Advanced Configuration
Each of the services and honeypots in the CommunityHoneyNetwork project should work together out of the box following
the CHN Server Install. More advanced configuration options can be configured using an
/etc/default/
Services running in Docker containers can be configured this way as well, mounting the configuration files into place using the --volume
argument for Docker.
Using Docker/docker-compose, each of the containers can share a single sysconfig file, mounted into the appropriate location for each. Options not appropriate for each particular service are just unused.
The following is an example of a shared configuration file, using default values:
# CHN Server options
CHNSERVER_DEBUG=false
EMAIL=admin@localhost
HONEYMAP_URL=''
SERVER_BASE_URL='https://CHN.SITE.TLD'
MAIL_SERVER='127.0.0.1'
MAIL_PORT=25
MAIL_TLS='y'
MAIL_SSL='y'
MAIL_USERNAME=''
MAIL_PASSWORD=''
DEFAULT_MAIL_SENDER=''
CERTIFICATE_STRATEGY='CERTBOT'
# Redis config options
REDIS_URL='redis://redis:6379'
# MongoDB config options
MONGODB_HOST='mongodb'
MONGODB_PORT=27017
# HPfeeds config options
HPFEEDS_HOST='hpfeeds'
HPFEEDS_PORT=10000
# Mnemosyne config options
IGNORE_RFC1918=False
Building docker containers from source
We recommend using the pre-built docker images on hub.docker.com for building CHN Server and honeypots. However, there may be circumstances where you wish to build your own docker images from source.
To build from source as opposed to from an image, simply add the following lines before the image
tag under the service name in your docker-compose.yml
file:
build:
dockerfile: ./Dockerfile
context: https://github.com/CommunityHoneyNetwork/<repo_name>.git#<version_tag>
For example, if you wish to build CHN Server from source, your docker-compose file will look like the following:
version: '2'
services:
mongodb:
build:
dockerfile: ./Dockerfile
context: https://github.com/CommunityHoneyNetwork/mongodb.git#v1.8
image: mongodb:ubuntu
volumes:
- ./storage/mongodb:/var/lib/mongo:z
redis:
build:
dockerfile: ./Dockerfile
context: https://github.com/CommunityHoneyNetwork/redis.git#v1.8
image: redis:ubuntu
volumes:
- ./storage/redis:/var/lib/redis:z
hpfeeds:
build:
dockerfile: ./Dockerfile
context: https://github.com/CommunityHoneyNetwork/hpfeeds.git#v1.8
image: hpfeeds:ubuntu
links:
- mongodb:mongodb
ports:
- "10000:10000"
mnemosyne:
build:
dockerfile: ./Dockerfile
context: https://github.com/CommunityHoneyNetwork/mnemosyne.git#v1.8
image: mnemosyne:ubuntu
links:
- mongodb:mongodb
- hpfeeds:hpfeeds
chnserver:
build:
dockerfile: ./Dockerfile
context: https://github.com/CommunityHoneyNetwork/CHN-Server.git#v1.8
image: chnserver:ubuntu
volumes:
- ./config/collector:/etc/collector:z
links:
- mongodb:mongodb
- redis:redis
- hpfeeds:hpfeeds
ports:
- "80:80"
The above config will build docker images from the v1.8 release version of CHN. You can change the URL to point to specific tagged releases or even specific commits.
Build the Docker images for the containers that make up the server:
$ docker-compose build
Once the images are built, you start up your new server with:
$ docker-compose up -d
Accepting all traffic from a default route
There are occasions where you would like for your honeypot host to accept
traffic from a large network, instead of just the IP address that has been
assigned to your NIC. One way to do this is to use the AnyIP linux kernel
feature. Once traffic is being routed to your server, create a systemd service
file with the contents below. This example uses 192.168.1.1/24
as the target
network you wish the host to accept traffic for, and should be changed accordingly:
/etc/systemd/system/anyip-hp.service
[Unit]
Description=Enable AnyIP for my Honeypots
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/ip addr add 192.168.1.1/24 dev lo
ExecStop=/sbin/ip addr del 192.168.1.1/24 dev lo
StandardOutput=journal
[Install]
WantedBy=multi-user.target
Enable the service with:
$ sudo systemctl enable anyip-hp.service
$ sudo systemctl start anyip-hp.service
If this worked correctly, you will see the new network you added in the output of
$ sudo ip addr show lo
The service can be stopped with:
$ sudo systemctl stop anyip-hp.service