Modern Honey Network (MHN)

Modern Honey Network

MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface. Honeypot deploy scripts include several common honeypot technologies, including Snort, Cowrie, Dionaea, and glastopf, among others.

For questions regarding troubleshooting your installation, please review the MHN Troubleshooting Guide, search past questions on the modern-honey-network Google Group, or send emails to modern-honey-network@googlegroups.com.

Features

MHN is a Flask application that exposes an HTTP API that honeypots can use to:

• Download a deploy script
• Connect and register
• Download snort rules
• Send intrusion detection logs

It also allows system administrators to:

• View a list of new attacks
• Manage snort rules: enable, disable, download

Installation

• The MHN server is supported on Ubuntu 14.04, Ubuntu 16.04, and Centos 6.9.
• Other versions of Linux may work but are generally not tested or supported.

Note: if you run into trouble during the install, please check out the troubleshooting guide on the wiki. If you only want to experiment with MHN on some virtual machines, please check out the Getting up and Running with Vagrant guide on the wiki.

$ cd /opt/
$ sudo git clone https://github.com/threatstream/mhn.git
$ cd mhn/

Run the following script to complete the installation. While this script runs, you will be prompted for some configuration options. See below for how this looks.

$ sudo ./install.sh

Configuration

===========================================================
MHN Configuration
===========================================================
Do you wish to run in Debug mode?: y/n n
Superuser email: YOUR_EMAIL@YOURSITE.COM
Superuser password:
Server base url [“http://1.2.3.4”]:
Honeymap url [“http://1.2.3.4:3000”]:
Mail server address [“localhost”]:
Mail server port [25]:
Use TLS for email?: y/n n
Use SSL for email?: y/n n
Mail server username [“”]:
Mail server password [“”]:
Mail default sender [“”]:
Path for log file [“mhn.log”]:

Running

If the installation scripts ran successfully, you should have a number of services running on your MHN server. See below for checking these.

user@precise64:/opt/mhn/scripts$ sudo /etc/init.d/nginx status
* nginx is running
user@precise64:/opt/mhn/scripts$ sudo /etc/init.d/supervisor status
is running
user@precise64:/opt/mhn/scripts$ sudo supervisorctl status
geoloc RUNNING pid 31443, uptime 0:00:12
honeymap RUNNING pid 30826, uptime 0:08:54
hpfeeds-broker RUNNING pid 10089, uptime 0:36:42
mhn-celery-beat RUNNING pid 29909, uptime 0:18:41
mhn-celery-worker RUNNING pid 29910, uptime 0:18:41
mhn-collector RUNNING pid 7872, uptime 0:18:41
mhn-uwsgi RUNNING pid 29911, uptime 0:18:41
mnemosyne RUNNING pid 28173, uptime 0:30:08

Running Modern Honey Network Behind a Proxy

For directions on running MHN behind a web proxy, follow the directions in the wiki.

Running Modern Honey Network Over HTTPS

By default MHN will run without HTTPS, to configure your installation to use SSL certificates directions can be found in the wiki.

Deploying honeypots with Modern Honey Network

MHN was designed to make scalable deployment of honeypots easier. Here are the steps for deploying a honeypot with MHN:

1. Login to your MHN server web app.
2. Click the “Deploy” link in the upper left-hand corner.
3. Select a type of honeypot from the drop-down menu (e.g. “Ubuntu Dionaea”).
4. Copy the deployment command.
5. Log in to a honeypot server and run this command as root.

If the deploy script successfully completes you should see the new sensor listed under your deployed sensor list. For a full list of supported sensors, check the list here: List of Supported Sensors

Source: https://github.com/threatstream/mhn