Install Dionaea on Ubuntu 12.04 LTS (Precise Pangolin)

---

Posted: 2015-12-12 by Admin

---

After running Kippo a few Month i decided to try another Honeypot System, which is Dionaea. Dionaea is a low interaction honeypot which offers the following services SMB, HTTP, FTP and TFTP. It is easy to install but need some tricks which i want to show you. Add the both repositories to your /etc/apt/sources.list and install Dionaea.

deb http://ppa.launchpad.net/honeynet/nightly/ubuntu precise main
deb-src http://ppa.launchpad.net/honeynet/nightly/ubuntu precise main

sudo apt-get update
sudo apt-get install dionaea

After you installed Dionaea, you have to set up the Directories.

sudo mkdir -p /var/dionaea/wwwroot
sudo mkdir -p /var/dionaea/binaries
sudo mkdir -p /var/dionaea/log
sudo chown -R nobody:nogroup /var/dionaea/

Update the Config file with the new Directories.

sudo mv /etc/dionaea/dionaea.conf.dist /etc/dionaea/dionaea.conf
sudo sed -i 's/var\/dionaea\///g' /etc/dionaea/dionaea.conf
sudo sed -i 's/log\//\/var\/dionaea\/log\//g' /etc/dionaea/dionaea.conf

Before we start Dionaea, we should edit the Configuration which is located at /etc/dionaea/dionaea.conf. First i suggest you to edit the logging to reduce the amount of logging. We set the levels from all to warning,error.

logging = {
    default = {
      file = "/var/dionaea/log/dionaea.log"
      levels = "warning,error"
      domains = "*"
    }

    errors = {
       file = "/var/dionaea/log/dionaea-errors.log"
       levels = "warning,error"
       domains = "*"
   }
}

Next i had to edit the listen Section, where i changed the mode from getifaddrs (automatic) to manual else my Box was not reachable from the Internet.

listen =
{
   mode = "manual"
   addrs = { eth0 = ["::"] }
}

Now we can start Dionaea as Deamon.

sudo dionaea -c /etc/dionaea/dionaea.conf -w /var/dionaea -u nobody -g nogroup -D