Deploy The Modern Honey Network

Step 1 - Initial Server Setup

I am using an Ubuntu 18.04 t2.medium server with 40GB of attached storage on Amazon AWS.    This is meets the hardware recommendations listed here.  Although I am deploying this server in AWS this tutorial should work any platform running Ubuntu 18.04 (or and Debian based linux).

Once the Ubuntu instance is ready, login and start do some updates:

sudo apt-get update & sudo apt-get upgrade -y

Optional (but highly recommended):  Make sure you have a public domain name.  This is mandatory if you want to use SSL.

Step 2  - Install git

Since we are pulling Modern Honey Network (MHN) from GitHub, we need to install git.

sudo apt-get install git -y

Luckily it looks like git is already installed.

Step 3 - Clone MHN

Now all we have to do is clone MHN into the /opt directory.

cd /opt
sudo git clone https://github.com/threatstream/mhn.git

Step 4 - Install MHN

This is where the magic happens!  All we have to do is run the the setup script and it will install and configure everything for MHN to run.

cd /opt/mhn/
sudo ./install.sh

Note:  This part will take a little bit

At the end of the script it will ask you a few questions:

Do you wish to run in Debug mode?: y/n n
Superuser email: your email address
Superuser password: enter a good complex password
Superuser password: (again): repeat a good complex password
Server base url ["http://IPAddress"]: https://mhn.subproject9.com/ (or use IP)
Honeymap url ["https://domain:3000"]: https://mhn.subproject9.com:3000 (or use IP)

Note:  I am using HTTPS in my settings, again this is optional but highly recommended.

Next, we wait for the initialization of the database and importing of SNORT rules.  This will take a long time.

After all the rules load, the install will ask if you want to install Greylog, ELK and add rules to UFW.  In this tutorial I will not be installing Greylog or ELK.  I plan to eventually integrate the alerts/logs into a per-existing ELK server, but that is for another tutorial.

Step 5 - Get SSL Certs using Certbot

First, lets install Certbot:

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot

Now lets get our certs:

sudo certbot certonly --standalone --preferred-challenges http -d mhn.subproject9.com

If everything goes well you should see something like this:

Now that we have the certs, lets copy them to where we need them:

sudo cp /etc/letsencrypt/live/mhn.subproject9.com/*.pem /etc/ssl/private

Step 6 - Configure MHN to run over HTTPS

Edit the nginx config file:  sudo nano /etc/nginx/sites-enabled/default

Server {
    listen               80;
    listen              443 ssl;
    server_name         _;
    ssl_certificate     /etc/ssl/private/fullchain.pem;
    ssl_certificate_key /etc/ssl/private/privkey.pem;

    if ($ssl_protocol = "") {
        rewrite ^ https://$host$request_uri? permanent;
    }

    location / { 
        try_files $uri @mhnserver; 
    }
    
    root /opt/www;

    location @mhnserver {
      include uwsgi_params;
      uwsgi_pass unix:/tmp/uwsgi.sock;
    }

    location  /static {
      alias /opt/mhn/server/mhn/static;
    }
}

After you make the changes, save the file.

Now lets restart nginx:  sudo /etc/init.d/nginx restart

Now lets test the interface to make sure everything is working:

SUCCESS!

Step 7 - Deploying Honeypots

Deploying honeypots with MHN is extremely easy!

Log into the web interface and select "Deploy" on the top menu:

Select the honeypot you would like to deploy:

Now, all you have to do is copy the command and drop it a clean install of Ubuntu, Centos 7 or a Raspberry Pi.

Note:  You must install as root and the target server for install must not have any other services deployed.

Leave a Reply