environment as an argument.

./helper_scripts/deactivate.sh /home/honey/venv