Installation

Start by cloning the project

# clone the Greedybear project repository
git clone https://github.com/honeynet/GreedyBear
cd GreedyBear/

# construct environment files from templates
cp .env_template .env
cd docker/
cp env_file_template env_file
cp env_file_postgres_template env_file_postgres
cd ..
cp frontend/public/env_template.js frontend/public/env.js

Now you can start by building the image using docker-compose and run the project.

# build the image locally
docker-compose build

# start the app
docker-compose up

# now the app is running on http://localhost:80

# shut down the application
docker-compose down

Note: To create a superuser run the following:

docker exec -ti greedybear_uwsgi python3 manage.py createsuperuser

The app administrator can enable/disable the extraction of source IPs for specific honeypots from the Django Admin. This is used for honeypots that are not specifically implemented to extract additional information (so not Log4Pot and Cowrie).

Note that GreedyBear needs a running instance of ElasticSearch of a TPoT to function. If you don’t have one, you can make the following changes to make GreeyBear spin up it’s own ElasticSearch and Kibana instances. (…Care! This option would require enough RAM to run the additional containers. Suggested is >=16GB):

  1. In docker/env_file, set the variable ELASTIC_ENDPOINT to http://elasticsearch:9200.

  2. Add :docker/elasticsearch.yml to the last defined COMPOSE_FILE variable or uncomment the # local development with elasticsearch container block in .env file.

Environment configuration

In the env_file, configure different variables as explained below.

Required variable to set:

  • DEFAULT_FROM_EMAIL: email address used for automated correspondence from the site manager (example: noreply@mydomain.com)

  • DEFAULT_EMAIL: email address used for correspondence with users (example: info@mydomain.com)

  • EMAIL_HOST: the host to use for sending email with SMTP

  • EMAIL_HOST_USER: username to use for the SMTP server defined in EMAIL_HOST

  • EMAIL_HOST_PASSWORD: password to use for the SMTP server defined in EMAIL_HOST. This setting is used in conjunction with EMAIL_HOST_USER when authenticating to the SMTP server.

  • EMAIL_PORT: port to use for the SMTP server defined in EMAIL_HOST.

  • EMAIL_USE_TLS: whether to use an explicit TLS (secure) connection when talking to the SMTP server, generally used on port 587.

  • EMAIL_USE_SSL: whether to use an implicit TLS (secure) connection when talking to the SMTP server, generally used on port 465.

Optional configuration:

  • SLACK_TOKEN: Slack token of your Slack application that will be used to send/receive notifications

  • DEFAULT_SLACK_CHANNEL: ID of the Slack channel you want to post the message to

Recaptcha configuration

The Registration Page and the Login Page contain a Recaptcha form from Google. By default, that Recaptcha is not configured and is not shown. If your intention is to publish GreedyBear as a Service you should configure different variables as explained below.

In the frontend/public/env.js set the variable:

  • RECAPTCHA_SITEKEY: Recaptcha Key for your site

In the docker/env_file set the variables:

  • RECAPTCHA_SECRET_KEY_GB_LOCAL: your recaptcha secret key internal deployment

  • RECAPTCHA_SECRET_KEY_GB_PUBLIC: your recaptcha secret key for public deployment

In that case, you would need to re-build the application to have the changes properly reflected.

Update and Re-build

Rebuilding the project / Creating custom docker build

If you make some code changes and you like to rebuild the project, follow these steps:

  1. Be sure that your .env file has a COMPOSE_FILE variable which mounts the docker/local.override.yml compose file.

  2. docker-compose build to build the new docker image.

  3. Start the containers with docker-compose up.

Update to the most recent version

To update the project with the most recent available code you have to follow these steps:

$ cd <your_greedy_bear_directory> # go into the project directory
$ git pull # pull new repository changes
$ docker pull intelowlproject/greedybear:prod # pull new docker images
$ docker-compose down # stop and destroy the currently running GreedyBear containers 
$ docker-compose up # restart the GreedyBear application

Installer for TPot Instance

The file ‘installer_on_tpot.sh’ allows the automatic installation of Greedybear on an existing TPot instance. You can choose the type of Greedybear you want to install (http, https or local). The installer will either clone Greedybear to ‘/opt/GreedyBear’ or if Greedybear exists on your system you need to input the absolute path to the existing Greedybear folder. It will prompt you for the necessary information/secrets needed.

Example: sudo ./installer.sh --type=http --folder=/opt/GreedyBear

Warning

This installer is not officialy supported neither by Greedybear nor by TPOT maintainers. It must be considered as a POC to have GB and TPOT installed in the same place. Greedybear is supported to be executed only in a separate instance and to connect externally with the TPOTs.