Updated on September 9, 2020 at 12:23 am
As I’ve mentioned in a couple other posts, I have MHN honeypots running both at home (on my internal networks) and out on the internet.
A point of irritation for me is cloning an existing honeypot VM. Basically, there’s a unique UUID for each sensor and unless you can get the UUID updated correctly on the cloned sensor, it won’t report back to the MHN server properly.
I do have honeypot sensors in Azure, however cloning in Azure requires a priest and the sacrificing of a chicken although the configuration settings that need to be adjusted after cloning will work just the same in Azure assuming you do successfully clone a sensor.
So snapshotting and cloning in DigitalOcean is way simpler; take a snapshot, put the snapshot in the correct region and create a droplet from that snapshot.
Once you clone the original sensor, you will need to configure a few settings so that it communicates back to the MHN server properly:
Execute the registration.sh script located in the root directory using your MHN server URL, the unique identifier (at the end of the deploy command) and the type of honeypot it is.
sh registration.sh http://192.168.1.1 xxxxxxxx cowrie
This will register with the MHN server and give you back the UUID for this sensor.
You will then need to update two settings in the cowrie.cfg file.
# HPFeeds
#
[output_hpfeeds]
server = MHN server IP
port = 10000
identifier = generated after running registration.sh
secret = get this from the MHN server
debug=false
Execute a python script on the MHN server at /opt/hpfeeds/broker/
python dump_users.py
This will give you the secrets associated with each UUID. Copy the correct secret into the cowrie.cfg file on your cloned sensor and restart.
You should be good to go and your newly cloned sensor will be communicating with the MHN server.