For my cybersecurity class project, I decided to set up a honeypot on a Raspberry Pi 5. This document chronicles my entire journey – the successes, the mistakes, and everything I learned along the way. Honestly, it was more challenging than I expected, but also really rewarding when everything finally worked!
What I Used for This Project
Hardware: Raspberry Pi 5 with 8GB RAM (borrowed from the lab)
OS: Raspberry Pi OS Lite (64-bit) – went with the lite version to save resources
Storage: 32GB Class 10 MicroSD Card
Network: My home network with an AT&T BGW320-500 router
Setting Up the Raspberry Pi
I followed this YouTube video: “CanaKit Raspberry Pi 5 8GB Starter Kit [Turbine] – Setup Guide” because I had never set up a Pi before and wanted to make sure I didn’t break anything.
Preparing the SD Card
Since I needed a completely fresh setup for this project, I started from scratch:
Downloaded the Raspberry Pi Imager from the official website
Installed it on my laptop and got everything ready
Put the MicroSD card into the USB reader and connected it
Used the imager to set everything up:
Selected “Raspberry Pi 5” as my device
Chose “Raspberry Pi OS Lite (64-bit)” since I didn’t need the desktop
Selected my SD card for storage
Hit “Write” and waited. it took like 15 minutes.
I finally ejected the card when it was done.
Installing the Heat Sinks
This part made me nervous because I’d never done hardware stuff like this before.
What I learned: Take your time with this step! The adhesive is really strong and you only get one shot.
I cleaned the main CPU chip with isopropyl alcohol (used a cotton swab)
I carefully peeled off the adhesive backing from the heat sinks
I placed the biggest heat sink on the main chip – held my breath the whole time
Pressed down firmly for about 15 seconds
Putting Together the Case
This was actually the easiest part. The case design is really well thought out.
I put the Pi board in the bottom piece, making sure everything lined up
I connected the cooling fan to the fan header on the Pi.
I positioned the fan in the top part of the case
I snapped everything together. No screws were needed.
SD Card Installation
My mistake: I put the SD card in upside down the first time and was trying to force it.
The SD card slot is on the bottom of the Pi. I flipped it over, made sure the label was facing up, and gently pushed it in until it clicked.
First Boot
I connected my keyboard and my monitor, plugged in the power supply, and connected everything to my router with an Ethernet cable. When I powered it on, the boot screen came up pretty quickly – faster than I expected.
The setup wizard was straightforward. I picked my country, created my username and password, and skipped the WiFi setup since I was using Ethernet. Then I ran the update commands:
sudo apt update
sudo apt -uy dist-upgrade
This took about 10 minutes on my connection. After that, I rebooted with sudo reboot and was ready for the honeypot installation.
Installing the Honeypot
For this part, I followed Dr. Ulrich’s YouTube video starting from the “First Connect to Pi” section. This was where things got really interesting (and challenging).
Getting the System Ready
First, I needed to make sure I could use the whole SD card and had all the tools I needed:
bashsudo raspi-config –expand-rootfs
Then I realized Git wasn’t installed by default, so I had to add it:
bashsudo apt -y install git
I created a directory called “Install” and went into it to start the real work.
Setting Up DShield
This is where the actual honeypot magic happens:
Cloned the DShield repository:
bashgit clone https://github.com/DShield-ISC/dshield.git
Ran the installation script:
bashcd dshield/bin
sudo ./install.sh
Went through a bunch of dialog boxes – I just followed the video recommendations
Cowrie got installed automatically.
Connecting to ISC
I had to create an account on the ISC website to get an API key. Once I had that, I used my email and the key to authenticate my honeypot to their system. Then I went through checking all the configuration parameters to make sure everything was set up correctly.
I was then instructed to run a status command to make sure that everything was working properly and this is when I ran into a couple of problems:
Problem #1: ISC-Server Wouldn’t Start
When I tested the honeypot status, the isc-server showed as “not running” and I had no idea why.
I was pretty frustrated at this point, but I found Guy Bruneau’s GitHub troubleshooting guide which saved me. The issue was that a log file was missing:
bashsudo touch /var/log/dshield.log
sudo chown syslog:adm /var/log/dshield.log
Then I checked if the service was running:
bashsudo systemctl status isc-agent
It still wasn’t working, so I manually started it:
bashsudo systemctl start isc-agent
This finally got the service running properly.
Problem #2: Nobody Could See My Honeypot
The honeypot was running, but it wasn’t exposed to the internet so no one could find it.
The people on the Slack channel told me I needed to set up port forwarding on my router. This was totally new to me, but I figured it out using the help of Claude:
I logged into my AT&T router’s web interface
I found the “NAT Gaming” section (took me a while to find this)
I set up port forwarding rules to redirect these ports to port 8000:
Port 80 (for web traffic)
Port 8080 (alternative web port)
Port 7547 (for CWMP)
Port 5555 (for personal agent)
Port 9000 (for SonarQube)
I applied all the changes and crossed my fingers
I waited for a couple of hours for everything to start working properly. This was the hardest part – just waiting and hoping I did it right.
After the waiting period, all the logs started populating and everything was working perfectly.
Leave a Reply