One month ago, Johannes released a beta version of a DShield sensor for the Raspberry Pi. The Pi is a cool computer to run such kind of tools but you must have a spare one and it requires extra cables and power (ok, not so much). Building and maintaining a virtual machine for an application with low requirements in CPU, memory and bandwidth is a bit overkill. Why not use a container? 

 

I re-used Johannes’s installation script, restricted the installation to the bare minimum. The goal is just to run a cowrie instance and enable the DShield output module. To report collected data to DShield, you need an account. 

 

Building the container is very easy:

# git clone https://github.com/xme/dshield-docker
# cd dshield-docker
# docker build -t dshield/honeypot

The container performs a check of your DShield credentials at boot time. You can pass them to the container using a text file (keep it in a safe place!)

# cat <<_END_ >env.txt
DSHIELD_UID=xxxxx
DSHIELD_APIKEY=xxxxx
DSHIELD_EMAIL=xxxxx
_END_
# docker run -d -p 2222:2222 —env=env.txt —restart=always —name dshield dshield/honeypot

Interested? More information and sources are available here. Happy hunting!