Installation
Start by cloning the project
# clone the Greedybear project repository
git clone https://github.com/honeynet/GreedyBear
cd GreedyBear/
# construct environment files from templates
cp .env_template .env
cd docker/
cp env_file_template env_file
cp env_file_postgres_template env_file_postgres
cd ..
cp frontend/public/env_template.js frontend/public/env.js
Now you can start by building the image using docker-compose and run the project.
# build the image locally
docker-compose build
# start the app
docker-compose up
# now the app is running on http://localhost:80
# shut down the application
docker-compose down
Note: To create a superuser run the following:
The app administrator can enable/disable the extraction of source IPs for specific honeypots from the Django Admin. This is used for honeypots that are not specifically implemented to extract additional information (so not Log4Pot and Cowrie).
Note that GreedyBear needs a running instance of ElasticSearch of a TPoT to function. If you don't have one, you can make the following changes to make GreeyBear spin up it's own ElasticSearch and Kibana instances. (...Care! This option would require enough RAM to run the additional containers. Suggested is >=16GB):
- In
docker/env_file
, set the variableELASTIC_ENDPOINT
tohttp://elasticsearch:9200
. - Add
:docker/elasticsearch.yml
to the last definedCOMPOSE_FILE
variable or uncomment the# local development with elasticsearch container
block in.env
file.
Environment configuration
In the env_file
, configure different variables as explained below.
Required variable to set:
DEFAULT_FROM_EMAIL
: email address used for automated correspondence from the site manager (example:noreply@mydomain.com
)DEFAULT_EMAIL
: email address used for correspondence with users (example:info@mydomain.com
)EMAIL_HOST
: the host to use for sending email with SMTPEMAIL_HOST_USER
: username to use for the SMTP server defined in EMAIL_HOSTEMAIL_HOST_PASSWORD
: password to use for the SMTP server defined in EMAIL_HOST. This setting is used in conjunction with EMAIL_HOST_USER when authenticating to the SMTP server.EMAIL_PORT
: port to use for the SMTP server defined in EMAIL_HOST.EMAIL_USE_TLS
: whether to use an explicit TLS (secure) connection when talking to the SMTP server, generally used on port 587.EMAIL_USE_SSL
: whether to use an implicit TLS (secure) connection when talking to the SMTP server, generally used on port 465.
Optional configuration:
SLACK_TOKEN
: Slack token of your Slack application that will be used to send/receive notificationsDEFAULT_SLACK_CHANNEL
: ID of the Slack channel you want to post the message to
Recaptcha configuration
The Registration Page and the Login Page contain a Recaptcha form from Google. By default, that Recaptcha is not configured and is not shown. If your intention is to publish GreedyBear as a Service you should configure different variables as explained below.
In the frontend/public/env.js
set the variable:
RECAPTCHA_SITEKEY
: Recaptcha Key for your site
In the docker/env_file
set the variables:
RECAPTCHA_SECRET_KEY_GB_LOCAL
: your recaptcha secret key internal deploymentRECAPTCHA_SECRET_KEY_GB_PUBLIC
: your recaptcha secret key for public deployment
In that case, you would need to re-build the application to have the changes properly reflected.
Update and Re-build
Rebuilding the project / Creating custom docker build
If you make some code changes and you like to rebuild the project, follow these steps:
- Be sure that your
.env
file has aCOMPOSE_FILE
variable which mounts thedocker/local.override.yml
compose file. docker-compose build
to build the new docker image.- Start the containers with
docker-compose up
.
Update to the most recent version
To update the project with the most recent available code you have to follow these steps:
$ cd <your_greedy_bear_directory> # go into the project directory
$ git pull # pull new repository changes
$ docker pull intelowlproject/greedybear:prod # pull new docker images
$ docker-compose down # stop and destroy the currently running GreedyBear containers
$ docker-compose up # restart the GreedyBear application
Installer for TPot Instance
The file 'installer_on_tpot.sh' allows the automatic installation of Greedybear on an existing TPot instance. You can choose the type of Greedybear you want to install (http, https or local). The installer will either clone Greedybear to '/opt/GreedyBear' or if Greedybear exists on your system you need to input the absolute path to the existing Greedybear folder. It will prompt you for the necessary information/secrets needed.
Example: sudo ./installer.sh --type=http --folder=/opt/GreedyBear
Warning
This installer is not officialy supported neither by Greedybear nor by TPOT maintainers. It must be considered as a POC to have GB and TPOT installed in the same place. Greedybear is supported to be executed only in a separate instance and to connect externally with the TPOTs.