shadowtrap/install.sh at main · rayketcham/shadowtrap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/bash
set -euo pipefail

# ShadowTrap Honeypot Installer
# Run with: sudo ./install.sh

INSTALL_DIR="/opt/honeypot"
DATA_DIR="${INSTALL_DIR}/data"
LOG_DIR="${INSTALL_DIR}/logs"
SERVICE_USER="shadowtrap"

echo "=== ShadowTrap Honeypot Installer ==="
echo ""

# Check root
if [[ "$(id -u)" -ne 0 ]]; then
    echo "ERROR: This script must be run as root (sudo ./install.sh)"
    exit 1
fi

# Create service user
if ! id "${SERVICE_USER}" &>/dev/null; then
    echo "[+] Creating service user: ${SERVICE_USER}"
    useradd --system --shell /usr/sbin/nologin --home-dir "${INSTALL_DIR}" "${SERVICE_USER}"
else
    echo "[=] Service user ${SERVICE_USER} already exists"
fi

# Create directories
echo "[+] Creating directories"
mkdir -p "${INSTALL_DIR}"
mkdir -p "${DATA_DIR}/certs"
mkdir -p "${DATA_DIR}/capture"
mkdir -p "${LOG_DIR}"

# Copy files
echo "[+] Installing honeypot files to ${INSTALL_DIR}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cp "${SCRIPT_DIR}/honeypot.py" "${INSTALL_DIR}/"
cp "${SCRIPT_DIR}/config.py" "${INSTALL_DIR}/"
cp "${SCRIPT_DIR}/database.py" "${INSTALL_DIR}/"
cp "${SCRIPT_DIR}/logger.py" "${INSTALL_DIR}/"
cp "${SCRIPT_DIR}/geo_lookup.py" "${INSTALL_DIR}/"
cp -r "${SCRIPT_DIR}/services" "${INSTALL_DIR}/"
cp -r "${SCRIPT_DIR}/utils" "${INSTALL_DIR}/"
cp -r "${SCRIPT_DIR}/web" "${INSTALL_DIR}/"

# Set ownership
echo "[+] Setting permissions"
chown -R "${SERVICE_USER}:${SERVICE_USER}" "${INSTALL_DIR}"
chmod 750 "${INSTALL_DIR}"
chmod 750 "${DATA_DIR}"
chmod 750 "${LOG_DIR}"

# Install systemd service
echo "[+] Installing systemd service"
cp "${SCRIPT_DIR}/shadowtrap.service" /etc/systemd/system/
systemctl daemon-reload
systemctl enable shadowtrap.service

# Set capability on Python binary for unprivileged port binding
PYTHON_BIN="$(readlink -f /usr/bin/python3)"
echo "[+] Setting CAP_NET_BIND_SERVICE on ${PYTHON_BIN}"
setcap 'cap_net_bind_service=+ep' "${PYTHON_BIN}" 2>/dev/null || {
    echo "[!] Could not set capability. Service will use AmbientCapabilities instead."
}

echo ""
echo "=== Installation Complete ==="
echo ""
echo "  Start:   systemctl start shadowtrap"
echo "  Status:  systemctl status shadowtrap"
echo "  Logs:    journalctl -u shadowtrap -f"
echo "  Config:  ${INSTALL_DIR}/config.py"
echo "  Data:    ${DATA_DIR}"
echo ""
echo "  Dashboard will be at https://localhost:8443"
echo "  Default login: admin / changeme"
echo ""
echo "  Environment overrides can be added to:"
echo "    /etc/systemd/system/shadowtrap.service.d/override.conf"
echo ""