From 1e2f0b34acffc05663736671ca8f3477b37fc84a Mon Sep 17 00:00:00 2001 From: Jesse Bowling Date: Thu, 13 Dec 2018 10:22:55 -0500 Subject: [PATCH] In which our hero adds a tagged version to the UHP repo to pull and fixes the pre-commit-config Signed-off-by: Jesse Bowling --- .pre-commit-config.yaml | 2 +- docs/prod_security.md | 13 +++++++++++-- docs/uhp.md | 2 ++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1b18974..00aecc9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -8,4 +8,4 @@ repos: - repo: https://github.com/adrienverge/yamllint.git rev: v1.13.0 hooks: -- id: yamllint + - id: yamllint diff --git a/docs/prod_security.md b/docs/prod_security.md index 4c7697f..136505c 100644 --- a/docs/prod_security.md +++ b/docs/prod_security.md @@ -152,7 +152,14 @@ services: redis: ... ``` +## Administrivia +You may find yourself in need to recovering the current DEPLOY_KEY in cases +where the server storage is lost or the container fully rebuilt (and the +honeypots already deployed need the new key to connect). Simply run the +following command on the server VM to recover the key: + + docker-compose exec chnserver awk '/DEPLOY_KEY/' /opt/config.py # Security @@ -164,9 +171,11 @@ with the FQDN of the server (including the https:// stem), CHN can and will use For example: ```bash -SERVER_BASE_URL='https://chn.my.org' +SERVER_BASE_URL='https://chn.my.org ``` -It is also recommended that +Please note that using https with 'localhost' or an IP address will result in + a self-signed cert, as Certbot will not issue certificates for IP addresses + or localhost. ## Firewall In order for honeypots to register and log data to the management server, the following inbound ports need to be open on the server and reachable by the honeypots: diff --git a/docs/uhp.md b/docs/uhp.md index 0aae363..59f50b4 100644 --- a/docs/uhp.md +++ b/docs/uhp.md @@ -1,5 +1,7 @@ UHP Honeypot =============== +__** WARNING: This honeypot is currently in ALPHA support for CHN and is not +likely suitable for production use at this time **__ The CommunityHoneyNetwork UHP Honeypot is an implementation of [@MattCarothers's UHP](https://github.com/MattCarothers/uhp), configured to report logged attacks to the CommunityHoneyNetwork management server.