Use the following guide to deploy DShield honeypot using the free compute tier (https://aws.amazon.com/ec2/?did=ft_card&trk=ft_card). This guide uses Ubuntu as Amazon has deprecated AWS Linux AMI (https://aws.amazon.com/amazon-linux-ami/#:~:text=The%20Amazon%20Linux%20AMI%20will,long%20term%20support%20through%202023.)
-
Be sure to select the region you want to launch the honeypot.
-
Navigate to EC2 service & click launch instance:
-
*Select "free tier eligible" and search for Ubuntu images, select version 18.04. Please be advised that current installer build does not work on Ubuntu 20.04:
-
Choose a general-purpose t2.micro instance along with storage size of your preference:
-
Create a new network security group and give your home public IP (in case you have a static IP address from your ISP.) full access. If you do not have static IP address and want higher security add your renewed IP address when accessing the honeypot.
-
Launch the instance and login via SSH
-
Optional: If you're going to directly ingest logs for analysis set hostname for your honeypot using:
sudo hostnamectl set-hostname "hostname"
- Make sure the OS is updated
sudo apt update && sudo apt full-upgrade -y
- You will have to install Python2, Python-pip, git [may be installed by default] manually. You may refer: https://linuxize.com/post/how-to-install-pip-on-ubuntu-20.04/ or use the following commands:
It is advisable to be in the home directory when carrying out the following commands. (cd ~)
cd ~ && sudo apt update && sudo apt full-upgrade -y && sudo apt install python-pip -y && sudo apt install python3-pip -y && sudo apt update && sudo apt install python2.7 -y && sudo apt install git -y && curl https://bootstrap.pypa.io/get-pip.py --output get-pip.py && sudo python2 get-pip.py && sudo python3 get-pip.py
- Follow installation steps from Readme.md
mkdir install
cd install
git clone https://github.com/DShield-ISC/dshield.git
cd dshield/bin
sudo ./install.sh