this post was submitted on 05 Sep 2023
52 points (90.6% liked)

Selfhosted

38849 readers
208 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
52
Was thinking of creating a honeypot (lemmy.ml)
submitted 11 months ago* (last edited 11 months ago) by KLISHDFSDF@lemmy.ml to c/selfhosted@lemmy.world
18 comments fedilink hide all child comments
 

but before I do, I figured I'd ask if anyone's aware of any tools/software that covers my basic needs of setting something basic that may alert me if there are any intruders in the network?

Needs:

  1. Fake ssh login that can trigger a script so I can take care of the rest.
  2. Fake network share (cifs/samba) that can trigger a script if anything tries to access it.

Would be great if there are any docker images I can just pull, make some minor edits, and run.

Thanks!

top 18 comments
sorted by: hot top controversial new old
[–] blarg_dunsen@sh.itjust.works 31 points 11 months ago

People were close, but what you actually want is OpenCanary. It fakes SSH and Samba services and can be configured to alert you when triggered.

[–] notexecutive@sh.itjust.works 22 points 11 months ago (5 children)

....why would you do this?

[–] KLISHDFSDF@lemmy.ml 28 points 11 months ago (1 children)

I plan on making it available inside my own network, not public. This way if someone makes it past my security, I at least have something that might "catch" them in the act and disable my network so I can intervene. Just another security layer.

[–] chandz05@lemmy.world 3 points 11 months ago

I have never thought about doing this... But this is actually such a good idea. I'm probably going to set this up myself

[–] lilShalom@lemmy.basedcount.com 20 points 11 months ago (1 children)

If you place this on the inside of your network and it triggers, youre either compromised or a scanner/ person triggered it.

[–] finestnothing@lemmy.world 1 points 11 months ago

That's the idea I think

[–] recursive_recursion@programming.dev 15 points 11 months ago* (last edited 11 months ago)

one of the best ways to protect your friends is to leave juicy bait that only zero-sum people would try to steal

plus wasting malicious user's time also provides multiple benefits such as reducing the prevalence of spam and DDoS attacks

[–] FuntyMcCraiger@sh.itjust.works 9 points 11 months ago

Do you not feel the itch of curiosity?

[–] Smk@lemmy.ca 3 points 11 months ago

FOR SCIENCE!1!!

[–] waspentalive@lemmy.one 7 points 11 months ago (1 children)

I am not affiliated with them, but you can get a trigger file (Canary Token) from the people at Thinkst. I quickly looked around their site, and did not see how, but their adds say you can get them for free, without having to buy their canary hardware device.

[–] Racle@sopuli.xyz 5 points 11 months ago* (last edited 11 months ago)

you can get them for free

https://canarytokens.org/generate should work just fine

[–] anzo@programming.dev 6 points 11 months ago

Check this out, is super fun! https://github.com/skeeto/endlessh

[–] lilShalom@lemmy.basedcount.com 5 points 11 months ago

You can also use something called canary tokens. You would put a file on a share that triggers an action to alert you.

[–] Bristlerock@kbin.social 4 points 11 months ago

The Honeynet Project, related to the SANS Institute when I last checked, has a lot of resources on honeypots that are worth a look, if you haven't already.

[–] electromage@lemm.ee 4 points 11 months ago

I'd like to create a funnypot

[–] matejc@matejc.com 1 points 11 months ago

I haven't used it, but here is my first web search result: https://github.com/droberson/ssh-honeypot Also: https://github.com/paralax/awesome-honeypots

[–] iMeddles@infosec.pub 1 points 11 months ago

Thinkst have also published opencanary which you can run yourself and contains a decent subset of what their hardware canaries run, including SSH and cifs.

[–] lilShalom@lemmy.basedcount.com -1 points 11 months ago

Honeypy