but before I do, I figured I’d ask if anyone’s aware of any tools/software that covers my basic needs of setting something basic that may alert me if there are any intruders in the network?
Needs:
- Fake ssh login that can trigger a script so I can take care of the rest.
- Fake network share (cifs/samba) that can trigger a script if anything tries to access it.
Would be great if there are any docker images I can just pull, make some minor edits, and run.
Thanks!
I am not affiliated with them, but you can get a trigger file (Canary Token) from the people at Thinkst. I quickly looked around their site, and did not see how, but their adds say you can get them for free, without having to buy their canary hardware device.
you can get them for free
https://canarytokens.org/generate should work just fine
Check this out, is super fun! https://github.com/skeeto/endlessh
I’d like to create a funnypot
You can also use something called canary tokens. You would put a file on a share that triggers an action to alert you.
The Honeynet Project, related to the SANS Institute when I last checked, has a lot of resources on honeypots that are worth a look, if you haven’t already.
I haven’t used it, but here is my first web search result: https://github.com/droberson/ssh-honeypot Also: https://github.com/paralax/awesome-honeypots
Thinkst have also published opencanary which you can run yourself and contains a decent subset of what their hardware canaries run, including SSH and cifs.
Honeypy