Dionaea – The malware motel¶

‘Vulnerable services’ with a strict no-cleanup policy.

Installation¶

sudo apt install dionaea

Configuration¶

Edit /etc/dionaea/dionaea.conf:

[modules]
python=curl,epmap,ftp,http,memcache,mssql,mysql,pptp,sip,smb,tftp,upnp

Usage¶

sudo systemctl start dionaea

Sit back and wait for malware to check itself in.

Integration¶

• ELK: Forward logs with Filebeat to Elasticsearch

• Email alerts:

grep "new connection" /var/log/dionaea.log | mail -s "Dionaea Catch" admin@example.com