Project Description
Project Overview (what you’re doing and why)
This project involves building a honeypot system on a Raspberry Pi running Raspberry Pi OS (Buster Lite) to simulate vulnerable services and attract malicious activity. A honeypot is a controlled environment designed to detect, log, and analyze cyberattacks without putting real systems at risk.
The goal is to:
• Observe real-world attack behavior (brute force, scanning, exploits)
• Capture logs for analysis
• Trigger alerts for high-risk activity
• Centralize logs using a remote syslog server
⸻
System Setup (high-level description)
The system is built on a Raspberry Pi using a minimal OS install (Buster Lite) to reduce overhead and attack surface. The SD card is prepared using the Raspberry Pi Imager, which installs the OS and enables SSH for remote access.
After booting:
• The system is updated and secured
• Network access is configured
• Logging services are enabled
⸻
Honeypot Services (what you deployed)
Multiple fake or controlled services are set up to attract attackers:
• Telnet & SSH honeypots
Often implemented using tools like Cowrie, which logs login attempts and commands typed by attackers.
• FTP / SFTP services
Configured to appear open and vulnerable, allowing logging of unauthorized access attempts.
• HTTP server
A basic web server (e.g., Apache) used to simulate a website attackers might probe.
• SQL server (MySQL)
Exposed to capture database-related attack attempts like injection or credential guessing.
These services are intentionally exposed to the network to attract malicious traffic, while isolating the system from real assets.
⸻
Alerting System (SMS notifications)
The system monitors logs for specific high-risk behaviors:
• Brute force SSH attacks
Triggered when more than 100 failed login attempts occur within 30 minutes
• Root login attempts
Immediate alert due to high severity
• RDP attempts
Even if not fully implemented, connection attempts are flagged
When detected, alerts are sent via SMS using a service like Twilio or similar APIs. This allows real-time awareness of active attacks.
⸻
Logging and Monitoring
All system and honeypot logs are forwarded to a centralized logging server:
• Uses rsyslog to send logs remotely
• Logs are viewed and managed using Kiwi Syslog Server
This setup allows:
• Centralized monitoring
• Easier analysis of attack patterns
• Long-term storage of logs
⸻
Documentation & Deliverables
The final submission includes:
1. Written Summary
Explains:
• Purpose of the honeypot
• Tools and technologies used
• Setup process
• Types of attacks observed
• Key findings
2. Screenshots
Used to document:
• OS installation (Pi Imager)
• Service configurations
• Logs of attack attempts
• SMS alert examples
• Syslog server output
3. System Image
An image of the completed SD card is created using Raspberry Pi Imager and submitted for evaluation.
4. Annotated Bibliography
A list of resources (books, tutorials, documentation) with brief explanations of how each helped complete the project.
⸻
Chapter Summaries (how to approach them)
For your summaries:
• Chapters 2–6 → Likely cover:
• Linux basics
• Networking fundamentals
• Installing and configuring services
• Security concepts
• Chapters 7–Appendix A → Likely cover:
• Honeypot deployment
• Logging and monitoring
• Attack analysis
• Advanced configurations
Don’t just summarize—connect each chapter to what you actually built.
⸻
Key Takeaway (good line for your report)
This project demonstrates how a low-cost device like a Raspberry Pi can be transformed into a powerful cybersecurity tool for detecting and analyzing malicious activity in real time, while reinforcing practical skills in system administration, networking, and threat monitoring.