From bb6f62a3b021ef84f4b3d542a2e00e585fe57aa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?DeemOnSecurity=F0=9F=A4=98?= Date: Tue, 7 Mar 2023 22:43:02 -0500 Subject: [PATCH 1/2] Document Reorganization --- copyright-wamerican => COPYRIGHT.md | 0 README.md | 64 ++---------------- README_AWS.md | 27 -------- .../dshield-architecture/Architecture.md | 0 .../ConfigurationDatabase.md} | 0 .../dshield-architecture/Cron.md | 0 .../Logging.md} | 0 .../ServerHeaders.md | 0 .../general-guides/Hardware.md | 0 .../general-guides/LocalAdressLogging.md | 0 .../general-guides/Troubleshooting.md | 0 .../install-instructions/AWS.md | 0 docs/install-instructions/Raspbian.md | 62 +++++++++++++++++ .../install-instructions/Ubuntu.md | 0 .../install-instructions/openSUSE.md | 0 docs/{ => resources}/myreports.png | Bin docs/{ => resources}/myssh.png | Bin .../router-configuration/OPNSense.md | 0 18 files changed, 67 insertions(+), 86 deletions(-) rename copyright-wamerican => COPYRIGHT.md (100%) delete mode 100644 README_AWS.md rename Architecture.md => docs/dshield-architecture/Architecture.md (100%) rename docs/{README.md => dshield-architecture/ConfigurationDatabase.md} (100%) rename README_cron.md => docs/dshield-architecture/Cron.md (100%) rename docs/{logging.md => dshield-architecture/Logging.md} (100%) rename docs/{ => dshield-architecture}/ServerHeaders.md (100%) rename HARDWARE.md => docs/general-guides/Hardware.md (100%) rename LocalAdressLogging.md => docs/general-guides/LocalAdressLogging.md (100%) rename README_troubleshooting.md => docs/general-guides/Troubleshooting.md (100%) rename AWS_installation_guide.md => docs/install-instructions/AWS.md (100%) create mode 100644 docs/install-instructions/Raspbian.md rename README_Ubuntu.md => docs/install-instructions/Ubuntu.md (100%) rename README_openSUSE.md => docs/install-instructions/openSUSE.md (100%) rename docs/{ => resources}/myreports.png (100%) rename docs/{ => resources}/myssh.png (100%) rename RouterDocs/OPNSense.txt => docs/router-configuration/OPNSense.md (100%) diff --git a/copyright-wamerican b/COPYRIGHT.md similarity index 100% rename from copyright-wamerican rename to COPYRIGHT.md diff --git a/README.md b/README.md index 9736074c..5a755e0b 100644 --- a/README.md +++ b/README.md @@ -18,65 +18,11 @@ If there is the need for other distros, "someone" has to check and maintain the ## Installation -** For more detailed instructions with screen shots, see https://isc.sans.edu/honeypotinstall.pdf . ** - -In order to use the installation script on the Raspberry Pi, you will need to first prepare it. - -- Download and install the [Raspberry Pi Imager] (https://www.raspberrypi.com/software/) -- Select "Raspberry Pi OS Lite (32-bit)" as your operating system. The default selection will work too if you prefer a GUI. -- Customize the installation by clicking on the "gear" icon in the lower right hand corner of the image. -- select "Enable SSH" -- set a username and password (use this username instead of the "pi" user) -- Optional (but recommended): Set up public-key authentication -- Select the micro SD Card as "Storage". Be careful to select the right disk. -- click "WRITE" - -![Screen Shot 2022-05-02 at 10 40 51 AM](https://user-images.githubusercontent.com/1626447/166254332-0dd2be8a-0ef6-42a2-8f6d-9610b2664323.png) - -- connect to the device using an ssh client (port 22), log in with user user and password you configured above. -- make sure the Pi can reach out to the Internet using http(s), can resolve DNS, ... (DHCP) -- make sure Pi's system time is somewhat reasonable, e.g. -``` -date -``` -if the time is "off" run (replace date with current date) -``` -sudo date --set='2017-04-21 21:46:00' +'%Y-%m-%d %H:%M:%S' -``` -- update your Pi. The install script will do this as well, but it can take **hours**, so you are better off doing it first. -``` -sudo apt update -sudo apt -uy dist-upgrade -``` -- reboot -``` -sudo reboot -``` -- if GIT isn't already installed (will be the case e.g. when using the lite distro): install GIT -``` -sudo apt -y install git -``` -- clone the GIT repository (which will create the "dshield" directory) -``` -git clone https://github.com/DShield-ISC/dshield.git -``` -- run the installation script, in case you do have an earlier system, copy the files `/etc/dshield.ini` and `/etc/dshield.sslca` from that system to `/etc`; you will be able to reuse the data entered for that system. -``` -cd dshield/bin -sudo ./install.sh -``` -- if curious watch the debug log file in parallel to the installation: connect with an additional ssh session to the system and run (name of the log file will be printed out by the installation script): -``` -sudo tail -f LOGFILE -``` -- answer the questions of the installation routine -- if everything goes fine and the script finishes OK: reboot the device -``` -sudo reboot -``` -- from now on you have to use port 12222 to connect to the device by SSH -- expose the Pi to inbound traffic. For example, in many firewalls and home routers - you will be able to configure it as a "DMZ Hosts", "exposed devices", ... see [hints below](#how-to-place-the-dshield-sensor--honeypot) for - well - hints ... +Reference the following files for OS-specific installation instructions: +[Raspbian](docs/install-instructions/Raspbian.md) (Recommended) +[Ubuntu](docs/install-instructions/Ubuntu.md) +[openSUSE](docs/install-instructions/openSUSE.md) +[AWS](docs/install-instructions/AWS.md) ## Background: `install.sh` diff --git a/README_AWS.md b/README_AWS.md deleted file mode 100644 index 2500e134..00000000 --- a/README_AWS.md +++ /dev/null @@ -1,27 +0,0 @@ -Support for AWS AMI Linux is still work in progress. Please report issues. -As of the last testing, you may lose ssh access. -Please note that you need to open port 12222 using an appropriate security policy. - -``` -sudo yum update -sudo yum install git -git clone https://github.com/DShield-ISC/dshield.git -sudo dshield/bin/install.sh -sudo reboot -``` - -To update the honeypot software, run -``` -cd ~/dshield/bin -git pull -sudo ./install.sh --udpate -``` - -If you very recently installed or updated the honeypot (within a few days): -``` -cd ~/dshield/bin -git pull -sudo ./install.sh --update --fast -``` - -The "--fast" mode will skip some of the updates, package installation and security checks. If you get errors, try it without the --fast switch \ No newline at end of file diff --git a/Architecture.md b/docs/dshield-architecture/Architecture.md similarity index 100% rename from Architecture.md rename to docs/dshield-architecture/Architecture.md diff --git a/docs/README.md b/docs/dshield-architecture/ConfigurationDatabase.md similarity index 100% rename from docs/README.md rename to docs/dshield-architecture/ConfigurationDatabase.md diff --git a/README_cron.md b/docs/dshield-architecture/Cron.md similarity index 100% rename from README_cron.md rename to docs/dshield-architecture/Cron.md diff --git a/docs/logging.md b/docs/dshield-architecture/Logging.md similarity index 100% rename from docs/logging.md rename to docs/dshield-architecture/Logging.md diff --git a/docs/ServerHeaders.md b/docs/dshield-architecture/ServerHeaders.md similarity index 100% rename from docs/ServerHeaders.md rename to docs/dshield-architecture/ServerHeaders.md diff --git a/HARDWARE.md b/docs/general-guides/Hardware.md similarity index 100% rename from HARDWARE.md rename to docs/general-guides/Hardware.md diff --git a/LocalAdressLogging.md b/docs/general-guides/LocalAdressLogging.md similarity index 100% rename from LocalAdressLogging.md rename to docs/general-guides/LocalAdressLogging.md diff --git a/README_troubleshooting.md b/docs/general-guides/Troubleshooting.md similarity index 100% rename from README_troubleshooting.md rename to docs/general-guides/Troubleshooting.md diff --git a/AWS_installation_guide.md b/docs/install-instructions/AWS.md similarity index 100% rename from AWS_installation_guide.md rename to docs/install-instructions/AWS.md diff --git a/docs/install-instructions/Raspbian.md b/docs/install-instructions/Raspbian.md new file mode 100644 index 00000000..2d04d5fe --- /dev/null +++ b/docs/install-instructions/Raspbian.md @@ -0,0 +1,62 @@ +# dshield + + +** For more detailed instructions with screen shots, see https://isc.sans.edu/honeypotinstall.pdf . ** + +In order to use the installation script on the Raspberry Pi, you will need to first prepare it. + +- Download and install the [Raspberry Pi Imager] (https://www.raspberrypi.com/software/) +- Select "Raspberry Pi OS Lite (32-bit)" as your operating system. The default selection will work too if you prefer a GUI. +- Customize the installation by clicking on the "gear" icon in the lower right hand corner of the image. +- select "Enable SSH" +- set a username and password (use this username instead of the "pi" user) +- Optional (but recommended): Set up public-key authentication +- Select the micro SD Card as "Storage". Be careful to select the right disk. +- click "WRITE" + +![Screen Shot 2022-05-02 at 10 40 51 AM](https://user-images.githubusercontent.com/1626447/166254332-0dd2be8a-0ef6-42a2-8f6d-9610b2664323.png) + +- connect to the device using an ssh client (port 22), log in with user user and password you configured above. +- make sure the Pi can reach out to the Internet using http(s), can resolve DNS, ... (DHCP) +- make sure Pi's system time is somewhat reasonable, e.g. +``` +date +``` +if the time is "off" run (replace date with current date) +``` +sudo date --set='2017-04-21 21:46:00' +'%Y-%m-%d %H:%M:%S' +``` +- update your Pi. The install script will do this as well, but it can take **hours**, so you are better off doing it first. +``` +sudo apt update +sudo apt -uy dist-upgrade +``` +- reboot +``` +sudo reboot +``` +- if GIT isn't already installed (will be the case e.g. when using the lite distro): install GIT +``` +sudo apt -y install git +``` +- clone the GIT repository (which will create the "dshield" directory) +``` +git clone https://github.com/DShield-ISC/dshield.git +``` +- run the installation script, in case you do have an earlier system, copy the files `/etc/dshield.ini` and `/etc/dshield.sslca` from that system to `/etc`; you will be able to reuse the data entered for that system. +``` +cd dshield/bin +sudo ./install.sh +``` +- if curious watch the debug log file in parallel to the installation: connect with an additional ssh session to the system and run (name of the log file will be printed out by the installation script): +``` +sudo tail -f LOGFILE +``` +- answer the questions of the installation routine +- if everything goes fine and the script finishes OK: reboot the device +``` +sudo reboot +``` +- from now on you have to use port 12222 to connect to the device by SSH +- expose the Pi to inbound traffic. For example, in many firewalls and home routers + you will be able to configure it as a "DMZ Hosts", "exposed devices", ... see [hints below](#how-to-place-the-dshield-sensor--honeypot) for - well - hints ... diff --git a/README_Ubuntu.md b/docs/install-instructions/Ubuntu.md similarity index 100% rename from README_Ubuntu.md rename to docs/install-instructions/Ubuntu.md diff --git a/README_openSUSE.md b/docs/install-instructions/openSUSE.md similarity index 100% rename from README_openSUSE.md rename to docs/install-instructions/openSUSE.md diff --git a/docs/myreports.png b/docs/resources/myreports.png similarity index 100% rename from docs/myreports.png rename to docs/resources/myreports.png diff --git a/docs/myssh.png b/docs/resources/myssh.png similarity index 100% rename from docs/myssh.png rename to docs/resources/myssh.png diff --git a/RouterDocs/OPNSense.txt b/docs/router-configuration/OPNSense.md similarity index 100% rename from RouterDocs/OPNSense.txt rename to docs/router-configuration/OPNSense.md From b7f285d9b91101581b874fa365e3bee466a76d2b Mon Sep 17 00:00:00 2001 From: Will Deem Date: Tue, 7 Mar 2023 22:52:50 -0500 Subject: [PATCH 2/2] copyright for library, not DShield --- COPYRIGHT.md => copyright-wamerican | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename COPYRIGHT.md => copyright-wamerican (100%) diff --git a/COPYRIGHT.md b/copyright-wamerican similarity index 100% rename from COPYRIGHT.md rename to copyright-wamerican