T-Pot is a combined dockerized honeypots; conpot, cowrie, dionaea, elasticpot, emobility, glastopf and honeytrap with suricata a Network Security Monitoring engine and the ELK stack to beautifully visualize all the events captured by T-Pot. I will be setting this up for my internal network
Start with a fresh ubuntu 16.04 box.
2- We will be doing the install outlined here. – https://github.com/dtag-dev-sec/t-pot-autoinstall
git clone https://github.com/dtag-dev-sec/t-pot-autoinstall.git cd t-pot-autoinstall/ sudo su ./install.sh
1- But first you need to fiddle with some SSH keys. (as normal user. User to run tpot)
ssh-keygen cd .ssh touch authorized_keys cat identity.pub >> authorized_keys
Done. The bash script did the rest of the lifting for you.