Skip to content

Latest commit

 

History

History
64 lines (57 loc) · 2.81 KB

Raspbian.md

File metadata and controls

64 lines (57 loc) · 2.81 KB

Install DShield Sensor on a Raspbian Pi

** For more detailed instructions with screen shots, see https://isc.sans.edu/honeypotinstall.pdf . **

In order to use the installation script on the Raspberry Pi, you will need to first prepare it.

  • Download and install the [Raspberry Pi Imager] (https://www.raspberrypi.com/software/)

  • Select "Raspberry Pi OS Lite (64-bit)" as your operating system. The default selection will work too if you prefer a GUI.

  • Customize the installation by clicking on the "gear" icon in the lower right hand corner of the image.

  • select "Enable SSH"

  • set a username and password (use this username instead of the "pi" user)

  • Optional (but recommended): Set up public-key authentication

  • Select the micro SD Card as "Storage". Be careful to select the right disk.

  • click "WRITE"

    [Note: The 64 Bit version of Raspberry Pi OS currently works better than the 32 Bit version]

Screen Shot 2022-05-02 at 10 40 51 AM

  • connect to the device using an ssh client (port 22), log in with user user and password you configured above.
  • make sure the Pi can reach out to the Internet using http(s), can resolve DNS, ... (DHCP)
  • make sure Pi's system time is somewhat reasonable, e.g.
date

if the time is "off" run (replace date with current date)

sudo date --set='2017-04-21 21:46:00' +'%Y-%m-%d %H:%M:%S'
  • update your Pi. The install script will do this as well, but it can take hours, so you are better off doing it first.
sudo apt update
sudo apt -uy dist-upgrade
  • reboot
sudo reboot
  • if GIT isn't already installed (will be the case e.g. when using the lite distro): install GIT
sudo apt -y install git
  • clone the GIT repository (which will create the "dshield" directory)
git clone https://github.com/DShield-ISC/dshield.git
  • run the installation script, in case you do have an earlier system, copy the files /etc/dshield.ini and /etc/dshield.sslca from that system to /etc; you will be able to reuse the data entered for that system.
cd dshield/bin
sudo ./install.sh
  • if curious watch the debug log file in parallel to the installation: connect with an additional ssh session to the system and run (name of the log file will be printed out by the installation script):
sudo tail -f LOGFILE
  • answer the questions of the installation routine
  • if everything goes fine and the script finishes OK: reboot the device
sudo reboot
  • from now on you have to use port 12222 to connect to the device by SSH
  • expose the Pi to inbound traffic. For example, in many firewalls and home routers you will be able to configure it as a "DMZ Hosts", "exposed devices", ... see hints below for - well - hints ...